ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
PC Pursuit Thief Version 1.0
By Brew Associates
An Official Phortune 500 Product
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
INTRODUCTION
Greetings, ÿagain. As with any new program or software package it
is always a pain to have to go through and read the documentation, ÿand
this will be no exception (that was a joke). Anyway, these docs should
be ÿa little more detailed in nature due to the fact that I am ÿwriting
this ÿup on processor #1 ÿon the TMCS network and have PC Pursuit Thief
running ÿon processor #2. ÿFinally, ÿtrue ÿdistributed ÿmulti-tasking!
Enough of that.
PC ÿPursuit ÿThief ÿushers ÿin ÿa ÿnew ÿera ÿof ÿhacking ÿutility.
Currently ÿwe have Code Thief, ÿFuckin' ÿHacker and others for extender
hacking, ÿand before PC Pursuit Thief we only had a program called Phry
Code Pro written by the Exciter. ÿWell, ÿbeing that competition proves
advantageous ÿto ÿthe ÿcommunity (of course the Code Thief vs. ÿFuckin'
Hacker "feature wars" can attest to that), PC Pursuit Thief was born to
break somewhat of a monopoly. ÿAnd besides, ÿPhry Code Pro plans on an
extender hacker in future versions, ÿaccording to the documentation for
version 4.0, so to each his own.
STARTING PC PURSUIT THIEF
There ÿare two ways of starting PC Pursuit Thief from ÿDOS. ÿÿThe
first is by just typing PCPTHIEF<return>. If you see it in yourself to
type "PCPTHIEF<return>" ÿinstead of typing "PCPTHIEF" ÿand then hitting
the ÿreturn key, ÿyou have my permission to put your head through ÿyour
monitor.
The ÿsecond ÿmethod is by adding some command line ÿparamaters ÿto
tell PC Pursuit Thief to start hacking in automatic mode at a ÿspecific
time, and then to stop at a specific time, or after a certain number of
valid PC Pursuit ID's and passwords are found:
C>PCPTHIEF 1:00 2:00
The above command entered at the command line will have PC Pursuit
Thief wait until 1:00 ÿam to hack (all times are in 24 hour format) and
then hack until 2:00 ÿam, or until 1 valid code is found. ÿWhat? ÿYou
don't want to stop after 1 valid code, ÿbut think you can snag 2 before
2:00? Well, enter this at the command line:
C>PCPTHIEF 1:00 2:00 2
The ÿ2 above is an optional paramater that tells PC Pursuit ÿThief
to quit after 2 valid codes (or before 2:00 ÿam, of course) - ÿwhatever
comes first. If you want to strictly quit at 2:00 no matter how many
codes are found, enter something like:
C>PCPTHIEF 1:00 2:00 9999
Of course you're not going to get 9999 codes in 1 hour, and that's
the ÿpoint. ÿÿRemember ÿthat this number MUST be an integer, ÿÿso ÿthe
highest it can go is 32767, ÿso "PCPTHIEF 1:00 2:00 ÿ32767" ÿwould have
the ÿsame effect as "PCPTHIEF 1:00 ÿ2:00 ÿ9999" ÿbecause if you're ÿnot
going ÿto get 9999 ÿcodes in an hour you certainty aren't going to ÿget
32767.
By the way, ÿeverything in automatic mode is for FLAGGED templates
only. ÿÿIf there are no flagged templates, ÿthen once it starts up ÿat
1:00 it will drop right back to the operating system after it tells you
that there are none flagged (if you are there of course). ÿYou get the
DOS ÿprompt after PC Pursuit Thief quits, ÿor if you started PC Pursuit
Thief from a batch file, then the batch file resumes processing.
IF PC PURSUIT THIEF IS RUN IN NORMAL MODE
Ok, ÿÿhere's the title screen (yes, ÿI'm looking at it now on ÿthe
other monitor). ÿI added a little disclaimer, ÿbeing that this utility
has the sole function of going after one company only (GTE). ÿAgain, I
stress that the use or misuse of this program is totally up to you. If
you get caught, ÿthat's your responsibility, etc, etc. When I wrote it,
I myself didn't break any laws, but then again is there a legal theaory
for "kenetic energy", or... forget it.
