ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PC Pursuit Thief Version 1.0 By Brew Associates An Official Phortune 500 Product ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ INTRODUCTION Greetings, ÿagain. As with any new program or software package it is always a pain to have to go through and read the documentation, ÿand this will be no exception (that was a joke). Anyway, these docs should be ÿa little more detailed in nature due to the fact that I am ÿwriting this ÿup on processor #1 ÿon the TMCS network and have PC Pursuit Thief running ÿon processor #2. ÿFinally, ÿtrue ÿdistributed ÿmulti-tasking! Enough of that. PC ÿPursuit ÿThief ÿushers ÿin ÿa ÿnew ÿera ÿof ÿhacking ÿutility. Currently ÿwe have Code Thief, ÿFuckin' ÿHacker and others for extender hacking, ÿand before PC Pursuit Thief we only had a program called Phry Code Pro written by the Exciter. ÿWell, ÿbeing that competition proves advantageous ÿto ÿthe ÿcommunity (of course the Code Thief vs. ÿFuckin' Hacker "feature wars" can attest to that), PC Pursuit Thief was born to break somewhat of a monopoly. ÿAnd besides, ÿPhry Code Pro plans on an extender hacker in future versions, ÿaccording to the documentation for version 4.0, so to each his own. STARTING PC PURSUIT THIEF There ÿare two ways of starting PC Pursuit Thief from ÿDOS. ÿÿThe first is by just typing PCPTHIEF. If you see it in yourself to type "PCPTHIEF" ÿinstead of typing "PCPTHIEF" ÿand then hitting the ÿreturn key, ÿyou have my permission to put your head through ÿyour monitor. The ÿsecond ÿmethod is by adding some command line ÿparamaters ÿto tell PC Pursuit Thief to start hacking in automatic mode at a ÿspecific time, and then to stop at a specific time, or after a certain number of valid PC Pursuit ID's and passwords are found: C>PCPTHIEF 1:00 2:00 The above command entered at the command line will have PC Pursuit Thief wait until 1:00 ÿam to hack (all times are in 24 hour format) and then hack until 2:00 ÿam, or until 1 valid code is found. ÿWhat? ÿYou don't want to stop after 1 valid code, ÿbut think you can snag 2 before 2:00? Well, enter this at the command line: C>PCPTHIEF 1:00 2:00 2 The ÿ2 above is an optional paramater that tells PC Pursuit ÿThief to quit after 2 valid codes (or before 2:00 ÿam, of course) - ÿwhatever comes first. If you want to strictly quit at 2:00 no matter how many codes are found, enter something like: C>PCPTHIEF 1:00 2:00 9999 Of course you're not going to get 9999 codes in 1 hour, and that's the ÿpoint. ÿÿRemember ÿthat this number MUST be an integer, ÿÿso ÿthe highest it can go is 32767, ÿso "PCPTHIEF 1:00 2:00 ÿ32767" ÿwould have the ÿsame effect as "PCPTHIEF 1:00 ÿ2:00 ÿ9999" ÿbecause if you're ÿnot going ÿto get 9999 ÿcodes in an hour you certainty aren't going to ÿget 32767. By the way, ÿeverything in automatic mode is for FLAGGED templates only. ÿÿIf there are no flagged templates, ÿthen once it starts up ÿat 1:00 it will drop right back to the operating system after it tells you that there are none flagged (if you are there of course). ÿYou get the DOS ÿprompt after PC Pursuit Thief quits, ÿor if you started PC Pursuit Thief from a batch file, then the batch file resumes processing. IF PC PURSUIT THIEF IS RUN IN NORMAL MODE Ok, ÿÿhere's the title screen (yes, ÿI'm looking at it now on ÿthe other monitor). ÿI added a little disclaimer, ÿbeing that this utility has the sole function of going after one company only (GTE). ÿAgain, I stress that the use or misuse of this program is totally up to you. If you get caught, ÿthat's your responsibility, etc, etc. When I wrote it, I myself didn't break any laws, but then again is there a legal theaory for "kenetic energy", or... forget it. Hit any key to get rid of the title/disclaimer screen. Now you'll see ÿmy own little "added touch" ÿto the title as the window bounces in and