ÜÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÜ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÜÜÜÜÜÜÛÛÛ ÛÛÛÛÛÛÛÛÛÛÛÛ ßßßßßßßß ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ²±² ±²² ±²² ²±² ±²± ²±± °±± °±± ±°° °±° °±°°±°°±°° Alternative Lifestyles ì Anarchist Philosophies ì BBS Support ì Big Brother ì Censorship ì Conspiracies ì Datapac Support ì Drugs ì Encryption Ethics ì Fiction ì Freedom ì Hacking Tutorials ì Hacking Utilities Individualism ì Networking ì Novice Assistance ì The Occult ì Paranormal Phenomena ì Politics ì Religion ì Revolution ì Scan Results ì Social Deviancy ì Telecommunications ì Unix Support ì VMS Support ì Witchcraft ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ AúNúAúRúCúHúIúSúT PúHúIúLúOúSúOúPúHúEúRúS UúNúIúTúEúD "Where Hacker and Philosopher are One." ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 007 007 007 007 007 007 007 007 007 007 007 007 007 007 007 007 007 007 007 Released Monday, 20 March, 1995 APu has been completely reformed, in ways other than the format of our releases. It has been rebuilt from the ground up. We are shifting the direction of our organisation more towards philosophy and and the occult than H/P/A. I consider myself to be a fairly knowledge- able hacker, and I will still write a lot of hacking files (such as this one). But there are a few reasons why I have switched my main focus. 1. Files dealing with particular systems or hacking techniques are quickly outdated. Even those which are considered 'general' or 'basic' are almost worthless in a few years. Philosophical files, on the other hand, will probably never be outdated. ('Conscience of a Hacker' by The Mentor, written in 1986, is an excellent example. It is still well- known today.) 2. Hacking files are readily available on BBSes everywhere, but philosoph- ical files are quite rare. 3. Philosophical files require a lot more skill, experience, and language ability to write than hacking files, and I believe I am up for the challenge. From now on we will only accept files of fairly high quality. Submitted files must be a minimum of 10k, with at least 8k being original writing (e.g., not including quotes, captures, copied charts/tables, fancy title boxes, PGP keys, etc.). I will correct spelling and simple grammar errors, but not poor style; the file should be well written. The file should be organised in a logical manner with headings where appropriate. As for the content of these files, anything related to the list under our logo is acceptable. Contact me (at my Internet address or on any boards I'm on) if you're not sure. We do NOT publish: typed information, captured messages (unless they come with an original response of at least 8k), instructions/schematics for bombs or weapons, methods of theft or revenge (unless philosophical in nature), or porno texts (original fiction related to Anarchy or the Occult is gladly accepted). Distributors: I hate to call them couriers, because it smacks of the warez scene, but we need people to spread APu files far and wide. In return you'll get a place on the credits and the joy of knowing that you've educated people everywhere about the 'dark' side of the world: Anarchy, system penetration, and the Occult. úSine/APu (sine@free.org) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Complete APu Release Listing ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 001: A Simple Unix Decoy by Sine. Short shell script that emulates a login prompt and records the password entered. Released 5 Feb 95, avail. as APU-DCOY.ZIP. 002: Hacker Security by Sine. Basic guidelines to follow to avoid getting busted. Released 17 Feb 95, avail. as APU-SAFE.ZIP. 003: Political Correctness by Sine. A criticism of a brochure given to students about 'hate' groups. Released 20 Feb 95, avail. as APU-RACE. ZIP. 004: The Young Hacker's Guide to X.25 Networks by Sine. An overview of the X.25 protocol, as well as general information about the major X.25 networks. Released 27 Feb 95, avail. as APU-X25.ZIP. 005: Maintaining a G-Phile Library by Sine. The importance of keeping a library, tips on organisation, and a list of the best g-philes around. Released 4 Mar 95, avail. as APU-LBRY.ZIP. 006: The Young Hacker's Guide to XMUX Systems by Sine. How to penetrate Gandalf's multiplexing system and what to do once you're inside. Released 17 Mar 95, avail. as APU-XMUX.ZIP. 007: The Young Hacker's Guide to StarMaster/PACX Systems by Sine. How to get into Gandalf's network server, with possible servers and tips on hacking the console. Released 19 Mar 95, avail. as APU-STAR.ZIP. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The Young Hacker's Guide to STARMASTER/PACX SYSTEMS by Sine ÚÄÄÄ ÄÄÄ ÄÄ Ä ú ³ Introduction Gandalf Technologies' StarMaster/PACX is much bigger, more complex, and more interesting than the XMUX (the subject of our last Young Hacker's Guide). The XMUX is at best a curiosity; the StarMaster and its services can be explored for hours. The StarMaster is like the XMUX in that it is not a standalone operating system, but rather a network server like a DECserver or GS/1. The XMUX is only for network maintenance, but the StarMaster enables you to actually call systems and services connected to its network. StarMasters are found mostly through X.25 networks, but a few have dialup access. They are quite rare compared to some other systems, perhaps about as common as DECservers. NOTE: Don't screw things up! Like the XMUX console, the StarMaster console gives you the power to do almost anything. Don't go on a destructive spree and cause problems for everyone. ÚÄ ÄÄÄ ÄÄ Ä ú ³ Getting In When you call a StarMaster (through X.25 or the phone system) you will probably receive nothing. Hit enter a few times and you should get one of three different prompts. StarMasters are very easy to identify. DIALIN PASSWORD? is the most common prompt, and the least fortunate for you. Passwords can be set on any or all of the StarMaster's points of entry: telephone, X.25, or Internet. The password is up to 8 characters long. One of the following defaults should work at least half the time: ACCESS, DIALIN, GANDALF, NET, NETWORK, PACX, PASSWORD, SERVER, STARMAST. Use your imagination if these don't work. You'll get between one and ten tries, and once you get the right one you'll either go to a USERNAME? prompt or straight to the SERVICE? or CLASS? prompt. USERNAME? is the next possible prompt. This is the weakest part of the StarMaster's security, because if you enter an invalid name you will get something like 'INCORRECT USERNAME' or 'INVALID RESPONSE'. Usernames can be up to 8 characters. You will x tries at a valid username, and then x tries at a valid password. x is an operator-configurable number from 1 to 10. Try common accounts like CONSOLE, GAND, GANDALF, GUEST, HP, OPERATOR, SYSTEM, TEST, TESTUSER, USER and variations. If they fail try first or last names, or first initial/last name, whatever. Next, of course, comes the PASSWORD? prompt. Some common passwords, be- sides the username itself, include GAND, GANDALF, GUEST, LIB, OPERATOR, PACX, STARMAST, SYS, SYSLIB, SYSTEM, USER, and VISITOR. If you know the name of the company that owns the StarMaster, try that as well. Often several users are assigned the same password, and the flag that allows users to change their passwords is turned off. So, once you get one user, you just need to guess usernames to find the others. Once you get in you will get a SERVICE? or CLASS? prompt. If you were dropped immediately to this prompt, it means that the StarMaster is un- passworded, and you probably have a limited choice of services. ÚÄÄÄÄÄÄÄ ÄÄÄ ÄÄ Ä ú ³ Finding Services You can't really issue commands in a StarMaster; since it's a network server, you enter service names. Some of these services, like CONSOLE, an outdial, or an X.25 PAD, are local to the the StarMaster. For most others, however, the StarMaster connects you to a remote system (usually through TCP/IP or X.25, but possibly by phone). The problem is that there's no way to get a list of the services avail- able. For that, you need to get an operator's account on the console. CONSOLE, MAIL, and CONNECT are non-removable defaults, but I have never seen MAIL or CONNECT set to allow remote access. The local services aren't too difficult to guess because they have generic names like MODEM or DATAPAC. Remote services, on the other hand, usually have names specific to them like PVAX, XGATE, and HOBBIT. Those are worth guessing only if absolutely necessary. Before spending a lot of time guessing you should try to get into the console (see below). If you can get an operator account there, you'll be able to get a list of services that will make life a lot easier for you. If the console's default accounts don't work, or remote access to the console is not allowed, you'll have to start guessing. You'll be kicked off after 1-10 errors (again, configurable), so figure out the limit and always go to a service you know works just before you're kicked off. A few services are passworded; for these use your imagination. For exam- ple, passwords for the X25 service might be X25, DATAPAC, or PAD, plus the passwords that might work on any service like SYSTEM, ACCESS, the name of the company formatted in different ways, and the name of the service formatted in different ways. Here are a few services to try, pulled from The Neophyte's Guide to Hack- ing by Deicide (with a few additions). Use your imagination and come up with more. First names are common. 1 (and higher) A (through Z) 10 (and higher by 10) BBS CLUSTER CONNECT CONSOLE DATABASE DATAPAC DEC DIAL DIALOUT FILES FTP GATEWAY GEAC HELP HP INTERNET LIB LIBRARY LINK LOO MAIL MENU MODEM MUX NET NETWORK NODE1 (and higher) OUT OUTDIAL PACX12 PACX24 PACX96 PAD PRIME PRIMOS PROD SALES SERVER SUN SUNOS SYS SYSTEM TCP TELNET TYMNET UNIX VAX VMS X25 X28 XCON XGATE XMUX Have fun exploring these services, because if you can't get into the Con- sole, they'll be all you *can* explore. If something like DATAPAC or X25 works, you'll likely have your own private PAD for you to call outdials and othersystems on X.25 that don't accept collect calls. This proves: YOU DON'T NEED OP TO HAVE A GOOD TIME! ÚÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄ ÄÄ Ä ú ³ Accessing the Console CONSOLE is a default service that cannot be removed, however, remote access to it is often disabled. If it works, you should get something like this: GANDALF TECHNOLOGIES INCORPORATED, COPYRIGHT 1988 OPERATOR NAME? This prompt will always be the same, with the possible exception of the