_____________________________________________ / \ | ___________________________________ | | | | | | | | | | | | | | | | | | | | | _________| | | | | | / \ | | | | / \ | | | | / \ | | | |__________/ \__________| | | / | \ | | / | \ | | / | \ | | /______________|______________\ | | | | Computer Academic Underground | | | | Electronic Magazine | | #0007 | | 0215.97 | \ _____________________________________________ / ############################################################################## %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ============================================================================== ------------------------------------------------------------------------------ .............................................................................. Table of Contents Foreward General Member Listing Fort Worth 2600 Meeting I)ruid Hacking 817.860.XXXX int3l ScanIt! I)ruid Precautions uv Phreaking Believe it or not, Red Boxes Fizban Payphone Top 10 int3l Not In Service Crimson Assassin Closing ############################################################################## Foreward Okay... well, this is #7, actually pretty good.... but once again, not much new is happening to speak of. I'm always working on new scripts and programs for everyone to use, and I'm also constantly working on the CAU homepage... Much has happened to the website since last month, mainly a complete overhaul as I have learned alot about SSI's and CGI's... A note on the content of this zine and further zines... We are trying to compile a useful publication every month for ALL range of skills among hackers and phreaks, novice and experienced alike. I have recieved a little criticism for printing articles that talk about the basics. I just thought I'd explain a bit why I chose to publish such articles along with the more in-depth articles, and that is why. I'm actually pretty happy with this month's zine, the first one we've had where EVERY member of CAU has contributed... Hopefully this will be a recuring theme... I)ruid ############################################################################## General %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Member Listing Handle IRC Nick E-Mail -------------------------------------------------------------- I)ruid Druid_817 root@cau.dfwisp.net uv uv_ uv@cau.dfwisp.net Crimson Assassin Crimson_A crimson@cau.dfwisp.net Fizban Fizban^ fizban@ttu.edu int3l int3l proto1@computek.net -------------------------------------------------------------- you can also email @cau.dfwisp.net %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Fort Worth 2600 Meeting Yes, that's right. As all the members of CAU (and friends) have been making the hour long pilgrimage to the Dallas 2600 meeting, we have noticed a few things over the past few months, one being that probably 60% of attendee's to the Dallas 2600 meeting are from Fort Worth. Most of us are also tired of driving an hour or so to get there, and then an hour or so back. That is why the members of CAU have decided to begin holding a Fort Worth 2600 meeting. If we get a good response at the new meeting, we will inform 2600 Magazine and hopefully get a listing in the Meetings List. But for now, word of mouth/modem will have to do. Fort Worth 2600 Meeting First Friday of Every Month CiCi's Pizza Phone: 817.485.4647 Rufe Snow, North of Loop 820 6:00pm -- 9:00pm Well, there's the information... hope to see you there! I)ruid %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ############################################################################## Hacking %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 817.860.XXXX -={817/860}=-Arlington-----------------------1996----int3l-- ```````````````````````````````````````````````````````````` [Number] [Owned by] 860-8210 US Navy Nuclear Regultatory Comission 860-8244 US Navy Nuclear Regultatory Comission 860-8207 US Navy Nuclear Regultatory Comission 860-8228 US Navy Nuclear Regultatory Comission 860-6527 Nuclear Regulartory Commission 860-2751 Pactel Paging Inc 860-5324 Pactel Paging Inc 860-5378 Pactel Paging Inc 860-2824 Pactel Paging Inc 860-5306 Pactel Paging Inc 860-2503 Pactel Paging Inc 860-2773 Pactel Paging Inc 860-2596 Pactel Paging Inc 860-2694 Pactel Paging Inc 860-2784 Pactel Paging Inc 860-5377 Pactel Paging Inc 860-2757 Pactel Paging Inc 860-2549 Paging Network Inc 860-5485 T R Overeynder 860-3946 Automated Technology Machines Inc 860-0180 Health Care Pacs Inc 860-2628 Bank co 860-2065 Pioneer Concrete 860-0983 Radio 860-3405 Aqualand