Nope, Where Not Dead Yet! _____________________________________________________________________________ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ \ Critical Issue # 06 A Technical Text / \ Mass ~~~~~~~~~~~ File Newsletter. / \________________________________|____________________________________/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __________________________ __________ l___________ | ___________l // \ _______ _____ l|l _____ ______ ___ // /~~~~~~~\_\ l \ l l l|l l l // \ _ l l // / l [] / ~l l~ l|l ~l l~ // /~~~\_\ / \ l l <<<< ritical l / l l l|l l l // / / \ l l \\ \ l < l l l|l l l <<<< / ___ \ l l \\ \_______/~/ l l\ \ l l l|l l l \\ \____/~/ / / \ \ l l_____ \__________/ l__l \_\ l___l l_l l___l \_______/ /_/ \_\ l_______l ==--> ==--> ____ __ ____ ==--> <03/26/92> l \ / l ass ==--> l \ / l __ ______ ______ l \ / l / \ / \ / \ A Technical l l\ \ / /l l / \ / /~~~~~~ / /~~~~~~ text file newsletter l l\\ / l l / ____ \ \ ~~~~~~/ \ ~~~~~~/ ~~~~~~~~~~~~~~~~~~~~ l l \\____/ l l / / \ \ ~~~~/ / ~~~~/ / Issue: 6 l l l l /_/ \_\ /~~~~ / /~~~~ / ~~~~ ~~~~ ~~~~~~ ~~~~~~ _____________________________________________________________________________ l Writters l Special thanks to.... l l__________________________l________________________________________________l l l l l The Beaver l Shadow Hacker, Flea, The Phantom, l l Shadow Hacker l Abigail, D.M., Section 8, l l liaison l liaison and many other that I forgot l l l to include. l l__________________________l_________________________________________________l Critical Mass Technical Newsletter is free to those who wish to gain in further knowledge of topics of Telecommunications, Datacommunications, Computer and Phone Security, Software and other forms of piracy, explosives, and other forms of not widely known or talked about topics. All article are totally original, unless stated otherwise. We will not except unoriginal, plagiarized articles, or article that contain false information. We except articles from anyone who is willing to follow these criteria, and as long the editors, writters and S.A.O.O. members feel that the article is worthy to print. We encourage all to download these files and pass them on freely to others as long as credits of the editors, writer or S.A.O.O. is not modified in any way. There is no set date for release issues, but we attempt to put them out as frequently as possible. We now also offer BBS's outside the Tallahassee area to get on our BBS listing. If you decide to get on this list, we will send you issues as soon as they are produced. If you have any questions pertaining to a article, please leave E-Mail to the author of the article. If you cannot get in contact with the author, please leave "The Beaver" mail at the following BBS's, he will try to put you in touch with the author, and/or try to answer your questions. The Beaver The Back Door BBS Temple Of Pong Internet Address (904)997-6127 (708)717-1506 Brown@evax.eng.fsu.edu termnet.uucp Warrior's Retreat (904)422-4606 Or, if you have access, one of the following S.A.O.O. BBS's. The Upper-Deck <904>222-1291 Hacker Wholesale ShadowGate S.A.O.O. Main * As of this date, you might notice that most of BBS's that are up are private. The "public" nodes does NOT imply that a user will get into the S.A.O.O. It simply means that members outside the S.A.O.O. will be allowed to call and discuss various topics. If you wish to become a member of the S.A.O.O. please leave The Beaver E-Mail, where he will send you an application for you to fill out. From there, local S.A.O.O. members in your area will consider you and take a vote on if at that date you can become a member. We are always looking for experienced and even non-experienced p/hackers to join. Only after a back-ground check and the vote, will you be let in. If you fail to get in, do not be mad, we have turned down many people. Simply wait, improve the reasons that you where not let in, if possible, and in the mean time, learn. We are also looking into other remote S.A.O.O. support boards to net with and share information with. In the event that you would like to support a S.A.O.O. chapter in your area, please contact a member of the Tallahassee S.A.O.O. Benefits do come. Currently we are looking into mostly the Florida region, from Jacksonville To Miami, but are willing to reach into other areas. Head Chief And Writer - The Beaver Editor - Flea Members - ilicon luminum xidation rganization. This Issues Articles Include: I. - A Brief Editorial By The Beaver. II. - Stupid VMS Tricks To Amaze And Piss Off You Friends With. By The Beaver. III. - A Small Telenet Directory Of Washington and NY Areas S.A.O.O Telenet Directory, Part One. By The Beaver and Shadow Hacker IV. - Tymnet Directory Listing S.A.O.O. Tymnet Directory Listing, Part One. By The Beaver, Shadow Hacker and liaison V. - Taking DECservers Off The Air By The Beaver. VI. - ROLM Data Lines, A SAOO Memo By The Beaver VII. - A Critical Profile The Beaver VIII.