NOTE: This File is Approximately 50 KB in size. Lodcom Sample Messages Set #1, 4/20/93 In order to provide a better feeling for the content of what the LOD Communications Underground Hack/Phreak BBS Message Base Archives contain, 31 messages were selected from the overall collection of posts for 5 Boards. Note that the samples contained herein are fairly typical and are but a very small fraction of the 5000+ messages from over 50 systems that LODCOM currently possesses. Additional BBS's and messages are being added constantly. Consult the Price Listing [First Version due to be released in Late April 1993 and periodic additions thereafter] for an up-to-date catalog of our holdings and costs (minimal). The selection of messages in Set #1 are from the following Systems: H/P BBS Name A/C Sysop(s) Circa ----------------------------------------------------------------------------- OSUNY 914 Tom Tone & Milo Phonbil 1982/83 WOPR 617 Terminal Man & The Minute Man 1984/85 Phoenix Project 512 The Mentor & Erik Bloodaxe 1988/89/90 The Twilight Zone 203 The Marauder & SafeCracker 1985/86 Black Ice Private 703 The HighwayMan & The Mentor 1988/89 _____________________________________________________________________________ H/P BBS Message Bases to be available in the near future (in addition to the above five) are: 8BBS (213) Circa 1980/81, Modem Over Manhattan (MOM), Twilight Phone (1982), Legion of Doom! (305) sysop: Lex Luthor, Plover-NET (516) sysop: Quasi Moto, Sherwood Forest II (914) co-sysop: Bioc Agent 003, Alliance BBS (618) sysop: Phantom Phreaker, Catch-22 (617) sysop: Silver Spy, Blottoland (216) sysop: King Blotto, Osuny 2 (aka The Crystal Palace) (914), Mines of Moria (713), Pirates Cove (516) sysop: BlackBeard, The Hearing Aid, Split Infinity (408), Farmers of Doom! (303) sysop: Mark Tabas, Shadowland (303) sysop: The ShadowMaster, Metal Shop Private (314) sysops: Taran King and Knight Lightning, ShadowSpawn (219) sysop: Psychic Warlord, IROC, FreeWorld II (301), Planet Earth (714), The C.O.P.S. (305), Ripco (312) sysop: Dr. Ripco, Hackers Heaven (217) sysop: Jedi Warrior, Demon Roach Underground, Stronghold East Elite (516) cosysop: Slave Driver, Pure Nihilism, 5th Amendment (713), Newsweek Elite (617), Phreak Klass 2600 (806), Lunatic Labs (415), Laser Beam (314), Hackers Den, The Freezer (305) sysop: Mr. Cool, The Boca Harbour (305) sysop: Boca Bandit, The Armoury (201) sysop: The Mace, Digital Logic (305), Asgard (201), The CIA bbs, The KGB bbs, Face to Face (1990), Broadway Show (718) Sysop: Broadway Hacker, The Safehouse (612) circa 1983/4, Lost City of Atlantis (215), The Private Sector (2600 sponsor BBS), and more. This message constitutes explicit Permission by LOD Communications to disseminate this File containing 31 actual messages from our Copyrighted (c) 1993 collection of H/P BBS Message Bases so long as the contents are not modified. No part of this File may be published in print without explicit permission by Lodcom. Lodcom Sample H/P BBS Messages: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *** {OSUNY (914) Sysop(s): Tom Tone and Milo Phonbil (both wrote for TAP)} *** *** {Osuny is perhaps the most legendary Phreak Board of all time} *** Msg.:118 Date:10/5/82 From:MILO PHONBIL To:ALL About:STANFORD STUFF Greetings, Stanford phreaks! It seems that those "strange" numbers are really ones that will appear if another person is signed on to the same id. (Like AA.TEG AA.TEG#2 AA.TEG#3 and so on .) Also, while there is no MAIL facility available to "GUEST" accounts, there is a way to send a one-liner to someone els e. The command format is: TO gg.uuu msg Where gg.uuu is the person's id, and the msg is of course, the message. Also, their SPIRES database is quite interesting! Type CALL SPIRES, then SHOW SUBFILES. Then you must SELECT a subfile. For a complete tu torial, try: TUTORIAL MASTERLIST SPIRES is ended by typing EXIT at the -> prompt. Later, MILO PHONBIL Msg. :180 About :MAINFRAMES From :DATA BANDIT To :ALL PHREAKS Date :2/23/83 00:00 -- more -- OK PHREAKS....YOU NEED HELP ON TSO FORMATS,SPF FORMATS,GDDM FORMATS? THIS IS THE GUY TO ASK....I'M DAMN GOOD AT IT...I WORK AS AN OPERATOR ON SUCH SYSTEMS AND KNOW THESE BABIES LIKE I KNOW MY OWN FACE....SO IF YOU NEED HELP...JUST DROP ME A LINE HERE OR ON MY BOARD....303-xxx-3015.... 24 HRS.....I CAN SHOW YOU HOW TO SET UP A PROGRAM ONCE ON IT TO DUMP ALL SYSTEM PASSWORDS AND ALL DATASET PASSWORDS...ETC...SET UP YOURT OWN USER ID...THE WHOLE 9 YARDS... I HAVE MY COMPANY BY THE F*CKING BALLS! SO I CAN TEACH YOU TOO.... JUST ASK ME..... THE ONE AND ONLY DATA BANDIT ][][ ][][][ ON A MAINFRAME NEAR YOU! ---------------\-/----------------- ? MEMBER P.H.A. Msg. :396 About :PHREAK BBS ON THE SOURCE!!! From :MAXWELL WILKE To :ALL Date :3/25/83 Well, believe it or not, there is alread y two small phreak BBS's on The Source!!! They have traded some minor info, including some Sprint codes, and other s uch folly. But the thing is, it's there, has been there since october '82, and The Source knows about it, and they don't care! the BBS's are on the Source's PARTIcipat e, which, admitedely, is a very large, powerful "thing." In a ddition to the two on there now, I took the liberty to create my own, entitled the "P-MENU.SAV GROUP". It is Conferenc e # 83.3257 . Any CompuServe conference members out th ere interested in moving over to PARTIcipate on The Source , let me know. If you do not have instructions on it, I 'll mail 'em to you if you give me your address. I'll see w hat I can do about getting some more Source accounts. A fr iend of mine listed 'em all! later, MW P.S. To all fans of my modifications to The Source: Sorry, the good 'ole boys at STC p icked up on what i did to them (Snicker... haw.. ha w) and they cor- rected my modifications. i put 'e m back, and they fixed 'em again, etc, etc, until t hey