The muther fuckin awesome Telix Hacker (TH, duh) for IBM and IBMish type komputers.

If you run Telix, then you can use this. If not, you wasted some filez pointz. Shawn-da-Lay Boy Productions (tm) (c) 1989, 1990, 2001... In cooporation with the Macro 2 division of Insanity Softwarez Inc. Opening shit: Version 0.40 Beta Inspired by Phry Code Pro, fellow travelers, and cause I wanted to see the shit on my screen. And cause I wanted to show the awesome power of Telix scripts. (Waste of time to tell phuckin pirates to register Telix). Good for Telenet, PooPnet, or any other komputer that you wanna hack on. I don't approve BBS hacking so, SYSOPs, don't blame me if some fucking kid uses it against your system. I claim no responsibility for the use, abuse, or effects that this Telix script will generate. Feel free to modify this to make it work the way you want. Hell, that's why you got the Bob damned source. But, don't expect me to fix problems exposed by your changes. If you don't program, then leave the friggin source alone. Problems and suggestions can be forwared to me on any of the awesome BBSes that I grace my presence with. I may not accept your ideas, but I wanna hear them, dude. Of course if you don't know who I am, this could present problems, but I hope that the kind SYSOPs will pass on any relavent comments or Email. Since I actively modem, I am sure word of serious problems will reach me. However, a few kind words are always appreciated like, "Fuck, Rad spaggetti code dude." You aren't still reading this paragraph, are you? I dozed off about 3 sentences back. Following this shit, the shit is divided into 4 sections. general, config, control, and other.

General Shit: Ok, first you gotta compile the salt source. See your Telix dox if you don't know how to do that. (like enter CS THxxx at the DOS prompt, the xxx is the version number of your source, the file with the extension of .SLT, got it?) Second, edit the TH.CFG (Telix Hacker config file). And change things you want changed. See TH config file description for gorey details. (don't you hate when they do that??) Third create the Telix Hacker control file (pointed to in the config file or manually entered, if in manual mode). See TH control file specifications. Forth, fire up Telix and invoke the script. Then take a nap, watch about 10 hours of TV or maybe take a weeks vacation, cause this is gonna take a while. Of course, if you specify good patterns (aka plates) then you might get a valid account faster, but it

is probably going to take a muther fucking LONG time. But at least you can see what is happening and will know you're not spinning your wheels.

Config shit: This file specifies shit about how the hacker is to operate. It has several record types which I will describe shortly. All Keywords must be delimited by a blank, an equal sign, and another blank. Like "AUTO = OFF". Keywords may be specified in any order, just one keyword per record. If a keyword is speficied several times the last specification will be the one in effect. The config file must be called TH.CFG and be in your active directory (phuckin MS-DOS shit). keyword * Silly description This signifies a comment record. All text after that will be ignored. It must be followed by a blank. It can start a record or be used to comment a config record. This tells the hacker to operate automatically. Huh? What this means is: If AUTO = OFF, then the hacker will ask you for a control file name and use the one specified in the TH.CFG file has the default. If AUTO = ON, then the hacker will just start hacking with the CONTROL filed specified in the config file. AUTO = ON is useful if you are using a timed event to fire it up at 3:00 AM when you ain't around to reply to the prompt. If this record is ommited, OFF is assumed.


CONTROL This is used to specify the hacker control file that you wanna use. The control file controls the actually hacking shit to use. (see control file description later on). Example "CONTROL = TELENET.HAK". If ommited, the hacker will look for a file called TH.HAK. If the file isn't found the hacker will format your C drive. Just kidding, you'll get a wonderful message asking if you got yer head up your ass or something equally stupid. CR This is required. It specifies the two characters that will designate carriage return. Leave it has CR = ^M. If you change it, besure that it is two characters. This is required. It specifies the two characters that will designate line feed. Leave it has LF = ^J. If you change it, besure that it is two characters. Here's a sample TH.CFG file: * Sample Telix hacker AUTO = ON CONTROL = SAMPLE.HAK CR = ^M LF = ^J config file. * Just start hacking * hacking samples today... * carriage return * line feed