- Closing Notes And Letters. The Beaver. ______________________________________ l l l Brief Editorial l l The Beaver l l____________________________________l Welcome to Critical Mass issue #6! Sorry for the delay, but much has been going on in our little world. Now on with a little bit of news and a little bit of chit-chat. FIRN 488-0650> has undergone a few changes. They are know supporting CRDC and CRDC VTAM. It operates pretty much like NERDC . The advantages? Not much from our standpoint, except that is provides another lame loop back to FIRN, put that's about is. Other than that, it also will allow access to other machines such as CICS and make it easier to get to CRDC than having to go through NERDC to get there. Other than that, that's about is. FIRN also claims that you have to now have authorized access to get to services like FAUNET , FSU and UFnet , which are no longer listed on the service "menu". This is partly untrue though. Though you cannot access FSU's CDCnet as you use to , it can be accessed by typing "SCRI" at the username prompt. We are not sure if they are aware of this, or if they simply changed all the service names to insure security, but this is what we have found. It is not really even known if UFnet and FAUnet are still on FIRN, but it is speculated that it is, since FIRN still supports FAUVAX. When asked about the changes in the network, they said it was "due to security problems that we have had in the past". A little bit of a myth is going around about the caller ID blocking in our area <*67>. While is does display "" on the ID box, it will NOT however stop the custom calling feature "Last caller" or "Call back". I recently overheard two people talking about call trace and such, when one said, "Naaa, It's impossible to trace calls on WAT's lines". I would like to clear up this myth. ANI's work very well on WAT's lines. You don't believe me? Try code hacking on US Sprint or MCI. The only place that call trace does not work effectively is on old SxS and old Crossbar and all none ESS's , which on WATs are few and wide. Last but not least, SAOO has a new support BBS . It is as follows.... The Upper-Deck BBS <904>222-1291 300/1200/2400 24hrs / 7 Days a week We support all "educational" files on p/hacking and also have many other utilities and such. Right now the BBS is in is building stages and is off to a rocky start. We expect to upgrade quite a bit within the next year. Hopefully soon, we will be running on a 386 25mhz, with around 130 meg on-line, and will support SAOOnet. We are also planing on networking with ShadowGate using TCP/IP. Anyrate, give it a call, because we might decide at anytime to shut the board and stop excepting new users. That's about all on the home front. Chow.... ---====--- _________________________________________ l l l Stupid VMS Tricks To Amaze l l And Piss-Off Friends l l With. l l The Beaver l l_______________________________________l Here are a few little things that myself and other S.A.O.O. members have done to piss each other off, or other people. The information here is relatively none harmful. There nothing big in here. Also, I will not attempt in fully telling about all the VMS commands except for a brief summary. if you have any questions, use the VMS Help facility or contact me. The Simple Mail Loop Trick. This runs on a very simple principle, and that you use a simple little batch loop to send mail to your "mark" . Heres how it works, create the following using the VMS "CREATE" command. Type at the DCL prompt...... create 1.bat When you hit return, you will notice no other prompt appears, but worry not, because create works just as MS- DOS's "copy con" command. Now at this point enter...... $ mail sendme.txt $ submit 2.bat /noprint /nolog Now hit control-z and you have created "1.bat". Now do the exact same as above, with the following modifications... create 2.bat $ mail sendme.txt $ submit 1.bat /noprint /nolog Hit control-z and, yeap, you just created "2.bat". Ok, now we just have one more file to create. That's the "sendme.txt". I would just use the create command as you did before. You can pretty much make this anything that you desire. For instance......... create sendme.txt Hello , Gotten much mail today? Now, we kick this baby off, but first, I will explain what this program will do real quick, though it is quite simple. In our file "1.bat", the first thing it will do is send the "sendme.txt" to our mark. After that, is will start up the "2.bat". In this, it will send mail all over again, and start up the "1.bat" again. So basically it gets caught in a loop!, So what now right? Well, if you will recall, when new mail arrives to a