finally looked up in their PR1MENET REFERENCE MAN UAL and figured out how to protect their accounts! Oh well... Msg. :476 About :BAD NEWS From :THE HACKER To :ALL Date :4/8/83 BAD NEWS SPRINT IS AT IT AGAIN THEY JUST CAUGHT SOMEONE LAST NIGHT NOW THEY ARE GOING FOR A SECOND KILL THEY ARE GOING AFTER ZERO PAGE THEY HAVE BEEN CALLING AROUND ABOUT SO IF ANYONE OUT THERE KNOWS HIM TELL HIM THAT THEY ARE CALLING AROUND NOW THAT SPRINT AND MCI ARE OUT TO GET ALL OF THE PHREAKS DOES ANYONE HAVE ANY GOOD SERVICES THAT ARE SAFE I AM USING ITT HOW SAFE IS THAT??? PLEASE RESPOND BACK SOMEBODY! THE HACKER [*]THE INNER CIRCLE[*] =-=-=-=-=-=-=-=- -- more -- Msg. :519 About :SPRINT/MCI/OTHER BUGGERS From :ROGER OLSON To :ALL Date :4/17/83 I highly recommend the proceedure mentio ned here earlier for staying OUT OF TROUBLE with "the competi tion". Look for your own passwords. Don't use the ones posted on BBS's except maybe once, to "get a feel" of how the particu lar switch works. If possible, test the codes between 8 - 11 AM to detirmine if they are business codes or not. When possible , use a local loop to call into/out of to the switch you are u sing. This simply adds more frustration in the event anyone is tracing. When possible, STAY AWAY completely from these OCC's, o pting instead to use the Wats lines from large companies, via the ir remote call in ports. You always want to stay away from system s that individually account for each call, as MCI/Sprint do. WATS lines, on the other hand, especially in older exchange s, do not record every number called - just the total time the line was in use, in hours per month. In either case....have your phun now!! Cause after the Final Judgement and Settlement is implemented next year, you will place <> long distan ce calls by merely dialing the number desired, and entering a two digit "choice of carrier" code (for ATT, MCI, Sprint, Allnet, etc) and your local central office will use ANI to sup ervise your call! The outfits like MCI will discontinue dealin g with the public as such, and will only deal who in turn will act like billing/collection agents for MCI, etc. Watch and see! The times are changing! N o more phucking around! Msg.: 211 Date: 10/17/82 From: ROBERT ALLEN To: ALL About: WHITE HOUSE IF ANY OF YOU ARE WONDERING, 800-424-9xxx IS WHAT IS KNOWN AS THE WHITE HOUSE SIGNAL (SWITCH BOARD), AND IT IS RELATIVELY NASTY/FUN, IF ONE KNOWS ALL OF THE SILLY CODEWORDS TO USE.. A FRIEND AND 8 OTHER PHREAKS GOT TRICKY DICK OUT OF BED AT 2:30 AM, BY ASKING FOR "OLYMPUS". I HEAR THERE ARE TAPES OF THE CALL FLOATING AROUND... 800-424-9xxx IS A WH. HOUSE PRESS RECORD ING,THAT CAN BE QUITE FUN, IF YOU LIKE RON'S SPEECHES EARLY... DIAL ANYWHERE, BUT DIAL WITH CARE --BOB-- Msg. :111 About :***WARNING!!!*** From :JIMMY HOFFA To :***PHELLOW-PHREAKERS*** Date :2/19/83 00:00 "FOR ALL YOU *PHELLOW-PHREAKERS* OUT THERE...... there seems to be some "negativeness" out there from a few select peo`le!. WELL, For one thing "THEY" must realize A "*PHREAKER*" IS *NEVER* "*NEGATIVE*" (TAKE NOTE!!. RODGER-OLSON!!).. We ARE A SELECT BREED WHO HAVE BEEN BLEd WITH A REAL UNSATISFYING "THIRST" FOR.. "@KNOWLEDGE*" and Willing to share with "PHELLOW-PHREAKERS". WE CAN DO ANYTHING *MA* CAN DO, ONLY WE CAN DO IT BETTER!!!!! WHO NEEDS "PESSIMISM" ANYWAY???? DID PESSIMISTs HELP BUILD OUR COUNTRY, OUR COMPUTERS, OUR WORLD AROUND US??? NO!!! POSITIVE THINKERS DID, THAT'S WHO!!! PEOPLE WHO HAVE A NEVER-ENDING THIRST FOR KNOWLEDGE, CHALLENGE, AND FOUND NEW IN-ROADS TO HELP BETTER OURSELVES!!! THESE ARE WHAT "I" CALL THE "*REAL*" "PHREAKERS"!!! HOW ABOUT YOU!!! WE CAN TURN NEGATIVES TO POSITIVES EASIER THAN MOST CAN BRUSH THEIR TEETH! WE DON'T NEED NEGATIVES BECAUSE THERE'S ALREAXDY TOO MANY OUT THERE! WHAT WE NEED IS MORE PEOPLE WITH A POSITIVE-MENTAL-ATTITUDE THAT CAN HELP FURTHER OUR QUEST FOR KNOWLEDGE GAINING A SATISFACTION UNBEKNWNST to "NEGATIVE"-"PESIMISTIC" PEOPLE! HAD TO SAY IT AND I DON'T REGRET IT! THIS WAS A>>>>>> ****PUBLIC************ ****SERVICE************ ***ANNOUNCEMENT***************** _____________________________________________________________________________ *** {WOPR (617) SYSOP: Terminal Man. WOPR was a private phreak board and} *** *** {was considered one of the best H/P systems of the time. The} *** *** {following Messages are from 1984 unless stated otherwise} *** Message #33: QUORUM Msg left by: KING BLOTTO Date posted: TUE MAY 29 3:13:14 PM {1984} TO ALL MY SUBJECTS: THIS TOPIC IS ABOUT CONFERENCES. AS MANY OF YOU KNOW, I DON'T CONFERENCE ANYMORE SINCE INFOWORLD PUT OUT AN ARTICLE ON IT ON MARCH 26. THE REASON BEING: THERE ARE N-O SAFE EXCHANGES BEING USED TODAY. EVERYONE SAYS; "BUT THIS IS CHICAGO", "THIS IS A DALLAS EXCHANGE", "THEY CAN'T TRACE CONFEREN- CES!". THE LAST ONE IS MY FAVORITE. THE SYSTEM USED BY ALMOST EVERYONE TODAY IS ALLIANCE TELECONFERENCE. THIS IS NOT BELL OPERATED. QUORUM IS THE BELL CONF. SYSTEM. AND IT'S WORSE THAN ALLIANCE. NEWS HAS IT, THAT ALLIANCE TELECON- FERENCE MIGHT BE GOING UNDER NOW. BUT THEY HAVE STARTED TAKING PEOPLE WITH THEM. ( 5 TO DATE, AS I KNOW) ALLIANCE IS SUPER-PISSED, WELL, WOULDN'T YOU BE? AND ESPECIALLY AFTER EVERY LITTLE 15YR OLD LEARNS HOW TO START ONE UP, HE'LL BE JUST GETTING THEM MORE PISSED OFF. THE ABUSE HAS GROWN TO A MAXIMUM. I AM TRYING TO FIND OUT ALL I CAN ON QUORUM AT WORK. I'LL POST THE INFO AS IT COMES IN. MAJESTICALLY, KING BLOTTO P.S.