Guide To (Mostly) Harmless Hacking, Beginners' Series

6/9/12
Guide to (mostly) Harmless Hacking, Beginners' Series
GuidesoftheBeginner'sSeries: Soyouwanttobeaharmlesshacker? HackingWindows95! HackingintoWindows95(andalittlebitofNTlore)! HackingfromWindows3.x,95andNT HowtoGeta*Good*ShellAccount,Part1 HowtoGeta*Good*ShellAccount,Part2 HowtousetheWebtolookupinformationonhacking. Computerhacking.Wherediditbeginandhowdiditgrow? PGPforNewbies TheExploitFiles:BasicsofBreakingintoComputers ___________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'Series#1 Soyouwanttobeaharmlesshacker? ____________________________________________________________ "Youmeanyoucanhackwithoutbreakingthelaw?" Thatwasthevoiceofahighschoolfreshman.Hehadmeonthephonebecausehisfather hadjusttakenawayhiscomputer.Hisoffense?CrackingintomyInternetaccount.Theboy hadhopedtoimpressmewithhow"kewl"hewas.ButbeforeIrealizedhehadgottenin, asysadminatmyISPhadspottedthekid'sharmlessexplorationsandhadalertedthe parents.Nowtheboywantedmyhelpingettingbackonline. ItoldthekidthatIsympathizedwithhisfather.WhatifthesysadminandIhadbeenmajor grouches?Thiskidcouldhavewoundupinjuveniledetention.NowIdon'tagreewith puttingharmlesshackersinjail,andIwouldneverhavetestifiedagainsthim.Butthat's whatsomepeopledotofolkswhogosnoopinginotherpeople'scomputeraccountseven whentheculpritdoesnoharm.Thisboyneedstolearnhowtokeepoutoftrouble! Hackingisthemostexhilaratinggameontheplanet.Butitstopsbeingfunwhenyouend upinacellwitharoommatenamed"Spike."Buthackingdoesn'thavetomeanbreaking laws.InthisseriesofGuidesweteachsafehackingsothatyoudon'thavetokeeplooking backoveryourshouldersfornarcsandcops. Whatwe'retalkingaboutishackingasahealthyrecreation,andasafreeeducationthatcan qualifyyoutogetahighpayingjob.Infact,manynetworksystemsadministrators, computerscientistsandcomputersecurityexpertsfirstlearnedtheirprofessions,notinsome collegeprogram,butfromthehackerculture.Andyoumaybesurprisedtodiscoverthat ultimatelytheInternetissafeguardednotbylawenforcementagencies,notbygiant corporations,butbyaworldwidenetworkof,yes,hackers.
it-project-work.com/doc/gtmhh/guideMHH.htm
1/74
6/9/12
You,too,canbecomeoneofus. Andhackingcanbesurprisinglyeasy.Heck,ifIcandoit,anyonecan! Regardlessofwhyyouwanttobeahacker,itisdefinitelyawaytohavefun,impressyour friends,andgetdates.Ifyouareafemalehackeryoubecometotallyirresistibletomen. Takemywordforit!^D TheseGuidesto(mostly)HarmlessHackingcanbeyourgatewayintothisworld.After readingjustafewoftheseGuidesyouwillbeabletopulloffstuntsthatwillbelegal,phun, andwillimpresstheheckoutofyourfriends. TheseGuidescanequipyoutobecomeoneofthevigilantesthatkeepstheInternetfrom beingdestroyedbybadguys.Especiallyspammers.Heh,heh,heh.Youcanalsolearnhow tokeepthebadguysfrommessingwithyourInternetaccount,email,andpersonal computer.You'lllearnnottobefrightenedbysillyhoaxesthatprankstersusetokeepthe averageInternetuserinatizzy. Ifyouhanginwithusthroughayearorso,youcanlearnenoughandmeetthepeopleon ouremaillistandIRCchannelwhocanhelpyoutobecometrulyelite. However,beforeyouplungeintothehackersubculture,bepreparedforthathacker attitude.Youhavebeenwarned. So...welcometotheadventureofhacking! WHATDOINEEDINORDERTOHACK? Youmaywonderwhetherhackersneedexpensivecomputerequipmentandashelffullof technicalmanuals.TheanswerisNO!Hackingcanbesurprisinglyeasy!Betteryet,ifyou knowhowtosearchtheWeb,youcanfindalmostanycomputerinformationyouneedfor free. Infact,hackingissoeasythatifyouhaveanonlineserviceandknowhowtosendand reademail,youcanstarthackingimmediately.TheGTMHHBeginners'Series#2will showyouwhereyoucandownloadspecialhackerfriendlyprogramsforWindowsthatare absolutelyfree.Andwe'llshowyousomeeasyhackertricksyoucanusethemfor. Nowsupposeyouwanttobecomeanelitehacker?Allyouwillreallyneedisan inexpensive"shellaccount"withanInternetServiceProvider.IntheGTMHHBeginners' Series#3wewilltellyouhowtogetashellaccount,logon,andstartplayingthegreatest gameonEarth:Unixhacking!TheninVol.sI,II,andIIIoftheGTMHHyoucangetinto Unixhackingseriously. YoucanevenmakeitintotheranksoftheUberhackerswithoutloadinguponexpensive computerequipment.InVol.IIweintroduceLinux,thefreehackerfriendlyoperating system.Itwillevenrunona386PCwithjust2MbRAM!Linuxissogoodthatmany InternetServiceProvidersuseittoruntheirsystems.
2/74
6/9/12
InVol.IIIwewillalsointroducePerl,theshellprogramminglanguagebelovedof Uberhackers.Wewilleventeachsomeseriouslydeadlyhacker"exploits"thatrunonPerl usingLinux.OK,youcouldusemostoftheseexploitstodoillegalthings.Buttheyare onlyillegalifyourunthemagainstsomeoneelse'scomputerwithouttheirpermission.You canrunanyprograminthisseriesofGuidesonyourowncomputer,oryour(consenting) friend'scomputerifyoudare!Hey,seriously,nothinginthisseriesofGuideswill actuallyhurtyourcomputer,unlessyoudecidetotrashitonpurpose. Wewillalsoopenthegatewaytoanamazingundergroundwhereyoucanstayontopof almosteverydiscoveryofcomputersecurityflaws.Youcanlearnhowtoeitherexploit themordefendyourcomputeragainstthem! AbouttheGuidesto(mostly)HarmlessHacking Wehavenoticedthattherearelotsofbooksthatglamorizehackers.Toreadthesebooks youwouldthinkthatittakesmanyyearsofbrilliantworktobecomeone.Ofcoursewe hackerslovetoperpetuatethismythbecauseitmakesuslooksoincrediblykewl. Buthowmanybooksareouttherethattellthebeginnerstepbystephowtoactuallydothis hackingstuph?None!Seriously,haveyoueverread_SecretsofaSuperhacker_byThe Knightmare(Loomponics,1994)or_ForbiddenSecretsoftheLegionofDoomHackers_ bySalaciousCrumb(St.MahounBooks,1994)?Theyarefullofvagueandoutofdate stuph.Givemeabreak. AndifyougetononeofthehackernewsgroupsontheInternetandaskpeoplehowtodo stuph,someoftheminsultandmakefunofyou.OK,theyallmakefunofyou. Weseemanyhackersmakingabigdealofthemselvesandbeingmysteriousandrefusing tohelpotherslearnhowtohack.Why?Becausetheydon'twantyoutoknowthetruth, whichisthatmostofwhattheyaredoingisreallyverysimple! Well,wethoughtaboutthis.We,too,couldenjoythepleasureofinsultingpeoplewhoask ushowtohack.Orwecouldgetbigegosbyactuallyteachingthousandsofpeoplehowto hack.Muhahaha. HowtoUsetheGuidesto(mostly)HarmlessHacking IfyouknowhowtouseapersonalcomputerandareontheInternet,youalreadyknow enoughtostartlearningtobeahacker.Youdon'tevenneedtoreadeverysingleGuideto (mostly)HarmlessHackinginordertobecomeahacker. YoucancountonanythinginVolumesI,IIandIIIbeingsoeasythatyoucanjumpin aboutanywhereandjustfollowinstructions. Butifyourplanistobecome"elite,"youwilldobetterifyoureadalltheGuides,check outthemanyWebsitesandnewsgroupstowhichwewillpointyou,andfindamentor amongthemanytalentedhackerswhoposttoourHackersforumorchatonourIRCserver athttp://www.infowar.com,andontheHappyHackeremaillist(email hacker@techbroker.comwithmessage"subscribe").
3/74
6/9/12
IfyourgoalistobecomeanUberhacker,theGuideswillendupbeingonlythefirstina mountainofmaterialthatyouwillneedtostudy.However,weofferastudystrategythat canaidyouinyourquesttoreachthepinnacleofhacking. HowtoNotGetBusted Oneslightproblemwithhackingisthatifyoustepovertheline,youcangotojail.Wewill doourbesttowarnyouwhenwedescribehacksthatcouldgetyouintotroublewiththe law.Butwearenotattorneysorexpertsoncyberlaw.Inaddition,everystateandevery countryhasitsownlaws.Andtheselawskeeponchanging.Soyouhavetousealittle sense. However,wehaveaGuideto(mostly)HarmlessHackingComputerCrimeLawSeriesto helpyouavoidsomepitfalls. ButthebestprotectionagainstgettingbustedistheGoldenRule.Ifyouareabouttodo somethingthatyouwouldnotliketohavedonetoyou,forgetit.Dohacksthatmakethe worldabetterplace,orthatareatleastfunandharmless,andyoushouldbeabletokeep outoftrouble. SoifyougetanideafromtheGuidesto(mostly)HarmlessHackingthathelpsyoutodo somethingmaliciousordestructive,it'syourproblemifyouendupbeingthenexthacker behindbars.Hey,thelawwon'tcareiftheguywhosecomputeryoutrashwasbeinga d***.Itwon'tcarethatthegiantcorporationwhosedatabaseyoufilchedshaftedyourbest buddyonce.Theywillonlycarethatyoubrokethelaw. Tosomepeopleitmaysoundlikephuntobecomeanationalsensationinthelatesthysteria overEvilGeniushackers.Butafterthetrial,whensomereaderoftheseGuidesendsup beingthereluctant"girlfriend"ofaconvictnamedSpike,howhappywillhisnews clippingsmakehim? ConventionsUsedintheGuides You'veprobablyalreadynoticedthatwespellsomewordsfunny,like"kewl"and"phun." Thesearehackerslangterms.Sinceweoftencommunicatewitheachotherviaemail,most ofourslangconsistsofordinarywordswithextraordinaryspellings.Forexample,ahacker mightspell"elite"as"3l1t3,"with3'ssubstitutingfore'sand1'sfori's.Heorshemayeven spell"elite"as"31337.TheGuidessometimesusetheseslangspellingstohelpyoulearn howtowriteemaillikeahacker. Ofcourse,thecutespellingstuphweusewillgooutofdatefast.Sowedonotguarantee thatifyouusethisslang,peoplewillreadyouremailandthink,"Ohhh,youmustbean EvilGenius!I'msoooimpressed!" Takeitfromus,guyswhoneedtokeeponinventingnewslangtoprovetheyare"krad 3l1t3"areoftenlusersandlamers.Soifyoudon'twanttouseanyofthehackerslangof theseGuides,that'sOKbyus.MostUberhackersdon'tuseslang,either. WhoAreYou?
4/74
6/9/12
We'vemadesomeassumptionsaboutwhoyouareandwhyyouarereadingtheseGuides: YouownaPCorMacintoshpersonalcomputer YouareonlinewiththeInternet Youhaveasenseofhumorandadventureandwanttoexpressitbyhacking Oryouwanttoimpressyourfriendsandpickupchicks(orguys)bymakingthemthink youareanEvilGenius So,doesthispicturefityou?Ifso,OK,d00dz,startyourcomputers.Areyoureadyto hack? _________________________________________________________ Subscribetoouremaillistbyemailingtohacker@techbroker.comwithmessage "subscribe" WanttosharesomekewlstuphwiththeHappyHackerlist?Correctmistakes?Sendyour messagestohacker@techbroker.com.Tosendmeconfidentialemail(please,no discussionsofillegalactivities)usecarolyn@techbroker.comandbesuretostateinyour messagethatyouwantmetokeepthisconfidential.Ifyouwishyourmessageposted anonymously,pleasesayso!Directflamestodev/null@techbroker.com.Happyhacking! Copyright1997CarolynP.Meinel.YoumayforwardorpostonyourWebsitethis GUIDETO(mostly)HARMLESSHACKINGaslongasyouleavethisnoticeattheend.. ________________________________________________________ ___________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'Series#2,SectionOne. HackingWindows95! ____________________________________________________________ Importantwarning:thisisabeginnerslesson.BEGINNERS.Willallyousuperkradelite haxorsouttherejustskipreadingthisone,insteadreadingitandfeelingallinsultedathow easyitisandthenemailingmetobleat"ThisGTMHHiz2ezyyour******up,weehate u!!!&$%"Gostudysomethingthatseriouslychallengesyourintellectsuchas"Unixfor Dummies,"OK? HaveyoueverseenwhathappenswhensomeonewithanAmericaOnlineaccountpoststo ahackernewsgroup,emaillist,orIRCchatsession?Itgivesyouatrueunderstandingof what"flame"means,right? Nowyoumightthinkthatmakingfunofdumb.newbie@aol.comisjustsomeprejudice. Sortoflikehowmanagersinbigcorporationsdon'tweardreadlocksandfraternityboys don'tdriveYugos. ButtherealreasonserioushackerswouldneveruseAOListhatitdoesn'tofferUnixshell accountsforitsusers.AOLfearsUnixbecauseitisthemostfabulous,exciting,powerful, hackerfriendlyoperatingsystemintheSolarsystem...gottacalmdown...anyhow,I'dfeel
5/74
6/9/12
crippledwithoutUnix.SoAOLfiguresofferingUnixshellaccountstoitsusersisbegging togethacked. Unfortunately,thisattitudeisspreading.EverydaymoreISPsaredecidingtostopoffering shellaccountstotheirusers. Butifyoudon'thaveaUnixshellaccount,youcanstillhack.Allyouneedisacomputer thatrunsWindows95andjustsomereallyretardedonlineaccountlikeAmericaOnlineor Compuserve. InthisBeginner'sSeries#2wecoverseveralfunthingstodowithWindowsandeventhe mosthackerhostileOnlineservices.And,remember,allthesethingsarereallyeasy.You don'tneedtobeagenius.Youdon'tneedtobeacomputerscientist.Youdon'tneedtowon anexpensivecomputer.ThesearethingsanyonewithWindows95cando. SectionOne:CustomizeyourWindows95visuals.Setupyourstartup,backgroundand logoffscreenssoastoamazeandbefuddleyournonhackerfriends. SectionTwo:SubvertWindowsnannyprogramssuchasSurfwatchandthesetupsmany schoolsuseinthehopeofkeepingkidsfromusingunauthorizedprograms.Proveto yourselfandyourfriendsandcoworkersthatWindows95passwordsareajoke. SectionThree:ExploreothercomputersOK,let'sbeblatanthackfromyour WindowshomecomputerusingevenjustAOLforInternetaccess. HOWTOCUSTOMIZEWINDOWS95VISUALS OK,let'ssayyouarehostingawildpartyinyourhome.Youdecidetoshowyourbuddies thatyouareoneofthosedreadhackerd00dz.Soyoufireupyourcomputerandwhat shouldcomeuponyourscreenbutthelogofor"Windows95."It'skindoflamelooking, isn'tit?Yourcomputerlooksjustlikeeveryoneelse'sbox.Justlikesomeboringcorporate workstationoperatedbysomeguywithanIQinthe80s. NowifyouareaserioushackeryouwouldbebootingupLinuxorFreeBSDorsomeother kindofUnixonyourpersonalcomputer.Butyourfriendsdon'tknowthat.Soyouhavean opportunitytosocialengineerthemintothinkingyouarefabulouslyelitebyjustby customizingyourbootupscreen. Nowlet'ssayyouwanttobootupwithablackscreenwithorangeandyellowflamesand theslogan"KRadDoomstersoftheApocalypse."Thisturnsouttobesupereasy. NowMicrosoftwantsyoutoadvertisetheiroperatingsystemeverytimeyoubootup.In fact,theywantthissobadlythattheyhavegonetocourttotrytoforcecomputerretailersto keeptheMicro$oftbootupscreenonthesystemsthesevendorssell. SoMicrosoftcertainlydoesn'twantyoumessingwiththeirbootupscreen,either.SoM$ hastriedtohidethebootupscreensoftware.Buttheydidn'thideitverywell.We'regoing tolearntodayhowtototallythwarttheirplans.
6/74
6/9/12
*********************************************** EvilGeniustip:Oneoftherewardingthingsabouthackingistofindhiddenfilesthattryto keepyoufrommodifyingthemandthentomesswiththemanyhow.That'swhatwe're doingtoday. TheWin95bootupgraphicsishiddenineitherafilenamedc:\logo.sysand/orip.sys.To seethisfile,openFileManager,click"view",thenclick"byfiletype,"thencheckthebox for"showhidden/systemfiles."Then,backon"view,"click"allfiledetails."Totheright ofthefilelogo.sysyouwillseetheletters"rhs."Thesemeanthisfileis"readonly,hidden, system." Thereasonthisinnocuousgraphicsfileislabeledasasystemfilewhenitreallyisjusta graphicsfilewithsomeanimationaddedisbecauseMicrosoftisafraidyou'llchangeitto readsomethinglike"WelcometoWindoze95BreakfastofLusers!"Sobymakingita readonlyfile,andhidingit,andcallingitasystemfileasifitweresomethingsodarn importantitwoulddestroyyourcomputerifyouweretomesswithit,Microsoftistryingto trickyouintoleavingitalone. *********************************************** TheeasiestwaytothwarttheseWindoze95startupandshutdownscreensistogoto http://www.windows95.com/apps/andcheckouttheirprograms.Butwe'rehackers,sowe liketodothingsourselves.Sohere'showtodothiswithoutusingacannedprogram. WestartbyfindingtheMSPaintprogram.It'sprobablyundertheaccessoriesfolder.But justincaseyou'relikemeandkeeponmovingthingsaround,here'sthefailsafeprogram findingroutine: 1)Click"Start"onthelowerleftcornerofyourscreen. 2)Click"WindowsExplorer" 3)Click"Tools" 4)Click"Find" 5)Click"filesorfolders" 6)After"named"typein"MSPaint" 7)After"Lookin"typein'C:" 8)Checktheboxthatsays"includesubfolders" 9)Click"findnow" 10)Doubleclickontheiconofapaintbucketthatturnsupinawindow.Thisloadsthe paintprogram. 11)Withinthepaintprogram,click"file" 12)Click"open" OK,nowyouhaveMSPaint.Nowyouhaveasupereasywaytocreateyournewbootup screen: 13)After"filename"typeinc:\windows\logos.sys.Thisbringsupthegraphicyouget whenyourcomputerisreadytoshutdownsaying"It'snowsafetoturnoffyour computer."Thisgraphichasexactlytherightformattobeusedforyourstartupgraphic.So youcanplaywithitanywayyouwant(solongasyoudon'tdoanythingontheAttributes
7/74
6/9/12
screenundertheImagesmenu)anduseitforyourstartupgraphic. 14)Nowweplaywiththispicture.JustexperimentwiththecontrolsofMSPaintandtry outfunstuff. 15)Whenyoudecideyoureallylikeyourpicture(fillitwithfrighteninghackerstuph, right?),saveitasc:\logo.sys.ThiswilloverwritetheWindowsstartuplogofile.Fromnow on,anytimeyouwanttochangeyourstartuplogo,youwillbeabletobothreadandwrite thefilelogo.sys. 16.Ifyouwanttochangetheshutdownscreens,theyareeasytofindandmodifyusing MSPaint.Thebeginningshutdownscreenisnamedc:\windows\logow.sys.Aswesaw above,thefinal"It'snowsafetoturnoffyourcomputer"screengraphicisnamed c:\windows\logos.sys. 17.Tomakegraphicsthatwillbeavailableforyourwallpaper,namethemsomethinglike c:\windows\evilhaxor.bmp(substitutingyourfilenamefor"exilhaxor"unlessyouliketo nameyourwallpaper"evilhaxor.") ******************************************************** EvilGeniustip:TheMicrosoftWindows95startupscreenhasananimatedbaratthe bottom.Butonceyoureplaceitwithyourowngraphic,thatanimationisgone.However, youcanmakeyourownanimatedstartupscreenusingthesharewareprogramBMP Wizard.Somedownloadsitesforthisgoodieinclude: http://www.pippin.com/English/ComputersSoftware/Software/Windows95/graphic.htm http://search.windows95.com/apps/editors.html http://www.windows95.com/apps/editors.html OryoucandownloadtheprogramLogoMania,whichautomaticallyresizesanybitmapto thecorrectsizeforyourlogonandlogoffscreensandaddsseveraltypesofanimationas well.Youcanfinditat ftp.zdnet.com/pcmag/1997/0325/logoma.zip ******************************************************** NowthetroublewithusingoneoftheexistingWin95logofilesisthattheyonlyallowyou tousetheiroriginalcolors.Ifyoureallywanttogowild,openMSPaintagain.Firstclick "Image,"thenclick"attributes."Setwidth320andheightto400.MakesureunderUnits thatPelsisselected.Nowyouarefreetouseanycolorcombinationavailableinthis program.Remembertosavethefileasc:\logo.sysforyourstartuplogo,or c:\windows\logow.sysandorc:\windows\logos.sysforyourshutdownscreens. Butifyouwantsomereallyfabulousstuffforyourstartingscreen,youcanstealgraphics fromyourfavoritehackerpageontheWebandimportthemintoWin95'sstartupand shutdownscreens.Here'showyoudoit. 1)Wow,kewlgraphics!StopyourbrowsingonthatWebpageandhitthe"printscreen" button. 2)OpenMSPaintandsetwidthto320andheightto400withunitsPels.
