F O R C E F I L E S Volume #4
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From The Depths Of - THE REALM -, By: ----====} THE FORCE {====---- 08/0/87
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
N U A L I S T I N G S C O N T
I T T / U D T S 310330100xxx Sprint, By: ---===} THE FORCE {===---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the depths of - THE REALM - 02/09/1986
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
31033010000532 PRIMECON NETWORK System 32
31033010000533 PRIMECON NETWORK System 33
31033010000534 PRIMECON NETWORK System 34
31033010000537 PRIMECON NETWORK System 37
31033010000538 PRIMECON NETWORK System 38
31033010000541 PRIMECON NETWORK System 41
31033010000542 PRIMECON NETWORK System 42
31033010000543 PRIMECON NETWORK System 43
31033010000544 PRIMECON NETWORK System 44
31033010000545 PRIMECON NETWORK System 45
31033010000546 PRIMECON NETWORK System 46
31033010000547 PRIMECON NETWORK System 47
31033010000548 PRIMECON NETWORK System 48
31033010000549 PRIMECON NETWORK System 49
31033010000550 PRIMECON NETWORK System 50
31033010000551 PRIMECON NETWORK System 51
31033010000552 PRIMECON NETWORK System 52
31033010000557 PRIMECON NETWORK System 57
31033010000561 PRIMECON NETWORK System 61
31033010000563 PRIMECON NETOWRK System 63
31033010000564 PRIMECON NETOWRK System 64
31033010000590 PRIMECON NETWORK System 90
31033010000591 PRIMECON NETWORK System 91
31033010000592 PRIMECON NETOWRK System 92
31033010000593 PRIMECON NETWORK System 93
31033010000594 PRIMECON NETWORK System 94
31033010000595 PRIMECON NETWORK System 95
31033010000596 PRIMECON NETWORK System 96
31033010000597 PRIMECON NETWORK System 97
31033010000598 PRIMECON NETWORK System 98
31033010000599 PRIMECON NETWORK System 99
31033010000663 PRIMECON NETWORK System 63
31033010000664 PRIMECON NETWORK System 64
31033010000693 PRIMECON NETWORK System 93
31033010000694 PRIMECON NETWORK System 94
31033010000695 PRIMECON NETWORK System 95
31033010000696 PRIMECON NETWORK System 96
31033010000699 PRIMECON NETWORK System 99
D I A L N E T 9000xx Sprint, By: ---===} THE FORCE {===---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the depths of - THE REALM - 29/01/1987
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Plese note that DIALNET NUA's are not accessible via through all pads.
These NUA's were sprinted from PRIMECON SYSTEM 41.
900025 WORLDCOM COMPUTER NETWORK System 25
900032 PRIMECON NETWORK System 32
900033 PRIMECON NETWORK System 33
900034 PRIMECON NETWORK System 34
900037 PRIMECON NETWORK System 37
900038 PRIMECON NETWORK System 38
900039 PRIMECON NETWORK System 39
900040 PRIMECON NETWORK System 40
900041 PRIMECON NETWORK System 41
900042 PRIMECON NETWORK System 42
900044 PRIMECON NETWORK System 44
900045 PRIMECON NETWORK System 45
900046 PRIMECON NETWORK System 46
900047 PRIMECON NETWORK System 47
900048 PRIMECON NETWORK System 48
900049 PRIMECON NETWORK System 49
900050 PRIMECON NETWORK System 50
900051 PRIMECON NETWORK System 51
900052 PRIMECON NETWORK System 52
900053 PRIMECON NETWORK System 53
900054 PRIMECON NETWORK System 54
900055 PRIMECON NETWORK System 55
900056 PRIMECON NETWORK System 56
900057 PRIMECON NETWORK System 57
900058 PRIMECON NETWORK System 58
900059 PRIMECON NETWORK System 59
900061 PRIMECON NETWORK System 61
900063 PRIMECON NETWORK System 63
900064 PRIMECON NETWORK System 64
900090 PRIMECON NETWORK System 90
900091 PRIMECON NETWORK System 91