copyright date. The console is the most important part of the StarMaster, so it will prob- ably have a secure password. However, if remote access to the console is allowed, it means that if the sysadmin is security-conscious, he isn't very smart. More likely the sysadmin doesn't care, and allows several users access to the console with an easy-to-remember password (i.e., a default one). Getting into the console is similar to logging on at first; you will get x tries at a valid operator name, and then x tries at a valid password. Try the following account/password combinations: CONSOLE : CONSOLE, GANDALF, OPERATOR, PACX, SYSTEM GAND : GAND GANDALF : GANDALF, PACX, STARMAST, SYS, SYSTEM OPERATOR : GANDALF, LIB, OPERATOR, SYSLIB, SYSTEM SYSTEM : GANDALF, OPERATOR, PACX, SYS, SYSTEM These probably won't work, but definitely try them. Remember, the sysadmin is stupid enough to allow remote access to the console, so there's a good chance he's stupid enough to leave a default password. If you're really desperate for the Console (and you have good reason to be, with all the power you have once you're in), go ahead and run an auto- hacker on it. Because you know which usernames work, it's much easier than guessing on a Unix or VAX. As far as I know, there are no logs kept of login errors. Unless the admin is actually at the Console monitoring chan- nels, I don't think there's any way for him to find out what you're doing. (Yet another good reason to hack at 3am when everyone's asleep). ÚÄÄÄÄÄÄÄÄÄ ÄÄÄ ÄÄ Ä ú ³ Inside the Console When you enter the correct password, you'll be asked for your terminal type. Unless you have some strange terminal that no one's ever heard of, you'll probably choose vt100. Then the screen will clear, and you'll dance around the room, joyous be- cause you now have almost unlimited power over the system. The game is over. You have won. You are in charge. At the top of the screen the usual information will be printed: the rev- ision number of the software, the title "GANDALF STARMASTER," the date and time, the hub number (I'm not quite sure what it means), and then the name of the console, e.g., "Montreal StarMaster Node Console". All this infor- mation is printed on every screen. Then the main menu is printed: OPTIONS ARE: 1 SIGN OFF 2 DISPLAY 3 DEFINE 4 DELETE 5 STORAGE 6 MAINTENANCE 7 ROUTING 8 DISK MANAGEMENT ENTER OPTION NUMBER Option #1 will log you out, of course, and ask you if you want to save the database. I'm not exactly sure how this works, but if you made changes during your online session you should probably say yes. In Define : User Group, you can pick a user group and then you'll find all the members of the group, with passwords. You can also restrict access to a particular service. I had to do this recently, where someone was using a system available through a StarMaster to download X-rated Gifs (using an account his friend gave him). Normally I wouldn't mind, but he was clog- ging up the system for hours, and his friend asked me to get rid of him. I checked to see if any of the legitimate users used the service, and when I found out he was the only one, I restricted his user group's access to it. Crude, but effective. Another thing you might want to do in Define : User Group is disable the flag that allows users to change their passwords. This may or may not be a good idea. It's possible the users will give up when they get the error message and assume the operator no longer allows them to change their passwords, thus allowing you to remain on longer. But they might decide to complain to the operator, who will get suspicious. Normally I'd recommend against this move, since you have everybody's password already and can simply log on as someone else if necessary. As for the other menu items: explore, have fun. When the cursor is on a word near the bottom of the screen, in reverse color like "Define", use the space bar to toggle through the options. Try not to be destructive. You have a lot of power, and you need to learn to wield the power wisely. ÚÄÄÄÄÄ ÄÄ Ä ú ³ Conclusion This wasn't as long as I had hoped, but oh well. Hopefully you'll get some use out of it. Thanks go to: the owners of the StarMaster in Toronto where I learned most of what's in this file. Your 'hands-off' management style has allowed me free exploration of your system. And of course to Falstaff, who gave me an account there in the first place. The middle finger goes to: the sysops of Hell's Gate in 203 and iNSANITY in 609. You claim to be PHACV support boards, yet you refuse 2400 baud! I don't need a faster modem in order to read and post messages, and upload my APu releases. Only leeches and warez d00dz *need* 14.4. Better a 2400er who posts messages than a spoiled 14.4 kid who spends his time downloading your phreak utilities but doesn't contribute anything to the board. Ban- ning 2400 (or should I say 24oo?) is so fucking lame, it is a looming shadow of Warez over H/P, and it reeks. Fuck you all. Later, úSine/APu (sine@free.org) ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ Call these boards for the latest APu releases: Lisboa-X (416)604-7495 The Hayden Andre Project (905)513-9726 Total Mayhem (905)940-2079 Digital Decay (714)871-2057 Nostalgia (206)747-9847 Plasma (206)565-7678 Hack-Tech (503)567-4250