---------------------------------------------------------------------------- ============================================================================ \\ \ __________ \\ \ _________ __________________ //// \ \\ \ ||| \ /|\________________/| //// ___ | \\ \ ||| ___ \ / ||___ ____ __| | \\\\ /\\\\/ \\ \ ||| |\\\ \ . |/__/| |\/| |\__\| \\\\ \ \\ \ ||| | \\\ | / /|| | || | | / \\\\ \ __ \\ _\ ||| | ||| | / / || | || | |/ \\\\ \ ////\ ////\ ||| | ||| |. . || | || | | ___ \\\\ | ||| |:|| | ||| | ||| | || | || | | //// \/_// / ||| |:|| |\||| | ||| | ___|| | || | |___ \\\\ / \\\ \// / ||| |/// / /|\__\| |/\| |/___/| \\\\______/ \\\____/\\ |||_______/ / ||________________| | =-=-=-=- =-=-=- \\ =-=-=-=-= . |/_________________\| \\ \ / / ---------------------------------,, / / ||| Southern Underground Digest || . . |\`--------+ Issue II +----------,;; `-------------------------------' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD Su D SuD SuD SuD SuD/|:::::::::::::::::::::::::::::::::D SuD SuD SuD SuD SuD S uD SuD SuD SuD S| |::---------------------------, ::uD SuD SuD SuD SuD SuD SuD SuD SuD SuD | |::XX-=In this issue===:|||XXX| ::SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD| |::=-=-=-=-=-=-=-=-=-=-=-=-=-=| :: SuD SuD SuD SuD SuD Su D SuD SuD SuD Su| |::|Cellular phreaking|Unix | ::D SuD SuD SuD SuD SuD S uD SuD SuD SuD S| |::|080- database|VMB hacking | ::uD SuD SuD SuD SuD SuD SuD SuD SuD SuD | |:::::::::::::::::::::::::::::::::SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD|/________________________________/D SuD SuD SuD SuD SuD Su D SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD S uD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD SuD +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .----, _ .----, .-, ^$#%$%^$/ /#_/ _/%^%^#$%^$#%^#$%^#$%#$%&#$%@#$%#$%| /!@#!@!#$%$#% ^(%^^%(/ /_/ _/^(%^(%^(.-,.---,%^.---,.-,(^(.---,/ |%^(%^(%(^^(%( ::::::/ __/:::.--,::/ _.-,_;:/ .-, /::/ .-, /:::::::::::::: =====/ /\ \=====`--'=/ /======| /==| |==| /==| |=============== ----/ /--\ \--------/ /-------| `--' /--| `--' /--------------- ----`----'----`----'-------`-'---------`---'`-'---`---'`-'--------------- ----------------------.-=.:;%$#5^&@#$@#^#$=-,.--------------------------- .------. _`T#@#$@%^$%^%$. ---------/ .---, \-----------/ /--\#$@##$^%$%%=-.----------------------- | / \ | __ __||__ `:;#$%#$$%&%=-. --------/ |-----/ /---/ \--`-, .-'----/ \#$%#$^%^=-.------------------- | / __/ / | () | | | | () |@#$#@$%&=-. / \__/ _/ / .-, \ | \__.. / .-, \`-:|%#%^'' -------`------'------`-'-`-'---\___.:-`-'-`-'---------------------------- ------------------------------------------------------------------------- $@#$@#$ Toll-free Modem Carriers !@$!@#3 ()()()()()()()()()()()()()()()()()()()() 0800-11-2023 0800-11-2002 0800-11-1009 0800-11-2332 0800-11-2333 0800-11-4422 0800-11-4499 0800-11-6663 0800-11-7710 0800-11-7710 0800-11-7771 0800-11-2249 0800-11-1554 0800-11-5115 0800-11-2201 0800-11-3339 0800-11-3030 0800-11-0606 0800-11-2130 0800-11-0033 0800-11-7717 0800-11-5502 0800-11-5505 0800-11-3339 0800-11-9800 0800-11-9100 0800-11-4114 0800-11-6401 0800-11-6402 0800-11-6455 0800-11-9400 0800-11-3400 0800-11-5707 0800-01-1111 Please start scanning now while it's still legal, and send the numbers in SuD support FREEDOM OF INFORMATION, that is the REAL hacker drive aswell. %#$%#$%$#% UNIX DEFAULTS @!@#$#@$#$% These are default accounts/passwords observed in hosts running UNiX variations including System V, BSD, Xenix, and AiX. These defaults are included in standard setup on various machines so the Sysadmin can log on for the first time. Often the negligent Sysadmin forgets to delete or pass- word the accounts. This makes UNiX machines extremely easy to infiltrate. It suggested that you immediately copy the /etc/passwd file (/etc/security/ passwd in AiX machines!) so you can later run a dictionary hacker and get some other accounts and insure your access. This is list of default accounts which are often unpassworded. If the system asks for a password, try the account name which sometimes works. root bin adm makefsys sysadm sys mountfsys rje sync umountfsys tty nobody checkfsys somebody setup lp powerdown ingres dptp general guest daemon gsa user trouble games help nuucp public unix uucp test admin student standard pub field demo batch visitor listen network uuhelp usenet sysinfo cron console sysbin who root2 startup shutdown ncrm new transfer tlxman ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~VaX~VaX~VaX~VaX~VaX~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a list of default VAX/VMS logins when the sotware is installed USERNAME PASSWORD -------- -------- DECNET DECNET SYSTEST UETP SYSTEST SYSTEM SYSTEM DEFAULT DEFAULT FIELD FIELD OPERATIONS OPERATIONS SUPPORT SUPPORT DEC SYSTEST_CLIG CLIG SYSTEST TEST -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-= acking hacking hacking hacking hacking hacking hacking hacking hackin____cking ha____hac____ hac____hac________king hacking h hack \---\cking /---/ |----\ h/----|h |-------\king hacking g hack \ \ \cki / / /ng | .