.:==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==:.
::                     f0rbidden knowledge issue two                        ::
`:==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==:'
 
.:--==--==--==--==--==--==--==-->> Contents of This Issue <<--==--==--==--==:.
::                                                                          ::
:: -=>Welcome<=-                                                            ::
::                                                                          ::
:: (x) Disclaimer ............................................ The Editor   ::
:: (x) Introduction .......................................... The Editor   ::
:: (x) Weird of the Month .................................... The Editor   ::
:: (x) Feedback and Stuff .................................... The Readers  ::
::									    ::
:: -=>Phreaking Stuff<=-                                                    ::
::                                                                          ::
:: (x) MTN Voicemail Hacking ................................. Wyzewun      ::
:: (x) Microsoft South Africa looses R3500 ................... Wyze1+Satur9 ::
:: (x) South Africa's answer to ANI .......................... Line Noise   ::
:: (x) Telkom Voicemail Hacking .............................. Marc Satur9  ::
:: (x) Beigeboxing in South Africa ........................... Wyzewun      ::
::                                                                          ::
:: -=>Hacking Stuff<=-                                                      ::
::                                                                          ::
:: (x) Hacking through Windows 95 Plus! Security ............. Wyzewun      ::
:: (x) Update on the Nedbank Windoze NT Hack ................. Gevil+Wyze1  ::
:: (x) How to get a unrestricted shell on Nedbank ............ Wyzewun      ::
:: (x) Windows 95/98/NT Backdoor ............................. Marc Satur9  ::
::                                                                          ::
:: -=>Misc Stuff<=-                                                         ::
::                                                                          ::
:: (x) Ripping off Arcade Machines ........................... Wyzewun      ::
:: (x) Compact Disc Theft .................................... Cyberdave    ::
::                                                                          ::
:: -=>Parting Words and Credits<=-		      			    ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==--==--==--==--==--==--==--==>> Disclaimer <<--==--==--==--==--==--==--:.
::									    ::
:: Telkom are solely responsible for this file. This file was at one stage  ::
:: an article on the evils of Masturbation that a 10-year old was attempting::
:: 2 upload 2 Christian Network BBS. Due to the bad quality of Telkom's     ::
:: lines, the file became corrupted and turned into this. All complaints    ::
:: can be addressed to telkom@telkom.co.za :-)                              ::
::									    ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==--==--==--==--==--==-->> Introduction by the Editor <<--==--==--==--==:.
::                                                                          ::
:: Greetings Earthling...                                                   ::
::                                                                          ::
:: The response to Issue one of f0rbidden knowledge was very encouraging    ::
:: and we are glad to say that FK is without doubt, a success. The e-zine   ::
:: will be published monthly and distributed at the following sites...      ::
::                                                                          ::
:: www.posthuman.za.net					                    ::
::                                                                          ::
:: I would like to extend my thanks to Coffee, Alcohol, Columbian Cola,     ::
:: Marilyn Manson, Beck, Pop Will Eat Itself and vast amounts of sugar for  ::
:: helping me so much with the construction of this issue. Oh yes, and I    ::
:: almost forgot - Cache asked me to publically thank him for phoning me    ::
:: at the most awkward times possible - So Cache, thank you for being such  ::
:: a Butthead. :)                                                           ::
::                                                                          ::
:: Well, that's pretty much it from me. Hope you enjoy the zine - The       ::
:: two articles which are this month's highlights are without a doubt our   ::
:: new Nedbank exploit which lets you into an unrestricted shell and our    ::
:: completely original Windows 95/98/NT backdoor.                           ::
::                                                                          ::
:: All comments, questions, article submissions and subscription requests   ::
:: can be mailed to the Editor at wyze1@syrex.co.za                         ::
::                                                                          ::
:: Cheers                                                                   ::
:: Wyzewun                                                                  ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==--==--==--==--==--==->> Weird of the Month <<=--==--==--==--==--==--==:.
::                                                                          ::
:: We were Neurophobic and Perfect                                          ::
:: The day we lost our souls                                                ::
:: Maybe we weren't so human                                                ::
:: But if we cry, We will rust                                              ::
::                                                                          ::
:: And I was a hand grenade                                                 ::
:: That never stopped exploding                                             ::
:: You were automatic                                                       ::
:: And as hollow as the "O" in God                                          ::
::                                   - Marilyn Manson, Mechanical Animals   ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==--==--==--==--==--==--==--==--==--==-->> Feedback <<--==-==--==--==--=:.
::                                                                          ::
:: Bah, we got about 3 megs of mail, so I figured including it all would be ::
:: a bad idea, but please, you are still feel free to mail us any comments, ::
:: questions, suggestions, subscription requests and article submissions.   ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


