A mailbombing package entitled UpYours is being circulated and used. It pulls the same shit as REAL hackers were doing with small scripts back in 1988. The only interesting twist is the use of lame Smail-based SMTP relay servers to cover the originator's tracks, not a new trick but this makes it automatic. Subjects and some headers also seem randomly generated to make defensive filtering more difficult. Here are the text files and other interesting parts extracted from the 2 or 3 megabytes of Visual Basic crap. Enjoy. ------------------------------<readme.txt>------------------------------ ---------------------------------------------------- Up Yours V2.0 (c)1996 Global Kos ---------------------------------------------------- Special thanks to Wicked Alliance Must have a 32-bit winsock connection and Windows 95 in order for this program to work properly on your system. Here is the long awaited Up Yours v2.0 a fully anonymous e-mail bomber and mass mailing list subscriber. In addition to this file please read the "how to add to the database.doc" file which will show you how to customize the database to your own servers etc.. I decided about half way through this project to make a seperate application for the newsgroup spamming, it will be coming out sometime this summer and will be called "Up Yours Usenet" .. look forward to it... INSTALLATION ------------- guess what? It's freeware Any problems running this program see the troubleshooting text file I added to the .zip Just run Setup and place the files in the default location or if you want in any directory.. the files in the database are; maillist.mdb and servers.mdb they are both access databases, so if you have access you can open them up and look at them in access, but won't need to because you can manage the databases right from within the program. There is also some info on Global kOS in the kosnfo.zip file including a member application, you cannot apply to be in the main group but we do have a CC (cabon copy) mail list for people interested in learning things.. ONLY APPLY IF YOU HAVE ^VERY GOOD^ SKILL WORKING WITH COMPUTERS (especially the internet, UNIX etc..) and know some programming etc... -------------- The most important part is the .doc file on how to add to the database, it is VERY important you only use servers that have passed the tests to see if they will not do reverse lookup on you, otherwise this program could get you in a world of shit. The mailing list bomber also uses stealth methods to ensure you are not going to get caught red-handed screwing someone over (in a royal way) --------------- At the last minute I added four more servers because I felt nice so now you have 8 fully anonymous servers to start with.. Mailbombing is 100% anonymous if you follow the directions and use servers that have passed the test. The mailing-list subscriber field for information (not address) is used for both subject and body in the message you send, so in case they get wise and try to change things around it will still work I think my most wicked creation is the mailing-list subscriber given the proper input into the database, you could have someone subscribed to 100's or 1000's of mailing-lists in a very short amount of time... (mailing-lists do all the work for you) ---------------- As always be careful using this program!!! I don't guarantee anything. to cover your ass, mailbomb yourself first and look at the headers in the mail so you can verify that the servers are indeed anonymous, this is very important... if mailbombing someone with an autoresponder use their e-mail in the from field.. (tip) -----------------------------<troubles.txt>----------------------------- --------------------------------------------- Trouble with the program --------------------------------------------- If you get a run time error about a server, here is what the VB4 help file says.. Source of Server Not Found message When Crystal Reports searches for the program file CRPE.DLL, it will look first in the current directory, then in the Windows directory, then in the Windows system directory, and finally in the path. Since the installation procedure automatically installs the program in the VB\REPORT directory and updates the path statement in the AUTOEXEC.BAT file (unless you have selected different options), the program should have no problem finding the CRPE.DLL file under normal circumstances. If