ÿout/rotates (depending on how you view it) ÿand puts ÿthe ÿprogram title in it. THE MENU Here ÿwe go. ÿKind of looks like Code Thief, ÿdoesn't it? ÿWell, although ÿit only took me three days (with sleep deprevation) ÿto write PC ÿPursuit Thief, ÿno code from Code Thief was used. ÿI ÿstarted from scratch ÿon everything. ÿOh, ÿand we're in Turbo Pascal 5.0 ÿnow, ÿÿso things are going to be a little bit faster (I especially like what they did to the screen display speed). We'll ÿgo ÿover all of the things off the main menu one by ÿone... as a matter of fact, ÿit would be best if this documentation is printed out FIRST, ÿthen you follow the following sections along as the program executes. >modem/city configuration Select ÿthis. ÿÿJust use the up and down arrow keys to ÿmove ÿthe highlight ÿbar ÿand space or return to choose the option of ÿD) ÿÿModem Configuration. You could also hit "D" ÿthen return or space as a quick way of getting the highlight bar there. Ok, ÿÿhere ÿwe have all of the neat things that PC ÿPursuit ÿThief needs ÿto ÿknow ÿabout talking to the outside world, ÿÿand ÿTelenet ÿin particular. ÿÿIn ÿthis ÿsection the up and down arrow ÿkeys ÿmove ÿthe highlight, ÿÿand return or space chooses the option. ÿThe letters ÿ"A" through ÿ"J" ÿwill take you right to an option with the highlight ÿbar, but ÿnote that it still takes the pressing of return or space to select it. First ÿthing we want to do is tell PC Pursuit Thief ÿwhat ÿComPort our modem is connected to at. ÿWell, ÿif you have just a COM1: ÿÿmodem then ÿleave ÿit ÿalone, ÿbecause as you can see the ÿdefault ÿis ÿCOM1: (ComPort 1). ÿIf your modem is on COM2: ÿor COM3: ÿor COM4: ÿthen ÿhit space ÿor ÿreturn when Communications Port is highlighted and then ÿuse the left and right arrow keys to select your ComPort. ÿHit return when you have the correct one showing on your screen. Now we need the enter the baud rate. Note that the baud rate will be ÿthe ÿbaud rate of the Telenet Number that we will enter ÿin ÿoption "E", ÿÿso keep this in mind and don't screw it up. ÿIf your baud ÿrate doesn't match the baud rate of the modem that answers when you dial the number as choosen in option "E", then you screwed up. The baud rate is choosen ÿjust ÿlike ÿComPort. ÿHit space or return when Baud ÿRate ÿis highlighted, ÿÿthen use the left and right arrow keys to cycle ÿthrough the available baud rates. ÿUse return when your selection is what ÿyou want (and don't screw up, by the way). The ÿmodem ÿsetup string is used for just that -- ÿto set ÿup ÿthe modem. ÿÿThis ÿentry in your configuration has two special ÿcharacters that have special meanings and are interpreted by PC Pursuit Thief ÿand not ÿsent ÿas ÿentered to the modem. ÿThey are the "|" ÿÿand ÿthe ÿ"~" characters. ÿThe "|" signifies ascii character 13 (return) and the "~" signifies ÿa 1/4 ÿsecond pause. ÿNote that in the default a ÿV1 ÿÿcode (verbose ÿon) ÿÿis specified. ÿMake sure that your modem is always ÿin VERBOSE ÿmode and to keep this V1 ÿhere to make sure it is ÿinitialized into verbose mode. Dial command is the command we will use to dial the modem. ÿÿWhen PC ÿPursuit ÿThief needs to dial Telenet it will send the following ÿto the ÿmodem: ÿ. Connect Response is what the modem sends to signal that we are now connected ÿto ÿa ÿremote computer (Telenet). ÿÿThis ÿall ÿdefaults ÿto "CONNECT" ÿÿwith verbose response codes, ÿas defaulted to in ÿC) ÿÿDial Command. You shouldn't need to change any of this, ÿit works fine (for me) as is. We already went over what Telenet Number is, ÿso just enter it ÿin and hit return when you're done. Terminal type. ÿJust leave this at the default of "D1". ÿThis is what to respond to Telenet with when it prompts for "TERMINAL=". ÿÿYou shouldn't need to change this, ÿI added this because something inspired me. Telenet ÿCity. ÿPC Pursuit Thief checks the validity of