Phrack

Documents
1604 pages
Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

Description

1 Introduction... by Taran King Hacking SAM - A Description Of The Dial-Up Security System by Spitfire Hacker Boot Tracing Made Easy by Cheap Shades THE PHONE PHREAK'S FRY-UM GUIDE by Iron Soldier Using MCI Calling Cards by Knight Lightning How to Pick Master Locks by Ninja NYC Acetylene Balloon Bomb by The Clashmaster & Gin Fizz Schools and University Numbers by Phantom Phreaker Introduction... _ _ | \/ | |_||_|etal/ /hop _______ /_______ (314)432 0756 24 Hours A Day, 300/1200 Baud Presents.... ==Phrack Inc.== Volume One, Issue One, Phile 1 of 8 Introduction... Welcome to the Phrack Inc. Philes. Basically, we are a group of phile writers who have combined our philes and are distributing them in a group. This newsletter type project is home based at Metal Shop. If you or your group are interested in writing philes for Phrack Inc. you, your group, your BBS, or any other credits will be included. These philes may include articles on telcom (phreaking/hacking), anarchy (guns and death & destruction) or kracking. Other topics will be allowed also to an certain extent. If you feel you have some material that's original, please call and we'll include it in the next issue possible. Also, you are welcomed to put up these philes on your BBS/AE/Catfur/ Etc. The philes will be regularly available on Metal Shop. If you wish to say in the philes that your BBS will also be sponsering Phrack Inc., please leave feedback to me, Taran King stating you'd like your BBS in the credits.

Sujets

Informations

Publié par
Publié le 02 mai 2013
Nombre de visites sur la page 659
Langue English
Signaler un problème

1
Introduction... by Taran King
Hacking SAM - A Description Of The Dial-Up Security System by
Spitfire Hacker
Boot Tracing Made Easy by Cheap Shades
THE PHONE PHREAK'S FRY-UM GUIDE by Iron Soldier
Using MCI Calling Cards by Knight Lightning
How to Pick Master Locks by Ninja NYC
Acetylene Balloon Bomb by The Clashmaster & Gin Fizz
Schools and University Numbers by Phantom Phreaker
Introduction...
_ _
| \/ |
|_||_|etal/ /hop
_______
/_______
(314)432 0756
24 Hours A Day, 300/1200 Baud
Presents....
==Phrack Inc.==
Volume One, Issue One, Phile 1 of 8
Introduction...
Welcome to the Phrack Inc. Philes. Basically, we are a group of phile
writers who have combined our philes and are distributing them in a group.
This newsletter type project is home based at Metal Shop. If you or your
group are interested in writing philes for Phrack Inc. you, your group, your
BBS, or any other credits will be included. These philes may include
articles on telcom (phreaking/hacking), anarchy (guns and death &
destruction) or kracking. Other topics will be allowed also to an certain
extent. If you feel you have some material that's original, please call and
we'll include it in the next issue possible. Also, you are welcomed to put up
these philes on your BBS/AE/Catfur/ Etc. The philes will be regularly
available on Metal Shop. If you wish to say in the philes that your BBS will
also be sponsering Phrack Inc., please leave feedback to me, Taran King
stating you'd like your BBS in the credits. Later on.
TARAN KING
2600 CLUB!
METAL SHOP SYSOP
This issue is Volume One, Issue One, released on November 17, 1985.
Included are:
1 This Introduction to Phrack Inc. by Taran King
2 SAM Security Article by Spitfire Hacker
3 Boot Tracing on Apple by Cheap Shades
4 The Fone Phreak's Revenge by Iron Soldier
5 MCI International Cards by Knight Lightning
6 How to Pick Master Locks by Gin Fizz and Ninja NYC
7 How to Make an Acetylene Bomb by The Clashmaster
8 School/College Computer Dial Ups by Phantom Phreaker
Call Metal Shop and leave feedback saying the phile topic and where you
got these philes to get your article in Phrack Inc.
Hacking SAM - A Description Of The Dial-Up
Security System
_ _
| \/ |
|_||_|etal/ /hop
______
/______
(314)432 0756
24 Hours A Day, 300/1200 Baud
Presents...
==Phrack Inc.==
Volume One, Issue One, Phile 2 of 8
::>Hacking SAM A Description Of The Dial Up Security System<::
::>Written by Spitfire Hacker<::
SAM is a security system that is being used in many colleges today as a
security feature against intrusion from the outside. This system utilizes a
dial back routine which is very effective. To access the computer, you
must first dial the port to which SAM is hooked up. The port for one such
college is located at (818) 8852082. After you have called, SAM will
answer the phone, but will make no other responses (no carrier signals).
At this point, you must punch in a valid Login Identification Number on a
push button phone. The number is in this format xxyyyy where xx is,
for the number mentioned above, 70. 'yyyy' is the last 4 digits of the valid
user's telephone number.
If a valid LIN is entered, SAM will give one of 3 responses: 1) A 1 second
low tone
2) A 1 second alternating high/low tone
3) A tone burst
Responses 1 and 2 indicate that SAM has accepted your passcode and is
waiting for you to hang up. After you hang up, it will dial the valid users
phone number and wait for a second signal.
Response 3 indicates that all of the outgoing lines are busy.
If SAM accepts your passcode, you will have to tap into the valid users
line and intercept SAM when it calls. If you do this, then hit the '*' key on
your phone. SAM will respond with a standard carrier, and you are in!
That's all that I have hacked out so far, I will write more information on the
subject later.
%>Spitfire Hacker<%
2600 Club!
Boot Tracing Made Easy
==Phrack Inc.==
Volume One, Issue One, Phile 3 of 8
////////////////////////////////////////
/
/ Boot Tracing Made Easy /
/ Written by /
/ _________
/ \Cheap/ \Shades/ /
/ \___/
/ 2600 CLUB! /
/
////////////////////////////////////////
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\ \
\ Be sure to call \
\ \
\ Kleptic Palice......(314)527 5551 \
\ 5 Meg BBS/AE/CF \
\ Metal Shop..........(314)432 0756 \
\ Elite BBS (Home of 2600 CLUB! \
\ and Phrack Inc. ) \
\ \
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
About 3 or four years ago, a real good friend of mine was teaching a ML
Programming course for the Apple 2 series. I, being a good friend and
quite bored, asked him about cracking Apple games. He told me that he
had spent the last summer cracking programs. He showed me a method
that he came up with entirely on his own, boot tracing. Little did he know
that this was already quite popular but he developed his own method for
doing it which from reading other files about it, is the simplest I've ever
seen. (To give you an idea, I had SN0GGLE (I've never played the game
but a friend had it on disk.) completely loaded into memory ready to be
dumped in about 12 minutes.) Ok, first of all, ALL programs can be boot
traced. The only thing is that some may not be easily converted into files.
The only programs that you should try if you aren't real good at ML, are
ones that load completely into memory. Also to do this you will need a
cassette recorder. (don't worry the program we will save won't take too
long to save, and if all goes well it will only be saved loaded once.) I hate
learning the theory behind anything so I'm not gonna give any theory
behind this. If you want the theory, read some other phile that does this
the hard way.
First make sure your cassette recoder works by BLOADing some
program and typing:
CALL 151
AA60.AA73
You'll see something that looks like this:
AA60 30 02 xx xx xx xx xx xx
AA68 xx xx xx xx xx xx xx xx
AA70 xx xx 00 08
or whatever...The 30 02 is the length ($0230 bytes). The 00 08 is the
starting address ($0800). Oh well, now you need to try and save the
program. Type: 800.A2FW (A2F=$800+$230 1)
1000<800.A2FM
800:00 N 801<800.A2FM
800.A2FR
1000<800.A2FV
Once you are sure that the cassette works, (by the way do be stupid and
try that on a //c!) we can get to the good stuff...
First move the ROM boot up code into RAM...(all steps will be from the
monitor * prompt.)
8600<C600.C6FFM
86F9:5C FF
(Now load in step 1 of the boot.)
8600G
C0E8 (turn the drive off)
(Now you have successfully loaded in track 0 sector 0) Now since we
won't want to overwrite what we've loaded in this time, Type:
8500<800.8FFM
86F9:01 85
8501L
Lets see what you've gotten...
First see if they move this part into the keyboard buffer. (A lot of programs
do this and the boot trace files that I've read don't even deal with this.)
LDX 00
LDA 800,X
STA 200,X
INX
BNE $803
JMP $211 (or any $2xx)
(sometimes done with Y's instead of X's.)
Then the next part will scramble what's in $08xx. but we don't have to
worry about that. Anyways find that JMP $2xx and change it to 4C xx 85
leaving the xx the same. Usually this will be the next address but just to be
safe... Ok, now scan the code for any other JMP's if you find one that's
direct (indirect ones have the address in parenthesis) change it to 4C 5C
FF, but write down the location that it used to jump to first so you know
where to look. It'll probably be 301 or B700. If it's the B700, you got lucky.
If it's the 301 then you've got some more work ahead. If it was an indirect
JMP, most likely it was JMP ($003E). No if you change that to 4C 5C FF
then check 3E from monitor you'll find that 3E is 00 and 3F is 3E...Monitor
uses that place in zero page for its current memory location. So what you
need to do is 8400:A5 3F 00 20 DA FD A5 3E 20 DA FD 4C 5C FF
then change that indirect jump to
85xx:4C 00 84
(by the way if the indirect jump is anything other than 3E then most likely
you can can just look at it from monitor if not write a little routine like the
one above to print out the address hidden. (Oh, check the location after
the next run. For now change it to 4C 5C FF.))
Anyways this little game will probably go on no longer than 2 or 3 loads,
each time just move the newly loaded part to another part of memory and
change the jump to jump to monitor (4C 5C FF) and the jump from the part
before it to go to the moved code.
When you find the part that JMP's up to a high area of memory (usually
$B700) you're almost done. The exit routine of the will most likely be the
start of the program. Once you intercept it there, all you have to do now is
save it to cassette and re load DOS. The starting address for saving
should be the address that the B700 routine exits through. If this is higher
than $6000 then start saving at $2000 to get the Hi Res pictures. Using
WXYZ as your starting address type:
WXYZ.9CFFW (This will have the main program.)
800.WXYZW (Save this are in case there is something needed down here
we don't have to start over from scratch.)
Ok now reboot:
C600G (with a DOS disk in the drive!)
CALL 151
WXYZ.9CFFR
Bsave PROGRAM,A$WXYZ,L$(Whatever 9CFF WXYZ+1 is)
If the it gives you an error the file is too big. A quick DOS patch to fix that
is:
A964:FF
and try again.
Now that the program is saved, try and run it. (It's a good idea to take the
disk out of the drive, there's no telling what the program might try and do if
it sees that DOS is loaded in.)
WXYZG
(If it works, just to make sure that it's a good crack, power down the
system and try and BRUN it after a cold boot.)
If your saved the pictures with the program, most likely, it won't run. You
need to add a JMP at 1FFD to JMP to the main program. Then re BSAVE
it with a starting address of A$1FFD, and add 3 to the length. If the
program tries to go to the drive while its running, I'd suggest giving up
unless you really understand non DOS disk usage. (but if you did you
probably wouldn't be reading this.) If you get a break at an address less
than $2000 then you need to load in the second program that you saved to
cassette. Put a jump in at $800 to the main program and save the whole
damn thing. If it still don't work you're gonna need to really get fancy.
Now that you've got the thing running, it's time to figure out what is used
and what is just wasted memory. This is where I really can't help you but
just make sure that you keep a working copy and before every test power
down the machine to clear anything that might be remaining.
Have phun and good luck.....
________________
\Cheap/ \Shades/
\___/ \____/
2600 CLUB!
Be sure and get a copy of PHRACK INC., available on finer BBS/AE's
everywhere.
THE PHONE PHREAK'S FRY-UM GUIDE
_ _
| \/ |
|_||_|etal/ /hop
______
/______
(314)432 0756
24 Hours A Day, 300/1200 Baud
Presents...
==Phrack Inc.==
Volume One, Issue One, Phile 4 of 8
THE PHONE PHREAK'S FRY UM GUIDE
COMPILED BY THE IRON SOLDIER
WITH HELP FROM DR. DOVE
NOTE: THIS GUIDE IS STILL BEING COMPILED, AND AS PHONE
PHREAKS LEARN MORE IN THE ART OF VENGENCE IT WILL
ALWAYS EXPAND.
"Vengence is mine", says the Phreak.
METHOD 1 PHONE LINE PHUN
Call up the business office. It should be listed at the front of the white
pages. Say you wanted to diconnect Scott Korman's line. DIAL
800 xxx xxxx. "Hello, this is Mr. Korman, I'm moving to California and would
like to have my phone service disconnected. I'm at the airport now. I'm
calling from a payphone, my number is [414] 445 5005. You can send my
final bill to :(somewhere in California. Thank you."
METHOD 2 PHONE BOOKS
Call up the business office from a pay phone. Say "Hello, I'd like to order a
Phone Book for Upper Volta (or any out of the way area with Direct
Dialing). This is Scott Korman, ship to 3119 N. 44th St. Milwaukee, WI
53216. Yes, I under stand it will cost $xx($25 $75!!). Thank you."
METHOD 3 PHONE CALLS
Call up a PBX, enter the code and get an outside line. Then dial 0+ the
number desired to call. You will hear a bonk and then an operator. Say,
"I'd like to charge this to my home phone at 414 445 5005. Thank you." A
friend and I did this to a loser, I called him at 1:00 AM and we left the fone
off the hook all night. I calculated that it cost him $168.