user, if he is on-line, he will get a message along the following lines "NEW MAIL ARRIVE ON NODE FROM ". The mark will have a little bit of trouble in doing his/here work. Heres how we kill our baby off. submit #.bat /noprint/nolog The "#" can be either one you desire, cause it don't really matter at all. Now let me explain a few things. Once you kick this guy off, it is relatively hard to stop. I know of three ways, but I will let you figure them out. After all, that's what hacking is all about anyrate, huh . One thing I will let you in on is that the /noprint basically disables output to the console printer . The /nolog makes it so that it will not fill your directory with thousands of logs of worthless crap. - Kicking each other off Heres another stupid, yet entertaining thing to do to those who don't know about this. Sometime, when I hack with my friends at D.M.'s place, we use to pull this on each other and get in little wars . Slip in under a account that one of your fellow hackers is on . Show the users, and get his PID number for HIS not YOUR current processes. Now type in the following..... stop /id= For example..... stop /id=01922012e What happens? It logs him out. Preferably do this while the mark is getting a huge buffer capture or something. Pretty mean, but that's life. You could also, before you do this, rename the marks "LOGIN.COM" and make a new one with the simple command "$logout" in it. So as soon as the mark gets on, he gets logged out. This works well when breaking in a new, inexperienced friend or what not, cause you can look at the kid and say shit like, "MAN, they busted you hard! HHOOLLYYY SSSHHIITTT! OOHHHH AHHHH", then watch his young face go pale! Don't try the with experience hacks, they will just look at you and say, "gemme a break" and ctrl-c out of the LOGIN.COM. I did this on a hack friend of mine when he was a up and coming type, except he was on a teletype trying to print out a 100k file. I made it last for 30 minutes till I could not control the laughter anymore. The fill the que trick. This one, I guess if it ran long enough, might actually cause damage, but I doubt it. It works on the same bases as the mail routine, in that it is an endless loop. This one, you only do to OP's though, cause it will be noticed. Write the following program . 10 for i=1 to 100 20 open "me"+str$(i)+".com" for output as#1 30 for d=1 to 100 40 print#1,"$submit me"+str$(i)+".com" 50 next d 60 close#1 70 next i Run this program then exit BASIC. Basically, you have created 100 batch jobs. Each batch job will then submit each other. Now, heres where it gets fun. There is a set number, or at least 99.9% or the time, of the number of processes that you can have running. It maybe three or it maybe seven, who knows. We will say that the system you are about to do this on can handle five. Now, with five batch jobs currently running, this means that 500 will be put in the que . When one gets done, one comes out of the que and 100 more are put back in. Its a never ending cycle. The que is nothing more than a holding pen. What happens is that the computer say, "hey, I can only have five batchs running, so the rest I will throw in the que till I get done with these". So 95 go in the que. The other five batchs say "Hey, run these batch jobs!", the computer says,"nope, all you guys go into the que, I will pull you out when I get done." This tends to REALLY piss people off. Now think back on what the /noprint command did. Well, since the que IS going to fill and the OP's are going to notice, you might as well put on a show. One problem though. It will create thousands of log files in your directory, so you will want to employ so why of deleting them. I just used the VAX key buffering and entered "del *.log;*". This will kill the logs, except for the ones in use. The loop in line 10 can be modified to what ever you want, but I would make sure I have the disk space before attempting 10,000. Really though, 100 should do, because it really would make no sense to use 10,000 once you think about it. But let us take this a little bit further here. Remember the mail loop you pulled on your friends? Ah, you get it now..... Add this in at line 45. 