FFFFFFF    EEEEEEE     HHH    HHH
                  FFF        EEE         HHH    HHH
                  FFFFFFF    EEEEEE      HHHHHHHHHH
                  FFF        EEEEEE      HHHHHHHHHH
                  FFF        EEE         HHH    HHH
                  FFF        EEEEEEEE    HHH    HHH
                   
                   U          L           A 
                    X          E           X
                     I          E           O
                      N'         T           R

			       Issue #1
                            July 1st, 1995

                             
			  Editor:  ReDragon
 Fuxin' Eleet Haxor of the Month:  Hotrod
  Fuxin' Eleet Haxor Member List:  TOP SECRET
      Official FEH Porn Supplier:  twi
Official passed out drunk of FEH:  y
          Official FEH bartender:  thomas
       Chicago subsidiary of FEH:  l0ck
          Official FEH Historian:  SnoCrash
     Official FEH Warez Supplier:  X
     Official FEH telco security:  Dale Drew 
       Official FEH distribution:  Dark Tangent
         Official Vehicle of FEH:  Saab
            Official Song of FEH:  Thriller
 Official Alcoholic Drink of FEH:  Goldshlager
          Official domain of FEH:  feh.org
       Our current email address:  feh@pussy.org

 Greetz To (if we left you out, itz cuz we dont got yer inpho) : 
aky, al, albatross, antichrist, armitage, artimage, baccahbar,
barnasch, basehead, bedlam, blackdeath, blackfire, bluesman, c-curve,
c_cipher, captain ahab, captain hook, ccrider, cerbus, chaos, clovis,
corak, crax, crimelord, crushed puppy, cyntaxera, cyrix, d-fens, datarape,
deathstar, defcon4, deker, digital, discodan, diskjockey, dob, dr. freeze,
dragonlady, drd00m, dreamweaver, drmenace, drunkfux, drwarfare, dupre,
eek, elastic, erikb, eternal, etrigan, excelsior, firefly, fisch, 
frank carson, freiheit, friede, genx, gfm, gheap, ghornet, grayareas,
greylock, greystone, harvard, hellfire, henry, hos, howcum, hypnosis,
interrupt, joybubbles, kc, kewp, kl, kracker, kurupt, leigh, lexicdvl,
liquidice, loq, lordoptic, m0rph, mafiaman, malice, meowmix, mindcrime,
mindscrew, moonchild, mrpurple, mrx, musicphreak, mycroft, nc-17, neophyte,
niaht, nimrod, nitro187, noel, novocain, nyar, nynex, olphart, omega,
opiate, oreo, pandora, paradox, pclord, plant, play, pmf, purpcon, pyro,
qwik, r-a-d, radikahl, radman, rahdude, ratscabies, razor, rebel, redskull,
rhit, roach, scojack, sevenup, silicon, sl, slammer, slpwalker, socket,
solstice, sparhawk, speedrcr, sphice, splice, sserpent, stealth, strauhd,
studload, subzero, swinder, tedbundy, tek, tekone, tele, tewph, tinyz,
totlvizn, tsoul, utahsaint, valgamon, virus, visionary, winter, wozz,
xn4rk, xymox, z1nk, zaphod, zorphix


				Ahoy!
      That's how Alexander Graham Bell used to answer his phone.
		For some reason, it never caught on...

Well, here it is.  The first issue of FEH, a 'zine in its incarnation already
famous and destined for greatness.  Richard Steele, ex-cia agent, says of
FEH, "my penis is HUGE".  While I'm not sure exactly how this relates to FEH,
he IS ex-cia, so we better publish whatever he says.  Erik Bloodaxe, aka
Chris G., when asked about the prospects of facing a FEH issue against Phrack,
exclaimed "dude, i own you.  i mean, we're all running yer scripts anyhow."  
Grayarea, publisher of, oddly enough, grayareas, wrote about our release,
"spell it Gray Areas."  Perhaps most impressive of all, Emmanuel Goldstein,
when faced with the certain demise of 2600 given FEH's release, commented
"will you leave me alone if i give you a quote?"  And so, without further
adieu, I present to you, FEH #1.


 
Table of Contents:
 1.  Intro (you've already read that part if you've gotten this far)
 2.  Table of Contents (maximum recursion depth exceeded)
 3.  Editorial by Fuxin' Eleet Haxors
 4.  /var/spool/mail/feh 
 5.  Some C code by Fuxin' Eleet Haxors
 6.  hack logs by Fuxin' Eleet Haxors
 7.  "Just how eleet is FEH" by Rasputin Worldmonger (thats not his real nick)
 8.  "Teleconf stuff" by Morph (ed: this was too complicated, i didnt read it)
 9.  "Ways to amuse yerself" by Rush2 (other than masturbating)
10.  "The Tack Story" by Hotrod
11.  "The Birth of FEH" by SnoCrash
12.  An Interview with Dale Drew [part 1] by ReDragon
13.  "How to Hack Using Scripts [part 1] by Seven Eleven
14.  "How to Hack a Toaster Oven" by bl0ke

To Submit articles for future issues of FEH (expect it to be released every
month or so), e-mail ReDragon (current address: redragon@chewy.wookie.net),
or contact him through other means (most people know where to find ReD).
   


// 3.  Editorial

Too many people that are in the 'scene' today seem to do nothing but hoarde
things.  Send me this, gimme this seems to be the prevailing attitude of the
day.  If you are going to get on the net and try to hoarde anything, make it
knowledge.  Spend your time learning instead of trying to get toolz out
of people and figuring out who the newest irc chick is.  Sometimes that
means talking to people on irc, but most of the time that means getting out
there and doing it yourself.  Its fine if you want to do the whole social
scene of hacking or phreaking or warez or ansi, they are all different but
in essence, they are all about entertainment on IRC.  But at the heart of
them is a common goal, why which ultimately people are judged.  Which of
these groups have the purest goals?  To have all the warez?  To make the
coolest ansi or demo?  To setup a conf?  No, its knowledge.  And that's
why we are fuxin' eleet hackers.  And that is our ideal.  Now, you may see
us on #hack 24 hours a day, but trust me, we idle a lot, and despite the 
fact that we may be active in the 'social scene' of hacking, it is what we
are doing in another window while the irc screen scrolls that makes us
fuxin' eleet, not what we do on IRC.  
                                        - All the members of FEH



// 4.  /var/spool/mail/feh

Someone sent this to one of the FEH members, anonymously, so we dunno
where it came from or who wrote it.  The names were removed to protect
the obviously guilty...

