Tired of reading all those “You could go to jail” notes in these guides? Who says those things are crimes?
Well, now you can get the first in a series of Guides to the gory details of exactly what laws we’re trying to
keep you from accidentally breaking, and who will bust you if you go ahead with the crime anyhow.
This Guide covers the two most important US Federal computer crime statutes: 18 USC, Chapter 47, Section
1029, and Section 1030, known as the “Computer Fraud and Abuse Act of 1986.”
Now these are not the *only* computer crime laws. It’s just that these are the two most important laws used
in US Federal Courts to put computer criminals behind bars.
COMPUTER CRIMES: HOW COMMON? HOW OFTEN ARE THEY REPORTED?
The FBI’s national Computer Crimes Squad estimates that between 85 and 97 percent of computer intrusions
are not even detected. In a recent test sponsored by the Department of Defense, the statistics were
startling. Attempts were made to attack a total of 8932 systems participating in the test. 7860 of those
systems were successfully penetrated. The management of only 390 of those 7860 systems detected the
attacks, and only 19 of the managers reported the attacks (Richard Power, -Current and Future Danger: A
CSI Primer on Computer Crime and Information Warfare_, Computer Security Institute, 1995.)
The reason so few attacks were reported was “mainly because organizations frequently fear their employees,
clients, and stockholders will lose faith in them if they admit that their computers have been attacked.”
Besides, of the computer crimes that *are* reported, few are ever solved.
SO, ARE HACKERS A BIG CAUSE OF COMPUTER DISASTERS?
According to the Computer Security Institute, these are the types of computer crime and other losses:
· Human errors - 55%
· Physical security problems - 20%(e.g., natural disasters, power problems)
· Insider attacks conducted for the purpose of profiting from computer crime - 10%
· Disgruntled employees seeking revenge - 9%
· Viruses - 4%
· Outsider attacks - 1-3%
So when you consider that many of the outsider attacks come from professional computer criminals -- many
of whom are employees of the competitors of the victims, hackers are responsible for almost no damage at all
to computers.
In fact, on the average, it has been our experience that hackers do far more good than harm.
Yes, we are saying that the recreational hacker who just likes to play around with other people’s computers
is not the guy to be afraid of. It’s far more likely to be some guy in a suit who is an employee of his victim.
But you would never know it from the media, would you?
OVERVIEW OF US FEDERAL LAWS
In general, a computer crime breaks federal laws when it falls into one of these categories:
· It involves the theft or compromise of national defense, foreign relations, atomic energy, or other restricted
information.
· It involves a computer owned by a U.S. government department or agency.
· It involves a bank or most other types of financial institutions.
· It involves interstate or foreign communications.
· it involves people or computers in other states or countries.
Of these offenses, the FBI ordinarily has jurisdiction over cases involving national security, terrorism,
banking, and organized crime. The U.S. Secret Service has jurisdiction whenever the Treasury Department is
victimized or whenever computers are attacked that are not under FBI or U.S. Secret Service jurisdiction
(e.g., in cases of password or access code theft). In certain federal cases, the customs Department, the
Commerce Department, or a military organization, such as the Air Force Office of Investigations, may have
jurisdiction.
In the United States, a number of federal laws protect against attacks on computers, misuse of passwords,
electronic invasions of privacy, and other transgressions. The Computer Fraud and Abuse Act of 1986 is
the main piece of legislation that governs most common computer crimes, although many other laws may be
used to prosecute different types of computer crime. The act amended Title 18 United States Code §1030. It
also complemented the Electronic Communications Privacy Act of 1986, which outlawed the unauthorized
interception of digital communications and had just recently been passed. The Computer Abuse
Amendments Act of 1994 expanded the 1986 Act to address the transmission of viruses and other harmful
code.
In addition to federal laws, most of the states have adopted their own computer crime laws. A number of
countries outside the United States have also passed legislation defining and prohibiting computer crime.
THE BIG NO NO’S -- THE TWO MOST IMPORTANT FEDERAL CRIME LAWS
As mentioned above, the two most important US federal computer crime laws are 18 USC: Chapter 47,
Sections 1029 and 1030.
SECTION 1029
Section 1029 prohibits fraud and related activity that is made possible by counterfeit access devices such as
PINs, credit cards, account numbers, and various types of electronic identifiers. The nine areas of criminal
activity covered by Section 1029 are listed below. All *require* that the offense involved interstate or
foreign commerce.
1. Producing, using, or trafficking in counterfeit access devices. (The offense must be committed knowingly
and with intent to defraud.)
Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15 years in prison, $100,000 and/or up to
20 years if repeat offense.
2. Using or obtaining unauthorized access devices to obtain anything of value totaling $1000 or more
during a one-year period. (The offense must be committed knowingly and with intent to defraud.)
Penalty: Fine of $10,000 or twice the value of the crime and/or up to 10 years in prison, $100,000 and/or up to
20 years if repeat offense.
3. Possessing 15 or more counterfeit or unauthorized access devices. (The offense must be committed
knowingly and with intent to defraud.)
Penalty: Fine of $10,000 or twice the value of the crime and/or up to 10 years in prison, $100,000 and/or up to
20 years if repeat offense.
4. Producing, trafficking in, or having device-making equipment. (The offense must be committed
knowingly and with intent to defraud.)
Penalty: Fine of $50,000 or twice the value of the of the crime and/or up to 15 years in prison, $1,000,000
and/or up to 20 years if repeat offense.
5. Effecting transactions with access devices issued to another person in order to receive payment or
anything of value totaling $1000 or more during a one-year period. (The offense must be committed
knowingly and with intent to defraud.)
Penalty: Fine of 10, or twice the value of the crime and/or up to 10 years in prison, 100,000 and/or up to 20
years if repeat offense.
6. Soliciting a person for the purpose of offering an access device or selling information that can be used to
obtain an access device. (The offense must be committed knowingly and with intent to defraud, and
without the authorization of the issuer of the access device.)
Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15 years in prison, $100,000 and/or up to
20 years if repeat offense.
7. Using, producing, trafficking in, or having a telecommunications instruments that has been modified or
altered to obtain unauthorized use of telecommunications services. (The offense must be committed
knowingly and with intent to defraud.)
This would cover use of “Red Boxes,” “Blue Boxes” (yes, they still work on some telephone networks) and
cloned cell phones when the legitimate owner of the phone you have cloned has not agreed to it being
cloned.
Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15 years in prison, $100,000 and/or up to
20 years if repeat offense.
8. Using, producing, trafficking in, or having a scanning receiver or hardware or software used to alter or
modify telecommunications instruments to obtain unauthorized access to telecommunications services.
This outlaws the scanners that people so commonly use to snoop on cell phone calls. We just had a big
scandal when the news media got a hold of an intercepted cell phone call from Speaker of the US House of
Representatives Newt Gingrich.
Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15 years in prison, $100,000 and/or up
to 20 years if repeat offense.
9. Causing or arranging for a person to present, to a credit card system member or its agent for payment,
records of transactions made by an access device.(The offense must be committed knowingly and with
intent to defraud, and without the authorization of the credit card system member or its agent.
Penalty: Fine of $10,000 or twice the value of the crime and/or up to 10 years in prison, $100,000 and/or up to
20 years if repeat offense.
SECTION 1030
18 USC, Chapter 47, Section 1030, enacted as part of the Computer Fraud and Abuse Act of 1986, prohibits
unauthorized or fraudulent access to government computers, and establishes penalties for such access.
This act is one of the few pieces of federal legislation solely concerned with computers. Under the
Computer Fraud and Abuse Act, the U.S. Secret Service and the FBI explicitly have been given jurisdiction
to investigate the offenses defined under this act.
The six areas of criminal activity covered by Section 1030 are:
1. Acquiring national defense, foreign relations, or restricted atomic energy information with the intent or
reason to believe that the information can be used to injure the United States or to the advantage of any
foreign nation. (The offense must be committed knowingly by accessing a computer without authorization
or exceeding authorized access.)
2. Obtaining information in a financial record of a financial institution or a card issuer, or information on a
consumer in a file of a consumer reporting agency. (The offense must be committed intentionally by
accessing a computer without authorization or exceeding authorized access.)
Important note: recently on the dc-stuff hackers’ list a fellow whose name we shall not repeat claimed to
have “hacked TRW” to get a report on someone which he posted to the list. We hope this fellow was lying
and simply paid the fee to purchase the report.
Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense.
3. Affecting a computer exclusively for the use of a U.S. government department or agency or, if it is not
exclusive, one used for the government where the offense adversely affects the use of the government’s
operation of the computer. (The offense must be committed intentionally by accessing a computer without
authorization.)
This could apply to syn flood and killer ping as well as other denial of service attacks, as well as breaking
into a computer and messing around. Please remember to tiptoe around computers with .mil or .gov domain
names!
Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense.
4. Furthering a fraud by accessing a federal interest computer and obtaining anything of value, unless the
fraud and the thing obtained consists only of the use of the computer. (The offense must be committed
knowingly, with intent to defraud, and without authorization or exceeding authorization.)[The government’s
view of “federal interest computer” is defined below]
Watch out! Even if you download copies of programs just to study them, this law means if the owner of the
program says, “Yeah, I’d say it’s worth a million dollars,” you’re in deep trouble.
Penalty: Fine and/or up to 5 years in prison, up to 10 years if repeat offense.
5. Through use of a computer used in interstate commerce, knowingly causing the transmission of a
program, information, code, or command to a computer system. There are two separate scenarios:
a. In this scenario, (I) the person causing the transmission intends it to damage the computer or deny use
to it; and (ii) the transmission occurs without the authorization of the computer owners or operators, and
causes $1000 or more in loss or damage, or modifies or impairs, or potentially modifies or impairs, a medical
treatment or examination.
The most common way someone gets into trouble with this part of the law is when trying to cover tracks
after breaking into a computer. While editing or, worse yet, erasing various files, the intruder may
accidentally erase something important. Or some command he or she gives may accidentally mess things up.
Yeah, just try to prove it was an accident. Just ask any systems administrator about giving commands as
root. Even when you know a computer like the back of your hand it is too easy to mess up.
A simple email bomb attack, “killer ping,” flood ping, syn flood, and those huge numbers of Windows NT
exploits where sending simple commands to many of its ports causes a crash could also break this law. So
even if you are a newbie hacker, some of the simplest exploits can land you in deep crap!
Penalty with intent to harm: Fine and/or up to 5 years in prison, up to 10 years if repeat offense.
b. In this scenario, (I) the person causing the transmission does not intend the damage but operates with
reckless disregard of the risk that t he transmission will cause damage to the computer owners or operators,
and causes $1000 or more in loss or damage, or modifies or impairs, or potentially modifies or impairs, a
medical treatment or examination.
This means that even if you can prove you harmed the computer by accident, you still may go to prison.
Penalty for acting with reckless disregard: Fine and/or up to 1 year in prison.
6. Furthering a fraud by trafficking in passwords or similar information which will allow a computer to be
accessed without authorization, if the trafficking affects interstate or foreign commerce or if the computer
affected is used by or for the government. (The offense must be committed knowingly and with intent to
defraud.)
A common way to break this part o f the law comes from the desire to boast. When one hacker finds a way to
slip into another person’s computer, it can be really tempting to give out a password to someone else. Pretty
soon dozens of clueless newbies are carelessly messing around the victim computer. They also boast.
Before you know it you are in deep crud.
Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense.
Re: #4 Section 1030 defines a federal interest computer as follows:
1. A computer that is exclusively for use of a financial institution[defined below] or the U.S. government or,
if it is not exclusive, one used for a financial institution or the U.S. government where the offense adversely
affects the use of the financial institution’s or government’s operation of the computer; or
2. A computer that is one of two or more computers used to commit the offense, not all of which are located
in the same state.