Hit any key to get rid of the title/disclaimer screen. Now you'll
see ÿmy own little "added touch" ÿto the title as the window bounces in
and ÿout/rotates (depending on how you view it) ÿand puts ÿthe ÿprogram
title in it.
THE MENU
Here ÿwe go. ÿKind of looks like Code Thief, ÿdoesn't it? ÿWell,
although ÿit only took me three days (with sleep deprevation) ÿto write
PC ÿPursuit Thief, ÿno code from Code Thief was used. ÿI ÿstarted from
scratch ÿon everything. ÿOh, ÿand we're in Turbo Pascal 5.0 ÿnow, ÿÿso
things are going to be a little bit faster (I especially like what they
did to the screen display speed).
We'll ÿgo ÿover all of the things off the main menu one by ÿone...
as a matter of fact, ÿit would be best if this documentation is printed
out FIRST, ÿthen you follow the following sections along as the program
executes.
>modem/city configuration
Select ÿthis. ÿÿJust use the up and down arrow keys to ÿmove ÿthe
highlight ÿbar ÿand space or return to choose the option of ÿD) ÿÿModem
Configuration. You could also hit "D" ÿthen return or space as a quick
way of getting the highlight bar there.
Ok, ÿÿhere ÿwe have all of the neat things that PC ÿPursuit ÿThief
needs ÿto ÿknow ÿabout talking to the outside world, ÿÿand ÿTelenet ÿin
particular. ÿÿIn ÿthis ÿsection the up and down arrow ÿkeys ÿmove ÿthe
highlight, ÿÿand return or space chooses the option. ÿThe letters ÿ"A"
through ÿ"J" ÿwill take you right to an option with the highlight ÿbar,
but ÿnote that it still takes the pressing of return or space to select
it.
First ÿthing we want to do is tell PC Pursuit Thief ÿwhat ÿComPort
our modem is connected to at. ÿWell, ÿif you have just a COM1: ÿÿmodem
then ÿleave ÿit ÿalone, ÿbecause as you can see the ÿdefault ÿis ÿCOM1:
(ComPort 1). ÿIf your modem is on COM2: ÿor COM3: ÿor COM4: ÿthen ÿhit
space ÿor ÿreturn when Communications Port is highlighted and then ÿuse
the left and right arrow keys to select your ComPort. ÿHit return when
you have the correct one showing on your screen.
Now we need the enter the baud rate. Note that the baud rate will
be ÿthe ÿbaud rate of the Telenet Number that we will enter ÿin ÿoption
"E", ÿÿso keep this in mind and don't screw it up. ÿIf your baud ÿrate
doesn't match the baud rate of the modem that answers when you dial the
number as choosen in option "E", then you screwed up. The baud rate is
choosen ÿjust ÿlike ÿComPort. ÿHit space or return when Baud ÿRate ÿis
highlighted, ÿÿthen use the left and right arrow keys to cycle ÿthrough
the available baud rates. ÿUse return when your selection is what ÿyou
want (and don't screw up, by the way).
The ÿmodem ÿsetup string is used for just that -- ÿto set ÿup ÿthe
modem. ÿÿThis ÿentry in your configuration has two special ÿcharacters
that have special meanings and are interpreted by PC Pursuit Thief ÿand
not ÿsent ÿas ÿentered to the modem. ÿThey are the "|" ÿÿand ÿthe ÿ"~"
characters. ÿThe "|" signifies ascii character 13 (return) and the "~"
signifies ÿa 1/4 ÿsecond pause. ÿNote that in the default a ÿV1 ÿÿcode
(verbose ÿon) ÿÿis specified. ÿMake sure that your modem is always ÿin
VERBOSE ÿmode and to keep this V1 ÿhere to make sure it is ÿinitialized
into verbose mode.