METHOD 4 MISC SERVICES
Call up the business office once again from a payfone. Say you'd like call
waiting, forwarding, 3 way, etc. Once again you are the famed loser Scott
Korman. He pays you laugh. You don't know how funny it was talking to
him, and wondering what those clicks he kept hearing were.
METHOD 5 CHANGED & UNPUB
Do the same as in 4, but say you'd like to change and unlist your (Scott's)
number. Anyone calling him will get:
"BEW BEW BEEP. The number you have reached, 445 5005, has been
changed to a non published number. No further....."
METHOD 6 FORWRDING
This required an accomplise or two or three. Around Christmas time, go to
Toys 'R' Us. Get everyone at the customer service or manager's desk
away ("Hey, could you help me"). then you get on their phone and dial
(usually dial 9 first) and the business office again. This time, say you are
from Toys 'R' Us, and you'd like to add call forwarding to 445 5005. Scott
will get 100 600 calls a day!!!
METHOD 7 RUSSIAN CALLER
Call a payphone at 10:00 PM. Say to the operator that you'd like to book
a call to Russia. Say you are calling from a payphone, and your number is
that of the loser to fry (e.g. 445 5005). She will say that she'll have to call
ya back in 5 hours, and you ok that. Meanwhile the loser (e.g.) Scott, will
get a call at 3:00 AM from an operator saying that the call he booked to
Russia is ready.
IF YOU HAVE ANY QUESTIONS LEAVE E MAIL FOR ME ON ANY
BOARD I'M ON. The Iron Soldier
TSF The Second Foundation!
Using MCI Calling Cards
_ _
| \/ |
|_||_|etal/ /hop
______
/______
(314)432 0756
24 Hours A Day, 300/1200 Baud
Presents...
==Phrack Inc.==
Volume One, Issue One, Phile 5 of 8
Using MCI Calling Cards
by
Knight Lightning
of the
2600 Club!
How to dial international calls on MCI:
"Its easy to use MCI for international calling."
1. Dial your MCI access number and authorization code (code = 14 digit
number, however the first 10 digits are the card holders
NPA+PRE+SUFF).2. Dial 011
3. Dial the country code
4. Dial the city code and the PRE+SUFF that you want.
Countries served by MCI:
Country code|Country code
|
Algeria............................213 |New Zealand........................64
Argentina..........................54 |Northern Ireland...................44
Australia..........................61 |Oman...............................968
Belgium............................32 |Papua New Guinea...................675
Brazil.............................55 |Qatar..............................974
Canada..................Use Area Codes |Saudi Arabia.......................966
Cyprus.............................357 |Scotland...........................44
Denmark............................45 |Senegal............................221
Egypt..............................20 |South Africa.......................27
England............................44 |Sri Lanka..........................94 German
Democratic Republic |Sweden.............................46 (East
Germany).....................37 |Taiwan.............................886
Greece.............................30 |Tanzania...........................255
Jordan.............................962 |Tunisa.............................216
Kenya..............................254 |United Arab Emirates...............971
Kuwait.............................965 |Wales..............................44
Malawi.............................265 |
========================================
Thats 33 countries in all. To get the extender for these calls dial 950 1022
or 1 800 624 1022.
For local calling:
1. Dial 950 1022 or 1 800 624 1022
2. Wait for tone
3. Dial "0", the area code, the phone number, and the 14 digit authorization
code. You will hear 2 more tones that let you know you are connected.
Knight Lightning > The 2600 Club!
========================================
How to Pick Master Locks
_ _
| \/ |
|_||_|etal/ /hop
______
/______
(314)432 0756
24 Hours A Day, 300/1200 Baud
Presents...
==Phrack Inc.==
Volume One, Issue One, Phile 6 of 8
How to Pick Master Locks By Gin Fizz & Ninja NYC
Have you ever tried to impress your friends by picking one of those Master
combination locks and failed? Well then read on. The Master lock
company has made this kind of lock with a protection scheme. If you pull
the handle of it hard, the knob won't turn. That was their biggest
mistake...... Ok, now on to it.
1st number. Get out any of the Master locks so you know what's going on.
1: The handle part (the part that springs open when you get the
combination), pull on it, but not enough so that the knob won't move. 2:
While pulling on it turn the knob to the left until it won't move any more.
Then add 5 to this number. Congradulations, you now have the 1st
number.
2nd number. (a lot tougher) Ok, spin the dial around a couple of times,
then go to the 1st number you got, then turn it to the right, bypassing the
1st number once. WHEN you have bypassed. Start pulling the handle and
turning it. It will eventually fall into the groove and lock. While in the groove
pull on it and turn the knob. If it is loose go to the next groove; if it's stiff
you got the second number.
3rd number: After getting the 2nd, spin the dial, then enter the 2 numbers,
then after the 2nd, go to the right and at all the numbers pull on it. The lock
will eventually open if you did it right. If can't do it the first time, be patient,
it takes time.
Have phun...
Gin Fizz/2600 Club!/TPM
Ninja NYC/TPM
Acetylene Balloon Bomb
_ _
| \/ |
|_||_|etal/ /hop
______
/______
(314)432 0756
24 Hours A Day, 300/1200 Baud
Presents...
==Phrack Inc.==
Volume One, Issue One, Phile 7 of 8
.
! ///////
! //
! // h e C l a s h m a s t e r ' s !
! .=======================
! < A C E T Y L E N E > ! ! < >B A L L O O N< > ! ! < >B O M B<
> !
! `========================
! Written exclusively for... ! ! The Phrack Inc. ! ! 2600 Club ! ! Newsletter
11/01/85!
`
Imagine this. A great, inflated, green garbage bag slowly wafting down
from a tall building. It gains some speed as it nears the ground. People
look up and say, "What the....?" The garbage bag hits! *BOOM!!!* It
explodes in a thundering fireball of green bits of plastic and flame! "What is
this?" you may ask. Well, this is the great "Acetylene Balloon Bomb." And
here is how to make it.
Ingredients:
============
(1> For a small bomb: a plastic bag. Not too big. For something big(ger):
a green, plastic garbage bag.
(2> Some "Fun Snaps". A dozen should be more than enough.
(3> Some garbage bag twisties. String would also do.
(4> A few rocks. Not too heavy, but depends on size of bomb and desired
velocity of balloon/bomb.
(5> PRIME INGREDIENT: Acetylene. This is what is used in acetylene
torches. More on this substance later.
(6> One or more eager Anarchists.
NOTES:
======
Acetylene is a fairly dangerous substance. It is unstable upon contact with
oxygen (air). For this reason, and for your safety, I recommend you keep
all of the acetylene AWAY from any source of oxygen. This means don't
let it get in touch with air.
Construction:
=============
(1> Fill up a bathtub with cold water. Make it VERY full. (2> Now get put
you garbage bag in the water and fill it with water. Make sure ALL
air/oxygen is out of the bag before proceeding.
(3> Now take your acetylene source (I used it straight from the torch, and
I recommend this way also.), and fill the bag up with acetylene.
(4> Now, being careful with the acetylene, take the bag out of the tub and
tie the opening shut with the twisty or string. Let the balloon dry off now.
(Put it in a safe place.)
(5> Okay. Now that it is dry and filled with acetlene, open it up and drop a
few rocks in there. Also add some Fun Snaps. The rocks will carry the
balloon down, and the Fun Snaps will spark upon impact, thus setting off
the highly inflammable acetylene. *BABOOM!*
(6> Now put the twisty or string back on VERY tightly. You now have a
delicate but powerful balloon bomb.
To use:
=======
Just drop off of a cliff, airplane, building, or whatever. It will hit the ground
a explode in a fireball. Be careful you are not near the explosion site. And
be careful you are not directly above the blast or the fireball may rise and
give you a few nasty burns.
Have fun!
But be careful...
NOTE: I, The Clashmaster, am in NO WAY responsible for the use =====
of this information in any way. This is for purely informational purposes
only!
This has been a 2600 Club production.
=*Clash*=2600 Club
Schools and University Numbers
_ _ _______
| \/ | / _____/
|_||_|etal/ /hop _________/ / /__________/ (314)432 0756 24 Hours A
Day, 300/1200 Baud
Presents...
==Phrack Inc.== Volume One, Issue One, Phile 8 of 8
Schools and University Numbers
``````````````````````````````
Harvard University 617 732 1251 Yale 203 436 2111 District 214
312 398 8170 Chicago Board of Education 312 254 1919 Spence Schools
212 369 5114 University of Texas 214 688 1400 University of Missouri
314 341 2776 314 341 2910 (1200) 314 341 2141 Cal Tech
213 687 4662 University of Nevada 402 472 5065 Princeton University
609 452 6736 Stony Brook University 516 246 9000 Depaul 312 939 8388
University of San Diego 619 452 6792 RPI School 518 220 6603 William
State University 313 577 0260 Harvard 617 732 1802 Stockton
209 944 4523 Northwestern 312 492 3094 Circle Campus 312 996 5100
312 996 6320 University of Mexico 505 588 3351 University of Florida
904 644 2261 Queens College 212 520 7719 University of Denver
303 753 2737 303 753 2733 University of Syracuse 315 423 1313
University of Illinois 312 996 5100 University of Virginia 703 328 8086 MIT
Research 1 800 545 0085 St.Louis Community College 314 645 1289
SIUE 618 692 2400 618 692 2401 618 692 2402 618 692 2403
618 692 2404 618 692 2405 618 692 2406 618 692 2407 618 692 2408
Universiti 215 787 1011 Willaim 313 577 0260 University of
Florida 904 392 5533 Col & Union College 301 279 0632 Georgia State
404 568 2131 University of Mass. 413 545 1600 Purdue 317 494 1900
Northwestern 312 492 7110 University of New Mexico 505 227 3351
University of Texas 214 688 1400 Temple University 215 787 1010 Melville
High School 516 751 6806 UCSD 619 452 6900 Oakland Schools
313 857 9500 University of Maryland 301 454 6111 California St. Fulerton
714 773 3111 N.Y.U. 212 777 7600 University of San Diego 619 293 4510
University of Colorado 303 447 2540 University of Colorado 303 447 2538
MIT Research 617 258 6001 Dartmouth College 603 643 63q0 Spence
School 212 369 5114 University of Washington 206 543 9713 University of
Washington 206 543 9714 University of Washington 206 543 9715
University of Washington 206 543 9716 University of Washington
206 543 9717 University of NC 919 549 0881 Harvard Law,Busi,Med Sch.
617 732 1251 Virginia University 703 328 8086 WVU 304 293 2921 thru
304 293 2939 WVU 304 293 4300 thru 304 293 4309
WVU(1200)304 293 4701 thru 304 293 4708 WVU(1200)304 293 5591
thru 304 293 5594 WVU(134.5 bps) 304 293 3601 WVU(134.5 bps)
304 293 3602 Lake Wash. School 206 828 3499 University of San Diego
619 452 6792 RPL School 518 220 6603 Another School 212 369 5114
Harvard 617 732 1251 Harvard 617 732 1802 William State University
313 577 0260 Florida University 904 644 2261 Wayne State
313 577 0260 U of F 904 644 2261 High School 513 644 3840
```````````````````````````````````````
File provided by the Alliance 6 1 8 6 6 7 3 8 2 5 7 p m 7 a m
Uploaded by Phantom Phreaker2
Phrack Inc. Index by Taran King
Prevention of the Billing Office Blues by Forest Ranger
Homemade Guns by Man-Tooth
Blowguns by The Pyro
Tac Dialups taken from Arpanet by Phantom Phreaker
Universal Informational Services via ISDN by Taran King
MCI Overview by Knight Lightning
Hacking RSTS by Data Line
Phreak World News by Knight Lightning
Phrack Inc. Index
==Phrack Inc.==
Volume One, Issue Two, Phile 1 of 9
Phrack Index
~~~~~~
This issue of Phrack Inc. is rather lengthy file wise compared to issue one.
Phrack Inc. can be found on the following boards regularly:
Broadway Show 718 615 0580 Newsweek Elite 617 341 2535 Kleptic
Palace AE/Catfur 314 527 5551 Metal Shop Private Request only Metal
Shop AE Request only
...as well as many other BBS's and AE's around the country. Be on the
lookout for issue three. If you wish to submit an article, get in touch with
any member of Metal Shop Private and have a message transmitted to
me. Later on.
TARAN KING
This issue of Phrack Inc. includes the following philes:
1 Phrack Inc. Index Taran King
2 Prevention of the Billing Office Blues Forest Ranger 3 Homemade
Guns Man Tooth
4 Blowguns The Pyro
5 Tac Dialups taken from Arpanet Phantom Phreak 6 Universal
Informational Services via ISDN Taran King 7 MCI Overview Knight
Lightning
8 Hacking RSTS Data Line
9 Phreak World News Knight Lightning
Prevention of the Billing Office Blues
==Phrack Inc.==
Volume One, Issue Two, Phile 2 of 9
Prevention of the Billing Office Blues Editorial: Forest Ranger
In an earlier article there were ways explained on bullshiting the Billing
Office at Bell. By doing so one could disconnect a persons line, add call
forwarding, call waiting, threeway calling, speed calling, or other options
that might be available through Bell. Well, this can be very disturbing and
cause many problems so lets see how this can be prevented. First off, it
would be a very good idea to call the Billing office for your exchange and
ask that all inquires made on the your line be verified with you. Is what
happens now is that Bell marks down in your file that if you decide that you
would like a certain Bell option added to your line; they will call and check
it out with you or the person that pays the phone bill. So if someone tries
to add something onto your line you will be notified before hand. This has
two advantages, one you will prevent any occurences on your line, two
you will know that someone is attempting to mess around with your phone
line. But, in the end you will come out on top because you took the time to
listen. And as Smokey the Bear says, "Don't Shit in the woods I LIVE
HERE!".