This section defines a financial institution as follows:
1. An institution with deposits insured by the Federal Deposit Insurance Corporation(FDIC).
2. The Federal Reserve or a member of the Federal Reserve, including any Federal Reserve Bank.
3. A credit union with accounts insured by the National Credit Union Administration.
4. A memb er of the federal home loan bank system and any home loan bank.
5. Any institution of the Farm Credit system under the Farm Credit Act of 1971.
6. A broker-dealer registered with the Securities and Exchange Commission(SEC) within the rules of section
15 of the SEC Act of 1934.
7. The Securities Investors Protection Corporation.
8. A branch or agency of a foreign bank (as defined in the International Banking Act of 1978).
9. An organization operating under section 25 or 25(a) of the Federal Re serve Act.
WHO’S IN CHARGE OF BUSTING THE CRACKER WHO GETS A BIT FROGGY REGARDING SECTION
1030?
(FBI stands for Federal Bureau of Investigation, USSS for US Secret Service)
Section of Law Type of Information Jurisdiction
1030(a)(1) National Security FBI USSS JOINT
National defense X
1030(a)(2) Foreign relations X
Restricted atomic energy X
1030(a)(2) Financial or consumer
Financial records of X
banks, other financial
institutions
Financial records of
card issuers X
Information on consumers
in files of a consumer
reporting agency X
Non-bank financial
institutions X
1030(a)(3) Government computers
National defense X
Foreign relations X
Restricted data X
White House X
All other government
computers X
1030(a)(4) Federal interest computers:
Intent to defraud X
1030(a)(5)(A) Transmission of programs, commands:
Intent to damage or deny use X
1030(a)(5)(B) Transmission off programs, commands:
Reckless disregard X
1030 (a)(6) Trafficking in passwords:
Interstate or foreign commerce X
Computers used by or for the government X
Regarding 1030 (a)(2): The FBI has jurisdiction over bank fraud violations, which include categories (1)
through (5) in the list of financial institutions defined above. The Secret Service and FBI share joint
jurisdiction over non-bank financial institutions defined in categories (6) and (7) in the list of financial
institutions defined above.
Regarding 1030(a)(3) Government Computers: The FBI is the primary investigative agency for violations of
this section when it involves national defense. Information pertaining to foreign relations, and other
restricted data. Unauthorized access to other information in government computers falls under the primary
jurisdiction of the Secret Service.
MORAL: CONFUCIUS SAY: “CRACKER WHO GETS BUSTED DOING ONE OF THESE CRIMES, WILL
SPEND LONG TIME IN JAILHOUSE SOUP.”
This information was swiped from _Computer Crime: A Crimefighter’s Handbook_ (Icove, Seger &
VonStorch. O’Reilly & Associates, Inc.)
The following is Agent Steal's guide to what one will face if one is arrested in the US for computer crime.
Criminal hackers will try to persuade you that if you are elite, you won't get busted. But as Agent Steal and
so many others have learned, it isn't that easy to get away with stuff.
Wednesday, December 30, 2009
Computer hacking. Where did it begin and how did it grow?
If you wonder what it was like in days of yore, ten, twenty, thirty years ago, how about letting and old lady
tell you the way it used to be.
Where shall we start? Seventeen years ago and the World Science Fiction Convention in Boston,
Massachusetts? Back then the World Cons were the closest thing we had to hacker conventions.
Picture 1980. Ted Nelson is running around with his Xanadu guys: Roger Gregory, H. Keith Henson (now
waging war against the Scientologists) and K. Eric Drexler, later to build the Foresight Institute. They dream
of creating what is to become the World Wide Web. Nowadays guys at hacker cons might dress like
vampires. In 1980 they wear identical black baseball caps with silver wings and the slogan: "Xanadu: wings
of the mind." Others at World Con are a bit more underground: doing dope, selling massages, blue boxing
the phone lines. The hotel staff has to close the swimming pool in order to halt the sex orgies.
Oh, but this is hardly the dawn of hacking. Let's look at the Boston area yet another seventeen years further
back, the early 60s. MIT students are warring for control of the school's mainframe computers. They use
machine language programs that each strive to delete all other programs and seize control of the central
processing unit. Back then there were no personal computers.
In 1965, Ted Nelson, later to become leader of the silver wing-headed Xanadu gang at the 1980 Worldcon,
first coins the word "hypertext" to describe what will someday become the World Wide Web. Nelson later
spreads the gospel in his book Literacy Online. The back cover shows a Superman-type figure flying and
the slogan "You can and must learn to use computers now."
But in 1965 the computer is widely feared as a source of Orwellian powers. Yes, as in George Orwell's
ominous novel , "1984," that predicted a future in which technology would squash all human freedom. Few
are listening to Nelson. Few see the wave of free-spirited anarchy the hacker culture is already unleashing.
But LSD guru Timothy Leary's daughter Susan begins to study computer programming.
Around 1966, Robert Morris Sr., the future NSA chief scientist, decides to mutate these early hacker wars
into the first "safe hacking" environment. He and the two friends who code it call their game "Darwin." Later
"Darwin" becomes "Core War," a free-form computer game played to this day by some of the uberest of
uberhackers.
Let's jump to 1968 and the scent of tear gas. Wow, look at those rocks hurling through the windows of the
computer science building at the University of Illinois at Urbana-Champaign! Outside are 60s antiwar
protesters. Their enemy, they believe, are the campus' ARPA-funded computers. Inside are nerdz high on
caffeine and nitrous oxide. Under the direction of the young Roger Johnson, they gang together four CDC
6400s and link them to 1024 dumb vector graphics terminals. This becomes the first realization of
cyberspace: Plato.
1969 turns out to be the most portent-filled year yet for hacking.
In that year the Defense Department's Advanced Research Projects Agency funds a second project to hook
up four mainframe computers so researchers can share their resources. This system doesn't boast the vector
graphics of the Plato system. Its terminals just show ASCII characters: letters and numbers. Boring, huh?
But this ARPAnet is eminently hackable. Within a year, its users hack together a new way to ship text files
around. They call their unauthorized, unplanned invention "email." ARPAnet has developed a life
independent of its creators. It's a story that will later repeat itself in many forms. No one can control
cyberspace. They can't even control it when it is just four computers big.
Also in 1969 John Goltz teams up with a money man to found Compuserve using the new packet switched
technology being pioneered by ARPAnet. Also in 1969 we see a remarkable birth at Bell Labs as Ken
Thompson invents a new operating system: Unix. It is to become the gold standard of hacking and the
Internet, the operating system with the power to form miracles of computer legerdemain.
In 1971, Abbie Hoffman and the Yippies found the first hacker/phreaker magazine, YIPL/TAP (Youth
International Party -- Technical Assistance Program). YIPL/TAP essentially invents phreaking -- the sport
of playing with phone systems in ways the owners never intended. They are motivated by the Bell
Telephone monopoly with its high long distance rates, and a hefty tax that Hoffman and many others refuse
to pay as their protest against the Vietnam War. What better way to pay no phone taxes than to pay no
phone bill at all?
Blue boxes burst onto the scene. Their oscillators automate the whistling sounds that had already enabled
people like Captain Crunch (John Draper) to become the pirate captains of the Bell Telephone
megamonopoly. Suddenly phreakers are able to actually make money at their hobby. Hans and Gribble
peddle blue boxes on the Stanford campus.
In June 1972, the radical left magazine Ramparts, in the article "Regulating the Phone Company In Your
Home" publishes the schematics for a variant on the blue box known as the "mute box." This article violates
Californian State Penal Code section 502.7, which outlaws the selling of "plans or instructions for any
instrument, apparatus, or device intended to avoid telephone toll charges." California police, aided by
Pacific Bell officials, seize copies of the magazine from newsstands and the magazine's offices. The financial
stress leads quickly to bankruptcy.
As the Vietnam War winds down, the first flight simulator programs in history unfold on the Plato network.
Computer graphics, almost unheard of in that day, are displayed by touch-sensitive vector graphics
terminals. Cyberpilots all over the US pick out their crafts: Phantoms, MIGs, F-104s, the X-15, Sopwith
Camels. Virtual pilots fly out of digital airports and try to shoot each other down and bomb each others'
airports. While flying a Phantom, I see a chat message on the bottom of my screen. "I'm about to shoot you
down ." Oh, no, a MIG on my tail. I dive and turn hoping to get my tormentor into my sights. The screen
goes black. My terminal displays the message "You just pulled 37 Gs. You now look more like a pizza than a
human being as you slowly flutter to Earth."
One day the Starship Enterprise barges in on our simulator, shoots everyone down and vanishes back into
cyberspace. Plato has been hacked! Even in 1973 multiuser game players have to worry about getting
"smurfed"! (When a hacker breaks into a multiuser game on the Internet and kills players with techniques
that are not rules of the game, this is called "smurfing.")
1975. Oh blessed year! Under a Air Force contract, in the city of Albuquerque, New Mexico, the Altair is
born. Altair. The first microcomputer. Bill Gates writes the operating system. Then Bill's mom persuades him
to move to Redmond, CA where she has some money men who want to see what this operating system
business is all about.
Remember Hans and Gribble? They join the Home Brew Computer club and choose Motorola
microprocessors to build their own. They begin selling their computers, which they brand name the Apple,
under their real names of Steve Wozniak and Steve Jobs. A computer religion is born.
The great Apple/Microsoft battle is joined. Us hackers suddenly have boxes that beat the heck out of
Tektronix terminals.
In 1978, Ward Christenson and Randy Suess create the first personal computer bulletin board system.
Soon, linked by nothing more than the long distance telephone network and these bulletin board nodes,
hackers create a new, private cyberspace. Phreaking becomes more important than ever to connect to distant
BBSs.
Also in 1978, The Source and Compuserve computer networks both begin to cater to individual users.
"Naked Lady" runs rampant on Compuserve. The first cybercafe, Planet Earth, opens in Washington, DC.
X.25 networks reign supreme.
Then there is the great ARPAnet mutation of 1980. In a giant leap it moves from Network Control Protocol
to Transmission Control Protocol/Internet Protocol (TCP/IP). Now ARPAnet is no longer limited to 256
computers -- it can span tens of millions of hosts! Thus the Internet is conceived within the womb of the
DoD's ARPAnet. The framework that would someday unite hackers around the world was now, ever so
quietly, growing. Plato fades, forever limited to 1024 terminals.
Famed science fiction author Jerry Pournelle discovers ARPAnet. Soon his fans are swarming to find
excuses -- or whatever -- to get onto ARPAnet. ARPAnet's administrators are surprisingly easygoing about
granting accounts, especially to people in the academic world.
ARPAnet is a pain in the rear to use, and doesn't transmit visuals of fighter planes mixing it up. But unlike
the glitzy Plato, ARPAnet is really hackable and now has what it takes to grow. Unlike the network of hacker
bulletin boards, people don't need to choose between expensive long distance phone calls or phreaking to
make their connections. It's all local and it's all free.
That same year, 1980, the "414 Gang" is raided. Phreaking is more hazardous than ever.
In the early 80s hackers love to pull pranks. Joe College sits down at his dumb terminal to the University
DEC 10 and decides to poke around the campus network. Here's Star Trek! Here's Adventure! Zork! Hmm,
what's this program called Sex? He runs it. A message pops up: "Warning: playing with sex is hazardous.
