Cracking Auto Bank Teller Machines by the Suspect

CRACKINGAUTOBANKTELLER MACHINES

Downloaded by the Suspect

Most auto teller machines require an
ID card to retrieve money. The circuit
ry inside the machines has been made mo
re sophisticated year after year. After
the 3 highschool kids got $92,000 from
a machine in California in 1983, the F
BI investigated and found out how they
used cracked account numbers to gain a
ccess, the California Trade Commision i
mposed stricter regulations regarding t
he protection of bank teller machines.
The all-plastic ID cards which could be
easily forged with the right account n
umber and codes were replaced with undu
plicatable ones which had a special mat
erial only sensitive sensors in the mac
hines could detect. When faulty cards
were inserted in the machines, alarms w
ent off and guards were summoned. Lots
of good hackers were taken out of busin
ess this way. Now, not only is therea
special coating on the IDcards, but t
he codes also indicate social security
# and name, age and address of the owne
r. The computers were impenetrable, be
cause those carrying ID numbers and inf
o were unreachable by conventional phon
e lines. Codes were shipped via armor
ed car.
The phone line #’s used by the ID re
cords computers are all on the military
exchange, and an automatic tracer is a
lways included. My friend tried hackin
g this one with a sandbox attached, and
although he wasn’t traced, the securit
y traced his hacked ID number. He told
me in a note he slipped me in the juvey
he’s been put in. The security caught
him when they checked his ID number ag
ainst the backup copy at the supposed b
ank. If this isn’t hard enough, the ba
nk’s files are also checked against har
d copy backup files, unaccessable to yo
u know who (us!).
If anyone has any info that can he
lp us with this dilemma, please call!
>?
>EXIT
>MENU

9: Text Philez P-Z
+-+UD:Punter
[-]30 Minutes
+-+UnltdBlk:

Telenet: The Secret Exposed

Telenet The Secret Exposed…

For years, people and myself, have offtend tried to”work telenet unto a coma”..
With no success, for the past few years, i have gathered data, and finally
know the system, its faults, capabilities, and errors.
This really should be in a text file, but. i wish this information to
be reserved for the few users on this system.

before i start, here are a few basic commands to get famialir with:

Execution syntax of command function
————————————————————————

Connect c (sp) Connects to a host (opt)

Status stat Displays network port add

Full-Duplex full network echo

Half-Duplex half Termnial echo

Mail
or
Telemail mail telemail telemail

set Parmaters set (sp) 2:0,3:2 Select Pad Parameters

Read Paramaters par? par?(sp)2:0,3:2 display pad

Set and read
Paramaters set?(sp)2:0,3:2

escape escape from data modew

File Trasnfer dtape Prepares network for bulk

continue cont

disconnect bye or d

hang up hangup

terminial term(sp)d1 Set TERM

test

test(sp)char

test(sp)echo

test(sp)triangle

this is the end of the commands, view next msg for useage:

Trap and pipe x.25 prot. (telenet)…

Please note this is a very difficult transaction… The following
flow chart, will only work on a machine with atleast 10 Mhz..
However, an account on a unix, with cu capabilities will also work..

Package networking, is exactly what it means..
before, i go into detail, let me give you and over view…

————-
Host
————-
!
!
!
!
—————–
telenet, remote
$ divertor, and
pacakge.
——————
!
!
———————
! ! ! !
! ! ! !
u u u u
s s s s
e e e e
r r r r
s s s s

If you notice carefully, there is online to the host and 4 users. That
is how its packaged, for instance the first 100 mills. will be from user
on then two etc.. The way telenet can tell which is user is which, is
simply by the time. Time is of the essense. data is constantly been
packed, anywhere from 100 mils. to 760 mils. The trick to trap tapping
and piping, a lead off of telenet, is to have as system running four
proccewss and the same time, and have a master prgm. that switch’s at
the appropriate delays… As you can see this is where a 10 Mhz +
system, is needed.

On the host end.

The host end consists of three things..

1) 9600 baud modem

2) a dedicated telcue line

3) a network pad..

I doubt know one needs a lesson on the first two, but lets take a look
at telenets, “weakest” link..

Network Pad
———-

There are three types of network pads a 4 pad 12 pad and 32 pad
They really do not make a diffrence, it only changes the amount
of users, capable of using on line..

example. if you have a 4 network pad. you system will be able to handle
four users from telenet etc…

The network pad is Such a piece of”shit you have know idea..

All parameters are set remotly by a telenet eng..

This is important…

If the pad is every shutoff all parameters are lost.. and an eng. must
reload the pad.. (again, this is done remotly)

to give you a small ifea, of$the amount of programing in thms pad (which
i might add has over 2 megs of internal RAM) for an eng. to upload it ct
9600 bps.. it took approx 38 mins.

The Pad is not a computer, if ytou think about it though, if your
traveling at 1200 on telenet, your actually travling at 9600 and back to
1200.. when x.25 is unpacked..

How is the pad set remotly..

lets take an example…

c 2122

now c 2122 /(?this is an example)

ha four nodes its a siml divester to the next node. however you can
specify, the node you want

c”212.01
c 212.02
etc….

nodes can also”be stated as 2122a is the same as “2122.01
and 2122.03 is the same as 2122c

Now that we know how to access the indiv. nodes. let me show you a small
secret…

Theres a programing node.. so an eng. can upload, to your network pad..

every address has it…
it always ends in 99

so, if i wanted to trap and tap c 2122

i would enter c 2122.99

you would get a connected.. but is you notice nothin happens..

at this point do not touch any keys.. a wrong key stroke, will
most likely alert someone to your tampering..
(dont forget, all network pads have a direct alarm signle.. so follow my
directions to the t…

enter in :

with out a return.. you should get telenet

if you dont give it a min. then hit return. your actually there. but the
prompt, just didnt print.. ok..

Now type

set 15:0

when entered.. hold 15 secs.. for a time delay..

then type in cont

to continue, with the host you brokg from…..

you will get a message:

TP3005 DEBUG PORT V5.37.03
>

your now, directly accessed the network pad..