- READ THE 3/26/84 INFOWORLD! <1-48 LAST=33 E=mail Q=Quit T=Titles> --------------------------------- 69> COSMOS & UNIX --------------------------------- Msg left by: BIOC AGENT 003 Date posted: MON AUG 6 11:18:23 AM COSMOS is basically a modified UNIX sys tem. When a non-priviledged COSMOS user logs on, a program usually called /BIN/PERMIT is run. This tells the system which COSMOS commands the user i s allowed to use. On the other hand, when a priviledged u ser logs in (ie, root, sys, bin, or preop), he is put into the normal UNIX shell (SH) where he can utilize UNIX commands such as: who & cat /etc/ passwd (which will printout the password file). These users can also t ype CHDIR /USR/COSMOS and use ANY of the COSMOS commands since COSMOS is rea lly a sub directory in a UNIX system. They also have a bad (good?) habit of l eaving administrative notices and files (such as the decrypted passwords) layin g around in different directories of the system. In fact, one system down i n Washington, DC has a BIN account with no password (!) until some ASSHOLE decided to change the message of the day"I broke in, ha, ha --Joe Smuck"!!! If you can't get into one of the privil edged accounts then you might as well try for a regular COSMOS account. The typical setup is two letters followed by 2 numbers. Here are a few common on es: TRxx (TRaining -- eg, TR01, TR02, etc.) LSxx(Lac Staff) LA (Line Assignement) FMxx (Frame Manager) NMxx (NAC Manager) RSxx (Repair Service) LMxx (LMOS debug) etc... You best bet would be too go for one of the managers accounts such as NM01. There is also usually a user-name of CO SMOS on the system. The passwords are usually pathetic. Tr y things such as: COSMOS, FRAME, TELCO, etc.) Also try simple words such as: CAT, BAT, RAT, etc. You'll have to guess at the Wire Center , though (WC). It will always b 2 letters. Excelsior, --------------------------------- 1-79 LAST=69 [E]mail [A]bort [T]itles : --------------------------------- 78> Intro To C Search --------------------------------- Msg left by: LORD DIGITAL Date posted: FRI AUG 17 6:20:13 AM {1984} Ok what the program "C PW Scanner", or "The C Search" does is fairly simple. It reads through the main passw ord file searching for a match between A person's name and password and compar es the two. If they match, or if a person's pw is simply his name spelle d backwards. it will write the pw's into a file name of your choice. T his should net you several paswords for every scan at least. The percentage of stupid people on any given system is usually quite high. The entir e search should take about 5 mins. Obviously it can't do too much consider ing everything is crypted... The entire program is internal, and ass umes you have at least one accnt. allready present on the system in quest ion. Instructions :> Pretty simple, all you do is: Uplo ad the text file, use the CC (Compile C) utility, which will give you th e "a.out" (assembly out), now just rename the file (mv) to whatever y ou wish to call it... If anyone wants to trade various C prog rams (trojan horses (not that kind), programs that search for ports with out dial capabilty, etc...) leave e-mail later- .../\^ lord digital ^/\... ------------ -Spectral -- Phorce- --------------------------------- 1-90 LAST=78 [E]mail [A]bort [T]itles : --------------------------------- 83> the old fashioned way... --------------------------------- Msg left by: BIG BROTHER Date posted: FRI AUG 17 10:36:45 PM It might be just as easy when hacking idiot's passwords (User Name, same again; first name, same again; etc.) to do it the old-fashioned way--by hand. Hey, in half an hour I found 15 account s on my 'private' 617 VAX VMS 3.6. Some of them are even partially privili ged. Another thing, always try default pas swords. If the system lets priv'gd users log in thought dial-in lines and the default psswds are still there, you've struck gold. As the wise man sa y, "Keep it to yourself." I once the phone number to a Ztel Prime system (linked to Primenet which eventually links to milnet) with my operator accou nt (User:OPERATOR, no password--default) to a few people. They abused the acco unt(created 10 or 15 other accts for themselves) and it died within days.... --------------------------------- 1-90 LAST=83 [E]mail [A]bort [T]itles : --------------------------------- 85> Pissed As SHIT! --------------------------------- Msg left by: SHARP RAZOR Date posted: SAT AUG 18 4:09:16 AM That is right! i finally have the time and sit down and work with my Wash. DC BIN and PREOP accounts, and 'lo and behold...i call up (i hadn't called for about 5 days) and the #'s were changed. ...not 1..but all 4 dial-ups!! Talk about an abused system! Some of yo u may not know it, but someone logged on and left a cute logon bulletin to all the AT&T bus. people, etc...that went sort of like 'haha, Kilroy wuz here!'...(real cute and intelligent, huh??)..besides that...there were times when I would call at 2AM on a weekday, and see 15-20 people on-line... ...and all on the same account!!! (since the # is changed, I can say it WAS the MF01 act. they were using) Let this be a lesson NOT to go around POSTING COSMOS dial-ups on anything besides a very private BBS,and especial ly not the pw's!...I KNOW that the lower level accounts were given away.. ..but I hope at least the sysop ones weren't..in any case this really shows me not to be so liberal when I hand out COSMOS pw's again. ..Later.. ..Sharp Razor>> The Legion of Doom! (dont worry, I am just a bit po'ed now, but I MAY get over it!!) --------------------------------- 1-90 LAST=85 [E]mail [A]bort [T]itles : Message #87: MORE ESS Msg left by: PAUL MUAD'DIB Date posted: TUE JUN 19 2:59:05 PM I've got many switch and frame #'s to trade, and here's a fun way to get pw's or destroy bbs's- call the switch and do what I said in msg 78 asking for call forwarding on an anonymous # (NOT your local tym- or tele- nets, they DO know them to be special dials)..when he puts it in, call the "frame" #, and say "Hiya, this is Bob Lineman, could you run into the MDF, and try to activate the call forwarding on NNX-XXXX? send it to NNX-XXXF, please, I need to check it out from both ends..." then, hook your computer up to the payphone that NNX-XXXF is, and set up a simulator for the login to that system. When you have it in your pocket, call the frame back and say "Hi, me again, would you just disengage the forwarding on that # for me? I've got the problem, but I need it recieving calls to fix it.." then you can re-hack it later if you want by just calling the frame again in a different shift.. later, Paul Muad'Dib Legion of Doom 1-90 Last=87 E=Mail Q=Quit T=Titles - Message #38: BOSTON COSMOS Msg left by: DOCTOR WHO Date posted: WED MAY 30 10:16:55 PM OK HERE IS A FRESH COSMOS DIALUP..SORRY NO PASSWORD...GO TRASHING BOSTONIANS! 