Most of the stuff is from my latest performance report.  Prior to that I
worked in the Computer Security Branch as the Virus/Pc expert.  In that
capacity I was responsible for taking care of any and all problems concerning
viruses and P.C.s.  I was taken from a shop where I was doing communications
security due to my extensive knowledge of p.c.s and my decent programming
skills.  They needed someone with some knowledge and foundation in taking
care of Personal Computers.  I established a base line program for dealing
with computer viruses, handling copyright issues and dealing with user 
problems associated with Personal Computers.  We were having some difficulty
with users not being able to distinguish between viruses and program 
gliches due to software problems.  That's where I came in.  O.k. from there
they figured out that I am very good with computers.  They needed someone to
handle Network Security who could do tiger team actions and monitor our 
networks.  They felt due to my computer knowledge I would be the most viable
candidate.  The following is directly from my performance report.

"Expert in all aspects of Wide Area Network(WAN) security support.  
Responsible for executing all portions of periodic system security audits 
to find and correct host security vulnerablilities.  Assists HQ USAF Local
Area Network (LAN) systems administrators and customers in implementation of
security safeguards on all UNIX hosts.  Proactively analyzes Network 
Security Monitors (NSM) logs for indications of attempted or successful
intrusions.  Systems administrator for DSST SPARC station platforms."

"Heart of the agency's newly established wide area network security program.
Developed and documented procedures for monitoring the HQUSAF backbone.
Security program has led to the most protected network within the DOD 
rated by the Defense Information Systems Security Agency as the best of 9000
systems audited by its elite Center for information Security.
Performs aggressive quarterly security audits of the HQ USAF WAN.
Created software tools and new hacking techniques used by the Air Force 
Information Warfare Center for their on-line surveys of worldwide sites.
Resident expert on UNIX security.
Trained counterparts throughout the agency on our methodology enabling 
them to secure their networks.
Regularly called upon by outside agencies for assistance.
Expertise passed to other system administrators through articles published
in directorate's security newsletter."

"leader who has brought the agency's network security program from the 
infancy stage to a mature sustainable program which has Air Force wide
recognition.
Knowledge of UNIX security and leading edge hacking techniques makes him 
a valued source of information thoughout DOD."



// 5. Some C code by Fuxin' Eleet Haxors   

fehit.c (we ran this through itself):
/* TH1S W1LL MAK3 Y0UR F1L3S FUX1N' 3L33T */
#1NCLUD3 
#1NCLUD3 
#1NCLUD3 

MA1N()
{
CHAR L1N3[100];
CHAR C;
1NT 1;

WH1L3(G3TS(L1N3))
  {
    F0R(1=0;L1N3[1];1++)
      {
        L1N3[1]=T0UPP3R(L1N3[1]);
        1F(L1N3[1]=='3')
          L1N3[1]='3';
        1F(L1N3[1]=='1')
          L1N3[1]='1';
        1F(L1N3[1]=='0')
          L1N3[1]='0';
      }
    PUTS(L1N3);
  }
}

The world's most fuxin eleet credit card generator (yes it works):
main(){int i,x,n=1,t,s=0;scanf("%d",&i);for(;n to crash a single NetCruizer lamer
echo *** /crashall to crash all NetCruizer lamers off IRC (will lag you)
echo *** Note that users crash immediately but do not leave IRC until the
echo *** server gives them a ping timeout.

Secure your PC using your joystick to enter your password:
[ed note: whoever wrote this should be shot, unless they have greatly
          grown and only code in C now and anyhow I was only like 13
          when I wrote it so gimme a break, fuck you ed!]
   
{$M 1024,0,1024}
uses dos,crt;
var    TimeTick : procedure;
type   joystickrec = record
    b1 : boolean; b2 : boolean; x  : word;y  : word; end;
  plist = record
     pbyte : byte;   next  : pointer; end;

var joy : joystickrec; pass: boolean;isleft: boolean;
  leftit: byte; rightit: byte;pb: byte;i:byte;
   pfile: file of byte;xl,xc,xr : boolean;
    yu,yc,yd : boolean;a,b:pointer;
    pl,pl1: ^plist;

procedure brk;
interrupt;
begin
end;

procedure readjoystick(var joystick:joystickrec);
var regs: registers;
begin

    regs.ah:=$84;
    regs.dx:=$00;
    intr($15,regs);
    if (regs.al AND 16)=0 then joystick.b1:=true else
                           joystick.b1:=false;
    if (regs.al AND 32)=0 then joystick.b2:=true else
                           joystick.b2:=false;
    regs.ah:=$84;
    regs.dx:=$01;
    intr($15,regs);
    joystick.x:=regs.ax;
    joystick.y:=regs.bx;
    xl:=false; xc:=false; xr:=false;
    yu:=false; yc:=false; yd:=false;
    with joystick do begin
    if x<10 then xl:=true;
    if (x>=50) and (x<=150) then xc:=true;
    if (x>150) then xr:=true;
    if (y<10) then yu:=true;
    if (y>50) and (y<100) then yc:=true;
    if (y>100) then yd:=true;
end;
end;
procedure writetf(bol:boolean);
begin
if bol then write('True  ') else write('False ');
end;

procedure readfail;
begin
writeln('Verifying Joystick Input....');
writeln('Unable to Verify Password - System Halted');
halt(0);
end;

procedure xcenter;
begin
with joy do begin
repeat
readjoystick(joy);
if (not yc) then pass:=false;
until xc or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;

procedure ycenter;
begin
with joy do begin
repeat
readjoystick(joy);
if (not xc) then pass:=false;
until yc or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;

procedure left;
begin
with joy do begin
repeat
readjoystick(joy);
if (not yc) or (xr) then pass:=false;
until xl or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;

procedure right;
begin
with joy do begin
repeat
readjoystick(joy);
if (not yc) or (xl) then pass:=false;
until xr or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;

procedure up;
begin
with joy do begin
repeat
readjoystick(joy);
if (not xc) or (yd) then pass:=false;
until yu or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;

procedure down;
begin
with joy do begin
repeat
readjoystick(joy);
if (not xc) or (yu) then pass:=false;
until yd or (b1 and b2);
if (b1 and b2) then readfail;
end;
end;

procedure press1;
begin
with joy do begin
repeat
readjoystick(joy);
if (b2) then pass:=false;
until b1;
if (b1 and b2) then readfail;
end;
end;

procedure press2;
begin
with joy do begin
repeat
readjoystick(joy);
if (b1) then pass:=false;
until b2;
if (b1 and b2) then readfail;
end;
end;

procedure nopress1;
begin
with joy do begin
repeat
readjoystick(joy);
if (b2) then pass:=false;
until (not b1);
if (b1 and b2) then readfail;
end;
end;

procedure nopress2;
begin
with joy do begin
repeat
readjoystick(joy);
if (b1) then pass:=false;
until (not b2);
if (b1 and b2) then readfail;
end;
end;

