F O R C E F I L E S Volume #4 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From The Depths Of - THE REALM -, By: ----====} THE FORCE {====---- 08/0/87 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= N U A L I S T I N G S C O N T I T T / U D T S 310330100xxx Sprint, By: ---===} THE FORCE {===--- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From the depths of - THE REALM - 02/09/1986 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 31033010000532 PRIMECON NETWORK System 32 31033010000533 PRIMECON NETWORK System 33 31033010000534 PRIMECON NETWORK System 34 31033010000537 PRIMECON NETWORK System 37 31033010000538 PRIMECON NETWORK System 38 31033010000541 PRIMECON NETWORK System 41 31033010000542 PRIMECON NETWORK System 42 31033010000543 PRIMECON NETWORK System 43 31033010000544 PRIMECON NETWORK System 44 31033010000545 PRIMECON NETWORK System 45 31033010000546 PRIMECON NETWORK System 46 31033010000547 PRIMECON NETWORK System 47 31033010000548 PRIMECON NETWORK System 48 31033010000549 PRIMECON NETWORK System 49 31033010000550 PRIMECON NETWORK System 50 31033010000551 PRIMECON NETWORK System 51 31033010000552 PRIMECON NETWORK System 52 31033010000557 PRIMECON NETWORK System 57 31033010000561 PRIMECON NETWORK System 61 31033010000563 PRIMECON NETOWRK System 63 31033010000564 PRIMECON NETOWRK System 64 31033010000590 PRIMECON NETWORK System 90 31033010000591 PRIMECON NETWORK System 91 31033010000592 PRIMECON NETOWRK System 92 31033010000593 PRIMECON NETWORK System 93 31033010000594 PRIMECON NETWORK System 94 31033010000595 PRIMECON NETWORK System 95 31033010000596 PRIMECON NETWORK System 96 31033010000597 PRIMECON NETWORK System 97 31033010000598 PRIMECON NETWORK System 98 31033010000599 PRIMECON NETWORK System 99 31033010000663 PRIMECON NETWORK System 63 31033010000664 PRIMECON NETWORK System 64 31033010000693 PRIMECON NETWORK System 93 31033010000694 PRIMECON NETWORK System 94 31033010000695 PRIMECON NETWORK System 95 31033010000696 PRIMECON NETWORK System 96 31033010000699 PRIMECON NETWORK System 99 D I A L N E T 9000xx Sprint, By: ---===} THE FORCE {===--- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From the depths of - THE REALM - 29/01/1987 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Plese note that DIALNET NUA's are not accessible via through all pads. These NUA's were sprinted from PRIMECON SYSTEM 41. 900025 WORLDCOM COMPUTER NETWORK System 25 900032 PRIMECON NETWORK System 32 900033 PRIMECON NETWORK System 33 900034 PRIMECON NETWORK System 34 900037 PRIMECON NETWORK System 37 900038 PRIMECON NETWORK System 38 900039 PRIMECON NETWORK System 39 900040 PRIMECON NETWORK System 40 900041 PRIMECON NETWORK System 41 900042 PRIMECON NETWORK System 42 900044 PRIMECON NETWORK System 44 900045 PRIMECON NETWORK System 45 900046 PRIMECON NETWORK System 46 900047 PRIMECON NETWORK System 47 900048 PRIMECON NETWORK System 48 900049 PRIMECON NETWORK System 49 900050 PRIMECON NETWORK System 50 900051 PRIMECON NETWORK System 51 900052 PRIMECON NETWORK System 52 900053 PRIMECON NETWORK System 53 900054 PRIMECON NETWORK System 54 900055 PRIMECON NETWORK System 55 900056 PRIMECON NETWORK System 56 900057 PRIMECON NETWORK System 57 900058 PRIMECON NETWORK System 58 900059 PRIMECON NETWORK System 59 900061 PRIMECON NETWORK System 61 900063 PRIMECON NETWORK System 63 900064 PRIMECON NETWORK System 64 900090 PRIMECON NETWORK System 90 900091 PRIMECON NETWORK System 91 900092 PRIMECON NETWORK System 92 900093 PRIMECON NETWORK System 93 900094 PRIMECON NETWORK System 94 900095 PRIMECON NETWORK System 95 900096 PRIMECON NETWORK System 96 900097 PRIMECON NETWORK System 97 900098 PRIMECON NETWORK System 98 900099 PRIMECON NETWORK System 99 P S S 234219200xxx Sprint, By: ---===} THE FORCE {===--- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From the depths of - THE REALM - 19/01/1987 Updated: 29/02/87 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 234219200001 PRIMENET 18.3-EOIN2 TPSYS B-MCH 234219200100 OS4000+RLIX PSS GATEWAY 234219200101 234219200102 host 234219200112 0,994#B APS 234219200118 AUTONET 234219200133 QUANTIME PSS GATEWAY 234219200146 234219200148 OS4000+RLIX PSS GATEWAY 234219200149 UNIVERSITY COLLEGE LONDON TERMINAL GATEWAY 234219200152 CCI QUICKMAIL 234219200169 LONDON 234219200171 234219200183 JAMES CAPEL'S TECHNICAL