617-338-5xxx SPEAKING OF COSMOS, I WENT TRASHING TOD AY AND GOT A COSMOS PASSWORD. IT SEEMS TO BE A HIGH ACCESS ONE, THEY BROKE IN ON THE GUY USING IT TO DO MAINTENANCE. THE NAME IS FF01. NOW ALL I NEED IS THE DIALUP. I CAN'T SCAN WITH MY MODEM. IF ANYONE WANTS TO DO A LONG-DISTANCE SCAN OF 413, I WILL GIVE YOU THE EXCHANGES T O HACK, AND THE PASSWORD. PLEZE! OH, IF THERE ARE ANY PHREAKS IN THE 413 NPA READING THIS, PLEASE REPLY..ITS LONELY OUT HERE! CONFERENCES: TOO BAD IF A COMPANY GOES OUT OF BUSINESS BECAU SE OF PHREAKS...ONE LONG-DISTANCE COM PANY WHO IS BUGGING ME SAYS THAT PHREAK ING IS FORCING THEM OUT OF THE BUSINESS THAT IS BULLSHIT. DON'T BELIEVE IT. THE PHONE CO.'S MAKE SO MUCH PROFIT ITS PITIFUL. IF IT WASN'T FOR PHREAKS WE WOULD STILL BE STUCK WITH SXS. SO WE HAVE CREATED MANY JOBS..IN AT+T, GTE, I TT...AND IN THE FBI. SO FEEL GOOD..YOU' VE HELPED THE ECONOMY! I HEARD THAT MCI TAKES A BIG TAX LOSS ON STOLEN SERVICES . MUCHO BUCKS SAVED! THATS ALSO (PROBAB LY) THE REASON THE METROPHONE DOESN'T TR Y HARD TO CATCH PHREAKS. YOU KNOW IF THERES ONE THING I CAN'T STAND ITS POLITICS AMONG PHREAKS..ONE PERSON TRYING TO MAKE OTHERS L1 %'AD AND SAY" I RULE!" YOU KNOW WHAT I MEAN? YOU PEOPLE WHO I'ME TALKING ABOUT: NOW THAT YOU'RE HERE UNDER DIFFERENT NAMES, TRY TO BEHAVE!..'NUFF SAID THE T.H.A. (TIMELORDS HOLY ALLIANCE) IS THE GROUP THAT REALLY RULES..BECAUSE WE DON'T HAVE ANY RULES...NO INITIATION.. NO NOTHING...AND YOU NEVER HEAR ANYBODY BADMOUTHING US, DO YOU? IS THERE A GOOD WAY TO BULLSHIT THE FONE CO. FOR THE COSMOS DIALUP? BYE.... -----------=?> DOCTOR WHO --------------------------------- MESSAGE #81: HACK-A-TRIP --------------------------------- Msg left by: BROADWAY HACKER Date posted: TUE JUL 24 8:24:02 PM As you have probably seen on some other good boards, I am ex- tending an offer to anyone who wants to come to New York for free. Hacking airline tickets isn't as hard as you think. If your interested, maybe to go to a TAP m eeting or something, leave me EMAIL. It is relatively easy, but one screwup can ruin you. There are others who may have some idea how this is done, but have not actually done it. Leave me EMAIL if your interest- ed. You must be a minor, however, and y ou must leave me a VALID phone number in feedback since there ar e security measures in- volved since it is grand fraud. *** Broadway Hacker *** (-+-)(Chaos)(+-+) Hack-a-trip --------------------------------- MESSAGE #63: ARGGGH! --------------------------------- Msg left by: KARL MARX Date posted: SAT JUL 21 4:14:43 PM Ahem, I don't know if I am getting moral or something, but things are getting pretty, well, strange. First off: unix is pretty easy to crash if you want to--but why would you want to? Obviously, very few people know "everything" about Unix, and I would like one reason that destroying a system would be better than learning to use it's "special" features. If you want to get your face on Newsweek, go ahead, but otherwise, don't start destroying stuff just for the sake of vandalism! Instead of being a vandal, do somthing Robin Hood-ish, like nice the parent process of the batch runner to -20 or somthing. Or give everyone full privilige to / or make them all user 1. Otherwise, as for metro tracing, that's kinda hard to swallow. Would whoever's friend's sister care to elaborate on that one? I don't know if anyone cares, but I had a chance to take a look at those "goldphones" and Geez!!! There were codes written all over it! I don't understand some people very well. That is simply stupidity. There is really nothing "new and exciting" in phreaking anymore... most of what you hear is bullshit from some twelve-year- old that just learned how to use metro last week. There is simply no "new" anything! Eventually there will be, but until then these "phreak" boards will simply be "how to phreak"--tutorials instead of journals. Drat! :::::::::::::::::::::Karl Marx LOD --------------------------------- You have been on over your time limit. Use the 'O' option to log off. ____ Logout Job ??, TTY ??, On 21-7-84 For 34 Minutes _____________________________________________________________________________ *** {Samples from the Phoenix Project BBS (512), Sysop: The Mentor} *** *** {As many are aware, the Phoenix Project was one of the intended} *** *** {targets in the Hacker Crackdown of 1990 and was erroneously} *** *** {affiliated to Steve Jackson Games' Illuminati BBS} *** *** {Other Networks Sub-Board} *** 8/60: Autonet... Name: Erik Bloodaxe #2 Date: Thu Jan 11 13:18:39 1990 It wouldn't be such a great idea to scan Autonet through the Telenet gateway. Autonet raised a holy shit-fit when Urvile was doing it about a year ago, and sent Telenet Security all kinds of nasty mail bitching for them to stop whoever in 404 was connecting to their system. Telenet blew them off, but if it started again, Telenet might just have to listen to their whining and crack down. I suggest you (or whoever is planning on this) do your scanning through a main dialup. It will be slower, but probably safer in the long run. ->ME 46/60: pac*it Name: Corrupt #114 Date: Thu Feb 01 06:59:10 1990 pac*it plus calls 03110..germany and spain..I didn't think it called DPAC. usefulfor scanning spain..but at this point......hmm I'd be scared of what MCI i would do then GM... anyone up on Kinneynet?hehehehehe I'll post the dialup later but u need a NUI for it :-(( Develnet? I thought the Develnet was just x.25 server software! I've seen several Develnet pads and I had gotinto thesystems it connected to and they weren't MEAN related...maybe I'm wrong?