begin
readjoystick(joy);
Writeln('Joystick Password Verification');
Writeln('------------------------------');
Writeln('Please Input Your Password with the Joystick Now');
Writeln('Press both joystick buttons simultaneously to verify your password.');
getintvec($1b,a);
getintvec($23,b);
setintvec($1b,@brk);
setintvec($23,@brk);
assign(pfile,paramstr(1));
{$I-} reset(pfile); {$I+}
if ioerror<>0 then begin
  writeln('Could Not Read Password - System Halted');
  repeat until 1=0;
  end;
new(pl);
while not eof(pfile) do begin
  read(pfile,pb);
  pl^.pbyte:=pb;
  new(pl1);
  pl^.next:=pl1;
  pl1^.next:=nul;
  pl:=pl1;
  end;
close(pfile);
repeat
pass:=true;
leftit:=0;
isleft:=false;
with joy do
begin
xr:=false;
for i:=1 to 5 do begin
  xcenter;
  left;
  end;
xcenter; right; xcenter; up; ycenter; down; ycenter;
for i:=1 to 5 do begin
  xcenter;
  right;
  end;
xcenter; left; xcenter; up; ycenter; down; ycenter;

for i:=1 to 4 do begin press1; nopress1; end;
for i:=1 to 3 do begin press2; nopress2; end;
for i:=1 to 2 do begin press1; nopress1; end;
press2; nopress2;

repeat
 readjoystick(joy);
until (b1 and b2);
if (pass) then begin
writeln('Verifying Joystick Input...');
writeln('Password Verified - Continue');
end
end;
if (pass)  then begin
   gotoxy(1,18); writeln('ACCESS DENIED - INCORRECT PASSWORD');
   sound(500); delay(100); nosound; delay(100); sound(500); nosound;
   sound(500); delay(100); nosound; delay(100); sound(500); nosound;
   end;
until pass;
setintvec($1b,a);
setintvec($23,b);
end.



// 6. Fuxin' Eleet Haxor Logs by Hotrod

As an offering to the public to prove FEH's obvious superiority to l0ck, 
I decided to demonstrate a n00 h4q t3kn1qu3 recently developed in the FEH 
laboratories, located on a secret island in the Atlantic ocean.

The n00 h4q t3kn1qu3 has been demonstrated on wopr.mil, once regarded as 
one of the most secure machines on the net.  This machine alone 
determines whether or not to launch the nuclear missles of the United 
States.  It runs on the US Military's top secret propriatary OS "Lesb/OS".  
Lesb/OS machines are no match for the awesome power of FEH.  

FEH proudly offers the following:

---

Log start 5/30/95 22:17:36

feh.org# uname -a
UNICOS feh 4.3.5 #5 Tue May 30 22:17:36 EDT 1995 T3D
feh.org# whoami
root
feh.org# telnet -safe wopr.mil
Trying 194.33.43.1...
Connected to wopr.mil.
Escape character is '^]'.

     Don't even think about haxoring this site, bud.
     Try if you like, you will fail.
     Just don't get caught, or you'll pay the price.

wopr login: root
password:             (we tried root)
Login Incorrect

wopr login: root
password:             (we tried no password)
Login Incorrect

wopr login: root
password:             (we tried pencil)  
Login Incorrect

Ok, obviously our traditional hacking methods weren't working out at this
point.  We decided to go for some more sekretive methods...

wopr login: lemmein
password: 
Login Incorrect

wopr login: iamfeh
password:
Login Incorrect

wopr login: HEYASSHOLEIMROOTATFEHORGLEMMEINORYOUREDEAD
password:

Welcome to Lesb/OS 2.2.12
Last Login: NEVER

News:

The Lesb/OS upgrade to 2.2.12 was successful, we apoligize for any 
inconvenience this may have caused.

As of 5/28/95 @ 20:34 hours, we have been restored from Defcon 4 to 
Defcon 5.
__

You have no mail.

wopr> pwd
/home/fehroot
wopr> cd /bin
wopr> ls -al sh
-rwxr-xr-x   2 bin      bin      131072 Feb  3 01:53 sh
wopr> chmod 4755 sh
chmod: sh: not owner.
wopr> ~/look.im.feh.and.if.you.dont.follow.my.orders.youre.fucked
wopr# whoami
root
wopr# ftp
ftp> open feh.org
Connected to feh.org
220 feh FTP server (UNICOS feh 4.3.5 #5 Tue May 30 22:54:18 EDT 1995 T3D)
ready.
Name (feh.org:root): feh
Password (feh.org:feh): 
331 Password required for feh.
230 User feh logged in.
Remote system type is UNIX.
Using binary mode for file transfers.
ftp> lcd /etc
Local directory now /etc
ftp> get fehmotd
200 PORT command successful.
150 Opening BINARY mode data connection for fehmotd (1056 bytes).
226 Transfer complete.
1056 bytes received in 0.021 secs (49 Kbytes/sec)
ftp> quit
221 Goodbye.
wopr# cp /etc/fehmotd /etc/motd 
wopr# cat /etc/motd

Congratulations, You've Been Haxored by the Best!

                           It wasn't LOD......
                           It wasn't l0ck.....
                           It wasn't m0ck.....
                           It wasn't mitnick..

                        You've been hacked by

                      FFFFFF   EEEEEE   HH   HH
                      FF       EE       HH   HH
                      FFFFF    EEEE     HHHHHHH
                      FF       EE       HH   HH
                      FF       EEEEEE   HH   HH
                       uxin     leet     axors

You are likely to go through several stages of emotions at this point.
First, denial, then anger, then acceptance that we are the most fuxin
eleet haxors.  In fact, you better hope we are, cuz if we aren't fuxin
eleet and we still haxored yer system that means that yer a pretty fuxin
shitty sysadmin now, doesn't it?  FEH is roxin' the net, tell all yer
friends we will soon be visiting their site, I hope they will be kind
enough to leave the door as open as you were.
wopr#  
[Subsequently removing any trace of this machine from the net deleted.]

Comments:

Easier than even we at FEH thought it would be.  We drove the machine into
such fear, that in our presence it gave us root.  Note that we never actually
modified anything, or even ran any new shell, the machine simply 
submitted to our eliteness, and, in a possible attempt to garner mercy at 
our hands, gave us root without making us go through the formalities.

Our work remains solid in this wonderful sight:

feh.org# whois -h nic.ddn.mil wopr.mil
No match for "WOPR.MIL".