ÿpassword and ÿuser id guesses by trying to use them to log into a city. ÿÿEnter here ÿthe default city to try to log into. ÿThis should be one with ÿa lot of outdial modems available, or is the least congested. City Baud Rate. ÿThis option is here because there may be more of some groups of modems (by baud rate) ÿin the city you specified. ÿThis value is changed between 300 Baud, 1200 Baud, and 2400 Baud by pressing return ÿor space when I is highlighted and then choosing with the ÿleft and ÿright ÿarrow keys, ÿthen pressing return to ÿmake ÿyour ÿselection permanent. Highlight J) Quit This Section and hit space or return to exit the modem ÿConfiguration and save your newly entered values (if you changed anything... well, ÿyou should have changed at least the Telenet number, I ÿdoubt you'll find Telenet at 000-0000 ÿ(the default value) ÿin ÿyour exchange. ÿÿNote ÿthat ÿthe ÿESCape ÿkey ÿalso ÿquits ÿthe ÿModem/City configuration section when the highlight is being displayed. >id/password template definition This is option B) ÿoff the main menu, ÿso highlight it and ÿchoose it. ÿHere is where you can change ID and Password templates ÿ(remember CODE ÿTEMPLATES?). ÿFor our purposes the SAMPLE RECORD is ok now ÿ(and we'll hack on it in a minute) but just a word on what all those strange looking Template characters mean: 0 - The number 0 ! - All numbers from 0 to 1 @ - All numbers from 0 to 2 # - All numbers from 0 to 3 $ - All numbers from 0 to 4 % - All numbers from 0 to 5 ^ - All numbers from 0 to 6 & - All numbers from 0 to 7 * - All numbers from 0 to 8 ( - All numbers from 0 to 9 ) - All letters from A to Z - - All letters from A to Z and all numbers from 0 to 9 The ÿreason ÿfor these strange template characters is ÿbecause ÿit coresponds to the number that is below the character (unshifted) on the keyboard. For instance, % is all numbers 0 to 5. And the key is: +---+ | % | <- You get this when you press SHIFT. | 5 | +---+ It ÿshould be this way on your keyboard as well (it is for all ÿof mine). Short ÿnote is just something to identify the template with. ÿÿIf you ÿchoose the C) ÿFlag/Unflag IDs By Short Note option off ÿthe ÿmain menu you will flag/unflag by looking only at the short notes. (a)dd - hit "A" to append to the template collection and add your own (e)dit ÿ- hit "E" ÿto edit the current template. ÿJust use the up ÿand down ÿarrow ÿkeys to move and hit return or space to edit ÿwhat ÿyou're currently pointing to. ÿFor the Flagged option, to change it you point to ÿit ÿand then hit space or return, ÿthen you use the left and ÿright arrow ÿkeys ÿto ÿchange ÿit. ÿThen you hit return ÿagain ÿto ÿget ÿthe highlight ÿback. ÿÿWhen the highlight is displayed you ÿcan ÿhit ÿyour ESCape key to exit editing mode. (d)elete ÿ- ÿhit ÿ"D" ÿto delete the current template. ÿÿYou ÿwill ÿbe prompted ÿas to weather you are sure or not. ÿIf you choose "Y", ÿthen the current template is deleted and the template file is "fixed up" ÿto reflect ÿthe ÿchanges. ÿNote that if there is only one record ÿin ÿthe template file that "D" will have no effect. (f)lag - hit "F" to toggle the flag on the template you are now looking at. ÿÿThis is just a quick way to flag templates when looking ÿat ÿthe entire ÿtemplate. ÿÿTo flag templates by short note choose ÿoption ÿC) Flag/Unflag ID's By Short Note off the main menu. When you're at the "Number or Cmd ->" ÿprompt you can also use the left ÿand right arrow keys to page through the template file. ÿIf ÿyou press the right arrow key at the end of the file you will be brought to the beginning, ÿand if you press the left arrow key at the beginning of the ÿfile ÿyou ÿwill be brought to the end. ÿTo jump to ÿan ÿimmediate record ÿnumber, ÿÿjust enter that record number at the prompt ÿand ÿhit return. If that record exists you will jump to it. The ESCape key gets you out of the