(it was a modm company.) Needless to say I was pissed when everyone used it todeath just to see a pretty (canada)..the reason it diconnects is because of where you're calling from..if you call from canda u probably won'T expirence this problem....on the 03110 develnet..same thing cept you have to be at console...there are still somesystems availble from there that r open..here'Sone IBM <-i couldn't hack it so of course I posted that one:-)) C U-->greets from [8lgm]corrupt *** {The HP-3000 Sub-Board} *** 36/41: Woah! Name: Erik Bloodaxe #2 Date: Mon Jan 22 03:36:40 1990 I wasn't ragging on MPE! Not at all, i was just "JOking" about the large numbers of hp-3000 systems around the world and the unbelievable ease in gaining access on one. Geez, read...MPE seems ok, just kinda hard to get used to. I mean, I'm in HUNDREDS of hp's, but until last year I didn't know what to do with them...so they just sat there. UNIX is just as lame security-wise, but On a percentage basis, I have gotten into 85-90% of the HP's I have found, while I've only gotten into abot 50% of the UNIXes I've found. (Look at me grovel before one of the two HP experts I've ever seen...pathetic, isn't it?) Wiz, no offense intended towards your adopted O.S. ->ME *** {UNIX Sub-Board} *** 60/69: both ways Name: Corrupt #114 Date: Mon Feb 05 05:08:25 1990 nice trojans ------------ good security this works both ways....look-out for unixes(and VMS sites) that keep another copy of /etc/passwd (or sysuaf.dat) and everynite rewrite it over the one used for login(some any mods are discovered)..u can alternatly install some security inside likethis for yourself...(hide it in CROn) (or wherever u want on vms:-)) undersytand? I know I'm not clear:-(( but thats works for you sometimes and it'S simple if you know script:-) anyone here into Rapid Fire hacking? *** {Electronic Banking Sub-Board} *** 12/32: Treason & Government Smegma... Name: Erik Bloodaxe #2 Date: Fri Jan 19 02:06:13 1990 It's the Major SS buzzword these days. Treason. If someone is poking around in ANY system they feel is sensitive (although they leave sysdiag unpassworded, or lp password lp, etc..) they will then label you as: "A Serious Threat to National Security!" Give me a break. Hell, I think my association with Par & Phoenix alone is enough to get me the firing squad. I haven't even done anything, but it seems that everything bad that's happened I keep getting brought up, as I know such and such, or I somehow know EVERYTHING about how such and such happened. Well, I've tried my best to be good, and stay out of government things, military things, etc... I've even edited out the "sensitive" things I've run across in the Telenet scanning just for their sense of well being, but if I begin to feel threatened, it's all going out. Unabridged. We will see...I'm already getting nervous...the feds are already pissed that LOD is still kicking, and this bbs must have SLAMMED it into their faces. And I know that the EFT files must have pissed them off as well, although that may or may not have anything to do with this bbs suddenly going back up. Well, I'm not a threat to ANYTHING, except myself maybe. Anyone who knows me knows that. Back me up people. This is my public announcement of not-guilty to any and all crimes against the Security of the United States. So what if I was scanning 2502 a while back? Anyone ever think that it would be in THE INTEREST OF NATIONAL SECURITY to hop into a Soviet system? I thought it would. Par knows what I mean. Hell, The government now seems to think he's a spy, and wants to shoot him. Killing Teenagers for fun is not my idea of constructive problem solving guys. Take an extended course in the ways of the hacker. That education might do you all a world of good. You may even pick up something you missed in your little weekend getaway training seminar in fighting computer crime. When you come and kick in my door, (don't step on the cat), and if you don't blow me away first, maybe I can educate you all a little better on what is REALLY GOING ON! (This message posted for the Secret Service & CERT, et al. whomever is posing on here, or reading this via Mentor's & My own Data Taps) ->ME *** {Phone Co. Computers Sub-Board} *** 3/46: LMOS Name: Acid Phreak #8 Date: Tue Jan 09 17:56:23 1990 The most recent LMOS interlude was one in my local area. Got the host processor (an IBM 3270) off Predictor. Overall, a very handy tool to add to your telco 'collectables'. The FE's of course were PDP 11/70s using MLT for reference. Aw thit.. lookit all dem Hicaps. --ap (advanced phreaking) 6/46: ICRIS Name: Phiber Optik #6 Date: Wed Jan 10 16:37:27 1990 Not to nitpick, but an LMOS CP is an IBM S370 (3270 is an SNA, used to get to BANCS through LOMS for instance). CRIS, as mentioned, the Customer Record Information System is a dandy little IBM system whose main purpose is to house customer records. There are a small handful of "CRIS" systems, like LCRIS (Local), and ICRIS (Integrated, which should be noted is used by the Residential Service Center). Here in NYNEX, the only way to reach these systems (we obviously aren't hardwired hackers) is through BANCS, a bisync network. BANCS is not direct dialable, but IS available through a 3270 link on the LOMS system, used by LDMC (LAC or FACS, depending where you live). And LOMS IS accessible. A host of systems are also available through FACS (which can be reached through LOMS on BANCS) such as CIMAP, LMOS, SOP, TIRKS, the COSMOS-PREMISE interface, etc. So as you can see, rather than going after any specific system, going after the RIGHT system will pay off greatly (LOMS in this example). Oh, waitta-minnit, those mentioned systems are off of BANCS, sorry. You can reach FACS on BANCS, and access a couple 'o things like some of those mentioned, COSMOS (certain wire centers only), etc. OK, enough rambling. Let's hear someone else's input. Phiber Optik Legion Of Doom! $LOD$ ____________________________________________________________________________ *** {The Twilight Zone BBS (203), Sysop: The Marauder} *** *** {NOTE: All messages from 1985 unless stated otherwise} *** [MSG #12 OF 22]: INWATS & X-LATIONS FROM: THE MARAUDER DATE: MAY 08 {1985} Under CCIS, INWATS (800's) are handled completely different from the older method (the old method i don't completely uderstand, but it translated somehow based on it's own prefix & suffix). under ccis on the other hand, inwats #'s are handled in the following manner: when the 800 number reaches your toll office, a query is made to the 'INWATS DATABASE', (the master database being at the KC RNOCS I believe), i believe each RNOC (regional network operations center, of wich there are 12, one for each region), has their own database (which is updated on a regular basis). a query is made (via a CCIS link) to the inwat's database, and a POTS (plain old telephone service, just a plain 10 digit ddd telephone number, ie: npa+pre+suffix), and the POTS number is pulsed out from the toll center and your call is completed just like a normal ddd (direct distance dialing) call, talthough it was noted that the call was an 800 at the origination (your) toll office, so and you are not charged foor the call.. with this in mind, it's a simple matter for the inwat's database that handles your reigon to return a translation that differs from another reigons translation, for example say fred phreak in new jersey places a call to LDX extender service at 800-XXX-3333, upon reaching his toll center, the toll center quereys the inwat's database that handles new jersey, and a POTS translation is returned which for obvious reasons would be the closest port to him, so let's say the translation was (201)-XXX-4455, the toll office upon recieving this would proceed to complete the call, and fred phreak would be connected to LDX at (201)-XXX-4455.. continued next.. <1-22, ^12> [?/HELP]: [MSG #13 OF 22]: ABOVE CONT'D FROM: THE MARAUDER DATE: MAY 08 now, on the other hand let's say bill phreak in california calls the LDX extender service at (800)-XXX-3333 (same number fred called from NJ), his regions inwat's database may return a completely different POTS x-lation say (213)-XXX-1119, again being ldx's closest port to bill phreaks toll center.. utilizing ccis, and inwat's databases, other clever things are possible for example, as you all know ALLIANCE teleconfrencing is unavailable on weekends, here's how that works: when you dial 0-700-XXX-1000, that number is intercepted at TSPS and translated into a corresponding WAT'S number, for this example, we'll say it translates to (800)-XXX-1003 (white plains), and forwarded from tsps to a toll center, the toll center upon recieving the 800-XXX-1003, queries it's inwat's database and a POTS translation is returned say 914-XXX-6677, which is the DN (Directory Number) for the bridge-center. now on a weekend, the inwat's database, instead of returning 914-XXX-6677 may return 914-XXX-0077, which would terminate at a recording saying alliance is not reachable on weekends.., that's why everyone is alway's interested in the 'ALLIANCE TRANSLATIONS'. Because if you have the x-lation you can simply use a blue box to route yourself directly to the bridgecenter and bypass the whole tanslation procedure.. any questions, please post.. The Marauder Legion of Doom! ____________________________________________________________________________ *** {Black Ice Private (703) BBS Message Base Sample} *** *** {Black Ice had a VERY restrictive user base as shown in the} *** *** {included userlist. The quality of the messages was excellent} *** %> Sub-board: Advanced Telecommunications %> SubOp: ANI Failure %> Messages: 100 %> Files: 0 %> Message: 32 of 100 %> Title: 800 xlations %> When: 12/16/88 at 2:45 am %> Left by: ANI Failure [SubOp] [Level: 8] You can get them from a 4ess or some work centers like RNOC and RWC (good luck, have a dialback).. Or from ONAC in Kansas City (816). The Operations Network Adminstration Center is the focal point for 800 services in the AT&T network. ONAC works in conjuction with the AT&T WATS centers (I think there are 3?) and 800 service co-ordinators to do operations, adminstration, and maintenance on the 800 number network. You can reach the WATS centers phree of charge with a 959 plant test number in the correct NPAs (I know 914 has one). I think it was 959-5000 but that might be wrong. The tech. term for an 800 xlation is a plant test number. This does not have to be pots, but can be other system codes like 122, 195, 196, 123, etc. The only type of 800 number that terminates in POTS is a READYLINE 800 number (AT&T). I don't know about sprint, mci, etc. though. A good topic for investigation though, thankx for the idea! If you have access to a 4e (does anyone on her have this? If so I'll trade anything I have for a 4e), you can type this in to translate a number: well....i can't find the right notebook. it is somethink like: TEST:DSIG;INWATS 800 nxx xxxx! This does a Direct Signaling (DSIG) message into the 4E which commands the 4E to pull the 800 internal number from the network control point (NCP) ove´Ō•jUHˆ+KÕ]— The 4E you are on must be included in the service area of that 800 number though, i.e. someone in the area served by that 4E would have to be able to dial it in order for the 4E to have the xlation. So if the 4E is not in the right area it will say 'NON SUBSCRIBED' or something of that nature. Oh, I just remembered, there is an AT&T work group named DSAC (Direct