Dial command is the command we will use to dial the modem. ÿÿWhen
PC ÿPursuit ÿThief needs to dial Telenet it will send the following ÿto
the ÿmodem: ÿ<dialcommand><telenet_number><RETURN>.
Connect Response is what the modem sends to signal that we are now
connected ÿto ÿa ÿremote computer (Telenet). ÿÿThis ÿall ÿdefaults ÿto
"CONNECT" ÿÿwith verbose response codes, ÿas defaulted to in ÿC) ÿÿDial
Command. You shouldn't need to change any of this, ÿit works fine (for
me) as is.
We already went over what Telenet Number is, ÿso just enter it ÿin
and hit return when you're done.
Terminal type. ÿJust leave this at the default of "D1". ÿThis is
what to respond to Telenet with when it prompts for "TERMINAL=". ÿÿYou
shouldn't need to change this, ÿI added this because something inspired
me.
Telenet ÿCity. ÿPC Pursuit Thief checks the validity of ÿpassword
and ÿuser id guesses by trying to use them to log into a city. ÿÿEnter
here ÿthe default city to try to log into. ÿThis should be one with ÿa
lot of outdial modems available, or is the least congested.
City Baud Rate. ÿThis option is here because there may be more of
some groups of modems (by baud rate) ÿin the city you specified. ÿThis
value is changed between 300 Baud, 1200 Baud, and 2400 Baud by pressing
return ÿor space when I is highlighted and then choosing with the ÿleft
and ÿright ÿarrow keys, ÿthen pressing return to ÿmake ÿyour ÿselection
permanent.
Highlight J) Quit This Section and hit space or return to exit the
modem ÿConfiguration and save your newly entered values (if you changed
anything... well, ÿyou should have changed at least the Telenet number,
I ÿdoubt you'll find Telenet at 000-0000 ÿ(the default value) ÿin ÿyour
exchange. ÿÿNote ÿthat ÿthe ÿESCape ÿkey ÿalso ÿquits ÿthe ÿModem/City
configuration section when the highlight is being displayed.
>id/password template definition
This is option B) ÿoff the main menu, ÿso highlight it and ÿchoose
it. ÿHere is where you can change ID and Password templates ÿ(remember
CODE ÿTEMPLATES?). ÿFor our purposes the SAMPLE RECORD is ok now ÿ(and
we'll hack on it in a minute) but just a word on what all those strange
looking Template characters mean:
0 - The number 0
! - All numbers from 0 to 1
@ - All numbers from 0 to 2
# - All numbers from 0 to 3
$ - All numbers from 0 to 4
% - All numbers from 0 to 5
^ - All numbers from 0 to 6
& - All numbers from 0 to 7
* - All numbers from 0 to 8
( - All numbers from 0 to 9
) - All letters from A to Z
- - All letters from A to Z and all numbers from 0 to 9
The ÿreason ÿfor these strange template characters is ÿbecause ÿit
coresponds to the number that is below the character (unshifted) on the
keyboard. For instance, % is all numbers 0 to 5. And the key is:
+---+
| % | <- You get this when you press SHIFT.
| 5 |
+---+
It ÿshould be this way on your keyboard as well (it is for all ÿof
mine).
Short ÿnote is just something to identify the template with. ÿÿIf
you ÿchoose the C) ÿFlag/Unflag IDs By Short Note option off ÿthe ÿmain
menu you will flag/unflag by looking only at the short notes.
(a)dd - hit "A" to append to the template collection and add your own
(e)dit ÿ- hit "E" ÿto edit the current template. ÿJust use the up ÿand
down ÿarrow ÿkeys to move and hit return or space to edit ÿwhat ÿyou're
currently pointing to. ÿFor the Flagged option, to change it you point
to ÿit ÿand then hit space or return, ÿthen you use the left and ÿright
arrow ÿkeys ÿto ÿchange ÿit. ÿThen you hit return ÿagain ÿto ÿget ÿthe
highlight ÿback. ÿÿWhen the highlight is displayed you ÿcan ÿhit ÿyour
ESCape key to exit editing mode.