SERVICES DEPARTMENT 234219200190 PERGAMON INFOLINE 234219200193 BUPA 234219200197 0,99#B APS 234219200203 234219200206 host 234219200220 234219200233 234219200237 234219200238 234219200256 JBPLC 234219200260 SWIFT LONDON COMMUNICATIONS 234219200270 HP-3000 234219200275 HP-3000 234219200300 UNIVERSITY COLLEGE LONDON 234219200304 234219200390 SNA/SDLC DYNAMIC 234219200394 SIANET 234219201002 234219201004 BT-GOLD System 81 234219201025 PRESTEL 234219201184 CHASE 234219201197 PRIMENET 19.4.10q HQZ 234219201271 PRIMENET 19.4.10q HQX 234219201281 PERGAMON INFOLINE 234219201311 P S S 23421920100xxx Sprint, By: ---===} THE FORCE {===--- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From the depths of - THE REALM - 04/01/1987 Last Updated: 29/02/87 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 23421920100001 PRESTEL 23421920100002 PRESTEL 23421920100003 PRESTEL 23421920100004 PRESTEL 23421920100005 PRESTEL 23421920100006 PRESTEL 23421920100007 PRESTEL 23421920100008 PRESTEL 23421920100200 23421920100230 23421920100243 23421920100251 23421920100356 23421920100403 BRITISH TELECOM DEVELOPMENT AND BACKUP System 03 23421920100404 BRITISH TELECOM MESSAGE HANDLING System 23421920100417 REV.19 System 17 23421920100418 BT-GOLD System 18 23421920100419 BT-GOLD System 81 23421920100420 BT-GOLD System 81 23421920100421 BT-GOLD System 81 23421920100422 BT-GOLD System 81 23421920100423 BT-GOLD System 81 23421920100424 BT-GOLD System 81 23421920100425 BT-GOLD System 81 23421920100426 BT-GOLD System 81 23421920100427 BT-GOLD System 81 23421920100428 BT-GOLD System 81 23421920100429 BT-GOLD System 81 23421920100430 REV.19 System 04 23421920100431 REV.19 System 04 23421920100432 REV.19 System 04 23421920100433 REV.19 System 04 23421920100434 REV.19 System 04 23421920100435 REV.19 System 04 23421920100436 REV.19 System 04 23421920100437 REV.19 System 04 23421920100438 REV.19 System 04 23421920100439 REV.19 System 04 23421920100440 BT-GOLD System 81 23421920100441 BT-GOLD system 81 23421920100442 BT-GOLD system 81 23421920100443 BT-GOLD System 81 23421920100444 BT-GOLD System 81 23421920100445 BT-GOLD System 81 23421920100446 BT-GOLD System 81 23421920100447 BT-GOLD System 81 23421920100448 BT-GOLD System 81 23421920100449 BT-GOLD System 81 23421920100450 BT-GOLD System 81 23421920100452 BT-GOLD System 81 23421920100453 BT-GOLD System 81 23421920100454 BT-GOLD System 81 23421920100455 BT-GOLD System 81 23421920100456 BT-GOLD System 81 23421920100457 BT-GOLD System 81 23421920100458 BT-GOLD System 81 23421920100459 BT-GOLD System 81 23421920100460 BT-GOLD System 81 23421920100461 BT-GOLD System 81 23421920100462 BT-GOLD System 81 23421920100463 BT-GOLD System 81 23421920100464 BT-GOLD System 81 23421920100465 BT-GOLD System 81 23421920100466 BT-GOLD System 81 23421920100467 BT-GOLD System 81 23421920100468 BT-GOLD System 81 23421920100469 BT-GOLD System 81 23421920100472 BT-GOLD System 72 23421920100473 BT GOLD System 73 23421920100474 BT-GOLD System 74 23421920100475 BT-GOLD System 75 23421920100476 BT-GOLD System 76 23421920100477 BT-GOLD System 77 23421920100478 BT-GOLD System 78 23421920100479 BT-GOLD System 79 23421920100480 BT-GOLD System 80 23421920100481 BT-GOLD System 81 23421920100482 BT-GOLD System 82 23421920100483 BT-GOLD System 83 23421920100484 BT-GOLD System 84 23421920100485 BT-GOLD System 85 23421920100486 BT-GOLD System 86 23421920100487 BT-GOLD System 87 23421920100490 BT-GOLD System 81 23421920100491 BT-GOLD System 81 23421920100492 BT-GOLG System 81 23421920100493 BT-GOLD System 81 23421920100494 BT-GOLD System 81 23421920100495 BT-GOLD System 81 23421920100496 BT-GOLD System 81 23421920100497 BT-GOLD System 81 23421920100498 BT-GOLD System 81 23421920100499 BT-GOLD System 81 23421920100513 ENQUIRY SERVICE 23421920100515 HOSTESS public Info Base 23421920100530 HOSTESS closed access 23421920100555 FTP 23421920100600 MULTISTREAM INFORMATION REPORT 23421920100605 ATOMIC CLOCK 23421920100606 ATOMIC CLOCK 23421920100620 PSS ONLINE BILLING INFORMATION SERVICE 23421920100630 23421920100632 TACL 23421920100634 TACL 23421920100655 FTP 23421920100657 FTP 23421920100659 FTP 23421920100660 23421920100662 23421920100690 fax 23421920100691 fax 23421920100692 fax 23421920100694 fax 23421920100700 fax 23421920100701 fax 23421920100709 fax 23421920100710 fax 23421920100711 fax 