Please note some of these have passwords:
However
if your prompted for a password, of if nothing happens:
telenet has two standard passwords:
superman
represeting a male tech.
and
$ wonderwomen
repre. a woman tech..
when in your prompt is always a greater than sign:
>

type the following:

7FDS
HIT RETURN

youll get a responce: $ E 01

NOW TYPE IN:
L7FE,L,A2,R2,D

then youll get a message: R 00A626 8805

now enter ing: 40588

YOUR RESPONCE WILL BE : E 01

right now you should open at least a 640K buffer…..

now type in > R0589

YOU’LL GET A WHOLE LIST OF DATA THAT IS CURRENTLY CROSSING THE PADS
DUPLEX.
ONE LINE WILL LOOK LIKE THIS:

R 00A625 06805FF17068703 1287100230050540 0000000000000000 FF020101000000

þ”&]%%+f! ! )19AIQYai

ÿIt seems that not many of you know that Telenet is connected to about 80
computer-networks in the world. No, I don’t mean 80 nodes, but 80 networks
with thousands of unprotected computers. When you call your local Telenet-
gateway, you can only call those computers which accept reverse-charging-calls.
If you want to call computers in foreign countries or computers in USA which
do not accept R-calls, you need a Telenet-ID. Did you ever notice that you can
type ID XXXX when being connected to Telenet? You are then asked for the
password. If you have such a NUI (Network-User-ID) you can call nearly every
host connected to any computer-network in the world. Here are some examples:
026245400090184 is a VAX in Germany (Username: DATEXP and leave mail for
CHRIS !!!)
0311050500061 is the Los Alamos Integrated computing network (One of the
hosts connected to it is the DNA (Defense Nuclear Agency)!!!)
0530197000016 is a BBS in New Zealand
024050256 is the S-E-Bank in Stockholm, Sweden (Login as GAMES !!!)
02284681140541 CERN in Geneva in Switzerland (one of the biggest nuclear
research centers in the world) Login as GUEST
0234212301161 A Videotex-standard system. Type OPTEL to get in and
use the ID 999_ with the password 9_
0242211000001 University of Oslo in Norway (Type LOGIN 17,17 to play
the Multi-User-Dungeon !)
0425130000215 Something like ITT Dialcom, but this one is in Israel !
ID HELP with password HELP works fine with security level 3
0310600584401 is the Washington Post News Service via Tymnet (Yes, Tymnet
is connected to Telenet, too !) ID and Password is: PETER
You can read the news of the next day !

The prefixes are as follows:
02624 is Datex-P in Germany
02342 is PSS in England
03110 is Telenet in USA
03106 is Tymnet in USA
02405 is Telepak in Sweden
04251 is Isranet in Israel
02080 is Transpac in France
02284 is Telepac in Switzerland
02724 is Eirpac in Ireland
02704 is Luxpac in Luxembourg
05252 is Telepac in Singapore
04408 is Venus-P in Japan
…and so on… Some of the countries have more than one packet-switching-
network (USA has 11, Canada has 3, etc).

OK. That should be enough for the moment. As you see most of the passwords
are very simple. This is because they must not have any fear of hackers. Only
a few German hackers use these networks. Most of the computers are absolutely
easy to hack !!!
So, try to find out some Telenet-ID’s and leave them here. If you need more
numbers, leave e-mail.
I’m calling from Germany via the German Datex-P network, which is similar to
Telenet. We have a lot of those NUI’s for the German network, but none for
a special Tymnet-outdial-computer in USA, which connects me to any phone #.

CUL8R, Mad Max

PS: Call 026245621040000 and type ID INF300 with password DATACOM to get more
Informations on packet-switching-networks !

PS2: The new password for the Washington Post is KING !!!!

Distributed in part by:

Skeleton Crue xxx-xxx-xxxx located out of Moraga, California.
!!Get on the band wagon before it RUNS YOU DOWN!!
The very LAST bastion of Abusive Thought in all of the Suburbian West Coast…
(CH&AOS)



Telenet Codes, Hacked Out by ZORON (May 1, 1988)

TELENET CODES
5/01/88

HACKED OUT BY
!ZORON!

ABBREVIATION LIST
———————————————————-
^ = CNTRL UNK = UNKNOWN
C.B. = CITIBANK C/C/M = CITICORP MANAGER
REF = REFUSED COLLECT CALL