(d)elete ÿ- ÿhit ÿ"D" ÿto delete the current template. ÿÿYou ÿwill ÿbe
prompted ÿas to weather you are sure or not. ÿIf you choose "Y", ÿthen
the current template is deleted and the template file is "fixed up" ÿto
reflect ÿthe ÿchanges. ÿNote that if there is only one record ÿin ÿthe
template file that "D" will have no effect.
(f)lag - hit "F" to toggle the flag on the template you are now looking
at. ÿÿThis is just a quick way to flag templates when looking ÿat ÿthe
entire ÿtemplate. ÿÿTo flag templates by short note choose ÿoption ÿC)
Flag/Unflag ID's By Short Note off the main menu.
When you're at the "Number or Cmd ->" ÿprompt you can also use the
left ÿand right arrow keys to page through the template file. ÿIf ÿyou
press the right arrow key at the end of the file you will be brought to
the beginning, ÿand if you press the left arrow key at the beginning of
the ÿfile ÿyou ÿwill be brought to the end. ÿTo jump to ÿan ÿimmediate
record ÿnumber, ÿÿjust enter that record number at the prompt ÿand ÿhit
return. If that record exists you will jump to it.
The ESCape key gets you out of the ID/Password Template Definition
section.
>flag/unflag ids by short note
This section is pretty self-explanatory. You highlight entries on
the ÿcurrent ÿpage and hit return or space to toggle the flag on ÿthem.
Each ÿpage holds 10 ÿrecords from the template file and you can use the
Jump ÿTo Next Page or Jump To Previous Page to get around in the ÿfile.
If ÿyou choose Jump To Next Page or Jump To Previous Page and there ÿis
no next or previous page then nothing will happen. You can choose Quit
Flagging mode to get out of this and get rid of the window, or just hit
ESCape at any time.
>view valid password file
All ÿÿvalid ÿÿpasswords ÿthat ÿPC ÿPursuit ÿThief ÿfinds ÿÿgo to
PCPVALID.LST. This is how you can display the file without exiting PC
Pursuit Thief. If the file is not found, then it will tell you. You
can press "D" to delete the file and quit viewing at any time. Use
ESCape to quit viewing the file without deleting it, and the SPACEbar
to continue viewing the file at pauses.
>package credits
This pops up a window that explains about PC Pursuit Thief, and
other neat stuff. Hit ESCape to get rid of it, or hit "B" to see a
list of some good boards to call. If you are a sysop and want your
board on this list for any future releases, then drop me a line. The
ESCape key gets rid of the list of boards, then hit ESCape again to get
back to the main screen of PC Pursuit Thief.
>commence hacking procedure
Finally, this is it... where we actually do the actual hacking,
actually. Choose it and we'll hack the SAMPLE RECORD (make sure it's
flagged first... choose C) Flag/Unflag IDs By Short Note and make sure
it's flagged - if not, flag it).
Two screens pop up in front of you. The upper screen is the
"Information Window" - information about what PC Pursuit Thief is
doing, etc. The lower screen is the "Communications Window"... input
and output to and from the modem.
The first thing that will happen is it will ask you for the
starting time to begin hacking at (you will be shown the current system
time for reference). Enter any times in 24 hour format. For instance,
23:00 is 11pm. If you want to start hacking immediately, then hit
return, thus entering nothing.
Next it will ask you for the time to stop the hacking. This is
also in 24 hour format, of course. If you want to keep hacking until
the ESCape key is pressed then just hit return here, thus entering
nothing. If you choose a quit time then you are given the option of
dropping to the operating system (DOS) after this time has been
reached. If you are hacking from the command line then you
automatically are dropped to DOS after this time.
Next it will want to know how many valids to quit after. The
default is one. This is because all you may ever want or need is just
one valid PC Pursuit code. Hit return if you agree with 1.
