-(Exploring the further regions of experience...)- ################################################################### ## _____________ __________ __________ ## ## /____ ____/\ / ______/\ / ______/\ ## ## \__ / /\___\/ / /\_____\/ / /\_____\/ ## ## / / / / / / / /_/___ ## ## / / / / / / / ______/\ ## ## / / / / / / / /\_____\/ ## ## ____/ /_/__ / /_/____ / /_/____ ## ## /____________/\ /__________/\ /__________/\ ## ## \____________\/ \__________\/ \__________\/ ## ## ## ####### Headquarters: (416) 934-4055 ####### ## ## ######################################################### ## INNER CIRCLE ELITES (ICE) Presents: ## ## -- The Guide to Hacking & Phreaking [Issue #2] -- ## ## by Liquid Jesus ## ######################################################### _______CONTENTS___________________________________________________________ PART I.......Introduction PART II......PHreak PHile Extract (Guidelines by The Mentor - LOD/H) PART III.....Datapac, PADs, and X.25 PART IV......DNIC Listing PART V.......NUA Examples (Extracted from PHrack vol.3 issue 27) PART VI......Questions & Answers PART VII.....End of Transmission __________________________________________________________________________ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ______ ______ ______ _________ _______ | __ | | __ | | ___ \ |___ ___| |_______| | |__| | | | | | | |__/ / | | | | | ___| | |__| | | / | | | | | | | __ | | |\ \ | | __|_|__ |__| |_| |_| |_| \__\ |_| |_______| -+- Introduction -+- First off I want to thank all the people who left me feedback after the release of the first issue. It's a hellova lot easier to talk about things people ask about then by picking stuff out of the blue. It's only been a couple of days since I finished the first issue but the great response has prompted me to get my ass hauling an the second. This issue will probably have a *large* Q&A section but I'll try and limit the ones I answer to the ones being most important. Most people who leave me feedback on my BBS will have their questions answered in this guide and I'll have their name at the beginning of the question. If you ask me something and you feel it's just such a dumb question that you don't want to be labelled as the one who asked it, just tell me and I'll change you to "anonymous". Ok, I *was* planning on getting into new aspects of h/ping this issue (credit card fraud, how an NUAs and X.25 works, details about specific systems, etc..) but most of the feedback I've recieved so far has had to do with either 800 services and Datapac. Another large area of concern is the risk of getting caught. Well, I'm not going to lie to anyone... law enforcement is a LOT tougher on phreaks then on pirates. With pirating they figure "Ok, the guy probably wouldn't have bought the game in the first place anyways so it's not like the company is LOOSING money because he made a copy for himself". Also, it's a lot more widespread. Hack/Phreaks charge money *directly* to places such as telephone companies and other pay services. They can get into the corners of large systems and read about someones personal data until they find it time to have some fun and start changing things. When people start feeling insecure about their own private belongings, they find it VERY easy to slam the person who made them feel this way. You've probably already heard numerous stories about hackers being caught and charged with computer crimes. "Computer hackers crack credit codes", "Israeli hacker cracks military, credit codes", "Fone Phreaks charge millions in unpaid bills", etc, etc... it's no longer just the 95% average "nerd with taped glasses" doing it. So how do you manage to stay out of trouble? Well that's easy, be cautious. If you find something new you haven't seen before, ask an experience hacker if it's safe to use. Also, keep a low profile. So what if you feel great about cracking your first system. Keep your discussions to h/p-designated BBS's and don't start blabbing specifics to people you don't know. Instead of saying "I just got into General Motors VAX mainframe" you could limit it to "I just hacked a big VAX" or something. Just watch what you say. As for what you CAN use, just about anything that someone else says. Someone will tell you if something isn't safe, and if it isn't most of the time they'll also tell you how to use it without getting in di-hoe. Generally, everything is safe that is posted to the public (eg: on Alliance, VMB's, BBS's, chat lines, etc..). Someone also asked me if ALL 950's were unsafe. Ok, here's the definition of a 950 from the PHreak's Glossary: 950 - (pronounced nine-five-oh, not nine-fifty) A nationwide access exchange in most areas. Many LD companies have extenders located somewhere on this exchange; however, all services on this exchange are considered dangerous due to the fact that they ALL have the ability to trace. Most 950 services have crystal clear connections. All 950's have the number 800-950-xxxx (the prefix is 950 hence it's name.. duhh). Not ALL are unsafe but there are more unsafe 950's then other forms of 800 services. As I said before, you'll hear if one isn't safe. Another thing, before we get started, someone asked me to name some things that would be good for beginner hackers