The muther fuckin awesome Telix Hacker (TH, duh) for IBM and

The muther fuckin awesome Telix Hacker (TH, duh) for IBM and
IBMish type komputers. If you run Telix, then you can
use this. If not, you wasted some filez pointz.

Shawn-da-Lay Boy Productions (tm) (c) 1989, 1990, 2001...
In cooporation with the Macro 2 division of
Insanity Softwarez Inc.

Opening shit: Version 1.10

Inspired by Phry Code Pro, fellow travelers, and cause I wanted to
see the shit on my screen. And cause I wanted to show the awesome
power of Telix scripts. (Waste of time to tell phuckin pirates
to register Telix). Good for Telenet, PooPnet, or any other
komputer that you wanna hack on. I don't approve BBS hacking so,
SYSOPs, don't blame me if some fucking kid uses it against
your system. I claim no responsibility for the use, abuse, or
effects that this Telix script will generate.

Feel free to modify this to make it work the way you want. Hell,
that's why you got the Bob damned source. But, don't expect me
to fix problems exposed by your changes. If you don't program,
then leave the friggin source alone. Problems and suggestions can
be forwared to me on any of the awesome BBSes that I grace my
presence with. I may not accept your ideas, but I wanna hear
them, dude. Of course if you don't know who I am, this could
present problems, but I hope that the kind SYSOPs will pass on
any relavent comments or Email. Since I actively modem, I am
sure word of serious problems will reach me. However, a few
kind words are always appreciated like, "Fuck, Rad spaggetti code
dude." You aren't still reading this paragraph, are you? I dozed
off about 3 sentences back.

Following this shit, the shit is divided into 4 sections.
general, config, control, and other.

General Shit:

Ok, first you gotta compile the salt source. See your Telix dox
if you don't know how to do that. (like enter CS THxxx at the DOS
prompt, the xxx is the version number of your source, the file
with the extension of .SLT, got it?)

Second, edit the TH.CFG (Telix Hacker config file). And change
things you want changed. See TH config file description for
gorey details. (don't you hate when they do that??)

Third create the Telix Hacker control file (pointed to in the
config file or manually entered, if in manual mode). See
TH control file specifications.

Forth, fire up Telix and invoke the script. Then take a nap, watch
about 10 hours of TV or maybe take a weeks vacation, cause this
is gonna take a while. Of course, if you specify good patterns
(aka plates) then you might get a valid account faster, but it
is probably going to take a muther fucking LONG time. But at
least you can see what is happening and will know you're not
spinning your wheels.

Config shit:

This file specifies shit about how the hacker is to operate. It
has several record types which I will describe shortly. All
Keywords must be delimited by a blank, an equal sign, and another
blank. Like "AUTO = OFF". Keywords may be specified in any order,
just one keyword per record. If a keyword is speficied several times
the last specification will be the one in effect. The config file
must be called TH.CFG and be in your active directory (phuckin MS-DOS
shit).

keyword Silly description

* This signifies a comment record. All text after that will be
ignored. It must be followed by a blank. It can start a
record or be used to comment a config record.

AUTO This tells the hacker to operate automatically. Huh? What
this means is: If AUTO = OFF, then the hacker will ask you
for a control file name and use the one specified in the
TH.CFG file has the default. If AUTO = ON, then the hacker
will just start hacking with the CONTROL filed specified
in the config file. AUTO = ON is useful if you are using a
timed event to fire it up at 3:00 AM when you ain't around
to reply to the prompt. If this record is ommited, OFF is
assumed.

CONTROL This is used to specify the hacker control file that you
wanna use. The control file controls the actually hacking
shit to use. (see control file description later on).
Example "CONTROL = TELENET.HAK". If ommited, the hacker
will look for a file called TH.HAK. If the file isn't found
the hacker will format your C drive. Just kidding, you'll get
a wonderful message asking if you got yer head up your ass
or something equally stupid.

CR This is required. It specifies the two characters that will
designate carriage return. Leave it has CR = ^M. If you change
it, besure that it is two characters.

LF This is required. It specifies the two characters that will
designate line feed. Leave it has LF = ^J. If you change
it, besure that it is two characters.

| CTRL This is required. It specifies the character that will
| designate a control-key combo. If CTRL = ^ is specified and
| you have ^A in a send string, then CTRL-A will be sent.