900092 PRIMECON NETWORK System 92
900093 PRIMECON NETWORK System 93
900094 PRIMECON NETWORK System 94
900095 PRIMECON NETWORK System 95
900096 PRIMECON NETWORK System 96
900097 PRIMECON NETWORK System 97
900098 PRIMECON NETWORK System 98
900099 PRIMECON NETWORK System 99
P S S 234219200xxx Sprint, By: ---===} THE FORCE {===---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the depths of - THE REALM - 19/01/1987 Updated: 29/02/87
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
234219200001 PRIMENET 18.3-EOIN2 TPSYS B-MCH
234219200100 OS4000+RLIX PSS GATEWAY
234219200101
234219200102 host
234219200112 0,994#B APS
234219200118 AUTONET
234219200133 QUANTIME PSS GATEWAY
234219200146
234219200148 OS4000+RLIX PSS GATEWAY
234219200149 UNIVERSITY COLLEGE LONDON TERMINAL GATEWAY
234219200152 CCI QUICKMAIL
234219200169 LONDON
234219200171
234219200183 JAMES CAPEL'S TECHNICAL SERVICES DEPARTMENT
234219200190 PERGAMON INFOLINE
234219200193 BUPA
234219200197 0,99#B APS
234219200203
234219200206 host
234219200220
234219200233
234219200237
234219200238
234219200256 JBPLC
234219200260 SWIFT LONDON COMMUNICATIONS
234219200270 HP-3000
234219200275 HP-3000
234219200300 UNIVERSITY COLLEGE LONDON
234219200304
234219200390 SNA/SDLC DYNAMIC
234219200394 SIANET
234219201002
234219201004 BT-GOLD System 81
234219201025 PRESTEL
234219201184 CHASE
234219201197 PRIMENET 19.4.10q HQZ
234219201271 PRIMENET 19.4.10q HQX
234219201281 PERGAMON INFOLINE
234219201311
P S S 23421920100xxx Sprint, By: ---===} THE FORCE {===---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the depths of - THE REALM - 04/01/1987 Last Updated: 29/02/87
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
23421920100001 PRESTEL
23421920100002 PRESTEL
23421920100003 PRESTEL
23421920100004 PRESTEL
23421920100005 PRESTEL
23421920100006 PRESTEL
23421920100007 PRESTEL
23421920100008 PRESTEL
23421920100200
23421920100230
23421920100243
23421920100251
23421920100356
23421920100403 BRITISH TELECOM DEVELOPMENT AND BACKUP System 03
23421920100404 BRITISH TELECOM MESSAGE HANDLING System
23421920100417 REV.19 System 17
23421920100418 BT-GOLD System 18
23421920100419 BT-GOLD System 81
23421920100420 BT-GOLD System 81
23421920100421 BT-GOLD System 81
23421920100422 BT-GOLD System 81
23421920100423 BT-GOLD System 81
23421920100424 BT-GOLD System 81
23421920100425 BT-GOLD System 81
23421920100426 BT-GOLD System 81
23421920100427 BT-GOLD System 81
23421920100428 BT-GOLD System 81
23421920100429 BT-GOLD System 81
23421920100430 REV.19 System 04
23421920100431 REV.19 System 04
23421920100432 REV.19 System 04
23421920100433 REV.19 System 04
23421920100434 REV.19 System 04
23421920100435 REV.19 System 04
23421920100436 REV.19 System 04
23421920100437 REV.19 System 04
23421920100438 REV.19 System 04
23421920100439 REV.19 System 04
23421920100440 BT-GOLD System 81
23421920100441 BT-GOLD system 81
23421920100442 BT-GOLD system 81
23421920100443 BT-GOLD System 81
23421920100444 BT-GOLD System 81
23421920100445 BT-GOLD System 81
23421920100446 BT-GOLD System 81
23421920100447 BT-GOLD System 81
23421920100448 BT-GOLD System 81
23421920100449 BT-GOLD System 81
23421920100450 BT-GOLD System 81
23421920100452 BT-GOLD System 81
23421920100453 BT-GOLD System 81
23421920100454 BT-GOLD System 81
23421920100455 BT-GOLD System 81
23421920100456 BT-GOLD System 81
23421920100457 BT-GOLD System 81
23421920100458 BT-GOLD System 81