Scubaworld 860-1456 Falk Corp 860-5499 David Clark 860-4497 Jason S Deli 860-4024 Countrywide Funding 860-3626 State 860-1701 WM Bush 860-2674 Creditwatch Inc 860-1808 Mike Vanacek 860-2806 Michael Deavers 860-4396 Creditwatch Inc 860-1437 Roseanna Barraza 860-2685 Metroplex Telecommunication Co 860-5311 Minyard Food Stores 860-3416 First 860-3339 Alan Plummer 860-0045 Grandys Country Cooking Inc 860-0322 Property Consultants 860-0864 Don Davis Oldsmobile Inc 860-1194 Trinity Motors 860-1248 National Health Lab Inc 860-1486 Roche 860-2069 Pioneer Concrete 860-2082 Jenny Craig Weight Loss Center 860-2291 Randol Mill Pharmacy 860-2584 Fort 860-2853 Damon Clinical Labs 860-3105 Why Telecom 860-3391 Arlington Medical Assc 860-3443 County Property Tarrant 860-3776 Deborah Clary 860-3974 T V Team Inc 860-4153 Countrywide Funding 860-5237 Northwest National Bank 860-5300 Steven Hayes 860-5530 S Boenker 860-5750 Corona John J 860-5825 Teleticketing Company 860-6083 Tom Siegenthaler 860-6165 Park Inn Limited 860-6179 Assocciated Milk Producers 860-6282 Micro Fix 860-6377 Remco 860-6429 Arlingt 860-6457 Taco 860-6570 Cash America Inc 860-6768 Deitre Allen 860-7423 Lone Star Payphone Inc 860-9861 Metpath Inc 860-9572 Arlint 860-9300 First Financial Mortgage 860-9418 National Health Lab Inc 860-9715 Park Inn International 860-7943 Stewart Texas Title Co 860-8379 Your Eletronics Solutions 860-9263 TX ST 860-7328 Chris Burditt 860-7088 City Of Arlington 860-9872 City Of Arlington 860-8762 City Of Arlington 860-8751 City Of Arlington 860-8759 City Of Arlington 860-5520 City Of Arlington 860-3937 City Of Arlington int3l %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ScanIt! Okay, ScanIt! is basically an IP block scanner, with a configurable search file. You can mod the code if you feel you have a worthwile improvement, just send me a copy so I can see what you've done (I'm still learning). Okay, Syntax is: scanit *.*.*. Start End Where *.*.*. are the first 3 numbers of an ip block Start is the fourth number of the ip block (where to start) End is the fourth number of the ip block (where to end) So for example: scanit 204.111.143. 0 255 will create an outfile called scanlog, containing scanned IP's that scanit FOUND something from the checkfile, starting with ip 204.111.143.0 and ending at ip 204.111.143.255. NOTE: on some IP blocks that are pretty full, this can take a while. Also note that scanit will not scan .mil or .gov at this time. You can disable this safty feature by removing a few lines of code, but I will not go into that right now. I have included my own checkfile just to include in the package, which searches target systems for phf, nfs exports to evryone, and test-cgi. Just for the hell of it. Files required to run are: Netcat (nc) - You can get this lots of places, sunsite, my ftp site, etc... Perl - Of cource, this is a perl script. checkfile - This describes what to look for. scanit - The perl script. Okay, as for checkfile, it is composed of entries, 5 lines per entry, all squished together in a big mess. Here's how: Line 1: A one letter Describer of the Vulnerablity to look for Line 2: What to output to the screen to describe what it's looking for Line 3: Either YES or NO : YES uses netcat, NO does not... Line 4: Command Sent (explained in a minute) Line 5: What to search the Command's response for. Example: P Testing for phf... YES echo GET /cgi-bin/phf? Qalias Is an entry that will search for Phf. P being what will be sent to the scanlog file, "Testing for phf..." will be shown to whoever runs scanit, YES tells scanit to use netcat for this search, "echo GET /cgi-bin/phf?" is the command (in this case, piped to netcat), and "Qalias" is what to search the results for for a successful find. An example not using netcat would be: N Testing for NFS Mountability... NO showmount -e everyone I'm sure you can figure this one out... only diference is that Line 4 (the command) is not piped to netcat. COMMAND LINE ------------ If Line 3 = YES, Line 4 ($syscall) is formulated like this: $syscall | nc -v -w 15 $target 80 Where $target is the target ip... So, in the first example above, the entire command would read: echo GET /cgi-bin/phf? | nc -v -w 15 (targetip) 80 and the output would be searched for "Qalias"... If Line 3 = NO, Line 4 ($syscall) is formulated like this: $syscall $name Where $name is the domain name/ip... So in the second example above, the entire command would read: showmount -e (targetip) and the output would be searched for "everyone"... SCANLOG ------- Scanlog is created based on how many entries you have in checkfile... for my example checkfile, output would look like this: P-- - Phf proves to be TRUE PT- - Phf and Test-cgi proves to be TRUE PTN - Phf,Test-cgi, and NFS proves to be TRUE The letters are derived from Line 1 of each entry in the checkfile. Well, hope you have fun with it, let me know how it works, bugs, modifications you have added, etc. Thanks Okay, well, here's the code... You can also obtain the entire package from the CAU ftp server or, the CAU Homepage... ---------------------------------CUT HERE------------------------------------ #!