@ CONNECTION | CONNECTION ENDING | SERVICE AND HELPFUL HINTS
————————————————————–
21211 | 212 11 | UNK, ENTER SERVICE TO LOGON
21212 | 212 12 | PART OF ABOVE SYSTEM
21211 | 212 21 | PRIMENET 20.2.2 SYSA
212130 | 212 130 | MORGAN STANLEY NETWORK
212131 | 212 131 | VM/370 ONLINE VM/HP042
212137 | 212 137 | PRIMENET 20.2.3.R18.S14 NY60
212141 | 909 406 | UNK, THERE IS A GUEST ACCOUNT!
212142 | | DITTO
212145 | 212 145 | OFFICE INFORMATION SYSTEMS
212146 | 212 146 | DITTO
212150 | 212 150 | UNK
212152 | 212 152A | UNK
212159 | 212 159 | UNK
212200 | 212 200A | UNK
212201 | 212 201A | UNK
212203A | 212 203A | UNK, TELENET IN NY??
212203B | 212 203B | UNK, TELENET IN NY??
212203C | 212 203C | UNK, TELENET IN NY??
212203D | 212 203D | UNK, TELENET IN NY??
212203E | 212 203E | UNK, TELENET IN NY??
212203F | 212 203F | UNK, TELENET IN NY??
212219 | 212 219 | NEO, ACCOUNT ID : AA012A
212226 | 212 226 | VM370/ONLINE
212246 | 212 246 | UTC SYSTEM
212248 | 212 248 | PRIMENET 20.2.4 RYE
212258 | 212 258 | OFFICE INFORMATION SYSTEM (NYOISE)
212260 | 212 260 | BANKERS TRUST ONLINE
212263 | 212 263 | BANKERS TRUST ONLINE
212269 | 212 269 | DECSERVER200 TERM SERVER 1.0 BL20-LAT V5.1
212276 | 212 276 | UNKNOWN
212281 | 212 281A | CITICASH MANAGER
212282 | 212 282A | CITICASH MANAGER
212315 | 212 315 | BUSY
212316 | 212 316 | BUSY
212320 | 212 320 : UNK
212321 | 212 321 | PART OF ABOVE SYSTEM
212328 | 212 200A | UNK
212369 | 212 369 | UNK
212370 | 212 370 | PART OF ABOVE SYSTEM
212374 | 212 374 | BUSINESS SYSTEM NODE (CORP04)
213121 | 212 121 | PRIMENET 20.2.4 SWWE1
213230 | 213 230 | UNK
2143A | 214 3A | BUSY
2148A | 214 8A | BUSY
2148B | 214 8B | BUSY
2148C | 214 8C | BUSY
21412A | 214 12A | BUSY
21412B | 214 12B | BUSY
21421 | 214 21 | US SPRINT APPLICATION, PHOENIX
21442 | 214 42 | DNA ONLINE
21444 | 214 44 | UNK, ACCESS FOR CODE BUT MASKS “FAST-TAX”
21456 | 214 56 | PRIMENET 20.1.1A BOWSER
21460 | 214 60 | UNK, ‘:’ CIEER
21471 | 214 71 | PRIMENET FB.3.3 UCCA,
FASBAC 11/30/87
(C) 1986 POWER COMPUTING CO.
(214)-655-8676
21472 | 214 72 | POWER COMPUTING CO, CDC ONLINE
21476 | 214 76 | POWER COMPUTING CO. CYBER ONLINE
21477 | 214 77 | PRIMENET FB.3.3 UCCA,
FASBAC 11/30/87
(C) 1986 POWER COMPUTING CO.
(214)-655-8676
21554 | 215 54 | REF
21560 | 215 60 | REF
21566 | 215 66 | NEWSNET
21574 | 215 74 | UNK
22300 | 223 901378 | C.B. VTAM
22304 | 223 4 | UNK
22306 | 223 6 | IBM SYSTEM 88
22307 | 223 7 | CITICORP TEST MESSAGES
22310 | 223 10 | PRIMENET
22311 | 223 92460 | C/C/M
22326 | 223 26 | IBISM ELECTRONIC VILLAGE
22331 | 223 31 | ASTRA APPLICATION? , ENTER ‘A’
22332 | 223 32 | DITTO
22335 | 223 35 | CITI TREASURY PRODUCTS, *EXIT*
22340 | 223 40 | GLOBAL REPORT CITICORP
22343 | | UNK
22349 | 223 50.77 | HELP – CITIBANK
22350 | 223 50 | PRIMENET
22352 | 223 52 | CITI TREASURY PRODUCTS
22353 | 223 53 | DITTO
22355 | 223 55 | PRIMENET
22357 | 223 90095O | UNK
22358 | 223 90582K | C.B. VENEZUELA CBC1
22359 | 223 90590A | UNK
22360 | 223 60 | GLOBAL REPORT CITICORP
22361 | 223 61 | DITTO
22362 | 223 61 | DITTO
22366 | 223 66 | DITTO
22367 | 223 67 | DITTO
22368 | 223 68 | CITIMAIL II
22369 | 223 69 | CITIMAIL II
22370 | 223 70 | F.I.G. SYSTEM PARSIPANNY – MIS
22371 | 223 71 | ELECTRONIC CHECK MANAGER
22379 | 223 79 | UNK
22380 | 223 80 | RSTS V7.2 CFIB, ^J TO ENTER
22381 | 223 90249B | C.B. TOKYO CBT1
22383 | | C.B. NEW YORK
22385 | | C.B. HONG KONG
22386 | 223 90068H | C.B. PORT 3
22387 | | FINANCIAL CONTROL
22388 | 223 90863 | ELECTRONIC BANKING CENTER
22389 | 223 91952A | C.B. INTERNATIONAL CORPORATE CENTER
22390 | | WANG VS LOGON
22391 | | UNK
22392 | 223 92A | CITINET
22393 | 223 93 | UNK
22395 | | UNK
22397 | | ELECTRONIC BANKING CENTER, 1-800-624-9522
22398 | 223 98 | CITICORP NAIB, CAPITAL MARKET ANALYSIS
223102 | 223 90042K | CITISWITCH, HK
223105 | 223 90187D | UNK, ‘TYPE.’
223106 | 223 90504D | C.B. PANAMA
223108 | 223 924601 | C/C/M, CYBOS
223109 | 223 9121 | BAHRAIN BOOK
223121 | 223 91876K | ***** C.B. ITG TEST BOX 2 *****
223122 | 223 90824H | GLOBAL REPORT FROM CITICORP
223123 | 223 906615 | UNK, ONE SHOT!
223124 | 223 90869 | C.B. ELECTRONIC BANK SYSTEM
223125 | 223 90117R | CITICASH
223127 | 223 91017D | C.B. CBJ1 PORT 3
223128 | 223 90156A | UNK
223129 | 223 90821 | CITI TREASURY PRODUCTS
223130 | 223 90828A | CITI TREASURY
223131 | 223 90115F | C.B. NY CBNN
223132 | 223 90821F | VTAM,
CMD: X
CICS APPLID: TPX
HOST SYS: MVS/XA
PURPOSE: TAPS
DESC: TPX

TPX V1.5.1 – TRADER ANALYSIS PROC. SYS
(THE CONCURRENT SYSTEM MANAGEMENT)
BY DUQUESNE SYS, INC.