8/74
6/9/12
3)Clickedit,thenclickpaste.Bam,thatimageisnowinyourMSPaintprogram. 4)Whenyousaveit,makesureattributesarestill320X400Pels.Nameitc:\logo.sys, c:\windows\logow.sys,c:\windows\logos.sys,orc:\winodws\evilhaxor.bmpdependingon whichscreenorwallpaperyouwanttodisplayiton. OfcourseyoucandothesamethingbyopeninganygraphicsfileyouchooseinMSPaint oranyothergraphicsprogram,solongasyousaveitwiththerightfilenameintheright directoryandsizeit320X400Pels. Oh,no,stuffyAuntieSuzieiscomingtovisitandshewantstousemycomputertoreadher email!I'llneverheartheendofitifsheseesmyKRadDoomstersoftheApocalypse startupscreen!!! Here'swhatyoucandotogetyourboringMicro$oftstartuplogoback.Justchangethe nameofc:logo.systosomethinginnocuousthatAuntSuziewon'tseewhilesnoopingwith filemanager.Somethinglikelogo.bak.Guesswhathappens?ThoseMicrosoftguysfigured we'dbedoingthingslikethisandhidacopyoftheirboringbootupscreeninafilenamed "io.sys."Soifyourenameordeletetheiroriginallogo.sys,andthereisnofilebythatname left,onbootupyourcomputerdisplaystheirsameoldWindows95bootupscreen. NowsupposeyourWin95boxisattachedtoalocalareanetwork(LAN)?Itisn'taseasyto changeyourbootuplogo,asthenetworkmayoverrideyourchanges.Butthereisawayto thwartthenetwork.Ifyouaren'tafraidofyourbossseeingyour"KRadDommstersofthe Apocalypse"spashedoveranxratedbackdrop,here'showtocustomizeyourbootup graphics. 0.95policyeditor (comesonthe95cd)withthedefaultadmin.admwillletyouchange this.Usethepolicyeditortoopentheregistry,select'local computer'selectnetwork,select'logon'andthenselet'logonbanner'. It'llthenshowyouthecurrentbannerandletyouchangeitandsaveit backtotheregistry. ************************************** Evilgeniustip:Wanttomesswithio.sysorlogo.sys?Here'showtogetintothem.And, guesswhat,thisisagreatthingtolearnincaseyoueverneedtobreakintoaWindows computersomethingwe'lllookatindetailinthenextsection. Click"Start"then"Programs"then"MSDOS."AttheMS_DOSpromptenterthe commands: ATTRIBRHSC:\IO.SYS ATTRIBRHSC:\LOGO.SYS Nowtheyaretotallyatyourmercy,muhahaha! Butdon'tbesurprisedisMSPaintcan'topeneitherofthesefiles.MSPaintonlyopens
9/74
6/9/12
graphicsfiles.Butio.sysandlogo.sysaresetuptobeusedbyanimationapplications. ************************************** OK,that'sitfornow.You31337hackerswhoarefeelinginsultedbyreadingthisbecause itwastooeasy,toughcookies.Iwarnedyou.ButI'llbetmyboxhasahappierhacker logongraphicthanyoursdoes.KRadDoomstersoftheapocalypse,yesss! _________________________________________________________ Subscribetoouremaillistbyemailingtohacker@techbroker.comwithmessage "subscribe"orjoinourHackerforumathttp://www.infowar.com/cgishl/login.exe. WanttosharesomekewlstuphwiththeHappyHackerlist?Correctmistakes?Sendyour messagestohacker@techbroker.com.Tosendmeconfidentialemail(please,no discussionsofillegalactivities)usecmeinel@techbroker.comandbesuretostateinyour messagethatyouwantmetokeepthisconfidential.Ifyouwishyourmessageposted anonymously,pleasesayso!Directflamestodev/null@techbroker.com.Happyhacking! Copyright1997CarolynP.Meinel.YoumayforwardorpostonyourWebsitethis GUIDETO(mostly)HARMLESSHACKINGaslongasyouleavethisnoticeattheend.. ________________________________________________________ ___________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'Series#2,SectionTwo. HackingintoWindows95(andalittlebitofNTlore)! ____________________________________________________________ Importantwarning:thisisabeginnerslesson.BEGINNERS.Willallyougeniuseswho werebornalreadyknowing32bitWindowsjustskipreadingthisone,OK?Wedon'tneed tohearhowdisgustedyouarethatnoteveryonealreadyknowsthis. PARENTALDISCRETIONADVISED! Thislessonwilllaythefoundationforlearninghowtohackwhatnowisthemost commonlyinstalledworkstationoperatingsystem:WindowsNT.Infact,WindowsNTis comingintowideuseasalocalareanetwork(LAN),Internet,intranet,andWebserver.So ifyouwanttocallyourselfaserioushacker,you'dbettergetafirmgrasponWinNT. InthislessonyouwilllearnserioushackingtechniquesusefulonbothWindows95and WinNTsystemswhileplayingincompletesafetyonyourowncomputer. Inthislessonweexplore: SeveralwaystohackyourWindows95logonpassword HowtohackyourPentiumCMOSpassword HowtohackaWindowsRegistrywhichiswhereaccesscontrolonWindowsbased LANs,intranetsandInternetandWebsserversarehidden! Let'ssetthestageforthislesson.Youhaveyourbuddiesovertoyourhometoseeyou
10/74
6/9/12
hackonyourWindows95box.You'vealreadyputinareallyindustrialhaxorlooking bootupscreen,sotheyarealreadytremblingatthethoughtofwhatatremendouslyelite d00dyouare.Sowhatdoyoudonext? Howaboutclickingon"Start,"clicking"settings"then"controlpanel"then"passwords." Tellyourfriendsyourpasswordandgetthemtoenterasecretnewone.Thenshutdown yourcomputerandtellthemyouareabouttoshowthemhowfastyoucanbreaktheir passwordandgetbackintoyourownbox! ThisfeatissoeasyI'malmostembarrassedtotellyouhowit'sdone.That'sbecauseyou'll say"Sheesh,youcallthatpasswordprotection?AnyidiotcanbreakintoaWin95box! Andofcourseyou'reright.Butthat'stheMicro$oftway.Rememberthisnexttimeyou expecttokeepsomethingonyourWin95boxconfidential. AndwhenitcomestimetolearnWinNThacking,rememberthisMicro$oftsecurity mindset.ThefunnythingisthatveryfewhackersmesswithNTtodaybecausethey'reall busycrackingintoUnixboxes.ButtherearecountlessamazingWinNTexploitsjust waitingtobediscovered.OnceyouseehoweasyitistobreakintoyourWin95box,you'll feelinyourbonesthatevenwithoutusholdingyourhand,youcoulddiscoverwaysto crackWinNTboxes,too. Butbacktoyourbuddieswaitingtoseewhatanelitehackeryouare.Maybeyou'llwant themtoturntheirbackssoalltheyknowisyoucanbreakintoaWin95boxinlessthan oneminute.Ormaybeyou'llbeaniceguyandshowthemexactlyhowit'sdone. Butfirst,here'sawarning.Thefirstfewtechniqueswe'reshowingworkonmosthome Win95installations.But,especiallyincorporatelocalareanetworks(LANs),severalof thesetechniquesdon'twork.Butneverfear,inthislessonwewillcoverenoughwaysto breakinthatyouwillbeabletogaincontrolofabsolutely*any*Win95boxtowhichyou havephysicalaccess.Butwe'llstartwiththeeasywaysfirst. EasyWin95Breakin#1: Stepone:bootupyourcomputer. Steptwo:Whenthe"systemconfiguration"screencomesup,pressthe"F5"key.Ifyour systemdoesn'tshowthisscreen,justkeeponpressingtheF5key. IfyourWin95hastherightsettings,thisbootsyouinto"safemode."Everythinglooks weird,butyoudon'thavetogiveyourpasswordandyoustillcanrunyourprograms. Tooeasy!OK,ifyouwanttodosomethingthatlooksalittleclassier,here'sanotherwayto evadethatnewpassword. EasyWin95Breakin#2: Stepone:Bootup. Steptwo:whenyougettothe"systemconfiguration"screen,presstheF8key.Thisgives
11/74
6/9/12
youtheMicrosoftWindows95StartupMenu. Stepthree:choosenumber7.ThisputsyouintoMSDOS.Attheprompt,givethe command"renamec:\windows\*pwlc:\windows\*zzz." **************************** Newbienote:MSDOSstandsforMicrosoftDiskOperatingSystem,anancientoperating systemdatingfrom1981.Itisacommandlineoperatingsystem,meaningthatyougeta prompt(probablyc:\>)afterwhichyoutypeinacommandandpresstheenterkey.MS DOSisoftenabbreviatedDOS.ItisalittlebitsimilartoUnix,andinfactinitsfirstversion itincorporatedthousandsoflinesofUnixcode. ***************************** Stepfour:reboot.Youwillgetthepassworddialogscreen.Youcanthenfakeoutyour friendsbyenteringanydarnpasswordyouwant.Itwillaskyoutoreenterittoconfirm yournewpassword. Stepfive.Yourfriendsaresmartenoughtosuspectyoujustcreatedanewpassword,huh? Well,youcanputtheoldoneyourfriendspicked.UseanytoolyoulikeFileManager, ExplorerorMSDOStorename*.zzzbackto*.pwl. Stepsix:rebootandletyourfriendsusetheirsecretpassword.Itstillworks! Thinkaboutit.Ifsomeonewheretobesneakingaroundanotherperson'sWin95computer, usingthistechnique,theonlywaythevictimcoulddeterminetherehadbeenanintruderis tocheckforrecentlychangedfilesanddiscoverthatthe*.pwlfileshavebeenmessedwith **************************** Evilgeniustip:Unlessthemsdos.sysfilebootkeys=0optionisactive,thekeysthatcando somethingduringthebootupprocessareF4,F5,F6,F8,Shift+F5,Control+F5and Shift+F8.Playwiththem! **************************** Nowlet'ssupposeyoudiscoveredthatyourWin95boxdoesn'trespondtothebootup keys.Youcanstillbreakin. Ifyourcomputerdoesallowuseofthebootkeys,youmaywishtodisabletheminorderto beateenybitmoresecure.Besides,it'sphuntoshowyourfriendshowtousethebootkeys andthendisablethesesowhentheytrytomesswithyourcomputertheywilldiscover you'velockedthemout. Theeasiestbutslowestwaytodisablethebootkeysistopickthepropersettingswhile installingWin95.Butwe'rehackers,sowecanpullafasttricktodothesamething.We aregoingtolearnhowtoedittheWin95msdos.sysfile,whichcontrolsthebootsequence. EasyWaytoEdityourMsdos.sysFile: Stepzero:Backupyourcomputercompletely,especiallythesystemfiles.Makesureyou haveaWindows95bootdisk.Weareabouttoplaywithfire!Ifyouaredoingthison
12/74
6/9/12
someoneelse'scomputer,let'sjusthopeeitheryouhavepermissiontodestroytheoperating system,orelseyouaresogoodyoucouldn'tpossiblymakeaseriousmistake. ******************************* Newbienote:Youdon'thaveabootdisk?Shame,shame,shame!Everyoneoughttohave abootdiskfortheircomputerjustincaseyouoryourbuddiesdosomethingreallyhorrible toyoursystemfiles.Ifyoudon'talreadyhaveaWin95bootdisk,here'showtomakeone. TodothisyouneedanemptyfloppydiskandyourWin95installationdisk(s).Clickon Start,thenSettings,thenControlPanel,thenAdd/RemovePrograms,thenStartupDisk. Fromherejustfollowinstructions. ******************************** Stepone:Findthefilemsdos.sys.Itisintherootdirectory(usuallyC:\).Sincethisisa hiddensystemfile,theeasiestwaytofinditistoclickonMyComputer,rightclicktheicon foryourbootdrive(usuallyC:),leftclickExplore,thenscrolldowntherightsideframe untilyoufindthefile"msdos.sys." Steptwo:Makemsdos.syswritable.Todothis,rightclickonmsdos.sys,thenleftclick "properties."Thisbringsupascreenonwhichyouuncheckthe"readonly"and"hidden" boxes.Youhavenowmadethisafilethatyoucanpullintoawordprocessortoedit. Stepthree:Bringmsdos.sysupinWordPad.Todothis,yougotoFileManager.Find msdos.sysagainandclickonit.Thenclick"associate"underthe"file"menu.Thenclick on"WordPad."ItisveryimportanttouseWordPadandnotNotepadoranyotherword processingprogram!Thendoubleclickonmsdos.sys. Stepfour:Wearereadytoedit.YouwillseethatWordPadhascomeupwithmsdos.sys loaded.Youwillseesomethingthatlookslikethis: [Paths] WinDir=C:\WINDOWS WinBootDir=C:\WINDOWS HostWinBootDrv=C [Options] BootGUI=1 Network=1 Thefollowinglinesarerequiredforcompatibilitywithotherprograms. Donotremovethem(MSDOS>SYSneedstobe>1024bytes). xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx . . . Todisablethefunctionkeysduringbootup,directlybelow[Options]youshouldinsertthe command"BootKeys=0."
13/74
6/9/12
Or,anotherwaytodisablethebootkeysistoinsertthecommandBootDelay=0.Youcan reallymessupyoursnoopyhackerwannabefriendsbyputtinginbothstatementsandhope theydon'tknowaboutBootDelay.Thensavemsdos.sys. Stepfive:sincemsdos.sysisabsolutelyessentialtoyourcomputer,you'dbetterwrite protectitlikeitwasbeforeyoueditedit.ClickonMyComputer,thenExplore,thenclick theiconforyourbootdrive(usuallyC:),thenscrolldowntherightsideuntilyoufindthe file"msdos.sys." Clickonmsdos.sys,thenleftclick"properties."Thisbringsbackthatscreenwiththe"read only"and"hidden"boxes.Check"readonly." Stepsix:You*are*runningavirusscanner,aren'tyou?Youneverknowwhatyour phriendsmightdotoyourcomputerwhileyourbackisturned.Whenyounextbootup, yourvirusscannerwillseethatmsdos.syshaschanged.Itwillassumetheworstandwant tomakeyourmsdos.sysfilelookjustlikeitdidbefore.Youhavetostopitfromdoingthis. IrunNortonAntivirus,soallIhavetodowhentheviruswarningscreencomesupittotell itto"innoculate." HardWaytoEdityour(orsomeoneelse's)Msdos.sysFile. Stepzero.ThisisusefulpracticeforusingDOStorunrampantsomedayinWinNT LANs,WebandInternetservers.PutaWin95bootdiskinthea:drive.Bootup.This givesyouaDOSpromptA:\. Stepone:Makemsdos.syswritable.Givethecommand"attribhrsc:\msdos.sys" (Thisassumesthec:driveisthebootdisk.) Steptwo:givethecommand"editmsdos.sys"Thisbringsupthisfileintotheword processor. Stepthree:Usetheeditprogramtoaltermsdos.sys.Saveit.Exittheeditprogram. Stepfour:AttheDOSprompt,givethecommand"attrib+r+h+sc:\msdos.sys"toreturn themsdos.sysfiletothestatusofhidden,readonlysystemfile. OK,nowyourcomputer'sbootkeysaredisabled.Doesthismeannoonecanbreakin? Sorry,thisisn'tgoodenough. Asyoumayhaveguessedfromthe"HardWaytoEdityourMsdos.sys"instruction,your nextoptionforWin95breakinsistouseabootdiskthatgoesinthea:floppydrive. HowtoBreakintoaWin95BoxUsingaBootDisk Stepone:shutdownyourcomputer. Steptwo:putbootdiskintoA:drive. Stepthree:bootup. Stepfour:attheA:\prompt,givethecommand:renamec:\windows\*.pwl
14/74
6/9/12
c:\windows\*.zzz. Stepfour:bootupagain.Youcanenteranythingornothingatthepasswordpromptand getin. Stepfive:Coveryourtracksbyrenamingthepasswordfilesbacktowhattheywere. Wow,thisisjusttooeasy!Whatdoyoudoifyouwanttokeepyourpranksterfriendsout ofyourWin95box?Well,thereisonemorethingyoucando.Thisisacommontrickon LANswherethenetworkadministratordoesn'twanttohavetodealwithpeople monkeyingaroundwitheachothers'computers.Theanswerbutnotaverygoodanswer istouseaCMOSpassword. HowtoMessWithCMOS#1 Thebasicsettingsonyourcomputersuchashowmanyandwhatkindsofdiskdrivesand whichonesareusedforbootingareheldinaCMOSchiponthemotherboard.Atiny batterykeepsthischipalwaysrunningsothatwheneveryouturnyourcomputerbackon,it rememberswhatisthefirstdrivetocheckinforbootupinstructions.Onahomecomputerit willtypicallybesettofirstlookintheA:drive.IftheA:driveisempty,itnextwilllookat theC:drive. Onmycomputer,ifIwanttochangetheCMOSsettingsIpressthedeletekeyatthevery beginningofthebootupsequence.Then,becauseIhaveinstructedtheCMOSsettingsto askforapassword,Ihavetogiveitmypasswordtochangeanything. IfIdon'twantsomeonetobootfromtheA:driveandmesswithmypasswordfile,Icanset itsoitonlybootsfromtheC:drive.Orevensothatitonlybootsfromaremotedriveona LAN. So,isthereawaytobreakintoaWin95boxthatwon'tbootfromtheA:drive?Absolutely yes!Butbeforetryingthisoneout,besuretowritedown*ALL*yourCMOSsettings. Andbepreparedtomakeatotalwreckofyourcomputer.HackingCMOSisevenmore destructivethanhackingsystemfiles. Stepone:getaphillipsscrewdriver,soldersuckerandsolderingiron. Steptwo:openupyourvictim. Stepthree:removethebattery. Stepfour:plugthebatterybackin. Alternatestepthree:manymotherboardshavea3pinjumpertoresettheCMOStoits defaultsettings.Lookforajumperclosetothebatteryorlookatyourmanualifyouhave one. Forexample,youmightfindathreepindevicewithpinsoneandtwojumpered.Ifyou movethejumpertopinstwoandthreeandleaveitthereforoverfiveseconds,itmayreset theCMOS.Warningthiswillnotworkonallcomputers!
15/74
6/9/12
Stepfive:YourvictimcomputernowhopefullyhastheCMOSdefaultsettings.Put everythingbackthewaytheywere,withtheexceptionofsettingittofirstchecktheA: drivewhenbootingup. ******************************* Youcangetfiredwarning:Ifyoudothiswrong,andthisisacomputeryouuseatwork, andyouhavetogocryingtothesystemsadministratortogetyourcomputerworkingagain, youhadbetterhaveaconvincingstory.Whateveryoudo,don'ttellthesysadminoryour bossthat"TheHappyHackermademedoit"! ******************************* Stepsix:proceedwiththeA:drivebootdiskbreakininstructions. Doesthissoundtoohairy?WantaneasywaytomesswithCMOS?There'saprogramyou canrunthatdoesitwithouthavingtoplaywithyourmotherboard. HowtoMesswithCMOS#2 Boy,IsurehopeyoudecidedtoreadtotheendofthisGTMHHbeforetakingsoldergun toyourmotherboard.There'saneasysolutiontotheCMOSpasswordproblem.It'sa programcalledKillCMOSwhichyoucandownloadfromhttp://www.koasp.com. (Warning:ifIwereyou,I'dfirstcheckoutthissiteusingtheLynxbrowser,whichyoucan usefromLinuxoryourshellaccount). NowsupposeyouliketosurftheWebbutyourWin95boxissetupsosomesortofnet nannyprogramrestrictsaccesstoplacesyouwouldreallyliketovisit.Doesthismeanyou aredoomedtoliveinaBradyFamilyworld?Noway. ThereareseveralwaystoevadethoseprogramsthatcensorwhatWebsitesyouvisit. NowwhatIamabouttodiscussisnotwiththeintentionoffeedingpornographytolittle kids.Thesadfactisthatthesenetcensorshipprogramshavenowayofevaluating everythingontheWeb.Sowhattheydoisonlyallowaccesstoarelativelysmallnumber ofWebsites.ThiskeepskidsformdiscoveringmanywonderfulthingsontheWeb. Asthemotheroffour,Iunderstandhowworriedparentscangetoverwhattheirkids encounterontheInternet.ButtheseWebcensorprogramsareapoorsubstitutefor spendingtimewithyourkidssothattheylearnhowtousecomputersresponsiblyand becomereallydynamitehackers!Um,Imean,becomeresponsiblecyberspacecitizens. Besides,theseprogramscanallbehackedwaytoeasily. ThefirsttactictousewithaWebcensorprogramishitcontrolaltdelete.Thisbringsupthe tasklist.Ifthecensorshipprogramisonthelist,turnitoff. Secondtacticistoedittheautoexec.batfiletodeleteanymentionofthewebcensor program.Thiskeepsitfromgettingloadedinthefirstplace. Butwhatifyourparents(oryourbossorspouse)issavvyenoughtocheckwhereyou've
16/74
6/9/12
beensurfing?You'vegottogetridofthoseincriminatingrecordswhowingthatyou've beensurfingDilbert! It'seasytofixwithNetscape.OpenNetscape.iniwitheitherNotepadorWordPad.It probablywillbeinthedirectoryC:\Netscape\netscape.ini.Nearthebottomyouwillfind yourURLhistory.Deletethoselines. ButInternetExplorerisareallytoughbrowsertodefeat. EditingtheRegistryistheonlyway(thatIhavefound,atleast)todefeatthecensorship featureonInternetExplorer.And,guesswhat,itevenhidesseveralrecordsofyour browsinghistoryintheRegistry.Brrrr! ************************* Newbienote:Registry!ItistheValhallaofthosewhowishtocrackWindows.Whoever controlstheRegistryofanetworkservercontrolsthenetworktotally.Whoevercontrols theRegistryofaWin95orWinNTboxcontrolsthatcomputertotally.Theabilitytoedit theRegistryiscomparabletohavingrootaccesstoaUnixmachine. 'em HowtoedittheRegistry: Stepzero:Backupallyourfiles.Haveabootdiskhandy.IfyoumessuptheRegistry badlyenoughyoumayhavetoreinstallyouroperatingsystem. ****************************** Youcangetfiredwarning:IfyouedittheRegistryofacomputeratwork,ifyougetcaught youhadbetterhaveagoodexplanationforthesysadminandyourboss.Figureouthowto edittheRegistryofaLANserveratworkandyoumaybeinrealtrouble. ******************************* ******************************* Youcangotojailwarning:MesswiththeRegistryofsomeoneelse'scomputerandyou maybeviolatingthelaw.GetpermissionbeforeyoumesswithRegistriesofcomputersyou don'town. ******************************* Stepone:FindtheRegistry.Thisisnotsimple,becausetheMicrosofttheoryiswhatyou don'tknowwon'thurtyou.SotheideaistohidetheRegistryfromcluelesstypes.But,hey, wedon'tcareifwetotallytrashourcomputers,right?SoweclickStart,thenPrograms, thenWindowsExplorer,thenclickontheWindowsdirectoryandlookforafilenamed "Regedit.exe." Steptwo:RunRegedit.Clickonit.Itbringsupseveralfolders: HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG
17/74
6/9/12
