ÜÜÜ ÜÜÜ Ü ÜÜÜÜÜÜ ÜÜÜÜ ÜÜÜÜ ÜÜÜ ÜÜÜÜÜÜ ÜÜÜÜÜÜ ÛÛ ÛÛ Û ÛÜ Û Û ÛÛ Û ÛÛ Û ÛÛ ÛÛ ÛÛ Û ÛÛ Û ÛÛ ÜÛÛÜÛÛÜ Û ÛÜÛ ÛÛ ÛÛ Û ÛÛ ÛÛ ÛÛ ÛÛ ÛÛÜÜ ÛÛ ÛÛ Û ÛÛ ÛÛ ÛÛ Û ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ ÛÛ Û Û ÛÛ ÛÛÛÛ ÛÛÛÛ ÛÛÛ ÛÛ ÛÛÛÛÛÛ Contents: --------- Introduction News- Cobalt Glitch: MegaByte AntiOnline: Lord Oak Submittings- Tips on Securing your System: TekRebel Free Web Hosting: Lord Oak Collecting Information: TekRebel ------------------------- /* Introduction */ ----------------- There wasn't much of anything happening in the past month news wise, so this issue is going to be kinda short. We have over 150 subscribers this month and barely any of them submitted anything. The last 2 issues, we have not had people submit anything. So basically i have been writing the whole magazine. We do ask that you all PLEASE submit anything that has to do with computer security/underground and phreaking. This includes: exploits/back doors, news, opinions, tips etc... Just about anything that is h/p/c/v related. Please send your articals to: lordoak@thepoison.org or duece@thepoison.org and we will reveiw your artical and maybe post it. We respect everyone's privacy, so this means that if you don't want your handle, e-mail address, homepage URl posted, just let us know and we will make sure it doesn't. This is what we allow and don't allow: We allow anything to do with the h/p/c/v scene and supporting opinions. However, we will not post "flames" or even greets. The reason for this is that some people seem to think that me (Lord Oak) and Duece write all of these articals and think that we are the ones flaming them, this causes people to hate the magazine for something that wasn't our fualt. We don't post greets for basically the same reason except that someone might get mad that their name was left out then this goes back to the hating Antidote for no reason thing. If you do post greets or "flames", Antidote has FULL permission to delete them, and we will. Other then that, we will post just about anything. Antidote is sent out the first monday of every month. We collect articals the friday before the first monday of the month. Hopefully that makes sense. So please be sure to send us your articals before or on the friday before the first monday of the month so we can have some time to review it and post it. -Lord Oak & Duece ------------------------- /* News: Cobalt Glitch */ ------------------------ A high School student has found a security hole in the Cobalt RaQ server. The Cobalt RaQ is a cool rack mountable blue box that is sold to ISPs as an easy to setup and maintain web server. The preinstalled Linux and server software is ready to go out of the box. The security hole is due to the standard Linux history file being accessible from the web browser as a default. This history file records all activity on a system like mistyped passwords. By searching for the default web page on the sever with a search engine such as AltaVista it is easy to find vulnerable sites. /\/\egaByte ------------------------- /* News: AntiOnline */ --------------------- As many of you know, AntiOnline is up, but they got a little carried away with their domains. They have 8 domains to store things. Such as IOMagazine and their search engine. Its almost like whats the point of having a domain just for a search engine, oh well its not my money, so here is their current list of domains along with their description: www.AntiOnline.com- Current news and their main page. www.AntiSearch.com- Searching security sites. www.AntiOnline.org- Web space, hosting etc.... www.AntiStore.com- Buy their products... www.IOMagazine.com- Their magazine. www.AntiCode.com- Exploits and back doors. www.AskBub.com- FAQ and asking questions. www.AntiOnline.net- Their "secure" ISP. These are the list of the domains that AntiOnline currently owns. In wich, 4 of them currently do not have anything on them or have not been set up yet. There is a group or a webpage that that just came out. Apparently some people do not like AntiOnline and that this page is called AntiAntiOnline. It's pretty funny, but also mean. The design/layout was taken from AntiOnline and is suppose to be a spoof on it. It has news such as "The Furby Craze" and "Nintendo.com Gets Rooted". This page can be located at: http://antiantionline.virtualave.net Lord Oak lordoak@thepoison.org ------------------------- /* Submittings: Tips on Securing your System */ ---------------------------------------------- Here's some tips on how to improve security on your machine. Windows tips : - Never run executable files sent to you via email or IRC from people you don't know or trust. - Subscribe to a mailing list like Bugtraq and check for new DOS exploits regularly. - Keep up with all the patches from Microsoft ( if you can figure out their web site - Use Windows Update in 98 if you have it ). - Get a packet filter/firewall software and configure it to block any unwanted connections and packets. This will prevent most DOS attacks such as teardrop, winnuke, etc. - Only allow connections to ports you really need. - Check with netstat who's connected to your computer when you suspect someone's accessing your machine. - Don't run any trojan ( Back Orifice, Netbus ) sent to you ( duh ). This may sound obvious but someone can just rename a .bat file that run the trojan to a .exe, pretend it's the install file for the new Pentium II to Merced converter and send it to you. - A good rule of thumb is the good old "Don't trust anyone". - If you're really paranoid about files you receive, get an hexeditor and scan the file for any irregularities such as the word "virus" or any unusual stuff. - Programs like ICQ are also a big concern for security, as most people know, ICQ is still in beta so security bugs are numerous. Don't rely on ICQ for security over your conversations. Use an encryption program such as PGP. - Unless you really need the