23421920100720 fax 23421920100721 fax 23421920100730 fax 23421920100731 fax 23421920100740 fax 23421920100741 fax 23421920100750 fax 23421920100751 fax 23421920100761 fax 23421920100770 fax 23421920100771 fax 23421920100790 fax 23421920101699 fax 23421920115600 EUROPEAN SPACE AGENCY 'ESA' D A T E X - P 26245400030xxx Sprint, By: ---===} THE FORCE {===--- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From the depths of - THE REALM - 01/02/1987 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 26245400030029 26245400030035 fax 26245400030041 26245400030046 26245400030071 26245400030090 HP-3000 26245400030104 26245400030105 26245400030110 host 26245400030113 HP-3000 26245400030138 26245400030150 26245400030158 26245400030175 26245400030187 WILLKOMMEN BEI E2000 HAMBURG VAX 26245400030201 HASYLAB-VAX 11/750 VAX/VMS 4.2 26245400030202 HERA MAGNET MEASUREMENT VAX 750 26245400030215 26245400030259 26245400030261 26245400030296 DFH2001I 26245400030502 26245400030519 fax 26245400030566 DFH2001I 26245400030578 PRIMENET 20.0.4 DREHH D A T E X - P 26245621040xxx Sprint, By: ---===} THE FORCE {===--- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From the depths of - THE REALM - 09/01/1987 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 26245621040000 TELEBOX 26245621040014 ACF/VTAM 26245621040025 OEVA COMPUTER BEREIT 26245621040026 host 26245621040027 BASF/FER VAX 8600 26245621040508 VCON0 BASF A6 26245621040516 CN01 26245621040532 26245621040580 DYNAPAC MULTI-PAD.25 26245621040581 DYNAPAC MULTI-PAD.25 26245621040582 D A T E X - P 26245890040xxx Sprint, By: ---===} THE FORCE {===--- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From the depths of - THE REALM - 09/01/1987 Last Update: 29/02/87 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 26245890040004 ALTOS UNIX V (Chat system) 26245890040006 M&T 26245890040081 NOS SOFTWARE SYSTEM MUERCHENER RECHENZENTRUM 26245890040185 fax 26245890040207 IABG DETEZENTRUM OHOBRUNN 26245890040220 host 26245890040221 host 26245890040225 QNTEC MUNICH UNIX 4.2 26245890040262 BDS UNIX 26245890040266 fax 26245890040281 DATUS PAD 26245890040510 26245890040522 PLESSEY SEMICONDUCTORS VAX 26245890040542 D D X - P 44013612xxx Sprint, By: ---===} THE FORCE {===--- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From The depths of - THE REALM - 01/04/1987 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 44013612065 TWICS BEELINE VAX 44013612225 UNIX 44013612272 44013612277 ULTRIX 44013612599 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= T E L E P A K 2405000xxx Sprint by an unknown hacker =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 2405000004 RAM 2405000005 RAM 2405000007 NETVAL - Version 2.02 2405000010 2405000012 2405000013 BAD XRAY 2405000014 BAD XRAY 2405000015 2405000016 ELF VERSION 4.0 Valid commands are: COPy CReate Node CReate Slot CReate Partial DEVice DIrectory DUmp Node DUmp Slot DUmp Partial Gateway Help LOAd Node LOAd Slot LOAd Partial LOCate MESsage Quit REStart The following commands apply to DISK only: CONdense DELete Format REName The following commands apply to TAPE only: SKip REWind 2405000018 2405000020 2405000021 2405000025 2405000030 2405000031 2405000032 2405000033 2405000034 2405000035 2405000042 2405000044 2405000046 2405000050 2405000051 2405000053 2405000055 2405000057 inter-link established from DATAPAK to TYMNET 2405000087 >>> DATAPAK <<< 2405000089 2405000091 2405000099 2405000101 2405000103 2405000105 2405000107 2405000111 2405000113 2405000114 2405000116 2405000119 2405000121 2405000122 2405000123 2405000124 2405000131 2405000133 2405000135 2405000137 2405000162 2405000165 2405000169 Computer Resource Services AB 2405000171 TSL Data AB, DECSYSTEM 2020 #1 2405000173 2405000202 (: PROMPT) 2405000236 not a valid user on this system 2405000237 not a valid user on this system 2405000239 not a valid user on this system 2405000243 host 2405000254 2405000258 SKF GROUP TELENEt 2405000260 ANGE L\SEN 2405000264 2405000267 2405000269 2405000278 2405000279 not a valid user on this system 2405000280 not a valid user on this system 2405000281 not a valid user on this system 2405000282 not a valid user on this system 2405000288 not a valid user on this system 2405000289 not a valid user on this system 2405000290 not a valid user on this system 2405000291 not a valid user on this