to start on. Things that are very safe. Well... (1) university/colledge computers: most have relatively low external security and don't keep logs of unsuccessful entry attempts. An example is the Lincoln County Board of Education VAX at 641-1295 (2400 baud - use VT100 emulation for best results). Some other examples of local small business systems are: 641-2973 (1200bps) - O.R. MFAS Complex [run on a VAX/VMS] Very SLOW. 641-5002 (1200bps) - System 288 ISOETEC Communications Inc. 687-1655 (2400bps) - Q&O Corporate Division (Quebec and Ontario Paper Company) [use VT-100 emulation] 687-8788 (1200bps) - Hotel Dieu (send hard break after connect. This one is very hard to hack... I don't even know the format of the login) 687-3954 (2400bps) - hit ESCape to get menu of companies (2) computers connected through networks: as there are a massive amount of people connected to a network at any given time it isn't practible for the network to run traces on everything. And, through network systems you can usually jump around to other systems. The closest network dialups are for Datapac. Here's a few: 357-4695 2400 baud - ICE also has a list of about 50 or so other 687-1104 2400 baud Datapac dialups for both 1200 and 2400 baud. 687-1115 2400 baud Just ask! 688-5640 1200 baud ..and remember, after you connect enter two periods and hit return (EG: .. ) and from there you enter the system address (which is 8 digits long) For some systems to check out see the first release of this article (filename: ICE001.TXT) What to stay away from? Well.. usually government computers aren't safe to hack unless you know what you're doing (more on this in a future issue), as well as systems to SOME big companies. Like calling direct to AT&T's mainframe and hacking it for hours on end wouldn't be something you'd wanna do. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ______ ______ ______ _________ ___________ | __ | | __ | | ___ \ |___ ___| |___________| | |__| | | | | | | |__/ / | | | | | | | ___| | |__| | | / | | | | | | | | | __ | | |\ \ | | __|_|_|_|__ |__| |_| |_| |_| \__\ |_| |___________| -+- PHreak PHile Extract: Guidelines by The Mentor - LOD/H -+- The following was extracted from P/HUN Issue #2 by The Mentor (Legion of Doom/Legoin of Hackers). I know I posted my own guidelines in release #1 of this guide but these are a few more you may want to keep in mind: As long as there have been computers, there have been hackers. In the 50's at the Massachusets Institute of Technology (MIT), students devoted much time and energy to ingenious exploration of the computers. Rules and the law were disregarded in their pursuit for the 'hack'. Just as they were enthralled with their pursuit of information, so are we. The thrill of the hack is not in breaking the law, it's in the pursuit and capture of knowledge. I. Do not intentionally damage *any* system. II. Do not alter any system files other than ones needed to ensure your escape from detection and your future access (Trojan Horses, Altering Logs, and the like are all necessary to your survival for as long as possible.) III. Do not leave your (or anyone else's) real name, real handle, or real phone number on any system that you access illegally. They *can* and will track you down from your handle! IV. Be careful who you share information with. Feds are getting trickier. Generally, if you don't know their voice phone number, name, and occupation or haven't spoken with them voice on non-info trading conversations, be wary. V. Do not leave your real phone number to anyone you don't know. This includes logging on boards, no matter how k-rad they seem. If you don't know the sysop, leave a note telling some trustworthy people that will validate you. VI. Do not hack government computers. Yes, there are government systems that are safe to hack, but they are few and far between. And the government has inifitely more time and resources to track you down than a company who has to make a profit and justify expenses. VII. Don't use codes unless there is *NO* way around it (you don't have a local telenet or tymnet outdial and can't connect to anything 800...) You use codes long enough, you will get caught. Period. VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law. It doesn't hurt to store everything encrypted on your hard disk, or keep your notes buried in the backyard or in the trunk of your car. You may feel a little funny, but you'll feel a lot funnier when you when you meet Bruno, your transvestite cellmate who axed his family to death. IX. Watch what you post on boards. Most of the really great hackers in the country post *nothing* about the system they're currently working except in the broadest sense (I'm working on a UNIX, or a COSMOS, or something generic. Not "I'm hacking into General Electric's Voice Mail System" or something inane and revealing like that.) X. Don't be afraid to ask questions. That's what more experienced hackers are for. Don't expect *everything* you ask to be answered, though. There are some things (LMOS, for instance) that a begining hacker shouldn't mess with. You'll either get caught, or screw it up for others, or both. XI. Finally, you have to actually hack. You can hang out on boards all you want, and you