Telenet The Secret Exposed...
For years, people and myself, have offtend tried to"work telenet unto acoma..
With no success, for the pest few years, i have gathered data, and final
know the system, its faults, capabilities, and errors.
This really sxould be in a text, file, but. i wish this information, to
be reserved for the few users on this system.
before i start. here are a few basic commands, to get famialir with:
Execution syntax of command function
------------------------------------------------------------------------
Connetc c (sp) Connects to a host (opt)
Status stat Displays network port add
Full-Duplex full network echo
Half-Duplex half Termnial echo
Mail
or
Telemail mail telemail telemail
set Parmaters set (sp) 2:0,3:2 Select Pad Parameters
Read Paramaters par? par?(sp)2:0,3:2 display pad
Set and read
Paramaters set?(sp)2:0,3:2
escape @ escape from data modew
File Trasnfer dtape Prepares network for bulk
continue cont
disconnect bye or d
hang up hangup
terminial term(sp)d1 Set TERM
test
test(sp)char
test(sp)echo
test(sp)triangle
this is the end of the commands, view next msg for useage:
Trap and pipe x.25 prot. (telenet)...
Pleasse note this is a very difficult transaction... The following
flow chart, will only work on a machine with atleast 10 Mhz..
However, an account on a unix, with cu capabilities will also work..
Package networking, is exactly what it means..
before, i go into detail, let me give you and over view...
-------------
Host
-------------
!
!
!
!
-----------------
telenet, remote
$ divertor, and
pacakge.
------------------
!
!
---------------------
! ! ! !
! ! ! !
u u u u
s s s s
e e e e
r r r r
s s s s
If you notice carefully, there is online to the host and 4 users.
That is how its packaged, for instance the first 100 mills. will be
from user on then two etc.. The way telenet can tell which is user
is which, is simply by the time. Time is of the essense. data is
constantly been packed, anywhere from 100 mils. to 760 mils.
The trick to trap tapping and piping, a lead off of telenet, is to have
as system running four proccewss and the same time, and have a master prgm.
that switch's at the appropriate delays... As you can see this is
where a 10 Mhz + system, is needed.
On the host end.
The host end consists of three things..
1) 9600 baud modem
2) a dedicated telcue line
3) a network pad..
I doubt know one needs a lesson on the first two, but lets take a look
at telenets, "weakest" link..
Network Pad
----------
There are three types of network pads a 4 pad 12 pad and 32 pad
They really do not make a diffrence, it only changes the amount
of users, capable of using on line..
example. if you have a 4 network pad. you system will be able to handle
four users from telenet etc...
The network pad is Such a piece of"shit you have know idea..
All parameters are set remotly by a telenet eng..
This is important...
If the pad is every shutoff all parameters are lost.. and an eng. must
reload the pad.. (again, this is done remotly)
to give you a small ifea, of$the amount of programing in thms pad
(which i might add has over 2 megs of internal RAM)
for an eng. to upload it ct 9600 bps.. it took approx 38 mins.
The Pad is not a computer, if ytou think about it though, if your
traveling at 1200 on telenet, your actually travling at 9600 and
back to 1200.. when x.25 is unpacked..
How is the pad set remotly..
lets take an example...
c 2122
now c 2122 /(?this is an example)
ha four nodes its a siml divester to the next node. however you can
specify, the node you want
c"212.01
c 212.02
etc....
nodes can also"be stated as 2122a is the same as "2122.01
and 2122.03 is the same as 2122c
Now that we know how to access the indiv. nodes. let me show you a small
secret...
Theres a programing node.. so an eng. can upload, to your network pad..
every address has it...
it always ends in 99
so, if i wanted to trap and tap c 2122
i would enter c 2122.99
you would get a connected.. but is you notice nothin happens..
at this point do not touch any keys.. a wrong key stroke, will
most likely alert someone to your tampering..
(dont forget, all network pads have a direct alarm signle.. so follow my
directions to the t...
enter in :
@
with out a return.. you should get telenet
@
if you dont give it a min. then hit return. your actually there.
but the prompt, just didnt print..
ok..
Now type
set 15:0
when entered.. hold 15 secs.. for a time delay..
then type in cont
to continue, with the host you brokg from.....
you will get a message:
TP3005 DEBUG PORT V5.37.03
>
your now, directly accessed the network pad..
Please note some of these have passwords:
However
if your prompted for a password, of if nothing happens:
telenet has two standard passwords:
superman
represeting a male tech.
and
$ wonderwomen
repre. a woman tech..
when in your prompt is$allways a greater than sign:
>
type the following:
7FDS
HIT RETURN
youll get a responce: $ E 01
NOW TYPE IN:
L7FE,L,A2,R2,D
then youll get a message: R 00A626 8805
now enter ing: 40588
YOUR RESPONCE WILL BE : E 01
write now you should open atleast a 640K buffer.....
now type in > R0589
YOULL GET A WHOLE LIST OF DATA THAT IS CURRENTLY CROSSING THE PADS
DUPLX.
ON LINE WILL LOOK LIKE THIS:
R 00A625 06805FF17068703 1287100230050540 0000000000000000 FF020101000000