Please be advised that this whois server only contains DOD Information.
All INTERNET Domain, IP Network Number, and ASN records are now kept in
the new Internet Registry, RS.INTERNIC.NET (198.41.0.5).
feh.org#



// 7.  Just How Eleet Is FEH by a Fuxin' Eleet Haxor

  1 AM A PR0UD M3MB3R 0F FEH.  1 SAY THAT PUBL1CALLY, 1 SAY THAT L0UDLY, 1
SAY THAT STR0NGLY, AND 1 CAN SAY THAT CUZ W3 FUX1N R00L.
  W3 AR3 3L33T.  N0T 0NLY THAT, BUT W3 AR3 3L1T3.  3L33T AND FUXK1NG R0CK1NG.
W3 AR3 S0 C00L THAT W3 HAV3 R3C0NF1GUR3D R0UT3RS T0 AUT0MAT1CALLY G1V3 0UR
PACK3TS H1GH3R PR10R1T13S.  W3 0WN APPR0X1MAT3LY 37% 0F ALL UN1X MACH1N3S 0R
R0UT3RS 0N TH3 1NT3RN3T.  W3 SN1FF C1X, MA3-3AST, TH3 CH1CAG0 NAP, AND C3RT.
  1N SH0RT W3 R0CK.  H0W CAN W3 R0CK TH1S MUCH, Y0U M1GHT ASK?  W3LL, THAT'S
R3ALLY A S1LLY QU3ST10N, AND Y0U'D B3ST N0T ASK 1T, B3CAUS3 W3'V3 SCR1PTS
S3TUP 0N 0UR SN1FF3RS (APPR0X1MAT3LY 4000 MACH1N3S HAV3 AUT0SN1FF3R/F1LT3RS)
THAT W1LL MA1L US THAT Y0U'R3 TALK1NG AB0UT US.
  1N SH0RT - WATCH 0UT.  W3 AR3 TH3 P30PL3 WH0 RUN TH3 N3T.  W3 AR3 TH3 P30PL3
WH0 BACKD00R3D PGP, W3 BACKD00R3D B1ND, W3 BACKD00R3D ARGUS, TCP_WRAPP3RS, AND
1F Y0U KN3W H0W MANY ST0CK B1NAR13S 1N S0LAR1S, 1R1X, AND A1X W3 HAV3 TR0JAN3D
1N TH3 C0D3R'S MACH1N3S, Y0U'D SH1T Y0UR PANTS.
  W3 R3C0NF1GUR3D R0UT1NG AT TH3 NAPS AND C1X B3CAUS3 TH3 FAT FUX WH0 RUN TH3
NAPS AR3 T00 FUCK1NG STUP1D AND LAZY T0 D0 1T R1GHT.  1T D1DN'T HURT THAT TH3
PACK3TS TRAV3L 0V3R TH3 SN1FF3R'S 3TH3R, BUT 3V3N W1TH THAT 3XTRA (TRANSPAR3NT)
H0P, W3 1NCR3AS3D 3FF1C13NCY BY 3.2 %.
  BUT TH3 0NLY TH1NG Y0U R3ALLY N33D T0 KN0W 1S THAT W3 AR3 FUCK1NG 3L33T,
W3 AR3 HACK3RS, AND W3 W1LL D0 WHAT W3 WANT.  D0N'T TRY T0 R3S1ST US, W3 W1LL
0V3RC0M3 ANY S1LLY C3RT ADV1S0R13S Y0U PUT 0UT.  W3 AR3 TH3 0N3S WH0 S3TUP
M1TN1CK'S BUST, B3CAUS3 W3 W3R3 T1R3D 0F H1S S1LLY PR3SS.  W3 AR3 TH3 0N3S
WH0 MA1L3D SH1M0' TH3 L0GS.  W3 AR3 FEH.  W3 AR3 Y0UR FR13ND, UNT1L Y0U M0V3
AGA1NST US.  AND TH3 Y0U W1LL F1ND Y0UR SYST3M, Y0UR T3L3PH0N3, Y0UR B1LLS, Y0U
L1F3, MUCH M0R3 D1FF1CULT.  
  L0V3 FEH - W3 AR3 Y0UR MAST3R, AND W3 AR3 Y0UR 0WN3R.  B3 G00D T0 US, AND W3
W1LL TR3AT Y0U W3LL.  R3B3L AND F33L PA1N.
[FEH] 3VANG3L1ST - RASPUT1N W0RLDM0NG3R



// 8. Something about Teleconferencing Stuff by Morph

              An Overview of American Teleconferencing Service,
     ^..^          their relationship to IBM, and TiNets         ^..^
     (oo)  - eye                [Part 1]                         (oo) - me 
    (  . )  phear   researched and compiled by Morpheus         ( .  ) too
     `. '    feh   with thanks to Prophet and also the           ` .'
       .            cooperative employees I spoke with.           . 
     PHEAR                                                      PHEAR
    -=FEH=-    root:Donteventhinkofit:0:1:Operator:/:/bin/csh  -=FEH=-
                            -[*.gsfc.nasa.gov:/etc/passwd]
                             
                        Kopyright (k) Morpheus 1995,
                            all rights reserved.
     [ed note: feel free to steal this and claim it as your own]

--------------------------
 Introduction
--------------------------
A Canadian affiliate of CAFBL tipped me off that IBM teleconferences had been
used before through a toll free line. So I investigated how IBM teleconfs are
setup, who makes them with  what software, and how to access IBM conferences.

Well I called up IBM's toll-free  information  line  available  from the 800#
index and began a very blunt attempt to socially engineer teleconfs from IBM.
The guy I talked to with told me to work through my  regional  directors, not
through the software information  line, and he gave me the number to American
Teleconferencing  Service,  which  exclusivly handles IBM extrenal teleconfs.
American  is  a  southern  company, located in Tousan, AZ. 

This was originally designed  as  a scam article, a step by step guide to the
tricks  and  traps  involved with setting up American Teleconferences through
IBM. Upon  further  consideration, I went back and edited the article to make
it more informational and less "LeT'z HaCk Th0sE FuCkeRz!" I am sure that the
rewording of this  paper  will not make fraudulent use of the information any
less compelling, but I do feel sure that half-assed phreakers would be better
off sticking with old AT&T.
[ed note: 
 i wish he just gave us codes, all this technical stuff makes my head hurt.]

--------------------------------------
 A look at an American Teleconfernce
--------------------------------------

American Teleconferences conference setup looks like this:

===========================================
 - 6500800 - TiNet Dialin - Accessible to IBM and not you.
 - 7194440800 - External Dialin - Regular Telephone number.
 - 157998 - Conference ID - Use this to access account and conference.
===========================================

Also, American teleconference offers an optional toll free line to dial in to
the conference. This is the only option they offer for external access to the
conferences.  TiNet  works  from probably all IBM phone lines, by dialing 271
followed by the TiNet number.

American works on a fairly primitive conferencing system, they simply connect
each line to the other lines as they call in. There is no  conference hub, so
if you're the first caller, you get put on hold until the  next  caller comes
in. The music sucks, i mean, this is really terrible music.
[ed note: you might like the music, some people set these confs up themselves
          just so they can hear the hold music, and nobody ever calls.] 

An automated conference conection does not exist, and there is no real access
code  to  enter.  Once  you  dial into the conference, you are greeted by the
operator  who  asks you for you conference ID number and your name. A list of
names can be generated and given to the operator before the conference.