23421920100459 BT-GOLD System 81
23421920100460 BT-GOLD System 81
23421920100461 BT-GOLD System 81
23421920100462 BT-GOLD System 81
23421920100463 BT-GOLD System 81
23421920100464 BT-GOLD System 81
23421920100465 BT-GOLD System 81
23421920100466 BT-GOLD System 81
23421920100467 BT-GOLD System 81
23421920100468 BT-GOLD System 81
23421920100469 BT-GOLD System 81
23421920100472 BT-GOLD System 72
23421920100473 BT GOLD System 73
23421920100474 BT-GOLD System 74
23421920100475 BT-GOLD System 75
23421920100476 BT-GOLD System 76
23421920100477 BT-GOLD System 77
23421920100478 BT-GOLD System 78
23421920100479 BT-GOLD System 79
23421920100480 BT-GOLD System 80
23421920100481 BT-GOLD System 81
23421920100482 BT-GOLD System 82
23421920100483 BT-GOLD System 83
23421920100484 BT-GOLD System 84
23421920100485 BT-GOLD System 85
23421920100486 BT-GOLD System 86
23421920100487 BT-GOLD System 87
23421920100490 BT-GOLD System 81
23421920100491 BT-GOLD System 81
23421920100492 BT-GOLG System 81
23421920100493 BT-GOLD System 81
23421920100494 BT-GOLD System 81
23421920100495 BT-GOLD System 81
23421920100496 BT-GOLD System 81
23421920100497 BT-GOLD System 81
23421920100498 BT-GOLD System 81
23421920100499 BT-GOLD System 81
23421920100513 ENQUIRY SERVICE
23421920100515 HOSTESS public Info Base
23421920100530 HOSTESS closed access
23421920100555 FTP
23421920100600 MULTISTREAM INFORMATION REPORT
23421920100605 ATOMIC CLOCK
23421920100606 ATOMIC CLOCK
23421920100620 PSS ONLINE BILLING INFORMATION SERVICE
23421920100630
23421920100632 TACL
23421920100634 TACL
23421920100655 FTP
23421920100657 FTP
23421920100659 FTP
23421920100660
23421920100662
23421920100690 fax
23421920100691 fax
23421920100692 fax
23421920100694 fax
23421920100700 fax
23421920100701 fax
23421920100709 fax
23421920100710 fax
23421920100711 fax
23421920100720 fax
23421920100721 fax
23421920100730 fax
23421920100731 fax
23421920100740 fax
23421920100741 fax
23421920100750 fax
23421920100751 fax
23421920100761 fax
23421920100770 fax
23421920100771 fax
23421920100790 fax
23421920101699 fax
23421920115600 EUROPEAN SPACE AGENCY 'ESA'
D A T E X - P 26245400030xxx Sprint, By: ---===} THE FORCE {===---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the depths of - THE REALM - 01/02/1987
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
26245400030029
26245400030035 fax
26245400030041
26245400030046
26245400030071
26245400030090 HP-3000
26245400030104
26245400030105
26245400030110 host
26245400030113 HP-3000
26245400030138
26245400030150
26245400030158
26245400030175
26245400030187 WILLKOMMEN BEI E2000 HAMBURG VAX
26245400030201 HASYLAB-VAX 11/750 VAX/VMS 4.2
26245400030202 HERA MAGNET MEASUREMENT VAX 750
26245400030215
26245400030259
26245400030261
26245400030296 DFH2001I
26245400030502
26245400030519 fax
26245400030566 DFH2001I
26245400030578 PRIMENET 20.0.4 DREHH
D A T E X - P 26245621040xxx Sprint, By: ---===} THE FORCE {===---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the depths of - THE REALM - 09/01/1987
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
26245621040000 TELEBOX
26245621040014 ACF/VTAM
26245621040025 OEVA COMPUTER BEREIT
26245621040026 host
26245621040027 BASF/FER VAX 8600
26245621040508 VCON0 BASF A6
26245621040516 CN01
26245621040532
26245621040580 DYNAPAC MULTI-PAD.25
26245621040581 DYNAPAC MULTI-PAD.25
26245621040582