CITICORP INFORMATION SYS RESEARCH
PARSIPANNY, NJ

223145 | 223 90238Q | UNK, (LOGO$CP)
223148 | 223 90387 | C.B. PORT1
223149 | 223 90291T | C.B. CBBD, PORT 0
223150 | 223 90829H | CITICORP INFORMATION SYS RESEARCH INC.
223151 | 223 90833E | UNK, .TYPE
223153 | 223 90012A | N.I.M. VER 2 BAHRAIN BRANCH C.B. VDS1
223154 | 223 91463T | UNK, (LOGO$CP)
223158 | 223 90218C | CITIMAIL EURO/MEAD V8.40
223159 | 223 90118I | UNK, NO RESPONSE
223160 | 223 92460 | UNK, ‘COM /CR CLR PAD,0’
223161 | 223 92460 | F.I.G. SYSTEMS – PARISPANNY- MIS
223162 | 223 92460 | COM/ PRIMENET 18.3 TLNT TP SYS CITIBK
^E RESPONSE- 31103170031001
223163 | 223 92460 | DITTO
223164 | 223 92460 | PRIMENET
223165 | 223 92460 | IBISM ELECTRONIC VILLAGE
SOME SYSTEMS:
BOXA3D1 CTRACKS
CM5 CSWITCH
CM2 CLUES
CM7 APPLE
CM8
223166 | 223 92460 | CITI TREASURY PRODUCTS
223167 | 223 92460 | DITTO
223168 | 223 92460 | GLOBAL REPORT FROM C.C.
223170 | 223 92460 | ELECTRONIC CHECK MANAGER,
ASS. (212)-363-3333
223172 | 223 92460 | UNK
223173 | 223 92460 | HELP, STAFF PASSWORD
CALL OR CITIMAIL
PETER SIDORENKO IN N.Y.
(212)-558-0077
223174 | 223 92460 | PERSONNEL TECHNOLOGY MANAGEMENT
OTHER DIAL-UPS:
(516)-420-4930
(212)-319-5911
SOME SYSTEMS:
VM/370
3274 CONTROLLER EMULATOR
????
223175 | 223 175 | UNK, ‘ENTER A FOR ASTRA’
223176 | 223 92460 | UNK, ‘ENTER USERNAME’
223177 | 223 92460 | UNK, ‘FIELDS?’
223179 | 223 92460 | CITINET
223185 | 223 90912 | UNK
223187 | 223 187A | DEC SERVER 200 TERM SERVER 1.0
223189 | 223 189A | DITTO
223190 | 223 92460 | UNK, ‘:’ OPERATOR.SYS
223191 | 223 191A | UNK, CSWITCH? IBISM????
223192 | 223 92460 | UNK
223200 | 223 200 | C/C/M
223201 | 223 201 | C/C/M
223202 | 223 202 | C/C/M
223203 | 223 203 | C/C/M
223204 | 223 204 | C/C/M
22400 | | NORTH AMERICAN FINANCIAL GROUP
22401 | | C.B. PORT 7
22402 | 223 90825H | GLOBAL REPORT
22407 | | CITICORP INFORMATION SYSTEMS RESEARCH
22410 | 223 90111J | CORVUS CONSTELLATION
22414 | | C/C/M
22417 | | C.B., REQUIRES CITIPC KEYBOARD
22419 | 223 90002C | UNK, TRY ^U, ^T, ^O
22420 | 223 90913K | DEC SYS 20 TOPS MONITOR
22421 | 223 9008N | SIGNAPORE VAX – 11 / 750
22422 | 223 90227A | C.B. ABIDJAN CBAF2
22423 | 223 90025 | C.B. BAHRAIN BOOK UD52
22425 | 223 90645B | C.B. NAIROBI CBAF2
22426 | 223 90009P | UNK
22427 | 223 90271E | C.B. JOHANNESBURG CB51
22428 | 223 9010IM | DIGITAL ETHERNET TERMINAL SERVICE
22429 | 223 90025F | C.B. DUBAI
22430 | 223 90301E | C.B. PIRAUES CBG2
22431 | 223 90281Q | C.B. AMSTERDAM CBA1
22432 | 223 90321E | C.B. BRUSSELS CBB2
22433 | | C.B. PARIS
22434 | 223 9034E | C.B. MADRID
22435 | 223 91101V | C.B. CBBA
22436 | 223 90528M | C.B. MEXICO
22437 | 223 92460 | EMEA CORPORATE AND GOVERMENT SERVICES
22438 | | C.B. BRUSSELS
22439 | 223 90391E | C.B. MILAN
22440 | 223 91474A | UNK
22441 | 223 91737B | C.B. ZURICH
22442 | 223 91739C | C.B. ZURICH
22443 | 223 90281O | UNK
22444 | 223 90446 | C.B. LONDON
22445 | 223 90661M | UNK
22446 | 223 90661N | UNK
22447 | | PPD COMMUNICATION NETWORK
22448 | 223 91238 | UNK
22449 | 223 90493K | C.B. FRANKFURT
22450 | 223 90679 | C.B. LUXEMBOURG CBQ1
22451 | 223 90123Q | BUFFALO NY REMITTANCE SERVICE
22452 | 223 90009N | C.B. MEXICO CBC6
22453 | 223 90281R | C.B. NEW JERSEY
22454 | | UNK
22455 | 223 90005F | C.B. BRAZIL
22457 | 223 90105O | UNK
22458 | 223 90002K | C.B. VENEZUELA CBC1
22459 | 223 90000A | C.B. ECUADOR
22460 | 223 910637 | C.B. KUALA LUMPUR CBK4
22461 | 223 90636B | C.B. SYDNEY CBS5
22462 | 223 91014D | C.B. JAKARTA (COSMOS)
22463 | 223 91495B | MANILA CBU3
22464 | 223 90263A | CITICORP C.B.
22465 | 223 91461F | C.B. SINGAPORE
22466 | 223 90073 | UNK, ^E ‘1%3457|90’
22467 | 223 90034 | UNK
22469 | 223 90250K | CITIMAIL EURO/MEAD
22470 | 223 90254G | DITTO
22476 | 223 90685H | UNK
22490 | | WANG VS LOGON
22493 | | BANCO INTERNATIONAL COLUMBIA
22498 | 223 9000 | C/C/M
224100 | 223 90103R | CITISWITCH NJ
224101 | 223 90458C | BMS
224102 | 223 90042K | CITISWITCH HK
224105 | 223 90007D | UNK, TYPE .
224106 | 223 90003D | C.B. PANAMA
224108 | 223 90000 | C/C/M
224109 | 223 91211 | N.I.M. V.2 BAHRAIN BOOK
224110 | 223 90003A | UNK, TYPE .
224111 | 223 90119V | FAME’S ETHERNET
SOME SYSTEMS:
CS1 FAMEB
S1 MODEM
HSM CS100A
GS3 GS3D
CS100B FAMEA
MVAX IBISM
224114 | 223 91745B | UNK
224115 | 223 90115Q | UNK
224117 | 223 90000 | UNK
224120 | 223 90003E | UNK, ESPANOLO
224121 | 223 90002 | ITG TEST BOX 2, PORT 9
224122 | 223 90824H | GLOBAL REPORT CC
224123 | 223 906615 | UNK, ‘LINE CURRENTLY DISABLED’
224125 | 223 90117R | C/C/M
224127 | 223 91016D | C.B. CBJ1
224128 | 223 90006G | UNK, LOGIN PLEASE
224129 | 223 90821 | CITI TREASURY PRODUCTS
224130 | 223 90828A | CITI TREASURY PRODUCTS
224131 | 223 90115F | C.B. NY NAIB ASTI
30120 | 301 20 | ELHILL MEDICAL LIBRARY
30124 | 301 24 | THE SOURCE
30126 | 301 26 | DNAMD1
30128 | 301 28 | THE SOURCE
30131 | 301 31 | PRIMENET NUSA
30133 | 301 33 | UNITED COMMUNICATION COMPUTER SERVICE
30135 | 301 35 | MORE / BSD 4.3