---------------------------
 How American Operates
---------------------------

All  IBM  groups  that  use  American  have  files  in  American's Databases.
Contained in your file  is  your  name,  title, office phone, office address,
which  will also be your billing address, and your department number. This is
an example of  what the file would look like when brought up on their screen:

========================== ============
Name [ Bruce Sterling ] : [ Hi Bruce ]
Dpt  [ # 5176       ] : [  from the last 4 digits of phone number ]
Addr [ 227 Maple Lane ] : [ Office adress / billing adress ]
Addr [ Phila PA 19191 ] : [ Use the closest corp/office ]
Phon [ 512-323-5176   ] : [ Office Numba ]
XXXX [ Billed 1/11/11 (status)   ] : [ Did yew pay your bills? ]
XXXX [ Billed 1/11/11 (status)   ] 
XXXX [ (Notes) ] : [ He writes books  ]
========================== ============

This is certainly *not* a screen capture, so the screen the operator will see
is very probably more  complex. Also the Fields represent variable areas, you
probably get a  better  idea of what the operator is thinking when talking to
you through this.
[ed note: the operator is probably thinking about how her life ended up
          so miserably that she is working as a telephone operator.]

Billing  status  can include a refuse notice for delayed payment or whatever.
The Notes can  be preferences, such as toll free access or possibly something
else. Callback  confirmation  is  usually not utilized, since the bill is not
included with the  phone  bill, but is delivered to the billing address. Your 
number appears  on their terminal  also,  with whatever comments are attached
to that.

American has become so exclusively  dedicated  to  serving IBM that operators
will sometimes get on and  say "IBM Conference Service." I also spoke to some 
operators about what software they were running and on what type of terminals
which appears to be a big secret.  [ed note: probably NOT os/2]
EDICTS: Electronic Distribution Information  Control Transaction System, file 
transfer  system. Operates RO6000 Systems. Distributed by IBM. This is one of
the programs used by American, the operator told me that much before she woke
up a bit. This is a datacommunications software package, and is seperate from
their audio / video teleconferencing software.

----------------------------------
 TiNet, TiLines, and TiSystems
----------------------------------

TiNet dialins do not exist. The only  way to access TiNet Services is through
IBM's phone system. TiNet is simply the  telephone system IBM strung together
which makes conferencing and interoffice communications easier.

In fact, TiNet was  created as a datacommunications system that ended up with
a gross excess of bandwith so they expanded  into Voice Capabilities. TiLines
can be setup in virtually any office, and for any large bussiness.

Tinet's selling feature, so to  speak, is that offices with TiLines installed
can bypass long distance  charges and  Telephone Companies all together. This
is particularly  useful  for Banks and  Credit Unions who prefer the Security
of private phone lines than the inherent lack of security in public / normal
phone lines. [ed note: what about clipper?]

In conclusion I would  like to state that all of the information mentioned is
for purely  informational  purposes and that, should any of you abuse IBM and
American Teleconferencing, that would be illegal and you would be prosecuted.
But then again, would any of us choose to break the law? Heavens no! 
[ed note: if you do happen to break the law, drop us a note so we know that
          this is useful.]

-------------------------
 Fun Filled Numbers
-------------------------

 IBM Software Information Service == 1-800-426-2255
 IBM General Information Line == 1-800-426-3333
 American Teleconference Reservation Line == 1-800-723-9093
 Hooked on Phonics main order Line == 1-800-222-3334
 IBM CORP main office [Philadelphia] == 215-851-2008
 IBM Teleconference Director's office [Philadelphia] = 215-851-3677

The author's inpho:
Morpheus can be reached at GBA 215-750-0392 or morph@chewy.wookie.net or
morph@iia2.org.  Send your public pgp key if you want a reply.  Also,
you can reach him at 800/862-0094 during the day from US, or from canada,
800/925-9999 ## 719.  On EFnet, he's on #hack, #zines, and #cafbl.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a
mQCNAi/R9UAAAAEEALDNmlPQJ/CmH1Ba77TmMKBaW6zUUcTrFuOe5duBZvyQpkGR
frHppvXbTXHB3jm4jHL9kCueo1IJGXfOTC4lyI/rGBr731NdwFYlsdeWh5Ampvj0
YKchVh5mp7glTQYS/rtARupXlb/H2X+wY5JgsJK1dFQJ3QfyA2bQA34kJ66RAAUR
tB9Nb3JwaGV1cyBLTCA8bW9ycGhAaXhjLml4Yy5uZXQ+
=SrJR
-----END PGP PUBLIC KEY BLOCK-----



// 9.  How to amuse yourself by Rush2 
[ed note: this is what people that are not FEH might try]

1. The Michael scam.  One day a few days ago I got very very bored. I said 
 what the hell. I bet I can get a lamer to give me his/her password. I
 thought of the most common name, michael, and changed my irc nick to .. DUH
 Michael.. within 10 minutes someone had mistaken me for her best friend 
 michael..  she thanked me for somethign about hooking her up with alliance
 not the service, some guy.  I bullshitted for 10 minutes, then really panick
 y like "Oh crap I just screwed up my account.. majorly would you gime your 
 login and password pleaseeeee".  Wellshe was that stupid and she gave it to
 me. I really wanted to know if anyone else was that stupid.  I tried a lot
 of common names for the next 2 hours, john, mike, larry etc..etc.. I 
 succeeded wiht 99% of my attempts, I got 19, failed once. SO do something
 like this if you are REALLY bored. 
[ed note: a bottle of scotch is far more effective than this] 

2. Trade passwd files.. hehe... when your bored change yer name on irc,
 go into #Hack see if you dont get kicked off and ask for passwd files..
 [ed note: if you don't get kicked off, hurt everyone that was opped] 
 if you are really bored this can be fun and you can get some new systems
 to get in.. now unless your someone that is cracking them just to get as 
 many accounts as you can (I feel hypocritical currently I have 1400 valid
 accounts on this local provider, on my computer upstairs (in just one day 
 YES people in my area have easy passwds.. only a 1mb file (AND just with 
 login name I got 300 yesterday.. haha I) And I am hearing a lot of beeps
 (root was the first cracked account:).. this is something to do if you
 feel bored and lame...
[ed note: mail the cracked password file to cert@cert.org and you win a prize]

3. Write really nifty little utils in quick basic (if your still stuck
 on a dos box)... nothing is niftier than writing a shitty program in
 qbasic that uses a captured installation display screen from a game 
 or something (or modify it to say mortal combat 3 or soemthing, the little
 warez kids cum from this) and really make it format their drive... yes this
 is lame but you KNOW we all get this bored at one time or another in our 
 lives.
[ed note: Super Street Fighter is more Fuxin' Eleet] 

4. Use Irc.  Yes this is the lamest of the lame.  #hack.  Where ignorance is
 shown and knowledge forgotten.  If you want immaturity, brattiness, kids
 playing with their krad bots or scripts, or your typical op wars, go to #hack,
 #phreak, #2600, or my  favorite, #ansi.  Yes #ansi
 people with any intelligence know it is american national standards institute,
 dorky little kids that have no life (we have no lives either but we arent 
 little kids ... we are middle kids.. ?) [ed note: if anyone can figure out
 what the hell he is talking about, email me] think it is an art form and a way
 for them to be cool... their idea of coolness is being worshipped by pervert
 ed, immature, talentless, dweebs with pcs.. most of these peopel are aol
 and prodigy rejects... ...anyways... this is something to do when you are 
 SUICIDALLY bored.
[ed note: actually suicide might be a better solution]