system 2405000292 not a valid user on this system 2405000293 not a valid user on this system 2405000294 not a valid user on this system 2405000411 T R A N S P A C 208075000xxx Sprint, By: ---===} THE FORCE {===--- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From the depths of - THE REALM - 05/04/1987 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 208075000039 host 208075000059 CICS 208075000062 VOTRE DEMANDE 208075000120 A U S T P A C N U A S. 18/04/1987 ------------------------ The following is a listing of NUA's I came across just recently on Austpac and most of them do not appear on any other listings. At the time I didn't have a NUI, so a lot of them are not identified. 222135000 222135001 222330000 222330002 222330003 222330010 222330014 222334000 222334002 222334003 222334004 222334005 222334006 222334007 222335000 222335005 222335006 222335007 222430000 PRIMENET 19.4_8B SYDN51 222430001 VAX 222430003 X.29 HOST GATEWAY 222430004 "austpac drops the line????" 222430006 222430008 222430009 CAPITAL MARKETS VCON4 MV/10000 222430010 EQUITY'S MV/10000 VCON2 222430011 222430012 222430013 222434002 C&C/EPL VAX CLUSTER 222434005 222434006 222434007 222435000 222630000 222630002 222630005 222630006 222630009 222630010 222634000 222634003 222634010 222634011 222634012 222634014 X.29 GATEWAY SECURITY CHECK 222634015 222930000 222930001 222930002 X.29 HOST GATEWAY 222930004 222930005 222930006 222930011 222930012 PRIMENET 19.4.10q SYD 222930014 222930015 222935000 224121006 224223000 224223002 224323000 224422000 224422006 224423000 224822000 224922000 224922004 226022001 226035000 226334002 226334003 226335000 API VIDEOTEXT 226335003 226335004 226335005 226335007 226335009 226435000 226435002 226435003 226935000 MAYNET 226935004 227334000 227335000 227434000 227934000 227934001 227934002 228022000 228121000 228121002 228123000 228621000 228621001 VAX PING EPPTSA When you get a RNA error, it means you need a NUI to access the system. If accessing via another PAD just use the proper format as explained earlier. I'm working on a complete list of a Austpac NUA's along with MIDAS ones, but that will take some time. Catch Ya Later ----====} THE FORCE {====---- L O C A T I N G P T S N N U M B E R S ------------------------------------------- If you ever have a need to locate an online system belonging to a particular company, it can be a very tall order to fill. However there are few things you can do which will help, although success is not guaranteed. 1> When a Company sets up a data line, It must be registered by telecom to be legal. (Isn't it great to have a friends working there ey?) All data lines are classed a FAX lines, and unless telecom has been specifically instructed not to list the number in any public listing, you will most probably find it listed in the FAX DIRECTORY, which is available from Telecom. It's an equivalent of a phone book with only data lines listed. So, just grab a copy of the directory and look up the company. Chances are that it might be there. One can even find BBS systems in there if they have been registered by the Sysop. 2> When a company sets up their phone network, they usually plan ahead and a lot of times when they get voice and data lines assigned, they will be very close together in value. So, simply look up the victims voice line and try a few numbers lower and higher than the voice number. Again there is a chance of comming up with something. 3> The last resort, is scanning phone numbers in series for a carrier tone. It can take a lot of time, and be very expensive, since we just can't use the same hardware to make toll free calls like they do in the USA. There is a feasable way of doing though. A lot of systems will answer after the first few dial tones, so set your demon dialer program to dial a number, sit there for only a few ring tones and hang up. The longer you let it ring, the more accurate it will be, but more costly, if people have enough time to pick up the phone. If you let it ring about 3-4 times and you have your scanner going at 4am, you should have very few problems, either with accuracy and finance. There are some fancy alternatives like tapping another line, using a phone box etc, but they are too messy. OBTAINING PASSWORDS, INFOLTRATING SYSTEMS ------------------------------------------ There are a few methods available which you can use to get into systems. 