Here's a sample TH.CFG file:

* Sample Telix hacker config file.
AUTO = ON * Just start hacking
CONTROL = SAMPLE.HAK * hacking samples today...
CR = ^M * carriage return
LF = ^J * line feed
| CTRL = ^ * Control key combo

Control shit:

This file specifies the actual hacking that is to occur. It's
format is the same has the config file, but with different keywords.

The TEST, LOG, CODEZ, DIAL, COUNT, PLATEn, SEEDLn, SEEDHn, DELAY, FORCE,
LOOP, SHOW, PASSFILE, MASTERFILE, SKIP, NOGOOD, and GOOD records may be
specified any amount of times, with the last one taking affect. This
does not apply to the SEND, WAIT, and HACK records, cause their
relative order and multiple use control the way the hacker runs.

keyword Silly description

* This signifies a comment record.

TEST This tells the hacker weather to really dial and hack or not.
If ommited, TEST = NO is assumed. To see how your control file
will work use TEST = YES and the stuff will be displayed on
the screen.

LOG This should normally have a value of NO, ie, "LOG = NO".
Anyother value will cause the hacker to log every attempt
to a file. Like "LOG = TRIES.DAT" will create this file
and write every attempted hack string to it. If ommited,
LOG = NO, is assumed.

CODEZ This specifies the file where good codes should be kept!!!
If ommited CODEZ = TH.FND is assumed. If a file already exists,
then it will be added to, if yer lucky enough to crack a
code, that is...

DIAL This wonderful record tells the awesome hacker what phone
number to dial. It's format is the same as what you
enter in your dialing directory. If ommited, the hacker
won't do shit. Example: DIAL = 10 , hack my 10'th dialing
directory entry. Or: DIAL = M9765555 , for a phone number
not in your directory. The hacker will dial the number
forever, until a connection is made and redial the number
every time the connection is dropped.

FORCE This optional record tells the hacker how many attempts to
make before hanging up and forcing redial. If omitted,
FORCE = 0 is assumed which means keep hacking and only redial
if the connection is lost.

COUNT This is an optional record, If controls how many attempts to
make. Example, COUNT = 10000 says try 10,000 times. If ommited,
keep trying forever, or until the hacker is manually stopped,
which ever comes first.

STOP This tells the hacker to stop after a valid code is found.
YES, means stop and NO means keep on hacking. Ie, STOP = YES
will cause the hacker to stop and hangup the phone. If ommited
STOP = YES is assumed.

SHOW This tells the hack to display the hack string each time a new
code is about to be tried. Use SHOW = YES to display each
hack string before it is sent. Note that it will be displayed
in column 41 of the current line to keep it seperate from the
active terminal session text (hopefully). If ommited, SHOW =
NO is assumed.

PLATEn This specifies a plate for hacking. You can have 0 thru 9
of them. What's a PLATE you say? Well it's how you tell
the hacker what characters to try. It is composed of
special characters that have the following meanings:
# = any number, 0 through 9.
& = any upper case letter, A through Z.
@ = both numbers and upper case letters, 0 through Z.
% = any lower case letter, a through z.
$ = both upper and lower case letters, A through z.
* = all three, 0 through z.. that's 62 possible values.
Example: PLATE0 = &&&###@@@ for specifing a plate of 3 upper
case letters, followed by three numbers, followed by three
upper case alphanumerics (0 through Z). Got it? Good!
Anyother characters are passed along has is. Ie, PLATE0 =
PCP###@@@ would generate a hack string of PCP followed
by 3 numbers, and then 3 alphamerics. Plates can only be
up to nine characters long.

SEEDLn These may be ommited, but if used must correspond to the
plate of the same number. It's used to tell the hacker
where you want the hacking to start. If omitted, lowest
values are used to start. This is useful for restarting
a hacking session. Example: If PLATE0 = &&&###@@@ and
SEEDL0 = CCC555@@@ then the hacker will not use A or B in
in the first three letters and will not use numbers less
that 5 in the three numbers. @@@ still means use all alpha-
merics, Note that numbers come before letters in alphameric
fields so if CCC was speficied for the alphameric field, then
no numbers would be used along with neither A nor B. Clear
has mud, eh? If you have specific letters in the plate then
the corresponding positions in the seed are ignored.
There is no error checking done to see if your seed agrees
with it's plate. So the hacker will run, but the results
may not be what you want. TEST = YES is good for seeing the
effect your seed has.