5. Get on one off those cracked accounts (see number 1) and type something 
 like archie -s a > hackedpws.k00l  or archie -s . > HEY.YOU.STUPID.SYSADMIN.
 BLOW.ME (that is sure to get his attention).  If you are really bored, you 
 can edit their .login to cat the file when they login (this being archying <
 sp> a or . will probably give you a few thousand file names and if the owner
 of the account can even login (they havent checked user quotas yet obviously)
 so that they must wait an hour for the thing to finish (but I'm not sure it 
 never has for me because i just telnet), it may just flood their com ports 
 (or if you have root, do archie -s a, archie -s ., archie -s (whatever you 
 want to to get a LOT of entries) > motd or >.login and make it so EVERY
 ONE sees this when they login...  unless they are on like a 2400... 
 This is something to do when your bored...
[ed note: do I notice a trend forming?]

6. Go onto Irc, and into #hack and let ReDragon convince you to write an
 article for some magazine (JUST ANY ARTICLE) .. and spend the next (however
 much time I spend on th) writing an article filled with strange and useless
 dribble because you are too lazy to do a real article.. *WARNING* *WARNING*
 DO THIS IN ONLY EXTREME EMERGENCIES *WARNING* *WARNING*
[ed note: 6.  go onto irc, randomly msg someone you don't know to see just
              how lame an article someone who is not FEH can write.]

7. Ftp to rs0.internic.net and retr all of the domain name lists. Spend
 the next four or five hours reading the com.zon file and jack off to the

 point of orgasm to it .. NO I AM NOT PATHETIC, YOU DO IT TO YOU JUST REFUSE
 TO ADMIT TO IT. Do this all the time ... .this doesnt mean your bored, you
 are just creative.
[ed note: you are just an idiot]

8. Call up the local noq and say things like 
[ed note: I wish I knew what a noq was]
        "Do you Deliver?"
        "Yeah, I'll have a pair on rye, hold the mayo"
        "Umm yes is this the roadkill cafe? I just hit some guy with a Bell 
        (or whatever your local telco is) Helmet and I think he would be tasty
        charred"
        "Hey baby what are you wearing?"
        "Are you wet?"
        "I've got a big phat pole ready for ya.. standing straight up just
        for you"
        Tape record them... turn them into .wavs or .aus and put them on your
        home page... this is something to do when your bored or when you are
        PATHETICALLY bored (YES I mean if your on a teleconference).

9. Hack your school's net and make i automatically go to modem doom everytime
 someone clicks the left mouse button (hey its fun and it was only ONE of the
 reasons I had a remark "DANGER TO COMPUTERS" in my entry in my school's 
 computer so it is pretty kosher

10. SPELL CHECK this fucking article because I'M NOT GOING TO.

11. If you have www access go to some of the following sites:
        http://www.oceania.org | a brilliant scientific endeavor to create
        a new, truely democratic society on a synthetically made island.
        http://www.smallpenis.org | for those people afraid of being less of 
        man.. they have support groups AND penis pumps!!!!
        http://www.wookie.net/l0ra | A ... home page (no comments .. hehe)
        http://www.something.org | A really cool site but I cant remember the
        url so i wont put it here.. im sure you will find it 

[ed note: 12 was too lame for even FEH to print]

13. Watch tv.  Scary huh?
14. Irc and go to #netsex as ILLFUCKU. notice the channel that you want some
 one for phone sex. see if you get kicked or invitations. heheh.
15. Read this file (you must be bored d00d).
[ed note: if you search for //, you will find the start of the next article]
16. See how many of these things I type.
[ed note: hint, then answer is 18]
17. Add another to your count.(see previous item)
18. EOF
        YEAH IT WAS LAME.. YEAH IT SUCKED.. YEAH IM TYPING IN ALL CAPS.. SO 
        WHAT?..  I WAS BORED... ARE YOU SATISFIED rEdRAGON???? ( :) )
[ed note: pretty much]



// 10.  The Infamous Tack Story by Hotrod

The story you are about to hear, it has been determined, has been spread 
by word of mouth to at least 5 states, and parts of Canada.  Whereever I 
go, people who I have never seen before ask me about the tack story. I   
have no idea why this is the case - the story might have been funny once,
but I'm really rather sick of it.  My friends (and apparantly these 
people I don't know, who ask me about it) think this story is the 
funniest thing they've ever heard.  I think they are nuts.

The following story is 100% true.
Dramatis Personae:
Myself (Hotrod)
Chris, A friend
Zafir, An acquaintance
[ed note: is he the pan flute dude?]

The Setting:
Junior High School, Massachusetts.
Lunchtime, 8th grade

Ok, here goes.  It was a normal lunchtime, really.  I had gotten in line 
to get the "Hot Lunch", which is the generic, "nutritionally balanced" 
meal.  On this fateful day, the hot lunch was manicotti with meat sauce.
A kid I knew, and had no reason to distrust, came up to me while I was in 
line and offered to sell me his hot lunch, without the milk. (Milk came 
with the hot lunch.)  Of course, I'm thinking to myself "This kid must be 
stupid.  He wants to sell me his hot lunch, which costs $1.30, for 50 
cents, while keeping his milk, which he could have bought for 35 cents by 
itself. [ed note: a savings of -45 cents]  I did know that this kid WAS
stupid, however.  So I bought the lunch and went to sit where I always sat,
next to my friend Chris. [ed note: not erikb]
For a few minutes, everything was fine.  I was eating and enjoying (as 
much as one can enjoy a school lunch, anyhow) my manicotti.  Keep in 
mind, that manicotti is soft, it's something like lasagna.  [ed note:
i hope nobody from Italy is reading this]  You don't really chew it a whole
lot, you just squish it around in your mouth and swallow.  Then it happened. 
I put the manicotti into my mouth.  [ed note: that's not the climax of the
story, he in fact put many pieces of manicotti in his mouth that day]  I
squished.  I swallowed.  I grunted.  I yelled. Something Sharp!
Words that will live in infamy in the minds of my friends.
[ed note: the words 'huuhuhuhhuhu' also live in infamy to his friends]
The dialogue went like this:
Me: [In a very hoarse voice]  "Argh@!#  Something Sharp!  Something sharp 
                               in my throat!" 
Chris: "What?" [ed note: still not goggans]
Me: "Argh it kills!"
Chris: "What is it?" [ed note: this time it is erikb saying it]
Me: [Grabbing Chris' chocolate milk and taking a swig] "I can feel it 
like grinding down my throat.. You know when you get like the sharp 
corner of a Dorito or something?  God it kills!  It feels like a staple 
or a tack or something!"
Chris: [Laughing a bit] "A tack?  Zafir probably put a tack in it!"
[ed note: being a minor, Zafir was out of jail on his 18th birthday] 