1> The most common and by far the least successful in regards to the amount of time waisted is the ole front line security warfare. It basicaly means physically trying to guess a username/password pair for the system trying random, but logical combinations, or using prior knowledge of the system, ie DEFAULT ACCOUNTS, USERNAME STRUCTURES etc. A Sophisticated Sprinter can be a great aid, but it's a good idea to have some prior knowldge of username formats. A system that will actually tell you that a username is invalid, before you enter a password, is as good as hacked. Some PRIMENETS, VM/370's and TOPS-20 systems are about the best examples. 2> Many systems, particularly new ones, tend to have weak points in their front line security which you can use to gain access.. Here is a small list which I have found, but there are many more. - TOPS-20 Systems have a FINGER command before login, which can be used to examine files, mail etc, without the knowldege of a Password. They also have a SYSTAT command which lists the online users which can be used before you login. A lot of them have now been changed and the FINGER command removed, but still there are a few out there. - PRIMENETS, These had a few weak points in the early versions, but a lot of them are now non-existent, if they are running later versions of PRIMOS. It's still a good idea to know about them, because I have found few systems which have not been updated. Ok, when you are prompted for a password on the old primos, and you have a legitimate username, typing CTRL-C for password, can give you access. Another weak point of most Primenets, are the Default accounts, mainly TEST, which often have no need for a password. To crash the system from captive mode into primos, CTRL-P pressed several times will often do the job. CTRL-P when pressed in the right spot will crash into Primos. You will have to spend a lot of time finding the right spot, but every primenet I came across was crashable. I don't usually give this out, but concentrate on the captive communication module. - UNIX's have got so many holes in them that it's really not funny, but to make use of them, one needs to get inside first and there are dozens of defaults to choose from. More about that later. 3> SOCIAL ENGINEERING. Yes, my favourite one. The term has originated in the USA and means BULLSHITING PEOPLE to get them to hand over their passwords quite willingly. If one is to attempt this art, one needs the tools. These are mainly an ADULT voice, since a teenager will get nowhere, and the ability to plan out the conversation and anticipate every responce. Let me give you a few examples: You all know that AUSTPAC NUI's a hard to get, so why not have some dumb secretary give one to you. Firs of all find a victim. The Melbourne University Library is a good one. Next get a few facts together. Ask yourself a few questions. Who am I? 'An Assistant Austpac Operator' Pick a real name from the phone book, jot down the number, address and have it ready if needed. Why Should the Victim give you his Accounts? 'Basically, because there has been a stuff up with Austpac and the last six digits have been lost and you need them to identify the user' just talk about some technical bullshit about the structure of NUI's, how the billing computer stuffed up and how your arse is going to get kicked. Its a good idea to ask the person to come down to the main office. (you know all the details, and so you must). Then suggest the possibility of fixing it all up over the phone. If it's a jerk, you'll get it on the spot, if not, give him a number to call back. Ie a PHONE BOX around the corner. And that's all there is to it. You will be surprised how co-operative people are. The same principal can also be used in few other situations. There is no reason why a system operator can't change the password of another user for you. This was basically my introduction to the art of SOCIAL ENGINEERING and this is what took place: I hacked a Dialcom System 41, which me and a lot of YANKS were using to call ALTOS and other systems. Unfortunatelly, it died for reasons I am still emebarrased about. This is what we did. I knew that the real user wasn't on the account all that often, so she would have not yet known about the death of her