SEEDHn Just like SEEDLn, but specifies high limits. If PLATE0 =
&&&###@@@ and SEEDH0 = YYY888@@@ then the hacker will not
use Z in the first 3 positions or 9 in the second three.

GOOD This record contains a string that the hacker should expect
to receive when a valid code has been hacked. It should be
the last record in the file, duh. Example, GOOD = WELCOME*.
The "*" is used to end the string. It can contain no more
than 40 characters.

NOGOOD This optional record is used when you don't know what the
GOOD string should be. This means that if anything is
received that is not the NOGOOD string, the hacker should
assume that a valid code has been cracked and write out
the valid code. Either the last GOOD or NOGOOD record in
the control file will be the one in effect.

PASSFILE This is an optional record that will specify a file that
contains a list of strings to use for hacking. Example,
PASSFILE = PASS.DAT would mean read the PASS.DAT file for
strings to use for hacking. Note, for the strings to really
be used, you must have the uppercase word "PASSFILE" in a
HACK record, ie, HACK = PASSFILE*.

MASTERFILE This is a optional record that is used to tell the hacker
weither or not to switch to the master password file (called
THPASS.LST) after all the records in the PASSFILE have been
processed. To cause the switch, MASTERFILE = YES, must be
coded. If ommited, MASTERFILE = NO, is assumed.

SKIP This is used to tell the hacker howmany records in the
PASSFILE and MASTERFILE to skip over. Example, if SKIP =
100, is coded, then the first 100 records in PASSFILE will
be skipped. If the PASSFILE only had 50 records then it
will be skipped along with the first 50 records in TH.PASS
(if MASTERFILE= YES was coded).

DELAY This is the number of seconds to wait for the GOOD/NOGOOD
string. If ommited, DELAY = 6 is assumed.

SEND You may have has many of these has you need, up to 10. They just
specify a string to be sent once the connection is established.
Example SEND = N ... each SEND record encountered will be
sent just has specifed. Useful for the inital shit a system
may ask you before the signon. Note if you want a carriage
return sent you must include that, like SEND = N^M . (^M is
telixese for carriage return.) The string cannot exceed 40
characters The SEND string is terminated by an "*". Example:
"SEND = C C00512^M* send the string and carriage return"
sends 9 bytes, the 8 byte string "C C00512" and the carriage
return.

WAIT Like SEND you can have all of these you want, up to 10. It
specifies text that you expect to receive and will cause the
hacker to wait for it, for up to 5 minutes. If time expires,
the hacker will quit with an error msg. Example: WAIT = NAME:* ,
wait for a NAME: prompt. If you specify a number, then
the hacker will wait that many tenths of a second. Example,
WAIT = 10 , means wait 1 second. For text values, no more
than 40 characters may be specified. Like SEND the string
is terminated by an "*".

HACK This tells the hacker to start hacking. Example:
HACK = PLATE0,PLATE1 PLATE2* any non PLATE values are
assumed to be literals and are sent has typed. If multiple
plates are specifed, then the first one goes through all
possible values before the second one is incremented.
You can have multiple hack records. If so you would probably
seperate them with a WAIT record. The first hack record is
rotated through all possible values, before the next one is
incremented. If a plate is specified in more than one
hack record, it is incremented independantly of the others.
Currently, you can have up to 10 HACK records. Each hack
value (the stuff after the = and before the *) cannot
exceed 60 characters in either the raw form or after the
plate(s) have been substituted. Note, that you can specify
both PLATEn and PASSFILE in a HACK record, if you want.
However, the PASSFILE keyword should only be used once, in
one HACK record only. There is nothing to stop you from
using PASSFILE in mutiple HACK records, but why would you?
Also be careful with the length of the strings in your
PASSFILE so that they don't overflow the HACK string after
the PASSFILE string has been inserted in the HACK string.

LOOP This optional record has no value. It's purpose is to tell
the hacker that a loop needs to be done from the next SEND,
WAIT, HACK record until the last SEND, WAIT, or HACK record.
If omitted, then the program will loop from first HACK record
thru the last SEND, WAIT or HACK record. Or if you have only
one HACK record, then the program will loop that one.