\\..........................................................................//
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
::                           Phreaking Stuff                                ::
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
//..........................................................................\\


.:--==--==--==--==--==--=>> MTN Voicemail Hacking by Wyzewun <<=--==--==--==:.
::                                                                          ::
:: Despite the MTN Voicemail system now being relatively free of Software   ::
:: bugs, it is still ridden with security flaws caused by MTN's lack of     ::
:: proper explanation of how exactly the Voicemail system works. The        ::
:: following is quoted from an MTN instruction manual...                    ::
::                                                                          ::
:: "You may want to set a password for your mailbox. Make it something easy ::
::  to remember, like the first 4 digits of your phone number."             ::
::                                                                          ::
:: What they *dont* explain is that anyone who knows this password can axs  ::
:: your vmb and that a default password of "1234" will be present if you    ::
:: neglect to set one. The general security on the MTN Voicemail system is  ::
:: incredibly slack, save the MTN employee VMB's.                           ::
::                                                                          ::
:: There are fewer unused VMB's than on the Vodacom system and the VMB's    ::
:: usually have fewer privaleges, but security in general is far inferior   ::
:: to the security on Vodacom VMB's and social engineering is easier too,   ::
:: these guys don't ask why, they just reset the VMB. ;-)                   ::
::                                                                          ::
:: Oh, and one last thing, try as *hard* as you can to hack the VMB of any  ::
:: number that starts with (083) 2121 because these are phones with MTN     ::
:: employee privaleges. Find some-one with a really high status and you     ::
:: could take over MTN comlpletely. =)                                      ::
::                                                                          ::
:: Don't do anything I wouldn't do. (evil fucking grin)                     ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==-->> Microsoft SA Looses R3500 because of Wyze1 and Marc Satur9 <<==--:.
::                                                                          ::
:: Oh dear. Looks like Microsoft South Africa ran into a bit of a problem   ::
:: with their phone account. You see, MS are money-grabbing idiots who want ::
:: to earn as much as possible, whilst still spending as little as possible ::
::                                                                          ::
:: It is worth noting that they decided to select a cheaper Toll Free       ::
:: service from Telkom in which they would pay per call they recieve. It is ::
:: also worth noting that they invested in a cheap, bad PBX system. So,     ::
:: what happens when two sick, twisted children (Wyzewun and Marc Satur9)   ::
:: find a way to keep ten public phones billing Microsoft every night for   ::
:: a week, because their stupid, Microsoft Made Answering machine system    ::
:: doesn't know how the fuck to ATH0 ;-)                                    ::
::                                                                          ::
:: Unfortunately, Microsoft are abandoning their Toll Free Number for       ::
:: reasons which they are not announcing to the public. Ag, yeh, they know  ::
:: it was us... we phoned in responsibility (grin)                          ::
::                                                                          ::
:: This article was dedicated to the memory of 0802111104 - Rest in Peace   ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:==--==--==--==--==--==--==--==>> Telkom VMB Hackin by Marc Satur9 <<==--==:.
::									    ::
:: >Note from the Editor: Due to the sensitivity of this system at present  ::
:: it is in our best interests to not release this information until FK3    ::
:: considering that we are already publishing highly sensitive info on      ::
:: Nedbank in this issue<						    ::
::									    ::
`:--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--:'