Homemade Guns
==Phrack Inc.==
Volume One, Issue Two, Phile 3 of 9
::::::::::::::::::::
::::::::::::::::::::
@@@@ ] Man Tooth [ @@@@
@@@@ presents... @@@@
@@@@::::::::::::::::
@@@@ HOMEMADE GUNS @@@@
@@@@::::::::::::::::
@@@@ from @@@@
@@@@ "The Poor Man's James Bond" @@@@
@@@@ by Kurt Saxon @@@@
::::::::::::::::::::
::::::::::::::::::::
PIPE OR "ZIP" GUNS
Commonly known as "zip" guns, guns made from pipe have been used for
years by juvenile punks. Today's Militants make them just for the hell of it
or to shoot once in an assassination or riot and throw away if there is any
danger of apprehension.
They can be used many times but with some, a length of dowel is needed
to force out the spent shell.
There are many variations but the illustration shows the basic design.
First, a wooden stock is made and a groove is cut for the barrel to rest in.
The barrel is then taped securely to the stock with a good, strong tape.
The trigger is made from galvanized tin. A slot is punched in the trigger
flap to hold a roofing, which is wired or soldered onto the flap. The trigger
is bent and nailed to the stock on both sides.
The pipe is a short length of one quarter inch steel gas or water pipe with
a bore that fits in a cartridge, yet keeps the cartridge rim from passing
through the pipe.
The cartridge is put in the pipe and the cap, with a hole bored through it, is
screwed on. Then the trigger is slowly released to let the nail pass through
the hole and rest on the primer.
To fire, the trigger is pulled back with the left hand and held back with the
thumb of the right hand. The gun is then aimed and the thumb releases the
trigger and the thing actually fires.
Pipes of different lengths and diameters are found in any hardware store.
All caliber bullets, from the .22 to the .45 are used in such guns.
Some zip guns are made from two or three pipes nested within each
other. For instance, a .22 shell will fit snugly into a length of a car's copper
gas line. Unfortunatey, the copper is too weak to withstand the pressure
of the firing. So the length of gas line is spread with glue and pushed into a
wider length of pipe. This is spread with glue and pushed into a length of
steel pipe with threads and a cap.
Using this method, you can accomodate any cartridge, even a rifle shell.
The first size of pipe for a rifle shell accomodates the bullet. The second
accomodates its wider powder chamber.
A 12 gauge shotgun can be made from a 3/4 inch steel pipe. If you want
to comply with the gun laws, the barrel should be at least eighteen inches
long.
Its firing mechanism is the same as that for the pistol. It naturally has a
longer stock and its handle is lengthened into a rifle butt. Also, a small nail
is driven half way into each side of the stock about four inches in the front
of the trigger. The rubber band is put over one nail and brought around the
trigger and snagged over the other nail.
In case you actually make a zip gun, you should test it before firing it by
hand. This is done by first tying the gun to a tree or post, pointed to where
it will do no damage. Then a string is tied to the trigger and you go off
several yards. The string is then pulled back and let go. If the barrel does
not blow up, the gun is safe to fire by hand.
You should not attempt to register such a gun.
Pipe Cap
/
/ Bullet Tape Pipe
/ /
v / / \ /
! ! / v v v
Nail \ / / ! v ! ! ! !
v ! ! ! ! !
// > ![][]\
^ ! ! \ ![][]/
Wire/ ! ! \ ! ! ! ! !
Trigger > ! ! ! ! ! ! ! ! :
/! ! /
/ ::::::::::::::::::
! ! ! / Rubber
/ / band
! !
! /
! !
! !
! !
! !
Z I P G U N
Nail
/ \ o! \
! O O O ! ! !
\ ! ! /
! !
Trigger before bending / > !! !! < \
Place !! !! Nail
nail hole
here
Trigger
Blowguns
==Phrack Inc.==
Volume One, Issue Two, Phile 4 of 9
+
! How To Make Blow Darts !
!
! Written by The Pyro !
!
!
+
Blow darts are easy to make and all the materials can be found in your
own home. These darts can travel a long distance with good penetration if
constructed correctly.
Materials needed:
A small piece of wood
A sewing machine needle
A spool of thread
A couple nails
Hammer
Glue
Scissors
Hammer the two nails about two inches apart on the board. Wrap the
thread tightly around the two nails. The number of times the thread is
wrapped around the nails will determine the amount of weight and stability
the dart has. Once you have decided you have wrapped enough thread,
cut it close to the nail at around a half inch. Take this small tuft of thread
and put a dab of glue on the folded end. The kind of glue you use is very
important. I suggest that you use a tacky kind of glue (nothing runny, like
Elmer's glue). Attach this to the needle and hold until it is dry.
Another kind of dart can be made with Q tips. This kind of dart doesn't
work as well as the first one, but it is sometimes easier to make. first you
have to get the kind of Q tips that have a plastic stem. Cut the Q tip close
to one end. Insert the sewing needle into the Q tip and secure it by melting
the plastic slightly with a lighter. This kind of dart doesn't last long because
the cotton come off easily.
Blow Guns:
Ordinary straws make an excellent blow gun with this kind of dart. Another
kind can be made with a cheap pen by taking apart the pen and using the
shell. Any long, cylindrical, object with the diameter of a straw will work
very well.
T h e A l l i a n c e
618 667 3825
7pm. to 7am.
(>
========================================
Received: (from UNKNOWN@HACKERVILLE for HATCHET@VALHALLA
via XTC) (UNKNOWN 0481; 185 LINES); Tun, 07 Oct 88 21:12:54 CDT
Date: Tun, 07 Oct 88 21:12 CDT
To: HATCHET
From: UNKNOWN@HACKERVILLE
Comment: converted from FBICIADATA format at 666
Tac Dialups taken from Arpanet
==Phrack Inc.==
Volume One, Issue Two, Phile 5 of 9
Updated from November 26, 1985 Tac Dialups taken from Arpanet
by Phantom Phreaker
TAC DIALUPS SORTED BY LOCATION 26 NOV 85
State/Country 300 Baud 1200 Baud 1200 Type

ALABAMA
Anniston Army Depot [M]
(ANNIS MIL TAC) (205) 235 6285 (R4) (205) 235 7650 B/V (205)
237 5731 (R8) (205) 237 5731 (R8) B/V (205) 237 5770 (R8) (205)
237 5779 (R8) B/V (205) 237 5805 (R8) (205) 237 5805 (R8) B/V
*Please note: When accessing the Anniston TAC you must first enter a
<RETURN>, then enter DDN <RETURN>. After you receive CLASS DDN
START, proceed as normal.
Gunter AFS [M]
(GUNTER TAC) (205) 279 3576
(205) 279 4682
Redstone Arsenal [M]
(MICOM TAC) [none known]
ARIZONA
Ft. Huachuca [M]
(HUAC MIL TAC) [none known]
Yuma [M]
(YUMA TAC) (602) 328 2186 (602) 328 2186 B/V (602) 328 2187 (602)
328 2187 B/V (602) 328 2188 (602) 328 2188 B/V
CALIFORNIA (NORTHERN)
Alameda [M]
(ALAMEDA MIL TAC) [none known]
Menlo Park [M]
(SRI MIL TAC) (415) 327 5440 (R3) (415) 327 5440 (R3) B
(USGS3 TAC) [M] [no dialups]
Moffett Field [M]
(AMES TAC) [no dialups; contact NSC for access] William Jones (415)
694 6482
(FTS) 494 6482
(AV) 359 6482
Monterey [M]
(NPS TAC) [none known]
Sacsamento [M]
(MCCLELLAN1 MIL TAC) [none known]
(MCCLELLAN2 MIL TAC) [none known]
Stanford [A]
(SU TAC) (415) 327 5220
CALIFORNIA (SOUTHERN)
China Lake [M]
(NWC TAC) [none known]
Edwards AFB [M]
(EDWARD MIL TAC) [none known]
El Segundo [M]
(AFSC SD TAC) (213) 643 9204 (213) 643 9204 B/V
Los Angeles [A]
(USC TAC) (213) 749 5436
Los Angeles [A]
(USC ARPA TAC) [none known]
San Diego [M]
(ACCAT TAC) (619) 225 1641 (R4) (619) 225 6903 V (619) 225 6946
(R3)
619) 223 2148 V
(619) 226 7884 (R2)
Santa Monica
(RAND ARPA TAC) [A]
(213) 393 9230
(213) 393 9237
(213) 393 9238
(213) 393 9239
(RAND2 MIL TAC) [M] [none known]
COLORADO
Denver Fed Ctr [M]
(USGS2 TAC) (303) 232 0206 (303) 232 0206 B/V
Lowry Air Force Base [M]
(LOWRY MIL TAC) [none known]
D.C.
Washington
[Andrews AFB] [M]
(AFSC HQ TAC) (301) 967 7930 (R16) (301) 967 7930 (R16) B (301)
736 2990 (R4) (301) 736 2990 (R4) B (301) 736 2998 (R2) (301)
736 2998 (R2) B
(PENTAGON TAC) (202) 553 0229 (R14) (202) 553 0229 (R14) B
FLORIDA
Eglin AFB [M]
(AFSC AD TAC) (904) 882 8202 (904) 882 8202 B/V (904) 882 8201
(904) 882 8201 V
MacDill AFB [M]
(MACDILL MIL TAC) [none known]
Naval Air Station Jacksonville [M]
(JAX1 MIL TAC) [none known]
Naval Air Station Orlando [M]
(ORLANDO MIL TAC) [none known]
GEORGIA
Robins AFB [M]
(ROBINS TAC) (912) 926 2725 (912) 926 2725 B/V (912) 926 2726
(912) 926 3231
(912) 926 3232(912) 926 2204 (912) 926 2204 B/V HAWAII
Camp H.M. Smith [M]
(HAWAII2 TAC) (808) 487 5545 (808) 487 5545 B
ILLINOIS
Scott AFB [M]
(SCOTT TAC) [none known]
(SCOTT2 MIL TAC) [none known]
KANSAS
Ft. Leavenworth [M]
(LVN MIL TAC) (913) 651 7041 (R8) (913) 651 7041 (R8) B
LOUISIANA
Navy Regional Data Automation Center [M]
(NORL MIL TAC) (504) 944 7940 (504) 944 7940 B (504) 944 7948 (R2)
(504) 944 7948 (R2) B (504) 944 7951 (R5) (504) 944 7951 (R5) B (504)
944 8702 (R8) (504) 944 8702 (R8) B
MARYLAND
Aberdeen Proving Ground [M]
(BRL TAC) (301) 278 6916 (R4) (301) 278 6916 (R4) B/V
Bethesda [M]
(DAVID TAC) (202) 227 3526 (R16) (202) 227 3526 (R16) B/V
Patuxent River [M]
(PAX RV TAC) (301) 863 4815 (301) 863 4815 B/V (301) 863 4816 (301)
863 4816 B/V (301) 863 5750 (R6) (301) 863 5750 (R6) B/V
Silver Spring [M]
(WHITEOAK MIL TAC) (301) 572 5960 (R10) (301) 572 5960 (R10) B
(301) 572 5970 (R10) (301) 572 5970 (R10) B
MASSACHUSETTS
Hanscom AFB [M]
(AFGL TAC) (617) 861 3000 (R8) (617) 861 3000 (R8) B (617) 861 4965
(R8) (617) 861 4965 (R8)
Cambridge
(BBN MIL TAC) [M] [none known]
(BBN ARPA TAC) [A] [no dialup capability]
(CCA ARP TAC) [A] [none known]
(MIT TAC) [A]
(617) 491 5669 (617) 258 6224 V (617) 491 5708 (617) 258 6225 V (617)
491 5734 (617) 258 6227 V (617) 491 5819 (617) 258 6248 V (617)
491 5826 (617) 491 5841 (617) 491 5849 (617) 491 6769 (617) 491 6772
(617) 491 6937 (617) 258 6241 (617) 258 6242 (617) 258 6243
MICHIGAN
U.S. Army Tank Automotive Command (TACOM) Warren [M]
(TACOM TAC) [none known]
MISSOURI
St. Louis [M]
(STLA TAC) [none known]
NEBRASKA
Offutt AFB [M]
(SAC1 MIL TAC) [none known]
(SAC2 MIL TAC) (402) 292 4638 (R10) (402) 292 4638 (R10) B
(SAC ARPA TAC) [A]
(402) 294 2398 (402) 294 2398 B (402) 291 2018 (402) 291 2018 B (402)
292 7054 (402) 292 7054 B
NEW JERSEY
Dover [M]
(ARDC TAC) (201) 724 6731 (201) 724 6731 B/V (201) 724 6732 (201)
724 6732 B/V (201) 724 6733 (201) 724 6733 B/V (201) 724 6734 (201)
724 6734 B/V
Fort Monmouth [M]
(FTMONMOUTH1 MIL TAC) (201) 544 2052 (201) 544 2052 B/V (201)
544 2062 (201) 544 2062 B/V (201) 544 2072 (201) 544 2072 B/V (201)
544 2396 (201) 544 2396 B/V (201) 544 2430 (201) 544 2430 B/V
(FTMONMOUTH2 MIL TAC) (201) 544 4254 (R3) (201) 544 2430 B
201) 544 2636 B
201) 544 2638 B
(201) 544 2777 B
NEW MEXICO
Albuquerque [M]
(AFWL TAC) [none known]
White Sands [M]
(WSMR TAC) [no dialups; contact NSC for access] Claude (Skeet)
Steffey (505) 678 1271
FTS) 898 1271
AV) 258 1271
NEW YORK
Griffiss AFB
(RADC ARPA TAC) [A] [no dialup capability]
(RADC TAC) [M]
(315) 339 4913 (R5) (315) 337 2004 (315) 337 2004 B/V (315) 337 2005
(315) 337 2005 B/V
(315) 330 2294 (315) 330 2294 (FTS) 952 B/V
(315) 330 3587 (315) 330 3587 (FTS) 952 B/V
NORTH CAROLINA
Ft. Bragg [A]
(BRAGG ARPA TAC) (919) 396 1131 (R10) (919) 396 1426 (R5) B/V
919) 396 1491 (R8) B/V
Ft. Bragg [M]
(BRAGG MIL TAC) [none known]
OHIO
Wright Patterson AFB [M]
(WPAFB TAC) (513) 258 4218
(513) 258 4219
(513) 258 4987
(513) 258 4988
(513) 258 4989
(513) 258 4990
(WPAFB2 MIL TAC) (513) 257 2172 (R8) (513) 257 2172 (R8) B (513)
257 2690 (R8) (513) 257 2690 (R8) B (513) 257 3625 (R8) (513)
257 3625 (R8) B
OKLAHOMA
Tinker AFB [M]
(TINKER MIL TAC) [none known]
PENNSYLVANIA
New Cumberland Army Depot [M]
(NCAD MIL TAC) [none known]
(NCAD2 MIL TAC) [none known]
TEXAS
Brooks AFB [M]
(BROOKS AFB TAC) (512) 536 3081 (R6) (512) 536 3081 (R6) B/V
Richardson [A]
(COLLINS TAC) (214) 235 2131 (214) 235 2131 B (214) 235 2143 (214)
235 2143 B (214) 235 2178 (214) 235 2178 B (214) 235 2204 (214)
235 2204 B (214) 235 2251 (214) 235 2251 B (214) 235 2278 (214)
235 2278 B
UTAH
Dugway Proving Ground [M]
(DUGWAY MIL TAC) [none known]