D A T E X - P 26245890040xxx Sprint, By: ---===} THE FORCE {===---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the depths of - THE REALM - 09/01/1987 Last Update: 29/02/87
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
26245890040004 ALTOS UNIX V (Chat system)
26245890040006 M&T
26245890040081 NOS SOFTWARE SYSTEM MUERCHENER RECHENZENTRUM
26245890040185 fax
26245890040207 IABG DETEZENTRUM OHOBRUNN
26245890040220 host
26245890040221 host
26245890040225 QNTEC MUNICH UNIX 4.2
26245890040262 BDS UNIX
26245890040266 fax
26245890040281 DATUS PAD
26245890040510
26245890040522 PLESSEY SEMICONDUCTORS VAX
26245890040542
D D X - P 44013612xxx Sprint, By: ---===} THE FORCE {===---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From The depths of - THE REALM - 01/04/1987
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
44013612065 TWICS BEELINE VAX
44013612225 UNIX
44013612272
44013612277 ULTRIX
44013612599
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
T E L E P A K 2405000xxx Sprint by an unknown hacker
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
2405000004 RAM
2405000005 RAM
2405000007 NETVAL - Version 2.02
2405000010
2405000012
2405000013 BAD XRAY
2405000014 BAD XRAY
2405000015
2405000016 ELF VERSION 4.0
Valid commands are:
COPy
CReate Node
CReate Slot
CReate Partial
DEVice
DIrectory
DUmp Node
DUmp Slot
DUmp Partial
Gateway
Help
LOAd Node
LOAd Slot
LOAd Partial
LOCate
MESsage
Quit
REStart
The following commands apply to DISK only:
CONdense
DELete
Format
REName
The following commands apply to TAPE only:
SKip
REWind
2405000018
2405000020
2405000021
2405000025
2405000030
2405000031
2405000032
2405000033
2405000034
2405000035
2405000042
2405000044
2405000046
2405000050
2405000051
2405000053
2405000055
2405000057 inter-link established from DATAPAK to TYMNET
2405000087 >>> DATAPAK <<<
2405000089
2405000091
2405000099
2405000101
2405000103
2405000105
2405000107
2405000111
2405000113
2405000114
2405000116
2405000119
2405000121
2405000122
2405000123
2405000124
2405000131
2405000133
2405000135
2405000137
2405000162
2405000165
2405000169 Computer Resource Services AB
2405000171 TSL Data AB, DECSYSTEM 2020 #1
2405000173
2405000202 (: PROMPT)
2405000236 not a valid user on this system
2405000237 not a valid user on this system
2405000239 not a valid user on this system
2405000243 host
2405000254
2405000258 SKF GROUP TELENEt
2405000260 ANGE L\SEN
2405000264
2405000267
2405000269
2405000278
2405000279 not a valid user on this system
2405000280 not a valid user on this system
2405000281 not a valid user on this system
2405000282 not a valid user on this system
2405000288 not a valid user on this system
2405000289 not a valid user on this system
2405000290 not a valid user on this system
2405000291 not a valid user on this system
2405000292 not a valid user on this system
2405000293 not a valid user on this system
2405000294 not a valid user on this system
2405000411
T R A N S P A C 208075000xxx Sprint, By: ---===} THE FORCE {===---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the depths of - THE REALM - 05/04/1987
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
208075000039 host
208075000059 CICS
208075000062 VOTRE DEMANDE
208075000120
A U S T P A C N U A S. 18/04/1987
------------------------
The following is a listing of NUA's I came across just recently on Austpac and
most of them do not appear on any other listings. At the time I didn't have a
NUI, so a lot of them are not identified.