Control shit: This file specifies the actual hacking that is to occur. It's format is the same has the config file, but with different keywords. | The TEST, LOG, CODEZ, DIAL, COUNT, PLATEn, SEEDLn, SEEDHn, DELAY, FORCE, LOOP, SHOW, PASSFILE, MASTERFILE, and GOOD records may be specified any amount of times, with the last one taking affect. This does not apply to the SEND, WAIT, and HACK records, cause their relative order and multiple use control the way the hacker runs. keyword * TEST Silly description This signifies a comment record. This tells the hacker weather to really dial and hack or not. If ommited, TEST = NO is assumed. To see how your control file will work use TEST = YES and the stuff will be displayed on the screen. This should normally have a value of NO, ie, "LOG = NO". Anyother value will cause the hacker to log every attempt to a file. Like "LOG = TRIES.DAT" will create this file and write every attempted hack string to it. If ommited, LOG = NO, is assumed. This specifies the file where good codes should be kept!!! If ommited CODEZ = TH.FND is assumed. If a file already exists, then it will be added to, if yer lucky enough to crack a code, that is... This wonderful record tells the awesome hacker what phone number to dial. It's format is the same as what you enter in your dialing directory. If ommited, the hacker won't do shit. Example: DIAL = 10 , hack my 10'th dialing directory entry. Or: DIAL = M9765555 , for a phone number not in your directory. The hacker will dial the number forever, until a connection is made and redial the number every time the connection is dropped. This optional record tells the hacker how many attempts to make before hanging up and forcing redial. If omitted, FORCE = 0 is assumed which means keep hacking and only redial if the connection is lost. This is an optional record, If controls how many attempts to make. Example, COUNT = 10000 says try 10,000 times. If ommited, keep trying forever, or until the hacker is manually stopped, which ever comes first. This YES, will STOP tells means cause = YES the hacker to stop after a valid code is found. stop and NO means keep on hacking. Ie, STOP = YES the hacker to stop and hangup the phone. If ommited is assumed.








This tells the hack to display the hack string each time a new code is about to be tried. Use SHOW = YES to display each hack string before it is sent. Note that it will be displayed in column 41 of the current line to keep it seperate from the active terminal session text (hopefully). If ommited, SHOW = NO is assumed.

PLATEn This specifies a plate for hacking. You can have 0 thru 9 of them. What's a PLATE you say? Well it's how you tell the hacker what characters to try. It is composed of special characters that have the following meanings: # = any number, 0 through 9. & = any upper case letter, A through Z. @ = both numbers and upper case letters, 0 through Z. % = any lower case letter, a through z. $ = both upper and lower case letters, A through z. * = all three, 0 through z.. that's 62 possible values. Example: PLATE0 = &&&###@@@ for specifing a plate of 3 upper case letters, followed by three numbers, followed by three upper case alphanumerics (0 through Z). Got it? Good! Anyother characters are passed along has is. Ie, PLATE0 = PCP###@@@ would generate a hack string of PCP followed by 3 numbers, and then 3 alphamerics. Plates can only be up to nine characters long. SEEDLn These may be ommited, but if used must correspond to the plate of the same number. It's used to tell the hacker where you want the hacking to start. If omitted, lowest values are used to start. This is useful for restarting a hacking session. Example: If PLATE0 = &&&###@@@ and SEEDL0 = CCC555@@@ then the hacker will not use A or B in in the first three letters and will not use numbers less that 5 in the three numbers. @@@ still means use all alphamerics, Note that numbers come before letters in alphameric fields so if CCC was speficied for the alphameric field, then no numbers would be used along with neither A nor B. Clear has mud, eh? If you have specific letters in the plate then the corresponding positions in the seed are ignored. There is no error checking done to see if your seed agrees with it's plate. So the hacker will run, but the results may not be what you want. TEST = YES is good for seeing the effect your seed has. SEEDHn Just like SEEDLn, but specifies high limits. If PLATE0 = &&&###@@@ and SEEDH0 = YYY888@@@ then the hacker will not use Z in the first 3 positions or 9 in the second three. GOOD This record contains a string that the hacker should expect to receive when a valid code has been hacked. It should be the last record in the file, duh. Example, GOOD = WELCOME*. The "*" is used to end the string. It can contain no more than 40 characters.

PASSFILE This is an optional record that will specify a file that contains a list of strings to use for hacking. Example, PASSFILE = PASS.DAT would mean read the PASS.DAT file for strings to use for hacking. Note, for the strings to really be used, you must have the uppercase word "PASSFILE" in a