Anyhow, thats about it.  It hurt going down.  It never hurt again.
To the best of my knowledge, I have not shit out the 'tack'.  No proof has
ever been found that there was a tack in my manicotti, [ed note: manicotti
in general should not hurt to swallow] although Chris swears that he talked to 
Zafir, and Zafir admitted to it.  I think Zafir has since been deported.  
I hope so, anyhow.  Should I ever shit the tack out, it will be so noted in
a future issue of FEH. [ed note: I have a pencil end in my right shoulder]



// 11. The Birth of FEH by SnoCrash

So ReDragon /msg's me today.  He goes "write the history of FEH befor
midnight tonight" (not in those exact words, and in all caps n stuph,
but you get the point). 

          fEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEhFeHfEh
	   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
		  ThE HiStOrY Of FeH -- PaRt 1 <>
	          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
			       (FuXiN' ElEeT HaXoRs)
			A BeDtImE TaLe By Da MaStUr Of DiSaStUr:
				      SnOcRaSh
Okay, enough with this AlTeRnAtInG CaPs crap.  It makes my head hurt.
[ed note: my feelings exactly]
(DISCLAIMER: FOR ALL YOU KNOW, NONE OF THIS COULD BE TRUE.  I AM TRYING TO
REMEMBER WHAT HAPPENED AND MY MEMORY SUCKS AND I EXAGGERATE SO DEAL WITH IT)
Well, it all started for me about a year ago.  I was bored shitless as usual
on a Sunday morning, and was checking out .edu.  I had an
IRC window open as well, as I almost always do.  Here's the log from that
fateful day (re-formatted a bit to make it more readable):
[ed note: whenever monumental history takes place on #hack, log it]

 	i found a system that still has the ftp -n bug!!!!!
 	sunday afternoon is warez ftping days
[ed note: being as this was a sunday, ReD was probably still a bit drunk]
 	holy shit!!!
 	i feel sorry for the sysop

 	i'm gunna mail him and tell him
 	this is sad
 	last root i haqued
 	i left mail describing how to do it and how to fix it
 	sad
 	haha
 	noxit; not me, I just rm /etc and let them figure it out
 	rm -rf *
 	ha
 	lame
 	well...
 	what should I do
 	no, not /* but just /etc
 	im gunna change the banner explaining what to do
 	Were all the configs are ;)
 	if you dont rm the site, they will never learn how dangerous
                hackers can be and the importance of securing their site
 	Oki: i know
 	and rm every user
 	there's only 10 users
 	put in the l0ck motd
 		red: gimme warez
[ed note: note oof's critical role in FEH's inception]
 	they all have empty home dirs anyway
 	put in a ILF motd
 	cept for the standard shell shit
 	oof: whatcha want
 	put in a FEH motd    <-- the first public mention of FEH
 	ln -s /vmunix /etc/motd
 	noxit: haha
 	oki: if you rm /etc, where are ya gonna put the ILF motd?
 	is there a FEH motd?
 	donut put in an ilf motd :)
     	red: i dunno
 	use feh :)
 	yeah
 	i will release an official FEH motd later today
 	feh
 	loq: true
 	I'll make up a temp one now
 	grayarea: why not?
 	**Hacked by a FEHWB**
 	ha
 	cuz they r in my new issue and if anything is done in their
                name i will be visited
 		gray: dont you like being visited?
 		:)
 	"visited"
 	aliens of phedz?
 	and #hack has caused me more than enuf contact with feds for
                the year already :)
 	s/of/or
 	loq: i hear they come at dawn. ewwww
 	loq: i prefer evening appointments
 		heh

 	if I put up a FEH motd, can I be a FEH?
 		mine come at 11pm
 	Sco: you already are in FEH you moron
 	oh yea
[ed note: i actually said Sco, not sno... but he never realized it]

So there it was.  I was in FEH. 
I made a temporary FEH /etc/motd, call it FEH motd version .0000001b.
Here is how it looked:
---------HI!!! WELCOME TO , NOW OWNED BY FEH----------
[TODAY'S NEWS]
Your system has been hacked by a member of FEH... Fuxin Eleet Haxors.
I am not particularly proud of this hack because it exploited an extremely
old bug that was patched many years ago. I have left a file in the root
directory called "how.to.fix.the.bugs.you.have" please read it and follow the
directions in it on how to fix the bugs you have. I am very sure that your
system has many bugs, judging from this and the version of sendmail you are
running.  Thank you for your time...
--- Anonymous member of FEH who just fuxored up your system real bad
Not exactly beautiful, but it worked for the site it was placed on.  
ReD then created the FEH motd versions 1.0 and 1.1, which is located in this
issue within the wopr hack.
[ed note:  oof never got his warez, if you have any, please send him some] 



// 12.  An Interview with Dale Drew by ReDragon
[ed note: good to my word, this is completely unedited for content, only
for formatting.]   


ReD:  will you do an interview for FEH issue #1?
d_d:  I dont do interviews, sorry
ReD:  just this once dale.  only a few questions
ReD:  its not like you've NEVER done an interview
ReD:  dont even think of it as an interview, think of it as just
      answering a few questions where the answers get published
d_d:  haha.. and the difference is?
ReD:  well, you dont do interviews.  but maybe you do published question
      and answer sessions.
ReD:  so why dont you do interviews?
d_d:  Youve got better things to do than interview me
ReD:  when you let me interview you, you keep me out of trouble :)
ReD:  so why dont you do interviews?
ReD:  well
d_d:  too many misquotes
ReD:  pleez
ReD:  i am not going to misquote you
ReD:  so will you answer just a few questions for me
d_d:  depends on the questions
ReD:  are there any hackers that you particularly like or dislike?
d_d:  No.
ReD:  Do you think the people you are trying to bust care about learning  
      about the phone system or are they just trying to make free phone
      calls?
d_d:  There are to many LEGAL ways to learn about phone systems these days
      to put up with fraud.
ReD:  So do you think 10 or 20 years ago some phreaking may have been 
      justified in order to learn?
d_d:  I never think that committing fraud is a justifiable way to learn
      anything.
ReD:  Does it cost your company anything when a person makes a free phone call?
d_d:  Making use of a service illegally that would otherwise be billed
      for certainly costs the company money
ReD:  I understand there is a loss of income from the consumer since they are
      not paying, but is there any expense to the phone company for that call
      and if so can you estimate the cost?
d_d:  I am not in phone fraud, so I wouldnt be able to estimate
ReD:  So what is your job description?
d_d:  Data Security
ReD:  Can you expand on what that encompasses?
d_d:  Later.. Ill be back
ReD:  do you know when?