HKEY_DYN_DATA Whatwearelookingatisinsomewayslikeapasswordfile,butit'smuchmorethanthis.It holdsallsortsofsettingshowyourdesktoplooks,whatshortcutsyouareusing,what filesyouareallowedtoaccess.IfyouareusedtoUnix,youaregoingtohavetomake majorrevisionsinhowyouviewfilepermissionsandpasswords.But,hey,thisisa beginners'lessonsowe'llglossoverthispart. **************************** Evilgeniustip:YoucanrunRegeditfromDOSfromabootdisk.Verrrryhandyincertain situations... **************************** Stepthree.GetintooneoftheseHKEYthingies.Let'scheckoutCURRENT_USERby clickingtheplussigntotheleftofit.Playaroundawhile.SeehowtheRegeditgivesyou menuchoicestopicknewsettings.You'llsoonrealizethatMicrosoftisbabysittingyou.All youseeispictureswithnoclueofwhothesefileslookinDOS.It'scalled"securityby obscurity."Thisisn'thowhackersedittheRegistry. Stepfour.Nowwegetactlikerealhackers.WearegoingtoputpartoftheRegistrywhere wecanseeandchangeanything.FirstclicktheHKEY_CLASSES_ROOTlineto highlightit.ThengouptotheRegistryheadingontheRegeditmenubar.Clickit,then choose"ExportRegistryFile."Giveitanynameyouwant,butbesureitendswith".reg". Stepfive.OpenthatpartoftheRegistryinWordPad.Itisimportanttousethatprogram insteadofNotePadoranyotherwordprocessingprogram.Onewayistorightclickonit fromExplorer.IMPORTANTWARNING:ifyouleftclickonit,itwillautomatically importitbackintotheRegistry.Ifyouweremessingwithitandaccidentallyleftclick,you couldtrashyourcomputerbigtime. Stepsix:ReadeverythingyoueverwantedtoknowaboutWindowssecuritythatMicrosoft wasafraidtoletyoufindout.Thingsthatlooklike: [HKEY_CLASSES_ROOT\htmlctl.PasswordCtl\CurVer] @="htmlctl.PasswordCtl.1" [HKEY_CLASSES_ROOT\htmlctl.PasswordCtl.1] @="PasswordCtlObject" [HKEY_CLASSES_ROOT\htmlctl.PasswordCtl.1\CLSID] @="{EE2308605A5F11CF8B1100AA00C00903}" Thestuffinsidethebracketsinthislastlineisanencryptedpasswordcontrollingaccesstoa programorfeaturesofaprogramsuchasthenetcensorshipfeatureofInternetExplorer. Whatitdoesinencryptthepasswordwhenyouenterit,thencompareitwiththe unencryptedversiononfile. Stepseven:Itisn'trealobviouswhichpasswordgoestowhatprogram.Isaydeletethem all!OfcoursethismeansyourstoredpasswordsforloggingontoyourISP,forexample,
18/74
6/9/12
maydisappear.Also,InternetExplorerwillpopupwithawarningthat"ContentAdvisor configurationinformationismissing.Someonemayhavetriedtotamperwithit."Thiswill lookreallybadtoyourparents! Also,ifyoutrashyouroperatingsystemintheprocess,you'dbetterhaveagood explanationforyourMomandDadaboutwhyyourcomputerissosick.It'sagoodideato knowhowtouseyourbootdisktoreinstallWin95itthisdoesn'tworkout. Stepeight(optional):Wanttoeraseyoursurfingrecords?ForInternetExploreryou'llhave toeditHKEY_CURRENT_USER,HKEY_LOCAL_MACHINEandHKEY_USERS. Youcanalsodeletethefilesc:\windows\cookies\mm2048.datand c:\windows\cookies\mm256.dat.ThesealsostoreURLdata. Stepnine.Importyour.regfilesbackintotheRegistry.Eitherclickonyour.regfilesin Explorerorelseusethe"Import"featurenexttothe"Export"youjustusedinRegedit. Thisonlyworksifyourememberedtonamethemwiththe.regextension. Stepnine:Oh,no,InternetExplorermakesthisloudobnoxiousnoisethefirsttimeIrunit andputsupabrightred"X"withthemessagethatItamperedwiththenetnannyfeature! Myparentswillseriouslykillme! Or,worseyet,oh,no,Itrashedmycomputer! Allisnotlost.ErasetheRegistryanditsbackups.Theseareinfourfiles:system.dat, user.dat,andtheirbackups,system.da0anduser.da0.Youroperatingsystemwill immediatelycommitsuicide.(Thiswasareallyexcitingtest,folks,butIluuuvthat adrenaline!)Ifyougetcoldfeet,theRecyclebinstillworksaftertrashingyourRegistry files,soyoucanrestorethemandyourcomputerwillbebacktothemessyoujustmadeof it.Butifyoureallyhaveguts,justkillthosefilesandshutitdown. ThenuseyourWin95bootdisktobringyourcomputerbacktolife.ReinstallWindows 95.Ifyourdesktoplooksdifferent,proudlytelleveryoneyoulearnedawholebigbunch aboutWin95anddecidedtopracticeonhowyourdesktoplooks.Hopetheydon'tcheck InternetExplorertoseeifthecensorshipprogramstillisenabled. AndifyourparentscatchyousurfingaNaziexplosivesinstructionsite,orifyoucatch yourkidsatbianca'sSmutShack,don'tblameitonHappyHacker.BlameitonMicrosoft securityoronparentsbeingtoobusytoteachtheirkidsrightfromwrong. Sowhy,insteadofhavingyouedittheRegistry,didn'tIjusttellyoutodeletethosefour filesandreinstallWin95?It'sbecauseifyouareevenhalfwayseriousabouthacking,you needtolearnhowtoedittheRegistryofaWinNTcomputer.Youjustgotalittletasteof whatitwillbelikehere,doneonthesafetyofyourhomecomputer. Youalsomayhavegottenatasteofhoweasyitistomakeahugemesswhenmessingwith theRegistry.Nowyoudon'thavetotakemyworkforit,youknowfirsthandhow disastrousaclumsyhackercanbewhenmessinginsomeoneelse'scomputersystems. SowhatisthebottomlineonWindows95security?IsthereanywaytosetupaWin95
19/74
6/9/12
boxsonoonecanbreakintoit?Hey,howaboutthatlittlekeyonyourcomputer?Sorry, thatwon'tdomuchgood,either.It'seasytodisconnectsoyoucanstillbootthebox.Sorry, Win95istotallyvulnerable. Infact,ifyouhavephysicalaccessto*ANY*computer,theonlywaytokeepyoufrom breakingintoitistoencryptitsfileswithastrongencryptionalgorithm.Itdoesn'tmatter whatkindofcomputeritis,filesonanycomputercanonewayoranotherbereadby someonewithphysicalaccesstoitunlesstheyareencryptedwithastrongalgorithmsuch asRSA. Wehaven'tgoneintoallthewaystobreakintoaWin95boxremotely,butthereareplenty ofways.AnyWin95boxonanetworkisvulnerable,unlessyouencryptitsinformation. AndthewaystoevadeWebcensorprogramsaresomany,theonlywayyoucanmake themworkistoeitherhopeyourkidsstaydumb,orelsethattheywillvoluntarilychooseto filltheirmindswithworthwhilematerial.Sorry,thereisnotechnologicalsubstitutefor bringingupyourkidstoknowrightfromwrong. ****************************** EvilGeniustip:Wanttotrashmostofthepoliciescanbeinvokedonaworkstationrunning Windows95?PastetheseintotheappropriatelocationsintheRegistry.Warning:results mayvaryandyoumaygetintoallsortsoftroublewhetheryoudothissuccessfullyor unsuccessfully. [HKEY_LOCAL_MACHINE\Network\Logon] [HKEY_LOCAL_MACHINE\Network\Logon] "MustBeValidated"=dword:00000000 "username"="ByteMe" "UserProfiles"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies] "DisablePwdCaching"=dword:00000000 "HideSharePwds"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"=dword:00000000 "NoClose"=dword:00000000 "NoDesktop"=dword:00000000 "NoFind"=dword:00000000 "NoNetHood"=dword:00000000 "NoRun"=dword:00000000 "NoSaveSettings"=dword:00000000 "NoRun"=dword:00000000 "NoSaveSettings"=dword:00000000 "NoSetFolders"=dword:00000000 "NoSetTaskbar"=dword:00000000
20/74
6/9/12
"NoAddPrinter"=dword:00000000 "NoDeletePrinter"=dword:00000000 "NoPrinterTabs"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network] "NoNetSetup"=dword:00000000 "NoNetSetupIDPage"=dword:00000000 "NoNetSetupSecurityPage"=dword:00000000 "NoEntireNetwork"=dword:00000000 "NoFileSharingControl"=dword:00000000 "NoPrintSharingControl"=dword:00000000 "NoWorkgroupContents"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoAdminPage"=dword:00000000 "NoConfigPage"=dword:00000000 "NoDevMgrPage"=dword:00000000 "NoDispAppearancePage"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 "NoDispCPL"=dword:00000000 "NoDispScrSavPage"=dword:00000000 "NoDispSettingsPage"=dword:00000000 "NoFileSysPage"=dword:00000000 "NoProfilePage"=dword:00000000 "NoPwdPage"=dword:00000000 "NoSecCPL"=dword:00000000 "NoVirtMemPage"=dword:00000000 "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp [ENDofmessagetext] [Alreadyatendofmessage] PINE3.91MESSAGETEXTFolder:INBOXMessage178of433END [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp ] "Disabled"=dword:00000000 "NoRealMode"=dword:00000000 _________________________________________________________ Subscribetoouremaillistbyemailingtohacker@techbroker.comwithmessage
21/74
6/9/12
"subscribe"orjoinourHackerforumathttp://www.infowar.com/cgishl/login.exe. WanttosharesomekewlstuphwiththeHappyHackerlist?Correctmistakes?Sendyour messagestohacker@techbroker.com.Tosendmeconfidentialemail(please,no discussionsofillegalactivities)usecmeinel@techbroker.comandbesuretostateinyour messagethatyouwantmetokeepthisconfidential.Ifyouwishyourmessageposted anonymously,pleasesayso!Directflamestodev/null@techbroker.com.Happyhacking! Copyright1997CarolynP.Meinel.YoumayforwardorpostonyourWebsitethis GUIDETO(mostly)HARMLESSHACKINGaslongasyouleavethisnoticeattheend. ________________________________________________________ ___________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'Series#2,Section3. HackingfromWindows3.x,95andNT ____________________________________________________________ Thislessonwilltellyouhow,armedwitheventhelamestofonlineservicessuchas AmericaOnlineandtheWindows95operatingsystem,youcandosomefairlyserious Internethackingtoday! Inthislessonwewilllearnhowto: UsesecretWindows95DOScommandstotrackdownandportsurfcomputersusedby famousonlineserviceproviders. Telnettocomputersthatwillletyouusetheinvaluablehackertoolsofwhois,nslookup, anddig. Downloadhackertoolssuchasportscannersandpasswordcrackersdesignedforuse withWindows. UseInternetExplorertoevaderestrictionsonwhatprogramsyoucanrunonyourschool orworkcomputers. Yes,IcanhearjerichoandRogueAgentandalltheotherSuperDuperhackersonthislist laughing.I'llbetalreadytheyhavequitreadingthisandarefuriouslyemailingmeflames andmakingphunofmein2600meetings.Windowshacking?Pooh! TellseasonedhackersthatyouuseWindowsandtheywilllaughatyou.They'lltellyouto goawayanddon'tcomebackuntilyou'rearmedwithashellaccountorsomesortofUnix onyourPC.Actually,Ihavelongsharedtheiropinion.Shoot,mostofthetimehacking fromWindozeislikeusinga1969VolkswagontoraceagainstadragsterusingoneofVP Racing'shightechfuels. ButthereactuallyisagoodreasontolearntohackfromWindows.Someofyourbesttools forprobingandmanipulatingWindowsnetworksarefoundonlyonWindowsNT. Furthermore,withWin95youcanpracticetheRegistryhackingthatiscentraltoworking yourwillonWinNTserversandthenetworkstheyadminister.
22/74
6/9/12
Infact,ifyouwanttobecomeaserioushacker,youeventuallywillhavetolearnWindows. ThisisbecauseWindowsNTisfasttakingovertheInternetfromUnix.AnIDCreport projectsthattheUnixbasedWebservermarketsharewillfallfromthe65%of1995to only25%bytheyear2000.TheWindowsNTshareisprojectedtogrowto32%.This weakfutureforUnixWebserversisreinforcedbyanIDCreportreportingthatmarket shareofallUnixsystemsisnowfallingatacompoundannualrateofdeclineof17%for theforeseeablefuture,whileWindowsNTisgrowinginmarketshareby20%peryear. (MarkWinther,"TheGlobalMarketforPublicandPrivateInternetServerSoftware,"IDC #11202,April1996,10,11.) Soifyouwanttokeepupyourhackingskills,you'regoingtohavetogetwiseto Windows.Oneofthesedayswe'regoingtobesniggeringatallthoseUnixonlyhackers. Besides,evenpoor,pitifulWindows95nowcantakeadvantageoflotsoffreehacker toolsthatgiveitmuchofthepowerofUnix. Sincethisisabeginners'lesson,we'llgostraighttotheBigQuestion:"AllIgotisAOL andaWin95box.CanIstilllearnhowtohack?" Yes,yes,yes! ThesecrettohackingfromAOL/Win95orfromanyonlineservicethatgivesyou accesstotheWorldWideWebishiddeninWin95'sMSDOS(DOS7.0). DOS7.0offersseveralInternettools,noneofwhicharedocumentedineitherthestandard WindowsorDOShelpfeatures.Butyou'regettingthechancetolearnthesehidden featurestoday. Sotogetgoingwithtoday'slesson,useAOLorwhateverlameonlineserviceyoumay haveandmakethekindofconnectionyouusetogetontheWeb(thiswillbeaPPPor SLIPconnection).ThenminimizeyourWebbrowserandpreparetohack!Next,bringup yourDOSwindowbyclickingStart,thenPrograms,thenMSDOS. ForbesthackingI'vefounditeasiertouseDOSinawindowwithataskbarwhichallows metocutandpastecommandsandeasilyswitchbetweenWindowsandDOSprograms.If yourDOScomesupasafullscreen,holddowntheAltkeywhilehittingenter,anditwill gointoawindow.Thenifyouaremissingthetaskbar,clickthesystemmenuontheleft sideoftheDOSwindowcaptionandselectToolbar. NowyouhavetheoptionofeightTCP/IPutilitiestoplaywith:telnet,arp,ftp,nbtstat, netstat,ping,route,andtracert. Telnetisthebiggie.YoucanalsoaccessthetelnetprogramdirectlyfromWindows.But whilehackingyoumayneedtheotherutilitiesthatcanonlybeusedfromDOS,soIliketo calltelnetfromDOS. WiththeDOStelnetyoucanactuallyportsurfalmostaswellasfromaUnixtelnet program.Butthereareseveraltricksyouneedtolearninordertomakethiswork.
23/74
6/9/12
First,we'lltryoutloggingontoastrangecomputersomewhere.Thisisaphunthingto showyourfriendswhodon'thaveacluebecauseitcanscaretheheckoutthem.Honest,I justtriedthisoutonaneighbor.Hegotsoworriedthatwhenhegothomehecalledmy husbandandbeggedhimtokeepmefromhackinghisworkcomputer! Todothis(Imeanlogontoastrangecomputer,notscareyourneighbors)gototheDOS promptC:\WINDOWS>andgivethecommand"telnet."Thisbringsupatelnetscreen. ClickonConnect,thenclickRemoteSystem. Thisbringsupaboxthatasksyoufor"HostName."Type"whois.internic.net"intothis box.Belowthatitasksfor"Port"andhasthedefaultvalueof"telnet."Leavein"telnet"for theportselection.Belowthatisaboxfor"TermType."IrecommendpickingVT100 because,well,justbecauseIlikeitbest. Thefirstthingyoucandotofrightenyourneighborsandimpressyourfriendsisa"whois." ClickonConnectandyouwillsoongetapromptthatlookslikethis: [vt100]InterNIC> Thenaskyourfriendorneighborhisorheremailaddress.ThenatthisInterNICprompt, typeinthelasttwopartsofyourfriend'semailaddress.Forexample,iftheaddressis "luser@aol.com,"typein"aol.com." NowI'mpickingAOLforthislessonbecauseitisreallyhardtohack.Almostanyother onlineservicewillbeeasier. ForAOLwegettheanswer: [vt100]InterNIC>whoisaol.com ConnectingtothersDatabase...... ConnectedtothersDatabase AmericaOnline(AOLDOM) 12100SunriseValleyDrive Reston,Virginia22091 USA DomainName:AOL.COM AdministrativeContact: O'Donnell,DavidB(DBO3)PMDAtropos@AOL.COM 703/4534255(FAX)703/4534102 TechnicalContact,ZoneContact: AmericaOnline(AOLNOC)trouble@aol.net 7034535862 BillingContact: Barrett,Joe(JB4302)BarrettJG@AOL.COM 7034534160(FAX)7034534001 Recordlastupdatedon13Mar97.
24/74
6/9/12
Recordcreatedon22Jun95. Domainserversinlistedorder: DNS01.AOL.COM152.163.199.42 DNS02.AOL.COM152.163.199.56 DNSAOL.ANS.NET198.83.210.28 TheselastthreelinesgivethenamesofsomecomputersthatworkforAmericaOnline (AOL).IfwewanttohackAOL,theseareagoodplacetostart. ********************************* Newbienote:Wejustgotinfoonthree"domainnameservers"forAOL."Aol.com"isthe domainnameforAOL,andthedomainserversarethecomputersthatholdinformationthat tellstherestoftheInternethowtosendmessagestoAOLcomputersandemailaddresses. ********************************* ********************************* Evilgeniustip:UsingyourWin95andanInternetconnection,youcanrunawhoisquery frommanyothercomputers,aswell.Telnettoyourtargetcomputer'sport43andifitlets yougetonit,giveyourquery. Example:telnettonic.ddn.mil,port43.Onceconnectedtype"whoisDNS 01.AOL.COM,"orwhatevernameyouwanttocheckout.However,thisonlyworkson computersthatarerunningthewhoisserviceonport43. Warning:showthistricktoyourneighborsandtheywillreallybeterrified.Theyjustsaw youaccessingaUSmilitarycomputer!Butit'sOK,nic.ddn.milisopentothepublicon manyofitsports.CheckoutitsWebsitewww.nic.ddn.milanditsftpsite,tootheyarea motherlodeofinformationthatisgoodforhacking. ********************************* NextItriedalittleportsurfingonDNS01.AOL.COMbutcouldn'tfindanyportsopen.So it'sasafebetthiscomputerisbehindtheAOLfirewall. ********************************** Newbienote:portsurfingmeanstoattempttoaccessacomputerthroughseveraldifferent ports.Aportisanywayyougetinformationintooroutofacomputer.Forexample,port 23istheoneyouusuallyusetologintoashellaccount.Port25isusedtosendemail.Port 80isfortheWeb.Therearethousandsofdesignatedports,butanyparticularcomputer mayberunningonlythreeorfourports.Onyourhomecomputeryourportsincludethe monitor,keyboard,andmodem. ********************************** Sowhatdowedonext?WeclosethetelnetprogramandgobacktotheDOSwindow.At theDOSpromptwegivethecommand"tracert152.163.199.42."Orwecouldgivethe command"tracertDNS01.AOL.COM."Eitherwaywe'llgetthesameresult.This commandwilltracetheroutethatamessagetakes,hoppingfromonecomputertoanother, asittravelsfrommycomputertothisAOLdomainservercomputer.Here'swhatweget: C:\WINDOWS>tracert152.163.199.42
25/74
6/9/12
Tracingroutetodns01.aol.com[152.163.199.42] overamaximumof30hops: 1***Requesttimedout. 2150ms144ms138ms204.134.78.201 3375ms299ms196msglorycyberport.nm.westnet.net[204.134.78.33] 4271ms*201msenss365.nm.org[129.121.1.3] 5229ms216ms213msh40.cnss116.Albuquerque.t3.ans.net[192.103.74.45] 6223ms236ms229msf2.t1120.Albuquerque.t3.ans.net[140.222.112.221] 7248ms269ms257msh14.t640.Houston.t3.ans.net[140.223.65.9] 8178ms212ms196msh14.t801.StLouis.t3.ans.net[140.223.65.14] 9316ms*298msh12.t600.Reston.t3.ans.net[140.223.61.9] 10315ms333ms331ms207.25.134.189 11***Requesttimedout. 12***Requesttimedout. 13207.25.134.189reports:Destinationnetunreachable. Whattheheckisallthisstuff?Thenumbertotheleftisthenumberofcomputerstheroute hasbeentracedthrough.The"150ms"stuffishowlong,inthousandthsofasecond,it takestosendamessagetoandfromthatcomputer.Sinceamessagecantakeadifferent lengthoftimeeverytimeyousendit,tracerttimesthetripthreetimes.The"*"meansthe tripwastakingtoolongsotracertsaid"forgetit."Afterthetiminginfocomesthenameof thecomputerthemessagereached,firstinaformthatiseasyforahumantoremember, theninaformnumbersthatacomputerprefers. "Destinationnetunreachable"probablymeanstracerthitafirewall. Let'strythesecondAOLdomainserver. C:\WINDOWS>tracert152.163.199.56 Tracingroutetodns02.aol.com[152.163.199.56] overamaximumof30hops: 1***Requesttimedout. 2142ms140ms137ms204.134.78.201 3246ms194ms241msglorycyberport.nm.westnet.net[204.134.78.33] 4154ms185ms247msenss365.nm.org[129.121.1.3] 5475ms278ms325msh40.cnss116.Albuquerque.t3.ans.net[192.103.74. 45] 6181ms187ms290msf2.t1120.Albuquerque.t3.ans.net[140.222.112.22 1] 7162ms217ms199msh14.t640.Houston.t3.ans.net[140.223.65.9] 8210ms212ms248msh14.t801.StLouis.t3.ans.net[140.223.65.14] 9207ms*208msh12.t600.Reston.t3.ans.net[140.223.61.9] 10338ms518ms381ms207.25.134.189 11***Requesttimedout. 12***Requesttimedout.
26/74
6/9/12
13207.25.134.189reports:Destinationnetunreachable. Notethatbothtracertsendedatthesamecomputernamedh12.t600.Reston.t3.ans.net. SinceAOLisheadquarteredinReston,Virginia,it'sagoodbetthisisacomputerthat directlyfeedsstuffintoAOL.Butwenoticethath12.t600.Reston.t3.ans.net,h14.t801.St Louis.t3.ans.net,h14.t640.Houston.t3.ans.netandAlbuquerque.t3.ans.netallhave numericalnamesbeginningwith140,andnamesthatendwith"ans.net."Soit'sagood guessthattheyallbelongtothesamecompany.Also,that"t3"ineachnamesuggeststhese computersareroutersonaT3communicationsbackbonefortheInternet. Nextlet'scheckoutthatfinalAOLdomainserver: C:\WINDOWS>tracert198.83.210.28 Tracingroutetodnsaol.ans.net[198.83.210.28] overamaximumof30hops: 1***Requesttimedout. 2138ms145ms135ms204.134.78.201 3212ms191ms181msglorycyberport.nm.westnet.net[204.134.78.33] 4166ms228ms189msenss365.nm.org[129.121.1.3] 5148ms138ms177msh40.cnss116.Albuquerque.t3.ans.net[192.103.74. 45] 6284ms296ms178msf2.t1120.Albuquerque.t3.ans.net[140.222.112.22 1] 7298ms279ms277msh14.t640.Houston.t3.ans.net[140.223.65.9] 8238ms234ms263msh14.t1040.Atlanta.t3.ans.net[140.223.65.18] 9301ms257ms250msdnsaol.ans.net[198.83.210.28] Tracecomplete. Hey,wefinallygotallthewaythroughtosomethingwecanbeprettycertainisanAOL box,anditlookslikeit'soutsidethefirewall!Butlookathowthetracerttookadifferent paththistime,goingthroughAtlantainsteadofSt.LouisandReston.Butwearestill lookingatans.netaddresseswithT3s,sothislastnameserverisusingthesamenetworkas theothers. Nowwhatcanwedonexttogetluser@aol.comreallywonderingifyoucouldactually breakintohisaccount?We'regoingtodosomeportsurfingonthislastAOLdomainname server!Buttodothisweneedtochangeourtelnetsettingsabit. ClickonTerminal,thenPreferences.Inthepreferencesboxyouneedtocheck"Local echo."Youmustdothis,orelseyouwon'tbeabletoseeeverythingthatyougetwhileport surfing.Forsomereason,someofthemessagesaremotecomputersendstoyouwon't showuponyourWin95telnetscreenunlessyouchoosethelocalechooption.However, bewarned,insomesituationseverythingyoutypeinwillbedoubled.Forexample,ifyou typein"hello"thetelnetscreenmayshowyou"hehlellloo.Thisdoesn'tmeanyou mistyped,itjustmeansyourtypingisgettingechoedbackatvariousintervals.