you have installed Crystal Reports to a directory other than the default directory, and if you have not modified the path statement to include the new directory, you may get a Server Not Found message. How to solve this problem To recover from a Server Not Found message, modify the path to point to the directory that holds CRPE.DLL, or move the program to the Windows directory, the Windows system directory, or a directory in the current path. ----------------------------------------------- If you accidentally delete one of the anonymous servers here is the list that I ship the program with.. sun2.iafrica.com pilot02.cl.msu.edu perch.iserver.com emerald.oz.net sojourn1.sojourn.com bham.net mis01.micron.net smtp.1eagle1.com These are only a small fraction of the servers that are availiable on the internet.. I would suggest finding your own and using them vs. using these all the time... because once this program starts to get heavily used... these will probably not be around anymore.. ------------------------------------------------ If the program tells you that you need a file and if you cannot find any of these files go to the following www page http://ftpsearch.unit.no/ftpsearch This is FTP search 95' enter in the name of the file you need and when it gives you the list, right click on one and save it right into your windows\system directory.. ------------------------------------------------ if you have any questions about finding new servers I have included a file to show you how to find them.. -----------------------------<disclaim.txt>----------------------------- -------------------------------------------- Disclaimer -------------------------------------------- Global kOS, AcidAngel or all parties involved cannot be held liable for any misuse or damages caused by the use of this program, This program is meant to be an example of what can be made using a little ingenuity. Any damages resulting in the misuse of this program are the sole responsiblity of the offending parties and not of the authors or associates of the authors. Dolphins systems cannot be held liable for the use of their custom controls in the program. this is a beta release and is not meant for general distibution if this program is distributed via the WWW it is not endorsed by me. This program in it's present form is mean't for release to a few of my friends to do with as they wish. I cannot be held liable for any indirect or direct damages this program may cause to network or workstation servers. This program is a tool and as such a tool should only be used with extreme caution. By using this program in a malicious manner a user is commiting harassment against another user. This program is not used by the author and cannot be held as evidence of such.. -------------------<strings from database files *.MDB>------------------ maillists BBB6******( MSysRelationships 22222222220 MSysQueries ,,,,,,,,,,* MSysACEs ))))))))))' MSysObjects ,,,,,,,,,,* MSysDb ''''''''''% Relationships ........., Databases **********( Tables ''''''''''% MSysRelationships 22222222220 MSysQueries ,,,,,,,,,,* MSysACEs ))))))))))' VC mailhost subscriber info LVAL <) maillists **********( MSysRelationships 22222222220 MSysQueries ,,,,,,,,,,* MSysACEs ))))))))))' MSysObjects ,,,,,,,,,,* KKD AllowZeroLength Required& mailhost subscriber info KKD AllowZeroLength Required& mailhost subscriber info LVAL D) mailhost subscriber info listp listproc@inquiry.comsubscribe javascript) majordomo@obscure.orgsubscribe javascript + listserv@busop.cit.wayne.edusubscribe cranes- majordomo@lists.best.comsubscribe" aclark-request@tfbbs.tvinet.comsubscribe) then-request@lysator.liu.sesubscribe% tracy-chapman-request@julie.vf.pond.comsubscribe tracy-chapman @( majordomo@southwind.netsubscribe mariah-news- boo@downton.demon.co.uksubscribe boo% majordomo@tcp.comsubscribe lullaby# OBEN@boingo.comSubscribe OBEN Majordomo@lists.best.comsubscribe netfobs* white-house-request@wupper.desubscribe' BLOODeMAIL@aol.comSUBSCRIBE bc-request@specklec.mpifr-bonn.mpg.desubscribe/& majordomo@phoenix.oulu.fisubscribe beloved+ basia-request@jane.tiac.netsubscribe% majordomo@hers.comSUBSCRIBE BANGLES$ Leadheads-Announce-request@apocalypse.orgsubscribe3* Standard Jet DB VC Id ParentId Name Type DateCreate DateUpdate Owner Flags Database Connect ForeignName RmtInfoShort RmtInfoLong Lv LvProp LvModule LvExtra Id ParentIdName VC ObjectId