2600 hacker quarterly volume 16 number 4 winter 1999-2000
TRANSCRIPT
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
1/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
2/60
WHA R L I
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
3/60
"Hacng can g you in a who(e (0+ore+rou(ethanyou+hikand if a
cop(e(y creepy hing 0 do. -lwetpageaied a+kidf+0 ifcouragehacking
Editor-In-ChiefEmmanuel Godstein
lavoU and DesignshapeSHIFTER
Coer esignsnc. The Choppng
Block
Inc
Oice Manager
Tampr
W:Berne S . Bils. Bue ha.Noam Chomski. Erc Corlev. Dr Deam.Dreal. Nathan Dorman. John Drake.Pa Este Mr French. Thomas Icom.Jo630. Kingpin. M. Ken Mitnick. The
Prophe. Dad Ruderman. Seraf. SlentSwtchman. Scott Skinner. Mr Upseter
Wbmass:K
erv Macki
Nework Oeraions:.z
2600(SSN 749385) is pubshedquarterly by Enterprises Inc.7 S ng s Lane, uket, NY 733
Second class postage permit paid atSetauket, New Yrk.
POSTMASR: Send addresschanges to,
P.O. Box 752, Middle Isand NY1193072.Copyright (c) 99 2600 Enterprises nc.eary subscriptin: U.S. and Canada $18 individual, $50 corporate (U.S. fds).Overseas - $26 idividua $6 corporate.Back issues availble for 1984-1998 a $20per year $2 per year overseas.ndividua issues vailabe from 1988 nat $ each
S6 25
eac overseas.
ADDRSS LL
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
4/60
Viulencer Vandalsr Victims
l ha 15
all
th 's
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
5/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
6/60
The fOlloTn
Ws
describedfor the purposes of education. I'm awarethis procedre could be and as beenused to circumvent the security of anyWindows NT machine whch te user hasphysical access to I do not condone theuse of this inormation for illegal purposes, nor am I responsible for anythingstupid anyone does wit ths inormationNTFS suppo in Lnux is stll Beta, readng and copying from the drive is safe,but copying to the drive is an "at yourown risk eal
One of the many misconceptionsabout Wndows N is that it's a secureoperatin9 system and that by formattinga dsk wth TS and properly settingpermissons, nobody can access the nformation on that disk without permissionto do so
There are two problems with this theory First, it is Second, all it reallyoes is mae crash recovery more dffcult I will describe a method for circumventin TFS security: using a nuxboot dsk This can be usefu in manyways From the system administrator'svew, this is an excellent way to get access to important les on a system that
has crashed before formatting the harddrive and reinstalling N From thehackers view, t gves access to the system files He would not normally have access to the regsty, user profiles, PSTFies, etc
In order to accomplish this you wil
fles on the 062 boot disk Follow the instructions for unzipping and making theboot disk and the data disk If you cantget this far, you have no business doingis in the rst place
When ths s done, copy ntfso to theboot disk, edit the Modules fie, add the
line "ntfs to it (no quotes), and save thefile At this pont it is best if you boot thedisk a ew tmes, first to test it and second to get familiar with what will happenand how Trinux wil respond to commands given it hs way there are nosunrises.WlNow take the two floppies to the machine you want to access Boot the first
disk When it asks if you have a data disk,put in the second disk and type "y thenht return It wll then ask you agan Type"n and hit return
When t is finished booting, you will
have a "Trinux 061 prompt Type "insmod ntfso - this loads the TS supportType "mount t ntfs /dev/hda1 /mnt
this wil mount the frst partition on the firsthard drive This assumes the frst partitonon the frst hard drve is an NTFS partition If not, the ollowing tale will give youan idea of how to mount the proper drive
These are for IDE drives/dev/hda1/dev/hda second partitio on the first
drive/dev/hdb1 first partition on the second
hard drive
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
7/60
2000
2000
10
Miroso eorking
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
8/60
m
*
*SM
*SMSERVER
$
C:\net se i: \\Iip address)\[shae name)
N :
t
U s"
bb
b f;d
t de"t
dNAT (etwork Adi Tool
LphtCrack N
AGENT S T
Passord Crac
A
N
t b
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
9/60
ing. So before you devise a vie p pu DOS
6.22 d dosboo.exe ono yor , d
chge e boo.ini, ook d fr bc copiesof._ 's no of o d old copy insom e "C:\win\pdcpair.
, if you pfer o crack passwords wih you' have o conver e he o a U passwde (c d pase e ashes.
Fe coses ing a hcker c do o teneng o
T machine is conecing via F. The pb-em is jus because acco exis on e
machine doesn' me t i's aowed FT ac-cess. So g e pssword ses, cck em, and
o em al.If e sy inks e's sm, e' nme e
Adminiaor (roo accoun. Eier way, if you
crack e pswor, you' ave FTP access wi
sraive prvieges. You c now dec web
pages, ge more paswors for oer compuers on
e newo upoad js, Here's a ick:copy e Even Vewer prgm o a shd direc-
to, ten e ew o . You now have access o
a logs on a machine.
Elte Taccs
Okay, e's pend you have access. The pb-
em is, you c' execue ps or do anyingese 's y The swer a j. e onet alows you compee lesysem access, aowsfor hos of your e comper, d es
you open d ki tivewindows (eBus does a
DOS EDIT edi e du.h or index.h
e. Oheise, you c aways use o up-
oad your e. esce d Ine Expor boave cins o upoad h es ia H jus
use e user nmes d pswords you cracked.
eork sniers c aso be pu no pace. ph-
Crack comes wi acke C, a decensnier. Seh e ne for oer Ehee, or To-
ken Rin sniers. Te poin ere is t if e iseve one dows 9.x machne on the neto i
sds ceex ASCI passwos w aueni-
cang, so a sner wi aways cach em.