Are you sure you want to play? Y/N" Who can resist? With that "Y" the screen bursts into a display of
ASCII characters, then up comes t he message: "Proceeding to delete all files in this account." Joe is
weeping, cursing, jumping up and down. He gives the list files command. Nothing! Zilch! Nada! He runs to
the sysadmin. They log back into his account but his files are all still there. A prank.
In 1983 hackers are almost all harmless pranksters, folks who keep their distance from the guys who break
the law. MITs "Jargon file" defines hacker as merely "a person who enjoys learning about computer
systems and how to stretch their capabilities; a person who programs enthusiastically and enjoys
dedicating a great deal of time with computers."
1983 the IBM Personal Computer enters the stage powered by Bill Gates' MS-DOS operating system. The
empire of the CP/M operating system falls. Within the next two years essentially all microcomputer
operating systems except MS-DOS and those offered by Apple will be dead, and a thousand Silicon Valley
fortunes shipwrecked. The Amiga hangs on by a thread. Prices plunge, and soon all self-respecting hackers
own their own computers. Sneaking around college labs at night fades from the scene.
In 1984 Emmanuel Goldstein launches 2600: The Hacker Quarterly and the Legion of Doom hacker gang
forms. Congress passes the Comprehensive Crime Control Act giving t he US Secret Service jurisdiction over
computer fraud. Fred Cohen, at Carnegie Melon University writes his PhD thesis on the brand new, never
heard of thing called computer viruses.
1984. It was to be the year, thought millions of Orwell fans, that the government would finally get its hands
on enough high technology to become Big Brother. Instead, science fiction author William Gibson, writing
Neuromancer on a manual typewriter, coins the term and paints the picture of "cyberspace." "Case was the
best... who ever ran in Earth's computer matrix. Then he doublecrossed the wrong people..."
In 1984 the first US police "sting" bulletin board systems appear.
Since 1985, Phrack
has been providing the hacker community with information on operating systems, networking
technologies, and telephony, as well as relaying other topics of interest to the international computer
underground.
The 80s are the war dialer era. Despite ARPAnet and the X.25 networks, the vast majority of computers can
only be accessed by discovering their individual phone lines. Thus one of the most treasured prizes of the
80s hacker is a phone number to some mystery computer.
Computers of this era might be running any of dozens of arcane operating systems and using many
communications protocols. Manuals for these systems are often secret. The hacker scene operates on the
mentor principle. Unless you can find someone who will induct you into the inner circle of a hacker gang
that has accumulated documents salvaged from dumpsters or stolen in burglaries, you are way behind the
pack. Kevin Poulson makes a name for himself through many daring burglaries of Pacific Bell.
Despite these barriers, by 1988 hacking has entered the big time. According to a list of hacker groups
compiled by the editors of Phrack on August 8, 1988, the US hosts hundreds of them.
The Secret Service covertly videotapes the 1988 SummerCon convention.
In 1988 Robert Tappan Morris, son of NSA chief scientist Robert Morris Sr., writes an exploit that will
forever be known as the Morris Worm. It uses a combination of finger and sendmail exploits to break into a
computer, copy itself and then send copy after copy on to other computers. Morris, with little
comprehension of the power of this exponential replication, releases it onto the Internet. Soon vulnerable
computers are filled to their digital gills with worms and clogging communications links as they send copies
of the worms out to hunt other computers. The young Internet, then only a few thousand computers strong,
crashes. Morris is arrested, but gets off with probation.
1990 is the next pivotal year for the Internet, as significant as 1980 and the launch of TCP/IP. Inspired by
Nelson's Xanadu, Tim Berners-Lee of the European Laboratory for Particle Physics (CERN) conceives of a
new way to implement hypertext. He calls it the World Wide Web. In 1991 he quietly unleashes it on the
world. Cyberspace will never be the same. Nelson's Xanadu, like Plato, like CP/M, fades.
1990 is also a year of unprecedented numbers of hacker raids and arrests. The US Secret Service and New
York State Police raid Phiber Optik, Acid Phreak, and Scorpion in New York City, and arrest Terminus,
Prophet, Leftist, and Urvile.
The Chicago Task Force arrests Knight Lightning and raids Robert Izenberg, Mentor, and Erik Bloodaxe. It
raids both Richard Andrews' home and business. The US Secret Service and Arizona Organized Crime and
Racketeering Bureau conduct Operation Sundevil raids in Cincinnatti, Detroit, Los Angeles, Miami, Newark,
Phoenix, Pittsburgh, Richmond, Tucson, San Diego, San Jose, and San Francisco. A famous unreasonable
raid that year was the Chicago Task Force invasion of Steve Jackson Games, Inc.
June 1990 Mitch Kapor and John Perry Barlow react to the excesses of all these raids to found the
Electronic Frontier Foundation. Its initial purpose is to protect hackers. They succeed in getting law
enforcement to back off the hacker community.
In 1993, Marc Andreesson and Eric Bina of the National Center for Supercomputing Applications release
Mosaic, the first WWW browser that can show graphics. Finally, after the fade out of the Plato of twenty
years past, we have decent graphics! This time, however, these graphics are here to stay. Soon the Web
becomes the number one way that hackers boast and spread the codes for their exploits. Bulletin boards,
with their tightly held secrets, fade from the scene.
In 1993, the first Def Con invades Las Vegas. The era of hacker cons moves into full swing with the Beyond
Hope serie s, HoHocon and more.
1996 Aleph One takes over the Bugtaq email list and turns it into the first public "full disclosure" computer
security list. For the first time in history, security flaws that can be used to break into computers are being
discussed openly and with the complete exploit codes. Bugtraq archives are placed on the Web.
In August 1996 I start mailing out Guides to (mostly) Harmless Hacking. They are full of simple instructions
designed to help novices understand hacking. A number of hackers come forward to help run what becomes
the Happy Hacker Digest.
1996 is also the year when documentation for routers, operating systems, TCP/IP protocols and much, much
more begins to proliferate on the Web. The era of daring burglaries of technical manuals fades.
In early 1997 the readers of Bugtraq begin to tear the Windows NT operating system to shreds. A new mail
list, NT Bugtraq, is launched just to handle the high volume of NT security flaws discovered by its readers.
Self-proclaimed hackers Mudge and Weld of The L0pht, in a tour de force of research, write and release a
password cracker for WinNT that rocks the Internet. Many in the computer security community have come
far enough along by now to realize that Mudge and Weld are doing the owners of NT networks a great
service.
Thanks to the willingness of hackers to share their knowledge on the Web, and mail lists such as Bugtraq,
NT Bugtraq and Happy Hacker, the days of people having to beg to be inducted into hacker gangs in order
to learn hacking secrets are now fading.
Where next will the hacker world evolve? You hold the answer to that in your hands.
Contents of the Crime Volume:
Computer Crime Law Issue #1
Everything a hacker needs to know about getting busted by the feds
tell you the way it used to be.
Where shall we start? Seventeen years ago and the World Science Fiction Convention in Boston,
Massachusetts? Back then the World Cons were the closest thing we had to hacker conventions.
Picture 1980. Ted Nelson is running around with his Xanadu guys: Roger Gregory, H. Keith Henson (now
waging war against the Scientologists) and K. Eric Drexler, later to build the Foresight Institute. They dream
of creating what is to become the World Wide Web. Nowadays guys at hacker cons might dress like
vampires. In 1980 they wear identical black baseball caps with silver wings and the slogan: "Xanadu: wings
of the mind." Others at World Con are a bit more underground: doing dope, selling massages, blue boxing
the phone lines. The hotel staff has to close the swimming pool in order to halt the sex orgies.
Oh, but this is hardly the dawn of hacking. Let's look at the Boston area yet another seventeen years further
back, the early 60s. MIT students are warring for control of the school's mainframe computers. They use
machine language programs that each strive to delete all other programs and seize control of the central
processing unit. Back then there were no personal computers.
In 1965, Ted Nelson, later to become leader of the silver wing-headed Xanadu gang at the 1980 Worldcon,
first coins the word "hypertext" to describe what will someday become the World Wide Web. Nelson later
spreads the gospel in his book Literacy Online. The back cover shows a Superman-type figure flying and
the slogan "You can and must learn to use computers now."
But in 1965 the computer is widely feared as a source of Orwellian powers. Yes, as in George Orwell's
ominous novel , "1984," that predicted a future in which technology would squash all human freedom. Few
are listening to Nelson. Few see the wave of free-spirited anarchy the hacker culture is already unleashing.
But LSD guru Timothy Leary's daughter Susan begins to study computer programming.
Around 1966, Robert Morris Sr., the future NSA chief scientist, decides to mutate these early hacker wars
into the first "safe hacking" environment. He and the two friends who code it call their game "Darwin." Later
"Darwin" becomes "Core War," a free-form computer game played to this day by some of the uberest of
uberhackers.
Let's jump to 1968 and the scent of tear gas. Wow, look at those rocks hurling through the windows of the
computer science building at the University of Illinois at Urbana-Champaign! Outside are 60s antiwar
protesters. Their enemy, they believe, are the campus' ARPA-funded computers. Inside are nerdz high on
caffeine and nitrous oxide. Under the direction of the young Roger Johnson, they gang together four CDC
6400s and link them to 1024 dumb vector graphics terminals. This becomes the first realization of
cyberspace: Plato.
1969 turns out to be the most portent-filled year yet for hacking.
In that year the Defense Department's Advanced Research Projects Agency funds a second project to hook
up four mainframe computers so researchers can share their resources. This system doesn't boast the vector
graphics of the Plato system. Its terminals just show ASCII characters: letters and numbers. Boring, huh?
But this ARPAnet is eminently hackable. Within a year, its users hack together a new way to ship text files
around. They call their unauthorized, unplanned invention "email." ARPAnet has developed a life
independent of its creators. It's a story that will later repeat itself in many forms. No one can control
cyberspace. They can't even control it when it is just four computers big.
Also in 1969 John Goltz teams up with a money man to found Compuserve using the new packet switched
technology being pioneered by ARPAnet. Also in 1969 we see a remarkable birth at Bell Labs as Ken
Thompson invents a new operating system: Unix. It is to become the gold standard of hacking and the
Internet, the operating system with the power to form miracles of computer legerdemain.
In 1971, Abbie Hoffman and the Yippies found the first hacker/phreaker magazine, YIPL/TAP (Youth
International Party -- Technical Assistance Program). YIPL/TAP essentially invents phreaking -- the sport
of playing with phone systems in ways the owners never intended. They are motivated by the Bell
Telephone monopoly with its high long distance rates, and a hefty tax that Hoffman and many others refuse
to pay as their protest against the Vietnam War. What better way to pay no phone taxes than to pay no
phone bill at all?
Blue boxes burst onto the scene. Their oscillators automate the whistling sounds that had already enabled
people like Captain Crunch (John Draper) to become the pirate captains of the Bell Telephone
megamonopoly. Suddenly phreakers are able to actually make money at their hobby. Hans and Gribble
peddle blue boxes on the Stanford campus.
In June 1972, the radical left magazine Ramparts, in the article "Regulating the Phone Company In Your
Home" publishes the schematics for a variant on the blue box known as the "mute box." This article violates
Californian State Penal Code section 502.7, which outlaws the selling of "plans or instructions for any
instrument, apparatus, or device intended to avoid telephone toll charges." California police, aided by
Pacific Bell officials, seize copies of the magazine from newsstands and the magazine's offices. The financial
stress leads quickly to bankruptcy.
As the Vietnam War winds down, the first flight simulator programs in history unfold on the Plato network.