SID ACM FInheritable ObjectId VC ObjectId Attribute Order Name1 Name2 Expression Flag ObjectIdAttribute VC szRelationship grbit ccolumn icolumn szObject szColumn szReferencedObject szReferencedColumn szObject szReferencedObject szRelationship d`w`a`vfv ufm`wjrpvijsv w`amfv ov}v`bfv ov}vrakfbwv ov}vtxfujfv ov}vufm`wjrpvijsv vfuzfu ov}vda server ???3''''''% MSysRelationships 22222222220 MSysQueries ,,,,,,,,,,* MSysACEs ))))))))))' MSysObjects ,,,,,,,,,,* MSysDb ''''''''''% Relationships ........., Databases **********( Tables ''''''''''% MSysRelationships 22222222220 MSysQueries ,,,,,,,,,,* MSysACEs ))))))))))' VC server LVAL server ''''''''''% MSysRelationships 22222222220 MSysQueries ,,,,,,,,,,* MSysACEs ))))))))))' MSysObjects ,,,,,,,,,,* MSysDb ''''''''''% Relationships .KKD AllowZeroLength Required$ serveKKD AllowZeroLength Required$ server LVAL server clover.cleaf.com dfw-ix7 clover.cleaf.com clover.cleaf.com dfw-ix7. clover.cleaf.com clover.cleaf.com clover. mis01.micron.net bham.n smtp.1eagle1.com mis01.micron.net bham.net sojourn1.sojourn.com emerald.oz.net perch.iserver.com pilot02.cl.msu.edu sun2.iafrica.com ----------------------------<how-to-add.doc>----------------------------- Up Yours V2.0 How to add to the anonymous server database. Hello, and welcome to the latest release of the dreaded Up Yours 2.0 by Global kOS. This file will cover some of the aspects of finding anonymous servers and using them within Up Yours 2.0. The mailservers I have supplied (only 8 of them) will last for awhile, but will probably go down after a time (because of overuse) so save all of those messages in your trash (in eudora or whatever) and keep a listing of all of them somewhere.. The info you will need out of each one is as follows.. You may recieve a message like this (this is shown with the headers, headers can be viewed in eudora by pressing the "Bla Bla" button in the top of the message window. -------------------------------------------------------- Received: from ns1.footnet.com (FOOTNET.COM [206.170.160.2]) by angel.com (8.6.1 2/8.6.12) with ESMTP id LAA04916 for <acid@angel.com>; Mon, 27 May 1996 11:23:49 -0700 Received: from some1.footnet.com ([206.170.160.75]) by some1.footnet.com (post.office MTA v1.9.3 evaluation license) with SMTP id AAA144; Mon, 27 May 1996 11:38:42 -0700 To: acid@angel.com From: some1@footnet.com (Ryan Wahle) Subject: >>> Electronic Magazine - May <<< Date: Mon, 27 May 1996 11:38:42 -0700 Message-ID: <19960527183511122.AAA144@some1.footnet.com> Message body would be here ----------------------------------------------------------------------------- the part in red is the part you would be interested in, copy this and paste it into a blank text document and keep track of them, many do not work but 1 or 2 in 10 or 20 will... Copy this and paste it into the server field in the program, then click the random check box so that it is not checked and send yourself one e-mail and repeat with however many servers you have.. Then go and look at the headers in your mail program. The majority of the time you will get something that looks llike this.. (sections in blue by me..) ----------------------------------------------------------------------------- Received: from p13.lb0.angel.com (p13.lb0.angel.com [205.215.110.46]) <= this is how they find you, all your info is right here.. by franklin.cris.com (8.7.5/(96/05/31 2.38)) id SAA20516; Sun, 2 Jun 1996 18:23:02 -0400 (EDT) [1-800-745-2747 The Concentric Network] From: <vystjaovaqeui> Message-Id: <199606022223.SAA20516@franklin.cris.com> Errors-To: vystjaovaqeui X-Authentication-Warning: franklin.cris.com: Host p13.lb0.angel.com [205.215.110 .46] didn't use HELO protocol <=spoof didn't work on this one DATE: 02 Jun 96 3:22:59 PM TO: acid@angel.com SUBJECT: i chphswou Place your message here ---------------------------------------------------------------------------- Everything in red in the preceeding example is BAD so do not use this particular host, move onto the next one and keep trying... I have done hundreds of these, there are really quite a few servers out there.. sometimes you will get several in a row... seems that the ones that start with smtp.*.* usually work and the relay#.*.