222135000
222135001
222330000
222330002
222330003
222330010
222330014
222334000
222334002
222334003
222334004
222334005
222334006
222334007
222335000
222335005
222335006
222335007
222430000 PRIMENET 19.4_8B SYDN51
222430001 VAX
222430003 X.29 HOST GATEWAY
222430004 "austpac drops the line????"
222430006
222430008
222430009 CAPITAL MARKETS VCON4 MV/10000
222430010 EQUITY'S MV/10000 VCON2
222430011
222430012
222430013
222434002 C&C/EPL VAX CLUSTER
222434005
222434006
222434007
222435000
222630000
222630002
222630005
222630006
222630009
222630010
222634000
222634003
222634010
222634011
222634012
222634014 X.29 GATEWAY SECURITY CHECK
222634015
222930000
222930001
222930002 X.29 HOST GATEWAY
222930004
222930005
222930006
222930011
222930012 PRIMENET 19.4.10q SYD
222930014
222930015
222935000
224121006
224223000
224223002
224323000
224422000
224422006
224423000
224822000
224922000
224922004
226022001
226035000
226334002
226334003
226335000 API VIDEOTEXT
226335003
226335004
226335005
226335007
226335009
226435000
226435002
226435003
226935000 MAYNET
226935004
227334000
227335000
227434000
227934000
227934001
227934002
228022000
228121000
228121002
228123000
228621000
228621001 VAX PING EPPTSA
When you get a RNA error, it means you need a NUI to access the system.
If accessing via another PAD just use the proper format as explained earlier.
I'm working on a complete list of a Austpac NUA's along with MIDAS ones, but
that will take some time.
Catch Ya Later
----====} THE FORCE {====----
L O C A T I N G P T S N N U M B E R S
-------------------------------------------
If you ever have a need to locate an online system belonging to a particular
company, it can be a very tall order to fill. However there are few things you
can do which will help, although success is not guaranteed.
1> When a Company sets up a data line, It must be registered by telecom to
be legal. (Isn't it great to have a friends working there ey?) All data
lines are classed a FAX lines, and unless telecom has been specifically
instructed not to list the number in any public listing, you will most
probably find it listed in the FAX DIRECTORY, which is available from
Telecom. It's an equivalent of a phone book with only data lines listed.
So, just grab a copy of the directory and look up the company. Chances
are that it might be there. One can even find BBS systems in there if
they have been registered by the Sysop.
2> When a company sets up their phone network, they usually plan ahead and
a lot of times when they get voice and data lines assigned, they will
be very close together in value. So, simply look up the victims voice
line and try a few numbers lower and higher than the voice number.
Again there is a chance of comming up with something.
3> The last resort, is scanning phone numbers in series for a carrier tone.
It can take a lot of time, and be very expensive, since we just can't
use the same hardware to make toll free calls like they do in the USA.
There is a feasable way of doing though. A lot of systems will answer
after the first few dial tones, so set your demon dialer program to
dial a number, sit there for only a few ring tones and hang up. The
longer you let it ring, the more accurate it will be, but more costly,
if people have enough time to pick up the phone. If you let it ring
about 3-4 times and you have your scanner going at 4am, you should have
very few problems, either with accuracy and finance. There are some
fancy alternatives like tapping another line, using a phone box etc,
but they are too messy.
OBTAINING PASSWORDS, INFOLTRATING SYSTEMS
------------------------------------------
There are a few methods available which you can use to get into systems.