-, \/ .-, | |\ .--, \|king hacking ng hack \---\k /---/kin |-| \__/ |-|g |--`--'-_/cking hackin ing hack \ \ \/ / /acki |/|ac g |\|n | \.--, \ acking hacki king hack \------/ hack |-|hacking |-|i |--`--'--|hacking hack cking hack \____/ng hac |_| hackin |_|k |_______/ hacking hac acking hack hacking king hac c hacking hacking hacking hacking hacking hacking hacking hacking hacking hackin (Oh....btw, a hacker doesn't mean: computer criminal) VMB = Voicemail Box Voicemail is a cool thing, it's fun to have to keep in contact with all those fellow hackers and phreaks, by voice, without phoning them. Voicemail systems are usually a normal PC with a fax/modem/ answering machine, running some fancy software to let it carry voicemail. Telkom in South Africa provide a number of different PBX's, so I will give you a short description of them aswell. PBX=PRIVATE Branch Exchange ^^^\^^^ `--this means PRIVATE, owned by a company(maybe hired from Telkom, but it's still on the company's premises providing an internal phone network. Almost all (if not ALL) of Telkom's PBX systems are produced and developed by Siemens. -First you get the HTS (Home telephone system) wich are usually used in homes because it can handle (I think) not more than 10 extentions. It just puts phones on various places around a house, with an intercom facility. -Then there's the BTS systems that are much more advanced, they can handle thousands of extentions, and have an operator, usually the receptionist of a business. *PABX=private automatic branch exchange just means it's a PBX that's automatic, so if you use one of the phones connected to it, you don't have to ring the operator and ask her to put you through to the certain extenstion/phone you want to be connected to. Although incoming calls are usually handled by the operator. BTS/PABX systems we have here in South Africa (Telkom's BTS and Telkor's Lucy/Sarah etc.) have various different functions, like call waiting confrencing, call forwarding, ringback when connection found, automatic answering, electronic operator, call breakin by operator, billing monitor, call restrictors and VOICEMAIL. --------- There are 2 parts a phreak are interested in when he found a PABX with auto answering: a) Voicemail boxes to hack and keep. b) Dialout line. Some myths hang around about a PBX, and that is about the dialout line. Some say if you dial a PBX, you get a dialtone, which is true....BUT... You have to control the PBX with your touch tone phone to go to the certain extention where the external line is, then you'll get the dialtone. When you dial a number and a get an immediate dialtone it's a divertor, and 011-927-00xx is NOT a divertor, and neither a PBX. ^^^--just a bit more crazy than 227 Voicemail is fun.... so I'll introduce you all to it by practical experience, information wants to be free, or not? There are 2 systems me and some other people have used.... 1st there's Microsoft Institute, on 0800-111332. They recently upgraded to a Siemens system with 100+ extentions, expanable to about 9000. The problem is that the thing only operates after 19:00 and until about 6:00, so DON'T phone them during the day and piss the people off, or else the system will be lost. The other problem is, I'm not sure if they upgraded that yet, is that the system can only handle 1 incoming call at a time, wich is nasty when everyone wants to explore the system. The second system I found (I scan a hell lot, and feel like the only one doing it, so I'm the only one getting all the cool numbers ;) ) is Vodacom's, they have a lot of hackable boxes left, but rush, or else you will not be able to get a box, AND STAY AWAY FROM "BROADCAST" MAILBOXES, because the messages sent to these boxes gets copied to a lot of other VMB's, and this system was not set up to be used by hackers. My box is 1054, if you want to send me some message. For a time we shared box 2299, I'll give you the password, but please remember that we use it to share information, HACK, but don't hack to cause havock, like changing the password, and thinking you are so eleet because you actually managed to do such a thing that takes that high amount of mental ability. Any idiot can do it, so don't try to prove that you are an idiot, leave questions in there, try to be funny aswell, I usually answer questions in there personally. The numbers for the system is: 0800122122 : Afritel (A Vodac Company) 0800111717 : Vodacom Customer Services 0800111719 : Vodac Customer Support All of them go to the same system, but be carefull. Better safe than sorry, keep a high profile among others, but a low profile among the Vodac people, or else the system will be wasted and lost. (The password for box 2299 is 3133) Other systems: 0800111060 0800111818 |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_| |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ |_ /\ /\ /\ \ / \ / \ / \ / .