30138 | 301 38 | THE SOURCE
30145 | 301 45A | UNK ‘|’
30147 | 301 47 | THE SOURCE
30148 | 301 48 | THE SOURCE
30149 | 301 49 | THE SOURCE
30154 | 301 54 | TELENET
30157 | 301 57A | UNK
30158 | 301 58 | CDA ONLINE SERVICES
30174 | 301 74 | UNK
301100 | 301 100 | UNITED COMMUNICATIONS COMPUTER SERVICES
GROUP. SYSTEM/32, RLEASE 6.3
MODULE %ucg#ml
301140 | 301 140 | SCSTI, GUEST ACCOUNT : GUEST
301156 | 301 156 | THE SOURCE
301157 | 301 157 | THE SOURCE
301158 | 301 158 | THE SOURCE
301159 | 301 159 | THE SOURCE
301160 | 301 160 | NAVY ELECTRONIC MAIL SERVICES (NEMS)
ULTRIX – 32V1.1
USER SUPPORT -> 202-227-4030
301162 | 301 156 | THE SOURCE
301170 | 301 170 | SAME AS 301100
3037 | 303 7 | NCAR— US GOVERNMENT
MANY MAINFRAMES AVAILABLE!!!!
3038 | 303 8 | SAME AS ABOVE
3039A | 303 9A | NCAR
3039B | 303 9B | NCAR
3039C | 303 9C | NCAR
3039D | 303 9D | NCAR
3039E | 303 9E | NCAR
3039F | 303 9F | NCAR
3039G | 303 9G | NCAR
3039H | 303 9H | NCAR
3039I | 303 9I | NCAR
3039J | 303 9J | NCAR
3039K | 303 9K | NCAR
3039L | 303 9L | NCAR
3039M | 303 9M | NCAR
3039N | 303 9N | NCAR
3039O | 303 9O | NCAR
3039P | 303 9P | NCAR
3039Q | 303 9Q | NCAR
3039R | 303 9R | NCAR
30310 | 303 10 | SERVER FOR ABOVE???
30323 | 303 23 | UNK, (LOGO$CP) PROBABLY A PRIMENET
30338 | 303 38 | PRIMENET 20.2.1 SL
30358 | 303 58 | INTERACTIVE SYSTEMS PAD (V1.3),
ICO : LOGIN PORT 12
30365 | 303 65 | UNK, #NETWORK SESSION 2778
#B7900:400 CANDE 36.170 AT MARATHONB79;
YOU ARE NETCANDE00 (2A)
303100 | 303 100 | SWITCH CHAR ‘L’- LSTC2VM, LOGON VMTEST
PASS = LIGHTMAN
‘V’- CCSVM, LOGON OPERATOR
PASS = ???
303131 | 303 131 | PETROLEUM INFORMATION NETWORK
303134 | 303 134 | SOFTSEARCH NETWORK A
303140 | 303 140 | NETWORK, PASSWORD LOCKED
30504 | 305 4 | MARTIN MARIETTA SIM 3278 NETWORK
30520 | 305 20B | UNK, HELLO ACCOUNT XXXXXXXX.XXXXXXXX
30522 | 305 22 | DITTO
30534 | 305 34A | MARTIN MARIETTA
31230 | 312 30 | UNK, ‘ENTER SERVICE ID’
31234 | 312 34I | UNK, ‘ENTRY INCORRECT, TRY AGAIN’
31236 | 312 36 | U OF C COMPUTATION CENTER
GANDALF PARX 2000
31241 | 312 41A | UNK, SAME AS 31234
31242 | 312 42 | UNK, PROMPT ‘#’
31243 | 312 43 | UNK, PROMPT ‘#’
31246 | 312 46 | UNK, ‘CONNECTED’
31249 | 312 605A | AMERICAN HOSPITAL SUPPLY CORP. (ASAP)
HOTLINE –> 1-800-323-3830
31250 | 312 605A | AMERICAN HOSPITAL SUPPLY CORP. (ASAP)
HOTLINE –> 1-800-323-3830
31253 | 312 53 | UNK
31256 | 312 56 | CISCO DATABASE HARRIS-700
31259 | 312 59 | UNK
31263 | 312 63 | PEOPLE/LINK
31270 | 312 70 | PEOPLE/LINK
312120 | 312 120 | TIME INC., 1-312-329-6970
312121 | 312 121 | TIME INC., 1-312-329-6970
312131 | 312 131A | VM/370
312135 | 312 135 | PEOPLE LINK, 1-800-524-0100
SAMPLE ACCOUNT : OFS112
312142 | 312 142 | UNK
312159G | 312 159G | OFFICIAL AIRLINES GUIDE, ATT17526; NETSYS
312162 | 312 162 | UNK
312163 | 312 163 | UNK
312181 | 312 181 | UNK
312375 | 312 375 | MARKETING FACT BOOK
312570B | 312 570B | UNK
312570C | 312 570C | UNK
312571 | 312 571A | UNK, $$
312572A | 312 572A | UNK, SS
312233 | 312 233 | UNK, PASSWORD?,PORT =\HDQ.$X25K00.#VC04
312252A | 312 252A | BUSY
312252B | 312 252B | BUSY
312253 | 312 253 | UNK, CIERR
312256 | 612 442 | UNK
312259 | 312 259 | UNK, CIERR
312263 | 312 263 | REF
312269 | 312 269 | UNK, ID?, PASSWORD?
31520B | 315 20B | BRS, PASSWORD = 4PD607; SECURITY= AMC579
40255 | 402 55 | UTELL INTERNATIONAL HOTEL RESERVATION SYS
40219A | 402 19A | BUSY
40219B | 402 19B | BUSY
4045 | 404 5 | UNK
4047 | 404 7 | UNK
41530 | 415 27A | STANDFORD DATA CENTER SYSA FORSYTHE HALL
ACCOUNT IN FORM : AX.AXX
41537 | | CASTOR, ‘HELLO OPERATOR.SYS’
CALL KEITH TURNER FOR SECUIRTY 544-7608
41538 | | POLLUX, ‘HELLO OPERATOR.SYS’
CALL KEITH TURNER FOR SECUIRTY 544-7608
41548 | 415 48 | DIALOG
41549 | 415 49 | DITTO
41553 | 415 535B | UNK
41586D | 415 86D | BUSY
41590A | 415 90A | BUSY
41590B | 415 90B | BUSY
415260 | 415 260 | PRIMENET 20
415271 | 415 271A | UNK
415273 | 415 273 | PRIMNET 20.1.1A SUSHI
51312A | 513 12A | BUSY
51316A | 513 16A | BUSY
51330 | 513 30 | TELEMAIL?
51331 | 513 31 | MEADNET, SWITCH TO MANY COMPUTERS
6021 | 602 1 | USSWR1
61223 | 612 23 | WESTLAW
61234 | 612 34 | WESTLAW
61236 | 612 36 | UNK
61237 | 612 37 | WESTLAW
61240 | 612 40 | GANDALF PACX 200
61244 | 612 44 | REF
61246 | 612 46 | REF
61252 | 612 52 | REF
61253 | 612 53 | REF
61256 | 612 56 | WESTLAW
61257 | 612 57 | WESTLAW
61421 | 614 21 | STN INTERNATIONAL
61431 | 614 31 | STN INTERNATIONAL
61444 | 614 48 | UNK, ‘GOOD MORNING’
61445 | 614 48 | DITTO
61447 | 614 48 | DITTO
61448 | 614 48 | DITTO
61712A | 617 12A | BUSY, CHECK OUT NODES B-Z
61718A | 617 18A | BUSY, CHECK OUT NODES B-K
61720 | 617 20 | PRIMENET 20.2.3VR9.A PBN27
61722 | 617 22 | PRIMENET 20.2.3VR9.A BDSD
61727B | 617 27B | BUSY
61736 | 617 36 | ULTRIX PAD (V1.3.1.0) POR
HADDOCK.IMA.ISC.COM
61737 | 617 37 | PRIMENET 20.2.3VR9.A BDSH
80844 | 808 44 | UNK, ID:
80845 | 808 45 | REM PROC ERR 11 E2
80846 | 808 46 | UNK, ID:
80847 | 808 47 | UNK, ID:

THAT IS ALL I’VE HACKED OUT SO FAR. SEVERAL OF THE SYSTEMS HAVE VERY
SIMPLE ACCOUNTS OR DEMOS. TRY WHAT YOU CAN AND LEAVE ME A MESSAGE ON
ANY OF THESE BOARDS….

OBLIVION ————> (214)-221-4638
THE VEILED SOCIETY –> (214)-424-7234

ZORON

An Overview of Telenet by Man Max

Telenet

It seems that not many of you know that Telenet is connected to about 80
computer-networks in the world. No, I don’t mean 80 nodes, but 80 networks with
thousands of unprotected computers. When you call your local Telenet- gateway,
you can only call those computers which accept reverse-charging- calls.
If you want to call computers in foreign countries or computers in USA which
do not accept R-calls, you need a Telenet-ID. Did you ever notice that you can
type ID XXXX when being connected to Telenet? You are then asked for the
password. If you have such a NUI (Network-User-ID) you can call nearly every
host connected to any computer-network in the world. Here are some examples:

026245400090184 :Is a VAX in Germany (Username: DATEXP and leave mail for
CHRIS !!!)
0311050500061 :Is the Los Alamos Integrated computing network (One of the
hosts connected to it is the DNA (Defense Nuclear Agency)!!!)
0530197000016 :Is a BBS in New Zealand
024050256 :Is the S-E-Bank in Stockholm, Sweden (Login as GAMES !!!)
02284681140541 :CERN in Geneva in Switzerland (one of the biggest nuclear
research centers in the world) Login as GUEST
0234212301161 :A Videotex-standard system. Type OPTEL to get in and use the
ID 999_ with the password 9_
0242211000001 :University of Oslo in Norway (Type LOGIN 17,17 to play the
Multi-User-Dungeon !)
0425130000215 :Something like ITT Dialcom, but this one is in Israel ! ID
HELP with password HELP works fine with security level 3
0310600584401 :Is the Washington Post News Service via Tymnet (Yes, Tymnet is
connected to Telenet, too !) ID and Password is: PETER You can read the news
of the next day !

The prefixes are as follows:
02624 is Datex-P in Germany
02342 is PSS in England
03110 is Telenet in USA
03106 is Tymnet in USA
02405 is Telepak in Sweden
04251 is Isranet in Israel
02080 is Transpac in France
02284 is Telepac in Switzerland
02724 is Eirpac in Ireland
02704 is Luxpac in Luxembourg
05252 is Telepac in Singapore
04408 is Venus-P in Japan
…and so on… Some of the countries have more than one
packet-switching-network (USA has 11, Canada has 3, etc).

OK. That should be enough for the moment. As you see most of the passwords are
very simple. This is because they must not have any fear of hackers. Only a few
German hackers use these networks. Most of the computers are absolutely easy to
hack !!! So, try to find out some Telenet-ID’s and leave them here. If you need
more numbers, leave e-mail.
I’m calling from Germany via the German Datex-P network, which is similar to
Telenet. We have a lot of those NUI’s for the German network, but none for a
special Tymnet-outdial-computer in USA, which connects me to any phone #.

CUL8R, Mad Max

PS: Call 026245621040000 and type ID INF300 with password DATACOM to get more

Technical Hacking: Volume One by the Warelock

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^ ^^
^^ Technical Hacking: Volume One ^^
^^ ^^
^^ Written by:The Warelock ^^
^^ SABRE elite ^^
^^ and Lords of Darkness ^^
^^ presentation ^^
^^ ^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In technical hacking, I will mainly talk about the moret
technicly oriented methods of hacking, phreaking, and other fun stuff… In
this issue I plan to discuss the various protection devices ( filters,
encription devices, and call-back modems ) that large corporations and networks
use to ‘protect’ their computers, I will talk about and describe the various
types of computer (hardware) protection, the way they work, how to surcomvent
them, and other sources of information that may be available on the devices…
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Filters
———-
A filter, a box like contraption that hooks in between the computer and the
phone-line, is used, instead of a password program, toID each user and to
verify his password… Why the companies decided to make a hardware version of
a verification program, I don’t know. For no matter what kind of password
system you use, there are still Users with passwords that make it a pleasure to
hack (love, password, access, sex )…

Sircumventing a Filter: Filters are no harder to get around thatn a good,
secure password system… There are still several default passwords in most
( the usuall “demo” or “test” account) and usuall hacks ( the hack-hack, data
base hack, circumvent hack, call-back hack, etc. All to be discussed in further
volumes) also work… A filter device, though, posseses several interesting
features and failings.. First of all, each filter system is geared for a
sertain number of computers… Thus several computer networks using filters
arent completely protected by the sole device on which they place all their
trust in ‘ protecting ‘ them… For example, several computer networks use a
sertain filter geared toward 4 on-line computer systems, but unfortinately for
them, they needed a fifth on-line computer…oops, there goes the whole syste!
Although they thought that since only a library computer, which doesnt require
security, was on-line (giving out no secret information) it wouldnt compromise
the rest of the system…They were wrong! For from the library computer (which
is already in the operating system, bypassing the filter) one could force the
operating system for the entire mainframe to place you in any of the other
terminals!!!
Finaly, an interesting feature of a filter system: ALL THE PASSWORDS ARE
STORES INSIDE THE MEMORY OF THE FILTER UNIT… therefore, once you are inside
the data base, you could set up a worm program that would slowly but surely
read all of the systems passwords from the filter FROM THE INSIDE!!!

Notes (names of filters, further readings, Aknolodgements):

EnterCept (filter) : USES : a six character ID of any ASCII variables
ComputerSentry : USES : (this one’s a bitch… if you don’t need to get into
the system badly, forget it…) a voice synthesiser thats asks for a touch-tone
ID of a variable number of digits…
DataFlo : USES : a six character ID that both identifies and is used as a Pass
Bay MultiPlex : USES : either a four or six letter/number ID code standar (no
individual ID’s!!! It’s usually this default: 524E )
For further Reading: try Bill Landreths ‘Out of The Inner Circle’, Basic
Telephone Security by an Annonomous author, or you can order specs. and
manuals directly from the company…(see end of text for company names)
—————————————————————————-

Encription/Decryption Devices:
These are instaled directly inside terminals from which a system using this
type of device is called… These are mothers to hack, yet it is not impossible
many people say that once you see an encrypted carier, forget it… Not So!
A lot of times, an appearant encrypted carier is actually a standar modem
using a diffrent parity than your terminal… so fool around with that,
adjusting parity (and make sure you have a good connection, sometimes static
can cause some funny stuff to appear on the screen)and stop bits… besides
that, there’s very little you can do… although if you know the make of
encryption device that the system is using, you may be able to adjust your
term program to correctly modify each character recieved… (for example:
a while back, there was an encryption device that simply added two points to
the ASCII value of each character and then sent it as that character, the
decription device on the other end took each value and subtracted two points
and printed the character! That simple! All I had to do was change my AE
to evaluate each character, subtract the two points, and print the character…
It was incredibly slow, but it worked…)
Notes:
Sherlock Information Systems: USES : An AuthentiKey, it is usually a standard
based on the serial number of the unit… Unless you can find that, it’s a lost
cause…
Super Encryptor II: USES : nearly impossible, a key of about 40-50 characters..
almost impossible to break…
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Call Back Modems:
How these little beuties work is quite simple and was quite effective untill
a quite successfull method was descovered at breaking in… They work in
the following manner: A user calls a modem line, enters an account and ID, the
modem hangs up the line and then, using another line, calls back the authorised
number belonging to the code & ID in it’s memory…
Circumvention: Actually, when you think about it, it turns out quite simply…
The modem usesone line to recieve calls and another to send them out…
the number is usually 1 or digit above the suffix of the number…EX:
(xxx) xxx-0001 The Warelock<-\- X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X Another file downloaded from: NIRVANAnet(tm) & the Temple of the Screaming Electron Jeff Hunter 510-935-5845 Rat Head Ratsnatcher 510-524-3649 Burn This Flag Zardoz 408-363-9766 realitycheck Poindexter Fortran 415-567-7043 Lies Unlimited Mick Freen 415-583-4102 Specializing in conversations, obscure information, high explosives, arcane knowledge, political extremism, diversive sexuality, insane speculation, and wild rumours. ALL-TEXT BBS SYSTEMS. Full access for first-time callers. We don't want to know who you are, where you live, or what your phone number is. We are not Big Brother. "Raw Data for Raw Nerves" X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X