27/74
6/9/12
NowclickonConnect,thenRemoteSystem.ThenenterthenameofthatlastAOLdomain server,dnsaol.ans.net.Belowit,forPortchooseDaytime.Itwillsendbacktoyoutheday oftheweek,dateandtimeofdayinitstimezone. Aha!Wenowknowthatdnsaol.ans.netisexposedtotheworld,withatleastoneopen port,heh,heh.Itisdefinitelyaprospectforfurtherportsurfing.Andnowyourfriendis wondering,howdidyougetsomethingoutofthatcomputer? ****************************** Cluelessnewbiealert:Ifeveryonewhoreadsthistelnetstothedaytimeportofthis computer,thesysadminwillsay"Whoa,I'munderheavyattackbyhackers!!!Theremust besomeevilexploitforthedaytimeservice!I'mgoingtoclosethisportpronto!"Then you'llallemailmecomplainingthehackdoesn'twork.Please,trythishackoutondifferent computersanddon'tallbeatuponAOL. ****************************** Nowlet'scheckoutthatRestoncomputer.IselectRemoteHostagainandenterthename h12.t600.Reston.t3.ans.net.Itrysomeportsurfingwithoutsuccess.Thisisaseriously lockeddownbox!Whatdowedonext? Sofirstweremovethat"localecho"feature,thenwetelnetbacktowhois.internic.Weask aboutthisans.netoutfitthatofferslinkstoAOL: [vt100]InterNIC>whoisans.net ConnectingtothersDatabase...... ConnectedtothersDatabase ANSCO+RESystems,Inc.(ANSDOM) 100ClearbrookRoad Elmsford,NY10523 DomainName:ANS.NET AdministrativeContact: Hershman,Ittai(IH4)ittai@ANS.NET (914)7895337 TechnicalContact: ANSNetworkOperationsCenter(ANSNOC)noc@ans.net 18004566300 ZoneContact: ANSHostmaster(AHORG)hostmaster@ANS.NET (800)4566300fax:(914)7895310 Recordlastupdatedon03Jan97. Recordcreatedon27Sep90. Domainserversinlistedorder:
28/74
6/9/12
NS.ANS.NET192.103.63.100 NIS.ANS.NET147.225.1.2 Nowifyouwantedtobeareallyevilhackeryoucouldcallthat800numberandtryto socialengineerapasswordoutofsomebodywhoworksforthisnetwork.Butthatwouldn't beniceandthereisnothinglegalyoucandowithans.netpasswords.SoI'mnottellingyou howtosocialengineerthosepasswords. Anyhow,yougettheideaofhowyoucanhackaroundgatheringinfothatleadstothe computerthathandlesanyone'semail. SowhatelsecanyoudowithyouronlineconnectionandWin95? Well...shouldItellyouaboutkillerping?It'sagoodwaytoloseyourjobandendupin jail.YoudoitfromyourWindowsDOSprompt.FindthegorydetailsintheGTMHH Vol.2Number3,whichiskeptinoneofourarchiveslistedattheendofthislesson. Fortunatelymostsystemsadministratorshavepatchedthingsnowadayssothatkillerping won'twork.ButjustincaseyourISPorLANatworkorschoolisn'tprotected,don'ttestit withoutyoursysadmin'sapproval! Thenthere'sordinaryping,alsodonefromDOS.It'ssortofliketracert,butallitdoesis timehowlongamessagetakesfromonecomputertoanother,withouttellingyouanything aboutthecomputersbetweenyoursandtheoneyouping. OtherTCP/IPcommandshiddeninDOSinclude: ArpIPtophysicaladdresstranslationtables FtpFiletransferprotocol.Thisoneisreallylame.Don'tuseit.GetasharewareFtp programfromoneofthedownloadsiteslistedbelow. NbtstatDisplayscurrentnetworkinfosupertouseonyourownISP NetstatSimilartoNbstat RouteControlsroutertablesrouterhackingisconsideredextraelite. Sincethesearesemisecretcommands,youcan'tgetanydetailsonhowtousethemfrom theDOShelpmenu.Buttherearehelpfileshiddenawayforthesecommands. Forarp,nbtstat,pingandroute,togethelpjusttypeinthecommandandhitenter. Fornetstatyouhavetogivethecommand"netstat?"togethelp. Telnethasahelpoptiononthetoolbar. Ihaven'tbeenabletofigureoutatricktogethelpfortheftpcommand. Nowsupposeyouareatthepointwhereyouwanttodoserioushackingthatrequires commandsotherthanthesewejustcovered,butyoudon'twanttouseUnix.Shameon you!But,heck,eventhoughIusuallyhaveoneortwoUnixshellaccountsplusWalnut CreekSlackwareonmyhomecomputer,IstillliketohackfromWindows.Thisisbecause I'mornery.Soyoucanbeornery,too. SowhatisyournextoptionfordoingserioushackingfromWindows?
29/74
6/9/12
HowwouldyouliketocrackWinNTserverpasswords?DownloadthefreeWin95 programNTLocksmith,anaddonprogramtoNTRecoverthatallowsforthechangingof passwordsonsystemswheretheadministrativepasswordhasbeenlost.Itisreputedto work100%ofthetime.GetbothNTLocksmithandNTRecoverandlotsmorefree hackertoolsfromhttp://www.sysinternals.com. ********************************** Youcangotojailwarning:IfyouuseNTRecovertobreakintosomeoneelse'ssystem, youarejustaskingtogetbusted. ********************************** HowwouldyouliketotrickyourfriendsintothinkingtheirNTboxhascrashedwhenit reallyhasn't?Thisprankprogramcanbedownloadedfrom http://www.osr.com/insider/insdrcod.htm. ********************************* Youcangetpunchedinthenosewarning:needIsaymore? ********************************* ButbyfarthedeadliesthackingtoolthatrunsonWindowscanbedownloadedfrom,guess what? http://home.microsoft.com ThatdeadlyprogramisInternetExplorer3.0.Unfortunately,thisprogramisevenbetterfor lettingotherhackersbreakintoyourhomecomputeranddostufflikemakeyourhome bankingprogram(e.g.Quicken)transferyourlifesavingstosomeoneinAfghanistan. Butifyou'rearen'tbraveenoughtorunInternetExplorertosurftheWeb,youcanstilluse ittohackyourowncomputer,orothercomputersonyourLAN.Yousee,Internet ExplorerisreallyanalternateWindowsshellwhichoperatesmuchliketheProgram ManagerandWindowsExplorerthatcomewiththeWin94andWinNToperating systems. Yes,fromInternetExploreryoucanrunanyprogramonyourowncomputer.Orany programtowhichyouhaveaccessonyourLAN. *********************************** Newbienote:Ashellisaprogramthatmediatesbetweenyouandtheoperatingsystem. ThebigdealaboutInternetExplorerbeingaWindowsshellisthatMicrosoftnevertold anyonethatitwasinfactashell.ThesecurityproblemsthatareplaguingInternetExplorer aremostlyaconsequenceofitturningouttobeashell.Bycontrast,theNetscapeand MosaicWebbrowsersarenotshells.Theyalsoaremuchsafertouse. *********************************** TouseInternetExplorerasaWindowsshell,bringitupjustlikeyouwouldifyouwere goingtosurftheWeb.Killtheprogram'sattempttoestablishanInternetconnectionwe don'twanttodoanythingcrazy,dowe?
30/74
6/9/12
TheninthespacewhereyouwouldnormallytypeintheURLyouwanttosurf,instead typeinc:. Whoa,lookatallthosefilefoldersthatcomeuponthescreen.Lookfamiliar?It'sthesame stuffyourWindowsExplorerwouldshowyou.Nowforfun,click"ProgramFiles"then click"Accessories"thenclick"MSPaint."AllofasuddenMSPaintisrunning.Nowpaint yourfriendswhoarewatchingthishackverysurprised. NextcloseallthatstuffandgetbacktoInternetExplorer.ClickontheWindowsfolder, thenclickonRegedit.exetostartitup.Exportthepasswordfile(it'sin HKEY_CLASSES_ROOT).OpenitinWordPad.Remember,theabilitytocontrolthe Registryofaserveristhekeytocontrollingthenetworkitserves.Showthistoyournext doorneighborandtellherthatyou'regoingtouseInternetExplorertosurfherpassword files.InafewhourstheSecretServicewillbefightingwiththeFBIonyourfrontlawn overwhogetstotrytobustyou.OK,onlykiddinghere. SohowcanyouuseInternetExplorerasahackingtool?Onewayisifyouareusinga computerthatrestrictsyourabilitytorunotherprogramsonyourcomputerorLAN.Next timeyougetfrustratedatyourschoolorlibrarycomputer,checktoseeifitoffersInternet Explorer.Ifitdoes,runitandtryenteringdiskdrivenames.WhileC:isacommondriveon yourhomecomputer,onaLANyoumightgetresultsbyputtinginR:orZ:oranyother letterofthealphabet. Nextcoolhack:tryautomatedportsurfingfromWindows!Sincetherearethousandsof possibleportsthatmaybeopenonanycomputer,itcouldtakedaystofullyexploreeven justonecomputerbyhand.AgoodanswertothisproblemistheNetCopautomatedport surfer,whichcanbefoundathttp://www.netcop.com/. NowsupposeyouwanttobeabletoaccesstheNTFSfilesystemthatWindowsNTuses fromaWin95orevenDOSplatform?ThiscanbeusefulifyouarewantingtouseWin95 asaplatformtohackanNTsystem.http://www.sysinternals.com/ntfsdos.htmoffersa programthatallowsWin95andDOStorecognizeandmountNTFSdrivesfortransparent access. Hey,wearehardlybeginningtoexploreallthewonderfulWindowshackingtoolsout there.Itwouldtakemegabytestowriteevenonesentenceabouteachandeveryoneof them.Butyou'reahacker,soyou'llenjoyexploringdozensmoreoftheseniftyprograms yourself.Followingisalistofsiteswhereyoucandownloadlotsoffreeandmoreorless harmlessprogramsthatwillhelpyouinyourhackercareer: ftp://ftp.cdrom.com ftp://ftp.coast.net http://hertz.njit.edu/%7ebxg3442/temp.html http://www.alpworld.com/infinity/voidneo.html http://www.danworld.com/nettools.html http://www.eskimo.com/~nwps/index.html http://www.geocities.com/siliconvalley/park/2613/links.html http://www.ilf.net/Toast/
31/74
6/9/12
http://www.islandnet.com/~cliffmcc http://www.simtel.net/simtel.net http://www.supernet.net/cwsapps/cwsa.html http://www.trytel.com/hack/ http://www.tucows.com http://www.windows95.com/apps/ http://www2.southwind.net/%7emiker/hack.html _________________________________________________________ Subscribetoouremaillistbyemailingtohacker@techbroker.comwithmessage "subscribe"orjoinourHackerforumathttp://www.infowar.com/cgishl/login.exe. WanttosharesomekewlstuphwiththeHappyHackerlist?Correctmistakes?Sendyour messagestohacker@techbroker.com.Tosendmeconfidentialemail(please,no discussionsofillegalactivities)usecmeinel@techbroker.comandbesuretostateinyour messagethatyouwantmetokeepthisconfidential.Ifyouwishyourmessageposted anonymously,pleasesayso!Directflamestodev/null@techbroker.com.Happyhacking! Copyright1997CarolynP.Meinel.YoumayforwardorpostthisGUIDETO(mostly) HARMLESSHACKINGonyourWebsiteaslongasyouleavethisnoticeattheend. ________________________________________________________ ___________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'Series#3Part1 HowtoGeta*Good*ShellAccount ____________________________________________________________ ____________________________________________________________ InthisGuideyouwilllearnhowto: tellwhetheryoumayalreadyhaveaUnixshellaccount getashellaccount logontoyourshellaccount ____________________________________________________________ You'vefixedupyourWindowsboxtobootupwithaluridhackerlogo.You'verenamed "RecycleBin""HiddenHaxorSecrets."WhenyourunNetscapeorInternetExplorer, insteadofthatboringcorporatelogo,youhaveafullcoloranimatedMozilladestroying NewYorkCity.Nowyourfriendsandneighborsareterrifiedandimpressed. ButinyourheartofheartsyouknowWindowsisscornedbyelitehackers.Youkeepon seeingtheirhairyexploitprogramsandalmosteveryoneofthemrequirestheUnix operatingsystem.Yourealizethatwhenitcomestomessingwithcomputernetworks,Unix isthemostpowerfuloperatingsystemontheplanet.Youhavedevelopedaburningdesire tobecomeoneofthoseUnixwizardsyourself.Yes,you'rereadyforthenextstep. You'rereadyforashellaccount.SHELLACCOUNT!!!!
32/74
6/9/12
***************************************************** Newbienote:Ashellaccountallowsyoutouseyourhomecomputerasaterminalon whichyoucangivecommandstoacomputerrunningUnix.The"shell"istheprogramthat translatesyourkeystrokesintoUnixcommands.Withtherightshellaccountyoucanenjoy theuseofafarmorepowerfulworkstationthanyoucouldeverdreamofaffordingtoown yourself.Italsoisagreatsteppingstonetothedaywhenyouwillberunningsomeformof Unixonyourhomecomputer. ***************************************************** OnceuponatimethemostcommonwaytogetontheInternetwasthroughaUnixshell account.ButnowadayseverybodyandhisbrotherareontheInternet.Almostallthese swarmsofsurferswantjusttwothings:theWeb,andemail.Togettheprettypicturesof today'sWeb,theaverageInternetconsumerwantsamerePPP(pointtopoint)connection account.Theywouldn'tknowaUnixcommandifithittheminthesnoot.Sonowadays almosttheonlypeoplewhowantshellaccountsareuswannabehackers. TheproblemisthatyouusedtobeabletosimplyphoneanISP,say"I'dlikeashell account,"andtheywouldgiveittoyoujustlikethat.Butnowadays,especiallyifyou soundlikeateenagemale,you'llrunintosomethinglikethis: ISPguy:"Youwantashellaccount?Whatfor?" Hackerdude:"Um,well,IlikeUnix." "LikeUnix,huh?You'reahacker,aren'tyou!"Slam,ISPguyhangsuponyou. Sohowdoyougetashellaccount?Actually,it'spossibleyoumayalreadyhaveoneand notknowit.Sofirstwewillanswerthequestion,howdoyoutellwhetheryoumayalready haveashellaccount?Then,ifyouarecertainyoudon'thaveone,we'llexplorethemany waysyoucangetone,nomatterwhat,fromanywhereintheworld. HowDoIKnowWhetherIAlreadyHaveaShellAccount? Firstyouneedtogetaprogramrunningthatwillconnectyoutoashellaccount.Thereare twoprogramswithWindows95thatwilldothis,aswellasmanyotherprograms,someof whichareexcellentandfree. FirstwewillshowyouhowtousetheWin95Telnetprogrambecauseyoualreadyhaveit anditwillalwayswork.Butit'sareallylimitedprogram,soIsuggestthatyouuseitonlyif youcan'tgettheHyperterminalprogramtowork. 1)FindyourTelnetprogramandmakeashortcuttoitonyourdesktop. OnewayistoclickStart,thenPrograms,thenWindowsExplorer. WhenExplorerisrunning,firstresizeitsoitdoesn'tcovertheentiredesktop. ThenclickTools,thenFind,then"FilesorFolders." Askittosearchfor"Telnet." ItwillshowafilelabeledC:\windows\telnet(insteadofC:\itmayhaveanotherdrive).
33/74
6/9/12
Rightclickonthisfile. Thiswillbringupamenuthatincludestheoption"createshortcut."Clickon"create shortcut"andthendragtheshortcuttothedesktopanddropit. CloseWindowsExplorer. 2)Dependingonhowyoursystemisconfigured,therearetwowaystoconnecttothe Internet.Theeasywayistoskiptostepthree.Butifitfails,gobacktothisstep.Startup whateverprogramyouusetoaccesstheInternet.Onceyouareconnected,minimizethe program.Nowtrystepthree. 3)BringupyourTelnetprogrambydoubleclickingontheshortcutyoujustmade. FirstyouneedtoconfigureTelnetsoitactuallyisusable.Onthetoolbarclick"terminal," then"preferences,"then"fonts."Choose"CourierNew,""regular"and8pointsize.You dothisbecauseifyouhavetoobigafont,theTelnetprogramisshownonthescreensobig thatthecursorfromyourshellprogramcanendupbeinghiddenoffthescreen.OK,OK, youcanpickotherfonts,butmakesurethatwhenyouclosethedialogboxthattheTelnet programwindowisentirelyvisibleonthescreen.Nowwhywouldtherebeoptionsthat makeTelnetimpossibletouse?AskMicrosoft. NowgobacktothetaskbartoclickConnect,thenunderitclick"Remotesystem."This bringsupanotherdialogbox. Under"hostname"inthisboxtypeinthelasttwopartsofyouremailaddress.For example,ifyouremailaddressisjane_doe@boring.ISP.com,type"ISP.com"forhost name. Under"port"inthisbox,leaveitthewayitis,reading"telnet." Under"terminaltype,"inthisbox,choose"VT100." ThenclicktheConnectbuttonandwaittoseewhathappens. Iftheconnectionfails,tryenteringthelastthreepartsofyouremailaddressasthehost,in thiscase"boring.ISP.com." Nowifyouhaveashellaccountyoushouldnextgetamessageaskingyoutologin.Itmay looksomethinglikethis: WelcometoBoringInternetServices,Ltd. Boring.comS9login:cmeinel Password: Linux2.0.0. Lastlogin:ThuApr1014:02:00onttyp5frompm20.kitty.net. sleepy:~$ Ifyougetsomethinglikethisyouareindefiniteluck.Theimportantthinghere,however,is thatthecomputerusedtheword"login"togetyoustarted.Ifisaskedforanythingelse,for example"logon,"thisisnotashellaccount. Assoonasyoulogin,inthecaseofBoringInternetServicesyouhaveaUnixshellprompt onyourscreen.Butinsteadofsomethingthissimpleyoumaygetsomethinglike: BSDIBSD/OS2.1(escape.com)(ttyrf)
34/74
6/9/12
login:galfina Password: Lastlogin:ThuApr1016:11:37fromfubar.net Copyright1992,1993,1994,1995BerkeleySoftwareDesign,Inc. Copyright(c)1980,1983,1986,1988,1990,1991,1993,1994 TheRegentsoftheUniversityofCalifornia.Allrightsreserved. __________________________________________________________________ _______________________________________ ___/___/___/\/\/__/___/ _____/___/\__//__////___/___/ _______//////////// _________\_____/\_____/\_____/\__/___/\_/\_____/.com [ESCAPE.COM] __________________________________________________________________ PLEASENOTE: MultipleLoginsandSimultaneousDialupsFromDifferentLocationsAre _NOT_PermittedatEscapeInternetAccess. __________________________________________________________________ Enteryourterminaltype,RETURNforvt100,?forlist: Settingterminaltypetovt100. Eraseisbackspace. MAIN EscapeMainMenu [05:45PM] ==>H)HELPHelp&TipsfortheEscapeInterface.(M) I)INTERNETInternetAccess&Resources(M) U)USENETMUsenetConferences(InternetDistribution)(M) L)LTALKEscapeLocalCommunicationsCenter(M) B)BULLETINSInformationonEscape,Upgrades,comingevents.(M) M)MAILEscapeWorldWideandLocalPostOffice(M) F)HOMEYourHomeDirectory(Whereallyourfilesendup) C)CONFIGConfigyouruserandsystemoptions(M) S)SHELLTheShell(UnixEnvironment)[TCSH] X)LOGOUTLeaveSystem BACKMAINHOMEMBOXITALKLOGOUT [Mesg:Y][TABkeytogglesmenus][Connected:0:00]
35/74
6/9/12
CMD> Inthiscaseyouaren'tinashellyet,butyoucanseeanoptiononthemenutogettoashell. Sohooray,youareinluck,youhaveashellaccount.Justenter"S"andyou'rein. NowdependingontheISPyoutryout,theremaybeallsortsofdifferentmenus,all designedtokeeptheuserfromhavingtoeverstumbleacrosstheshellitself.Butifyou haveashellaccount,youwillprobablyfindtheword"shell"somewhereonthemenu. Ifyoudon'tgetsomethingobviouslikethis,youmayhavetodothesinglemost humiliatingthingawannabehackerwilleverdo.Calltechsupportandaskwhetheryou haveashellaccountand,ifso,howtologin.Itmaybethattheyjustwanttomakeitreally, reallyhardforyoutofindyourshellaccount. NowpersonallyIdon'tcarefortheWin95Telnetprogram.Fortunatelytherearemany otherwaystocheckwhetheryouhaveashellaccount.Here'showtousethe Hyperterminalprogram,which,likeTelnet,comesfreewiththeWindows95operating system.Thisrequiresadifferentkindofconnection.InsteadofaPPPconnectionwewill doasimplephonedialup,thesamesortofconnectionyouusetogetonmostcomputer bulletinboardsystems(BBS). 1)First,findtheprogramHyperteminalandmakeashortcuttoyourdesktop.Thisoneis easytofind.JustclickStart,thenPrograms,thenAccessories.You'llfindHyperterminalon theaccessoriesmenu.Clickingonitwillbringupawindowwithabunchoficons.Click ontheonelabeled"hyperterminal.exe." 2)Thisbringsupadialogboxcalled"NewConnection."Enterthenameofyourlocal dialup,theninthenextdialogboxenterthephonedialupnumberofyourISP. 3)Makeashortcuttoyourdesktop. 4)UseHyperterminaltodialyourISP.Notethatinthiscaseyouaremakingadirectphone calltoyourshellaccountratherthantryingtoreachitthroughaPPPconnection. NowwhenyoudialyourISPfromHyperterminalyoumightgetabunchofreallyweird garbagescrollingdownyourscreen.Butdon'tgiveup.WhatishappeningisyourISPis tryingtosetupaPPPconnectionwithHyperterminal.Thatisthekindofconnectionyou needinordertogetprettypicturesontheWeb.ButHyperterminaldoesn'tunderstandPPP. UnfortunatelyI'vehavenotbeenabletofigureoutwhythishappenssometimesorhowto stopit.Butthegoodsideofthispictureisthattheproblemmaygoawaythenexttimeyou useHyperterminaltoconnecttoyourISP.Soifyoudialagainyoumaygetalogin sequence.I'vefounditoftenhelpstowaitafewdaysandtryagain.Ofcourseyoucan complaintotechsupportatyourISP.Butitislikelythattheywon'thaveaclueonwhat causestheirendofthingstotrytosetupaPPPsessionwithyourHyperterminal connection.Sigh. Butifallgoeswell,youwillbeabletologin.Infact,exceptforthePPPattemptproblem,I liketheHyperterminalprogrammuchbetterthanWin95Telnet.Soifyoucangetthisone towork,tryitoutforawhile.Seeifyoulikeit,too.