Ter aso a uge varie of expois for .e ck is weedng uh e DoS spois d
e oca ones. One remo exoiisack.eseishack.s (www.eeye.com heorei-
cay wi upoad y e (in yor , a ojrigh tugh S's H daemon. IS shps wi
mos T Seer ces, d comes wi one of
e eier sce pcs. Even if e machine n
quesion sn' a web seer, i pbably as l S i-staed. One popu web eer or is WebSieP whch a ulnbi in is paged Cexecuables. Specical ly, uploader.exe alows you
o upoad es o e compuer wiou ass-
wos.
ow, when I said h you c' og on o Teer over he Inee, ws piay wg.
e ony way o log in N nework is o be amember of he domn. So you' ave o me
yor compuer a member. How? Hack e PC
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
10/60
The most prevalent information on tele
phone counter-surveillance has been oat
ing around for at least 15 years. Short the
pair at the demark and measure resistance.
Open the pair at the demark and measure
the resistance. Abnormally high or low resistances indicate a phone tap. Forrest
Ranger wrote about it in text les, M.L.
Shannon and Paul Brookes included it in
their books, and an untold number of phonepreas ave emploed this technique. De
spite its popularity, the technique has itsshortcomings: it fails to detect devices in
stalled in the outside plant, split pairs areundetecte, and transmitters built into the
phone are not tested for.
What you'll need:
I) Access to a local DATU.2) A multimeter with high impedance
scales (several meters that measure into the
ggaohm range are available) and a capac
itance meter.
3) An induction probe.
4 A equency counter or near eld detector.
5) Something that makes continuousnoise, like a tape player.
Ancillry tools (screwdrivers a can
prone to normal R leakage.) Next, measure the capacitance o te line, dividing
the value by .83 (the average mutual capac
itance for a mile o phone line). This isroughly the length of your line. Write it
down, you'll need it later. Remember that
.83 is an average value, which can rangeom 7 to .90 depending on line condi
tions. o get a more accurate measurement
you can ne tune your gure b comparing
capacitance measurements on a section o
plant cable of a kown lengt, or use a
TR.Disconnect all the phones rom the line
you want to test. Go to your demark andisconnect your pair on the customer ac
cess side. Shor the pair and measure the re
sistance of the line om the arhest jack
with the meter set to its lowest scale. Reverse the polarity o the meter and measure
again. I either resistance is more than afew ohms, it would suggest a series device
wired into the line somewere on ourproperty. Now retu to your demark, open
the pair, and cover the ends in electricaltape. Measure the resistance of the pairwith the meter set to its highest scale. A less
than innite resistance would suggest a de
vice wired in parallel to your line
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
11/60
don't necessarily) suggest something wired
in series with the line This measurement
may be supplemented by either a resistanceto ground measurement o both sides o the
pair and a capacitance balance test or a
voltage measurement A resistive imbal
ance o more than 10 ohms or a noticeabledrop in ohook voltage calls or further
ispectionTo test or parallel devices in the outside
plant open the line with the DATU and reWire Gauge Loaded Pair Unloaded Pair
2
83 83
2
52 51
2 33.7 329
1 1 1610
eat the parallel test as described above
Tesng or telhone hook-switch compro
ises reuires an induction probe econ
nect your pair at the demark and plug a
your phones back in Tu your tape player
back on and put it near your phone Nowprobe all the lines coing
throgh
your
demark point If ou hear the tape payer
through the probe your phone's hook
switch has been cmpromisedChecking or slits on your in requres
an induction probe and access to a plant
wiring cabinet Ad a tone to either ead ofyour pair with
the DATU Probe al theconductors in the inder pair listening for
the trace tone yu hear the tone on morethan two leads (te ones connected to the
line you're checng) your line has beensplit This can be ither a bad splicing job
or someone intentonally hooking a pa up
to your ie
If any o the bove tests suggests tatthere is somethin on your line reeber
that there are plety o innocet reasons a
test could tu u positive so a detailed
physcal search is in order Disassebg
the phone in uetion and compaing te
innards to a schematic would be a wise deaat this point Tae the covers o youphone jacks dig around in your dear
point peek insid wiring cabinets f you
can and so on Tere are some places that
are likely out o your reach but keep in
mind that they' likely out o reach tomany wiretappers as well
BUY 2600 ONLIE!i
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
12/60
The Tool of the New e
MMXMost of is cle is ondensed m e
adiison manu. But honest wi yourself -
fo cicizing me f "sing s cle. When whe last me yucled Hs d SEd it out of em?
Huh? Didn't ti k so bitch.Te Hs Dit Access Test Unit Remo i
nal exnds e eld technician's testing capiies of
subscrir lines
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
13/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
14/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
15/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
16/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
17/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
18/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
19/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
20/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
21/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
22/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
23/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
24/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
25/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
26/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
27/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
28/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
29/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
30/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
31/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
32/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
33/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
34/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
35/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
36/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
37/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
38/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
39/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
40/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
41/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
42/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
43/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
44/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
45/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
46/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
47/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
48/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
49/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
50/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
51/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
52/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
53/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
54/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
55/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
56/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
57/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
58/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
59/60
-
8/11/2019 2600 Hacker Quarterly Volume 16 Number 4 Winter 1999-2000
60/60