45 print#1,"$ mail sendme.txt " Now, lets sit back and picture this seen.... This is the way it happened for me, the only time I ever did this, and I can only speculate what happened in the computer center....... Joe the op, is kicking back, doing what a lot of op's do...... Just killing time. Staring down at his newspaper, he heres a beep at the VAX console. He looks up, "NEW MAIL ON NODE ADLE::", it displays. Two seconds later, line printers start going nuts. He gets up, but as he does, he hears yet more beeps coming from the console. He looks back. His screen is filled with "NEW MAIL ON NODE ADLE::". He grabs a printout, it appears to be batchs running like crazy and dumping to the printer's! He shows the que. He watches for over 30 seconds at the list of batch jobs that are in the que. He gets on the horn and calls a computer security department and says, "we got a big problem". He thinks, "another internet worm.....a virus.....". Half way across the country, a hack know as The Beav. is kicking back, deleting logs, showing users and the que, and laughing bout it ,"I got that asshole back.". He thinks to himself, "I knew this would be easy! I knew it would work. I wonder how long it will take them to purge the que." Back at the computer center, op's storm the consoles. Its real evident as to whom started the whole thing after a simple "show users". They read a piece of mail as it flies in. It states something along the lines of, "Should not let sorry shit head fake hack types kill on your nice system. Tell the sorry fuck if he ever kills/or gives out bogus 'hacked' accounts, life will get worse". Meanwhile, Beav, still at his trusty term says to himself, "I can't believe they have not purged the fuck'in que". The Beav gets a ring. . A "VMS PHONE" request. He answers.................. The only thing he see's is..... HEY! YOUR FILLING THE QUE!!!!!!!!!!!!!! DAMNIT STOP RO\\ Connection closed. Beav, "HAHAHAHAHAHAH". They did finally purged the que, and as you can see, I did this to take revenge on a guy up north that gave me bogus accounts and then killed two of mine! Truthfully, I just had to do it to see how well it would work also. The odds of this actually crashing a system though is I believe, remote to null. Shadow Hacker and I conducted a experiment on a Utah VAX/VMS with no operators on-line and let one of these guys run for over three hours and nothing much really happened. The worse, it might have slowed the system down a little bit. I myself am very much against attempts of crashing systems, though this article might seem other-wise. There is no gain except for a few moments for "whoop" then its over with. With all hackers though, I believe that every once and a while, we like to try to push the limit. These are not much more than jokes with little to no harm. I do condone revenge though. The story above was true, I just cracked the guys personal account and ran it out of his. The time it was attempted in Utah was on a account that had never been used. Well, fuck this explaining myself. If you don't like it, to bad. ______________________________________________ l l l S.A.O.O Telenet Directory l l Part I l l Compiled By The Beaver And Shadow Hacker l l New York and Washington DC l l 3/9/92 l l____________________________________________l Information on Telenet: The First thing you need to do is obtain a dial up list. To do this, call 1-800-424-9494 <1200 7E1, or 1200 8N1 with hit bit striping on>. Once on, you will receive a "TERMINAL=", which at this point, enter your terminal type, or just press return . You will now get a "@" prompt. From here type "c mail". At the "Username?" prompt, enter "phones" and the same for the "Password?" prompt. At this point, simply follow the directions, and you will get your local dialup. One thing I would like to note, when using the 300/1200 dialups, when you connect, simply hit return a few times. When using the 2400 dialups, you must enter "@" followed by a carriage return. For more information on Telenet, I advise you to get Hacker's Unlimited issue#1 or LOD/H Technical Journal for more information on Telenet. I did not wish to make this a text file on Telenet, but rather a directory of listings scanned by myself and fellow S.A.O.O members. These files can be obtained on The Upper-Deck BBS. Prefix: 202 Scanned: 0-400 Suffix Information O/S ------ -------------------------------------------------------------- ---- 001 Unknown PRIME 002 Unknown PRIME 010 Unknown PRIME 012 Unknown PRIME 031 OS/2 News Machine VMS(?) 032 Enhanced Net. Service -- 042 VTAM VM 049 "Enter System id---", Unknown... Test port (?) -- 132 Unknown VMS 141 Unknown -- 142 Unknown -- 150 "UPI>", Unknown -- 201 Compuserve -- 202 Compuserve -- 214 Unknown PRIME 217 Unknown PRIME 238 US Government VMS 245 "New-Line" AOS/VS 255 Morgan Stanley Network VM 259 "Acc from pad 'this' not allowed" -- 261 Federate "* * E D G E * *" -- 262 Federate "* * E D G E * *" -- 336 Congressional Quarterly Online System VMS 337 Congressional Quarterly Online System VMS 351 "Acc from pad 'this' not allowed" -- 356 Unknown PRIME 365 Lexis and Nexis -- 366 Lexis and Nexis -- 367 Lexis and Nexis -- 368 Lexis and Nexis -- 369 Lexis and Nexis -- Prefix: 212 Scanned: 0-999 Suffix Information O/S ------ -------------------------------------------------------------- ---- 030 Unknown (locks) -- 040 Unknown -- 041 Unknown -- 053 Unknown VMS 079 Unknown -- 085 PB System VMS 086 DECServer Rip-off -- 100 