36/74
6/9/12
Thereareanumberofotherterminalprogramsthatarereallygoodforconnectingtoyour shellaccount.TheyincludeQmodem,QuarterdeckInternetSuite,andBitcom.Jericho recommendsEwan,atelnetprogramwhichalsorunsonWindows95.Ewanisfree,and hasmanymorefeaturesthaneitherHyperterminalorWin95Telnet.Youmaydownloadit fromjericho'sftpsiteatsekurity.orginthe/utilsdirectory. OK,let'ssayyouhaveloggedintoyourISPwithyourfavoriteprogram.Butperhapsitstill isn'tclearwhetheryouhaveashellaccount.Here'syournexttest.Atwhatyouhopeis yourshellprompt,givethecommand"lsalF."Ifyouhaveareal,honesttogoodnessshell account,youshouldgetsomethinglikethis: >lsalF total87 drwxxx5galfinauser1024Apr2221:45./ drwxrxrx380rootwheel6656Apr2218:15../ rwrr1galfinauser2793Apr2217:36.README rwrr1galfinauser635Apr2217:36.Xmodmap rwrr1galfinauser624Apr2217:36.Xmodmap.USKBD rwrr1galfinauser808Apr2217:36.Xresources drwxxx2galfinauser512Apr2217:36www/ etc. Thisisthelistingofthefilesanddirectoriesofyourhomedirectory.Yourshellaccount maygiveyouadifferentsetofdirectoriesandfilesthanthis(whichisonlyapartial listing).Inanycase,ifyouseeanythingthatlooksevenalittlebitlikethis,congratulations, youalreadyhaveashellaccount! ******************************************************* Newbienote:Thefirstiteminthatbunchofdashesandlettersinfrontofthefilenametells youwhatkindoffileitis."d"meansitisadirectory,and""meansitisafile.Therestare thepermissionsyourfileshave."r"=readpermission,"w"=writepermission,and"x"= executepermission(no,"execute"hasnothingtodowithmurderingfiles,itmeansyou havepermissiontoruntheprogramthatisinthisfile).Ifthereisadash,itmeansthereisno permissionthere. Thesymbolsinthesecond,thirdandfourthplacefromtheleftarethepermissionsthatyou haveasauser,thefollowingthreearethepermissionseveryoneinyourdesignatedgroup has,andthefinalthreearethepermissionsanyoneandeveryonemayhave.Forexample,in galfina'sdirectorythesubdirectory"www/"issomethingyoumayread,writeandexecute, whileeveryoneelsemayonlyexecute.ThisisthedirectorywhereyoucanputyourWeb page.Theentireworldmaybrowse("execute")yourWebpage.Butonlyyoucanreadand writetoit. Ifyouweretosomedaydiscoveryourpermissionslookinglike: drwxxrwxnewbieuser512Apr2217:36www/ Whoa,that"w"inthethirdplacefromlastwouldmeananyonewithanaccountfrom
37/74
6/9/12
outsideyourISPcanhackyourWebpage! ****************************************************** Anothercommandthatwilltellyouwhetheryouhaveashellaccountis"man."Thisgives youanonlineUnixmanual.Usuallyyouhavetogivethemancommandintheformof "man<command>"where<command>isthenameoftheUnixcommandyouwantto study.Forexample,ifyouwanttoknowallthedifferentwaystousethe"ls"command, type"manls"attheprompt. Ontheotherhand,hereisanexampleofsomethingthat,eventhoughitisonaUnix system,isnotashellaccount: BSDIBSD/3861.1(dubgw2.compuserve.com)(ttyp7) ConnectedtoCompuServe HostName:cis Enterchoice(LOGON,HELP,OFF): Theimmediatetipoffthatthisisnotashellaccountisthatitasksyouto"logon"insteadof "login:" HowtoGetaShellAccount Whatifyouarecertainthatyoudon'talreadyhaveashellaccount?Howdoyoufindan ISPthatwillgiveyouone? Theobviousplacetostartisyourphonebook.Unlessyouliveinareallyruralareaorina countrywheretherearefewISPs,thereshouldbeanumberofcompaniestochoosefrom. Sohere'syourproblem.YouphoneBoringISP,Inc.andsay,"I'dlikeashellaccount."But JoeDummyontheotherendofthephonesays,"Shell?What'sashellaccount?"Yousay "Iwantashellaccount.SHELLACCOUNT!!!"Hesays,"Duh?"Yousay"Shellaccount. SHELLACCOUNT!!!"Hesays,"Um,er,letmetalktomysupervisor."Mr.Uptight Supervisorgetsonthephone."Wedon'tgiveoutshellaccounts,youdirty&%$*#hacker." Or,worseyet,theyclaimtheInternetaccessaccounttheyaregivingyouashellaccount butyoudiscoveritisn'tone. Toavoidthisembarrassingscene,avoidcallingbignameISPs.Icanguaranteeyou, AmericaOnline,CompuserveandMicrosoftNetworkdon'tgiveoutshellaccounts. Whatyouwanttofindistheseediest,tiniestISPintown.Theonethatspecializesinpasty facedcustomerswhostayupallnightplayingMOOsandMUDs.Guyswhoimpersonate grrrlsonIRC.NowthatisnottosaythatMUDandIRCpeoplearetypicallyhackers.But thesedefinitelyareyourseriousInternetaddicts.AnISPthatcaterstopeoplelikethat
38/74
6/9/12
probablyalsounderstandsthekindofpersonwhowantstolearnUnixinsideandout. SoyouphoneoremailoneoftheseISPsonthebackroadsoftheNetandsay,"Greetings, d00d!Iamanevilhaxoranddemandashellaccountpronto!" No,no,no!ChancesareyougottheownerofthistinyISPontheotherendoftheline. He'sprobablyahackerhimself.Guesswhat?Helovestohackbuthedoesn'twanthackers (orwannabehackers)forcustomers.Hedoesn'twantacustomerwho'sgoingtobe attractingemailbombersandwaginghackerwaranddrawingcomplaintsfromthe sysadminsonwhomthisdeadlydudehasbeentestingexploitcode. Sowhatyoudoissaysomethinglike"Say,doyouoffershellaccounts?Ireally,reallylike tobrowsetheWebwithlynx.IhatewaitingfivehoursforallthoseprettypicturesandJava appletstoload.AndIliketodoemailwithPine.Fornewsgroups,Iluuuvtin!" StartoutlikethisandtheownerofthistinyISPmaysaysomethinglike,"Wow,dude,I knowwhatyoumean.IEandNetscapereallys***!Lynxuberalles!Whatusername wouldyoulike?" Atthispoint,asktheownerforaguestaccount.Asyouwilllearnbelow,someshell accountsaresorestrictedthattheyarealmostworthless. Butlet'ssayyoucan'tfindanyISPwithinreachofalocalphonecallthatwillgiveyoua shellaccount.Ortheonlyshellaccountyoucangetisworthless.Oryouarewellknownas amalicioushackerandyou'vebeenkickedoffeveryISPintown.Whatcanyoudo? YourbestoptionistogetanaccountonsomedistantISP,perhapseveninanother country.Also,thefewmediumsizeISPsthatoffershellaccounts(forexample,Netcom) mayevenhavealocaldialupnumberforyou.Butiftheydon'thavelocaldialups,youcan stillaccessashellaccountlocated*anywhere*intheworldbysettingupaPPPconnection withyourlocaldialupISP,andthenaccessingyourshellaccountusingatelnetprogramon yourhomecomputer. ************************************************* EvilGeniusTip:Sure,youcantelnetintoyourshellaccountfromanotherISPaccount.But unlessyouhavesoftwarethatallowsyoutosendyourpasswordinanencryptedform, someonemaysniffyourpasswordandbreakintoyouraccount.Ifyougettobewell knowninthehackerworld,lotsofotherhackerswillconstantlybemakingfunofyouby sniffingyourpassword.Unfortunately,almostallshellaccountsaresetupsoyoumust exposeyourpasswordtoanyonewhohashiddenasnifferanywherebetweentheISPthat providesyourPPPconnectionandyourshellaccountISP. Onesolutionistoinsistonashellaccountproviderthatrunsssh(secureshell). ************************************************** SowherecanyoufindtheseISPsthatwillgiveyoushellaccounts?Onegoodsourceis http://www.celestin.com/pocia/.ItprovideslinkstoInternetServiceProviderscategorized bygeographicregion.TheyevenhavelinkstoallowyoutosignupwithISPsservingthe LesserAntilles!
39/74
6/9/12
*********************************************** EvilGeniustip:Computercriminalsandmalicioushackerswilloftengetaguestaccount onadistantISPanddotheirdirtyworkduringthefewhoursthisguestaccountisavailable tothem.Sincethispracticeprovidestheopportunitytocausesomuchharm,eventuallyit maybecomereallyhardtogetatestrunonaguestaccount. *********************************************** Butifyouwanttofindagoodshellaccountthehackerway,here'swhatyoudo.Startwith alistofyourfavoritehackerWebsites.Forexample,let'stry http://ra.nilenet.com/~mjl/hacks/codez.htm. YoutakethebeginningpartoftheURL(UniformResourceLocator)asyourstartingpoint. Inthiscaseitis"http://ra.nilenet.com."TrysurfingtothatURL.Inmanycasesitwillbethe homepageforthatISP.Itshouldhaveinstructionsforhowtosignupforashellaccount. InthecaseofNileNetwestrikehackergold: DialupAccountsandPricing NEXUSAccounts NEXUSAccountsinclude:AccesstoaUNIXShell,full Internetaccess,Usenetnewsgroups,5mbofFTPand/or WWWstoragespace,andunlimitedtime. OneTimeActivationFee:$20.00 MonthlyServiceFee:$19.95or YearlyServiceFee:$199.95 Pluswhichtheymakeabigdealoverfreedomofonlinespeech.Andtheyhostagreat hackerpagefulloftheseGuidesto(mostly)HarmlessHacking! HowtoLogintoYourShellAccount Nowweassumeyoufinallyhaveaguestshellaccountandarereadytotestdriveit.So nowweneedtofigureouthowtologin.Nowallyouhackergeniusesreadingthis,why don'tyoujustforgettoflamemefortellingpeoplehowtodosomethingassimpleashow tologin.Pleaserememberthateveryonehasafirstlogin.IfyouhaveneverusedUnix,this firsttimecanbeintimidating.Inanycase,ifyouareaUnixgeniusyouhavenobusiness readingthisBeginners'Guide.Soifyouaresnoopingaroundherelookingforflamebait, sendyourflamesto/dev/null. *********************************************************** Newbienote:"Flames"areinsulting,obnoxiousrantingsandravingsdonebypeoplewho areseverelylackinginsocialskillsandareabunchof&$%@#!!butwhothinktheyare brilliantcomputersavants.Forexample,thisnewbienoteismyflameagainst&$%@#!! flamers. "/dev/null"standsfor"devicenull."ItisafilenameinaUnixoperatingsystem.Anydata thatissentto/dev/nullisdiscarded.Sowhensomeonesaystheywillputsomethingin "/dev/null"thatmeanstheyaresendingitintopermanentoblivion.
40/74
6/9/12
*********************************************************** Thefirstthingyouneedtoknowinordertogetintoyourshellaccountisyourusername andpassword.YouneedtogetthatinformationfromtheISPthathasjustsignedyouup. ThesecondthingyouneedtorememberisthatUnixis"casesensitive."Thatmeansifyour loginnameis"JoeSchmoe"theshellwillthink"joeschmoe"isadifferentpersonthan "JoeSchmoe"or"JOESCHMOE." OK,soyouhavejustconnectedtoyourshellaccountforthefirsttime.Youmayseeall sortsofdifferentstuffonthatfirstscreen.Buttheonethingyouwillalwaysseeisthe prompt: login: Hereyouwilltypeinyourusername. Inresponseyouwillalwaysbeasked: Password: Hereyoutypeinyourpassword. Afterthisyouwillgetsomesortofaprompt.Itmaybeasimpleas: % or $ or > Orascomplicatedas: sleepy:~$ Oritmayevenbesomesortofcomplicatedmenuwhereyouhavetochoosea"shell" optionbeforeyougettotheshellprompt. Oritmaybeasimpleas: # ********************************************************** Newbienote:Theprompt"#"usuallymeansyouhavethesuperuserpowersofa"root" account.TheUnixsuperuserhasthepowertodo*anything*tothecomputer.Butyou won'tseethispromptunlesseitherthesystemsadministratorhasbeenreallycarelessor someoneisplayingajokeonyou.Sometimesahackerthinksheorshehasbrokenintothe
41/74
6/9/12
superuseraccountbecauseofseeingthe"#"prompt.Butsometimesthisisjustatrickthe sysadminisplaying.Sothehackergoesplayingaroundinwhatheorshethinksistheroot accountwhilethesysadminandhisfriendsandthepolicearealllaughingatthehacker. ********************************************************** Readytostarthackingfromyourshellaccount?Watchout,itmaybesocrippledthatitis worthlessforhacking.Or,itmaybeprettygood,butyoumightinadvertentlydosomething togetyoukickedoff.Toavoidthesefates,besuretoreadBeginners'Series#3Part2of HowtoGeta*Good*ShellAccount,comingouttomorrow. InthatGTMHHsectionyouwilllearnhowto: exploreyourshellaccount decidewhetheryourshellaccountisanygoodforhacking keepfromlosingyourshellaccount IncaseyouwerewonderingaboutalltheinputfromjerichointhisGuide,yes,hewas quitehelpfulinreviewingitandmakingsuggestions.Jerichoisasecurityconsultantruns hisownInternethost,obscure.sekurity.org.Thankyou,jericho@dimensional.com,and happyhacking! _________________________________________________________ Subscribetoourdiscussionlistbyemailingtohacker@techbroker.comwithmessage "subscribe" WanttosharesomekewlstuphwiththeHappyHackerlist?Correctmistakes?Sendyour messagestohacker@techbroker.com.Tosendmeconfidentialemail(please,no discussionsofillegalactivities)usecmeinel@techbroker.comandbesuretostateinyour messagethatyouwantmetokeepthisconfidential.Ifyouwishyourmessageposted anonymously,pleasesayso!Directflamestodev/null@techbroker.com.Happyhacking! Copyright1997CarolynP.Meinel.YoumayforwardorpostthisGUIDETO(mostly) HARMLESSHACKINGonyourWebsiteaslongasyouleavethisnoticeattheend. ________________________________________________________ ___________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'Series#3Part2 HowtoGeta*Good*ShellAccount ____________________________________________________________ ____________________________________________________________ Inthissectionyouwilllearn: howtoexploreyourshellaccount
42/74
6/9/12
TenMeinelHallofFameShellAccountExplorationTools howtodecidewhetheryourshellaccountisanygoodforhacking TenMeinelHallofFameLANandInternetExplorationTools MeinelHallofInfamyTopFiveWaystoGetKickedoutofYourShellAccount ____________________________________________________________ HowtoExploreYourShellAccount Soyou'reinyourshellaccount.You'vetriedthe"lsalF"commandandareprettysurethis really,trulyisashellaccount.Whatdoyoudonext? Agoodplacetostartistofindoutwhatkindofshellyouhave.Therearemanyshells,each ofwhichhasslightlydifferentwaysofworking.Todothis,atyourpromptgivethe command"echo$SHELL."Besuretotypeinthesamelowercaseanduppercaseletters. Ifyouweretogivethecommand"ECHO$shell,"forexample,thiscommandwon'twork. Ifyougettheresponse: /bin/sh ThatmeansyouhavetheBourneshell. Ifyouget: /bin/bash ThenyouareintheBourneAgain(bash)shell. Ifyouget: /bin/ksh YouhavetheKornshell. Ifthe"echo$SHELL"commanddoesn'twork,trythecommand"echo$shell," rememberingtouselowercasefor"shell."Thiswilllikelygetyoutheanswer: /bin/csh ThismeansyouhavetheCshell. Whyisitimportanttoknowwhichshellyouhave?Forrightnow,you'llwantashellthatis easytouse.Forexample,whenyoumakeamistakeintyping,it'snicetohitthebackspace keyandnotsee^H^H^Honyourscreen.Later,though,forrunningthosesuperhacker exploits,theCshellmaybebetterforyou. Fortunately,youmaynotbestuckwithwhatevershellyouhavewhenyoulogin.Ifyour shellaccountisanygood,youwillhaveachoiceofshells.
43/74
6/9/12
Trustme,ifyouareabeginner,youwillfindbashtobetheeasiestshelltouse.Youmay beabletogetthebashshellbysimplytypingtheword"bash"attheprompt.Ifthisdoesn't work,asktechsupportatyourISPforashellaccountsetuptousebash.Agreatbookon usingthebashshellis_LearningtheBashShell_,byCameronNewhamandBill Rosenblatt,publishedbyO'Reilly. Ifyouwanttofindoutwhatothershellsyouhavetherighttouse,try"csh"togettheC shell"ksh"togettheKornshell,"sh"forBourneshell,"tcsh"fortheTcshshell,and"zsh" fortheZshshell.Ifyoudon'thaveoneofthem,whenyougivethecommandtogetinto thatshellyouwillgetbacktheanswer"commandnotfound." Nowthatyouhavechosenyourshell,thenextthingistoexplore.SeewhatrichesyourISP hasallowedyoutouse.Forthatyouwillwanttolearn,andImean*reallylearn*your mostimportantUnixcommandsandauxiliaryprograms.BecauseIamsupremearbiterof whatgoesintotheseGuides,Igettodecidewhatthemostimportantcommandsare.Hmm, "ten"soundslikeafamousnumber.Soyou'regoingtogetthe: TenMeinelHallofFameShellAccountExplorationTools 1)man<commandname> ThismagiccommandbringsuptheonlineUnixmanual.Useitoneachofthecommands below,today!Wonderwhatallthemancommandoptionsare?Trythe"mank"option. 2)ls Listsfiles.Jerichosuggests"Getpeopleinthehabitofusing"lsalF".Thiswillcomeinto playdown theroadforsecurityconscioususers."You'llseeahugelistoffilesthatyoucan'tseewith the"ls"commandalone,andlotsofdetails.Ifyouseesuchalonglistoffilesthatthey scrollofftheterminalscreen,onewaytosolvetheproblemistouse"lsalF|more." 3)pwd Showswhatdirectoryyouarein. 4)cd<directory> Changesdirectories.Kewldirectoriestocheckoutinclude/usr,/binand/etc.Forlaughs, jerichosuggestsexploringin/tmp. 5)more<filename> Thisshowsthecontentsoftextfiles.Alsoyoumightbeabletofind"less"and"cat"which aresimilarcommands. 6)whereis<programname> Thinktheremightbeaniftyprogramhiddensomewhere?Maybeagameyoulove?This willfinditforyou.Similarcommandsare"find"and"locate."Trythemallforextrafun. 7)vi Aneditingprogram.You'llneedittomakeyourownfilesandwhenyoustart programmingwhileinyourshellaccount.Youcanuseittowriteareallyluridfilefor peopletoreadwhentheyfingeryou.Ortry"emacs."It'sanothereditingprogramand
44/74
6/9/12
IMHOmorefunthanvi.Othereditingprogramsyoumayfindinclude"ed"(anancient editingprogramwhichIhaveusedtowritethousandsoflinesofFortran77code),"ex," "fmt,""gmacs,""gnuemacs,"and"pico." 8)grep Extractsinformationfromfiles,especiallyusefulforseeingwhat'sinsyslogandshelllog files.Similarcommandsare"egrep,""fgrep,"and"look." 9)chmod<filename> Changefilepermissions. 10)rm<filename> Deletefile.Ifyouhavethiscommandyoushouldalsofind"cp"forcopyfile,and"mv"for movefile. HowtoTellWhetherYourShellAccountIsanyGoodforHacking Alas,notallshellaccountsarecreatedequal.YourISPmayhavedecidedtocrippleyour buddinghackercareerbyforbiddingyouraccesstoimportanttools.Butyouabsolutely musthaveaccesstothetoptentoolslistedabove.Inaddition,youwillneedtoolsto explorebothyourISP'slocalareanetwork(LAN)andtheInternet.Sointhespiritofbeing SupremeArbiterofHaxorKewl,herearemy: TenMeinelHallofFameLANandInternetExplorationTools 1)telnet<hostname><portnumberorname> Ifyourshellaccountwon'tletyoutelnetintoanyportyouwanteitheronitsLANorthe Internet,youaretotallycrippledasahacker.DumpyourISPnow! 2)who ShowsyouwhoelseiscurrentlyloggedinonyourISP'sLAN.Othergoodcommandsto exploretheotherusersonyourLANare"w,""rwho,""users." 3)netstat AllsortsofstatisticsonyourLAN,includingallInternetconnections.Forrealfun,try "netstatr"toseethekernelroutingtable.However,jerichowarns"Becareful.Iwas teachingafriendthebasicsofsummingupaUnixsystemandItoldhertodothatand 'ifconfig'.Shewasbootedoffthesystem thenextdayfor'hackersuspicion'eventhoughbotharelegitimatecommandsforusers." 4)whois<hostname> GetlotsofinformationonInternethostsoutsideyouLAN. 5)nslookup GetawholebunchmoreinformationonotherInternethosts. 6)dig
45/74
6/9/12
EvenmoreinfoonotherInternethosts.Nslookupanddigarenotredundant.Trytogeta shellaccountthatletsyouuseboth. 7)finger NotonlycanyouusefingerinsideyourLAN.Itwillsometimesgetyouvaluable informationaboutusersonotherInternethosts. 8)ping Findoutifadistantcomputerisaliveandrundiagnostictestsorjustplainbeameanie andclobberpeoplewithpings.(Istronglyadvise*against*usingpingtoannoyorharm others.) 9)traceroute Kindoflikepingwithattitude.MapsInternetconnections,revealsroutersandboxes runningfirewalls. 10)ftp Useittouploadanddownloadfilestoandfromothercomputers. Ifyouhaveallthesetools,you'reingreatshapetobeginyourhackingcareer.Staywith yourISP.Treatitwell. Onceyougetyourshellaccount,youwillprobablywanttosupplementthe"man" commandwithagoodUnixbook.Jerichorecommends_UnixinaNutshell_publishedby O'Reilly."ItistheultimateUnixcommandreference,andonlycosts10bucks.O'Reilly r00lz." HowtoKeepfromLosingYourShellAccount Sonowyouhaveahacker'sdream,anaccountonapowerfulcomputerrunningUnix. Howdoyoukeepthisdreamaccount?Ifyouareahacker,thatisnotsoeasy.Theproblem isthatyouhavenorighttokeepthataccount.Youcanbekickedoffforsuspicionofbeing abadguy,orevenifyoubecomeinconvenient,atthewhimoftheowners. MeinelHall'OInfamy TopFiveWaystoGetKickedoutofYourShellAccount 1)AbusingYourISP Let'ssayyouarereadingBugtraqandyouseesomecodeforanewwaytobreakintoa computer.Pantingwithexcitement,yourunemacsandpasteinthecode.Youfixupthe purposelycrippledstuffsomeoneputintokeeptotalidiotsfromrunningit.Youtweakit untilitrunsunderyourflavorofUnix.Youcompileandruntheprogramagainstyourown ISP.Itworks!Youarelookingatthat"#"promptandjumpingupanddownyelling"Igot root!Igotroot!"Youhavelostyourhackervirginity,youbrilliantdude,you!Only,next timeyougotologin,yourpassworddoesn'twork.YouhavebeenbootedoffyourISP. NEVER,NEVERABUSEYOURISP! ********************************************************* Youcangotojailwarning:Ofcourse,ifyouwanttobreakintoanothercomputer,you
46/74
6/9/12
musthavethepermissionoftheowner.Otherwiseyouarebreakingthelaw. ********************************************************* 2)PingAbuse. AnothertemptationistousethepowerfulInternetconnectionofyourshellaccount(usually aT1orT3)topingthecrapoutofthepeopleyoudon'tlike.Thisisespeciallycommonon InternetRelayChat.ThinkingofICBMingornukingthatdork?Resistthetemptationto abusepingoranyotherInternetControlMessageProtocolattacks.Usepingonlyasa diagnostictool,OK?Please?Orelse! 3)ExcessivePortSurfing Portsurfingistelnettingtoaspecificportonanothercomputer.UsuallyyouareOKifyou justbrieflyvisitanothercomputerviatelnet,anddon'tgoanyfurtherthanwhatthatport offerstothecasualvisitor.Butifyoukeeponprobingandplayingwithanothercomputer, thesysadminatthetargetcomputerwillprobablyemailyoursysadminrecordsofyourlittle visits.(Theserecordsofportvisitsarestoredin"messages,"andsometimesin"syslog" dependingontheconfigurationofyourtargetcomputerandassumingitisaUnix system.) Evenifnoonecomplainsaboutyou,somesysadminshabituallychecktheshelllogfiles thatkeeparecordofeverythingyouoranyotheruseronthesystemhasbeendoingintheir shells.Ifyoursysadminseesapatternofexcessiveattentiontooneorafewcomputers,he orshemayassumeyouareplottingabreakin.Boom,yourpasswordisdead. 4)RunningSuspiciousPrograms Ifyourunaprogramwhoseprimaryuseisasatooltocommitcomputercrime,youare likelytogetkickedoffyourISP.Forexample,manyISPshaveamonitoringsystemthat detectstheuseoftheprogramSATAN.RunSATANfromyourshellaccountandyouare history. ********************************************************** Newbienote:SATANstandsforSecurityAdministrationToolforAnalyzingNetworks.It basicallyworksbytelnettingtooneportafteranotherofthevictimcomputer.Itdetermines whatprogram(daemon)isrunningoneachport,andfiguresoutwhetherthatdaemonhasa vulnerabilitythatcanbeusedtobreakintothatcomputer.SATANcanbeusedbya sysadmintofigureouthowtomakehisorhercomputersafe.Oritmaybejustaseasily usedbyacomputercriminaltobreakintosomeoneelse'scomputer. *********************************************************** 5)StoringSuspiciousPrograms It'snicetothinkthattheownersofyourISPmindtheirownbusiness.Buttheydon't.They snoopinthedirectoriesoftheirusers.Theylaughatyouremail.OK,maybetheyarereally highmindedandresistthetemptationtosnoopinyouremail.Butchancesarehighthat theywillsnoopinyourshelllogfilesthatrecordeverykeystrokeyoumakewhileinyour shellaccount.Iftheydon'tlikewhattheysee,nexttheywillbeprowlingyourprogram files.