Computer graphics, almost unheard of in that day, are displayed by touch-sensitive vector graphics
terminals. Cyberpilots all over the US pick out their crafts: Phantoms, MIGs, F-104s, the X-15, Sopwith
Camels. Virtual pilots fly out of digital airports and try to shoot each other down and bomb each others'
airports. While flying a Phantom, I see a chat message on the bottom of my screen. "I'm about to shoot you
down ." Oh, no, a MIG on my tail. I dive and turn hoping to get my tormentor into my sights. The screen
goes black. My terminal displays the message "You just pulled 37 Gs. You now look more like a pizza than a
human being as you slowly flutter to Earth."
One day the Starship Enterprise barges in on our simulator, shoots everyone down and vanishes back into
cyberspace. Plato has been hacked! Even in 1973 multiuser game players have to worry about getting
"smurfed"! (When a hacker breaks into a multiuser game on the Internet and kills players with techniques
that are not rules of the game, this is called "smurfing.")
1975. Oh blessed year! Under a Air Force contract, in the city of Albuquerque, New Mexico, the Altair is
born. Altair. The first microcomputer. Bill Gates writes the operating system. Then Bill's mom persuades him
to move to Redmond, CA where she has some money men who want to see what this operating system
business is all about.
Remember Hans and Gribble? They join the Home Brew Computer club and choose Motorola
microprocessors to build their own. They begin selling their computers, which they brand name the Apple,
under their real names of Steve Wozniak and Steve Jobs. A computer religion is born.
The great Apple/Microsoft battle is joined. Us hackers suddenly have boxes that beat the heck out of
Tektronix terminals.
In 1978, Ward Christenson and Randy Suess create the first personal computer bulletin board system.
Soon, linked by nothing more than the long distance telephone network and these bulletin board nodes,
hackers create a new, private cyberspace. Phreaking becomes more important than ever to connect to distant
BBSs.
Also in 1978, The Source and Compuserve computer networks both begin to cater to individual users.
"Naked Lady" runs rampant on Compuserve. The first cybercafe, Planet Earth, opens in Washington, DC.
X.25 networks reign supreme.
Then there is the great ARPAnet mutation of 1980. In a giant leap it moves from Network Control Protocol
to Transmission Control Protocol/Internet Protocol (TCP/IP). Now ARPAnet is no longer limited to 256
computers -- it can span tens of millions of hosts! Thus the Internet is conceived within the womb of the
DoD's ARPAnet. The framework that would someday unite hackers around the world was now, ever so
quietly, growing. Plato fades, forever limited to 1024 terminals.
Famed science fiction author Jerry Pournelle discovers ARPAnet. Soon his fans are swarming to find
excuses -- or whatever -- to get onto ARPAnet. ARPAnet's administrators are surprisingly easygoing about
granting accounts, especially to people in the academic world.
ARPAnet is a pain in the rear to use, and doesn't transmit visuals of fighter planes mixing it up. But unlike
the glitzy Plato, ARPAnet is really hackable and now has what it takes to grow. Unlike the network of hacker
bulletin boards, people don't need to choose between expensive long distance phone calls or phreaking to
make their connections. It's all local and it's all free.
That same year, 1980, the "414 Gang" is raided. Phreaking is more hazardous than ever.
In the early 80s hackers love to pull pranks. Joe College sits down at his dumb terminal to the University
DEC 10 and decides to poke around the campus network. Here's Star Trek! Here's Adventure! Zork! Hmm,
what's this program called Sex? He runs it. A message pops up: "Warning: playing with sex is hazardous.
Are you sure you want to play? Y/N" Who can resist? With that "Y" the screen bursts into a display of
ASCII characters, then up comes t he message: "Proceeding to delete all files in this account." Joe is
weeping, cursing, jumping up and down. He gives the list files command. Nothing! Zilch! Nada! He runs to
the sysadmin. They log back into his account but his files are all still there. A prank.
In 1983 hackers are almost all harmless pranksters, folks who keep their distance from the guys who break
the law. MITs "Jargon file" defines hacker as merely "a person who enjoys learning about computer
systems and how to stretch their capabilities; a person who programs enthusiastically and enjoys
dedicating a great deal of time with computers."
1983 the IBM Personal Computer enters the stage powered by Bill Gates' MS-DOS operating system. The
empire of the CP/M operating system falls. Within the next two years essentially all microcomputer
operating systems except MS-DOS and those offered by Apple will be dead, and a thousand Silicon Valley
fortunes shipwrecked. The Amiga hangs on by a thread. Prices plunge, and soon all self-respecting hackers
own their own computers. Sneaking around college labs at night fades from the scene.
In 1984 Emmanuel Goldstein launches 2600: The Hacker Quarterly and the Legion of Doom hacker gang
forms. Congress passes the Comprehensive Crime Control Act giving t he US Secret Service jurisdiction over
computer fraud. Fred Cohen, at Carnegie Melon University writes his PhD thesis on the brand new, never
heard of thing called computer viruses.
1984. It was to be the year, thought millions of Orwell fans, that the government would finally get its hands
on enough high technology to become Big Brother. Instead, science fiction author William Gibson, writing
Neuromancer on a manual typewriter, coins the term and paints the picture of "cyberspace." "Case was the
best... who ever ran in Earth's computer matrix. Then he doublecrossed the wrong people..."
In 1984 the first US police "sting" bulletin board systems appear.
Since 1985, Phrack
has been providing the hacker community with information on operating systems, networking
technologies, and telephony, as well as relaying other topics of interest to the international computer
underground.
The 80s are the war dialer era. Despite ARPAnet and the X.25 networks, the vast majority of computers can
only be accessed by discovering their individual phone lines. Thus one of the most treasured prizes of the
80s hacker is a phone number to some mystery computer.
Computers of this era might be running any of dozens of arcane operating systems and using many
communications protocols. Manuals for these systems are often secret. The hacker scene operates on the
mentor principle. Unless you can find someone who will induct you into the inner circle of a hacker gang
that has accumulated documents salvaged from dumpsters or stolen in burglaries, you are way behind the
pack. Kevin Poulson makes a name for himself through many daring burglaries of Pacific Bell.
Despite these barriers, by 1988 hacking has entered the big time. According to a list of hacker groups
compiled by the editors of Phrack on August 8, 1988, the US hosts hundreds of them.
The Secret Service covertly videotapes the 1988 SummerCon convention.
In 1988 Robert Tappan Morris, son of NSA chief scientist Robert Morris Sr., writes an exploit that will
forever be known as the Morris Worm. It uses a combination of finger and sendmail exploits to break into a
computer, copy itself and then send copy after copy on to other computers. Morris, with little
comprehension of the power of this exponential replication, releases it onto the Internet. Soon vulnerable
computers are filled to their digital gills with worms and clogging communications links as they send copies
of the worms out to hunt other computers. The young Internet, then only a few thousand computers strong,
crashes. Morris is arrested, but gets off with probation.
1990 is the next pivotal year for the Internet, as significant as 1980 and the launch of TCP/IP. Inspired by
Nelson's Xanadu, Tim Berners-Lee of the European Laboratory for Particle Physics (CERN) conceives of a
new way to implement hypertext. He calls it the World Wide Web. In 1991 he quietly unleashes it on the
world. Cyberspace will never be the same. Nelson's Xanadu, like Plato, like CP/M, fades.
1990 is also a year of unprecedented numbers of hacker raids and arrests. The US Secret Service and New
York State Police raid Phiber Optik, Acid Phreak, and Scorpion in New York City, and arrest Terminus,
Prophet, Leftist, and Urvile.
The Chicago Task Force arrests Knight Lightning and raids Robert Izenberg, Mentor, and Erik Bloodaxe. It
raids both Richard Andrews' home and business. The US Secret Service and Arizona Organized Crime and
Racketeering Bureau conduct Operation Sundevil raids in Cincinnatti, Detroit, Los Angeles, Miami, Newark,
Phoenix, Pittsburgh, Richmond, Tucson, San Diego, San Jose, and San Francisco. A famous unreasonable
raid that year was the Chicago Task Force invasion of Steve Jackson Games, Inc.
June 1990 Mitch Kapor and John Perry Barlow react to the excesses of all these raids to found the
Electronic Frontier Foundation. Its initial purpose is to protect hackers. They succeed in getting law
enforcement to back off the hacker community.
In 1993, Marc Andreesson and Eric Bina of the National Center for Supercomputing Applications release
Mosaic, the first WWW browser that can show graphics. Finally, after the fade out of the Plato of twenty
years past, we have decent graphics! This time, however, these graphics are here to stay. Soon the Web
becomes the number one way that hackers boast and spread the codes for their exploits. Bulletin boards,
with their tightly held secrets, fade from the scene.
In 1993, the first Def Con invades Las Vegas. The era of hacker cons moves into full swing with the Beyond
Hope serie s, HoHocon and more.
1996 Aleph One takes over the Bugtaq email list and turns it into the first public "full disclosure" computer
security list. For the first time in history, security flaws that can be used to break into computers are being
discussed openly and with the complete exploit codes. Bugtraq archives are placed on the Web.
In August 1996 I start mailing out Guides to (mostly) Harmless Hacking. They are full of simple instructions
designed to help novices understand hacking. A number of hackers come forward to help run what becomes
the Happy Hacker Digest.
1996 is also the year when documentation for routers, operating systems, TCP/IP protocols and much, much
more begins to proliferate on the Web. The era of daring burglaries of technical manuals fades.
In early 1997 the readers of Bugtraq begin to tear the Windows NT operating system to shreds. A new mail
list, NT Bugtraq, is launched just to handle the high volume of NT security flaws discovered by its readers.
Self-proclaimed hackers Mudge and Weld of The L0pht, in a tour de force of research, write and release a
password cracker for WinNT that rocks the Internet. Many in the computer security community have come
far enough along by now to realize that Mudge and Weld are doing the owners of NT networks a great
service.
Thanks to the willingness of hackers to share their knowledge on the Web, and mail lists such as Bugtraq,
NT Bugtraq and Happy Hacker, the days of people having to beg to be inducted into hacker gangs in order
to learn hacking secrets are now fading.
Where next will the hacker world evolve? You hold the answer to that in your hands.
Contents of the Crime Volume:
Computer Crime Law Issue #1
Everything a hacker needs to know about getting busted by the feds
How to use the Web to look up information on hacking.
Want to become really, really unpopular? Try asking your hacker friends too many questions of the wrong
sort.
But, but, how do we know what are the wrong questions to ask? OK, I sympathize with your problems
because I get flamed a lot, too. That's partly because I sincerely believe in asking dumb questions. I make
my living asking dumb questions. People pay me lots of money to go to conferences, call people on the
phone and hang out on Usenet news groups asking dumb questions so I can find out stuff for them. And,
guess what, sometimes the dumbest questions get you the best answers. So that's why you don't see me
flaming people who ask dumb questions.
********************************************************
Newbie note: Have you been too afraid to ask the dumb question, "What is a flame?" Now you get to find
out! It is a bunch of obnoxious rantings and ravings made in email or a Usenet post by some idiot who
thinks he or she is proving his or her mental superiority through use of foul and/or impolite language such
as "you suffer from rectocranial inversion," f*** y***, d****, b****, and of course @#$%^&*! This
newbie note is my flame against those flamers to whom I am soooo superior.
********************************************************
But even though dumb questions can be good to ask, you may not like the flames they bring down on you.
So, if you want to avoid flames, how do you find out answers for yourself?
This Guide covers one way to find out hacking information without having to ask people questions: by
surfing the Web. The other way is to buy lots and lots of computer manuals, but that costs a lot of money.
Also, in some parts of the world it is difficult to get manuals. Fortunately, however, almost anything you
want to learn about computers and communications is available for free somewhere on the Web.
First, let's consider the Web search engines. Some just help you search the Web itself. But others enable
you to search Usenet newsgroups that have been archived for many years back. Also, the best hacker email
lists are archived on the Web, as well.