.:==--==--==--==--==-->> South Africa's Answer to ANI by Line Noise <<==--==:.
::                                                                          ::
:: Well, yeh, Wyzewun is writing this, but it's info I got from Line Noise. ::
:: Now, if you dial 101999 (Toll Free Call) it will tell you the number of  ::
:: the phone you are dialing from! Unfortunately, this number only has one  ::
:: line, so it's pretty hard 2 get through during the day, but keeping      ::
:: trying  coz it is worth it. For those of you with little phreaking       ::
:: experience who don't understand what exactly one would use this number   ::
:: for, you are free to mail any member of the SoS and ask. =)              ::
::                                                                          ::
`:--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--:'


.:--==--==--==--==--==>> Beigeboxing in SA according to Wyzewun <<==--==--==:.
::                                                                          ::
:: Allright, this wont cover the construction of a Beige Box or any of that ::
:: junk coz f0rbidden knowledge prides itself in its simplicity. This will  ::
:: just cover use of a Beigebox in South Africa Now, take a stroll down to  ::
:: that nice big blue box that says Telkom on it just down the road from    ::
:: your house. yes, the one that looks like this...                         ::
::              _____________                                               ::
::             (XXXXXXXXXXXXX)                                              ::
::              |.---------,|                                               ::
::              ||        (o|   >> ascii art stolen from kokey <<           ::
::              ||         >|                                               ::
::              ||========(o|                                               ::
::              ||         >|                                               ::
::              ||        (o|                                               ::
::              |`---------'|                                               ::
::  ____________`+---------+'______________                                 ::
::  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                                 ::
::                                                                          ::
:: Right, now there are several methods which Telkom use to keep us out of  ::
:: their precious little boxes...                                           ::
::                                                                          ::
:: 1) A Handle - Yes, in the rural areas there will be a single handle      ::
::               which will open the door.                                  ::
::                                                                          ::
:: 2) Three triangular bolts - The most commonly used method, will open     ::
::                             with the proper tool                         ::
::                                                                          ::
:: 3) Three or One Circular Bolt - This is a wierd system which is also     ::
::                                 common. Saw a little line in a piece of  ::
::                                 hollow pipe and use it 2 open these      ::
::                                                                          ::
:: 4) A Lock - Bah! Telkom cheats! I've never been good with lock picking   ::
::             but I've found that bolt cutters also work :)                ::
::                                                                          ::
:: Right, now let's say that you are in the box. What will you see, well,   ::
:: there are two possibilities. You may see a big mess of black and white   ::
:: wires. Find a black and white wire that originate from the same terminal ::
:: and strip them. Then connect your box. I've often found that Telkom have ::
:: already stripped quite a lot of the wires on these boxes, which makes    ::
:: things go considerably faster.                                           ::
::                                                                          ::
:: Alternatively, you may see little black and white terminals like the     ::
:: ones that connect your speakers to your Hi-Fi. Strip your wires, slide   ::
:: them in, and press down to make it snap into a secure connection.        ::
::                                                                          ::
:: Once you've got a line, have fun! Phone your friends overseas, do        ::
:: whatever. And if you want data, I would suggest getting your hands on a  ::
:: Compaq C-Series PDA, tiny and secure, it's the ultimate hacking tool.    ::
::                                                                          ::
:: Later... If you have any trouble with this stuff you can mail me at      ::
:: wyze1@syrex.co.za for a bit more detail                                  ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


\\..........................................................................//
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
::                            Hacking Stuff                                 ::
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
//..........................................................................\\