Signaling Admin. Center) that performs direct signaling messages into switches and things. If you want the DSAC #, I can provide it..I don't think too many phreaks have their number so they might be worth engineering. Oh - the 800 xlation input message into the 4E was social engineered a long time ago by The Marauder and Phucked Agent 04 from an RWC. But, thanks to a fuck up by The Executioner and friends, the RWCs became very tight lipped...it only takes 1 fuckup... Um, I have gotten translations from the customer before, posing as AT&T and giving them bs about 'MLT has found a potential trouble in your circuit' (haha) and we need your translation number. I only did this once since I have never had any major need to pull 800 xlations. But that will work in some cases if a human answers. Or if you can get the terminating company name/location, you can keep engineering and narrow down the locations of the xlation (say within their centrex group or something) and then (ughh..dangerous and slow) scan for the number, or do more engineering for it, etc... There is an easier way to get 800 translations but I swore not to tell anyone (that was the conditions of me getting the info) from a certain AT&T dept and a certain support system...if you want a translation in an AT&T area I will try to get it for you though....so leave mail or post and maybe I can help.. ANI-F legion of 800 numberz ____________________________________________________________________________ *** {UNIX Sub-Board} *** %> Sub-board: UNIX %> SubOp: The Prophet %> Messages: 99 %> Files: 1 %> Message: 5 of 99 %> Title: getty, login %> When: 12/16/88 at 6:19 pm %> Left by: The Urvile [Level: 8] for getty, just check and see if the first entry is , where that is your back door, of sorts. the init program will have to be a bit (?) larger than the original, considering that you'll have to put in the stuff to make it set up your environment & exec /bin/sh. login, on the other hand, can put a backdoor in the gpass() routine, which can conveniently write the passwds to a file. not too useful to have lots of passwds in an already backdoored system, you say? bull. there are lots of southern bell systems i've gotten into by using the same passwds as the hacked system. also, what if they remove the backdoor? too bad, it'll take you an hour or so to put the source up & modify it again. one thing that i've been thinking about: on a system, backdoor getty, login, (for the reasons cited above), and something like 'date', to check 1) if root is using the program, and 2) to see if your handy dandy login has been erased, and put it back if 3) a day or so has elapsed from the last call of the 'date'. well, i thought it was a good idea. much better than using cron & whatever to put a username in the passwd file. encryption on cosmos: it's strange, to be sure. i tried putting a 404 cosmos passwd on your 602 cosmos. The user id's were different, the versions of cosmos were different, i think, but the username was the same. has anyone ever seen ANY (no matter how old) cosmos login source? incidentally, is anyone doing anything on sbdn of late? scanning for addresses is generally a bad idea. *** {SPCS/OSS Information Sub-Board} *** *** {Stored Program Control Systems / Operations Support Systems} *** %> Sub-board: SPCS/OSS Information %> SubOp: ANI Failure %> Messages: 97 %> Files: 1 %> Message: 19 of 97 %> Title: DMS %> When: 12/28/88 at 10:20 am %> Left by: Epsilon [Level: 8] I found out some things about DMS if anyone's interested. I only spent a little while looking around, but I managed to figure out that the DMS does indeed have a sort of tree structure. I haven't figured out the structure of TABLES yet, but I kind of know how the rest works. Watch.. Ok, from the > you can enter tasks, (I prefer to call them toolboxes because they're like little tools you can run to perform different things.) For instance, you have one called LOGUTIL which is some sort of utility that keeps tabs on various things, and you can view the logs kept. After you have entered LOGUTIL, you can type LIST LOGUTIL and it'll spool out commands. You can also type LIST LOGS to see a list of logs that are kept. The next thing I was fooling with was SERVORD, which is obviously some type of Service Order processing software. This toolbox is much friendlier, as it does include the help command, and it provides help on the syntax of each command. Unfortunately, it does not give each parameter for each command. I'm sure that would take up quite a lot of space. I think you're going to need a manual to really do anything cool with SERVORD, but hey.. Sorry if you people knew all of this already. I guess I'll keep posting about it as I learn more. Sheesh. Lame post. Epsilon ____________________________________________________________________________ *** {Userlist as of Mid-May it seems} *** %> Black Ice Private User List <% Name Level Status Posts Last on ===============------------------=====------======-------=====-----=======-- System Operator 11 Sysop 33 5/16/89 The Mentor 11 Sysop 59 5/16/89 Epsilon 8 Charter 106 5/8/89 The Prophet 8 Charter 59 5/15/89 ANI Failure 8 Charter 220 5/6/89 The Urvile 8 Charter 71 5/4/89 Doc Cypher 8 Charter 56 5/13/89 Lex Luthor 8 Charter 21 5/10/89 The Leftist 8 Charter 20 5/14/89 Erik Bloodaxe 8 Charter 75 5/17/89 Empty Promise 8 Charter 16 5/5/89 Generic 1BED5 8 Charter 46 5/16/89 Skinny Puppy 8 Charter 93 4/23/89 Jester Sluggo 8 Charter 32 5/13/89 Red Eye 8 Charter 31 5/2/89 The Marauder 8 Charter 9 5/12/89 Ferrod Sensor 8 Charter 10 3/30/89 ____________________________________________________________________________ *** {Tymnet (Packet Switching Network) Sub-Board} *** %> Sub-board: Tymnet %> SubOp: Lex Luthor %> Messages: 48 %> Files: 0 %> Message: 36 of 48 %> Title: isis and elf %> When: 3/25/89 at 12:37 am %> Left by: Lex