Unknown VMS 101 Unknown VMS 102 Unknown, "Invalid sign-on" (need nui) -- 103 Unknown, "Invalid sign-on" (need nui) -- 104 Unknown, "Invalid sign-on" (need nui) -- 112 Shearson Lehman Brothers (VTAM system) VM 130 Morgan Stanly, Gateway server (UN:access) -- 131 Shearson Lehman Brothers (VTAM system) VM 137 Unknown Prime 141 Unknown Prime 145 Unknown -- 152 Unknown VMS 159 Unknown (locks) -- 197 Bankers Trust WANG 217 Tymnet ripoff... almost... -- 218 Tymnet ripoff... almost... -- 226 Telenet PAD -- 242 Unknown -- 248 Unknown PRIME 255 PBS Development System VMS 258 Unknown, locks -- 259 TAS System VMS 260 Banker's Trust Online Network -- 275 Banker's Trust Online Network -- 277 Unknown, Possibly a Telenet Test Port -- 278 Banker's Trust Online Network -- 279 Unknown RSTS 320 Unknown -- 343 Unknown PRIME 376 Banker's Trust Online Network -- 430 Unknown (Connect 31259) -- 448 Emco Sales PRIME 500 "enter a for astra" -- 502 "enter a for astra" -- 503 "enter a for astra" -- 504 "enter a for astra" -- 505 "enter a for astra" -- 506 "enter a for astra" -- 539 Unknown -- 561 Unknown VMS 571 Unknown, Very funny though -- 580 Unknown -- 603 Shearson Lehman Brothers (VTAM system) VM 615 Shearson Lehman Brothers (VTAM system) VM 625 Shearson Lehman Brothers (VTAM system) VM 686 Unknown UNIX 693 Unknown PRIME 703 Unknown, Very secure UNIX 704 Unknown, Very secure UNIX 713 Unknown -- 734 Strange Unix Rip-off -- [Linked systems: 202 909761 <-> 202??? 909406 <-> 202??? ] [ 6171371 <-> 202132 ] [ ] [Linked systems: 212 90940 <-> 212141 31259 <-> 212430 ] This is NOT even to say that these are all the systems in the NY and Washington area! These where very brief scans and there are definitly more. In future issues, we will have better listings, but these should be good enough for a part one. ____________________________________________________ S.A.O.O. Tymnet Listing Part One Compiled By The Beaver/Shadow Hacker/liaison 3/11/92 ________________________________________ To get on Tymnet, dial 422-0149, if in the Tallahassee area. If not, dial 1-800-222-0555. When you connect you should get garbage on the screen, which at this point you should press "a". To find out your local dialups, at the "user name:" prompt, enter "information" or "help" and follow the instructions. Tymnet is run by British Communications (BT) and serves many commands all over the U.S. and outside. On Tymnet, you may find out-modems, companys, other networks and much more. Scanning takes a while, but is possible to do easy enough. If you wish for some scanning pointer's, please e-mail The Beaver or Shadow Hacker, because we don't want to give away our scan method for the fact that they might take out the essential program we need that lets us do relatively easy scanning. Though very little guess work, you should be able to figure it out. Tymnet runs on a X.25 network, which you have probably used before. If you have ever been on FIRN, then you have been on X.25 networking. . Lastly, as you may notice the "PASSWORD" section of the list. One some services, you will notice a "No Password". This either means that there is completely no password, or at the password prompt, hit return a few times. This list was a SAOO file, but it is not the original. It had to be edited so that some possibly damaging information would not get out. To the date of this article, these should be valid..... Heres the portion of the SAOO file.......... Fellow hackers, These are 166 tymnet services and all information available from a very casual "look" at each. All care was taken to insure its accuracy, however since we aren't computers, mistakes are bound to be made. We apologize for any inconvience such inaccuracies may cause. Please notify the SAOO of any mistakes made herein at either of our BBS'es... The Warrior's Retreat @ (904)422-3606 The Upper Deck @ (904)222-1291 - Shadow Hacker - and - ----====---- And a thanks to Liaison, a new prospective member of SAOO for his assistance in verification and his diligent researching of tymnet. Thanks a lot! ----------------------------------------------------------------------------- NAME PASSWORD INFORMATION --------------- --------------- ------------------------------------- aa No Password Outdial Modem access account ace admin air aleart No Password apple No Password NISNet archive avl b banana bbs beaver ben bill bio No Password bird bix No Password Byte Mag. Information Exchange book brown bs bubble buf ca No Password VAX running VMS canada carrier cash Credit Check??? centel Centel, The Phone Company chain cheese class comet corp crash dec decnet dialnet e easynet No Password Credit Checking ? We think so... ed eds express fire No Password Firestone/Bridgestone fork frank franklin fred games gate giga gold No Password Telecom gold, ";" prompt gte GTE? hal help BT Information homer