1> The most common and by far the least successful in regards to the
amount of time waisted is the ole front line security warfare.
It basicaly means physically trying to guess a username/password
pair for the system trying random, but logical combinations, or using
prior knowledge of the system, ie DEFAULT ACCOUNTS, USERNAME STRUCTURES
etc. A Sophisticated Sprinter can be a great aid, but it's a good idea
to have some prior knowldge of username formats. A system that will
actually tell you that a username is invalid, before you enter a password,
is as good as hacked. Some PRIMENETS, VM/370's and TOPS-20 systems are
about the best examples.
2> Many systems, particularly new ones, tend to have weak points in their
front line security which you can use to gain access..
Here is a small list which I have found, but there are many more.
- TOPS-20 Systems have a FINGER command before login, which can be
used to examine files, mail etc, without the knowldege of a
Password. They also have a SYSTAT command which lists the online
users which can be used before you login. A lot of them have now
been changed and the FINGER command removed, but still there are
a few out there.
- PRIMENETS, These had a few weak points in the early versions, but
a lot of them are now non-existent, if they are running later
versions of PRIMOS. It's still a good idea to know about them,
because I have found few systems which have not been updated.
Ok, when you are prompted for a password on the old primos, and you
have a legitimate username, typing CTRL-C for password, can give you
access. Another weak point of most Primenets, are the Default
accounts, mainly TEST, which often have no need for
a password. To crash the system from captive mode into primos,
CTRL-P pressed several times will often do the job. CTRL-P when
pressed in the right spot will crash into Primos. You will have to
spend a lot of time finding the right spot, but every primenet I
came across was crashable. I don't usually give this out, but
concentrate on the captive communication module.
- UNIX's have got so many holes in them that it's really not funny,
but to make use of them, one needs to get inside first and there
are dozens of defaults to choose from. More about that later.
3> SOCIAL ENGINEERING. Yes, my favourite one. The term has originated
in the USA and means BULLSHITING PEOPLE to get them to hand over their
passwords quite willingly. If one is to attempt this art, one needs the
tools. These are mainly an ADULT voice, since a teenager will get
nowhere, and the ability to plan out the conversation and anticipate
every responce. Let me give you a few examples:
You all know that AUSTPAC NUI's a hard to get, so why not have some dumb
secretary give one to you. Firs of all find a victim. The Melbourne
University Library is a good one. Next get a few facts together. Ask
yourself a few questions. Who am I? 'An Assistant Austpac Operator' Pick
a real name from the phone book, jot down the number, address and
have it ready if needed. Why Should the Victim give you his Accounts?
'Basically, because there has been a stuff up with Austpac and the last
six digits have been lost and you need them to identify the user' just
talk about some technical bullshit about the structure of NUI's, how the
billing computer stuffed up and how your arse is going to get kicked.
Its a good idea to ask the person to come down to the main office.
(you know all the details, and so you must). Then suggest the
possibility of fixing it all up over the phone. If it's a jerk, you'll
get it on the spot, if not, give him a number to call back. Ie a PHONE
BOX around the corner. And that's all there is to it. You will be
surprised how co-operative people are.
The same principal can also be used in few other situations. There is no
reason why a system operator can't change the password of another
user for you. This was basically my introduction to the art of SOCIAL
ENGINEERING and this is what took place:
I hacked a Dialcom System 41, which me and a lot of YANKS were using to
call ALTOS and other systems. Unfortunatelly, it died for reasons I am
still emebarrased about. This is what we did.
I knew that the real user wasn't on the account all that often, so she
would have not yet known about the death of her account. Fortunatelly,
we had a hard copy of the user list in her UFD series and of her mail.