* do not in general.. The mail. ones are 50-50 Here is an example of a good one!! ---------------------------------------------------------------------------- Received: from mis01.micron.net (mis01.micron.net [198.60.253.51]) by angel.com (8.6.12/8.6.12) with SMTP id PAA27340 for <acid@angel.com>; Sun, 2 Jun 1996 15:2 2:57 -0700 From: hnngfoie@micron.net Received: by mis01.micron.net (Smail3.1.29.1 #5) <= this is the part that is what makes it anon.. id m0uQLXt-000TTxC; Sun, 2 Jun 96 16:22 MDT Message-Id: <m0uQLXt-000TTxC@mis01.micron.net> DATE: 02 Jun 96 3:22:46 PM TO: acid@angel.com <=this only states that it has been recieved by your server for you SUBJECT: ogbc Place your message here ----------------------------------------------------------------------------- The sections in blue show that your server has recieved it for you if you send this same message to another person their info is in the blue sections.. (this happens to be a server I am giving you in the database) this is what you want so this server is a good one (the grey one on the first line) and will provide you with anonymity when mailbombing someone.. This is how you find the new servers to use with the program.. Using servers not checked will comprimise your anonymity and you will be busted for the mailbombing, so make sure to check every one that you place in the database, and check them frequently to make sure that they are still 100% anonymous I would recommend checking every server before you ever start a large transaction.. Sometimes it is quicker to send 100 or so through only one server at a time.. You can advance to the next server by the random check box. When only using one server you can send mail at the rate of 20 messages in 1.8 seconds.. (with a 28.8 and a fast server)... I am working on making the spoofing better so that all servers can be used. when this happens shit is really gonna go crazy.. But I have a feeling shit is gonna go crazy over this version anyway.. } -------------------<strings from application .EXE file>------------------ This program requires a VGA/MCGA card. kos.pcx GkOS GENERAL APPLICATION .__ ___. .__ __ ____ | | ____\_ |__ _____ | | | | ______ ______ / ___\| | / _ \| __ \\__ \ | | | |/ / _ \/ ___/ / /_/ > |_( <_> ) \_\ \/ __ \| |__ | < <_> )___ \ \___ /|____/\____/|___ (____ /____/ |__|_ \____/____ > /_____/ \/ \/ \/ 1996\/ GkOS GENERAL APPLICATION "We work in the dark - We do what we can We give what we have Our doubt is our passion, and our passion is our task The rest is the madness of art" - Henry James http://www.nacho.com/kos globlkos@pixelstorm.com PResS <EnTeR> To gO To NeXT liNe, <eSc> To coNtiNue -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Handle/Alias: Email Address: Do You Maintain A Web Site? (Y/N) Is It H/P/A/C Related? URL: Page Title: Computer Type (Platform): Modem Speed: Current Affilations: Past Affilations: Do You Have An FTP Site? (Y/N) Connection Speed: Hard Drive {Free} Space: Hard Drive {Total} Space: Is It Up 24/7 ? Will You Distribute GkOS Software? (Y/N/Maybe) How Did You Hear About Us? Are You Familiar With Our First Software Release: Upyours! The Email Bomber? (Y/N) What Languages? Visual Basic C/C++ Perl/CGI HTML Assembly Other Pick Another Language? (Y/N) Ever Reverse-Engineer or Decompile a Program? What Can You Offer The Group? Programming ArtWork Cracks Warez Connections Other Can You Offer More? (Y/N) Ever Read The Hacker's Manifesto by Mentor? (Y/N) Do You Read 2600 - The Hacker's Quarterly? (Y/N) Identify The Following: NSA: FBI: GkOS: NAM: ESN: MIN: 127.0.0.1: Are You Familiar With PGP? (Y/N) Do You Use It? Are You Familiar With Puffer - Email Encryption Software? Would You Be Willing To Use It? Do You Own A UNIX Shell Acount? (Y/N) Do You Use IRC? (Y/N) Which Channels Are You On Most: List Nick(s): Do You Read Newsgroups? (Y/N) Which Ones Do You Frequently Visit: Any Last Words? (Y/N) By submitting this application you are requesting to be a part of the Global kOS Hack Group as a CC: Member, meaning you will be copied on all email correspondence and will be able to participate in our activities, although you will not be considered as one of the original ten (10) founding members. In order to submit this application to GkOS, please email it to Global kOS at <globlkos@pixelstorm.com>. Understand that we are a new group, and it will take some time for all of us to review and process your application. We are only accepting KNOWLEDGEABLE and DEDICATED people, No Lamers Por Favor! http://www.nacho.com/kos globlkos@pixelstorm.com Copyright 1996 Global kOS - coded by That Guy