Salt Lake City (University of Utah) [A]
(UTAH TAC) (801) 581 3486 (801) 581 3486 B/V
VIRGINIA
Alexandria [M]
(DARCOM TAC) (202) 274 5300 (202) 274 5300 B (202) 274 5320 (R6)
(202) 274 5320 (R6) B
Arlington
(ARPA1 MIL TAC) [M] [none known]
(ARPA2 MIL TAC) [M] [none known]
(ARPA3 TAC) [A] [no dialup capability]
Dahlgren [M]
(NSWC TAC) (703) 663 2162 (R8) (703) 663 2162 (R8) B
Langley Air Force Base [M]
(LANGLEY MIL TAC) [none known]
McLean [M]
(DDN PMO MIL TAC) [none known]
(MITRE TAC) [M]
(703) 442 8020 (R15) (703) 893 0330 (R10) (703) 893 0330 (R10) B/V
Norfolk [M]
(NORFOLK MILTAC) (804) 423 0241 (R2) (804) 423 0241 (R2) B (804)
423 0247 (R2) (804) 423 0247 (R2) B (804) 423 0346 (R4) (804)
423 0346 (R4) B (804) 423 0480 (804) 423 0480 B (804) 423 0486 (R2)
(804) 423 0486 (R2) B (804) 423 0489 (804) 423 0489 B (804) 423 0570
(804) 423 0570 B (804) 423 0572 (R2) (804) 423 0572 (R2) B (804)
423 0577 (R2) (804) 423 0577 (R2) B (804) 423 0651 (804) 423 0651 B
(804) 423 0654 (R3) (804) 423 0654 (R3) B (804) 423 0841 (R2) (804)
423 0841 (R2) B (804) 423 0845 (804) 423 0845 B (804) 423 0849 (804)
423 0849 B (804) 423 0858 (804) 423 0858 B (804) 423 0950 (804)
423 0950 B (804) 423 0952 (804) 423 0952 B (804) 423 0955 (R3) (804)
423 0955 (R3) B (804) 423 0959 (804) 423 0959 B
Reston
(DCEC ARPA TAC) [A] [no dialups available]
(DCEC MIL TAC) [M]
(703) 437 2892 (R5) (703) 437 2928 B (703) 437 2925 (703) 437 2929 B
(703) 437 2926
(703) 437 2927
WASHINGTON
Seattle [A]
(WASHINGTON TAC) [no dialup capability]
ENGLAND [M]
(CROUGHTON MIL TAC) [none known]
GERMANY [M]
(FRANKFURT MIL TAC)
(M) 2311 5641 (R8) B
(RAMSTEIN2 MIL TAC) [none known]
ITALY [M]
(AGNANO MIL TAC)
JAPAN [M]
(BUCKNER MIL TAC)
(ZAMA MIL TAC)
KOREA [M]
(KOREA TAC) (M) 264 4951 (R8) B
PHILIPPINES [M]
(CLARK MIL TAC)
SPAIN [M]
(MILNET TJN TAC) [none known]
(ROTA MIL TAC) [none known]
Notes:
1. "(R10)" following phone number indicates a rotary with 10 lines.
2. For alternate phone numbers, FTS=Federal Telephone System. 3.
(M)=Military DoD Telephone System.
4. [M] denotes a MILNET TAC and [A] denotes an ARPANET TAC.
5. "1200 Type" refers to the modem compatibility for 1200 baud only: B/V
= Bell and Vadic
B = Bell 212A only
V = Vadic 3400 only
6. This list is contained in the file NETINFO:TAC PHONES.LIST at
SRI NIC.
Universal Informational Services via ISDN
==Phrack Inc.==
Volume One, Issue Two, Phile 6 of 9
Toward Universal Information Services Via ISDN
~~~~~~ ~~~~~~~~~ ~~~~~~~
by Taran King
From PROTO newsletter of AT&T Bell Laboratories
Phase one, the Present.
~~~~~ ~~~~ ~~~ ~~~~~~~~
The local network of today, although still largely voice oriented, is already
on the path to Universal Information Services. Lightguide fiber is
dramatically expanding the capacity of local networks, helping to lower the
costs and increase the demand for high band width, Information Age
services. And public networks are increasingly digital and geared for data
and special services. For example:
o The AT&T Network Systems 5ESS (TM <riiiight>) switch, designed by
Bell Laboratories, can serve as the hub of a local deployment of remote
modules at locations up to 100 miles from a host central office.
o The Integrated Special Services Network (ISSN) is a channel network
that provides special services, customer control options and digital private
lines rearrangeable under software control. The ISSN incorporates digital
carrier terminating equipment such as the D4 Channel Bank, D5 Digital
Terminal System and Digital Access and Cross connect System (DACS).
o The New Centrex is bringing greater levels of customer control,
improved services and a broad range of data capabilities to the business
customer.
Today's public networks consist of multiple or overlay networks. The public
switched network, or circuit network, mainly for voice, is the base
network. Two kinds of overlay networks provide special services. Channel
networks carry private lines leased by large customers and transmit much
of today's data and image traffic; they also handle traffic for network
operations support. Packet networks carry data communications, while
packet switching is used internally to public networks for common channel
signaling to set up, route and take down calls, or to give customers
information.
"Overlay networks help telecommunications companies efficiently meet
growing demand for digital transmission and special services," says Stan
Johnston, Market Planning Manager, Network Systems Evolution, in AT&T
Network Systems. "Their integration into a single network, however, would
be still more effective."
Phase two, the Integrated Services Digital Network (ISDN).
~~~~~ ~~~~ ~~~ ~~~~~~~~~~ ~~~~~
The ISDN is a concept to which AT&T is committed and it's the
foundation for Universal Information Services. The central idea of ISDN, as
AT&T Network Systems sees it, is to provide an individual user a link to
the local central office of generous band width a digital subscriber line
that can carry 144,000 bits per second (sure beats 2400 baud!). The
band width is subdivided into two 64,000 bit channels, which may carry
voice or data or both, and one 16,000 bit channel for packetized signaling
information or data transport. Such a link provides convenient "integrated"
network access by accommodating voice, data and signaling over a single
line. The ISDN will make it easier for a customer to get varied services
from public and private networks. More bandwidth for big customers will
be available through another ISDN access standard, the extended digital
subscriber line, which provides 1.5 billion bits per second as 24 channels
of 64,000 bits each.
In 1986, new software from Bell Labs will enable the 5ESS switch to
accommodate ISDN sized 144,000 bit channels that standardize and
simplify subscribers' use of local networks. AT&T is committed to future
products that will also be ISDN compatible. Other vendors, too, some of
whom already plan to build premises, terminal, and other equipment to
ISDN standards, will make ISDN a cooperative effort.
By providing integrated digital access to networks, ISDN will make
important progress toward the goal of Universal Information Services. But
overlay networks will continue to divvy up the transport job. And messages
needing less than 144,000 bits per second will not fill their allotted
bandwidth, leaving capacity underutilized.
Phase three, Universal Information Services.
~~~~~ ~~~~~~ ~~~~~~~~~ ~~~~~~~~
Rooted in the fertile ground of 5ESS switches, ISDN equipment and
technologies such as wideband packet transport, Universal Information
Services will bear fruit during the 1990s. From a single kind of network will
hang services as different as apples, oranges and pears. Just as network
access was integrated in ISDN, transport functions will increasingly be
integrated by powerful new network equipment evolved from equipment
developed for the ISDN. Where customers once got standard sized ISDN
channels, they'll get big bandwidth for large jobs, little bandwitdh for small
jobs.
MCI Overview
==Phrack Inc.==
Volume One, Issue Two, Phile 7 of 9
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@
@ _ _
@ | \/ |
@ |_||_|etal / /hop @
@ __________/
@ /___________
@ Headquarters of Phrack Newsletter @
@
@ (314) 432 0756 @
@
@ Proudly Presents @
@
@ MCI Overview @
@
@ Written on 11/16/85 @
@
@ by @
@
@ Knight Lightning & Taran King @
@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
MCI Communications Corporation, headquartered in Washington, D.C.,
provides a full range of domestic and international telecommunications
services, including voice and data, telex and cable, paging and mobile
telephone, and time sensitive message delivery.
Since its founding in 1968, MCI has grown to more than $1.6 billion in
annual sales and serves more than 1.9 million business, residential and
government customers through its four major business units:
MCI Telecommunications
MCI Airsignal
MCI International
MCI Digital Information Services
MCI TELECOMMUNICATIONS
MCI Telecommunications provides domestic interstate long distance
service throughout all 50 states, plus Puerto Rico, the U.S. Virgin Islands,
and major calling areas of Canada. It is also authorized to provide varying
degrees of intrastate long distance service in some states.MCIT also is the first long distance carrier other than AT&T to offer direct
dial service overseas. International telephone service is available to all
residential and commercial customers (with the exception of Private Line
customers). In October, 1984 the first international service agreements
were announced with the following countries: Argentina, Belgium, Brazil,
East Germany, Greece, United Arab Emirates, and the United Kingdom.
Total capital investment in MCI's long distance network is approximately
$2 billion. MCI's network, the second largest in the U.S., employs
microwave optical fiber, satellite and various digital transmission
technologies.
Subscribers Domestic Long Distance (as of 10/84)

Residential 1.4 million
Commercial .3 million
Total 1.7 million
Operations (as of 10/84)
Network Miles 20,543
(microwave, optical fiber, satellite)
Circuits 238,000
Employees 9,500 (full time, approx.)
MCI AIRSIGNAL
MCI Airsignal provides personal message delivery and car telephone
services. MCI Message Service is offered in more than 50 metropolitan
areas. In 1984, service will commence in New York City,
Baltimore Washington, Los Angeles, and Chicago. MCI car telephone
service is offered in 20 markets.
Personal Message Delivery Service
ALPHANUMERIC MESSAGE SERVICE
Displays up to 40 character message using letters and/or numbers.
Memory and recall ability. Alerts subscriber with a silent visual alert or a
soft tone.
DISPLAY MESSAGE SERVICE
Displays up to 24 digit message (e.g., phone number, stock quotes, sales
figures, coded messages). Memory and recall capability. Alerts customer
to message with a silent visual alert or a soft tone.
TONE MESSAGE SERVICE
Notifies customer of a message with a soft tone.
VOICE MESSAGE SERVICE
Receives message in actual voice of caller.
EXPRESS MESSAGE SERVICE
Receives and stores messages. Instantly alerts subscriber via pager when
a message is received.
Car Telephone Service
Enables customers to place calls to or receive calls from anywhere in the
world, 24 hours a day, as they travel in their cars. With the advent of new
cellular technology, both the quality and the accessibility of car telephone
service will vastly improve.
MCI has thus far obtained franchises to operate a new kind of mobile
phone service, cellular telephone, in Minneapolis and Pittsburgh, and has
received favorable decisions from FCC administration law judges
authorizing service in Los Angeles, Denver Boulder, and Kansas City. MCI
has applied for licenses to provide cellular service in 81 metropolitan
areas.
MCI Airsignal Branch Sales Offices
Personal Message Service/Conventional Mobile Phone Service
Birmingham (205) 942 2924
Sacramento (916) 444 2350
Memphis (901) 682 9658
Cleveland (216) 464 7311
Dallas (214) 788 5111
Fresno (209) 486 7410
Las Vegas (702) 382 7461
Denver (303) 778 7878
Portland (503) 227 2556
Philadelphia (215) 677 9845
Atlanta (404) 252 2114
West Florida (813) 875 3404 Minneapolis (612) 544 8175 Kansas City
(913) 648 8090
Miami (305) 491 0122
Pittsburgh (412) 343 1611
Houston (713) 464 2516
Bakersfield (805) 832 2346
Cellular Telephone Offices
Minneapolis St. Paul (612) 544 3312 Los Angeles (714) 527 0385
Elsewhere in California (800) 344 3455
Headquarters Washington, D.C. (202) 429 9660
MCI INTERNATIONAL
MCI International provides private line voice service to several overseas
countries, and data and message services, including telex, cablegram,
leased channel, and packet switching communications, to more than 200
overseas points. MCI has moved into two new areas of service:
International direct dial telephone service and international electronic mail
and hard copy delivery services.