can read all the text files in the world, but until you actually start doing it, you'll never know what it's all about. There's no thrill quite the same as getting into your first system (well, ok, I can think of a couple of bigger thrills, but you get the picture.) One of the safest places to start your hacking career is on a computer system belonging to a college. University computers have notoriously lax security, and are more used to hackers, as every college computer depart- ment has one or two, so are less likely to press charges if you should be detected. But the odds of them detecting you and having the personel to committ to tracking you down are slim as long as you aren't destructive. If you are already a college student, this is ideal, as you can legally explore your computer system to your heart's desire, then go out and look for similar systems that you can penetrate with confidence, as you're already familar with them. So if you just want to get your feet wet, call your local college. Many of them will provide accounts for local residents at a nominal (under $20) charge. Finally, if you get caught, stay quiet until you get a lawyer. Don't volunteer any information, no matter what kind of 'deals' they offer you. Nothing is binding unless you make the deal through your lawyer, so you might as well shut up and wait. - The Mentor: LOD/H %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ______ ______ ______ _________ _______________ | __ | | __ | | ___ \ |___ ___| |_______________| | |__| | | | | | | |__/ / | | | | | | | | | ___| | |__| | | / | | | | | | | | | | | __ | | |\ \ | | __|_|_|_|_|_|__ |__| |_| |_| |_| \__\ |_| |_______________| -+- Datapac, PADS, and X.25 -+- Ok, to start off, Datapac is a network with dialups ONLY in Canada (a dialup is the number you call to get into the network eg. 687-1115) that has all sorts of neat little services you can screw around with. After you connect you type two periods and hit return ".. " and that will tell Datapac you're their. From here you can enter any valid 8-digit address to connect to a host systems. An example is "74600268" (a VAX system). There are thousands of systems connected with Datapac all across Canada. If you want to get the specifics on Datapac and how it works enter the address "9160 0086" (no space in between though...) and it will give you menus and texts of all sorts of things. So what's so special about Dpac? Well, most of the systems connected to it allow access to other networks around the world via packet assember/disassembers (PADs). What a PAD does is group the data into 128 or 256 byte chunks (normally, this can be changed. Using smaller packet sizes reduces PAD delay but may also cost the company more money because some networks charge by the packet... but hey, whatever makes your journey easier). The packet is now transmitted at speeds ranging from 9600bps to 19200bps (or even faster) to another PAD where it then takes the data and hands it down to whatever computer system it's connected to. A PAD allows two computers that have different baud rates or communication protocals to talk to each other over a long distance. Although the systems connected directly to Datapac are located in Canada you can access any system in the world from it via the X.25 network. All of the major networks (Telenet, Tymnet, Datapac, ItaPAC, etc..) offer connections with X.25 as well as many private companies. (I don't wanna confuse anyone here but I might..). Ok, as I said before, Datapac connects to host systems by their 8-digit addresses. Now pretend this 8 digit number is like a normal 7 digit phone number (eg. 9344055) without the area code. To call outside of Datapac (using an X.25 PAD) you must add the DNIC in front of it. The DNIC (Data Network Identification Code) is kind of like an areacode for networks. It tells Datapac the area of the world and which network inside it, that you're calling to. Currently Datapac connects DIRECTLY to the U.S. packet switching networks (PSN's) of SprintNet, BT Tymnet, AT&T Accunet, Fedex, Net Express and Western Union. Also, through Teleglobe Canada it can connect to more than 100 networks throughout the world. So now you know what a NUA is (well... kinda). A NUA (Network User Address) has been conformed to X.121 standards (what's X.121? It's the standard set by Study Group 7 of the CCITT (International Telegraph and Telephone Consultative Committee - you don't have to remember that) that says an NUA takes the form of a 4 to 14 digit number with the first four digits being the DNIC. In this manner X.121 ensures unique addresses for all data terminal equipment in the world. Another thing that you don't need to know is X.75 which defines the signalling system between to PSN's, but can basically be defined as a network to network interface (makes sure both networks are talking in the same "language" so to speak). Ok got all that? Remember it for the test on Friday (hohoho 8-) I'm just tellin yah how things work in case anyone actually cares. Quick review: X.121 - standard of how NUA's are made up X.75 - network to network interface (the "language") Sooo... an NUA is like this: (1) (DNIC) (FOREIGN ADDRESS) : : : One defines the Datapac International.: : : Prefix (tells Dpac yur callin outside : : of the network) : : : : Packet networks are identified by a ........: : four digit number called a DNIC : (data network identification code) : : The foreign national address is .......................: expressed as an eight to ten digit address. Also, as I stated before, when in Dpac you can change the packet size, but when calling internationally the packet must be 128 characters. You cannot change this. Ok, an example NUA is QSD: 1 2080 57040540 : : : : : : Identifies international..: : : call (1) : :...this is the address within : Transpac - the host system you're DNIC: 2080 - identifier for..: connecting to. the network TRANSPAC in France - the network your connecting to Note: every PSN has a DNIC. Datapac's is "3020" so if you lived in Italy and hooked up to ItaPAC and wanted to call a VAX at 12345678 connected with Datapac the NUA would be 1302012345678. Easy eh? So what's so great about all this? Well just think, if there's some tiny little company with a little desktop computer in the basement of some small building in Japan, you can connect with it if it's hooked up to a packet switching network, or even if it's hooked up to a LAN (local area network) providing the LAN server is connected with a PSN. Also, unlike placing a normal phone call with which you can only be connected to one place per line, X.25 PADs can have multiple lines (actually, called channels) so sitting on your one line-one modem micro, you could be connected to five or more mainframes in different countries around the world simultaneously. Well now you know a little bit more about about 45% of the hacker world (the other 45% is codes - 800 services (eg: PBX's) and the remaining 10% is the anarchy bit which I've never really been interested in. Most people are H/P but their's also the H/P/A (hack/phreak/anarchy) dudez who spend time trying to construct the atomic bomb from household supplies... %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ______ ______ ______ _________ ________________ | __ | | __ | | ___ \ |___ ___| |________________| | |__| | | | | | | |__/ / | | | | \ \ / / | ___| | |__| | | / | | | | \ \/ / | | | __ | | |\ \ | | __|_|___\__/____ |__| |_| |_| |_| \__\ |_| |________________| -+- DNIC List -+- Well seeing as how I babbled on so much the last section about them, I thought it might be worthwhile to include a DNIC listing because chances are you'll need it in the future. Soo, straight from Datapac's Information Service.... DATAPAC INTERNATIONAL IDENTIFICATION CODES (DNIC) A comprehensive list of the International Packet-Switched networks which are accessible via the Datapac-Teleglobe gateway is provided below. It is current as of 1992 06 09. COUNTRY NETWORK DNIC DIRECTION ------- ------- ---- --------- ANDORA ANDORPAC 2945 BI-DIR ANTIGUA AGANET 3443 INCOMING ARGENTINA ARPAC 7220 BI-DIR ARPAC 7222 BI-DIR AUSTRIA DATEX-P 2322 BI-DIR DATEX-P TTX 2323 BI-DIR RA 2329 BI-DIR AUSTRALIA AUSTPAC 5052 BI-DIR OTC DATA ACCESS 5053 BI-DIR AUSTPAC 5054 BI-DIR BAHAMAS BATELCO 3640 BI-DIR BAHRAIN BAHNET 4263 BI-DIR BARBADOS IDAS 3423 BI-DIR BELGIUM DCS 2062 BI-DIR DCS 2068 BI-DIR DCS 2069 BI-DIR BELIZE BTLDATAPAVC 7020 BI-DIR BERMUDA BERMUDANET 3503 BI-DIR BRAZIL INTERDATA 7240 BI-DIR RENPAC 7241 BI-DIR RENPAC 7248 INCOMING RENPAC 7249 INCOMING BULGARIA BULPAC 2841 BI-DIR CAMEROON CAMPAC 6242 BI-DIR CAYMAN ISLANDS IDAS 3463 BI-DIR CHAD CHAD 6222 BI-DIR CHILE ENTEL 7302 BI-DIR CHILE-PAC 7303 INCOMING VTRNET 7305 BI-DIR ENTEL 7300 INCOMING CHINA PTELCOM 4600 BI-DIR COLOMBIA COLDAPAQ 7322 BI-DIR COSTA RICA RACSAPAC 7120 BI-DIR RACSAPAC 7122 BI-DIR RACSAPAC 7128 BI-DIR RACSAPAC 7129 BI-DIR CYPRUS CYTAPAC 2802 BI-DIR CYTAPAC 2807 BI-DIR CYTAPAC 2808 BI-DIR CYTAPAC 2809 BI-DIR DENMARK DATAPAK 2382 BI-DIR DATAPAK 2383 BI-DIR DJIBOUTI STIPAC 6382 BI-DIR DOMINICAN REP. UDTS-I 3701 INCOMING ESTONIA ESTONIA 2506 BI-DIR EGYPT ARENTO 6020 BI-DIR FIJI FIJPAC 5420 BI-DIR FINLAND DATAPAK 2441 BI-DIR DATAPAK 2442 BI-DIR DATAPAK 9358 BI-DIR DIGIPAK 2443 BI-DIR FRANCE TRANSPAC 2080 BI-DIR NTI 2081 BI-DIR TRANSPAC 2089 BI-DIR TRANSPAC 9330 INCOMING TRANSPAC 9331 INCOMING TRANSPAC 9332 INCOMING TRANSPAC 9333 INCOMING TRANSPAC 9334 INCOMING TRANSPAC 9335 INCOMING TRANSPAC 9336 INCOMING TRANSPAC 9337 INCOMING TRANSPAC 9338 INCOMING TRANSPAC 9339 INCOMING FR ANTILLIES TRANSPAC 2080 BI-DIR FR GUIANA TRANSPAC 2080 BI-DIR FR POLYNESIA TOMPAC 5470 BI-DIR GABON GABONPAC 6282 BI-DIR GERMANY F.R. DATEX-P 2624 BI-DIR DATEX-C 2627 BI-DIR GREECE HELPAK 2022 BI-DIR HELLASPAC 2023 BI-DIR GREENLAND KANUPAX 2901 BI-DIR GUAM LSDS-RCA 5350 BI-DIR PACNET 5351 BI-DIR GUATEMALA GUATEL 7040 INCOMING MAYAPAC 7042 INCOMING GUATEL 7043 INCOMING HONDURAS HONDUTEL 7080 INCOMING HONDUTEL 7082 BI-DIR HONDUTEL 7089 BI-DIR HONG KONG INTELPAK 4542 BI-DIR DATAPAK 4545 BI-DIR INET HK 4546 BI-DIR HUNGARY DATEX-P 2160 BI-DIR DATEX-P 2161 BI-DIR ICELAND ICEPAK 2740 BI-DIR INDIA GPSS 4042 BI-DIR INDONESIA SKDP 5101 BI-DIR IRELAND EIRPAC 2721 BI-DIR EIRPAC 2724 BI-DIR ISRAEL ISRANET 4251 BI-DIR ITALY DARDO 2222 BI-DIR ITAPAC 2227 BI-DIR IVORY COAST SYTRANPAC 6122 BI-DIR JAMAICA JAMINTEL 3380 INCOMING JAPAN GLOBALNET 4400 BI-DIR DDX 4401 BI-DIR NIS-NET 4406 BI-DIR VENUS-P 4408 BI-DIR VENUS-P 9955 