Now hacking begins. If you told PC Pursuit Thief to wait until a
certain time then the program will pause and wait for that time. You
will be shown the current time and the time it is waiting for. To quit
all-together you can hit the ESCape key at any time here and this will
take you back to the main program menu.
Now it will scan for flagged entries and tell you how many it
found. If there are no entries flagged then it will tell you, then
abort back to the menu screen. The initialization of the modem with
your modem setup string comes next. After that it will dial Telenet
and wait for the string you specified for PC Pursuit Thief to wait for
(usually "CONNECT") that signals that PC Pursuit Thief is now connected
to Telenet. If PC Pursuit Thief gets NO CARRIER (because all Telenet
hunt group modem numbers were busy, possibly -- or some other reason)
then it will re-dial automatically.
After a couple of seconds PC Pursuit thief will send <CR><CR> if
you're on at 300 or 1200 baud or @<CR> if you are on at 2400 baud to
Telenet. Then Telenet will "wake up" and log you in and prompt for
"TERMINAL=" which will cause PC Pursuit Thief to respond with the
Terminal Type you entered in the modem configuration (usually "D1" for
dumb terminal... this is fastest because I think the other term types
actually have nulls in them on Telenet).
Hacking begins at the "@" prompt, of course. PC Pursuit Thief
will guess a ID and Password based on the current template and try to
log into the city you selected in the modem/city configuration section
with the baud rate have choosen. Note that Telenet doesn't echo the
password part, so PC Pursuit Thief does this for you -- so you can see
what the guess is. Now here's how PC Pursuit Thief works. If it gets
a CONNECT to the city, then it will log the ID and password to
PCPVALID.LST and hang up on Telenet. The screen values will be updated
in the Information Window to reflect the found ID and password that was
valid in the count. If it gets INVALID from Telenet then the ID and
Password pair was invalid -- and PC Pursuit Thief moves on to another
guess. If the @ prompt comes back after PC Pursuit Thief tells you
that something was in the improper format, then PC Pursuit Thief makes
another attempt.
If the ID and Password pair was valid and you have just reached
the maximum number of valids that you want, then PC Pursuit Thief will
quit hacking (and quit to DOS if you started hacking from the command
line). PC Pursuit Thief will also quit hacking if you entered a stop
time and it is now past that time. If you choose Quit To DOS
(automatically choosen if hacking from the command line) then PC
Pursuit Thief will now quit to the operating system and throw you the
DOS prompt or resume batch file processing (this could be a timed event
from your bulletin board system, for example).
Remember, while hacking is happening you can look at the
"Information Window" to see what the current template is (it will
choose a template randomly out of the templates that are flagged). If
Telenet ever hangs up on PC Pursuit Thief, then PC Pursuit Thief will
call back, log back in again, and resume hacking. Nothing could be
easier.
CONCLUSION
That's about it. Everything else is now up to you, as to how you
configure your templates, etc. Like all Thief utilities I didn't
include information on the service (PC Pursuit) for a reason... if you
don't know what it is or how to use it then you have no reason to hack
on it. If you do know what it is, you can find the information on it
quickly and easily enough.
Hacking PC Pursuit, as I have heard, is a lot harder than just
extender hacking. But it is safer. PC Pursuit Thief might take all
night to find a code... then again, no other program could do better or
worse. You take all responsibility for your use and/or abuse of
Telenet. PC Pursuit Thief was tested on the author's end with a
"Telenet Simulator" running on another processor, as well as with
extensive outside party beta testing. The author does not use or abuse
the Telenet packet switching data network.
Enjoy, and if you know where to reach me, well, you know where to
reach me . . .
FILES FOUND IN PCPTHF10.ZIP ZIPFILE
PCPTHIEF.EXE - Executable Binary Code Of PC Pursuit Thief Version 1.0
PCPTHIEF.DOC - This Documentation To PC Pursuit Thief Version 1.0
README.NOW - Quick Introduction By Brew Associates
please, when uploading this package include all of the files
as specified in the list above
=======================================================================
(r) Released 1989 === PC Pursuit Thief == Official Phortune 500 Product
=======================================================================