Here's a sample control file:

* sample hacker control file, dudez.....
TEST = YES * Show me the modem program.
LOG = NO * they said leave it this way...
CODEZ = SAMPLE.ACT * valid accounts and PWs here please, please..
DIAL = 1 * USE MY FIRST ENTRY...
FORCE = 0 * just keep hacking
COUNT = 35 * TRY 35 TIMES, I AIN'T GOT ALL DAY..
STOP = YES * just get me one code...
PLATE0 = #&&&&&&# * HACK a number, six letters, and a number
PLATE1 = & * ONE LETTER
PLATE5 = ### * HACK 3 NUMBERS
PLATE7 = @@ * HACK 2 ALPHAMERICS
* EDL0 = 5YYBBBB# * DON'T some stuff (commented out SEEDL0
* EDH0 = #YYYYYY# * DON'T TRY Z'S (commented out SEEDH0
GOOD = AT* look for an AT to say we are in!!!
DELAY = 2 *wait 2 seconds
*
* The following records control the modem. (modem program?? eh??).
SEND = @* SEND an @ sign
WAIT = 5* WAIT 5 TENTHS OF A SECOND
SEND = D^M^J* SEND D, a CARRIAGE RETURN, and a LINE FEED.
WAIT = :* WAIT for the : prompt
LOOP *actually this is not needed here has I have only 1 HACK record
HACK = ID=YOMAMA,PASS=PLATE0PLATE7^M^J*hack the fucker

The "*" is used terminate the string in the SEND, WAIT, GOOD, NOGOOD,
and HACK records so that they may contain embedded blanks. None of
the other record type may contain embedded blanks. Ie, the COUNT,
DIAL, PLATEn, TEST, LOG, CODEZ, DELAY, LOOP, SEEDLn, SEEDHn,
SHOW, PASSFILE, MASTERFILE, SKIP, and FORCE values are all
delimited by a blank.

Other shit:

Ok, if you have been trying to read this shit and figure out if
this is useful or not, let me just say that hacking takes so
much time, that you have to be smart about your attack. In other
words, trying to hack a plate like six numbers would represent
one million combinations. Even at an incrediable rate of 1 second
per hack attempt, it's a long time. Well, its about 11.25 days,
so it ain't forever, but in reality, it's much longer, like 9 weeks.
Of course you could get lucky and crack one, say, after a week.
But even that seems a tad too long for my tastes. Yours too. So,
phuck, what are you gonna do? Well, you have to know something
about your target. Like if you think the password is 2 letters and
a 6 digit number, then try SS313### as a plate or things like
that. 3 numbers represents 1,000 tries that at 9 seconds per hack
attempt (a reasonable number) would take 2.5 hours. If your are
guessing six digit numbers, I would run it with at least 3 digits
specified or even 4 if I was watching. Of course at 9600 you might
get the time down to 1 second per attempt, but if the system
drops carrier every three attempts, then 6 seconds is about as
good as it gets.

Well, that was a lot of shit, wasn't it? Hopefully after you try
it a bit, the descriptions will make more cents...

This fucking code would have been a lot easier if the damn thing
supported arrays... Oh well kuldge away!!!!!

Note that all of the "|"s in column one of this text specify changes
to the previous versions of this text.

Another Telix script has been inclued, called MERGE.SLT. It it used
to merge two sorted password files into one file. After you compile
it and invoke it, you will be asked for the names of the input files
and the name of the output file. There is no error checking done,
so if you specify the same file has input and output, then funny
things will probably happen.

Finally, I have spent my time makeing the telix hacker work correctly
when the control and config shit is correctly entered. I have not
tested (much, anyway) what happens when things are specified wrong,
like if you specified a High seed value of 0 for an alphabetic
field in the plate. So if you have problems please brefily state
what's not working and include the CONTROL file that you are trying
to hack with.

Currently the following BBSes are blessed by the Telix Hacker:

The Electric Pub 415-236-4380 3/12/24 24Hrs 90 Megs of leechabilty.
Stainless Steel 415-937-2351 3/12/24 24Hrs Mucho Megs & messages.
Subgenius 415-798-6262 3/12/24 24Hrs of "Bob" and Beer.

Shawn-da-Lay!!!!!!!!!