ID/Password Template Definition section. >flag/unflag ids by short note This section is pretty self-explanatory. You highlight entries on the ÿcurrent ÿpage and hit return or space to toggle the flag on ÿthem. Each ÿpage holds 10 ÿrecords from the template file and you can use the Jump ÿTo Next Page or Jump To Previous Page to get around in the ÿfile. If ÿyou choose Jump To Next Page or Jump To Previous Page and there ÿis no next or previous page then nothing will happen. You can choose Quit Flagging mode to get out of this and get rid of the window, or just hit ESCape at any time. >view valid password file All ÿÿvalid ÿÿpasswords ÿthat ÿPC ÿPursuit ÿThief ÿfinds ÿÿgo ÿÿto PCPVALID.LST. ÿThis is how you can display the file without exiting PC Pursuit Thief. ÿIf the file is not found, then it will tell you. ÿYou can ÿpress "D" ÿto delete the file and quit viewing at any time. ÿÿUse ESCape to quit viewing the file without deleting it, ÿand the ÿSPACEbar to continue viewing the file at pauses. >package credits This ÿpops up a window that explains about PC Pursuit Thief, ÿÿand other neat stuff. ÿHit ESCape to get rid of it, ÿor hit "B" ÿto see ÿa list ÿof some good boards to call. ÿIf you are a sysop and ÿwant ÿyour board on this list for any future releases, ÿthen drop me a line. ÿThe ESCape key gets rid of the list of boards, then hit ESCape again to get back to the main screen of PC Pursuit Thief. >commence hacking procedure Finally, ÿthis is it... ÿwhere we actually do the actual ÿhacking, actually. ÿChoose it and we'll hack the SAMPLE RECORD (make sure ÿit's flagged first... ÿchoose C) Flag/Unflag IDs By Short Note and make sure it's flagged - if not, flag it). Two ÿscreens ÿpop ÿup in front of you. ÿThe upper screen ÿis ÿthe "Information ÿWindow" ÿÿ- ÿinformation about what PC Pursuit ÿThief ÿis doing, ÿetc. The lower screen is the "Communications Window"... ÿinput and output to and from the modem. The ÿfirst ÿthing ÿthat ÿwill happen is it will ask ÿyou ÿfor ÿthe starting time to begin hacking at (you will be shown the current system time for reference). Enter any times in 24 hour format. For instance, 23:00 ÿÿis 11pm. ÿIf you want to start hacking immediately, ÿthen ÿhit return, thus entering nothing. Next ÿit will ask you for the time to stop the hacking. ÿThis ÿis also in 24 ÿhour format, of course. ÿIf you want to keep hacking until the ÿESCape ÿkey is pressed then just hit return here, ÿÿthus ÿentering nothing. ÿÿIf you choose a quit time then you are given the option ÿof dropping ÿto ÿthe ÿoperating ÿsystem (DOS) ÿafter this ÿtime ÿhas ÿbeen reached. ÿÿÿIf ÿyou ÿare ÿhacking ÿfrom ÿthe ÿcommand ÿline ÿthen ÿyou automatically are dropped to DOS after this time. Next ÿit ÿwill want to know how many valids to quit ÿafter. ÿÿThe default is one. ÿThis is because all you may ever want or need is just one valid PC Pursuit code. Hit return if you agree with 1. Now hacking begins. ÿIf you told PC Pursuit Thief to wait until a certain ÿtime then the program will pause and wait for that time. ÿYou will be shown the current time and the time it is waiting for. To quit all-together ÿyou can hit the ESCape key at any time here and this will take you back to the main program menu. Now ÿit ÿwill ÿscan for flagged entries and tell you how ÿmany ÿit found. ÿÿIf there are no entries flagged then it will tell you, ÿÿthen abort ÿback to the menu screen. ÿThe initialization of the modem ÿwith your modem setup string ÿcomes next. ÿÿAfter that it will dial Telenet and wait for the string ÿyou specified for PC Pursuit Thief to wait for (usually "CONNECT") that signals that PC Pursuit Thief is now connected to ÿTelenet. ÿIf PC Pursuit Thief gets NO CARRIER (because all Telenet hunt group modem numbers were busy, ÿpossibly -- ÿor some other reason) then it will re-dial automatically. After ÿa couple of seconds PC Pursuit