INCOMIMG VENUS-C 4409 BI-DIR VENUS-C 4410 BI-DIR KENYA KENPAC 6390 BI-DIR KOREA REP HINET-P 4500 BI-DIR DACOM-NET 4501 BI-DIR DNS 4503 BI-DIR KUWAIT BAHNET 4263 BI-DIR LEBANON SODETEL 4155 BI-DIR LIBANPAC 4150 BI-DIR LUXEMBOURG LUXPAC 2704 BI-DIR LUXPAC 2709 BI-DIR MACAU MACAUPAC 4550 BI-DIR MADAGASCAR INFOPAC 6460 BI-DIR MALAYSIA MAYPAC 5021 BI-DIR MAURITIUS MAURIDATA 6170 BI-DIR MEXICO TELEPAC 3340 BI-DIR MOROCCO MOROCCO 6040 BI-DIR MOZAMBIQUE COMPAC 6435 BI-DIR NETHERLANDS DATANET-1 2040 BI-DIR DATANET-1 2041 BI-DIR DABAS 2044 BI-DIR DATANET-1 2049 BI-DIR N. MARIANAS PACNET 5351 BI-DIR NEW CALEDONIA TOMPAC 5460 BI-DIR NEW ZEALAND PACNET 5301 BI-DIR NIGER NIGERPAC 6142 BI-DIR NORWAY DATAPAC TTX 2421 BI-DIR DATAPAK 2422 BI-DIR DATAPAC 2423 BI-DIR PAKISTAN PSDS 4100 BI-DIR PANAMA INTELPAQ 7141 BI-DIR INTELPAQ 7142 BI-DIR PARAQUAY ANTELPAC 7447 INCOMING PERU DICOTEL 7160 BI-DIR PHILIPPINES CAPWIRE 5150 INCOMING CAPWIRE 5151 BI-DIR PGC 5152 BI-DIR GMCR 5154 BI-DIR ETPI 5156 BI-DIR PORTUGAL TELEPAC 2680 BI-DIR SABD 2682 BI-DIR PUERTO RICO UDTS 3300 BI-DIR UDTS 3301 BI-DIR QATAR DOHPAC 4271 BI-DIR REUNION (FR) TRANSPAC 2080 BI-DIR RWANDA RWANDA 6352 BI-DIR SAN MARINO X-NET 2922 BI-DIR SAUDI ARABIA ALWASEED 4201 BI-DIR SENEGAL SENPAC 6081 BI-DIR SEYCHELLES INFOLINK 6331 BI-DIR SINGAPORE TELEPAC 5252 BI-DIR TELEPAC 5258 BI-DIR SOLOMON ISLANDS DATANET 5400 BI-DIR SOUTH AFRICA SAPONET 6550 BI-DIR SAPONET 6551 BI-DIR SAPONET 6559 BI-DIR SRI-LANKA DATANET 4132 BI-DIR SPAIN TIDA 2141 BI-DIR IBERPAC 2145 BI-DIR SWEDEN DATAPAK TTX 2401 BI-DIR DATAPAK-2 2403 BI-DIR DATAPAK-2 2407 BI-DIR SWITZERLAND TELEPAC 2284 BI-DIR TELEPAC 2285 BI-DIR TELEPAC 2289 BI-DIR TAIWAN PACNET 4872 BI-DIR PACNET 4873 BI-DIR UDAS 4877 BI-DIR TCHECOSLOVAKA DATEX-P 2301 BI-DIR THAILAND THAIPAC 5200 BI-DIR IDAR 5201 BI-DIR TONGA DATAPAK 5390 BI-DIR TOGOLESE REP. TOGOPAC 6152 BI-DIR TORTOLA IDAS 3483 INCOMING TRINIDAD DATANETT 3745 BI-DIR TEXTET 3740 BI-DIR TUNISIA RED25 6050 BI-DIR TURKEY TURPAC 2862 BI-DIR TURPAC 2863 BI-DIR TURKS&CAICOS IDAS 3763 INCOMING U ARAB EMIRATES EMDAN 4241 BI-DIR EMDAN 4243 BI-DIR TEDAS 4310 INCOMING URUGUAY URUPAC 7482 BI-DIR URUPAC 7489 BI-DIR USSR IASNET 2502 BI-DIR U.S. VIRGIN I UDTS 3320 BI-DIR U. KINGDOM IPSS-BTI 2341 BI-DIR PSS-BT 2342 BI-DIR GNS-BT 2343 BI-DIR MERCURY 2350 BI-DIR MERCURY 2351 BI-DIR HULL 2352 BI-DIR VENEZUELA VENEXPAQ 7342 BI-DIR YUGOSLAVIA YUGOPAC 2201 BI-DIR ZIMBABWE ZIMNET 6482 BI-DIR (As you can see there's a LOT of different networks around the world!) %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ______ ______ ______ _________ __________ | __ | | __ | | ___ \ |___ ___| |__________| | |__| | | | | | | |__/ / | | \ \ / / | ___| | |__| | | / | | \ \/ / | | | __ | | |\ \ | | ___\__/___ |__| |_| |_| |_| \__\ |_| |__________| -+- NUA Extract -+- There are tens of thousands of NUAs around the world so I'm not going to list them all obviously (the list alone would takes megs of space). I'll just take a few from PHrack issue #27 (vol.3) so you can have a looksee of what's out there. THESE HAVE NOT BEEN TESTED and they may be out of service by the time you try them out, but chances are they'll still be there: DNIC \ / \/ 2062 22 101 2 ? Ministry of economic affairs 2080 57 040 540 QSD (Chat system) 2284 621100102 Cigy DEC1091 2284 6411010 DM DATAMAIL (RSAG) 2284 681140592 Princeton University High Energy Physics Group Vax 11/750 2284 681140593 University of Michigan Physics Vax 11/750 2284 681140596 N.U. Physics Vax 11/750 2284 681140597 Harvard University High Energy Physics Lab. Vax 8650 2342 19200190 INFOLINE PERGAMON INFOLINE LTD. (NFS) 2342 19200203 IPSH SHARP, I. P. ASSOCIATES LTD. 2342 19200220 BRITISH LIBRARY ON-LINE SYSTEM 2342 19200222 BLAISE British Library Information System 2342 22236236 UWIST University of Wales 2342 22339399 CAMBRID Cambridge University (Phoenix) 2342 22530303 SWURCC South-West Universities 2342 2253030388 SWURCC South-West Universities Network 2342 23519111 AERE Atomic Energy Research Establishment at Harwell 2343 07813 EUROINFO Euronet Diane Information Service 2442 03008 HELVA High Energy Physics Vax 11/750 2442 03017 U of Technology DEC-20 2442 31006 Technical University of Tampere VAX 2624 5241040149 Aachener + Muenchener Versicherung 2624 5241090528 rmi-aachen 2624 5241090832 RMI Datentechnik Aachen 2624 5243340307 OPTEL (Ruehlemann-Box) 2624 5246190509 Kfz Juelich 2624 5271040240 Uni Siegen, FB Physik (VAX 11/750) 2624 5293140196 Handwerkskammer (HWK) Arnsberg 2624 530000414 GFC-AG 2624 5611090322 American Express 2624 5611090347 American Express 3106 000323 TRW Defence & Space Systems Group 3106 000401 TMCS Public Network 3106 000633 Public TYMNET/TRWNET Interlink 3106 00157878 BIX 3106 001659 BYTE Information Exchange (GUEST,GUEST) 3106 001663 People Link 3106 001819 TMCS Public Network 3106 001828 FRX Faifax Outdial Host (Tymnet) 3106 001864 SUNGARDS Central Computer Facility Network 3106 002677 The New York Times 3106 0057878 BIX 3106 00584401 Washington Post 3110 21200315 Outdial 300 bps (Area 212) 3110 21200316 Outdial 1200 bps (Area 212) 3110 21200412 Outdial 2400 bps (Area 212) 3110 2120041200 New York City Outdial (Area 212) 3110 21300029 TRW Defence & Space Systems Group 3110 3010002000 NLM