horse houstor hst idea No Password "Not available thru net" inet info information No Password BT Information. inter isreal jackson jacksonville jet john jupiter kanta DECServer, hacked by Mad Max (TE/TP) kk lan lawrence lee lexis No Password Lexis & Nexis liberty life log london lotus lu ma No Password Hayes Inc., VAX running VMS mail master mbs men miami michel mickey micro mike mil morgan Morgan stanley server? naee national nea nes net new nn No Password no null No Password "Usernae Invalid" ny office old online No Password operator orbit No Password outdial Outdial Modem? pan No Password Demo panama panasonic Panasonic paper pascal pay pc ph No Password VTAM server plae prodigy Prodigy Online Service pub reserve scan scott No Password scri FSU SCRI? shadow shearson Shearson/Lehman? silver skim spring sprint Possible US Sprint? steel stop sun super switch sys system t tape target telenet Telenet Gateway temp test tester think No Password Thinking Machines Corp town transfer tray trwnet TRW Credit System turbs turtle tv tymnet Tymnet Gate or what? univ No Password "host shut" usa user username vax vision voyager war warrent water wheat ----------------------------------------------------------------------------- We went to painful stakes to get this to you, so please use it wisely. Thanks. Chow ____________________________________ l l l Taking DECservers Off The Air l l 3/13/91 l l By The Beaver l l__________________________________l This is an "educational" file, that I thought that I might not release, so please just treat it as a educational file, and don't abuse the information in this file. Though, one person has tested the information out, I have not. Though, according to his results, it did work, and needless to say I was very pissed. This information should also hold true for EMULEX and other ripoffs of DECservers. Once again, this is only for the pure knowledge. When I say "off the air", I am not referring to the fact of "crashing", but rather the method of modification of characteristics that will make it so the DECserver cannot be used from certain or all ports. It is actually quite simple, and 9 time out of 10, you would not need "priv'ed" access to do this. There are two commands that one must be familiar with in order to understand how this works. The "set" and the "define" commands. The "set" command basically means that the characteristics changed will take effect immediately. For example, if I say "set port broadcast disabled", my broadcast is disabled right after I hit return. Now if you say "define port broadcast disabled", it will not take effect until a> next user logs in b> the system is init'ed. Ok, with this in mind, lets imagine this, what I said "set port output 75". What this would do is set the output to 75 baud. Either your connection to host machines would be real slow, or most probably, it would not support it. This would take effect right away. Now if you said, "set port input 75", it would change your port speed to you to 75 baud and all you would receive is garbage. How could you get back on? Logout and log back in, because remember, the values will go back to there "defined" values. Now you should be getting the picture. Now if we use "define" instead of "set" it will be held in the DECserver database, and the only way a user can change the defined values is to get on that port . Now in that last bit, we "defined" the bauds, but other things can be changed, and remember, while you are on, they will take no effect until AFTER you have logged out. After getting a little help, you will see that there should be no problem in changing the parity, stop bit, data bit's, etc, etc. If I remember correctly, it is possible to set yourself up with something like 75 baud inspeed, 75 baud outspeed, parity odd, stop bits 2 data bits 6!!!. So the next person to call in would have to have there terminal set to these spec's! No way that will happen! Now you can off online the ports you have access to, unless you are priv'ed in which you can off them all. If you have access to all the ports, then there would be no problem with off'em all. Anyrate, this was just a little bit of information I thought you might like to know. I found this out about 8 months ago, and I am working straight my "not static memory", as Shadow would say. Anyrate, any errors or questions, please contact me, The Beaver. Chow ____________________________ l l l ROLM Data Lines l l A SAOO Memo l l The Beaver l l__________________________l This originally appeared on the SAOO backboards, but has since been released. It is basic information on ROLM Data Lines. The phone numbers have been changed to protect the system, contact me or a fellow SAOO member for more information on the system in question. "ROLM Data Line Information. This file was written due to new information on ROLM Data lines, and the ROLM data line in the 599-xxxx. ROLM data lines is basically a network that has many, many function and great uses. It operates on a "CBX II", and offer the following services SuperPBX, Voice Mail , LAN's, Public and private data transfers, Desk top, call management, Voice communications, Mainframes and Video The lower end ROLM, probably like the one we are dealing with . The stat's on it are as follows...... 