////\ ////\ | | | | //' // \/ | | | | /\..// /\ // / \ / \ / \ / \ \///' \/// \/ \/ \/ \/ ___ __ _ ___ _ ___ ________ | | | | / __\_| | | | _\| | / _ \/ .----, \ | | | | | / ___| | | | |_|| | | |_| | | .-,| | / \ / \ / \ / \ | | __|| | |_| __/| |.`-. _/| | `-'| | \/ \/ \/ | \____| |___| | | .--.\ | | .-'| | \___/ |_____|_| |_| |_| |_| `--|_| `----' )()(()()())()(())(())(()()()()(()()())(()()()()()()() ()()()())(()()()()())(()()())(()()())(()()()()()()()) ()()()()()()()() There are a lot of philes out on the workings )()()())()()() of a cellular phone and the phreaking of it, but ()())(()()() none of them are actually worth anything for our ()()()()() purposes in South Africa. ()()()(( Internationally there are 2 common standards, TACS and GSM (GSM sounds familiar, not?) TACS [Total Accss Communications System] are the analog system used in the UK and other coutries, while GSM [Groupe Speciale Mobile; or more commonly: Global System for Mobile Communications] the digital system used in South Africa describe. The main 2 differences between the 2 standards are that: a) TACS is analog and GMS is digital b) The user's info is programmed into the TACS phone, and with GSM the users info is contained on a chip on a SIM card. Both phones use compression, TACS use companding, while GSM use CODEC with COdes and DECodes the analog singal to a compressed digital one. The compression allows both systems to carry 1000 channels in the permitted frequency band, in other words...up to 1000 phones per cellular area. Because GSM use time slicing, phones further from the station have a timing advance system, where phones further can send earlier to fit into one of the 8 slots of time slicing, but this sets a limit of 35km for the phones. With TACS you can go further if you have a more powerfull phone. Vodacom and MTN are both GSM providers, that is bad news. We get certain advances with GSM, like cheap wireless ISDN, but phreaking is hard. Overseas cellular phreaks just change the electronic ID of the phone to the one of another phone by reporgramming the EPROM. EPROM burners and the correct software are easy to come by and reprogramming can be done by anyone that knows a bit about modern wireless communication. To phreak with GSM you have to first have a phone that is not registered anywhere, like in import one from overseas, like Germany or the UK. Just to make sure when they sniff out the phone that they wont go directly to you. Rewriting the SIM card is not easy, although it's an EPROM, it can't be erased and written to because of a special coating that filters out ultraviolet light. So your first task is to either make you own chip, or an interface to your PC, so the PC will emulate the workings of the chip. I'm very sorry that I lost the PIN-out diagrams of the chips used on various types of cards, but maybe it's still present on Cyberlogic BBS, because I uploaded it there some time ago. The thing is, GSM is global, and overseas GSM phones present in South Africa can phone wherever they like, the billing is just passed over to the overseas company, but they have no real-time information here, so if you fake an overseas cellular phone, they will bill a nonexistent subscriber of an overseas telephone company, wich is cool. Because GSM used encryption by a temporary identifier (TMSI), you can't get the subscribers data from another phone by scanning, and let your calls be billed on someone else's account, except if you get physical access to his SIM card. A good step is to first work on hacking the cardphone cards, and then you can move on the cellular stuff. Have fun, and keep me posted on your research. --<()()()()()>-- Okay, I hope any of the info will help anyone, if you would like to send comments, articles, flames etc. to me....either send it to: ktucker@docnet.infolink.co.za (or maybe ktucker@infolink-is.isnet.net) or just to _Z0rpHix H0_ on Virus Polytechnics. If you find places where some of the info are crap or totally incorrect, flame me publicly on VP, so all would be directed in the correct way. If you are wrong, I will flame you so much that Hiroshima would look like nothing compared to your burned rests. l8r END END END END END END END END END END END END END END END END END END END END END END END END END END END END END END END END END END END END END EN D END END END END END END END END END END END END END END END END END END E end of phile dewd