stuff, disable javascript since it's quite insecure. Linux tips ( Some Windows tips also apply to Linux ) : - Remove lines like ttyS* in /etc/securetty. This will deny root access to any remote machine. - If you're really paranoid, modify your /etc/hosts.deny and /etc/hosts/allow files as to prevent any connections to your box from outside. - Recompile your kernel, enable firewalling and configure Linux the same way as in Windows to block unwanted incoming junk. - Edit inetd.conf and disable services you don't need. I know there's still a LOT more I could put in this list but that should give you a good idea on the basics. TekRebel tekrebel@vl.videotron.ca ------------------------- /* Submittings: Free Web Hosting */ ---------------------------------- Ever wanted a domain but couldn't afford the hosting and didn't have a static IP address? Well here's away around both of those problems. Find a free hosting company that gives you http://yourname.host.com. Here is a list of what I have found that gives you yourname.host.com: www.hypermart.net www.fsn.net www.cjb.net (it forwards you to your page, so you will have to sing up for this one and like angelfire.) I am sure there are more, this is just a list I could think of off the top of my head. Ok now this is what you do-- Sign up for one of these services and upload all of your shit to that site. And when you get one of these sites, you get your own IP address (for the site that is). Then scan http://yourname.host.com. You can do this in windows by going into a MS_Dos prompt and you have to be at: C:\windows\ then type: ping yourname.host.com it will say "pinging yourname.host.com [0.0.0.0]". The numbers in the '[]'s is the IP address of your site. Copy it down on paper or remember it or just save it somewhere. This IP will always be the same no matter what. Then you will need a DNS server to point to the IP address of your site. Here is a list of free/cheap DNS server hosting: http://soa.granitecanyon.com/ (free) http://www.mydns.com ($39 a year) http://www.realdns.com (free) Then obviously they should have like a set up thing where you tell it the IP address to point to. Just point it to the IP address of yourname.host.com. Then after that, this just means that the DNS is pointing to the static IP address. Now for the www.yourname.com part. You have to go to internic and sign up for that. You pay $70 for the first 2 years then every year after that you pay $35 dollars. Its not that hard to hook the DNS up to internic or any of those types of servers. Here is a list where you can get other types of names: www.internic.net ($35 a year) www.nunames.nu ($25 a year) www.nic.cx ($32 a year) www.nic.co.uk (not sure) www.dns.be (not sure) Well thats it and have fun with this shit. Like I said, its mainly for those who do not want to pay the normal hosting fee of $20 a month for the domain name or if someone doesn't have a static IP address. It's just a neat way of getting a cheap hosting service. Oh yea, and also, hypermart.net is probably more secure and "hacker proof" then most of the other hosting companies that you pay for. So thats pretty cool too. Lord Oak lordoak@thepoison.org ------------------------- /* Submittings: Collecting Information */ ---------------------------------------- Part of hacking is about finding weaknesses in a particular system. But to find such weaknesses, you must first know the target you are planning to hack or perform a DOS on. Some of the things you should try to find out are: Which operating system the machine is running ( ie. Windows, Linux, Solaris, IRIX, etc. ), which ports are listening for connections, bandwidth of target, version of daemon programs ( ie. Sendmail , popd, ftp program, etc. ). The information above can be obtained remotely most of the time so you don't have to have an account on the machine. For example, when you "telnet somedude.com 25", you will see something like sendmail 8.8.8. That's the version of their mail transport agent ( SMTP ). But you should not always trust what you see : Some administrators fake the version number or simply remove it for obvious reasons. As for the operating system, it's usually very simple to get the information that you need, just telnet to port 23 of the machine you're probing and you'll get a line like this "RedHat Linux 5.2". ( Note that this port isn't open on Windows ) You can also guess the OS by finding out running daemons that only exist for a specific OS. For example, War-FTP is a Win9X/NT only server, so if you get a such a string by telneting to port 21, you can assume it's a Windows box. A good thing to have on your computer is a port scanner. It will come very handy when you have to find out which ports are open on a specific machine. A good one for Windows is the 7th Sphere portscanner. Most of the time, you don't have to scan all the 65k ports because most common ports in use are between 1 and 2000. But it is also possible to change the port for the daemons so don't be surprised if some admin put his httpd ( web server ) on port 5366 and his telnet port on 123. Changing ports is a good way to confuse port surfers. If you're running some UNIX variant, get nmap 2.x. It's by far the best port scanner I've found because it has a lot of useful options, especially when it comes to scanning machines that are configured to detect port scans and block them. Read Phrack 51 for more details on this. TekRebel tekrebel@vl.videotron.ca ------------------------- Ok thanx for reading the third issue of Antidote and remember to submit your news and h/p/c/v shit to us so we can have more on future issues. Also, Please do not get mad at Antidote for anything that is posted on any issues, these are articals that people have submitted to us and if you take offense to something posted on here, please get mad at the person/writer and not Antidote since we didn't have anything to do with it. Thanx again!