There are two major considerations in using Web search engines. One is what search engine to use, and the
other is the search tactics themselves.
I have used many Web search engines. But eventually I came to the conclusion that for serious research,
you only need two: Alavista (http://altavista.digital.com)and Dejanews (http://www.dejanews.com).
Altavista is the best for the Web, while Dejanews is the best o ne for searching Usenet news groups. But, if
you don't want to take me at my word, you may surf over to a site with links to almost all the Web and
Newsgroup search engines at http://sgk.tiac.net/search/.
But just how do you efficiently use these search engines? If you ask them to find "hacker" or even "how to
hack," you will get bazillions of Web sites and news group posts to read. OK, so you painfully surf through
one hacker Web site after another. You get portentous-sounding organ music, skulls with red rolling eyes,
animated fires burning, and each site has links to other sites with pretentious music and ungrammatical
boastings about "I am 31337, d00dz!!! I am so *&&^%$ good at hacking you should bow down and kiss my
$%^&&*!" But somehow they don't seem to have any actual information. Hey, welcome to the wannabe
hacker world!
You need to figure out some words that help the search engine of your choice get more useful results. For
example, let's say you want to find out whether I, the Supreme R00ler of the Happy Hacker world, am an elite
hacker chick or merely some poser. Now the luser approach would to simply go to http://www.dejanews.com
and do a search of Usenet news groups for "Carolyn Meinel," being sure to click the "old" button to bring
up stuff from years back. But if you do that, you get this huge long list of posts, most of which have
nothing to do with hacking:
CDMA vs GSM - carolyn meinel 1995/11/17
Re: October El Nino-Southern Oscillation info gonthier@usgs.gov (Gerard J. Gonthier) 1995/11/20
Re: Internic Wars MrGlucroft@psu.edu (The Reaver) 1995/11/30
shirkahn@earthlink.net (Christopher Proctor) 1995/12/16
Re: Lyndon LaRouche - who is he? lness@ucs.indiana.edu (lester john ness) 1996/01/06
U-B Color Index observation data - cmeinel@nmia.com (Carolyn P. Meinel) 1996/05/13
Re: Mars Fraud? History of one scientist involved gksmiley@aol.com (GK Smiley) 1996/08/11
Re: Mars Life Announcement: NO Fraud Issue twitch@hub.ofthe.net 1996/08/12
Hackers Helper E-Zine wanted - rcortes@tuna.hooked.net (Raul Cortes) 1996/12/06
Carolyn Meinel, Sooooooper Genius - nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer
node) 1996/12/12
Anyhow, this list goes on and on and on.
But if you specify "Carolyn Meinel hacker" and click "all" instead of "any" on the "Boolean" button, you
get a list that starts with:
Media: "Unamailer delivers Christmas grief" -Mannella@ipifidpt.difi.unipi.it (Riccardo Mannella) 1996/12/30
Cu Digest, #8.93, Tue 31 Dec 96 - Cu Digest (tk0jut2@mvs.cso.niu.edu)
1996/12/31
RealAudio interview with Happy Hacker - bmcw@redbud.mv.com (Brian S. McWilliams) 1997/01/08
Etc.
This way all those posts about my boring life in the world of science don't show up, just the juicy hacker
stuff.
Now suppose all you want to see is flames about what a terrible hacker I am. You could bring those to the
top of the list by adding (with the "all" button still on) "flame" or "f***" or "b****" being careful to spell
out those bad words instead fubarring them with ****s. For example, a search on "Carolyn Meinel hacker
flame" with Boolean "all" turns up only one post. This important tome says the Happy Hacker list is a dire
example of what happens when us prudish moderator types censor naughty words and inane diatribes.
******************************************
Newbie note: "Boolean" is math term. On the Dejanews search engine they figure the user doesn't have a
clue of what "Boolean" means so they give you a choice of "any" or "all" and then label it "Boolean" so
you feel stupid if you don't understand it. But in real Boolean algebra we can use the operators "and" "or"
and "not" on word searches (or any searches of sets). "And" means you would have a search that turns up
only items that have "all" the terms you specify; "or" means you would have a search that turns up "any"
of the terms. The "not" operator would exclude items that included the "not" term even if they have any or
all of the other search terms. Altavista has real Boolean algebra under its "advanced"" search option.
******************************************
But let's forget all those Web search engines for a minute. In my humble yet old-fashioned opinion, the best
way to search the Web is to use it exactly the way its inventor, Tim Berners-Lee, intended. You start at a
good spot and then follow the links to related sites. Imagine that!
Here's another of my old fogie tips. If you want to really whiz around the Web, and if you have a shell
account, you can do it with t he program lynx. At the prompt, just type "lynx followed by the URL you want
to visit. Because lynx only shows text, you don't have to waste time waiting for the organ music, animated
skulls and pornographic JPEGs to load.
So where are good places to start? Simply surf over to the Web sites listed at the end of this Guide. Not only
do they carry archives of these Guides, they carry a lot of other valuable information for the newbie hacker,
as well as links to other quality sites. My favorites are http://www.cs.utexas.edu/users/matt/hh.html and
http://www.silitoad.org
Warning: parental discretion advised. You'll see some other great starting points elsewhere in this Guide,
too.
Next, consider one of the most common questions I get: "How do I break into a computer????? :( :("
Ask this of someone who isn't a super nice elderly lady like me and you will get a truly rude reaction. Here's
why. The world is full of many kinds of computers running many kinds of software on many kinds of
networks. How you break into a computer depends on all these things. So you need to thoroughly study a
computer system before you an even think about planning a strategy to break into it. That's one reason
breaking into computers is widely regarded as the pinnacle of hacking. So if you don't realize even this
much, you need to do lots and lots of homework before you can even dream of breaking into computers.
But, OK, I'll stop hiding the secrets of universal computer breaking and entry. Check out:
Bugtraq archives: http://geek-girl.com/bugtraq
NT Bugtraq archives: http://ntbugtraq.rc.on.ca/index.html
***************************************************
You can go to jail warning: If you want to take up the sport of breaking into computers, you should either do
it with your own computer, or else get the permission of the owner if you want to break into someone else's
computer. Otherwise you are violating the law. In the US, if you break into a computer that is across a state
line from where you launch your attack, you are committing a Federal felony. If you cross national
boundaries to hack, remember that most nations have treaties that allow them to extradite criminals from
each others' countries.
***************************************************
Wait just a minute, if you surf over to those site you won't instantly become an Ubercracker. Unless you
already are an excellent programmer and knowledgeable in Unix or Windows NT, you will discover the
information at these two sites will *NOT* instantly grant you access to any victim computer you may
choose. It's not that easy. You are going to have to learn how to program. Learn at least one operating
system inside and out.
Of course some people take the shortcut into hacking. They get their phriends to give them a bunch of
canned break-in programs. Then they try them on one computer after another until they stumble into root
and accidentally delete system files. The they get busted and run to the Electronic Freedom Foundation and
whine about how the Feds are persecuting them.
So are you serious? Do you *really* want to be a hacker badly enough to learn an operating system inside
and out? Do you *really* want to populate your dreaming hours with arcane communications protocol
topics? The old-fashioned, and super expensive way is to buy and study lots of manuals.
Look, I'm a real believer in manuals. I spend about $200 per month on them. I read them in the bathroom,
while sitting in traffic jams, and while waiting for doctor's appointments. But if I'm at my desk, I prefer to read
manuals and other technical documents from the Web. Besides, the Web stuff is free!
The most fantastic Web resource for the aspiring geek, er, hacker, is the RFCs. RFC stands for "Request for
Comment." Now this sounds like nothing more than a discussion group. But actually RFCs are the definitive
documents that tell you how the Internet works. The funny name "RFC" comes from ancient history when
lots of people were discussing how the heck to make that ARPAnet thingy work. But nowadays RFC means
"Gospel Truth about How the Internet Works" instead of "Hey Guys, Let's Talk this Stuff Over."
********************************************************
Newbie note: ARPAnet was the US Advanced Research Projects Agency experiment launched in 1969 that
evolved into the Internet. When you read RFCs you will often find references to ARPAnet and ARPA -- or
sometimes DARPA. That "D" stands for "defense." DARPA/ARPA keeps on getting its name changed
between these two. For example, when Bill Clinton became US President in 1993, he changed DARPA back
to ARPA because "defense" is a Bad Thing. Then in 1996 the US Congress passed a law changing it back to
DARPA because "defense" is a Good Thing.
********************************************************
Now ideally you should simply read and memorize all the RFCs. But there are zillions of RFCs and some of
us need to take time out to eat and sleep. So those of us without photographic memories and gobs of free
time need to be selective about what we read. So how do we find an RFC that will answer whatever is our
latest dumb question?
One good starting place is a complete list of all RFCs and their titles at ftp://ftp.tstt.net.tt/pub/inet/rfc/rfcindex.
Although this is an ftp (file transfer protocol) site, you can access it with your Web browser.
Or, how about the RFC on RFCs! That's right, RFC 825 is "intended to clarify the status of RFCs and to
provide some guidance for the authors of RFCs in the future. It is in a sense a specification for RFCs." To
find this RFC, or in fact any RFC for which you have its number, just go to Altavista and search for "RFC
825" or whatever the number is. Be sure to put it in quotes just like this example in order to get the best
results.
Whoa, these RFCs can be pretty hard to understand! Heck, how do we even know which RFC to read to get
an answer to our questions? Guess what, there is solution, a fascinating group of RFCs called "FYIs" Rather
than specifying anything, FYIs simply help explain the other RFCs. How do you get FYIs? Easy! I just
surfed over to the RFC on FYIs (1150) and learned that:
FYIs can be obtained via FTP from NIC.DDN.MIL, with the pathname FYI:mm.TXT, or RFC:RFCnnnn.TXT
(where "mm" refers to the number of the FYI and "nnnn" refers to the number of the RFC). Login with FTP,
username ANONYMOUS and password GUEST. The NIC also provides an automatic mail service for those
sites which cannot use FTP. Address the request to SERVICE@NIC.DDN.MIL and in the subject field of
the message indicate the FYI or RFC number, as in "Subject: FYI mm" or "Subject: RFC nnnn".
But even better than this is an organized set of RFCs hyperlinked together on the Web at
http://www.FreeSoft.org/Connected/. I can't even begin to explain to you how wonderful this site is. You
just have to try it yourself. Admittedly it doesn't contain all the RFCs. But it has a tutorial and a newbiefriendly
set of links through the most important RFCs.
Last but not least, you can check out two sites that offer a wealth of technical information on computer
security:
http://csrc.nist.gov/secpubs/rainbow/
http://GANDALF.ISU.EDU/security/security.html security library
I hope this is enough information to keep you busy studying for the next five or ten years. But please keep
this in mind. Sometimes it's not easy to figure something out just by reading huge amounts of technical
information. Sometimes it can save you a lot of grief just to ask a question. Even a dumb question. Hey, how
would you like to check out the Web site for those of us who make our living asking people dumb
questions? Surf over to http://www.scip.org. That's the home page of the Society of Competitive
Information Professionals, the home organization for folks like me. So, go ahead, make someone's day. Have
phun asking those dumb questions. Just remember to fireproof your phone and computer first!
sort.
But, but, how do we know what are the wrong questions to ask? OK, I sympathize with your problems
because I get flamed a lot, too. That's partly because I sincerely believe in asking dumb questions. I make
my living asking dumb questions. People pay me lots of money to go to conferences, call people on the
phone and hang out on Usenet news groups asking dumb questions so I can find out stuff for them. And,
guess what, sometimes the dumbest questions get you the best answers. So that's why you don't see me
flaming people who ask dumb questions.