thief will send ÿif you're on at 300 ÿor 1200 baud or @ ÿif you are on at 2400 ÿbaud to Telenet. ÿÿThen Telenet will "wake up" ÿand log you in and prompt ÿfor "TERMINAL=" ÿÿwhich ÿwill cause PC Pursuit Thief to ÿrespond ÿwith ÿthe Terminal Type you entered in the modem configuration (usually "D1" ÿfor dumb ÿterminal... ÿthis is fastest because I think the other term types actually have nulls in them on Telenet). Hacking ÿbegins at the "@" ÿprompt, ÿof course. ÿPC Pursuit Thief will ÿguess a ID and Password based on the current template and try ÿto log into the city you selected in ÿthe modem/city configuration section with ÿthe baud rate have choosen. ÿNote that Telenet doesn't echo ÿthe password part, ÿso PC Pursuit Thief does this for you -- so you can see what the guess is. Now here's how PC Pursuit Thief works. ÿIf it gets a ÿCONNECT ÿto ÿthe ÿcity, ÿthen it will log the ÿID ÿand ÿpassword ÿto PCPVALID.LST and hang up on Telenet. The screen values will be updated in the Information Window to reflect the found ID and password that was valid ÿin the count. ÿIf it gets INVALID from Telenet then the ID ÿand Password pair was invalid -- ÿand PC Pursuit Thief moves on to ÿanother guess. ÿÿIf the @ prompt comes back after PC Pursuit Thief ÿtells ÿyou that something was in the improper format, ÿthen PC Pursuit Thief makes another attempt. If ÿthe ID and Password pair was valid and you have ÿjust ÿreached the maximum number of valids that you want, ÿthen PC Pursuit Thief will quit ÿhacking (and quit to DOS if you started hacking from the ÿcommand line). ÿÿPC Pursuit Thief will also quit hacking if you entered a stop time ÿand ÿit ÿis ÿnow ÿpast that time. ÿIf you ÿchoose ÿQuit ÿTo ÿDOS (automatically ÿchoosen ÿif ÿhacking from the command ÿline) ÿÿthen ÿPC Pursuit ÿThief will now quit to the operating system and throw you ÿthe DOS prompt or resume batch file processing (this could be a timed event from your bulletin board system, for example). Remember, ÿÿwhile ÿhacking ÿis ÿhappening ÿyou ÿcan ÿlook ÿat ÿthe "Information ÿWindow" ÿÿto see what the current template ÿis ÿ(it ÿwill choose a template randomly out of the templates that are flagged). ÿIf Telenet ÿever hangs up on PC Pursuit Thief, ÿthen PC Pursuit Thief will call ÿback, ÿlog back in again, ÿand resume hacking. ÿNothing could be easier. CONCLUSION That's about it. ÿEverything else is now up to you, as to how you configure ÿyour ÿtemplates, ÿetc. ÿLike all Thief utilities ÿI ÿdidn't include information on the service (PC Pursuit) for a reason... ÿif you don't ÿknow what it is or how to use it then you have no reason to hack on it. ÿIf you do know what it is, ÿyou can find the information on it quickly and easily enough. Hacking ÿPC Pursuit, ÿas I have heard, ÿis a lot harder than ÿjust extender hacking. ÿBut it is safer. ÿPC Pursuit Thief might take ÿall night to find a code... then again, no other program could do better or worse. ÿÿYou ÿtake ÿall responsibility for your use ÿand/or ÿabuse ÿof Telenet. ÿÿPC ÿPursuit ÿThief was tested on the author's ÿend ÿwith ÿa "Telenet ÿSimulator" ÿÿrunning on another processor, ÿas well ÿas ÿwith extensive outside party beta testing. The author does not use or abuse the Telenet packet switching data network. Enjoy, and if you know where to reach me, well, ÿyou know where to reach me . . . FILES FOUND IN PCPTHF10.ZIP ZIPFILE PCPTHIEF.EXE - Executable Binary Code Of PC Pursuit Thief Version 1.0 PCPTHIEF.DOC - This Documentation To PC Pursuit Thief Version 1.0 README.NOW - Quick Introduction By Brew Associates please, when uploading this package include all of the files as specified in the list above ======================================================================= (r) Released 1989 === PC Pursuit Thief == Official Phortune 500 Product =======================================================================