International Record Services
TELEX SERVICE (domestic and international) permits instantaneous,
two way, written communications with other subscribers worldwide.
Customers can send messages at any time, even though the receiving
terminal may be unattended. MCI International offers access to its telex
service from a variety of terminals and networks; not only subscribers with
telex terminals but also those with communicating word processors, data
terminals or computers that communicate over telephone lines can take
advantage of MCI International telex service. To subscribers connected to
its own telex network, MCI International offers World Message Services a
package of communications offerings including telex, cablegram and MCI
Mail services. Various service enhancements are available to save time,
improve operating efficiency and simplify records keeping for telex users.
CABLEGRAM SERVICE, the traditional means of international written
communications, offers flexibility in delivery and economical rates for
shorter messages. Cablegrams can be delivered to virtually any overseas
point. Subscribers with telex terminals or various other types of equipment
can access and TELUS cablegram switch and take advantage of such
service enhancements as abbreviated addressing and departmental billing.
LEASED CHANNEL SERVICE provides an exclusive line between a U.S.
firm and it's overseas office for private communications 24 hours a day.
Each MCI International leased channel is tailored to meet the needs of a
specific customer for teleprinter, facsimile, voice and/or data traffic. For
subscribers with several offices requiring private communications with
each other, MCI International offers a versatile message switching
service. Voice/data leases can be configured to meet a whole array of
communicating needs; for example, one channel might carry data traffic
from a computer at night, voice communications during office hours, and
simultaneous teleprinter messages at any time. Data channels can handle
requirements for traffic at any speed from 1200 bits per second to 1.544
megabits per second.
IMPACS SERVICE uses packet switching technology to provide
international communications service between data terminals and
computers. Impacs offers on line, real time connections and enables many
types of incompatible systems to communicate. Impacs service offers
virtually error free transmission because of the error detection and
retransmission capability of the network.
INSTALINK SERVICE allows businesses overseas to use regular telex
equipment to access remote computing systems and databases in the
U.S. Subscribers can retrieve data from a computer based information
service or use a computing system connecting to a packet switching
network in the U.S.
INTERNATIONAL FACSIMILE SERVICE enables subscribers to send
duplicates of original documents overseas quickly and efficiently, even
when neither the sender nor the receiver has facsimile transmission
equipment, or when the sender and receiver have incompatible equipment.
DATEL SERVICE provides automatic or voice coordinated data
transmission at speeds up to 2400 bits per second. Either digital or analog
facsimile traffic can be transmitted via Datel. Datel facilities are
conditioned to ensure high quality transmission. The MCI International
switching center allows communications between incompatible terminals.
MARITIME SERVICES provide instant, high quality contact between ships
at sea or offshore rigs, and between these vessels and land based
subscribers worldwide.
International Voice Services
PRIVATE LINE SERVICE provides, fast, easy access to a single
overseas location at an economical monthly rate. This technically efficient
system maximizes the use of line capacity by recognizing idle time and
assigning a speaker to a transmission path only when the path is needed.
Users can dial a four digit extension from a regular business phone to
reach a key overseas location.
International Mail Services
WORLD MESSAGE SERVICE subscribers can access the domestic
electronic mail and hard copy delivery offerings of MCI Mail. In addition,
MCI International is developing fast, low cost services that will deliver
electronic messages and high quality printed documents worldwide.
Customer Service
THE CUSTOMER TROUBLE REPORTING ASSISTANCE CENTER at
MCI International addresses customer concerns such as equipment
maintenance and service performance questions. Customer service
specialists, on duty 24 hours a day on business days, answer questions
and electronically route service requests to technicians nationwide.
MCI DIGITAL INFORMATION SERVICES CORP.
MCI Digital Information Services, MCI's newest unit, provides high speed,
low cost, time sensitive message delivery (MCI Mail), either electronically
or via hard copy.
MCI Mail provides time sensitive document delivery to anyone, anywhere
vial MCI's long distance telephone network. MCI Mail can reach a recipient
instantly, in four hours or less, or overnight by noon the next day. Prices
are as much as 90 percent lower than comparable time sensitive mail
delivery services. MCI Mail can be delivered electronically, terminal to
terminal, or laser printed on letterhead stationery with the customer's
signature.
MCI Mail customers can even order gifts and services direct through MCI
Mail, ranging from software and paper for personal computers to
investment advisory services to travel specials.
There are no sign up, monthly service charges or "connect time" charges
for MCI Mail. MCI Mail can be used by virtually any personal computer,
word processor, electronic typewriter, data terminal, telex, or other digital
communications device. The service is accessed by a local telephone call
or 800 number.
MCI Mail
INSTANT delivery to an "electronic" mailbox.
FOUR HOUR paper delivery by courier to 17 major metropolitan areas
regardless of point of origin.
OVERNIGHT paper delivery by courier by noon the next day in 20,000
continental U.S. cities.
MCI LETTER transmitted electronically to the MCI digital postal center
nearest its destination, then delivered locally by the U.S. Postal Service.
TELEX DISPATCH enables MCI Mail subscribers to transmit messages to
the more than 1.6 million telex subscribers worldwide.
VOLUME MAIL enables customers to send large mailings in a variety of
letter formats, at substantial savings in delivery time and expense.
========================================
Look for more MCI Files coming to Metal Shop soon!
This has been a Knight Lightning Presentation
Hacking RSTS
==Phrack Inc.==
Volume One, Issue Two, Phile 8 of 9
The Hackers Guide to RSTS E 8.0
Data Line. TWX 650 240 6356
Rsts is one of the most versatile operating systems available for the
PDP 11 series of computers. It can emulate both RSX and RT 11 (though
not fully), and is often a choice where multiple concurrent operating
systems must be online. I was a system manager on an 11 23 for about a
year and learned a fair amount about the OS (perhaps forgetting a good
deal in the interim). This phile applies to release 8.0 and the entire 7
series. By the way, version 9.0 is it DEC is discontinuing RSTS with that
release and using 9.0 as a bridge to VMS for the PDP 11 series. The
logon will tell which version you are hacking.
If the SYSTAT before logon has been disabled (It probably has), no big
worry. Account 1,2 must be present on the system and contains most of
the system utilities. On booting, the account is called at least 8 times to
put batch processors and spoolers online. Changing [1,2]'s passwords in
the command file is a tedious process most system managers are too
lazy, so it won't change often. Oh yes, the default PW for 1,2 is SYSLIB.
This knowledge should cut hacking time considerably for many systems.
When you get in, RUN $MONEY. This gives all accounts, KCT's (Billing
units), accesses, time on system, and PASSWORDS, if you ask. Don't
reset the system when it asks, it merely zeroes the program and not the
hardware, but could tip someone off that he system had been hacked.
Personally, I like running out of a new account, so RUN $REACT. Pick a
new account , making sure the first number (before the comma) is a "1" to
get full privilege. Accept defaults for disk placement. As for Cluster size, I
prefer 4. It's large enough to get fast disk access, but small enough so
that little space is wasted for small files. Cluster size is shown (CLU or
CLS) on MONEY and on DIR/FULL. Follow conventions and you'll stand
less chance of being noticed.
RSTS has some of the most complete HELP files short of a CDC
mainframe. HELP HELP will give the forst screen of the nested menus. Be
sure to do this from a privileged account or you'll miss about half of the
best commands. HELP SYSTAT will give a thorough overview of the
system setup & status program.
RUN $SYSTAT (or just SYS if the Concise Command Language is set up
normally). On the left is a report of te system users including all
background jobs (print spoolers, batch processors and the like), their
keyboard, and what state they are in (RN=run, ^C=waiting for input,
DCL=logged on, no program running, DR=Disk Read, DW=Disk Write). To
the right is a list of busy I/O devices. At the end is a full report of Disk
names (DR:=Hard, DU:= floppy), and space allocated/free. To cause
some havoc pick a target KB, preferrably one running a financial type
program. Note the Job leftmost column. Simply type UT KILL and he's
totally gone, without so much as a logoff message. If done during a Disk
Write get out the backups!!
If just tying up resources is more your game, RUN $VT50PY. It gives the
utilization readout on a 20 second basis, or whenever a key is struck. The
program itself uses a lot of CPU time, so when the Interval <20>? comes
up, enter a 1 and watch the EXEC percent go through the roof.
If wasting paper is more your style, find the KB: number of the printer
(KB0: is the console) from SYSTAT when it's in use, or try LP1:. Find a
long text file (DIR [*,*]*.txt) and COPY LP1:=filename. Don't forget the
colon when referring to keyboards or printers.
Try DTR. If DATATRIEVE is online, you can set up a database of huge
proportions. Again, full help is available. SET GUIDE (configure your
terminal for VT 100) and it takes you through every step.
Phreak World News
==Phrack Inc.==
Volume One, Issue Two, Phile 9 of 9
= = = = = = = = = = = = = = = = = = = =
Phreak World News
Compiled by
\\\\\= { Knight Lightning } =/////
________________________________________
Spitfire Hacker Leaves Phreak World
Spitfire Hacker resigned from the phreaking world in December due to a
lack of computer. He now is holding a job and trying to earn enough money
to get another computer. He says that he plans to be back by November
1986.
________________________________________
MCI Cracks Down
Dr. Crash busted for MCI scanning. In the early part of December, Dr.
Crash ran a scanner on MCI, MCI traced him and told him to stop,
unfortunately Dr. Hack, another 314er, started scanning the same port
later that night. MCI didn't trace it again and assumed it was Dr. Crash
back at work. All of his files were hidden away but MCI and authorities
confiscated his Atari computer and his phone. MCI security told Dr. Crash
that he was part of an ongoing investigation. Later that month he had a
meeting with MCI security, where they questioned him about the incident.
His computer, they told him, will arrive in the mail soon.
________________________________________
Also in this issues news, Jester Sluggo said his goodbyes to St.Louis and
now has returned to his home in Cross Bar Territory.
________________________________________
Announcing... _ _ _____
| \/ |
|_||_|etal / /hop
________
/________AE
300/1200/2400 Baud/20 Megs Online 24 hours a day/7 days a week
Sysop: Cheap Shades
(314) 256 7284
If you would like to become a member of this board please contact Cheap
Shades, Knight Lightning, or Taran King for the general password.
________________________________________
Metal Shop...PRIVATE
Metal Shop is now officially a private BBS. On Jan. 2 Taran King and
Knight Lightning purged 241 users from the Metal Shop userlist. There are
now general passwords and new user passwords to this system. If you
would like to become a member of Metal Shop, please contact Taran
King, Knight Lightning, or Cheap Shades on any bbs they are on.
________________________________________
Extasyy Elite Disbanded
The following data has not been completely researched and may be
considered as rumors. Bit Blitz busted for phreaking, the organization and
enforcement agencies are unknown. However, $3000 worth of computer
material (7 computers) were confiscated. Also it is reported that The
Mentor informed on him.
The Mentor was busted for breaking into his school to steal 29 computers.
Also it has been said that Poltergeist is in the hospital with leukemia. It is
unknown if any other members were busted for any other reasons.
However, all former members are apparently safe now.The Bit Blitz and Crustaceo Mutoid are supposedly forming a new group
called Rising Force and The Mentor is starting an elite hacking group.
Much of this information has been supplied by former Extasyy member:
Kleptic Wizard
________________________________________
Legion of Doom Vs. Stronghold East Elite
Somehow The Maelstrom found the secret LOD VMS in 305, and decided
to post about it on Stronghold East. Knight Lightning spoke with
Compu Phreak of the LOD, and he said that he told Slave Driver, co sysop
of Stronghold East, to remove all posts concerning the LOD VMS, and the
LOD itself. He also threatened that failure to do so would bring down the
wrath of the 6 most active members of the LOD.
When last looked at Stronghold East still had the information online.
The LOD VMS has 96 megs online and store information in a way similar
to laserdisc.
All readers are encouraged NOT to call it as Compu Phreak is getting
pissed and you don't have the passwords anyway.
________________________________________
Dartmouth Abandoned
With the destruction of the 58107s 12 27 65 password to the Dartmouth
system, it seems to have been abandoned by phreaks. This is good
because basically it only causes trouble. Many users get impersonated on
that system and false rumors are constantly being started. The best way
to have a conference is a tele conference...start one today!
________________________________________
= = = = = = = = = = = = = = = = = = = =3
Index by Cheap Shades
Rolm systems by Monty Python
Making shell bombs by Man-Tooth
Signalling systems around the world by Data Line
Private audience by Overlord
Fortell systems by Phantom Phreaker
Eavesdropping by Circle Lord
Building a Shock Rod by Circle Lord
Introduction to PBX's by Knight Lightning
Phrack Issue(03), Number(10) by Phrack
Index
==Phrack Inc.==
Volume One, Issue Three, Phile 1 of 10
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
% _ _
% | \/ |
% |_||_|etal/ /hop %
% _________/
% /__________/
%
% Proudly Presents %
%
% Phrack Inc. Issue Three %
%
% Released Feb 1, 1986 %
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
The files contained in this issue of Phrack Inc. are as follows:
1: Index written by Cheap Shades
2: Rolm systems written by Monty Python
3: Making shell bombs written by Man Tooth
4: Signalling systems around the world by Data Line 5: Private audience
written by Overlord
6: Fortell systems written by Phantom Phreaker 7: Eavesdropping written
by Circle Lord
8: Building a Shock Rod written by Circle Lord 9: Introduction to PBX's
written by Knight Lightning 10: Phreak World News II written by Knight
Lightning
If you have an original file that you would like published in a future issue of
Phrack Inc. Leave E Mail to Taran King, Knight Lightning, or Myself on any
system that we are on. If you cannot find us try and contact some member
of Metal Shop to get into touch with us.