47/74
6/9/12
Onesolutiontothisproblemistogiveyourevilhackertoolsinnocuousnames.For example,youcouldrenameSATANtoANGEL.Butyoursysdaminmaytryrunningyour programstoseewhattheydo.Ifanyofyourprogramsturnouttobecommonlyusedto commitcomputercrimes,youarehistory. Wait,wait,youaresaying.WhygetashellaccountifIcangetkickedoutevenforlegal, innocuoushacking?Afterall,SATANislegaltouse.Infact,youcanlearnlotsofneat stuffwithSATAN.Mosthackertools,eveniftheyareprimarilyusedtocommitcrimes,are alsoeducational.Certainlyifyouwanttobecomeasysadminsomedayyouwillneedto learnhowtheseprogramswork. Sigh,youmayaswelllearnthetruth.Shellaccountsarekindoflikehackertraining wheels.TheyareOKforbeginnerstuff.Buttobecomeaserioushacker,youeitherneedto findanISPrunbyhackerswhowillacceptyouandletyoudoallsortsofsuspiciousthings rightundertheirnose.Yeah,sure.OryoucaninstallsomeformofUnixonyourhome computer.Butthat'sanotherGuideto(mostly)HarmlessHacking(Vol.2Number2: Linux!). IfyouhaveUnixonyourhomecomputeranduseaPPPconnectiontogetintotheInternet, yourISPismuchlesslikelytosnooponyou.Ortrymakingfriendswithyoursysadmin andexplainingwhatyouaredoing.Whoknows,youmayendupworkingforyourISP! Inthemeantime,youcanuseyourshellaccounttopracticejustaboutanythingUnixythat won'tmakeyoursysadmingoballistic. ************************************************************ WouldyoulikeashellaccountthatrunsindustrialstrengthLinuxwithnocommands censored?Wanttobeabletolookattheroutertables,portsurfall.net,andkeepSATANin yourhomedirectorywithoutgettingkickedoutforsuspicionofhacking?Doyouwantto beabletotelnetinonssh(secureshell)sonoonecansniffyourpassword?Areyouwilling topay$30permonthforunlimitedaccesstothishackerplayground?Howaboutaseven dayfreetrialaccount?Emailhaxorshell@techbroker.comfordetails. ************************************************************ IncaseyouwerewonderingaboutalltheinputfromjerichointhisGuide,yes,hewas quitehelpfulinreviewingthisandmakingsuggestions.Jerichoisasecurityconsultantand alsorunshisownInternethost,obscure.sekurity.org.Thankyou, jericho@dimensional.com,andhappyhacking! _________________________________________________________ Subscribetoourdiscussionlistbyemailingtohacker@techbroker.comwithmessage "subscribe" WanttosharesomekewlstuphwiththeHappyHackerlist?Correctmistakes?Sendyour messagestohacker@techbroker.com.Tosendmeconfidentialemail(please,no discussionsofillegalactivities)usecmeinel@techbroker.comandbesuretostateinyour messagethatyouwantmetokeepthisconfidential.Ifyouwishyourmessageposted anonymously,pleasesayso!Directflamestodev/null@techbroker.com.Happyhacking! Copyright1997CarolynP.Meinel.YoumayforwardorpostthisGUIDETO(mostly)
48/74
6/9/12
HARMLESSHACKINGonyourWebsiteaslongasyouleavethisnoticeattheend. ________________________________________________________ ___________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'SeriesNumber4 HowtousetheWebtolookupinformationonhacking. ThisGTMHHmaybeusefuleventoUberhackers(oh,no,flamealert!) ____________________________________________________________ Wanttobecomereally,reallyunpopular?Tryaskingyourhackerfriendstoomany questionsofthewrongsort. But,but,howdoweknowwhatarethewrongquestionstoask?OK,Isympathizewith yourproblemsbecauseIgetflamedalot,too.That'spartlybecauseIsincerelybelievein askingdumbquestions.Imakemylivingaskingdumbquestions.Peoplepaymelotsof moneytogotoconferences,callpeopleonthephoneandhangoutonUsenetnewsgroups askingdumbquestionssoIcanfindoutstuffforthem.And,guesswhat,sometimesthe dumbestquestionsgetyouthebestanswers.Sothat'swhyyoudon'tseemeflamingpeople whoaskdumbquestions. ******************************************************** Newbienote:Haveyoubeentooafraidtoaskthedumbquestion,"Whatisaflame?"Now yougettofindout!Itisabunchofobnoxiousrantingsandravingsmadeinemailora Usenetpostbysomeidiotwhothinksheorsheisprovinghisorhermentalsuperiority throughuseoffouland/orimpolitelanguagesuchas"yousufferfromrectocranial inversion,"f***y***,d****,b****,andofcourse@#$%^&*!Thisnewbienoteismy flameagainstthoseflamerstowhomIamsoooosuperior. ******************************************************** Buteventhoughdumbquestionscanbegoodtoask,youmaynotliketheflamesthey bringdownonyou.So,ifyouwanttoavoidflames,howdoyoufindoutanswersfor yourself? ThisGuidecoversonewaytofindouthackinginformationwithouthavingtoaskpeople questions:bysurfingtheWeb.Theotherwayistobuylotsandlotsofcomputermanuals, butthatcostsalotofmoney.Also,insomepartsoftheworlditisdifficulttogetmanuals. Fortunately,however,almostanythingyouwanttolearnaboutcomputersand communicationsisavailableforfreesomewhereontheWeb. First,let'sconsidertheWebsearchengines.SomejusthelpyousearchtheWebitself.But othersenableyoutosearchUsenetnewsgroupsthathavebeenarchivedformanyyears back.Also,thebesthackeremaillistsarearchivedontheWeb,aswell. TherearetwomajorconsiderationsinusingWebsearchengines.Oneiswhatsearch enginetouse,andtheotheristhesearchtacticsthemselves.
49/74
6/9/12
IhaveusedmanyWebsearchengines.ButeventuallyIcametotheconclusionthatfor seriousresearch,youonlyneedtwo:Alavista(http://altavista.digital.com)andDejanews (http://www.dejanews.com).AltavistaisthebestfortheWeb,whileDejanewsisthebest oneforsearchingUsenetnewsgroups.But,ifyoudon'twanttotakemeatmyword,you maysurfovertoasitewithlinkstoalmostalltheWebandNewsgroupsearchenginesat http://sgk.tiac.net/search/. Butjusthowdoyouefficientlyusethesesearchengines?Ifyouaskthemtofind"hacker" oreven"howtohack,"youwillgetbazillionsofWebsitesandnewsgrouppoststoread. OK,soyoupainfullysurfthroughonehackerWebsiteafteranother.Yougetportentous soundingorganmusic,skullswithredrollingeyes,animatedfiresburning,andeachsite haslinkstoothersiteswithpretentiousmusicandungrammaticalboastingsabout"Iam 31337,d00dz!!!Iamso*&&^%$goodathackingyoushouldbowdownandkissmy $%^&&*!"Butsomehowtheydon'tseemtohaveanyactualinformation.Hey,welcome tothewannabehackerworld! Youneedtofigureoutsomewordsthathelpthesearchengineofyourchoicegetmore usefulresults.Forexample,let'ssayyouwanttofindoutwhetherI,theSupremeR00lerof theHappyHackerworld,amanelitehackerchickormerelysomeposer.Nowtheluser approachwouldtosimplygotohttp://www.dejanews.comanddoasearchofUsenetnews groupsfor"CarolynMeinel,"beingsuretoclickthe"old"buttontobringupstufffrom yearsback.Butifyoudothat,yougetthishugelonglistofposts,mostofwhichhave nothingtodowithhacking: CDMAvsGSMcarolynmeinel<cmeinel@unm.edu>1995/11/17 Re:OctoberElNinoSouthernOscillationinfogonthier@usgs.gov(GerardJ.Gonthier) 1995/11/20 Re:InternicWarsMrGlucroft@psu.edu(TheReaver)1995/11/30 shirkahn@earthlink.net(ChristopherProctor)1995/12/16 Re:LyndonLaRouchewhoishe?lness@ucs.indiana.edu(lesterjohnness)1996/01/06 UBColorIndexobservationdatacmeinel@nmia.com(CarolynP.Meinel)1996/05/13 Re:MarsFraud?Historyofonescientistinvolvedgksmiley@aol.com(GKSmiley) 1996/08/11 Re:MarsLifeAnnouncement:NOFraudIssuetwitch@hub.ofthe.net1996/08/12 HackersHelperEZinewantedrcortes@tuna.hooked.net(RaulCortes)1996/12/06 CarolynMeinel,SooooooperGeniusnobody@cypherpunks.ca(JohnAnonymous MacDonald,aremailernode)1996/12/12 Anyhow,thislistgoesonandonandon. Butifyouspecify"CarolynMeinelhacker"andclick"all"insteadof"any"onthe
50/74
6/9/12
"Boolean"button,yougetalistthatstartswith: Media:"UnamailerdeliversChristmasgrief"Mannella@ipifidpt.difi.unipi.it(Riccardo Mannella)1996/12/30CuDigest,#8.93,Tue31Dec96CuDigest (tk0jut2@mvs.cso.niu.edu) <TK0JUT2@MVS.CSO.NIU.EDU>1996/12/31 RealAudiointerviewwithHappyHackerbmcw@redbud.mv.com(BrianS.McWilliams) 1997/01/08 Etc. Thiswayallthosepostsaboutmyboringlifeintheworldofsciencedon'tshowup,justthe juicyhackerstuff. NowsupposeallyouwanttoseeisflamesaboutwhataterriblehackerIam.Youcould bringthosetothetopofthelistbyadding(withthe"all"buttonstillon)"flame"or"f***" or"b****"beingcarefultospelloutthosebadwordsinsteadfubarringthemwith****s. Forexample,asearchon"CarolynMeinelhackerflame"withBoolean"all"turnsuponly onepost.ThisimportanttomesaystheHappyHackerlistisadireexampleofwhat happenswhenusprudishmoderatortypescensornaughtywordsandinanediatribes. ****************************************** Newbienote:"Boolean"ismathterm.OntheDejanewssearchenginetheyfiguretheuser doesn'thaveaclueofwhat"Boolean"meanssotheygiveyouachoiceof"any"or"all" andthenlabelit"Boolean"soyoufeelstupidifyoudon'tunderstandit.Butinreal Booleanalgebrawecanusetheoperators"and""or"and"not"onwordsearches(orany searchesofsets)."And"meansyouwouldhaveasearchthatturnsuponlyitemsthathave "all"thetermsyouspecify"or"meansyouwouldhaveasearchthatturnsup"any"ofthe terms.The"not"operatorwouldexcludeitemsthatincludedthe"not"termevenifthey haveanyoralloftheothersearchterms.AltavistahasrealBooleanalgebraunderits "advanced""searchoption. ****************************************** Butlet'sforgetallthoseWebsearchenginesforaminute.Inmyhumbleyetoldfashioned opinion,thebestwaytosearchtheWebistouseitexactlythewayitsinventor,Tim BernersLee,intended.Youstartatagoodspotandthenfollowthelinkstorelatedsites. Imaginethat! Here'sanotherofmyoldfogietips.IfyouwanttoreallywhizaroundtheWeb,andifyou haveashellaccount,youcandoitwiththeprogramlynx.Attheprompt,justtype"lynx followedbytheURLyouwanttovisit.Becauselynxonlyshowstext,youdon'thaveto wastetimewaitingfortheorganmusic,animatedskullsandpornographicJPEGstoload. Sowherearegoodplacestostart?SimplysurfovertotheWebsiteslistedattheendofthis Guide.NotonlydotheycarryarchivesoftheseGuides,theycarryalotofothervaluable informationforthenewbiehacker,aswellaslinkstootherqualitysites.Myfavoritesare http://www.cs.utexas.edu/users/matt/hh.htmlandhttp://www.silitoad.org
51/74
6/9/12
Warning:parentaldiscretionadvised.You'llseesomeothergreatstartingpointselsewhere inthisGuide,too. Next,consideroneofthemostcommonquestionsIget:"HowdoIbreakintoa computer?????:(:(" Askthisofsomeonewhoisn'tasuperniceelderlyladylikemeandyouwillgetatruly rudereaction.Here'swhy.Theworldisfullofmanykindsofcomputersrunningmany kindsofsoftwareonmanykindsofnetworks.Howyoubreakintoacomputerdependson allthesethings.Soyouneedtothoroughlystudyacomputersystembeforeyouaneven thinkaboutplanningastrategytobreakintoit.That'sonereasonbreakingintocomputersis widelyregardedasthepinnacleofhacking.Soifyoudon'trealizeeventhismuch,you needtodolotsandlotsofhomeworkbeforeyoucanevendreamofbreakinginto computers. But,OK,I'llstophidingthesecretsofuniversalcomputerbreakingandentry.Checkout: Bugtraqarchives:http://geekgirl.com/bugtraq NTBugtraqarchives:http://ntbugtraq.rc.on.ca/index.html *************************************************** Youcangotojailwarning:Ifyouwanttotakeupthesportofbreakingintocomputers, youshouldeitherdoitwithyourowncomputer,orelsegetthepermissionoftheownerif youwanttobreakintosomeoneelse'scomputer.Otherwiseyouareviolatingthelaw.In theUS,ifyoubreakintoacomputerthatisacrossastatelinefromwhereyoulaunchyour attack,youarecommittingaFederalfelony.Ifyoucrossnationalboundariestohack, rememberthatmostnationshavetreatiesthatallowthemtoextraditecriminalsfromeach others'countries. *************************************************** Waitjustaminute,ifyousurfovertothosesiteyouwon'tinstantlybecomean Ubercracker.UnlessyoualreadyareanexcellentprogrammerandknowledgeableinUnix orWindowsNT,youwilldiscovertheinformationatthesetwositeswill*NOT*instantly grantyouaccesstoanyvictimcomputeryoumaychoose.It'snotthateasy.Youaregoing tohavetolearnhowtoprogram.Learnatleastoneoperatingsysteminsideandout. Ofcoursesomepeopletaketheshortcutintohacking.Theygettheirphriendstogivethem abunchofcannedbreakinprograms.Thentheytrythemononecomputerafteranother untiltheystumbleintorootandaccidentallydeletesystemfiles.Thetheygetbustedandrun totheElectronicFreedomFoundationandwhineabouthowtheFedsarepersecutingthem. Soareyouserious?Doyou*really*wanttobeahackerbadlyenoughtolearnan operatingsysteminsideandout?Doyou*really*wanttopopulateyourdreaminghours witharcanecommunicationsprotocoltopics?Theoldfashioned,andsuperexpensiveway istobuyandstudylotsofmanuals.<Geekmodeon>Look,I'marealbelieverinmanuals. Ispendabout$200permonthonthem.Ireadtheminthebathroom,whilesittingintraffic jams,andwhilewaitingfordoctor'sappointments.ButifI'matmydesk,Iprefertoread manualsandothertechnicaldocumentsfromtheWeb.Besides,theWebstuffisfree! <Geekmodeoff>
52/74
6/9/12
ThemostfantasticWebresourcefortheaspiringgeek,er,hacker,istheRFCs.RFCstands for"RequestforComment."Nowthissoundslikenothingmorethanadiscussiongroup. ButactuallyRFCsarethedefinitivedocumentsthattellyouhowtheInternetworks.The funnyname"RFC"comesfromancienthistorywhenlotsofpeoplewerediscussinghow thehecktomakethatARPAnetthingywork.ButnowadaysRFCmeans"GospelTruth aboutHowtheInternetWorks"insteadof"HeyGuys,Let'sTalkthisStuffOver." ******************************************************** Newbienote:ARPAnetwastheUSAdvancedResearchProjectsAgencyexperiment launchedin1969thatevolvedintotheInternet.WhenyoureadRFCsyouwilloftenfind referencestoARPAnetandARPAorsometimesDARPA.That"D"standsfor "defense."DARPA/ARPAkeepsongettingitsnamechangedbetweenthesetwo.For example,whenBillClintonbecameUSPresidentin1993,hechangedDARPAbackto ARPAbecause"defense"isaBadThing.Thenin1996theUSCongresspassedalaw changingitbacktoDARPAbecause"defense"isaGoodThing. ******************************************************** NowideallyyoushouldsimplyreadandmemorizealltheRFCs.Buttherearezillionsof RFCsandsomeofusneedtotaketimeouttoeatandsleep.Sothoseofuswithout photographicmemoriesandgobsoffreetimeneedtobeselectiveaboutwhatweread.So howdowefindanRFCthatwillanswerwhateverisourlatestdumbquestion? OnegoodstartingplaceisacompletelistofallRFCsandtheirtitlesat ftp://ftp.tstt.net.tt/pub/inet/rfc/rfcindex.Althoughthisisanftp(filetransferprotocol)site, youcanaccessitwithyourWebbrowser. Or,howabouttheRFConRFCs!That'sright,RFC825is"intendedtoclarifythestatusof RFCsandtoprovidesomeguidancefortheauthorsofRFCsinthefuture.Itisinasensea specificationforRFCs."TofindthisRFC,orinfactanyRFCforwhichyouhaveits number,justgotoAltavistaandsearchfor"RFC825"orwhateverthenumberis.Besure toputitinquotesjustlikethisexampleinordertogetthebestresults. Whoa,theseRFCscanbeprettyhardtounderstand!Heck,howdoweevenknowwhich RFCtoreadtogetananswertoourquestions?Guesswhat,thereissolution,afascinating groupofRFCscalled"FYIs"Ratherthanspecifyinganything,FYIssimplyhelpexplain theotherRFCs.HowdoyougetFYIs?Easy!IjustsurfedovertotheRFConFYIs(1150) andlearnedthat: FYIscanbeobtainedviaFTPfromNIC.DDN.MIL,withthepathnameFYI:mm.TXT, orRFC:RFCnnnn.TXT(where"mm"referstothenumberoftheFYIand"nnnn"refersto thenumberoftheRFC).LoginwithFTP,usernameANONYMOUSandpassword GUEST.TheNICalsoprovidesanautomaticmailserviceforthosesiteswhichcannotuse FTP.AddresstherequesttoSERVICE@NIC.DDN.MILandinthesubjectfieldofthe messageindicatetheFYIorRFCnumber,asin"Subject:FYImm"or"Subject:RFC nnnn". ButevenbetterthanthisisanorganizedsetofRFCshyperlinkedtogetherontheWebat http://www.FreeSoft.org/Connected/.Ican'tevenbegintoexplaintoyouhowwonderful
53/74
6/9/12
thissiteis.Youjusthavetotryityourself.Admittedlyitdoesn'tcontainalltheRFCs.Butit hasatutorialandanewbiefriendlysetoflinksthroughthemostimportantRFCs. Lastbutnotleast,youcancheckouttwositesthatofferawealthoftechnicalinformation oncomputersecurity: http://csrc.nist.gov/secpubs/rainbow/ http://GANDALF.ISU.EDU/security/security.htmlsecuritylibrary Ihopethisisenoughinformationtokeepyoubusystudyingforthenextfiveortenyears. Butpleasekeepthisinmind.Sometimesit'snoteasytofiguresomethingoutjustby readinghugeamountsoftechnicalinformation.Sometimesitcansaveyoualotofgriefjust toaskaquestion.Evenadumbquestion.Hey,howwouldyouliketocheckouttheWeb siteforthoseofuswhomakeourlivingaskingpeopledumbquestions?Surfoverto http://www.scip.org.That'sthehomepageoftheSocietyofCompetitiveInformation Professionals,thehomeorganizationforfolkslikeme.So,goahead,makesomeone'sday. Havephunaskingthosedumbquestions.Justremembertofireproofyourphoneand computerfirst! ____________________________________________________________ Subscribetoourdiscussionlistbyemailingtohacker@techbroker.comwithmessage "subscribe" WanttosharesomekewlstuphwiththeHappyHackerlist?Correctmistakes?Sendyour messagestohacker@techbroker.com.Tosendmeconfidentialemail(please,no discussionsofillegalactivities)usecmeinel@techbroker.comandbesuretostateinyour messagethatyouwantmetokeepthisconfidential.Ifyouwishyourmessageposted anonymously,pleasesayso!Directflamestodev/null@techbroker.com.Happyhacking! Copyright1997CarolynP.Meinel.YoumayforwardorpostthisGUIDETO(mostly) HARMLESSHACKINGonyourWebsiteaslongasyouleavethisnoticeattheend. ________________________________________________________ ____________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'SeriesNumber5 Computerhacking.Wherediditbeginandhowdiditgrow? ____________________________________________________________ Ifyouwonderwhatitwaslikeindaysofyore,ten,twenty,thirtyyearsago,howabout lettingandoldladytellyouthewayitusedtobe. Whereshallwestart?SeventeenyearsagoandtheWorldScienceFictionConventionin Boston,Massachusetts?BackthentheWorldConsweretheclosestthingwehadtohacker conventions. Picture1980.TedNelsonisrunningaroundwithhisXanaduguys:RogerGregory,H.
54/74
6/9/12
KeithHenson(nowwagingwaragainsttheScientologists)andK.EricDrexler,laterto buildtheForesightInstitute.TheydreamofcreatingwhatistobecometheWorldWide Web.Nowadaysguysathackerconsmightdresslikevampires.In1980theywear identicalblackbaseballcapswithsilverwingsandtheslogan:"Xanadu:wingsofthe mind."OthersatWorldConareabitmoreunderground:doingdope,sellingmassages, blueboxingthephonelines.Thehotelstaffhastoclosetheswimmingpoolinordertohalt thesexorgies. Oh,butthisishardlythedawnofhacking.Let'slookattheBostonareayetanother seventeenyearsfurtherback,theearly60s.MITstudentsarewarringforcontrolofthe school'smainframecomputers.Theyusemachinelanguageprogramsthateachstriveto deleteallotherprogramsandseizecontrolofthecentralprocessingunit.Backthenthere werenopersonalcomputers. In1965,TedNelson,latertobecomeleaderofthesilverwingheadedXanadugangatthe 1980Worldcon,firstcoinstheword"hypertext"todescribewhatwillsomedaybecomethe WorldWideWeb.NelsonlaterspreadsthegospelinhisbookLiteracyOnline.Theback covershowsaSupermantypefigureflyingandtheslogan"Youcanandmustlearntouse computersnow." Butin1965thecomputeriswidelyfearedasasourceofOrwellianpowers.Yes,asin GeorgeOrwell'sominousnovel,"1984,"thatpredictedafutureinwhichtechnology wouldsquashallhumanfreedom.FewarelisteningtoNelson.Fewseethewaveoffree spiritedanarchythehackercultureisalreadyunleashing.ButLSDguruTimothyLeary's daughterSusanbeginstostudycomputerprogramming. Around1966,RobertMorrisSr.,thefutureNSAchiefscientist,decidestomutatethese earlyhackerwarsintothefirst"safehacking"environment.Heandthetwofriendswho codeitcalltheirgame"Darwin."Later"Darwin"becomes"CoreWar,"afreeform computergameplayedtothisdaybysomeoftheuberestofuberhackers. Let'sjumpto1968andthescentofteargas.Wow,lookatthoserockshurlingthroughthe windowsofthecomputersciencebuildingattheUniversityofIllinoisatUrbana Champaign!Outsideare60santiwarprotesters.Theirenemy,theybelieve,arethecampus' ARPAfundedcomputers.Insidearenerdzhighoncaffeineandnitrousoxide.Underthe directionoftheyoungRogerJohnson,theygangtogetherfourCDC6400sandlinkthem to1024dumbvectorgraphicsterminals.Thisbecomesthefirstrealizationofcyberspace: Plato. 1969turnsouttobethemostportentfilledyearyetforhacking. InthatyeartheDefenseDepartment'sAdvancedResearchProjectsAgencyfundsa secondprojecttohookupfourmainframecomputerssoresearcherscansharetheir resources.Thissystemdoesn'tboastthevectorgraphicsofthePlatosystem.Itsterminals justshowASCIIcharacters:lettersandnumbers.Boring,huh? ButthisARPAnetiseminentlyhackable.Withinayear,itsusershacktogetheranewway toshiptextfilesaround.Theycalltheirunauthorized,unplannedinvention"email."