National Library of Medicine 3110 3010002400 The Source 3110 500061 Nuclear Research 3110 608016630 University of Wisconsin 3110 609004200 Dow-Jones 3110 6120002500 Honeywell Inform Services Datanetwork 3110 6170013700 Masachusetts Institute of Technology 3110 6170013800 Masachusetts Institute of Technology 3110 6170013900 Masachusetts Institute of Technology 3110 6170014000 Masachusetts Institute of Technology 3110 6170127500 Masachusetts Institute of Technology 3110 6170139000 Masachusetts Institute of Technology 3110 6170140300 Masachusetts Institute of Technology 3110 61703088 Delphi 3110 61900050 California Outdial 1200 bps (Area 619) 3110 7030002000 Litton Computer Services 3110 7030002100 American Management Systems 5052 82620000 VAX in Sidney, Australia %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ______ ______ ______ _________ ________________ | __ | | __ | | ___ \ |___ ___| |________________| | |__| | | | | | | |__/ / | | \ \ / / | | | ___| | |__| | | / | | \ \/ / | | | | | __ | | |\ \ | | ___\__/____|_|__ |__| |_| |_| |_| \__\ |_| |________________| -+- Questions & Answers -+- A lot of people think they shouldn't bother asking a question because it's stupid, or it might make them look like a beginner. Well without an answer to your question you'll ALWAYS be a beginner. I will answer _any_ question no matter how small it may seem and if I can't give an answer to it I'll find someone who can. I've been in the h/p scene for a couple of years now and there's still LOTS of stuff I have no clue about. H/Ping goes into all corners of the computer world and other forms of electronics and there's no WAY someone can know everything about all of it. Most people just stick to one party of h/ping and specialize their. I've seen people that know the operating system to VAX/VMS inside out but they don't have a clue as to how a PBX works. I also know people who can hack out VMB's in a minute but have never heard of an outdial. Don't think that all hack/phreaks know everything about everything cause they don't. I've got loads of technical journals at hand so I can look up and give a detailed answer on almost anything if you want one. If you want me to explain somethings step-by-step I'll do that too. Ask and you shall recieve. So you ask "why am I being such a nice guy?" Well as I said before, the amount of phreaks in Niagara are VERY few and I want to expand people's knowledge in the area. When more people are learning, I won't be the only one answering questions. One more thing, not all answers in this section will be from me. In this issue they are but in future issues I'll be taking extracts from other hack philes and from other BBS's. Ok, hours after I released the first ICE H/P Handbook I had feedback waiting for me on my board. That's great. The more the merrier. If you have a question (L)eave Feedback to me on my BBS: 416-934-4055 (no, you don't have to be a member to do this... guests can leave feedback as well). [QUESTION #1 from Darkwing Duck]: Ok, umm, I've read MOST of your H/P book (I'm on line 512 now). What I'd like to know is about Datapac. When I call and look around is this illegal (stupid question), ok, but can I get caught? -------------------------------------------------------------------------- No, it's not a stupid question. When I first started out the major thing that worried me and kept me from trying new things was getting caught. Datapac is a public service, and if you're just snooping around not causing any harm, you won't get into trouble. I have *heard* stories of some people getting into dung for scanning Datapac, but myself as well as other members of ICE and other people I know have been scanning Datapac extensively for a _long_ time and nothing has every happened to me or them. Remember, Datapac is a huge network that goes all across Canada and also accepts calls from overseas. It has hundreds of dialups over the country. This allows for thousands of people to be accessing it simultaneously. Datapac doesn't have the time, money (well, maybe), or manpower to moniter the doings of every user connected to it. [QUESTION #2 from Darkwing Duck]: I'd like to call some LD BBS's (preferably h/p or pirate boards), using the 800 services, now, can I get caught? -------------------------------------------------------------------------- Most (I'd say about 95%) of the codes you hear being spread around H/P BBS's, VMB's etc.. are safe to use. If they're not, the person who posted it will say so. There has been problems with some 950 services doing random traces in the past and some services have even posted fake FBI warnings (remember, the FBI is an AMERICAN agency... they're not going to go after people in Canada when they've got enough work to do in their own country. And as for the RCMP computer crime unit... they're a little bit behind the times). There's so many people using these ways to call LD for free at the same time that it's impossible to do traces of all of them. Of course if someone uses this 800 service to call a long distance computer somewhere else, and goes in and destroys that system, well of course that will increase the chance of getting caught. But if you're using them to call BBS's you're safe. [QUESTION #3 from