Later,
Cheap/ \Shades/
Rolm systems
==Phrack Inc.==
Volume One, Issue Three, Phile 2 of 10
The purpose of this file is to tell you what you would be dealing with if you
stumble across this system, or if you know of a company that is using this
system. It doesn't go into incredible detail, and is lacking in areas. It is not
a guide to hacking into it, just letting you know what you would be dealing
with. This is to pique your interest in the system.
So What the Hell is ROLM?
ROLM is a "Business Communications System" bought by IBM a few
months ago, in an effort to compete effectively with AT&T, and get a
larger share of the market, in a grand master plan to become "Big Daddy
Blue" as opposed to "Ma Bell". It is a very complex system, with features
such as PhoneMail, A Super PBX, Local Area Networks, Public and
Private Data Networks, Desktop Communications, and Call Management.
The heart of the system is the Controller, called the CBX <Computerized
Business Exchange>. This controls the entire network accessible through
ROLM. Since 1983, the CBX was redesigned and upgraded to the CBX II.
It is a PBX with much much more <See 'Introduction to PBX's' available on
your local bbs> to offer, and that is ROLM's claim to fame. It is light years
ahead of the regular PBX system.
The CBX II
The CBX II is the core of the ROLM network. It is computer driven and
expandable from one node, with 165 channels, to 15 nodes providing
11,5200 2 way channels. The smaller business could have a model with a
16 user maximum limit, but it can go up to 10,000 users, though this would
be quite rare <and quite God Damn expensive!>. It can be accessed from
outside lines <like you> as well as HardWired units, with a switching
system to prevent busy signals on a port. Speed depends on the system
in place, either the newer, faster ROLMbus 295, or the older standard
ROLMbus 74. <see Service manuals for exact details> The larger the
system, the faster as well. It is adjustable to accept different bandwidths
for the various components, such as Telex, Voice, Data, Mainframe, LAN,
Video <ta da! Picturefones in reality!>, and anything hooked up to the
system. Similar tasks can be bunched onto one channel as well, at high or
low speeds. If multiplexing is used <above>, the maximum speed is
192,000 bps, and if using a single interface, the top possible rate is a
mindboggling 37,000,000 bps, which if you ask me, if just fluff and not too
practical, so they are usually multiplexed. <Now, what a difference that is
from 300 baud!>. Using the CBX II network, you might find just about any
kind of mainframe, from HP, to DEC, to VAX, to the IBM 327 series.
Note : There is a smaller version of this called the VSCBX.
Phone Mail
This is one of the little beauties of the system, something truly fun to fuck
with. I called ROLM Headquarters in California to ask specific questions
about ROLM, posing as a researcher, and I got the big runaround,
transferred from department to department. Maybe you can get further
than I. Their is 408 986 1000. The to PhoneMail from the outside is
800 345 7355. A nice computer generated voice comes on asking you to
enter your Extension number <which each employee has>, and then enter
the "" sign. Then enter your password. If you make around 3 or 4 bad
attempts at an Extension of Password, it will automatically ring another
number, assistance I assume, to find out why there has been an
unsuccessful entry attempt. I haven't played around with this that much, so
leave mail to Monty Python with whatever you find. Once entering an
authorization with correct password, you will be presented with more
options, leave messages to other people, and whatnot. You can hear your
messages, forward them to another person, leave the same message to
more than one person, change your welcome message, etcetera. The
service is for those business type pigs who never sit still for one minute,
like they are permanently on speed.
A Phone Mail Scenario
Let's say if Mr. Greed goes out to meet his secretary at a motel, but
definitely has to get that important message from Mr. Rasta, who's
bringing in $3 mil in Flake, and can't trust it to the person who would
handle it <ie: the person filling in for his sec with the tremendous tits who
is getting balled by the dirty old fat man>. Mr. Greed would have given Mr.
Rasta his phone and he would be forwarded to the Phone Mail network,
where he would hear a message left my Mr. Greed, to anyone who would
call. Mr. Rasta would leave his message and hang up. Then Mr. Greed
could call up the 800 345 7355 , punch in his extension authorization
number, and password. Or, if he was back at the office, he could get it
there through DeskTop communications. Messages can be delivered
without error, in the person's own voice, without other people knowing
about it. Therefore, someone with enough knowledge could use an unused
account and use it as his own service, without the knowledge of others.
DeskTop communications
ROLM has developed a Computer/Telephone integrated device for use
with the Desktop communications. It is linked with the CBX II through fone
lines, thus accessible by you and me from the outside. It is not hardwired,
though it can approach hardwired speed. If you could get your hands on
one of these computer/fones then I think you would have found something
very useful at home, in your general life. But you could access the network
without the special features of the fone, like one touch dialing, which is
designed for the stupid lazy businessman. You can access company
databases through the network, mainframes, other people, just about
anything as if you were right there and told your secretary to do it for you.
There is special software used by the computers or computer/fone but it
can be improvised and is just an aid. It uses a special protocol <Don't
know what, try to get your hands on one by trashing a sales office>. What
is great is that everything is tied together through telefone lines, and not
RS 232C! Thus, there is an access port....somewhere. Scan the 's around
the office using ROLM. How do you know if it is using ROLM one way or
the other. Compile a list of local businesses, call them up saying "This is
ROLM Customer Support. We have a report of a complaint in your CBX II
network, let me speak to your supervisor please." If they say "ROLM?
CBX II? We don't use that" then just apologize and go elsewhere. Or say
that you are from ROLM corp and would like to know if the company is
interested in using it to network its system. Like, if they have it already,
they would say that they had it. And if they didn't, you would just give them
a fake <or if you're nice the for the local sales office obtainable in the list
below>.
But you know what's REALLY Great? They have made the network link in
mind for the person with a Computer IQ of about 0. Commands are in
plain English. Here is a demonstration screen as seen in their brochure:
CALL, DISPLAY or MODIFY
Display groups
ACCESSIBLE GROUPS:
[00] PAYROLL [01] MODEM [02] IBMHOST [03] DOWJONES [04]
DECSYSTM [05] MIS SYSTM [06] DALLAS [07] SALES
CALL, DISPLAY OR MODIFY?
Call Payroll
CALLING 7717 <which would be the ID code for the PAYROLL file> CALL
COMPLETE
**PAYROLL SYSTEM** <or whatever they want to call it> ENTER
ACCOUNT CODE:
See, nothing is confusing, everything pretty self explanatory. There may be
more than one person wanting to do the same thing you are, so if there is,
you would be put on a queue for the task. It seems that those with an IBM
would be best suited for ROLM hacking, because ROLM is owned by
IBM, and the PC's used by the network are IBM. A person with a simpler
fone/Terminal couldn't access something like their DEC mainframe, or
something like that. By calling in, you could not run an application, unless
you had a special interface, but you could access the database, which any
dumb terminal could do. However, there are security levels. Thus one with
a privileged account could access more things than one without it. Like Joe
Schmoe in Sales couldn't get to Payroll . It seems that for non IBM's to
access some of the parts of the network, you would need an interface to
become the same thing as a RolmPhone. Excessive 's of bad logon
attempts, which would be construed as a linking error would notify the
network manager, And if they saw that there was no hardware error,
eventually, they would think of if they were somewhat experienced, you
guessed it, hackers.
The PBX
ROLM has something called Integrated Call Management <from here on
known as ICM>. Now, when designing ICM, they must have taken into
account the abuse possible in plain ol' PBX's. So they put in something
called Call Screening. This will enable the company to restrict calls to
certain 's and prefixes. Calls to non business 's or certain areas can be
screened out <"No personal calls on my time, Johnson!">, with the
exception of 1 specific that you want. There is a choice of having a
codeless, screened PBX, or a PBX where accounts are assigned to each
employee, and the 's they call get recorded to that account. There can be
privileged accounts where a large volume of calls would go relatively
un noticed. But I don't think that large scale abuse of this system would be
easy or practical. Calls are routed AUTOMATICALLY through the service
where the rates are cheaper to the location dialed, which is pretty fucking
cool. And, the PBX is accessible from the outside, using Direct Inward
System Access, making it AB useable.
But what about if there is Equal Access in that area? It doesn't matter, the
CBX will automatically access the service without you having to worry
about it <hell, this is totally unnecessary for a hack/phreak, cause we ain't
paying for the damn call anyhow!>
BUT!: There is a use of Call Detail Recording, where information on all
ingoing and outgoing calls are recorded.
Conclusion
Not a lot of research went into this file, but it did take a little while to type
up, and all of the information is correct, to my knowledge. Anyone is free
to expand on this file into a Part II. It was written to enlighten people about
this system, and I hope this has helped a little bit. Sysops: You are free to
put this file up as long as NONE of the credits are changed! <this means
the Phrack, Inc. AND Personal credits>. Please give us a chance.
Coming soon, to a telephone near you: The Return of The Flying Circus.
Look for it.
Later On
Monty Python <01/11/86>
Making shell bombs
==Phrack Inc.==
Volume One, Issue Three, Phile 3 of 10
////////////////////\
::::
:::: "SHOTGUN SHELL BOMBS" ::::
:::: from ::::
:::: The Poor Man's James Bond ::::
:::: by Kurt Saxon ::::
::::
:::: typed in by ] Man Tooth [ ::::
::::
\\\\\\\\\\\\\\\\\\\\/
These little goodies are affectionately known as "nut busters." They are
simply shotgun shells enclosed in cardboard rolls with cardboard fins put
on. On the primer end of the shell is glued a small cork with a hole drilled
through it. A roofing nail fits in the hole snugly enough to stay in, but loose
enough to plunge into the primer upon impact.
Since the shell is not confined in the chamber of the gun, it will naturally not
cause the same amount of damage. But if it goes off between a fellow's
legs he can look forward to becoming a soprano.
These bombs are thrown singly or by the handful into the air over milling
crowds. The weight of the shell and stabilization by the fins causes the nut
buster to head straight downward.
It has tremendous effect as its presence is usually a suprise. The threat of
more coming is guaranteed to route any mob.
Not only does it go off on the pavement but it will also explode on contact
with a person's head or shoulder. At night it is impossible to trace its point
of origin.
! \
/> ! \ Cork
Fins ! ! v
!\
! \ ! ! ! ! \
! \> ! ! ! ! Roofing nail
! ! ! ! ! /
\ !/
\ ! ! ^
\ > ! / ^ \
! / ! \
! Shell
!
!
Close fitting 3 1/2 inch Aluminum Tubing Glued on Shell.
SHOTGUN SHELL BOMB
A clever use for a plain shotgun shell is as a muffler bomb. The shell is
simply shoved up a car's exhaust pipe with a length of stiff wire until it
drops into the muffler. After a few minutes on the road the shell explodes,
totalling out the muffler and treating the driver to a sick kind of panic.
Signalling systems around the world
==Phrack Inc.==
Volume One, Issue Three, Phile 4 of 10
Signalling Systems Around the World
For those of you who have the desire to make international calls, this info
may be of interest. Thanks to TAP and Nick Haflinger.
CCITT 1. An old international system, now deceased. Used a 500 Hz tone
interrupted at 20 Hz (Ring) for 1 way line signals.
CCITT 2. Proposed "International Standard" that never caught on much.
Used 600 Hz interrupted by 750 Hz. Still used in Australia, New Zealand
and South Africa.
CCITT 3. An early in band system that uses 2280 for both line and register
(!!). Used in France, Austria, Poland and Hungary.
CCITT 4 A variation of 3, but uses 2040 and 2400 for end to end Tx of line
and register. Used for international Traffic in Europe, but cannot be used
with TASI (AKA Multiplex or "that dammed clipping").
CCITT 5 This is the most popular, and the one used in the US. 2400 and
the infamous 2600 are used for link to link (not merely end to end line
signals. Registers are handled via DTMF (Touchtones). Anyone know
what 2400 does??
CCITT 5 bis. Just like above, but a 1850 Hz tone is used for TASI locking
and transmission of line signals.
CCITT 6 The newest and worst for phreaks. It uses digital data sent
out of band to control the connection. In other words, the connection is
made and billing started BEFORE you can get control.
CCITT 5R1 A regional system like 5, but doesn't use the mysterious 2400
and can't use the multiplexer.
CCITT 5R2 Probably the interface to AUTOVON, as it uses 120 Hz
spaced tones for DTMF instead of 200. Also 3825 Hz is the blow off tone
instead of 2600.
The "Extra" tones
1700 + 700 = Inward Operator
1700 + 900 = Delay operator, also, in TSPS,STP (a "Zero Plus" call from
a coin phone)
1700 + 1100= KP1 (Start recognition of special tones)
1300 + 1700= KP2 (End recognition of special tones)
12 85 Data Line. CIS 72767,3207: TWX 650 240 6356
Private audience
==Phrack Inc.==
Volume One, Issue Three, Phile 5 of 10
* PRIVATE AUDIENCE *
(A BASIC LESSON IN THE ART OF LISTENING IN)
BROUGHT TO YOU BY
[ THE OVERLORD ]= = = = = = = = = = = = = = = = = = = =
PART I: THE LAW
Federal law:
Section 605 of title 47 of the U.S code, forbids interception of
communication, or divulagance of intercepted communication except by
persons outlined in section 119 of title 18 (a portion of the Omnibus crime
control and safe streets act of 1968). This act states that "It shall not be
unlawful under this act for an operator of a switchboard, or an officer,
employee, or agent of any communication common carrier who's switching
system is used in the transmission of a wire communication to intercept or
disclose intercepted communication."