Luthor [Level: 8] I believe ANI was correct about the acronym for ISIS. Internally Switched Interface System I think it is the go between from the engine to the node code. Kind of like how assembly is the go between my apple and basic. ELF - Engine Load Facility. This is a program that transfers and loads code into a TYMNET Engine node. ISIS has slots, in each slot a program (node code) can run. This node code is different for different tasks. I should clarify the above, only one 'application' ie: gateway, tymcom, whatever, can run on isis, and usually is found on slot 0. But other programs can be run on other slots. Programs that allow you to log into the slot and do things. like DDT - Dynamic Debugging Tool. All this and more will be explained in my upcoming (hopefully) file on Tymnet called-- Anatomy of a Packet Switching Network: MDC's TYMNET. inter-link cleared from VALTDNET (C) H9 N4067 to TYMNET (C) H5981 N7347 inter-link cleared from H1 N2010 TESTNET to H1 N2200 BUBBNET inter-link cleared from TYMNET (F) H5277 N6420 to BUBBNET (F) H15 N2324 inter-link cleared from AKNET to TYMNET inter-link cleared from TYMNET to AKNET inter-link cleared from TRWNET to PUBLIC TYMNET inter-link cleared from PUBLIC TYMNET to TRWNET please log in: DECLOD Password: DECLODH Interlink established from TYMNET to TSN-NET Please log in: Gomer T. Geekster --Lex %> Message: 44 of 48 %> Title: ontyme II %> When: 4/4/89 at 1:15 am %> Left by: Lex Luthor [Level: 8] The system used for setting up the DECLOD acct was TYMVALIDATE which isn't exactly the same as NETVAL but close. Be careful with ONTYME II, since it automatically updates ALL files you read. So if you read some files in that persons' personal directory, they can see that either someone has their acct/pass or someone is using IMITATE and reading their stuff. Me and Skinny Puppy are working on a way to defeat this.... Lex %> Message: 47 of 48 %> Title: INTL TYMNET %> When: 4/21/89 at 1:17 pm %> Left by: Skinny Puppy [Level: 8] International Tymnet - how many of you have seen tymnet claiming that it serves over 65 countries, but don't really belive it? well, they do, sort of. There is a tymnet-europe called Mcdonnell Douglas Information Systems (MDIS). While I don't have any dialups for it, I have X.121 addresses in France and BeNeLuxKG. once you get there, you can type HELP and glean alot of what is going on. The interesting thing is that a lot of things that say ACCESS NOT PERMITTED from regular tymnet are actually european addresses and can be used on MDIS. for instance, ROMA (Italian for ROME), ESAIRS, and EURONET (which is a host selector for american public timesharing systems). While there doesn't seem to be a lot of european hosts, I am sure that if everyone on here pulled up all their old tymnet-hack sheets where they had things listed as ANP (My abbreviated for ACCESS NOT PERMITTED) and tried a few we could find something new. Right now, I will only give out my French MDIS gateway - It is 208092020029. Figure out how to get there yourself. If you DO find anything interesting, leave me mail, and we can trade. I already have some internal MDIS systems there, if I can just figure out how to use them. Coming Soon to a Board not so near to you: NISNET (tymnet-japan) and the Carribean tymnets. Until then, ASSIMILATE Skinny Puppy 21 april 1989 _____________________________________________________________________________ %> Sub-board: Vocal Hacking %> SubOp: ANI Failure %> Messages: 45 %> Files: 0 %> Message: 3 of 45 %> Title: Operator engineering %> When: 12/6/88 at 12:43 am %> Left by: Ferrod Sensor [Level: 8] To answer ANIF's question, I have been doing some TSPS/TOPS engineering lately for a variety of purposes, one of which is a bit far fetched but has possibilities. I am trying to find a way to possibly freeze an operator console (the method I am trying is actually simpler than it sounds). It involves getting the op to connect to a short circuite test code, either by ACS (key) or by OGT (outgoing trunk) outpulsing sequence. There area a few flaws in this though, the main one being the more than likely possibility of the Op simply releasing the console position (even though the short circuit, when dialed, cannot be hang up on, the caller must wait for it to time out (about three minutes or so).If this was the case, then the result could be the Operator having an inaccessible outgoing line for a short period of time, which wouldn't affect much with the actuall console..The things I tried recently with this didn't result in much, but if I take into account TOPS/TSPS RTA (Remote Trunking Arrangements) setups (where a caller from one area code, with a 0+ or 0- call, may be connected to an operator in a site in a different NPA. Test codes are different, even in exchanges, so an operator site in a diffeerent NPA wouldn't be affected the same with a different code. The overall purpose to this would be to create a certain condition with the operator network that could be used to gain information when investigated, say by someone from Mtce. engineering or theTOPS/TSPS SCC or equivalents. There are other ways to start an engineer of course, but this is just something that's concrete (meaning you could get people to fish around for info a bit easier than coming in for a random request. This is getting a bit long. I'lll post more later about Operator engineering, something more immediately practical next time. The board looks promising. Ferrod/LOD ______________________________________________________________________________ LOD Communications: Leaders in Engineering, Social and Otherwise ;) Email: lodcom@mindvox.phantom.com Voice Mail: 512-448-5098 Snail Mail: LOD Communications 603 W. 13th Suite 1A-278 Austin, Texas USA 78701 ______________________________________________________________________________ End Sample H/P BBS Messages File