55/74
6/9/12
ARPAnethasdevelopedalifeindependentofitscreators.It'sastorythatwilllaterrepeat itselfinmanyforms.Noonecancontrolcyberspace.Theycan'tevencontrolitwhenitis justfourcomputersbig. Alsoin1969JohnGoltzteamsupwithamoneymantofoundCompuserveusingthenew packetswitchedtechnologybeingpioneeredbyARPAnet.Alsoin1969weseea remarkablebirthatBellLabsasKenThompsoninventsanewoperatingsystem:Unix.Itis tobecomethegoldstandardofhackingandtheInternet,theoperatingsystemwiththe powertoformmiraclesofcomputerlegerdemain. In1971,AbbieHoffmanandtheYippiesfoundthefirsthacker/phreakermagazine, YIPL/TAP(YouthInternationalPartyTechnicalAssistanceProgram).YIPL/TAP essentiallyinventsphreakingthesportofplayingwithphonesystemsinwaystheowners neverintended.TheyaremotivatedbytheBellTelephonemonopolywithitshighlong distancerates,andaheftytaxthatHoffmanandmanyothersrefusetopayastheirprotest againsttheVietnamWar.Whatbetterwaytopaynophonetaxesthantopaynophonebill atall? Blueboxesburstontothescene.Theiroscillatorsautomatethewhistlingsoundsthathad alreadyenabledpeoplelikeCaptainCrunch(JohnDraper)tobecomethepiratecaptainsof theBellTelephonemegamonopoly.Suddenlyphreakersareabletoactuallymakemoneyat theirhobby.HansandGribblepeddleblueboxesontheStanfordcampus. InJune1972,theradicalleftmagazineRamparts,inthearticle"RegulatingthePhone CompanyInYourHome"publishestheschematicsforavariantontheblueboxknownas the"mutebox."ThisarticleviolatesCalifornianStatePenalCodesection502.7,which outlawsthesellingof"plansorinstructionsforanyinstrument,apparatus,ordevice intendedtoavoidtelephonetollcharges."Californiapolice,aidedbyPacificBellofficials, seizecopiesofthemagazinefromnewsstandsandthemagazine'soffices.Thefinancial stressleadsquicklytobankruptcy. AstheVietnamWarwindsdown,thefirstflightsimulatorprogramsinhistoryunfoldon thePlatonetwork.Computergraphics,almostunheardofinthatday,aredisplayedby touchsensitivevectorgraphicsterminals.CyberpilotsallovertheUSpickouttheircrafts: Phantoms,MIGs,F104s,theX15,SopwithCamels.Virtualpilotsflyoutofdigital airportsandtrytoshooteachotherdownandbombeachothers'airports.Whileflyinga Phantom,Iseeachatmessageonthebottomofmyscreen."I'mabouttoshootyoudown." Oh,no,aMIGonmytail.Idiveandturnhopingtogetmytormentorintomysights.The screengoesblack.Myterminaldisplaysthemessage"Youjustpulled37Gs.Younow lookmorelikeapizzathanahumanbeingasyouslowlyfluttertoEarth." OnedaytheStarshipEnterprisebargesinonoursimulator,shootseveryonedownand vanishesbackintocyberspace.Platohasbeenhacked!Evenin1973multiusergame playershavetoworryaboutgetting"smurfed"!(Whenahackerbreaksintoamultiuser gameontheInternetandkillsplayerswithtechniquesthatarenotrulesofthegame,thisis called"smurfing.") 1975.Ohblessedyear!UnderaAirForcecontract,inthecityofAlbuquerque,New
56/74
6/9/12
Mexico,theAltairisborn.Altair.Thefirstmicrocomputer.BillGateswritestheoperating system.ThenBill'smompersuadeshimtomovetoRedmond,CAwhereshehassome moneymenwhowanttoseewhatthisoperatingsystembusinessisallabout. RememberHansandGribble?TheyjointheHomeBrewComputerclubandchoose Motorolamicroprocessorstobuildtheirown.Theybeginsellingtheircomputers,which theybrandnametheApple,undertheirrealnamesofSteveWozniakandSteveJobs.A computerreligionisborn. ThegreatApple/Microsoftbattleisjoined.Ushackerssuddenlyhaveboxesthatbeatthe heckoutofTektronixterminals. In1978,WardChristensonandRandySuesscreatethefirstpersonalcomputerbulletin boardsystem.Soon,linkedbynothingmorethanthelongdistancetelephonenetworkand thesebulletinboardnodes,hackerscreateanew,privatecyberspace.Phreakingbecomes moreimportantthanevertoconnecttodistantBBSs. Alsoin1978,TheSourceandCompuservecomputernetworksbothbegintocaterto individualusers."NakedLady"runsrampantonCompuserve.Thefirstcybercafe,Planet Earth,opensinWashington,DC.X.25networksreignsupreme. ThenthereisthegreatARPAnetmutationof1980.InagiantleapitmovesfromNetwork ControlProtocoltoTransmissionControlProtocol/InternetProtocol(TCP/IP).Now ARPAnetisnolongerlimitedto256computersitcanspantensofmillionsofhosts! ThustheInternetisconceivedwithinthewomboftheDoD'sARPAnet.Theframework thatwouldsomedayunitehackersaroundtheworldwasnow,eversoquietly,growing. Platofades,foreverlimitedto1024terminals. FamedsciencefictionauthorJerryPournellediscoversARPAnet.Soonhisfansare swarmingtofindexcusesorwhatevertogetontoARPAnet.ARPAnet'sadministrators aresurprisinglyeasygoingaboutgrantingaccounts,especiallytopeopleintheacademic world. ARPAnetisapaininthereartouse,anddoesn'ttransmitvisualsoffighterplanesmixingit up.ButunliketheglitzyPlato,ARPAnetisreallyhackableandnowhaswhatittakesto grow.Unlikethenetworkofhackerbulletinboards,peopledon'tneedtochoosebetween expensivelongdistancephonecallsorphreakingtomaketheirconnections.It'salllocal andit'sallfree. Thatsameyear,1980,the"414Gang"israided.Phreakingismorehazardousthanever. Intheearly80shackerslovetopullpranks.JoeCollegesitsdownathisdumbterminalto theUniversityDEC10anddecidestopokearoundthecampusnetwork.Here'sStarTrek! Here'sAdventure!Zork!Hmm,what'sthisprogramcalledSex?Herunsit.Amessage popsup:"Warning:playingwithsexishazardous.Areyousureyouwanttoplay?Y/N" Whocanresist?Withthat"Y"thescreenburstsintoadisplayofASCIIcharacters,thenup comesthemessage:"Proceedingtodeleteallfilesinthisaccount."Joeisweeping,cursing, jumpingupanddown.Hegivesthelistfilescommand.Nothing!Zilch!Nada!Herunsto
57/74
6/9/12
thesysadmin.Theylogbackintohisaccountbuthisfilesareallstillthere.Aprank. In1983hackersarealmostallharmlesspranksters,folkswhokeeptheirdistancefromthe guyswhobreakthelaw.MITs"Jargonfile"defineshackerasmerely"apersonwho enjoyslearningaboutcomputersystemsandhowtostretchtheircapabilitiesapersonwho programsenthusiasticallyandenjoysdedicatingagreatdealoftimewithcomputers." 1983theIBMPersonalComputerentersthestagepoweredbyBillGates'MSDOS operatingsystem.TheempireoftheCP/Moperatingsystemfalls.Withinthenexttwo yearsessentiallyallmicrocomputeroperatingsystemsexceptMSDOSandthoseoffered byApplewillbedead,andathousandSiliconValleyfortunesshipwrecked.TheAmiga hangsonbyathread.Pricesplunge,andsoonallselfrespectinghackersowntheirown computers.Sneakingaroundcollegelabsatnightfadesfromthescene. In1984EmmanuelGoldsteinlaunches2600:TheHackerQuarterlyandtheLegionof Doomhackergangforms.CongresspassestheComprehensiveCrimeControlActgiving theUSSecretServicejurisdictionovercomputerfraud.FredCohen,atCarnegieMelon UniversitywriteshisPhDthesisonthebrandnew,neverheardofthingcalledcomputer viruses. 1984.Itwastobetheyear,thoughtmillionsofOrwellfans,thatthegovernmentwould finallygetitshandsonenoughhightechnologytobecomeBigBrother.Instead,science fictionauthorWilliamGibson,writingNeuromanceronamanualtypewriter,coinstheterm andpaintsthepictureof"cyberspace.""Casewasthebest...whoeverraninEarth's computermatrix.Thenhedoublecrossedthewrongpeople..." In1984thefirstUSpolice"sting"bulletinboardsystemsappear. Since1985,Phrack hasbeenprovidingthehackercommunitywithinformationonoperatingsystems, networking technologies,andtelephony,aswellasrelayingothertopicsofinteresttotheinternational computer underground. The80sarethewardialerera.DespiteARPAnetandtheX.25networks,thevastmajority ofcomputerscanonlybeaccessedbydiscoveringtheirindividualphonelines.Thusoneof themosttreasuredprizesofthe80shackerisaphonenumbertosomemysterycomputer. Computersofthiseramightberunninganyofdozensofarcaneoperatingsystemsand usingmanycommunicationsprotocols.Manualsforthesesystemsareoftensecret.The hackersceneoperatesonthementorprinciple.Unlessyoucanfindsomeonewhowill inductyouintotheinnercircleofahackergangthathasaccumulateddocumentssalvaged fromdumpstersorstoleninburglaries,youarewaybehindthepack.KevinPoulsonmakes anameforhimselfthroughmanydaringburglariesofPacificBell. Despitethesebarriers,by1988hackinghasenteredthebigtime.Accordingtoalistof hackergroupscompiledbytheeditorsofPhrackonAugust8,1988,theUShosts hundredsofthem.
58/74
6/9/12
TheSecretServicecovertlyvideotapesthe1988SummerConconvention. In1988RobertTappanMorris,sonofNSAchiefscientistRobertMorrisSr.,writesan exploitthatwillforeverbeknownastheMorrisWorm.Itusesacombinationoffingerand sendmailexploitstobreakintoacomputer,copyitselfandthensendcopyaftercopyonto othercomputers.Morris,withlittlecomprehensionofthepowerofthisexponential replication,releasesitontotheInternet.Soonvulnerablecomputersarefilledtotheirdigital gillswithwormsandcloggingcommunicationslinksastheysendcopiesofthewormsout tohuntothercomputers.TheyoungInternet,thenonlyafewthousandcomputersstrong, crashes.Morrisisarrested,butgetsoffwithprobation. 1990isthenextpivotalyearfortheInternet,assignificantas1980andthelaunchof TCP/IP.InspiredbyNelson'sXanadu,TimBernersLeeoftheEuropeanLaboratoryfor ParticlePhysics(CERN)conceivesofanewwaytoimplementhypertext.Hecallsitthe WorldWideWeb.In1991hequietlyunleashesitontheworld.Cyberspacewillneverbe thesame.Nelson'sXanadu,likePlato,likeCP/M,fades. 1990isalsoayearofunprecedentednumbersofhackerraidsandarrests.TheUSSecret ServiceandNewYorkStatePoliceraidPhiberOptik,AcidPhreak,andScorpioninNew YorkCity,andarrestTerminus,Prophet,Leftist,andUrvile. TheChicagoTaskForcearrestsKnightLightningandraidsRobertIzenberg,Mentor,and ErikBloodaxe.ItraidsbothRichardAndrews'homeandbusiness.TheUSSecretService andArizonaOrganizedCrimeandRacketeeringBureauconductOperationSundevilraids inCincinnatti,Detroit,LosAngeles,Miami,Newark,Phoenix,Pittsburgh,Richmond, Tucson,SanDiego,SanJose,andSanFrancisco.Afamousunreasonableraidthatyear wastheChicagoTaskForceinvasionofSteveJacksonGames,Inc. June1990MitchKaporandJohnPerryBarlowreacttotheexcessesofalltheseraidsto foundtheElectronicFrontierFoundation.Itsinitialpurposeistoprotecthackers.They succeedingettinglawenforcementtobackoffthehackercommunity. In1993,MarcAndreessonandEricBinaoftheNationalCenterforSupercomputing ApplicationsreleaseMosaic,thefirstWWWbrowserthatcanshowgraphics.Finally,after thefadeoutofthePlatooftwentyyearspast,wehavedecentgraphics!Thistime, however,thesegraphicsareheretostay.SoontheWebbecomesthenumberonewaythat hackersboastandspreadthecodesfortheirexploits.Bulletinboards,withtheirtightlyheld secrets,fadefromthescene. In1993,thefirstDefConinvadesLasVegas.Theeraofhackerconsmovesintofull swingwiththeBeyondHopeseries,HoHoconandmore. 1996AlephOnetakesovertheBugtaqemaillistandturnsitintothefirstpublic"full disclosure"computersecuritylist.Forthefirsttimeinhistory,securityflawsthatcanbe usedtobreakintocomputersarebeingdiscussedopenlyandwiththecompleteexploit codes.BugtraqarchivesareplacedontheWeb. InAugust1996IstartmailingoutGuidesto(mostly)HarmlessHacking.Theyarefullof
59/74
6/9/12
simpleinstructionsdesignedtohelpnovicesunderstandhacking.Anumberofhackers comeforwardtohelprunwhatbecomestheHappyHackerDigest. 1996isalsotheyearwhendocumentationforrouters,operatingsystems,TCP/IPprotocols andmuch,muchmorebeginstoproliferateontheWeb.Theeraofdaringburglariesof technicalmanualsfades. Inearly1997thereadersofBugtraqbegintoteartheWindowsNToperatingsystemto shreds.Anewmaillist,NTBugtraq,islaunchedjusttohandlethehighvolumeofNT securityflawsdiscoveredbyitsreaders.SelfproclaimedhackersMudgeandWeldofThe L0pht,inatourdeforceofresearch,writeandreleaseapasswordcrackerforWinNTthat rockstheInternet.Manyinthecomputersecuritycommunityhavecomefarenoughalong bynowtorealizethatMudgeandWeldaredoingtheownersofNTnetworksagreat service. ThankstothewillingnessofhackerstosharetheirknowledgeontheWeb,andmaillists suchasBugtraq,NTBugtraqandHappyHacker,thedaysofpeoplehavingtobegtobe inductedintohackergangsinordertolearnhackingsecretsarenowfading. Wherenextwillthehackerworldevolve?Youholdtheanswertothatinyourhands. ________________________________________________________ TosubscribetoHappyHackerDigestsandreceivemoreoftheseGuidesto(mostly) HarmlessHacking,pleaseemailhacker@techbroker.comwithmessage"subscribehh"in thebodyofyourmessage.WanttosharesomekewlstuphwiththeHappyHackerlist? Correctmistakes?Sendyourmessagestohacker@techbroker.com.Tosendme confidentialemail(please,nodiscussionsofillegalactivities)usecmeinel@techbroker.com. Directflamestodev/null@techbroker.com.Happyhacking! Copyright1997CarolynP.Meinel.YoumayforwardorpostthisGUIDETO(mostly) HARMLESSHACKINGonyourWebsiteaslongasyouleavethisnoticeattheend. ________________________________________________________ __________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'SeriesNumber6 PGPforNewbies ____________________________________________________________ Doyoucringeattheideaofpeoplesnoopingonyouremailandthroughthe filesonyourcomputer?Encryptionistheonlywaytobeabsolutelycertain youcankeepyourprivatestuffreallyprivate.Evenifyouareanewbie, encryptioncanbesurprisinglyeasyifyouusethefreePGPprogram,the encryptiontechniquesopowerfulthatitisillegaltouseinsome countries!ThefollowingGTMHHwaswrittenbyKeydet89 <keydet89@yahoo.com>,soifyouwanttoaskquestions,emailhimandnotme!
60/74
6/9/12
(CarolynMeinel). ThisGuidewilltellyouabout: [Creatingyourownkeys] [Importingkeys] [Creatingagroupofkeys] [Makingyourpublickeypublic] [EncryptingFiles] [Encryptingyouremail] PGPisapersonalencryptionprogramthatyoucanuseto encryptfilesoremail. PGPis'PrettyGoodPrivacy',originallycreatedbyPhil Zimmerman.ThelongandshortofthestoryisthatPhil releasedhisencryptionprogramtothepublicandwas investigatedbythefederalgovernment.Assoonasthe investigationwasclosed,Philstartedacompanybasedon hisproduct,whichwaslaterpurchasedbyNetworkAssociates. YoucangetthefreewareversionofPGPfrom: http://www.nai.com/products/security/pgpfreeware.asp **Bepreparedforawait,asthisisapproximatelya5.5Mb file. Note:AlloftheexamplesusedinthisGuideareperformed usingPGPfreeware6.0.Thelinkaboveisforthisversion. ************************************************************ NEWBIENOTE:HowtousePGPwillbedescribed,butifyou wanttomakeitalittleeasiertouse,downloadtheEudora emailclientandinstallPGP'sEudoraplugin.Thetools fromPGPappearasiconsonthetoolbarinEudora,and encryptingordecryptinganemailisaseasyasselecting anicon. TogetEudorafreewaretousewithPGP,goto: http://www.eudora.com/products/ ************************************************************ OnceyouhavethePGPfreewareprogram,doubleclickonthe icontoinstallit.Justfollowtheinstructions,theyare verystraightforward,andtherearenotricksorsurprises alongtheway.Youwillhavetorebootyourcomputer,though, butwhenyoudo,PGPTrayshouldbeinyourStartupgroup,and therewillbealittlelockiconontheTaskBar. NOTE:ForthepurposesofthisGuide,PGP6.0wasinstalled
61/74
6/9/12
onNT4.0/SP3.However,thereshouldbenogreatdifference with95/98. Okay,onceyouhavePGPinstalled,youneedtocreateyourown keys.Butbeforewegetstartedonthat,let'sbrieflydescribe howallofthisworks... Briefly,theideaisthis...PGPgeneratesstrongcryptographic keys,apublicandaprivatekey.Youkeeptheprivatekey,and distributeyourpublickey...attachittoyouremailbyusinga signaturefile,postitonawebpage,whatever.Yougetyour friendspublickeysandimportthemintoPGPTools.Whenyouwant tosendanencryptedemail,youencrypttheemailusingthepublic keyofwhomeveryouaresendingitto...andonlythatpersonwill beabletodecryptitusingtheirprivatekey.Youcanalsosign thefilesandemailssothatwhomeverhasyourpublickeyintheir keyringwillknowthatthefileisfromyou,andnotsomeone pretendingtobeyou. [Creatingyourownkeys] Now,let'sgenerateakeypair.ClickStart>Programs>PGP> PGPKeys.Note:ThisassumesthatyouinstalledPGPusingthe defaultoptions.YouwillseelotsofkeysalreadyinthePGPKeys tool...thesearethekeysofthefolksatPGP,Inc,whichisnow partofNetworkAssociates.ScrolldownuntilyoufindPhil Zimmerman'skey...heisthecreatorofPGP. Tocreateyourownpair,chooseKeys>NewKey...andfollowthe instructions.ThesecondscreenoftheKeyGenerationWizardasks foryourfullnameandanemailaddress.Ifyouhaveoneofthe freeemailaccountsfromYahooorHotMail,youmaychoosetouse thatemailaddress.Thethirdscreenasksyoutopickhowlarge ofakeypairyouwishtogenerate...sincetheHappyHackerherself uses3072bits,we'llchoosethesamestrength. ************************************************************ NEWBIENOTE:Thesizeofthekeydeterminesitsstrength... thelargerthekey,theharderitistocrack. ************************************************************ Onthefourthscreen,choose'Keypairneverexpires'. Thefifthscreenasksforapassphrasetoprotectyourprivatekey. Choosesomethingthatisnotatalleasytoguess...andthenmixin numbers,capitalletters,andpunctuation.Afteryouconfirmyour passphraseandclick'Next',therewillbeawaycoolgraphic whilePGPgeneratesyourkeypair.