Anonymous]: I'm not quite sure of what the point of using a Datapac is. Is it to call networks and not get caught? -------------------------------------------------------------------------- Well first, Datapac _is_ a network. From it you can also connect to other networks though. Their are a number of reasons of using it. For one, most of the systems connected with it have PAD (Packet Assembler/Disassembler) software, which allows you to call other systems around the world via their NUA (network user address). The advantages of using a PAD to call out from Datapac, is that you get a crystal-clear connection: no line noise. PADs allow two remote systems to talk to each other even though they may be connected at different baud rates or using different protocals. Transmissions between PADs in networks zip around at speeds of 9600-19200 baud (even though you may be calling on a 1200 or 2400 baud modem, the modems in the network are going at light speed) and have built in error correcting protocals. Also, once you connect to Datapac you have access to other networks: Telenet, Tymnet, ItaPAC, JANET, SBDN, PandaNet, THENet, and a whole host of others. All of which have thousands of separate systems connected to them. [QUESTION #4 from Darkwing Duck]: When using 800 services, am I SUPPOSED to watch out for 950's and PBX's? -------------------------------------------------------------------------- No. 950's and PBX's are WATS (Wide Area Telecommunications Service) and this is what people use to call ld for free. If you hear of a 950 use it unless you hear otherwise. Or if you're still unsure, call through a diverter (a diverter is an 800 service that allows people to call other 800 numbers outside of their calling area). [QUESTION #5 from Darkwing Duck]: Using Datapac, I call out to lets say Air Canada (an example from the handbook). Now, I connect, then I'm trying to break in (no I KNOW this is illegal) but what are the chances of me getting caught? -------------------------------------------------------------------------- Well I've been into bigger places than Air Canada even after hacking for hours, and still haven't been caught or warned or anything. Even though a system might keep track of unsuccessful login attempts, it won't say where those attempts were made from. Companies generally won't start running traces unless they really feel threatened by the possible intruder. Systems are hacked on all the time so it wouldn't be practible for the company to start ordering the phone company to trace every time a new hacker came along. So in other words, I wouldn't worry about getting caught. But, if by some odd chance someone DID call you or anything, you just say someone told you it was a private bbs system and you forgot what the login/password was or something. Just play dumb. [QUESTION #6 from The Unit]: Can you explain a few more things in a little more detail for me? Like, in the h/p message sections, they were talking about codes to dial out ld, what exactically do they mean when they write " +code+#### " stuff like that (put numbers in for #) -------------------------------------------------------------------------- Ok, most of the time when someone posts a long distance service it will be something like (example): 1-800-123-4567+09+acn or even 8/123-4567+09+acn If you seem something with 8/ that means it's a 1-800 (we're just too lazy to type 1-800 I guess)... "09" would be what you enter to get to the other line that lets you dial out (when calling 800 services you call on one line to get to it (an INWATS) and then once it answers you have to type in a code that will switch you to the line that lets dial out (an OUTWATS). BTW: a WATS is a "Wide Area Telecommunications Service". So you'd call up 1-800-123-4567 on you're trusty TOUCHTONE phone (if you've got only a pulse phone you might as well not even be reading this file) then once you hear it answer you will usually either hear a recording or it will go right to another dialtone. This is where you enter "09" and then it will either go from the recording to a dialtone or just stay at a dialtone if it already was. Now you enter your ACN. An ACN is Area Code Number (eg: 416-934-4055). Alot of the time it will say 1+acn because the 1 is required to call long distance. It depends on the service. Also, whenever you see a code posted and the "+" are in it.. all the plus signs mean is "wait for something and then enter the next thing". Sometimes you may get some huge code like 8/123-4567+1+09+acn+code or something like that where you're required to call the 800 number, enter a number, wait for something (either a message to end or a beep, or whatever) then enter another number or set of numbers, then the areacode number you wanna call, then a code (which of course was already hacked out by either yourself or another phreak). Other times you'll see something like: 800-123-4567+5dig+acn and that means the code consists of 5 digits but nothing has been hacked out yet (so if you've got time work on it). OR, you're see some that have a template like (I'll give an example of a 7 digit code): 800-123-4567 536xxxx which means that someone has found a lot of codes on it with the first numbers being "536". A lot of companies