165 channels / 15 nodes providing 115,200 2 way channels. The stat's change when a ROLM bus is installed . This is nice and all but, in lines operate at 300bps, so this impressive info does us no good. Ok, now you know a little about ROLM systems. The cool thing about ROLM systems is that it does not use RS232C's, but rather actual phone lines! There are two ways to access a ROLM system. 1> Using a touch tone phone. This is a lame ass way, plus we don't the phone number. 2> Data. We DO have the phone number. To get to the point, we all know, or at least should know, that the 599 prefix serves beepers/VMB's. Now think about everything just stated above, and think........... The ROLM date line supports phone mail, and other communications. Hmmmmm, 599 has lots O' VMBs and beeper's. I think you get the point. Now outgoing calls are recorded, so precautions should be taken. We could pull a Social Engineer after trashing at the ROLM office to gain information. You see ROLM has to be set up simple like, so the average secretary or business man can access it. It's simple enough in most cases that a 10 year old can operate it. Sometimes these systems have passwords, other times not , but this does not mean we are priv'ed or anything. Bad news is that, our ROLM system does not appear to be a standard, in that it don't respond with a "Call, Display Or Modify" prompt. The commands are just as it should prompt, call, display or modify. Heres how to get a list of services/file/whatnot. type: Display groups you should get something along the lines of this..... [21] Payroll [11] Accounting [01] System1243 [23] Number [12] Etc [99] Etc To connect/access a area, you would type....... call payroll Calling 1423 * Connected To Payroll * Or something along these lines. Now, as of the writing of this file, I have not checked out these commands. As I said, it almost appears though that this is a non-standard system. I will check them out though. This system can only be one of two things. There is a office in the 599 which is ROLM district branch. This could be good also. Even better, this could be what controls the VMB's or what not! I am sorta leaning on the ROLM district branch, but it could be possible that the city is also using it and ROLM does all up keep and what not. Another fact is that ROLM's can support more VMB's and what not then the entire 599 prefix can hold!!! Anyrate, that's all, I just thought I would let you in on the deal, ideas and information. The ROLM I found is the following phone number. 599-xxxx WARNING: I would advise routing though a extender. I know, you don't have one. Well, I found one about 4 months ago but lost the phone number, and will be scanning for it again SOON. I believe it is somewhere near the middle of the exchange. Anyrate, have fun, and please give me feedback on this stuff. Chow. ---====--- " _____________________________ l l l Letters l l___________________________l Well, I didn't buffer my mail as usual, so I will have to reconstruct some of the mail that I got. By: Black Knight When is Grind3.0 coming out? >Well, It should be out soon. Within this month possible, but so much has been going on that I have not been able to work on it as much as I would like. Pretty much all that needs to be done is completing the trojan compiler, and get a good VGA intro screen, and that will be about it! Anyrate, you are sure to enjoy, its worth the wait. By: ????????????? I've been playing with the DECserver number on Telenet that you gave me, but I am unable to get the DECnet priv'ed password. Do you have it. >I wrote those articles on DECservers just to give a look at the possible things that you can do with them. Forget the priv'ed access, its nice but no big deal. Go for the systems that are connected to the server. Usually, the computers that run the server is alot more run than the server itself. By: ????????????? Some of the services on FIRN are not on the main menu. Where are they? >FIRN changes every 6-8 months it seems, so it is very likely that the services mentioned in past CM's may not work anymore. ____________________________ l l l Final Notes l l__________________________l Well, that concludes yet another issue of Critical Mass. I hope that with this issue, and others, that you walk away with a little bit more knowledge then before you started. Anyrate, have fun and happy hacking...... Chow ---====---