********************************************************
Newbie note: Have you been too afraid to ask the dumb question, "What is a flame?" Now you get to find
out! It is a bunch of obnoxious rantings and ravings made in email or a Usenet post by some idiot who
thinks he or she is proving his or her mental superiority through use of foul and/or impolite language such
as "you suffer from rectocranial inversion," f*** y***, d****, b****, and of course @#$%^&*! This
newbie note is my flame against those flamers to whom I am soooo superior.
********************************************************
But even though dumb questions can be good to ask, you may not like the flames they bring down on you.
So, if you want to avoid flames, how do you find out answers for yourself?
This Guide covers one way to find out hacking information without having to ask people questions: by
surfing the Web. The other way is to buy lots and lots of computer manuals, but that costs a lot of money.
Also, in some parts of the world it is difficult to get manuals. Fortunately, however, almost anything you
want to learn about computers and communications is available for free somewhere on the Web.
First, let's consider the Web search engines. Some just help you search the Web itself. But others enable
you to search Usenet newsgroups that have been archived for many years back. Also, the best hacker email
lists are archived on the Web, as well.
There are two major considerations in using Web search engines. One is what search engine to use, and the
other is the search tactics themselves.
I have used many Web search engines. But eventually I came to the conclusion that for serious research,
you only need two: Alavista (http://altavista.digital.com)and Dejanews (http://www.dejanews.com).
Altavista is the best for the Web, while Dejanews is the best o ne for searching Usenet news groups. But, if
you don't want to take me at my word, you may surf over to a site with links to almost all the Web and
Newsgroup search engines at http://sgk.tiac.net/search/.
But just how do you efficiently use these search engines? If you ask them to find "hacker" or even "how to
hack," you will get bazillions of Web sites and news group posts to read. OK, so you painfully surf through
one hacker Web site after another. You get portentous-sounding organ music, skulls with red rolling eyes,
animated fires burning, and each site has links to other sites with pretentious music and ungrammatical
boastings about "I am 31337, d00dz!!! I am so *&&^%$ good at hacking you should bow down and kiss my
$%^&&*!" But somehow they don't seem to have any actual information. Hey, welcome to the wannabe
hacker world!
You need to figure out some words that help the search engine of your choice get more useful results. For
example, let's say you want to find out whether I, the Supreme R00ler of the Happy Hacker world, am an elite
hacker chick or merely some poser. Now the luser approach would to simply go to http://www.dejanews.com
and do a search of Usenet news groups for "Carolyn Meinel," being sure to click the "old" button to bring
up stuff from years back. But if you do that, you get this huge long list of posts, most of which have
nothing to do with hacking:
CDMA vs GSM - carolyn meinel
Re: October El Nino-Southern Oscillation info gonthier@usgs.gov (Gerard J. Gonthier) 1995/11/20
Re: Internic Wars MrGlucroft@psu.edu (The Reaver) 1995/11/30
shirkahn@earthlink.net (Christopher Proctor) 1995/12/16
Re: Lyndon LaRouche - who is he? lness@ucs.indiana.edu (lester john ness) 1996/01/06
U-B Color Index observation data - cmeinel@nmia.com (Carolyn P. Meinel) 1996/05/13
Re: Mars Fraud? History of one scientist involved gksmiley@aol.com (GK Smiley) 1996/08/11
Re: Mars Life Announcement: NO Fraud Issue twitch@hub.ofthe.net 1996/08/12
Hackers Helper E-Zine wanted - rcortes@tuna.hooked.net (Raul Cortes) 1996/12/06
Carolyn Meinel, Sooooooper Genius - nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer
node) 1996/12/12
Anyhow, this list goes on and on and on.
But if you specify "Carolyn Meinel hacker" and click "all" instead of "any" on the "Boolean" button, you
get a list that starts with:
Media: "Unamailer delivers Christmas grief" -Mannella@ipifidpt.difi.unipi.it (Riccardo Mannella) 1996/12/30
Cu Digest, #8.93, Tue 31 Dec 96 - Cu Digest (tk0jut2@mvs.cso.niu.edu)
RealAudio interview with Happy Hacker - bmcw@redbud.mv.com (Brian S. McWilliams) 1997/01/08
Etc.
This way all those posts about my boring life in the world of science don't show up, just the juicy hacker
stuff.
Now suppose all you want to see is flames about what a terrible hacker I am. You could bring those to the
top of the list by adding (with the "all" button still on) "flame" or "f***" or "b****" being careful to spell
out those bad words instead fubarring them with ****s. For example, a search on "Carolyn Meinel hacker
flame" with Boolean "all" turns up only one post. This important tome says the Happy Hacker list is a dire
example of what happens when us prudish moderator types censor naughty words and inane diatribes.
******************************************
Newbie note: "Boolean" is math term. On the Dejanews search engine they figure the user doesn't have a
clue of what "Boolean" means so they give you a choice of "any" or "all" and then label it "Boolean" so
you feel stupid if you don't understand it. But in real Boolean algebra we can use the operators "and" "or"
and "not" on word searches (or any searches of sets). "And" means you would have a search that turns up
only items that have "all" the terms you specify; "or" means you would have a search that turns up "any"
of the terms. The "not" operator would exclude items that included the "not" term even if they have any or
all of the other search terms. Altavista has real Boolean algebra under its "advanced"" search option.
******************************************
But let's forget all those Web search engines for a minute. In my humble yet old-fashioned opinion, the best
way to search the Web is to use it exactly the way its inventor, Tim Berners-Lee, intended. You start at a
good spot and then follow the links to related sites. Imagine that!
Here's another of my old fogie tips. If you want to really whiz around the Web, and if you have a shell
account, you can do it with t he program lynx. At the prompt, just type "lynx followed by the URL you want
to visit. Because lynx only shows text, you don't have to waste time waiting for the organ music, animated
skulls and pornographic JPEGs to load.
So where are good places to start? Simply surf over to the Web sites listed at the end of this Guide. Not only
do they carry archives of these Guides, they carry a lot of other valuable information for the newbie hacker,
as well as links to other quality sites. My favorites are http://www.cs.utexas.edu/users/matt/hh.html and
http://www.silitoad.org
Warning: parental discretion advised. You'll see some other great starting points elsewhere in this Guide,
too.
Next, consider one of the most common questions I get: "How do I break into a computer????? :( :("
Ask this of someone who isn't a super nice elderly lady like me and you will get a truly rude reaction. Here's
why. The world is full of many kinds of computers running many kinds of software on many kinds of
networks. How you break into a computer depends on all these things. So you need to thoroughly study a
computer system before you an even think about planning a strategy to break into it. That's one reason
breaking into computers is widely regarded as the pinnacle of hacking. So if you don't realize even this
much, you need to do lots and lots of homework before you can even dream of breaking into computers.
But, OK, I'll stop hiding the secrets of universal computer breaking and entry. Check out:
Bugtraq archives: http://geek-girl.com/bugtraq
NT Bugtraq archives: http://ntbugtraq.rc.on.ca/index.html
***************************************************
You can go to jail warning: If you want to take up the sport of breaking into computers, you should either do
it with your own computer, or else get the permission of the owner if you want to break into someone else's
computer. Otherwise you are violating the law. In the US, if you break into a computer that is across a state
line from where you launch your attack, you are committing a Federal felony. If you cross national
boundaries to hack, remember that most nations have treaties that allow them to extradite criminals from
each others' countries.
***************************************************
Wait just a minute, if you surf over to those site you won't instantly become an Ubercracker. Unless you
already are an excellent programmer and knowledgeable in Unix or Windows NT, you will discover the
information at these two sites will *NOT* instantly grant you access to any victim computer you may
choose. It's not that easy. You are going to have to learn how to program. Learn at least one operating
system inside and out.
Of course some people take the shortcut into hacking. They get their phriends to give them a bunch of
canned break-in programs. Then they try them on one computer after another until they stumble into root
and accidentally delete system files. The they get busted and run to the Electronic Freedom Foundation and
whine about how the Feds are persecuting them.
So are you serious? Do you *really* want to be a hacker badly enough to learn an operating system inside
and out? Do you *really* want to populate your dreaming hours with arcane communications protocol
topics? The old-fashioned, and super expensive way is to buy and study lots of manuals.
Look, I'm a real believer in manuals. I spend about $200 per month on them. I read them in the bathroom,
while sitting in traffic jams, and while waiting for doctor's appointments. But if I'm at my desk, I prefer to read
manuals and other technical documents from the Web. Besides, the Web stuff is free!
The most fantastic Web resource for the aspiring geek, er, hacker, is the RFCs. RFC stands for "Request for
Comment." Now this sounds like nothing more than a discussion group. But actually RFCs are the definitive
documents that tell you how the Internet works. The funny name "RFC" comes from ancient history when
lots of people were discussing how the heck to make that ARPAnet thingy work. But nowadays RFC means
"Gospel Truth about How the Internet Works" instead of "Hey Guys, Let's Talk this Stuff Over."
********************************************************
Newbie note: ARPAnet was the US Advanced Research Projects Agency experiment launched in 1969 that
evolved into the Internet. When you read RFCs you will often find references to ARPAnet and ARPA -- or
sometimes DARPA. That "D" stands for "defense." DARPA/ARPA keeps on getting its name changed
between these two. For example, when Bill Clinton became US President in 1993, he changed DARPA back
to ARPA because "defense" is a Bad Thing. Then in 1996 the US Congress passed a law changing it back to
DARPA because "defense" is a Good Thing.
********************************************************
Now ideally you should simply read and memorize all the RFCs. But there are zillions of RFCs and some of
us need to take time out to eat and sleep. So those of us without photographic memories and gobs of free
time need to be selective about what we read. So how do we find an RFC that will answer whatever is our
latest dumb question?
One good starting place is a complete list of all RFCs and their titles at ftp://ftp.tstt.net.tt/pub/inet/rfc/rfcindex.
Although this is an ftp (file transfer protocol) site, you can access it with your Web browser.
Or, how about the RFC on RFCs! That's right, RFC 825 is "intended to clarify the status of RFCs and to
provide some guidance for the authors of RFCs in the future. It is in a sense a specification for RFCs." To
find this RFC, or in fact any RFC for which you have its number, just go to Altavista and search for "RFC
825" or whatever the number is. Be sure to put it in quotes just like this example in order to get the best
results.
Whoa, these RFCs can be pretty hard to understand! Heck, how do we even know which RFC to read to get
an answer to our questions? Guess what, there is solution, a fascinating group of RFCs called "FYIs" Rather
than specifying anything, FYIs simply help explain the other RFCs. How do you get FYIs? Easy! I just
surfed over to the RFC on FYIs (1150) and learned that:
FYIs can be obtained via FTP from NIC.DDN.MIL, with the pathname FYI:mm.TXT, or RFC:RFCnnnn.TXT
(where "mm" refers to the number of the FYI and "nnnn" refers to the number of the RFC). Login with FTP,
username ANONYMOUS and password GUEST. The NIC also provides an automatic mail service for those
sites which cannot use FTP. Address the request to SERVICE@NIC.DDN.MIL and in the subject field of
the message indicate the FYI or RFC number, as in "Subject: FYI mm" or "Subject: RFC nnnn".
But even better than this is an organized set of RFCs hyperlinked together on the Web at
http://www.FreeSoft.org/Connected/. I can't even begin to explain to you how wonderful this site is. You
just have to try it yourself. Admittedly it doesn't contain all the RFCs. But it has a tutorial and a newbiefriendly
set of links through the most important RFCs.