/usr/bin/perl ### ScanIt v.1.0.0 by I)ruid $ip=$ARGV[0]; $start=$ARGV[1]; $end=$ARGV[2]; if ($ip eq "") { print "First argument must be the first 3 numbers of an ip...\n"; goto end; } if ($start eq "") { print "Second argument must be the last number of the ip to start on...\n"; goto end; } if ($start lt "0") { print "Second argument must be greater than -1\n"; goto end; } if ($end eq "") { print "Third argument must be the last number of the ip to end on...\n"; goto end; } if ($end gt "255") { print "Third argument must be less than 256...\n"; goto end; } if (-e scanlog) { system("mv scanlog scanlog.old"); system("cat /dev/null > scanlog"); } else { system("cat /dev/null > scanlog"); system("echo Okay... to read this file, its similar to file perm>> scanlog"); system("echo the perms are next to the ip they relate to... P is>> scanlog"); system("echo test-cgi, and if you wanna play with the file, you >> scanlog"); system("echo ...................................................>> scanlog"); ##########INFORMATION CROPPED TO FIT INSIDE ZINE########################### } print "Looking for netcat...\n"; $temp=`whereis nc`; if ($temp eq "nc:") { print "I'm sorry, you must have netcat in your paths to run ScanIt!\n"; print "If you don't have netcat, you can get it here:\n"; print "\n"; print "ftp: cau.psyberlink.net:/pub/utils/unix/netcat.tar.gz\n"; goto end } $temp="Y"; $last=$start; while ( $last <= $end ) { $target=join("",$ip,$last); system("clear"); print "ScanIt! v.1.0.2 by I)ruid -=] CAU [=- Enjoy... \n"; print "----------------------------------------------------------------\n"; $name=`nslookup $target | grep Name: | cut -d ' ' -f 5`; print "Target: $target $name\n"; chop($name); $g="NO"; if ($name eq "") { goto skip1; } $tempt=-1; $tempt=index($name,".gov"); if ($tempt != -1) { print "Skipping domain... '.gov' detected!\n"; goto skip1; } $tempt=-1; $tempt=index($name,".mil"); if ($tempt != -1) { print "Skipping domain... '.mil' detected!\n"; goto skip1; } $fps=" "; open (STDIN, "checkfile"); $id=; chop($id); $message=; chop($message); $netcat=; chop($netcat); $syscall=; chop($syscall); $lookfor=; chop($lookfor); while ($message ne "") { if ( -e phftemp ) { system("rm phftemp"); } $fp="-"; print "\n"; print "$message\n"; if ($netcat eq "YES") { system("$syscall | nc -v -w 15 $target 80 > phftemp"); } else { system("$syscall $name > phftemp"); } $v=""; $v=`grep $lookfor phftemp`; print "Result: $v\n"; if ($v ne "") { $fp=$id; $g="YES"; } $fps=join("",$fps,$fp); $id=; chop($id); $message=; chop($message); $netcat=; chop($netcat); $syscall=; chop($syscall); $lookfor=; chop($lookfor); } close STDIN; if ($g eq "YES") { system("echo $fps $target $name >> scanlog"); } print "----------------------------------------------------------------\n\n"; skip1: $last++; } system("echo .................................................. >> scanlog"); if ( -e phftemp ) { system("rm phftemp"); } end: ---------------------------------CUT HERE------------------------------------ I)ruid %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Precautions Ok, in todays scene (if you want to call it that) kids that 'hack' or 'phreak' do it w/o precaution.. this is probbally one of the biggest reasons ppl do get busted.. cuse they aren't careful. If you know Unix, if you know how to disconnect a fone 13 billiion different ways.. I'd like to think while kickin it in others systems or messin with fone stuff you'd have the insight to protect your self.. I guess I'll be going over reall basic stuff on local and inet hacking and what to do to keep your but outa trouble.. Diverting First though most new skewl kids with all their 336 modems (unlike good ole 300 baud days) think they are the shyt and they can do more then any one back in the day.. they may be right.. they can catch a pw file faster and get around in general alot quicker.. that doesn't justify their (our Im one of yall, too) lazyness.. I for one think that att