.:--==--==--==> Win95 Plus! Security package Vulnerability by Wyze1 <<--==--:.
::									    ::
:: Wow, I want to make my Windows boxes secure with the 31337 Security      ::
:: package by MS for Windows 95 Plus! No-one will be able to get in - look, ::
:: I have no start button, or desktop, they're helpless! Now, what was the  ::
:: key to re-login again? Was it Ctrl+R? No, that looks like a RUN menu.    ::
:: Damn, What could it have been... ???                                     ::
::									    ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==->> Update on the SoS Nedbank Windows NT Exploit by Wyze1 & Gevil <<--:.
::                                                                          ::
:: Yeh, the code doesn't work anymore. :( And yeh, we cracked root on this  ::
:: piece of machinery too now, but we'll share that with you later, or when ::
:: Nedbank fixes the root exploit included in *this* ish. Gevil and I might ::
:: also stop publishing this stuff at one point, because very soon, the SoS ::
:: will have a very bad name with Vodacom, Telkom, MTN and Nedbank          ::
::                                                                          ::
:: We may find some other victims for next month, (Gevil and myself are kind::
:: of bored of Touch Screen hacking now, and want to try new, but equally   ::
:: supposedly impossible things) Or, we may just continue fucking over our  ::
:: favourite enemies. Bah, who cares? No-one in the SoS has been arrested   ::
:: yet. We're fine... Right?!! =)                                           ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==--==--==->> How to get a Rootshell on Nedbank by Wyzewun <<--==--==--=:.
::                                                                          ::
:: Yes, our old Nedbank hack doesn't work anymore. Bah, I was bored of the  ::
:: employee menu anyway. Unrestricted shell sounds good to me. Yeh, think   ::
:: I'll get myself one of those. =)                                         ::
::                                                                          ::
:: Allright, y'know those old Nedbank ATM's with the full keyboards? Well   ::
:: go find one! Right, so you found your target - this machine is running   ::
:: Windows 3.11 for Workgroups with TCP/IP                                  ::
::                                                                          ::
:: Press the second Green Button on the Right and Yes at the same time      ::
:: Press the Help/Tab button                                                ::
::                                                                          ::
:: Now, you are chucked in2 some lame proggy called Nedshell. It's some     ::
:: sort of a taskmanager-type-thing. Bah, it's boring. Press "e" to end all ::
:: current tasks and close all Windows. The Screen will go black and then   ::
:: go into a Normal Windows 3.11 Interface for your hacking pleasure.       ::
::									    ::
:: But please guys, don't change anything, lest you get caught. I don't     ::
:: want to be responsible for the arrest of 500 ZA-Hackerz. Just look       ::
:: around, explore the system, cruise the net (yip, some of dem have i-net  ::
:: access) and tinker intelligently, making sure not to break things        ::
::									    ::
:: Most importantly, have phun, but don't do *anything* stupid. The less    ::
:: stupid everyone is, the longer Nedbank will take to fix this bug, and    ::
:: the longer you will all have axs to Nedbank's server and free i-net.     ::
::									    ::
:: Enjoy Kidzzz... 							    ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==--==--==--==-->> Windows 95/98/NT Backdoor by Marc Satur9 <<==--==--==:.
::                                                                          ::
:: Windows 95/98/NT appears to be full of undocumented extras (efg). While  ::
:: running my BSD box on a windows' network, i noticed that all the remote  ::
:: administration was coming from a "user" called ADMIN$.                   ::
::                                                                          ::
:: I then experimented a little and found that sharing any folder as ADMIN$ ::
:: is the equivalent of enabling remote administration, only it's not that  ::
:: easy to find out if the box is "infected". You can share any folder, the ::
:: best results usually come from a subfolder deep within the "windows"     ::
:: directory, one that they won't look in. The only way the user is likely  ::
:: to detect he is "infected" is to run Netwatcher at the same time that you::
:: are accessing his box. >Editors Comments: Or by using the netstat program::
:: in his Windows Directory<                                                ::
::                                                                          ::
:: The only way he can "clean" it off is to enable and then disable remote  ::
:: administration. If you hide the shared folder well enough, you should    ::
:: not get caught at all - The shared folder will also not show as a share  ::
:: in Netwatcher if it is named ADMIN$ and somewhere within the Windows     ::
:: directory.                                                               ::
::                                                                          ::
:: >Editors Comments: If there is any demand for it, the SoS would be happy ::
:: to write a program to install this backdoor on a host. Of course, we     ::
:: won't bother if nobody asks<                                             ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'
                                                                      