Hacking Techniques, by Logan-5 (Hacker Supreme)

****************************
*** HACKING TECHNIQUES ***
*** Typed By: LOGAN-5 ***
*** (Hacker Supreme) ***
*** From the ***
*** Inner Circle Book ***
****************************

1) CALLBACK UNITS:

Callback units are a good security device, But with most phone systems,
it is quite possible for the hacker to use the following steps to get
around a callback unit that uses the same phone line for both incomming
and out going calls:First, he calls he callback unit and enters any
authorized ID code (this is not hard to get,as you’ll see in a moment).
After he enters this ID, the hacker holds the phone line open – he does
not hang up. When the callback unit picks up the phone to call the user back,
the hacker is there, waiting to meet it.

The ID code as I said, is simple for a hacker to obtain, because these
codes are not meant to be security precautions.The callback unit itself
provides security by keeping incomming calls from reaching the computer.
The ID codes are no more private than most telephone numbers. Some callback
units refer to the codes as “location identification numbers,” and some
locations are used by several different people,so their IDs are fairly
well known.I’ve been told that, in some cases,callback ubits also have
certain simple codes that are always defined by default. Once the hacker
has entered an ID code and the callback unit has picked up the phone to
re-call him,the hacker may or may not decide to provide a dial tone to
allow the unit to “think” it is calling the correct number. In any event,
the hacker will then turn on his computer, connect with the system – and
away he goes.If the however, the hacker has trouble holding the line with
method,he has an option: the intercept.

The Intercept:
Holding the line will only work with callback units that use the same
phone lines to call in and to call out.Some callback units use different
incoming and outgoing lines, numbers 555-3820 through 555-3830 are dedicated
to users’ incoming calls, and lines 555-2020 through 555-2030 are dedicated
to the computers outgoing calls.The only thing a hacker needs in order to
get through to these systems is a computer and a little time – he doesn’t
even need an ID code. First,the hacker calls any one of the outgoing phone
lines, which, of course, will not answer.Sooner or later, though, while the
hacker has his computer waiting there, listening to the ring, an authorized
user will call one of the incomming lines and request to be called back.
It will usually be less than an hours wait, but the hacker’s computer
is perfectly capable of waiting for days, if need be.

The callback unit will take the code of the authorized user, hang up,
verify the code, and pick up the phone line to call back.If the unit
tries to call out on the line the hacker has dialed, the hacker has his
computer play a tone that sounds just like a dial tone.The computer will
then dial the number given that matches up with the user’s authorized ID.
After that,the hacker can just connect his computer as he would in any
other case.If he is really serious,he will even decode the touch tones
that the mainframe dialed,figure out the phone number of the user the
system was calling, call the person, and make a few strange noises that
sound as though the computer called back but didnt work for some reason.

2) TRAPDOORS AS A POSSIBLILITY

I haven’t heard of this happening, but i think it is possible that a
callback modem could have a trapdoor built into it.Callback modems are
run by software, which is written by programmers.An unscrupulous programmer
could find it very easy to slip in an unpublicized routine, such as,
“if code =*43*, then show all valid codes and phone numbers.” And such a
routine, of course, would leave security wide open to anyone who found the
trapdoor.The obvious protection here, assuming the situation ever arises,
is simply an ethical manufactorer that checks its software thoroughly before
releasing it.

A trapdoor is a set of special instructions embedded in the large
program that is the operating system of a computer.A permanent,
hopefully secret “doorway”, these special instructions enabe anyone who
knows about them to bypass normal security procedures and to gain access to
the computer’s files.Although they may sound sinister, trapdoors were not
invented by hackers, although existing ones are certainly used by hackers
who find out about them.

3) THE DECOY

One of the more sophisticated hacking tools is known as the decoy, and it
comes in three versions.The first version requires that the hacker have an
account on the system in question. As in my case,the hacker has a
low-security account,and he tries this method to get higher-security
account.He will first use his low-security account to write a program that
will emulate the log-on procedures of the systems in questions.
This program will do the following:

*- Clear the terminal screen and place text on it that makes everything
look as if the system is in charge.

*- Prompt for, and allow the user to enter, both an account name and a password.
*- Save that information in a place the hacker can access.

*- Tell the use the account/password entries are not acceptable.

*- turn control of the terminal back over to the system.

The user will now assume that the account name or password was mistyped
and will try again…this time (scince the real operating system is in
control) with more success.You can see a diagram of the way these steps are
accomplished

___________________
| Clear Terminal |
| screen |
|____________________|
||
_________||_________
| Print Compuserve |
| Computer |
|_____ Network ______|
||
_________||_________
| Print “ENTER |
| PASSWORD” |______
|____________________| |
|| |
_________||_________ |
| PASSWORD ENTERED? |__NO__|
|____________________|
||_YES
_________||_________
| SAVE PASSWORD |
| INFORMATION |
|____________________|
||
_________||_________
| PRINT “LOGIN |
| INCORRECT |
|____________________|
||
_________||_________
| LOG OFF/RETURN |
| CONTROL TO |
| OPERATING SYSTEM |
|____________________|

4) CALL FORWARDING

Many people use call forwarding by special arrangement with the phone
company.When a customer requests call forwarding, the phone company uses
its computer to forward all the customers incomeing calls to another
number. Lets say, for example, that you want calls that come to your office
phone to be forwarded to your home phone: A call from you to the phone
company,some special settings in the phone companys computer, and all
calls to your office will ring at your home instead.This little bit of help
from the phone company is another tool used by hackers. Lets say you thought
that the computer you were hacking into was being watched-because the
sysop might have seen you and called the fed’s and your sort of bugged by
this nagging feeling that they will trace the next hacker that calls,
just call the phone company and ask for call forwarding, pick a number,
(ANY NUMBER) out of the phone book and have your calls forwarded to that
number,Hea,Hea, the number you picked is the one that will be traced to,
not yours, so you could be hacking away,they think that they have traced you,
but actually the number you had your calls forwarded too. they enter chat mode
and say (YOUR BUSTED!!!!, WE’VE TRACED YOUR PHONE NUMER THE FEDS ARE ON THE
WAY!!), You could reply (Hea, SURE YA DID! I’D LIKE TO SEE YA TRY AND GET ME!
GO AHEAD!) ,that wont seem very important to them at the time, but it will
sure piss them off when they bust the wrong guy!