What all this legal bullshit is saying is that if you don't work for a phone
company then you can't go around tapping people's lines. If you decide to
anyway, and get caught, it could cost you up to 5 years of your life and
$10,000. This, you are all assuming, means that if you tap someone else's
line, you will be punished....wrong! You can't tap your own line either. The
punishment for this is probably no more than a slap on the hand, that is if
they actually catch you, but it's a good thing to know..............now on to
the fun.....
PART II: TAPPING
Everyone has at some time wanted to hear what a friend, the principal, the
prom queen, or a neighbor has to say on the phone. There are several
easy ways to tap into a phone line. None of the methods that I present will
involve actually entering the house. You can do everything from the
backyard. I will discuss four methods of tapping a line. They go in order of
increasing difficulty.
1. The "beige box": a beige box (or bud box) is actually better known as a
"lineman" phone. They are terribly simple to construct, and are basically
the easiest method to use. They consist of nothing more than a phone with
the modular plug that goes into the wall cut off, and two alligator clips
attached to the red and green wires. The way to use this box, is to venture
into the yard of the person you want to tap, and put it onto his line. This is
best done at the bell phone box that is usually next to the gas meter. It
should only have one screw holding it shut, and is very easily opened.
Once you are in, you should see 4 screws with wires attached to them. If
the house has one line, then clip the red lead to the first screw, and the
green to the second. You are then on the "tappee's" phone. You will hear
any conversation going on. I strongly recommend that you remove the
speaker from the phone that you're using so the "tappee" can't hear every
sound you make. If the house has two lines, then the second line is on
screws three and four. If you connect everything right, but you don't get on
the line, then you probably have the wires backward. Switch the red to the
second screw and the green to the first. If no conversation is going on,
you may realize that you can't tap the phone very well because you don't
want to sit there all night, and if you are on the phone, then the poor
tappee can't dial out, and that could be bad...so....... method two.
2. The recorder: This method is probably the most widespread, and you
still don't have to be a genius to do it. There are LOTS of ways to tape
conversations. The two easiest are either to put a "telephone induction
pickup" (Radio Shack $1.99) on the beige box you were using, then
plugging it into the microphone jack of a small tape recorder, and leaving it
on record. Or plugging the recorder right into the line. This can be done by
taking a walkman plug, and cutting off the earphones, then pick one of the
two earphone wires, and strip it. There should be another wire inside the
one you just stripped. Strip that one too, and attach alligators to them.
Then follow the beige box instructions to tape the conversation. In order to
save tape, you may want to use a voice activated recorder (Radio Shack
$59), or if your recorder has a "remote" jack, you can get a "telephone
recorder control" at Radio shack shack for $19 that turns the recorder on
when the phone is on, and off when the phone is off. This little box plugs
right into the wall (modularly of course), so it is best NOT to remove the
modular plug for it. Work around it if you can. If not, then just do you best
to get a good connection. When recording, it is good to keep your
recorder hidden from sight (in the Bell box if possible), but in a place easy
enough to change tapes from.
3. The wireless microphone: this is the BUG. It transmits a signal from the
phone to the radio (FM band). You may remember Mr. Microphone (from
Kaytel fame); these wireless microphones are available from Radio Shack
for $19. They are easy to build and easy to hook up. There are so many
different models, that is is almost impossible to tell you exactly what to do.
The most common thing to do is to cut off the microphone element, and
attach these two wires to screws one and two. The line MIGHT,
depending on the brand, be "permanently off hook". This is bad, but by
phucking around with it for a while, you should get it working. There are
two drawbacks to using this method. One, is that the poor asshole who is
getting his phone tapped might hear himself on "FM 88, the principal
connection". The second problem is the range. The store bought
transmitters have a VERY short range. I suggest that you build the
customized version I will present in part four (it's cheaper too). Now on to
the best of all the methods....
4. The "easy talks": This method combines all the best aspects of all the
the other methods. It only has one drawback... You need a set of
"Easy talk" walkie talkies. They are voice activated, and cost about $59.
You can find 'em at toy stores, and "hi tech" catalogs. I think that any
voice activated walkie talkies will work, but I have only tried the easy talks.
First, you have to decide on one for the "transmitter" and one for the
"receiver". It is best to use the one with the strongest transmission to
transmit, even though it may receive better also. De solder the speaker of
the "transmitter", and the microphone of the "receiver". Now, go to the
box. put the walkie talkie on "VOX" and hook the microphone leads (as in
method three) to the first and second screws in the box. Now go home,
and listen on your walkie talkie. If nothing happens, then the phone signal
wasn't strong enough to "activate" the transmission. If this happens, there
are two things you can do. One, add some ground lines to the microphone
plugs. This is the most inconspicuous, but if it doesn't work then you need
an amplifier, like a walkman with two earphone plugs. Put the first plug on
the line, and then into one of the jacks. Then turn the volume all the way up
(w/out pressing play). Next connect the second earphone plug to the mice
wires, and into the second earphone outlet on the walkman. Now put the
whole mess in the box, and lock it up. This should do the trick. It gives you
a private radio station to listen to them on: you can turn it off when
something boring comes on, and you can tape off the walkie talkie
speaker that you have!
PART IV: WIRELESS TRANSMITTER PLANZ
This is a tiny transmitter that consists on a one colpitts oscillator that
derives it's power from the phone line. Since the resistance it puts on the
line is less than 100 ohms, it has no effect on the telephone performance,
and can not be detected by the phone company, or the tappee. Since it is
a low powered device using no antenna for radiation, it is legal to the FCC.
(That is it complies with part 15 of the FCC rules and regulations). It,
however is still illegal to do, it's just that what you're using to do it is legal.
This is explained later in part 15... "no person shall use such a device for
eavesdropping unless authorized by all parties of the conversation" (then
it's not eavesdropping is it?). What this thing does, is use four diodes to
form a "bridge rectifier". It produces a varying dc voltage varying with the
auto signals on the line. That voltage is used to supply the the voltage for
the oscillator transistor. Which is connected to a radio circuit. From there,
you can tune it to any channel you want. The rest will all be explained in a
minute....
PARTS LIST
item | description
C1 | 47 Pf ceramic disk capacitor
C2,C3 | 27 Pf mica capacitor
CR1,CR2,CR3,CR4 | germanium diode 1n90 or equivalent
R1 | 100 ohm, 1/4 watt 10% composition resistor R2 | 10k, 1/4 watt 10%
composition resistor
R3 | .7k, 1/4 watt 10% composition resistor
L1 | 2 uH radio frequency choke (see text)
L2 | 5 turns No.20 wire (see text)
Q1 | Npn rf transistor 2N5179 or equivalent
L1 may be constructed by winding approximately 40 turns of No. 36
enamel wire on a mega ohm, 1/2 watt resistor. The value of L1 is not
critical. L2 can be made by wrapping 5 turns of No. 20 wire around a 1/4
inch form. After the wire is wrapped, the form can
be removed. Just solder it into place on the circuit board. It should hold
quite nicely. Also be sure to position Q1 so that the emitter, base, and
collector are in the proper holes. The schematic should be pretty easy to
follow. Although it has an unusual number of grounds, it still works.
| L1 |

CR1 / \ CR2 | |
A / \ | |
| \ / | | | C2 L2
| CR3 \ /CR4 | C1 R2 | | |
R1 | | | gnd C3 |
| | | |
| gnd | | |
| | | Base collector
| | R3 \ /
B | Q1
gnd \/
emitter(gnd)
The odd thing about this bug that we haven't encountered yet, is that it is
put on only one wire (either red or green) so go to the box, remove the red
wire that was ALREADY on screw
1 and attach it to wire 'A' of the bug. Then attach
wire 'B' to the screw itself. You can adjust the frequency which it comes
out on the FM channel by either smooshing, or widening the coils of L2. It
takes a few minutes to get to work right, but it is also very versatile. You
can change the frequency at will, and you can easily record off your radio.
PART FIVE: HELPFUL HINTS
First of all, With method one, the beige box, you may notice that you can
also dial out on the phone you use. I don't recommend that you do this. If
you decide to anyway, and do something conspicuous like set up a 30
person conference for three hours, then I suggest that you make sure the
people are either out of town or dead. In general, when you tap a line, you
must be careful. I test everything I make on my line first, then install it late
at night. I would not recommend that you leave a recorder on all day. Put
it on when you want it going, and take it off when you're done. As far as
recording goes, I think that if there is a recorder on the line it sends a
sporadic beep back to the phone co. I know that if you don't record
directly off the line (i.e off your radio) then even the most sophisticated
equipment can't tell that you're recording. Also, make sure that when you
install something, the people are NOT on the line. Installation tends to
make lots of scratchy sounds, clicks and static. It is generally a good thing
to avoid. It doesn't take too much intelligence to just make a call to the
house before you go to install the thing. If it's busy then wait a while. (This
of course does not apply if you are making a "midnight run").
All in all, if you use common sense, and are *VERY* careful, chances are
you won't get caught. Never think that you're unstoppable, and don't
broadcast what you're doing. Keep it to yourself, and you can have a
great time.
[ OVERLORD ]
THANKS TO:
The CircleLord
TARAN KING
Knight Lightning
The Forest Ranger
P 80 systems
Watch for more advanced tapping, how they catch you, and verification in
the near future.
Fortell systems
==Phrack Inc.==
Volume One, Issue Three, Phile 6 of 10
Fortell Systems
Written by Phantom Phreaker
Call The Alliance at 618 667 3825
Fortell systems seem to be a system to monitor lines. They can only be
used to monitor lines within their own NPA.
A Fortell system is at 716 955 7750. Whene you call, you will hear:
'Hello. This is the Taradyne Fortell system. Please enter ID code'
The ID for this system is 722877*. After you type that in (DTMF) it will ask
'please enter line number' where you then type the PRE+SUFF of the
number you wish to check within the NPA of the Fortell.
After you enter a number, it will repeat the number you entered. Now it will
ask you to 'please enter mode'.
The modes are:
1 Calling on other line
2 Calling on test line
3 Line test results
If you enter mode 1, you will have these commands available:
1 Fault location
2 Other testing
7 Test ok, Monitor
8 Hang up
9 Enter next line number
If you enter 7 here, it will repeat what you selected, and ask for an ID
code which can be any 6 digit number followed by a *.
Now it will dial and tell you:
'Subscriber busy busy monitor test in progress conversation on line short
on line'
2 Monitor test
3 Overide and test
4 Wait for idle
If you enter 2, (Monitor Test) it will tell you the busy status again.
If you enter 3, it will override, or tell you 'Not available in this CO'.
If you enter 4, (Wait for idle) it will wait until the line is idle.
If you enter 1 (Fault Location) at the main list you will get these options:
1 Open location
3 Short location
4 Cross location
5 Ground location
8 Hang up
If you enter 2 (Other testing) here, you will have these commands:
2 Loop Ground OHMS
3 Dial tone test
5 Pair ID
8 Hang up
If you enter Mode 2, you will have these options:(Other testing)
2 Other testing
7 Test ok, Monitor
8 Hang up
9 Enter next line number
It will repeat what you selected. If you select 2 here, you will now have
these commands:
2 Loop Ground Omhs
8 Hang up
If you select 7 at the main list after mode 2, it will ask for an ID which is
any 6 digit number followed by a *. Now it will dial and check the number.
If the number is busy, it will say 'Subcriber busy monitor test in
progressconversation on line short on line please hang up waiting for idle'
Now you can just type * to go back to the main list of commands.
If you enter MODE 3, if you have done a test before, it will give you the
results of the test. If you haven't done a test, it will tell you so with 'No test
results available'
You can abort back to the main commands list by typing a *.
By typing a 9 at several places you will be taken back to the beginning
where it asks you to 'enter line number'
PP 01/06/86
Eavesdropping
==Phrack Inc.==
Volume One, Issue Three, Phile 7 of 10
********************************
*
* Electronic Eavesdropper *
*
* by
*
* Circle Lord *
*
********************************
Have you ever considered buying one of those hi powered microphones
often seen in eletronics magazines, but thought it was to much to buy and
to small to card? The circuit shown in this file will provide you with the
information to build one for a lot less money.
These audio eavesdropping devices are probably one of the hottest items
in the underground due to their ability to pick up voices through thick walls.
You can also attach the speaker wires to a tape recorder and save all the
conversation. As one can see these are great for blackmailing a teacher,
classmate, principal, neighbor, or whoever you seek services from...
Parts list:
=EM
M1 Amplifier Module. (Lafayette 99C9037 or equiv.)
M2 9 VDC battery.
M3 Microphone
R1 20K poteniometer with spst switch.
S1 Spst switch on R1
SP1 8 ohm speaker
T1 Audio transformer (Radio Crap part 273 1380)
Schematics
+ + M1
1 1 1 1 1red 1blu 1 1 1 1 transformer 1 1 1 1 1yel 1grn
+ + 1
1 + + + +
1 1 1 1
b1 b1 r+M2+b o+S1+o 1
l1 l1 e1 1l r1 1r 1
k1 u1 d1 1k g1 1g 1
************1
* yel>* + ++
* R 1
* M1 * 1 + 1
* red>* + 1 1
* 1<<
*************1
b1 1g y1 1 l1 1r e1 1 k1 1y l1 1
1 1 + +
+SP1+
S1 here is on the potentiometer
M3 can be an earphone earpiece

/
/
/ ircle / ord

Building a Shock Rod
==Phrack Inc.==
Volume One, Issue Three, Phile 8 of 10
********************************
*
* Making a Shock Rod **
* By *
*
* Circle Lord *
*
********************************
This handy little circuit is the key to generating THOUSANDS of volts of
electricity for warding off attackers (notice the plural). It generates it all
from a hefty 6 volt source and is easily fit into a tubular casing. Originally
used as a fence charger, this circuit can be put to other uses such as:
charging a whole row of lockers at school, a row of theater seats, or a
metal bleacher set in the gym. More on this later.