(I THINK THIS IS A GOOD TIME TO STRESS THE IMPORTANCE OF RECORDING EVERY
BIT OF DATA YOU GET FROM A SYSTEM. IT'S ALWAYS USEFULL AT SOME STAGE IN
THE FUTURE. IF ONE IS FORTUNATE TO HAVE A HARD DISK, SIMPLY SAVE
ABSOLUTELLY EVERYTHING YOU DO ONLINE, BUT TAKE SOME PRECAUTIONS FOR
OBVIOUS REASONS)
The first step was to find her details. Ie Address, Phone number, and
Christian NAME. We rang up the operator to give us a listing of all
AUGUSTINES in the aproximate area as deduced from the mail. There were
only a few so we went through them. No luck, she had an unlisted number.
Ok, so we called a CNA (CNA is like a information directory, but used by
the phone companies emploees only. CNA = Customer Number/Address I think.
Unfortunatelly I never came across an Australian CNA, but you can bet
they're out there), but the number had been changed, so we rang up a
friend who was mentioned in the mail. MRS M.AUGUSTINE worked for NASA
so TRADER introduced himself as some important figure in the NASA
organization and we got all the details we wanted. All we had to do then
is ring up DIALCOM and get them to change the password. We said that
the wife was in GERMANY using DATEX-P and that she can't get onto
her account, where some important mail was waiting for her. Naturally
the password was changed on the spot and no information of any sort
was requested.
4> Trojan Horses are another way of getting passwords. It basically
involves the simulation of another system login and setting up a few users
to take the bait. Ie, Stick your computer onto a phone box at a time a
person is likely to call, give that person the number. Ie it has been
changed or it's a different system with faster responces thus saving
online time etc. Then have your computer to simulate the real login and
that's all there is to it. This is a very primitive trojan and I will talk
more about them later on and tell you how to set up a few of them on
DIALCOM systems.
A Most Important thing is to make sure that once you get into a system, you
are there to stay, or the effort would have been more or less waisted. Always
get all the information you can. Mail, Usernames and any information on the
other users. Basically anything the system has to offer, no matter how
insignificant it may Seem at the time.
DEFFAUL PASSWORDS, VAX, UNIX, PRIMENET, DIALCOM
------------------------------------------------
There is a large variety of systems, but a lot of them have got common
accounts. It is always a good idea to try hacking usernames such as
TEST, DEMO, GUEST, VISITOR etc, using the most basic and easilly remembered
passwords you can think off. Deffault accounts are very usefull indeed
and here is a basic rundown of a few major systems:
VAX
----
When you encounter a VAX, trying the following may prove quite successfull.
USER/USER, GUEST/GUEST, GAST/GAST (if in europe), FIELD/SERVICE, FIELD/TEST,
SYSTEM/MANAGER, SYSTEM/OPERATOR, SYSTEM/SYSTEM, SYSTEST/TEST, SYSTEST/SYSTEST
SYSTEST/UETP.
Also try them in lower as well as upper case, if the system does not
translate lower to upper case. If you are lucky enough to get an account
with full privs, namelly SYSTEM/MANAGER, or FIELD/SERVICE, look at some of
the user names, ie SHOW USERS command, and create your own username of a
simmilar format so that it blends in with the backround. To do that, run the
ADDUSER or AUTHORISE program in the SYS$SYSTEM directory, I don't think I
need to go into any more detail since there are literally hundereds of good
files on VAX systems.
If you come accross a captive account, ie you are not allowed direct access
into DCL (Digital Command Language), typing /NOCOMM can prevent the execution
of certain login files which may prevent you from accessing DCL or lower your
access level. Example Login:
Username: USER/NOCOMM
Password: USER
$
There is one other important thing about VAX's that is not mentioned in any
VAX tutorials I have seen. Some systems are equiped with a X29 gateway or
PSIPAD as they refer to it. It's basically what the name suggest, a gateway
to PACKET SWITCHED NETWORKS.
To activate it, type:
$ SET HOST/X29
And the system should respond with 'Node:' You will then find out if the
PSIPAD is installed and whether you have the privs to make use of it.
END
END