account. Fortunatelly, we had a hard copy of the user list in her UFD series and of her mail. (I THINK THIS IS A GOOD TIME TO STRESS THE IMPORTANCE OF RECORDING EVERY BIT OF DATA YOU GET FROM A SYSTEM. IT'S ALWAYS USEFULL AT SOME STAGE IN THE FUTURE. IF ONE IS FORTUNATE TO HAVE A HARD DISK, SIMPLY SAVE ABSOLUTELLY EVERYTHING YOU DO ONLINE, BUT TAKE SOME PRECAUTIONS FOR OBVIOUS REASONS) The first step was to find her details. Ie Address, Phone number, and Christian NAME. We rang up the operator to give us a listing of all AUGUSTINES in the aproximate area as deduced from the mail. There were only a few so we went through them. No luck, she had an unlisted number. Ok, so we called a CNA (CNA is like a information directory, but used by the phone companies emploees only. CNA = Customer Number/Address I think. Unfortunatelly I never came across an Australian CNA, but you can bet they're out there), but the number had been changed, so we rang up a friend who was mentioned in the mail. MRS M.AUGUSTINE worked for NASA so TRADER introduced himself as some important figure in the NASA organization and we got all the details we wanted. All we had to do then is ring up DIALCOM and get them to change the password. We said that the wife was in GERMANY using DATEX-P and that she can't get onto her account, where some important mail was waiting for her. Naturally the password was changed on the spot and no information of any sort was requested. 4> Trojan Horses are another way of getting passwords. It basically involves the simulation of another system login and setting up a few users to take the bait. Ie, Stick your computer onto a phone box at a time a person is likely to call, give that person the number. Ie it has been changed or it's a different system with faster responces thus saving online time etc. Then have your computer to simulate the real login and that's all there is to it. This is a very primitive trojan and I will talk more about them later on and tell you how to set up a few of them on DIALCOM systems. A Most Important thing is to make sure that once you get into a system, you are there to stay, or the effort would have been more or less waisted. Always get all the information you can. Mail, Usernames and any information on the other users. Basically anything the system has to offer, no matter how insignificant it may Seem at the time. DEFFAUL PASSWORDS, VAX, UNIX, PRIMENET, DIALCOM ------------------------------------------------ There is a large variety of systems, but a lot of them have got common accounts. It is always a good idea to try hacking usernames such as TEST, DEMO, GUEST, VISITOR etc, using the most basic and easilly remembered passwords you can think off. Deffault accounts are very usefull indeed and here is a basic rundown of a few major systems: VAX ---- When you encounter a VAX, trying the following may prove quite successfull. USER/USER, GUEST/GUEST, GAST/GAST (if in europe), FIELD/SERVICE, FIELD/TEST, SYSTEM/MANAGER, SYSTEM/OPERATOR, SYSTEM/SYSTEM, SYSTEST/TEST, SYSTEST/SYSTEST SYSTEST/UETP. Also try them in lower as well as upper case, if the system does not translate lower to upper case. If you are lucky enough to get an account with full privs, namelly SYSTEM/MANAGER, or FIELD/SERVICE, look at some of the user names, ie SHOW USERS command, and create your own username of a simmilar format so that it blends in with the backround. To do that, run the ADDUSER or AUTHORISE program in the SYS$SYSTEM directory, I don't think I need to go into any more detail since there are literally hundereds of good files on VAX systems. If you come accross a captive account, ie you are not allowed direct access into DCL (Digital Command Language), typing /NOCOMM can prevent the execution of certain login files which may prevent you from accessing DCL or lower your access level. Example Login: Username: USER/NOCOMM Password: USER $ There is one other important thing about VAX's that is not mentioned in any VAX tutorials I have seen. Some systems are equiped with a X29 gateway or PSIPAD as they refer to it. It's basically what the name suggest, a gateway to PACKET SWITCHED NETWORKS. To activate it, type: $ SET HOST/X29 And the system should respond with 'Node:' You will then find out if the PSIPAD is installed and whether you have the privs to make use of it. END END