62/74
6/9/12
Next,sincewe'rejustsettingthisuponourownsystem,andnot connectingtoarootserver(aserverthatisusedbycompaniesto managelotsofkeys),donotcheckthe'Sendmykeytotheroot servernow'box. Younowhaveyourownkeypair!! [Importingkeys] Okay,nowwhat?Hhhmmm....let'slookatanexampleofhowto importkeys.Goto: http://koan.happyhacker.org/~satori/satori.asc Therearetwokeyblocksonthispage...looksliketwodifferent versionsofPGP.Great.Lookatthelargerone...nowhighlight it,includingthelinesthatcontain'BEGIN(END)PGPPUBLICKEY BLOCK'. NOTE:Weareonlygoingtoimportthelowerkeyblock.Donot includetheupperkeyblock...thesmalleronethatsays'Version 2.6.2'. Highlighttheentire'Version:PGPfreeware5.0i'block,and press'ctrlc'(ie,holddownthecontrolkey,andpressthe'c' key)orchooseEdit>Copyfromyourbrowser. MinimizethebrowserandopenPGPKeys. ChooseEdit>Paste,andyou'llseeSatori'skeyinthe dialogwindow.Theemailaddressusedis'satori@rt66.com'. Click'Import'.NowyouhaveSatori'spublickey,andyoucan encryptmessagestohim...andonlyhim. PGPshipswithtwopublickeyserversbuiltin.Toseethem, openPGPKeys,andchooseServer>Search.Thedropdownbox atthetopoftheSearchWindowwilllistanLDAPserverat PGP.COMandanHTTPconnectiontoMIT.EDU.Youcansearchfor keysbytypinginthenameoftheuseryouarelookingfor...I foundtheHappyHacker'spublickeyinamatterofseconds!I justclickedonherkey,anddraggedittomyPGPKeyswindow... Hint:Forthesearch,usetheUserIDof'CarolynMeinel'. [Creatingagroupofkeys] Nowlet'screateagroupofkeys.Whatthisdoesiskeepseveral keystogether,soifyouhaveseveralkeysfromfriendsandyou wanttoencryptafileforallofthem,youdon'thavetogoabout
63/74
6/9/12
encryptingthefileforeachperson. InPGPKeys,chooseGroups>NewGroup...,andenterthe informationaskedfor. ChooseGroups>ShowGroups,andalowerdialogwindowwillopen inPGPKeys,withthenameofthegroupyoujustcreated. Toaddkeystothegroup,highlightthekeyyouwanttoaddand click'ctrlc'tocopythekeystotheclipboard. Highlightthegroup,rightclickonittoopenthepopupmenu, andchoosePaste.Thekeyswillbepastedintothegroup. [Makingyourpublickeypublic] Thereareacoupleofwaystomakeyourpublickeyavailable. We'lldescribetwomethods...usingapublickeyserver,or savingthekeytoatextfilesothatsomeoneelsecanimport it. First,asstatedabove,PGPshipswithtwopublicservers...one atPGP.COM,theotheratMIT.Whenyouareconnectedtothe Internet,openPGPKeys,selectyourkeypair,andclickServer> Sendto,andchoosetheserveryouwanttosendyourpublickey to. Theothermethodistosaveyourpublickeytoafile.This filecanbesenttoyourfriends,orpastedintoyoursignature fileonyouremail.Tosaveyourpublickeytoafile: OpenPGPKeys,andselectyourkeypair. ClickKeys>Export,andafiledialogwillopen. Chooseafilename. Tosaveyourpublickeyintoadocumentthatalreadyexists, suchasasignaturefileforyouremail: Selectyourkeypair. ClickEdit>Copy(orhitctrlc). Movetothedocumentwhereyouwantthekeysaved,andchoose Edit>Pastefromthemenubarforthedocument(orhitctrlv). [EncryptingFiles] WARNING:Thenextexampleshowsyouhowtoencryptanddecrypt
64/74
6/9/12
yourfiles.ChooseafiletotrytheexampleonbutdoNOT tryitonasystemfileorotherimportantfile!! Wanttoencryptafileonyourmachine?Great,let'stryit. Openupanyfolder,andchooseanyfile.Rightclickonthe file,andgotoPGPinthepopupmenu.Choose'Encrypt',and chooseyourkeypairfromthedialogwindow.Now,clickonthe pair,anddragitintothelowerwindow.PGPwillencryptthe fileandyou'llseeanothericonpopup...anarmorplatewitha lockonit.Veryappropriate,ifyouthinkaboutit. Nowtodecryptthefile,makesurethatyou'vemovedordeleted theoriginalfile(makesurethatyouaren'tusingasystemor otherimportantfileforthisexample!!)anddoubleclickonthe encryptedfile.Enteryourpassphraseinthelowerdialogwindow, andBANG!,yourfileisdecrypted. Thisisagreatwaytoprotectyourfiles.Andit'sfree! Toencryptafileforthegroup,justfollowthesamestepsas above,butchoosethegroupnameinsteadofasinglekey. [Encryptingyouremail] Now,encryptingyouremail...ifyouareusingEudoraor(god forbid!!)Outlook,thenyoucouldhaveoptedtousethePGP pluginsforeitherofthem.However,ifyoudon'tuseeither ofthetwomailclients,theninordertoencryptyouremail, canchooseacoupleofoptions. First,usinganemailclientsuchasNetscape,youcaneasily encryptthefileasdescribedabove,andattachittotheemail. Anotheroptionistotypewhatyouwantintothemessageareaof theemail,andthenhighlightitandclick'ctrlc'tocopythe texttotheclipboard.ThenrightclickonthePGPTrayiconon theTaskBar(thelittlelock)andchoose'Encrypt&Sign Clipboard'.ThePGPKeyswindowwillopen,andyouneedtochoose towhomyouwishtoencryptthemessage.You'llbepromptedfor yourpassphrase,asthemessagewillbesigned,sothatyour friend(whohasyourpublickey)willknowthatit'sfromyou. Oncethetextontheclipboardisencrypted,gobacktotheemail (orfile)andhighlightthetextagain,andclick'ctrlv'(hold downthecontrolkeyandhit'v')andtheencryptedmessagewill bepastedintotheemailovertheoriginalmessage. ************************************************************ NEWBIENOTE:IfthePGPTrayiconisn'tonyourTaskBar,
65/74
6/9/12
checkyourStartupfolder.Ifit'snotintheStartupfolder, addashortcuttoPGPTray.exetothefolder. Ifatanytimeyouarehavingdifficultytryingtodoanything withyourkeys,simplyopentheHelpinPGP.Thehelpdocuments areverygood...theyareclear,descriptive,andconcise. ************************************************************ Here'smy(Keydet89)publickey: BEGINPGPPUBLICKEYBLOCK Version:PGPfreeware6.0fornoncommercialuse<http://www.pgp.com> mQGiBDYMk4YRBAD3QaP+/6SFBzkdZLc+iVlfRJ1q7F3axQOK3uAgEMQ41kyJVQju Ynn+ZnVG8qgPRnvD3DkapzmWpl/lgc+ezmA9Af6pezrFKEBP9NWZN8u53qXNKPxo CaIIikhoOcd+5YnrsezKvDN6ab8vWcYgrui3ecMu6AmAxnFAj+rCiQizvQCg/6V8 sYmhkBIqTbu8eMwZ/G7OXq8D/13LtUsoLB/Z9Wtza661GtZ/O9NLiA0qlJbDOkvf cv9k76KvzHCshvTwM/s9sqmc5EuB4cvNNILelW0wMcQrM+NBNNxtgGf/Q4+nh0kB 11GSOOijIEDFLSb2MIu3I1wDeFLiSD30F88MjpK517bhLIPY+xt5EtIBzFx6Xh27 23EFA/9IZkLzO7fwAtjljWCyw72e4sxXDPO5v1GFBG+TZF9DM+Zzbfext9Wkw5MW DMStICIaCYAsq5ywaQUrzPe2WJfeQqNbSOi9QULnri7dg0jBOxHHPkMDy4wxKqmu dS4txrCedXKWALKVnFfDy2bfrLZ9WYP2YIqta3QoYvg5Qkpy+LQdS2V5ZGV0ODkg PGtleWRldDg5QHlhaG9vLmNvbT6JAEsEEBECAAsFAjYMk4YECwMCAQAKCRA5IB4E SkfiCzxJAJ9I8COJS34TOJftyPXFLHz1qpAFiwCg8c9G3jZRv4ki5MjufpPDtnOQ 5zG5Aw0ENgyThhAMAMwdd1ckOErixPDojhNnl06SE2H22+slDhf99pj3yHx5sHId OHX79sFzxIMRJitDYMPj6NYK/aEoJguuqa6zZQ+iAFMBoHzWq6MSHvoPKs4fdIRP yvMX86RA6dfSd7ZCLQI2wSbLaF6dfJgJCo1+Le3kXXn11JJPmxiO/CqnS3wy9kJX twh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xk hkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58 yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4 DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/ POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlL IhkmuquiXsNV6UwybwACAgv+PxYBW2jJR/SP7xiaZ0TZ8E1QsgyZfN0EBHb8oogw hpNmJzqjmTLWrPpTMRlHVkPxikunEnUIL1tBzrPGaz+CuUOhCFAVqXr/JwCF2ocQ Zus/rtucN7PPqvkC5IMYW04MvBGE4n/7pbNFelXZb790nkyOamVh0zqMokraQtfW mi4qQrlg0yEqiLt1JUvf/mdaSR2UdYiLMLg43oIPXmp608DjtUWXBU8nZuYLq60v dQde2dX82cOvlswR3/z43KGrhsklQwKZoPq1IkcP3pA9Jjqq3ltLXf5A74vFCetl JBoLUW0pCIuN1GcG4qAIeUusTuyX6QtO6pfvfYyNhyEF+ylJGyt93VSUssNF1wR/ UodXQ3NdtQAWYrNXTWwrXDN9Sm4rG/rHU/BPbd0VLC8PH8wraVluk/NzMrMdPGhj mnxeHcBRb0WtIA6hZt+rIJBsel7In6ayl0UbnZWFkp0AZshmh0DKBy46Tr4V2UYM NdjL9AemPh4kd64VmvJ2GHleiQBGBBgRAgAGBQI2DJOGAAoJEDkgHgRKR+IL3BwA oIkAAwmgpFp9CLq1SX4sPj871eekAKCag3rN+zsu1dh3lBJQ4lYw7TmtAg== =0E/c ENDPGPPUBLICKEYBLOCK ________________________________________________________ WherearethosebackissuesofGTMHHsandHappyHackerDigests?Checkout theofficialHappyHackerWebpageathttp://www.happyhacker.org.
66/74
6/9/12
Weareagainstcomputercrime.Wesupportgood,oldfashionedhackingofthe kindthatledtothecreationoftheInternetandaneweraoffreedomof information.Butwehatecomputercrime.Sodon'temailusaboutanycrimes youhavecommitted! TosubscribetoHappyHackerandreceivetheGuidesto(mostly)Harmless Hacking,pleaseemailhacker@techbroker.comwithmessage"subscribe happyhacker"inthebodyofyourmessage. Copyright1998keydet89.Youmayforward,printoutorpostthis GUIDETO(mostly)HARMLESSHACKINGonyourWebsiteaslongasyouleave thisnoticeattheend. _________________________________________________________ ____________________________________________________________ GUIDETO(mostly)HARMLESSHACKING Beginners'SeriesNumber7 TheExploitFiles ____________________________________________________________ bykeydet89@yahoo.comandCarolynMeinel Howmanytimeshaveyoureadhackernewsgroupsoremaillistsandseenposts thatbegged"teachmetohack,"orasked"howdoIhackthis"?Itoften looksasthoughthepersonaskingthequestionjustdoesn'tunderstandthe basicsofvulnerabilitiesandtheirexploits.ThepurposeofthisGuideis toexplainwhatvulnerabilitiesandexploitsare,andhowtheyrelateto computersecurity. Let'sstartwithanexample.Supposethatyouaretryingtosellsomething byphone.Soyoustartbycallingphonenumbers,andyoukeepcallinguntil yougetsomeonetoanswer,notanansweringmachine,butarealliveperson. Thenifthepersonwhoanswersthephonespeaksthesamelanguageasyouand canunderstandyou,youtrytosellyourproduct.Lotsofpeoplewillhang uponyou,buteventually,someonewillbuysomething...bang!You'vescored! ***************************************************************** InthisGuideyouwilllearn: *Whatisavulnerability *Whatisanexploit *Howtolookforvulnerabilities ***************************************************************** Sowhatdoesthishavetodowith'hacking'?Lookatyourdialingofphone numbersasportscanningIP(Internetprotocol)addressesontheInternet. SomeInternethostcomputerswon'tanswer.Maybeafirewallisblockingthe portsthatyou'rescanning.Somehostswillanswer,andatthatpoint
67/74
6/9/12
maybe,justmaybe,you'vefoundavulnerablecomputer. ******************************************************************** Newbienote:Whatarethese'ports'wearetalkingabout?Thiskindof 'port'isanumberusedtoidentifyaserviceonanInternethost.For thisreasontheyareoftencalled'TCP/IP'(transfercontrol protocol/Internetprotocol)ports,todistinguishthemfromotherkindsof computerportssuchasmodems,portstoprinters,etc.Eachhostcomputer connectedtotheInternetisidentifiedbyanIPaddresssuchas 'victim.fooisp.com.'Sinceeachhostmayhavemanyservicesrunning,each serviceusesadifferentport.Tocontactanyoftheseportsacrossthe Internet,youusethehost'sIPaddressandportnumberit'skindoflike dialingaphonenumber. ******************************************************************** Nowmaybeyouhaveconnectedtotelnet,port23.Yougetaloginprompt, butyoudon'tknowanyvalidusername/passwordcombinations.Sothehost "hangsup"onyou.Aftermanyhoursoftrying,youconnecttoahostonthe rightport,andShazam!!You'regreetedwithaloginprompt,andyouquickly guessavalidusernameandpasswordcombination.Thenextthingyouknow, youhaveacommandprompt.Youhavediscoveredavulnerabilityaneasily guessedpassword!Sobeingthe'whitehathacker'thatyouare,yousendan emailtothesysadminofthesiteandleavequietly. ***************************************************************** Newbienote:A'host'isacomputerconnectedtotheInternet.A'service' isaprogramthatisrunningonaportofanInternethost.Eachserviceis aprogramthatwillrespondtocertaincommands.Ifyougiveittheright command,youwillgetittodosomethingforyou. Thesimplestexampleofaserviceis'chargen',orcharactergenerator(port 19).Ifyoumakeatelnetconnectiononthechargenporttoaserverrunning thechargenservice,thisprogramwillreacttothisconnectionbysendinga stringofcharacterswhichyouwillseebeingrepeatedacrossyourtelnet screen.Allyouneedtodoisconnecttotheservice. Anotherexampleofaserviceisfinger(port79).Ifyourunafinger programtorequestinformationonaparticularuserfromaspecifichost, andthefingerservice(or'fingerd')isrunning,andiftheuserhasnot instructedthefingerservicetoignorerequestsabouthimorher,youwill getbackinformationonthatuser. ***************************************************************** Whatservicesarerunfromtheseports,andhowcanwelearnmoreabout them?Portsnumberedfrom1to1024arecalledthe'wellknown'ports. ThesearelistedinRFC1700(see http://www.internetnorth.com.au/keith/networking/rfc.html).Manyofthe wellknownportsarealsolistedinafileonyourcomputercalled
68/74
6/9/12
'services'.OnWin95,it'sc:\windows\servicesonNT,it's c:\winnt\system32\drivers\etc\servicesonmanyUnixtypecomputers(your shellaccount)it's/etc/services. Theseportsarecalled'wellknown'becausetheyarecommonlyusedby certainservices.Forexample,thewellknownportforsendingemailisthe SMTPport,orport25.Becauseitis'wellknown',anyonecansendemailto anyoneelse.Becauseport110isthewellknownportforcheckingemail, allemailclientsknowthattheyhavetoconnecttoaPOPserveronport110 inordertoretrieveemail. AnexcellentFAQ(frequentlyaskedquestions)onTCP/IPportscanbefound athttp://www.technotronic.com/tcpudp.html ************************************************************* Youcangetpunchedinthenosewarning:Therearemanyportscanning tools,andwannabehackersusethem...alot.Butforwhatpurpose?In mostcasesallthathappensisthatasysadminorfirewalladministrator goesthroughthelogsthatcomputerkeepsofwhohastriedtohackthat site.Heorshethendecideswhethertoignoreyourscanorcallthe sysadminofthesitethatyourscancamefrom.Eventhough(intheUSat least)portscanningislegal,itmakessystemsadministratorsreallymadat you!ToavoidgettingkickedoffyourInternetprovider,getpermissionto scanfirst! ************************************************************* WhatIsaVulnerability? A'vulnerability'isanythingaboutacomputersystemthatwillallow someonetoeitherkeepitfromoperatingcorrectly,orthatwilllet unauthorizedpeopletakeitover.Therearemanytypesofvulnerabilities. Theymaybeamisconfigurationinthesetupofaservice,oraflawinthe programmingoftheservice. Anexampleofasetupmisconfigurationisleavingthe'wiz'or'debug' commandsoperationalinolderversionsofsendmail,orincorrectlysetting directorypermissionsonyourFTPserversopeoplecandownloadthepassword file.Inthesecases,thevulnerabilityisnothowtheprogramwaswritten, butwithhowtheprogramisconfigured.Allowingfilesharingonyour Windows95or98computerwhenitisnotnecessary,orfailingtoputa passwordonfilesharing,isanotherexample. Examplesoferrorsintheprogrammingofservicesarethelargenumberof bufferoverflowvulnerabilitiesintheprogramsthatrunservicesonportof Internethostcomputers.Manyofthesebufferoverflowproblemsallow peopletousetheInternettobreakintoandtakecontrolofhostcomputers (checkout"SmashingtheStack",byAlephOne,at: http://www.happyhacker.org/docs/smash.txt).
69/74
6/9/12
WhatIsanExploit? An'exploit'isaprogramortechniquethattakesadvantageofa vulnerability.Forexample,theFTPBouncevulnerabilityoccurswhenanFTP server(usedtoallowpeopletouploadanddownloadfiles)isconfiguredto redirectFTPconnectionstoothercomputers.Therereallyisnogoodreason toallowthisfeature.Ithasbecomeavulnerabilitybecausethis'bounce' featureallowssomeonetouseittoportscanothercomputersonthesame localareanetwork(LAN)asthatFTPserver.Soeventhoughafirewallmay bekeepingportscannersformdirectlyscanningothercomputersonthisLAN, theFTPserverwouldbounceascanpastthefirewall. Soreallyanexploitisanytechniquethattakesadvantageofa vulnerabilitytoenableyoutocarryoutyourownschemes,despitethe wishesofthesysadminofyourtarget.Exploitsdependonoperatingsystems andtheirconfigurations,theconfigurationsofprogramsrunningoncomputer systems,andoftheLANtheyareon. OperatingsystemssuchasNT,VMSandUnixareverydifferent,andthe variousversionsofUnixhavetheirdifferences,aswell.(ExamplesofUnix operatingsystemsincludeBSD,AIX,SCO,Irix,SunOS,Solaris,andLinux). EventhevariousversionsoftheLinuxformofUnixaredifferent. ThismeansexploitsthatwillworkagainstNTsystemswillprobablynotwork againstUnixsystems,andexploitsforUnixsystemswillprobablynotwork againstNT.NTservicesarerunbydifferentprogramsfromwhatyoumayfind onUnixtypecomputers.Further,differentversionsofthesameservice runningonanyparticularoperatingsystemwillprobablynotbevulnerable tothesameexploit,becauseeachversionofaserviceisrunbya differentprogram.Sometimesthisdifferentprogrammayhavethesamename butonlyhaveadifferentversionnumber.Forexamplesendmail8.9.1ais differentfrom8.8.2.Manyofthedifferencesarethat8.9.1ahasbeen fixedsothatnoneoftheoldsendmailexploitprogramswillworkonit. Forexample,the"Leshka"exploitexplainedintheGTMHHonadvancedshell programmingclearlyexplainsthatitonlyworksonversions8.78.8.2ofthe SMTPserviceprogramcalled'sendmail.'Weobservedanumberofpeoplewho wereplayingthehackerwargametryingtoruntheLeshkaexploitagainsta later,fixedversionofsendmail. Soremember,anexploitforoneoperatingsystemorserviceisunlikelyto workagainstanotheroperatingsystem.Thisisn'ttosaythatitdefinitely won't...it'sjustnotlikely.However,youareprettymuchguaranteedthat anyWin95orNTexploitwillnotworkagainstanykindofUnix. HowtoLookforVulnerabilities Nowlet'sstartsomeplacewhereyouareunlikelytogetpunchedinthenose
70/74
6/9/12
bylookingatsomeportsonyourowncomputer.Youcandothisbytyping 'netstata'atthecommandprompt. Youshouldseesomethingsuchas: ActiveConnections ProtoLocalAddressForeignAddressState TCPlocalhost:10270.0.0.0:0LISTENING TCPlocalhost:1350.0.0.0:0LISTENING TCPlocalhost:1350.0.0.0:0LISTENING TCPlocalhost:10260.0.0.0:0LISTENING TCPlocalhost:1026localhost:1027ESTABLISHED TCPlocalhost:1027localhost:1026ESTABLISHED TCPlocalhost:1370.0.0.0:0LISTENING TCPlocalhost:1380.0.0.0:0LISTENING TCPlocalhost:nbsession0.0.0.0:0LISTENING UDPlocalhost:135*:* UDPlocalhost:nbname*:* UDPlocalhost:nbdatagram*:* Hhhmm...nothingmuchgoingonhere.The'LocalAddress'(ie,mylocal machine)seemtobelisteningonports135,137,138,and'nbsession'(which translatestoport139...type'netstatan'toseejusttheportnumbers, notthenamesoftheports).Thisisokay...thoseportsarepartof Microsoftnetworking,andneedtobeactiveontheLANmymachineis connectedto. NowweconnectourWebbrowsertohttp://www.happyhacker.organdatthesame timerunWindowstelnetandconnecttoashellaccountatexample.com. Let'sseewhathappens.Here'stheoutputofthe'netstata'command, slightlyabbreviated: ActiveConnections ProtoLocalAddressForeignAddressState TCPlocalhost:10270.0.0.0:0LISTENING TCPlocalhost:1350.0.0.0:0LISTENING TCPlocalhost:1350.0.0.0:0LISTENING TCPlocalhost:25080.0.0.0:0LISTENING TCPlocalhost:25090.0.0.0:0LISTENING TCPlocalhost:25100.0.0.0:0LISTENING TCPlocalhost:25110.0.0.0:0LISTENING TCPlocalhost:25140.0.0.0:0LISTENING TCPlocalhost:10260.0.0.0:0LISTENING TCPlocalhost:1026localhost:1027ESTABLISHED TCPlocalhost:1027localhost:1026ESTABLISHED TCPlocalhost:1370.0.0.0:0LISTENING
71/74
6/9/12
TCPlocalhost:1380.0.0.0:0LISTENING TCPlocalhost:1390.0.0.0:0LISTENING TCPlocalhost:2508zlliks.505.ORG:80ESTABLISHED TCPlocalhost:2509zlliks.505.ORG:80ESTABLISHED TCPlocalhost:2510zlliks.505.ORG:80ESTABLISHED TCPlocalhost:2511zlliks.505.ORG:80ESTABLISHED TCPlocalhost:2514example.com:telnetESTABLISHED Sowhatdoweseenow?Well,therearetheportslisteningforMicrosoft networking,justlikeinthefirstexample.Andtherealsoaresomenew portslisted.Fourareconnectedto'zlliks.505.org'onport80,andoneto 'example.com'onthetelnetport.Thesecorrespondtotheclient connectionsthatIsetup.See,thiswayyouknowthenameofthecomputer thatwasrunningthehappyHackerWebsiteatthistime. Butwhatiswiththereallyhighportnumbers?Well,rememberthe 'wellknown'portsthatwetalkedaboutabove?Clientapplications,suchas browsersandtelnetclients(clientsareprogramsthatconnecttoservers) needtouseaporttoreceivedataon,sotheyrandomlyselectportsfrom outsidethe'wellknown'portrange...above1024.Inthiscase,mybrowser hasopenedupfourports...2508through2511. Nowsupposeyouwanttoscanyourfriend'sports.Thisisthebestwayto scan,asyouwon'thavetoworryaboutyourfriendgettingyoukickedoff yourISPforsuspicionoftryingtobreakintocomputers.Howdoyouknow whatyourfriend'sIPaddressis?Askhimorhertorunthecommand(from theDOSprompt)'netstatr'.Thisshowssomethinglikethis: C:\WINDOWS>netstatr RouteTable ActiveRoutes: NetworkAddressNetmaskGatewayAddressInterfaceMetric 0.0.0.00.0.0.0198.59.999.200198.59.999.2001 127.0.0.0255.0.0.0127.0.0.1127.0.0.11 198.59.999.0255.255.255.0198.59.999.200198.59.999.2001 198.59.999.200255.255.255.255127.0.0.1127.0.0.11 198.59.999.255255.255.255.255198.59.999.200198.59.999.2001 224.0.0.0224.0.0.0198.59.999.200198.59.999.2001 255.255.255.255255.255.255.255198.59.999.2000.0.0.01 ActiveConnections ProtoLocalAddressForeignAddressState TCPlovelylady:1093mack.foo66.com:smtpESTABLISHED That'gatewayaddress'and'interface'bothgivethecurrentIPaddressof
72/74
6/9/12
yourcomputer.IfyouareonaLAN,thegatewayshouldbedifferentfrom yourowncomputer'sIPaddress.IfyouoryourfriendareonaLAN, however,youshouldthinktwicebeforeportscanningeachother,orthe LAN'ssysadminmaynoticeyouractivity.Warning,sysadminshavequitean arsenaloflartstouseonsuspiciousactingusers. ************************************************************ Newbienote:Lart?Whattheheckisalart?Itisa"luserattitude readjustmenttool."Thisisagenericclassoftechniquesusedbysysadmins topunishlusers.Whatisaluser?Awaywarduser.Togetasamplingof popularlarts,seehttp://mrjolly.cc.waikato.ac.nz.Youwantyoursysadmins tobeyourFRIENDS,right?Neverforgetthis! ************************************************************ Whataresomeofthevulnerabilitiestowin95andNT,youask?Check previousGTMHHsforthisinformation.Perhapsthemostimportantthingto rememberaboutWindowsisequaltorootinUnix),canrunaprogramthat usesanyportitwants,evenawellknownport.Thisvulnerabilityis demonstratedbyaprogramfromWeldPondofL0phtfamecalled'netcat'.The programcanbeobtainedfrom: http://www.l0pht.com/~weld/netcat Readthedocumentationthatshipswiththeprogram,ortheGuideson(a) win95andtelnetfrom: http://www.happyhacker.org/gtmhh.shtml or(b)NTsecurityfrom: http://www.infowar.com/hacker/hacker.htmlssi ...forinformationonusesofnetcat. Ofcourse,variousWindowsapplications,suchasInternetExplorer,have theirownvulnerabilities. Bynow,you'reprobablywonderingwhereyoucanlearnmoreaboutvarious vulnerabilitiesandexploitsforjustaboutanycomputeryoumightfindon theInternet.Hereisalistofsites: ISSXForce http://www.iss.net/xforce RootShell http://www.rootshell.com TechnoTronic http://www.technotronic.com
73/74
6/9/12
PacketStormSecuritySite http://www.Genocide2600.com/~tattooman/index.shtml Bugtraqarchives: http://www.netspace.org/lsvarchive/bugtraq.html NTBugTraq http://www.ntbugtraq.com AelitaSoftware http://www.ntsecurity.com **ThissitehastheRedButtonprogram,whichdemonstratesthecapabilityto connecttoanNTmachineviaanullsessionandretrieveregistry information.Thisisarelativelysimpleproblemtofix...seetheNT securityGuidesat:http://www.infowar.com/hacker/hacker.htmlssi NTSecurity http://www.ntsecurity.net ActiveMatrix'sHideAway http://www.hideaway.net/exploits.html CERT http://www.cert.org ________________________________________________________ WherearethosebackissuesofGTMHHsandHappyHackerDigests?Checkout theofficialHappyHackerWebpageathttp://www.happyhacker.org. Weareagainstcomputercrime.Wesupportgood,oldfashionedhackingofthe kindthatledtothecreationoftheInternetandaneweraoffreedomof information.Butwehatecomputercrime.Sodon'temailusaboutanycrimes youmayhavecommitted! TosubscribetoHappyHackerandreceivetheGuidesto(mostly)Harmless Hacking,pleaseemailhacker@techbroker.comwithmessage"subscribe happyhacker"inthebodyofyourmessage. Copyright1998keydet89andCarolynMeinel.Youmayforward,printoutor postthisGUIDETO(mostly)HARMLESSHACKINGonyourWebsiteaslongasyou leavethisnoticeattheend. _________________________________________________________
74/74

Guide To (Mostly) Harmless Hacking, Beginners' Series

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Guide To (Mostly) Harmless Hacking, Beginners' Series

Încărcat de

Drepturi de autor:

Formate disponibile

6/9/12

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series

Guide to (mostly) Harmless Hacking, Beginners' Series