Last but not least, you can check out two sites that offer a wealth of technical information on computer
security:
http://csrc.nist.gov/secpubs/rainbow/
http://GANDALF.ISU.EDU/security/security.html security library
I hope this is enough information to keep you busy studying for the next five or ten years. But please keep
this in mind. Sometimes it's not easy to figure something out just by reading huge amounts of technical
information. Sometimes it can save you a lot of grief just to ask a question. Even a dumb question. Hey, how
would you like to check out the Web site for those of us who make our living asking people dumb
questions? Surf over to http://www.scip.org. That's the home page of the Society of Competitive
Information Professionals, the home organization for folks like me. So, go ahead, make someone's day. Have
phun asking those dumb questions. Just remember to fireproof your phone and computer first!
Hacking from Windows 3.x, 95 and NT
This lesson will tell you how, armed with even the lamest of on-line services such as America Online and the
Windows 95 operating system, you can do some fairly serious Internet hacking -- today!
In this lesson we will learn how to:
· Use secret Windows 95 DOS commands to track down and port surf computers used by famous on-line
service providers.
· Telnet to computers that will let you use the invaluable hacker tools of whois, nslookup, and dig.
· Download hacker tools such as port scanners and password crackers designed for use with Windows.
· Use Internet Explorer to evade restrictions on what programs you can run on your school or work
computers.
Yes, I can hear jericho and Rogue Agent and all the other Super Duper hackers on this list laughing. I'll bet
already they have quit reading this and are furiously emailing me flames and making phun of me in 2600
meetings. Windows hacking? Pooh!
Tell seasoned hackers that you use Windows and they will laugh at you. They'll tell you to go away and
don't come back until you're armed with a shell account or some sort of Unix on your PC. Actually, I have
long shared their opinion. Shoot, most of the time hacking from Windoze is like using a 1969 Volkswagon to
race against a dragster using one of VP Racing's high-tech fuels.
But there actually is a good reason to learn to hack from Windows. Some of your best tools for probing and
manipulating Windows networks are found only on Windows NT. Furthermore, with Win 95 you can
practice the Registry hacking that is central to working your will on Win NT servers and the networks they
administer.
In fact, if you want to become a serious hacker, you eventually will have to learn Windows. This is because
Windows NT is fast taking over the Internet from Unix. An IDC report projects that the Unix-based Web
server market share will fall from the 65% of 1995 to only 25% by the year 2000. The Windows NT share is
projected to grow to 32%. This weak future for Unix Web servers is reinforced by an IDC report reporting
that market share of all Unix systems is now falling at a compound annual rate of decline of -17% for the
foreseeable future, while Windows NT is growing in market share by 20% per year. (Mark Winther, "The
Global Market for Public and Private Internet Server Software," IDC #11202, April 1996, 10, 11.)
So if you want to keep up your hacking skills, you're going to have to get wise to Windows. On e of these
days we're going to be sniggering at all those Unix-only hackers.
Besides, even poor, pitiful Windows 95 now can take advantage of lots of free hacker tools that give it
much of the power of Unix.
Since this is a beginners' lesson, we'll go straight to the Big Question: "All I got is AOL and a Win 95 box.
Can I still learn how to hack?"
Yes, yes, yes!
The secret to hacking from AOL/Win 95 -- or from any on-line service that gives you access to the World
Wide Web -- is hidden in Win 95's MS-DOS (DOS 7.0).
DOS 7.0 offers several Internet tools, none of which are documented in either the standard Windows or DOS
help features. But you're getting the chance to learn these hidden features today.
So to get going with today's lesson, use AOL or whatever lame on-line service you may have and make the
kind of connection you use to get on the Web (this will be a PPP or SLIP connection). Then minimize your
Web browser and prepare to hack! Next, bring up your DOS window by clicking Start, then Programs, then
MS-DOS.
For best hacking I've found it easier to use DOS in a window with a task bar which allows me to cut and
paste commands and easily switch between Windows and DOS programs. If your DOS comes up as a full
screen, hold down the Alt key while hitting enter, and it will go into a window. Then if you are missing the
task bar, click the system menu on the left side of the DOS window caption and select Toolbar.
Now you have the option of eight TCP/IP utilities to play with: telnet, arp, ftp, nbtstat, netstat, ping, route,
and tracert.
Telnet is the biggie. You can also access the telnet program directly from Windows. But while hacking you
may need the other utilities that can only be used from DOS, so I like to call telnet from DOS.
With the DOS telnet you can actually port surf almost as well as from a Unix telnet program. But there are
several tricks you need to learn in order to make this work.
First, we'll try out logging on to a strange computer somewhere. This is a phun thing to show your friends
who don't have a clue because it can scare the heck out them. Honest, I just tried this out on a neighbor. He
got so worried that when he got home he called my husband and begged him to keep me from hacking his
work computer!
To do this (I mean log on to a strange computer, not scare your neighbors) go to the DOS prompt
C:\WINDOWS> and give the command "telnet." This brings up a telnet screen. Click on Connect, then click
Remote System.
This brings up a box that asks you for "Host Name." Type "whois.internic.net" into this box. Below that it
asks for "Port" and has the default value of "telnet." Leave in "telnet" for the port selection. Below that is a
box for "TermType." I recommend picking VT100 because, well, just because I like it best.
The first thing you can do to frighten your neighbors and impress your friends is a "whois." Click on
Connect and you will soon get a prompt that looks like this:
[vt100]InterNIC>
Then ask your friend or neighbor his or her email address. Then at this InterNIC prompt, type in the last two
parts of your friend's email address. For example, if the address is "luser@aol.com," type in "aol.com."
Now I'm picking AOL for this lesson because it is really hard to hack. Almost any other on-line service will
be easier.
For AOL we get the answer:
[vt100] InterNIC > whois aol.com
Connecting to the rs Database . . . . . .
Connected to the rs Database
America Online (AOL-DOM)
12100 Sunrise Valley Drive
Reston, Virginia 22091
USA
Domain Name: AOL.COM
Administrative Contact:
O'Donnell, David B (DBO3) PMDAtropos@AOL.COM
703/453-4255 (FAX) 703/453-4102
Technical Contact, Zone Contact:
America Online (AOL-NOC) trouble@aol.net
703-453-5862
Billing Co ntact:
Barrett, Joe (JB4302) BarrettJG@AOL.COM
703-453-4160 (FAX) 703-453-4001
Record last updated on 13-Mar-97.
Record created on 22-Jun-95.
Domain servers in listed order:
DNS-01.AOL.COM 152.163.199.42
DNS-02.AOL.COM 152.163.199.56
DNS-AOL.ANS.NET 198.83.210.28
These last three lines give the names of some computers that work for America Online (AOL). If we want to
hack AOL, these are a good place to start.
*********************************
Newbie note: We just got info on three "domain name servers" for AOL. "Aol.com" is the domain name for
AOL, and the domain servers are the computers that hold information that tells the rest of the Internet how
to send messages to AOL computers and email addresses.
*********************************
*********************************
Evil genius tip: Using your Win 95 and an Internet connection, you can run a whois query from many other
computers, as well. Telnet to your target computer's port 43 and if it lets you get on it, give your query.
Example: telnet to nic.ddn.mil, port 43. Once connected type "whois DNS-01.AOL.COM," or whatever name
you want to check out. However, this only works on computers that are running the whois service on port
43.
Warning: show this trick to your neighbors and they will really be terrified. They just saw you accessing a
US military computer! But it's OK, nic.ddn.mil is open to the public on many of its ports. Check out its Web
site www.nic.ddn.mil and its ftp site, too -- they are a mother lode of information that is good for hacking.
*********************************
Next I tried a little port surfing on DNS-01.AOL.COM but couldn't find any ports open. So it's a safe bet this
computer is behind the AOL firewall.
**********************************
Newbie note: port surfing means to attempt to access a computer through several different ports. A port is
any way you get information into or out of a computer. For example, port 23 is the one you usually use to
log into a shell account. Port 25 is used to send email. Port 80 is for the Web. There are thousands of
designated ports, but any particular computer may be running only three or four ports. On your home
computer your ports include the monitor, keyboard, and modem.
**********************************
So what do we do next? We close the telnet program and go back to the DOS window. At the DOS prompt
we give the command "tracert 152.163.199.42." Or we could give the command "tracert DNS-01.AOL.COM."
Either way we'll get the same result. This command will trace the route that a message takes, hopping from
one computer to another, as it travels from my computer to this AOL domain server computer. Here's what
we get:
C:\WINDOWS>tracert 152.163.199.42
Tracing route to dns-01.aol.com [152.163.199.42]
over a maximum of 30 hops:
1 * * * Request timed out.
2 150 ms 144 ms 138 ms 204.134.78.201
3 375 ms 299 ms 196 ms glory-cyberport.nm.westnet.net [204.134.78.33]
4 271 ms * 201 ms enss365.nm.org [129.121.1.3]
5 229 ms 216 ms 213 ms h4-0.cnss116.Albuquerque.t3.ans.net [192.103.74.45]
6 223 ms 236 ms 229 ms f2.t112-0.Albuquerque.t3.ans.net [140.222.112.221]
7 248 ms 269 ms 257 ms h14.t64-0.Houston.t3.ans.net [140.223.65.9]
8 178 ms 212 ms 196 ms h14.t80-1.St-Louis.t3.ans.net [140.223.65.14]
9 316 ms * 298 ms h12.t60-0.Reston.t3.ans.net [140.223.61.9]
10 315 ms 333 ms 331 ms 207.25.134.189
11 * * * Request timed out.
12 * * * Request timed out.
13 207.25.134.189 reports: Destination net unreachable.
What the heck is all this stuff? The number to the left is the number of computers the route has been traced
through. The "150 ms" stuff is how long, in thousandths of a second, it takes to send a message to and from
that computer. Since a message can take a different length of time every time you send it, tracert times the
trip three t imes. The "*" means the trip was taking too long so tracert said "forget it." After the timing info
comes the name of the computer the message reached, first in a form that is easy for a human to remember,
then in a form -- numbers -- that a computer prefers.
"Destination net unreachable" probably means tracert hit a firewall.
Let's try the second AOL domain server.
C:\WINDOWS>tracert 152.163.199.56
Tracing route to dns-02.aol.com [152.163.199.56]
over a maximum of 30 hops:
1 * * * Request timed out.
2 142 ms 140 ms 137 ms 204.134.78.201
3 246 ms 194 ms 241 ms glory-cyberport.nm.westnet.net [204.134.78.33]
4 154 ms 185 ms 247 ms enss365.nm.org [129.121.1.3]
5 475 ms 278 ms 325 ms h4-0.cnss116.Albuquerque.t3.ans.net [192.103.74.
45]
6 181 ms 187 ms 290 ms f2.t112-0.Albuquerque.t3.ans.net [140.222.112.22
1]
7 162 ms 217 ms 199 ms h14.t64-0.Houston.t3.ans.net [140.223.65.9]
8 210 ms 212 ms 248 ms h14.t80-1.St-Louis.t3.ans.net [140.223.65.14]
9 207 ms * 208 ms h12.t60-0.Reston.t3.ans.net [140.223.61.9]
10 338 ms 518 ms 381 ms 207.25.134.189
11 * * * Request timed out.
12 * * * Request timed out.
13 207.25.134.189 reports: Destination net unreachable.
Note that both tracerts ended at the same computer named h12.t60-0.Reston.t3.ans.net. Since AOL is
headquartered in Reston, Virginia, it's a good bet this is a computer that directly feeds stuff into AOL. But
we notice that h12.t60-0.Reston.t3.ans.net , h14.t80-1.St-Louis.t3.ans.net, h14.t64-0.Houston.t3.ans.net and
Albuquerque.t3.ans.net all have numerical names beginning with 140, and names that end with "ans.net." So
it's a good guess that they all belong to the same company. Also, that "t3" in each name suggests these
computers are routers on a T3 communications backbone for the Internet.