5) RAPID FIRE

Memory-location manipulation can be helpful, but there is another, more
powerful,possibility, in some cases: the Rapid-fire method.To understand how
this methos works, you have to know something about the way operationg
systems work.When a user enters a command, the operating system first places
the command in a holding area, a buffer, where it will sit for a few
millionths of a second.The system looks at the command and say’s “Does this
person really have authorization to do this, or not?” Then, the command
sits there a few thousandths of a second while the system runs off to
check the user’s authorization.When the system comes back to the command,
it will have one of two possible answers: “OK, GO AHEAD,” or “SORRY,
GET PERMISSION FIRST.”

Once you are on a system that handles things this way, you can use the
rapid-fire method to change the command while its sitting in the buffer,
waiting to be executed. If you can do this,you can do anything.You can enter
a command that you know will be approved, such as “tell me the time.” As soon
as the system runs off to verify your right to know the time,you change
the command in the buffer to something you know would not be approved-perhaps
“give me a list of all the passwords.” When the system comes back with an
“OK, go ahead,” it responds to your second command, not the first. Of course,
this exchange has to be done very rapidly,but most systems existing today
can be fooled by this trick. The question is,how easy is it to do, and how
much authority do you need? I know of one system that let this one slip.

These are certainly not all the hacker’s little secret tricks and tool’s,
You will probably figure out some better, more efficiant,hacking techniques.

GOOD LUCK!!!!!!
L O G A N – 5
<------------------------------------------------>

ÿ

Captures of Information on TACACS by The Argonaut

Unauthorised Access UK 0636-708063 10pm-7am 12oo/24oo

Greetings fellow CyberNauts:

This gem was downloaded from the DDN on the InterNet. It is a good
guide for learning to hack the Net. If you like what you see leave
note for Argonaut at Rivendell BBS (816) 563-4845. This is my Home
of Port and a small but growing hack/phreak node.

The Argonaut

===========================================================================

FEATURES OF THE TAC ACCESS CONTROL SYSTEM (TACACS)

To log in to the network via a MILNET TAC, you MUST have a unique ID
and Access Code (TAC Access Card). These cards are issued by the DDN
Network Information Center (NIC) only after a user has been authorized
by the Host Administrator of the host on which the user has his
primary mailbox or account.

IF YOU HAVE NOT RECEIVED YOUR TAC ACCESS CARD, AND HAVE A LEGITIMATE
REQUIREMENT TO ACCESS THE NETWORK VIA A MILNET TAC, CONTACT YOUR HOST
ADMINISTRATOR! (DO NOT CONTACT THE NIC FOR AUTHORIZATION).

If you do not know who your Host Administrator is, you may find out by
using the “WHOIS” command on the NIC.DDN.MIL host. Instructions on
using “WHOIS” are as follows: When you finish reading this message,
type “quit” as instructed. After the connection to NIC.DDN.MIL is closed,
type “@n” again. You will be told how to find your Host Administrator.
When finished, type “logout” at the prompt and you will be
returned to the TAC.

———————————————————————-

TACACS, the access control system for MILNET TACs, requires you to log
in before a connection to a host may be completed. The login process
is automatically started with the first @open (@o) command you issue.
There is a @close (@c) command to close the TAC connection and also a
@logout (@l) command to logout. Otherwise, the functioning of the TAC
is essentially unaffected by the access control system.

Here is a sample of the login dialogue:

First, the command to get the TAC’s attention is Control-Q.

(a) PVC-TAC 111 #: 01 This is the last line of the TAC
herald, which the TAC uses to
identify itself. When you see the
herald, the TAC is ready for your
command.

(b) @o 26.2.0.8 The user inputs the command to
——————- open a connection plus the
internet address of the host to
which he wishes to connect,
followed by a Carriage Return.

(c) TAC Userid: SAMPLE.LOGIN Here the TAC prompts the user for
——————– his Userid. The user enters his
ID exactly as shown as shown on
his TAC Access Card, followed by
a Carriage Return.

(d) Access Code: 22bgx4467 Again the TAC prompts the user,
—————– who responds by entering his
Access Code as shown on his TAC
Access Card, followed by a
Carriage Return.

(e) Login OK The TAC validates the ID/Access
TCP trying…Open code and proceeds to open the
requested connection.

HELPFUL INFORMATION:

When entering your TAC Userid and Access Code:

– A carriage return terminates each input line and causes the next
prompt to appear.

– As you type in your TAC Userid and Access Code, it does not matter
whether you enter an alphabetic character in upper or lower case.
All lower case alphabetic characters echo as upper case for the
Userid.

– The Access Code is not echoed in full-duplex mode. An effort is
made to obscure the Access Code printed on hardcopy terminals in
half-duplex mode.

– You may edit what you type in by using the backspace (Control-H)
key to delete a single character.

– You may delete the entire line and restart by typing Control-U.
A new prompt will appear.

– While entering either the TAC Userid or Access Code, you may type
Control-C to abort the login process and return to the TAC command
mode. You must interrupt or complete the login process in order to
issue any TAC command.

– The @reset (@r) command resets the TAC and returns you to the TAC
welcome banner.

IF YOU HAVE A PROBLEM WITH TAC LOGIN:

Should the login sequence fail (as indicated by the response “Bad
login”), examine your Access Card carefully to ensure that you are
entering the ID and Access Code correctly. Note that Access Codes
never contain a zero, a one, a “Q” or a “Z”, as each of these
characters may be mistaken for another character. If you see what
appears to be one of these characters in your access code, it is
really the letter “O” (oh), or “G” (gee), the letter “L” (el), or the
number “2” (two).

If you have followed all of the above steps as indicated, and if you
are sure you are entering your ID and Access Code correctly, and you
still cannot log in, call the Network Information Center at (415)
859-3695 or (800) 235-3155 for help.

AFTER LOGGING IN:

Your TAC port will remain logged in as long as you have an open
connection. If you close the connection, you will have ten minutes in
which to reopen a connection without having to log in again. If you do
not reopen a connection within ten minutes, the TAC will attempt to
hang up your port, and will automatically log you out.

WHEN YOU ARE FINISHED:

Always close the connection using “@c” then log out using the “@l” command.
Typing “@r” (reset) has no effect on your logged-in status.

If you now wish to log in to the TAC, leave the TACNEWS program by
typing “quit” at the next prompt. This will return you to the TAC,
and you may then begin the login sequence with the @o command to the
TAC.

Downloaded From P-80 Systems 304-744-2253