HACK record, ie, HACK = PASSFILE*. | | | | | MASTERFILE This is a optional record that is used to tell the hacker weither or not to switch to the master password file (called THPASS.LST) after all the records in the PASSFILE have been processed. To cause the switch, MASTERFILE = YES, must be coded. If ommited, MASTERFILE = NO, is assumed. DELAY SEND This is the number of seconds to wait for the GOOD string. If ommited, DELAY = 6 is assumed. You may have has many of these has you need, up to 10. They just specify a string to be sent once the connection is established. Example SEND = N ... each SEND record encountered will be sent just has specifed. Useful for the inital shit a system may ask you before the signon. Note if you want a carriage return sent you must include that, like SEND = N^M . (^M is telixese for carriage return.) The string cannot exceed 40 characters The SEND string is terminated by an "*". Example: "SEND = C C00512^M* send the string and carriage return" sends 9 bytes, the 8 byte string "C C00512" and the carriage return. Like SEND you can have all of these you want, up to 10. It specifies text that you expect to receive and will cause the hacker to wait for it, for up to 5 minutes. If time expires, the hacker will quit with an error msg. Example: WAIT = NAME:* , wait for a NAME: prompt. If you specify a number, then the hacker will wait that many tenths of a second. Example, WAIT = 10 , means wait 1 second. For text values, no more than 40 characters may be specified. Like SEND the string is terminated by an "*". This tells the hacker to start hacking. Example: HACK = PLATE0,PLATE1 PLATE2* any non PLATE values are assumed to be literals and are sent has typed. If multiple plates are specifed, then the first one goes through all possible values before the second one is incremented. You can have multiple hack records. If so you would probably seperate them with a WAIT record. The first hack record is rotated through all possible values, before the next one is incremented. If a plate is specified in more than one hack record, it is incremented independantly of the others. Currently, you can have up to 10 HACK records. Each hack value (the stuff after the = and before the *) cannot exceed 60 characters in either the raw form or after the plate(s) have been substituted. Note, that you can specify both PLATEn and PASSFILE in a HACK record, if you want. However, the PASSFILE keyword should only be used once, in one HACK record only. There is nothing to stop you from using PASSFILE in mutiple HACK records, but why would you? Also be careful with the length of the strings in your PASSFILE so that they don't overflow the HACK string after the PASSFILE string has been inserted in the HACK string. This optional record has no value. It's purpose is to tell the hacker that a loop needs to be done from the next SEND, WAIT, HACK record until the last SEND, WAIT, or HACK record.




If omitted, then the program will loop from first HACK record thru the last SEND, WAIT or HACK record. Or if you have only one HACK record, then the program will loop that one. Here's a sample control file: * sample hacker control file, dudez..... TEST = YES * Show me the modem program. LOG = NO * they said leave it this way... CODEZ = SAMPLE.ACT * valid accounts and PWs here please, please.. DIAL = 1 * USE MY FIRST ENTRY... FORCE = 0 * just keep hacking COUNT = 35 * TRY 35 TIMES, I AIN'T GOT ALL DAY.. STOP = YES * just get me one code... PLATE0 = #&&&&&&# * HACK a number, six letters, and a number PLATE1 = & * ONE LETTER PLATE5 = ### * HACK 3 NUMBERS PLATE7 = @@ * HACK 2 ALPHAMERICS * EDL0 = 5YYBBBB# * DON'T some stuff (commented out SEEDL0 * EDH0 = #YYYYYY# * DON'T TRY Z'S (commented out SEEDH0 GOOD = AT* look for an AT to say we are in!!! DELAY = 2 *wait 2 seconds * * The following records control the modem. (modem program?? eh??). SEND = @* SEND an @ sign WAIT = 5* WAIT 5 TENTHS OF A SECOND SEND = D^M^J* SEND D, a CARRIAGE RETURN, and a LINE FEED. WAIT = :* WAIT for the : prompt LOOP *actually this is not needed here has I have only 1 HACK record HACK = ID=YOMAMA,PASS=PLATE0PLATE7^M^J*hack the fucker The "*" is used terminate the string in the SEND, WAIT, GOOD, and HACK records so that they may contain embedded blanks. None of the other record type may contain embedded blanks. Ie, the COUNT, DIAL, PLATEn, TEST, LOG, CODEZ, DELAY, LOOP, SEEDLn, SEEDHn, SHOW, PASSFILE, MASTERFILE, and FORCE values are all delimited by a blank.


Other shit: Ok, if you have been trying to read this shit and figure out if this is useful or not, let me just say that hacking takes so much time, that you have to be smart about your attack. In other words, trying to hack a plate like six numbers would represent one million combinations. Even at an unattainable rate of 1 second per hack attempt, it's a long time. Well, its about 11.25 days, so it ain't forever, but in reality, it's much longer, like 9 weeks. Of course you could get lucky and crack one, say, after a week. But even that seems a tad too long for my tastes. Yours too. So, phuck, what are you gonna do? Well, you have to know something about your target. Like if you think the password is 2 letters and a 6 digit number, then try SS313### as a plate or things like that. 3 numbers represents 1,000 tries that at 9 seconds per hack attempt (a reasonable number) would take 2.5 hours. If your are guessing six digit numbers, I would run it with at least 3 digits specified or even 4 if I was watching. Of course at 9600 you might

get the time down to 6 seconds per attempt, but if the system drops carrier every three attempts, then 6 seconds is about as good as it gets. Well, that was a lot of shit, wasn't it? Hopefully after you try it a bit, the descriptions will make more cents... This fucking code would have been a lot easier if the damn thing supported arrays... Oh well kuldge away!!!!! Note that all of the "|"s in column one of this text specify changes to the previous versions of this text. Finally, I have spent my time makeing the telix hacker work correctly when the control and config shit is correctly entered. I have not tested (much, anyway) what happens when things are specified wrong, like if you specified a High seed value of 0 for an alphabetic field in the plate. So if you have problems please brefily state what's not working and include the CONTROL file that you are trying to hack with. # Shawn-da-Lay!!!!!!!!!