put their codes in groups. MOST long distance services WILL require a code of a sort which will range anywhere from 3 digits (easy to hack out) to 9 digits (very hard without a template). [QUESTION #7 from Iron Fist]: People have explained what a pad is but I'm still not too sure. I know you use them in networks but how? -------------------------------------------------------------------------- When you're connected to a host system on a network (say a PRIME system for example), chances are that system will have a packet assembler/disassembler connected to it. This isn't a piece of hardware or something you can see. It's a program (on Primos computers this program is called "Netlink", on VAX's you can use the "set host" command) that assembles data into packets of 128 or 256 byte chunks. The program then sends it to a 9600-19200 baud modem that is connected with another system. From here it goes to the other system, who's pad software disassembles the packet. Say you're connected to a university in England and it displays the prompt "Hit 'C' to Continue". You hit "C". It goes from your computer, to the packet switching network your connected to (eg: Datapac) to the host system your connected to, is put into a 128 or 256 byte packet, is sent through the fone lines via the X.25 network to the other computer you're connected to. Ok, that's great but how do you actually place a call? Well, when you're at the PAD prompt (which can be anything eg: "DevelNet X.25:" or what Netlink uses which is just a "@" symbol) enter either "?" or "help" to get a list of commands. Usually the command to call out is "c" but this can vary according to the program. The format of the NUA can also vary. If I'm calling QSD in France (NUA: 208057040540) from a Prime computer the command would be "c 12080:57040540". The Netlink program demands a colon after the DNIC. But the most common format is c+1+nua. [QUESTION #8 from Iron Fist]: How do I get a list of VMB's or NUA's that are valid (current)? -------------------------------------------------------------------------- The best way to get an up to date list of anything is your favorite hack/phreak BBS. Or, if you have a VMB that you call, there. [QUESTION #9 from Anonymous]: What is the best computer to hack with? I only have a 64 but can I still do all the same stuff as other people? -------------------------------------------------------------------------- Some of the best hacking/scanning programs are for the C-64 and some of the best h/p BBS's are run on the Commie. One that used to be good (haven't called in awhile) is Meltdown in Hamilton/Ontario at 416-648-8175 (12-24oo baud). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ______ ______ ______ _________ ____________________ | __ | | __ | | ___ \ |___ ___| |____________________| | |__| | | | | | | |__/ / | | \ \ / / | | | | | ___| | |__| | | / | | \ \/ / | | | | | | | __ | | |\ \ | | ___\__/____|_|_|_|__ |__| |_| |_| |_| \__\ |_| |____________________| -+- End of Transmission -+- Well this one took a little longer than I had wanted (a whole 2 days - but those were 2 days of nonstop writing). I'm hoping someone else will write something in the next issue. I'm going to ask Technazz to do an article on something but he's a buzy person, so if *anyone* wants to write in this just tell me. It can be something that's only a paragraph if yah want. Anything. What I don't have too much knowledge on is other networks (Tymnet, Telenet, etc..) so if someone wants to do something on that... Ok, well keep the questions comming to me cause it's easier for me to talk about stuff that way. Call ICE HQ at [416] 934-4055 and (L)eave Feedback. You don't even have to be a registered user to do that so call call call. Tell me what you think about these "hackbooks" and what you wanna see in 'em (or don't wanna see in 'em for that matter). What to look for in the next release? Hmmm... I'm not even sure yet. I think I'll release a tech journal compilation with extracts from PHrack, PHun, and LoD/H. Maybe type out a few newspaper articles lying around, who knows. Oh well, I'll have more of an idea when people leave me some feedback. Where can I (and other ICE members) be contacted? PSYCHIATRIC CYBERHELL BBS (ICE WHQ): 416-934-4055 [12/2400bps] Currently the only H/P supporting BBS in Niagara (and even if there was another it'd still be the best! ehehhe).. and here's how I can be contacted internationally: ...aah the suffering - the sweet suffering... Contact Liquid Jesus of ICE/Nightbreed globally: *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ InterNet/UUCP........ liquid_jesus@pegasus.ch Canada............... ICE WHQ: (416)934-4055, (416)934-6795 United States........ Town Town BBS (Paradise USA HQ): (414)781-3218 France (direct)...... +33 36431515 (type "THELINE") mailbox name: ICE92 France (via X.25).... 208057040540 (mailbox name: ICE92) Switzerland.(direct). +41 (0)71 715577 (10 lines) (username: Liquid_Jesus) Switzerland (X.25)... 228475212574 (Same as above) Iceland (direct)..... 354-1-78099, 670990 Iceland (X.25)....... 274011991000 (username: AmiPhreak) Iceland via X.25..... 274011991000 *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ Thanx to... Mentor(LOD/H), TAP Online, DIS