\\..........................................................................//
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
::                         Misc. Stuffenhauzen    		            ::
::==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==--::--==::
//..........................................................................\\


.:--==--==--==--==-->> Ripping off Arcade Machines by Wyzewun <<==--==--==--:.
::                                                                          ::
:: This method was originally thought up by Vortexia, but he is too busy to ::
:: write a file like this and probably wouldn't admit to thinking this up   ::
:: anyway, having thought up much more amazing stuff than this before, so I ::
:: wrote it myself. ;)                                                      ::
::							                    ::
:: If you've ever been to an arcade that uses a card system, you've         ::
:: probably seen the card thats just a piece of cardboard, with a line of   ::
:: tape in it, a lot like the tape you'll find on an audio casette.         ::
::                                                                          ::
:: Get about 20 of these cards, or however many you'll need before you can  ::
:: spool them inside an audio casette. Then play this sound to your PC,     ::
:: record it in WAV format and loop 90 minutes of this sound onto another   ::
:: audio casette. Then, whenever you need a card, cut a piece off this tape,::
:: stick it on a piece of card, and you're fully recharged. If you ever     ::
:: play e-nuff games to finish the 90-minute tape, then just make another   ::
:: one with the WAV file you still have on your HD.                         ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==--==--==--==--==--==->> Stealing CD's by Cyberdave <<==--==--==--==--=:.
::                                                                          ::
:: Yeh, steal some CD's, why not? They're smaller than buses. :) >Comment   ::
:: from Wyze1 - Stealing buses is cool! You can run over ppl who laugh at   ::
:: you for writing articles on bus theft :P> K, wait at a CD shop until     ::
:: some-one buys the CD that you want. Then, walk out with the same CD in   ::
:: your pocket before he does - The alarm won't go off - it only will when  ::
:: he goes out. Ag, yeh, I would explain how it works, but that would take  ::
:: time and if you can't figure out why this works, you suck :)             ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==--==--==--==--==--==--==--==--==> Thanks and Greets <<=--==--==--==--=:.
::									    ::
:: Aleph1, Balin, Cache, Caliburn, cDc, Corrupt SYN, CrazyG*y, Cyber Demon  ::
:: Cyclotron, daemon9, Emmanuel Goldstien, Hex Acid, HFG, HNN, Informant-X  ::
:: kokey, Kool4Katz, L0pht, Line Noise, LOU, Mudge, Pavlov, Pri$m, r00t     ::
:: Radix, Sector12, Shaddow Skinhead, Sledge, Snadboy, so1o, Team CodeZero  ::
:: THC, The Guild, Vortexia                                                 ::
::									    ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'


.:--==--==--==--==--==--==--==--==--==--=>> Parting Words <<--==--==--==--==:.
::                                                                          ::
:: Well, guess I can safely say that the SoS have done it again - We have   ::
:: released more *quality* textware to the public. We were going to wait    ::
:: a bit longer and include more in this issue, but we wanted to release    ::
:: our new Nedbank hack asap coz the old one stopped working and we had     ::
:: told it to a few ppl already anyway.                                     ::
::                                                                          ::
:: Whatever we include in FK3, you can rest assured that it will be just as ::
:: groundshattering, if not more so, than FK2.                              ::
::                                                                          ::
:: The Sons of Satan / Saviours of Systems are...                           ::
::                                                                          ::
::           ::-=-=-=-=-=-=-=-=-=-=::=-=-=-=-=-=-=-=-=-=-=-=-::             ::
::           :: Wyzewun            :: wyze1@syrex.co.za      ::             ::
::           :: Marc Satur9        :: satur9@syrex.co.za     ::             ::
::           :: SN|PeR             :: sniper@noise.co.za     ::             ::
::           :: Gevil              :: gevil@hotmail.com      ::             ::
::           ::=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-::             ::
::                                                                          ::
`:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--(EOF)--==-:'