To build this, all you need is a GE 3 transistor, a 6.3 volt transformer, and
a handful of spare parts from old radios. The ammount of shock you wish
to generate is determined by the setting of potentiometer R1, a 15,000
ohm variable resistor. Hint: for maximum shock, set R1 at maximum!
****************************************
Item * Description
****************************************
C1 * 500uF, 10 WVDC electrolytic capacitor
C2 * 2000uF, 15 WVDC electrolytic capacitor
M1 * 6 VDC battery
M2,M3 * Leads
Q1 * GE 3 transistor (2n555 will also do)
R1 * 15K potentiometer
R2 * 160 ohm resistor
S1 * Spst switch
T1 * 6.3 VAC filament transformer (Triad F 14x or equiv.) X1 * 1N540
diode
****************************************
Schematics:
+ C1 +
1 1 HOT 1 + + 1 LEAD
+ 1<Q1 1 )( >
R1* + 1 + >)(
+ >* 1 1 1 )(
1 * + + 1 1 )( > 1 1 1 1 1 1 1 TO 1 1 1 1 1 1 1 GND 1 * C2 1 + 1 + 1
R2 1 1 1 1 1 * 1 1 1 X1 1
+ + + 1 1 > +
1 +/ 1 1
+*M1* *S1*+ GND
/
/ /
/ /
/ ircle / ord

Introduction to PBX's
==Phrack Inc.==
Volume One, Issue Three, Phile 9 of 10
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ _ _
@ | \/ |
@ |_||_|etal / /hop @
@ ______
@ /______
@ PRIVATE @
@
@ Presents... @
@
@ \\\\\= { Knight Lightning's } =///// @
@
@ "Introduction to PBXs" @
@
@
@ Written on January 3, 1986 @
@
@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This file is a personal continuation of the PBX entry in the MCI
Telecommunications Glossary.
________________________________________
A telephone exchange serving an individual organization and having
connections to a public telephone exchange is called a Private Branch
Exchange (PBX). The PBX performs a switching function by connecting
any extension in the private organization to an outside line. A PBX is
actually a private switch that connects a group of telephones within an
individual organization. Calls placed outside this individual group are
connected to a telephone company's central office switch through trunks.
A PBX may be operated by an attendant from the private organization or
the switching system may be done automatically. Other terms that are
commonly used interchangeably with PBX are: Private Automatic Branch
Exchange (PABX), Private Automatic Exchange (PAX), and Computerized
Branch Exchange (CBX). Although these terms were originally used to
identify specific switch structures, today they are often used as synonyms.
PBXs can use any of three basic switching methods: step by step (SxS),
Cross bar (X bar), and computer controlled, to perform the basic function
of switching. However, in addition to detecting calls and establishing a
transmission link between two telephones, PBXs can do much more.
The common control, often called a central processing unit (CPU), controls
the switching matrix that connects the stations and trunks. The switching
matrix of a PBX performs the same job as does an operator at a manual
switchboard or a common control central office switch. The CPU,
however, gets its instructions from the "stored program", which contains
directions for activities, such as detecting calls, sending them over the
best available route, and recording billing information. These computerized
electronic switches are used to perform routine, as well as unique,
functions that simply weren't practical or even possible with
electromechanical switches.
Just as in the public switched network, PBX switches make connection
between instruments, or "key telephone sets". We're all familiar with key
telephone sets, whether we know them by name or not. They're the
business telephones that have six push button keys lined up below the
dial a red button marked "hold" and five buttons or lines with flashing
lights.
Systems with PBXs and key sets have a great deal of flexability in
planning for their needs because they can set up their codes to accomplish
the functions needed in their particular situations. In fact, the PBX can be
programmed so that each individual extension within a system can take
advantage of features applicable to its own business needs.
Some of the features that are availiable with PBXs and key systems are:
call transfer, which allows internal or external calls to be transferred from
one telephone to any other phone in the system; automatic push button
signaling, which indicates the status of all phones in the system with
display lights and buttons; one way voice paging, which can be answered
by dialing the operator from the nearest telephone in the system; camp on,
in which a call made to a busy phone automatically waits until the line is
idle; and internal and external conference capabilities, which enables
outside callers to conference with several inside users.
Some features automatically handle incoming telephone calls. Automatic
call waiting not only holds calls made to a busy extension until the
extension is free, but also signals the person being called that a call is
waiting and informs the caller that he is on hold. Automatic call forwarding
will send calls to employees who are temporarily in locations other than
their offices, provided they "inform" the PBX where they can be found.
Automatic call distribution automatically send an incoming call to the first
extension that's not busy a useful feature for situations in which any one
of a group of persons in the organization can adequately respond to
incoming calls. Another example is automatic call back, which allows a
caller who reaches a busy line to ask the PBX to return his or her call
when the line is free.
Still other features provide services such as night telelphone answering,
telephone traffic monitoring, and network or hot line connection. These
examples are but a sample from the features possible with computerized
PBXs.
========================================
This is a very brief description of how to use and what to expect on a
PBX.
Basically, you call the PBX and you will have to enter a code that can be
anywhere from 4 to 6 digits (Note: some PBXs do not require codes).
Then you will hear a dial tone. From here you would under normal
circumstances dial: 9 + 1 (or 0) + NPA PRE SUFF, for long distance
dialing or dial 8 for local dialing.
The most common use of the PBX is to call Alliance Teleconferencing, a
teleconference service offered by AT&T. To do this dial:
0700 456 1000,1002,1003,2000,2001,2002.
Note: PBX codes are usually very simple and usually 4 digits.
EX: 0000, 1111, 1234, etc
========================================
Look for a file on Alliance Teleconferencing coming soon...
________________________________________
This has been a Knight Lightning presentation...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Phrack Issue(03), Number(10)
==Phrack Inc.==
Volume One, Issue Three, Phile 10 of 10
= = = = = = = = = = = = = = = = = = = =
Phreak World News II
Compiled by
\\\\\= { Knight Lightning } =/////
________________________________________
Retraction
We at Phrack Inc, respectfully retract all statements made in last issue
concerning Stronghold East Elite and the LOD. We are sorry for any
inconvenience this may have caused you.
________________________________________
Phreaks Against Geeks
This group was formed as a joke by The W(hack)o Cracko Brothers Inc.
on a conference in December of 1985. The charter members were TWCB,
taRfruS, Blue Adept, The Clashmaster, and a few others. Since then,
Catcher in the Rye and the Slovak have tried to join.
Later that month, Boston Strangler and Micro Man formed PAP, which
stands for Phreaks Against Phreaks Against Geeks. Other opposers of
PAG include: Hack Attack, The Detective, Kleptic Wizard and The
Overlord 313. It is not known if these others are now in PAP or not.
All of this nonsense was really started on the Dartmouth System and is
mainly a local feud of phreaks in the Boston (617 NPA) area.
________________________________________
Brainstorm Gets 10 Megs
Finally, after several months of promises, Brainstorm (ELITE) now has a
10 Meg Hard drive. As of January 1, 1986 Modern Mutant cleared the
userlog of Brainstorm and a membership drive was started. Note: To
become a member of Brainstorm, you will have to take a small (and more
or less easy) filter. Some other new features on Brainstorm are online
games; Karate, Football, and a hacking simulation.
________________________________________
Anarchy Inc. Disbanded
Anarchy Inc., a once very famous g phile writing organization, has been
disbanded. Basically because most of its membership are now attending
college.
________________________________________
Dartmouth Conferences To Be Abolished?
This message was given on January 9, 1986 when a user would try to join
a conference.
XCaliber, Fantasie, Spectre, etc are not available until tomorrow. Due to
pressure from Kiewit and some users, conferences have been disabled for
one day. Hopefully this will remind some people that the conferences are a
public service on the part of a few people and are not a "right". Recent
abuse of the conferences has made caring for these conferences almost
more trouble than they are worth. These abuses have also caused some
users to complain to Kiewit. Too many complaints and they might vanish
altogether. If everyone will work at keeping the conferences reasonably
clean and free of abuse life will be much easier. Thank you for your time
and appologies for the lack of conferences.
You are no longer connected to conference "XYZ".
Later, Corwin got pissed off by the password abuse that was going on
and killed almost all non Dartmouth student passwords. It is also rumored
that he took down the DUNE bbs, however Apollo Phoebus says that it is
a temporary thing and that DUNE will be going back up soon.
________________________________________
MCI Employee Bust
Employees at MCI were creating fake accounts and then running up
massive bills. Then later they would either credit the accounts or say that
the subscriber reported code abuse. Any employee found doing this was
fired.
Another way these employees were cheating the company was by
reporting code abuse on their own accounts, however MCI Security using
CNA quickly caught these employees.
Note: MCI Security has stated that the only real way that they can catch
abusers of the phone company is by calling the numbers that the abusers
call and asking them who they know making these calls.
Information has been provided through MCI Security
________________________________________
MCI/IBM Merge
MCI Telecommunications company has merged with IBM and their phone
industry SBS. This was an effort to join the two as strong allies against
AT&T.
IBM computers Vs. AT&T computers
MCI Telecommunications Vs. AT&T Telecommunications
Changes arising from this merger (if any) are not known, but none are
expected for some years.
________________________________________
The Life And Crimes of the W(hack)o Cracko Brothers
The date is somewhere in December of 1984. Peter writes a code hacker
for the Hayes and tells Tim NOT to use it on Sprint because they trace.
Sometime later that night Tim received a call from Scan Man, sysop of
P 80.
Scan Man said he needed TWCB to hack him some Sprint codes cause he
didn't have the time or a Hayes. Tim did it for him on the 314 342 8900
Sprint extender.
He left it on all night and the next day while he was in school. Sprint traced
him. At 9:00 AM the next morning agents from the FBI, AT&T, Western
Union, GTE, and Southwestern Bell, arrived at TWCB's house.
They were let in, bringing with them cameras and tape recorders among
other equipment. Upon seeing this Peter blew into an upstairs extension
and cancelled the dialing program, but not before the agents made sure it
was the right place.
All of TWCB's computer equipment was confiscated and Tim was taken
downtown shortly after being picked up at school. Peter was sick and left
home. Tim was later released in his mother's custody.
They each received probation and 100 hours of county service.
That was then...
Recently TWCB has come under investigation for the following: Drug use
and dealing, burglary, forgery, and fraudulent use of a credit card.
Peter: 8 Class A Felony charges
1 Class A Misdemeanor charge
1 Class B Misdemeanor charge
Tim: 6 Class A Felony charges
2 Class B Misdemeanor charges
Note: Some of these misdemeanors are for not returning library books.
Also it has been said that Tim has been in jail 11 times. Both members of
TWCB are now enrolled in a reform school.
The information in this article has been provided by TWCB, directly and/or
indirectly.
________________________________________
Blue Adept: Gone For Good
Blue Adept, known for being an all around loser and Dartmouth
impersonator, decided to try blue boxing. For some reason he decided to
call an out of state trunk direct.
Later that month Blue Adept and his parents received a phone bill with a
charge around $386.00. This led to his being restricted from using the
phone.
Sometime after this incident Blue Adept received an invitation to join on a
conference. He wasn't home but his parents decided to stay on and listen
in.
Blue Adept is not allowed on conferences anymore and all calls to him are
now screened.
________________________________________
Overlord 313 Busted: Step dad turns him in
Overlord's step dad always would be checking his computer to see what
was on it and what was nearby. Last week he noticed the credits in
Overlord's file on Wiretapping, which can be seen in this issue of Phrack.
He reported his findings to Overlord's mom. She had a talk with him and
he promised to stop his evil ways. His step dad didn't believe him for a
second.
1/11/86
Step dad goes on business trip, where he meets Ma Bell executive Don
Mitchell. Step dad asks all sorts of different questions regarding use of
MCI dialups and Alliance Teleconferencing, and talks about how his
step son does all these things and more. Don strongly suggests that he
reports this to the phone company...
1 13 86
HE DOES
No legal action against Overlord has taken place as of now.
Information Provided by The Overlord of 313
________________________________________
Maelstrom 305 Busted
While I am not at liberty to revel all the information concerning this bust I
will mention the bare facts.
Maelstrom hacked into the Southern Bell Data Network (SBDN). This
system happened to be local to him so he did not bother to use an
extender. Unfortunately this system also had ANI (Automatic Number
Identification). His computer and other equipment as well as all his files
were confiscated as evidence.
Information provided by the Maelstrom of 305
________________________________________
Whackoland BBS
This bbs is now up and running strong. Its sysops are of course...TWCB
Inc. 300/1200 Baud, and 40 Megs. It has unique features and great mods
as well as Elite Sections. Call today... 314 256 8220. Note: Only 100
users will be kept so if you are just a beginner please don't bother to call.
________________________________________
R.I.P. Broadway Show
The Broadway Show BBS in New York is now down, and Broadway
Hacker will soon be in Washington DC. This C 64 run bbs, was one of the
best in its time, but later it became a hangout for rodents.
>From its ashes rises a new bbs, however its name has not been