// 13.  "Hacking Made Easy Using Scripts" by Seven Eleven

HacK1nG Mad3 EZ Uz1Ng Skr1PtZ    Part I  by Seven Eleven (711@sec.de)
=======================================

Welcome to our new column, dear reader.

In the software industry, everything is getting easier - 
easier to use, easier to handle. The keywords are "Plug and Play",
the new WinDos 95 and "Don't think but drive (on the information
superhighway)".

Now everyone can get on the Internet, your grandfather, your 4 year old sister
and even a coffee machine in Cambridge. There is no need to be smart,
no need to know anything about computers, and no need to have a brain.

With more and more people on the net, more and more want to play
around and learn about other systems by getting into them, formerly
called "Hacking".

To make those tries possible, we are bringing you easy to use and always 
working step by step instructions and scripts!

There are 3 major steps to succeed, which are similar to hitting
on a girl:

1) Get a list of all visible targets
2) Check if there is an easy way of scoring
3) Try gettin' into!

Today we will take a look at 1) and 2). 3) will follow in the next issue.

Since all most newsbies know about is IRC, we will try to get a list
of visible targets through IRC!

Here is our great script:

------------------ cut here --------------------------- cut here --------

# IRC Host Leecher 1.0 by Seven Eleven (711@sec.de)
#
# This little one liner gets you all hosts that are currently on IRC
# and sorts the output nicely.
#
# This is especially nice if you plan to use our Host Checker.
#
#
# All you have to do is this:
#
# Start IRC
# /SET LOGFILE rawhosts
# /SET LOG ON
# /WHO **
# /SET LOG OFF
# /QUIT
# $  rawhosts > outputfile
#
# Have Fun! :-)
#
#
#!/bin/sh
cat $1 | awk '{print $4}' | awk -F@ '{print $2}' | sort | uniq


------------ cut here --------------------- cut here --------------------


Also try to use an old or modified server that won't kill you when you
list too many names! It used to be easier some months ago, but you should
still be lucky! After all, it's good if not too many Lamers get as far
as you, isn't it? :-)

If everything went fine, you have a wonderfully nice list of hostnames.

If you want to do it the elite way, try writing your own elite script,
executing a command with each of the hostnames. Possibilities include:

- Check with rpcinfo -p which services are available. 
  Some might be vulnerable!

- One vulnerable daemon is mountd. Figure out yourself how to probe it!
  (First Exercise!)

- Use ypx or ypsnarf to test their ypserver's security. If it's open,
  either get in or --> social engineer the admin by telling him bugs (lame!)

- Check with the 31337 SATAN!@# (available at a WaR3z near you!)

- Try some sendmail bugs.


If the above ways sound to hard for you, do it the easy way.
Social engineer the administrators!

- Sending mail to root@hostname requesting for an account
  (Be prepared for many flames and your old account to be shut down)


If you should surprisingly be successful, drop me a mail and tell
me about your story! If not, stay tuned for the next issue of...
HacK1nG Mad3 EZ Uz1Ng Skr1PtZ!@#



// 14.  How to Hack A Toaster Oven by bl0ke


HacKZoRiNG Ah ToaSTeR OOOHHVeNN)#(*%)(*%
========================================
Author:
  bl0ke:#$%HS@#H:dat niggah bl0ke:/home/bl0ke:/bin/tcsh
(k)opywr0ngeded 1995


+--------------------------------------------------------------+
| [=ThiS iS THu DEFiNITiVE GuIDE TeW HAxORiNG A ToaSTER)#(%*=] |
+--------------------------------------------------------------+
****************************************************************
*******The Author of this text takes no responsibility for the**
*******actions that are performed on toaster ovens to try and***
*******obtain an access which the superuser does not want a ****
*******regular (l)user to have access to.***********************
*******The author also notes that this text is allowed only*****
*******to be used as a .motd after the site has been hax0red.***
****************************************************************

^^^--------NoTiCE MuH DOpE K-RAD KiLLa AK-AkII SKeeiLLZ()*#$


/* 

   This text covers the basics of hacking the Proctor & Silex
   MoDEL:0225 SERiES:b4588 TyPe:02

   This specific toaster handels 120 Volts A.C. *ONLY* 1400 WATTS

*/

CoNNECTiNG:
-----------

  When CoNNECTiNG TeW SuCH A ToaSTER On ThU iNeT YeW WiLL b ProMPtED
  4 aH LoGiN AnD PaSSwErD.  ex:(This is a capture of a login.)



+-------------------+
| PROCTOR & SILEX   |
| M:0225            |
| S:b4588           |
| T:02              |
+-------------------+


LaHGiN:bageL-n-KreAM/CheZE
PaSSWeRD:*************************************


LaHGiNN GRaNTiD
***************  
------------------------------------------------------------

P&S VeRSiON 666.9.MuRRY_LenDER(*REVISION*)

------------------------------------------------------------

login on tty[tOaST]
last login from BAGeL_BaKERY.COM on tty[ChEZe] at 6:43a.m.
 
:/etc/motd not found


1: OFF
2: ToAsT StART
3: BRoWN
4: BuRNT
5: LiGHT
6: UNiX TyPE SheLL ENViRONMEnT




  If YeW GhET THiS YEW ArE COOL)(#*$  Ok NoW CHEwZe No. SiX.  AND RuN NE
  Of ThU 8LGMz.  They WeRK.  DeW NoT WeRRIE BoUT WhUT THU 8lgM SaYZ iT
  WiLL STiLL WeRK oN ThIS SYSTEM.  AlLLL THu 8LGMz DeW()#*%&(  ThE OtHER
  CoMMANDs R NoT ImPOrTaNT.

  SoME NeaT-O ThINGS.  YeW CaN TaP the /dev/ToaST-N-CheEZe.  YeW CaN FiND
  A FeW PRoGRAMs ThAT ArE GeWD FeR ThIS SuCH SYTeMM.

ftp:ftp.elite.warez.feh.OrG

/pub/hax0ring_WaReZ/ToAsteR_HaxoRiNG_WaREZ

P&S_ToAsTeR_ReWTKiT.TaR.GZ            -RooTKiT FeR ThiS TYPE o ToaSTER
PSNiFF.GZ                             -/dev/ToasT-N-CheEZe SniFFAH


SoME DeFUlTZ:
Login:Password
++++++++++++++
bageL-n-KreAM/CheZE:YuMMY
PoPALeNDER:STiNKY_Joo
POaCHeD_EGZ:HooKGNOZe
root:root
lpd:lpd
guest:hymienotyew


+======================================================================+

ThIS CoNCLuDES ThU DoPEST ARTiCLE On THu FACe O ThU PlaNET)(#*%)(*%
I WooD LiKE TeW GREaT:
Murray_L of the BagelBoyz o HymieTowN.
BuRnT-T of The BuRNT ToasT PoSSE.
AnD ReDRAGoN N ShIT.

PeSE OuT 




And on that uplifting note, the first issue of FEH is complete....
Thanks for reading.
  
                                        - FEH