Next let's check out that final AOL domain server:
C:\WINDOWS>tracert 198.83.210.28
Tracing route to dns-aol.ans.net [198.83.210.28]
over a maximum of 30 hops:
1 * * * Request timed out.
2 138 ms 145 ms 135 ms 204.134.78.201
3 212 ms 191 ms 181 ms glory-cyberport.nm.westnet.net [204.134.78.33]
4 166 ms 228 ms 189 ms enss365.nm.org [129.121.1.3]
5 148 ms 138 ms 177 ms h4-0.cnss116.Albuquerque.t3.ans.net [192.103.74.
45]
6 284 ms 296 ms 178 ms f2.t112-0.Albuquerque.t3.ans.net [140.222.112.22
1]
7 298 ms 279 ms 277 ms h14.t64-0.Houston.t3.ans.net [140.223.65.9]
8 238 ms 234 ms 263 ms h14.t104-0.Atlanta.t3.ans.net [140.223.65.18]
9 301 ms 257 ms 250 ms dns-aol.ans.net [198.83.210.28]
Trace complete.
Hey, we finally got all the way through to something we can be pretty certain is an AOL box, and it looks
like it's outside the firewall! But look at how the tracert took a different path this time, going through Atlanta
instead of St. Louis and Reston. But we are still looking at ans.net addresses with T3s, so this last
nameserver is using the same network as the others.
Now what can we do next to get luser@aol.com really wondering if you could actually break into his
account? We're going to do some port surfing on this last AOL domain name server! But to do this we need
to change our telnet settings a bit.
Click on Terminal, then Preferences. In the preferences box you need to check "Local echo." You must do
this, or else you won't be able to see everything that you get while port surfing. For some reason, some of
the messages a remote computer sends to you won't show up on your Win 95 telnet screen unless you
choose the local echo option. However, be warned, in some situations everything you type in will be
doubled. For example, if you type in "hello" the telnet screen may show you "heh lelllo o. This doesn't mean
you mistyped, it just means your typing is getting echoed back at various intervals.
Now click on Connect, then Remote System. Then enter the name of that last AOL domain server, dnsaol.
ans.net. Below it, for Port choose Daytime. It will send back to you the day of the week, date and time of
day in its time zone.
Aha! We now know that dns-aol.ans.net is exposed to the world, with at least one open port, heh, heh. It is
definitely a prospect for further port surfing. And now your friend is wondering, how did you get something
out of that computer?
******************************
Clueless newbie alert: If everyone who reads this telnets to the daytime port of this computer, the sysadmin
will say "Whoa, I'm under heavy attack by hackers!!! There must be some evil exploit for the daytime
service! I'm going to close this port pronto!" Then you'll all email me complaining the hack doesn't work.
Please, try this hack out on different computers and don't all beat up on AOL.
******************************
Now let's check out that Reston computer. I select Remote Host again and enter the name h12.t60-
0.Reston.t3.ans.net. I try some port surfing without success. This is a seriously locked down box! What do
we do next?
So first we remove that "local echo" feature, then we telnet back to whois.internic. We ask about this
ans.net outfit that offers links to AOL:
[vt100] InterNIC > whois ans.net
Connecting to the rs Database . . . . . .
Connected to the rs Database
ANS CO+RE Systems, Inc. (ANS-DOM)
100 Clearbrook Road
Elmsford, NY 10523
Domain Name: ANS.NET
Administrative Contact:
Hershman, Ittai (IH4) ittai@ANS.NET
(914) 789-5337
Technical Contact:
ANS Network Operations Center (ANS-NOC) noc@ans.net
1-800-456-6300
Zone Contact:
ANS Hostmaster (AH-ORG) hostmaster@ANS.NET
(800)456-6300 fax: (914)789-5310
Record last updated on 03-Jan-97.
Record created on 27-Sep-90.
Domain servers in listed order:
NS.ANS.NET 192.103.63.100
NIS.ANS.NET 147.225.1.2
Now if you wanted to be a really evil hacker you could call that 800 number and try to social engineer a
password out of somebody who works for this network. But that wouldn't be nice and there is nothing legal
you can do with ans.net passwords. So I'm not telling you how to social engineer those passwords.
Anyhow, you get the idea of how you can hack around gathering info that leads to the computer that
handles anyone's email.
So what else can you do with your on-line connection and Win 95?
Well... should I tell you about killer ping? It's a good way to lose your job and end up in jail. You do it from
your Windows DOS prompt. Find the gory details in the GTMHH Vol.2 Number 3, which is kept in one of
our archives listed at the end of this lesson. Fortunately most systems administrators have patched things
nowadays so that killer ping won't work. But just in case your ISP or LAN at work or school isn't protected,
don't test it without your sysadmin's approval!
Then there's ordinary ping, also done from DOS. It's sort of like tracert, but all it does is time how long a
message takes from one computer to another, without telling you anything about the computers between
yours and the one you ping.
Other TCP/IP commands hidden in DOS include:
· Arp IP-to-physical address translation tables
· Ftp File transfer protocol. This one is really lame. Don't use it. Get a shareware Ftp program from one of the
download sites listed below.
· Nbtstat Displays current network info -- super to use on your own ISP
· Netstat Similar to Nbstat
· Route Controls router tables -- router hacking is considered extra elite.
Since these are semi-secret commands, you can't get any details on how to use them from the DOS help
menu. But there are help files hidden away for these commands.
· For arp, nbtstat, ping and route, to get help just type in the command and hit enter.
· For netstat you have to give the command "netstat ?" to get help.
· Telnet has a help option on the tool bar.
I haven't been able to figure out a trick to get help for the ftp command.
Now suppose you are at the point where you want to do serious hacking that requires commands other than
these we just covered, but you don't want to use Unix. Shame on you! But, heck, even though I usually
have one or two Unix shell accounts plus Walnut Creek Slackware on my home computer, I still like to hack
from Windows. This is because I'm ornery. So you can be ornery, too.
So what is your next option for doing serious hacking from Windows?
How would you like to crack Win NT server passwords? Download the free Win 95 program NTLocksmith,
an add-on program to NTRecover that allows for the changing of passwords on systems where the
administrative password has been lost. It is reputed to work 100% of the time. Get both NTLocksmith and
NTRecover -- and lots more free hacker tools -- from http://www.ntinternals.com.
**********************************
You can go to jail warning: If you use NTRecover to break into someone else's system, you are just asking
to get busted.
**********************************
How would you like to trick your friends into thinking their NT box has crashed when it really hasn't? This
prank program can be downloaded from http://www.osr.com/insider/insdrcod.htm.
*********************************
You can get punched in the nose warning: need I say more?
*********************************
But by far the deadliest hacking tool that runs on Windows can be downloaded from, guess what?
http://home.microsoft.com
That deadly program is Internet Explorer 3.0. Unfortunately, this program is even better for letting other
hackers break into your home computer and do stuff like make your home banking program (e.g. Quicken)
transfer your life savings to someone in Afghanistan.
But if you're aren't brave enough to run Internet Explorer to surf the Web, you can still use it to hack your
own computer, or other computers on your LAN. You see, Internet Explorer is really an alternate Windows
shell which operates much like the Program Manager and Windows Explorer that come with the Win 94 and
Win NT operating systems.
Yes, from Internet Explorer you can run any program on your own computer. Or any program to which you
have access on your LAN.
***********************************
Newbie note: A shell is a program that mediates between you and the operating system. The big deal about
Internet Explorer being a Windows shell is that Microsoft never told anyone that it was in fact a shell. The
security problems that are plaguing Internet Explorer are mostly a consequence of it turning out to be a
shell. By contrast, the Netscape and Mosaic Web browsers are not shells. They also are much safer to use.
***********************************
To use Internet Explorer as a Windows shell, bring it up just like you would if you were going to surf the
Web. Kill the program's attempt to establish an Internet connection -- we don't want to do anything crazy,
do we?
Then in the space where you would normally type in the URL you want to surf, instead type in c:.
Whoa, look at all those file folders that come up on the screen. Look familiar? It's the same stuff your
Windows Explorer would show you. Now for fun, click "Program Files" then click "Accessories" then click
"MSPaint." All of a sudden MSPaint is running. Now paint your friends who are watching this hack very
surprised.
Next close all that stuff and get back to Internet Explorer. Click on the Windows folder, then click on
Regedit.exe to start it up. Export the password file (it's in HKEY_CLASSES_ROOT). Open it in Word Pad.
Remember, the ability to control the Registry of a server is the key to controlling the network it serves.
Show this to your next door neighbor and tell her that you're going to use Internet Explorer to surf her
password files. In a few hours the Secret Service will be fighting with the FBI on your front lawn over who
gets to try to bust you. OK, only kidding here.
So how can you use Internet Explorer as a hacking tool? One way is if you are using a computer that
restricts your ability to run other programs on your computer or LAN. Next time you get frustrated at your
school or library computer, check to see if it offers Internet Explorer. If it does, run it and try entering disk
drive names. While C: is a common drive on your home computer, on a LAN you might get results by
putting in R: or Z: or any other letter of the alphabet.
Next cool hack: try automated port surfing from Windows! Since there are thousands of possible ports that
may be open on any computer, it could take days to fully explore even just one computer by hand. A good
answer to this problem is the NetCop automated port surfer, which can be found at http://www.netcop.com/.
Now suppose you want to be able to access the NTFS file system that Windows NT uses from a Win 95 or
even DOS platform? This can be useful if you are wanting to use Win 95 as a platform to hack an NT
system. http://www.ntinternals.com/ntfsdos.htm offers a program that allows Win 95 and DOS to recognize
and mount NTFS drives for transparent access.
Hey, we are hardly beginning to explore all the wonderful Windows hacking tools out there. It would take
megabytes to write even one sentence about each and every one of them. But you're a hacker, so you'll
enjoy exploring dozens more of these nifty programs yourself. Following is a list of sites where you can
download lots of free and more or less harmless programs that will help you in your hacker career:
ftp://ftp.cdrom.com
ftp://ftp.coast.net
http://hertz.njit.edu/%7ebxg3442/temp.html
http://www.alpworld.com/infinity/void-neo.html
http://www.danworld.com/nettools.html
http://www.eskimo.com/~nwps/index.html
http://www.geocities.com/siliconvalley/park/2613/links.html
http://www.ilf.net/Toast/
http://www.islandnet.com/~cliffmcc
http://www.simtel.net/simtel.net
http://www.supernet.net/cwsapps/cwsa.html
http://www.trytel.com/hack/
http://www.tucows.com
http://www.windows95.com/apps/
http://www2.southwind.net/%7emiker/hack.html
GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series #3 Part 1
How to Get a *Good* Shell Account
In this Guide you will learn how to:
· tell whether you may already have a Unix shell account
· get a shell account
· log on to your shell account
____________________________________________________________
You've fixed up your Windows box to boot up with a lurid hacker logo. You've renamed "Recycle Bin"
"Hidden Haxor Secrets." When you run Netscape or Internet Explorer, instead of that boring corporate logo,
you have a full-color animated Mozilla destroying New York City. Now your friends and neighbors are
terrified and impressed.
But in your heart of hearts you know Windows is scorned by elite hackers. You keep on seeing their hairy
exploit programs and almost every one of them requires the Unix operating system. You realize that when it
comes to messing with computer networks, Unix is the most powerful operating system on the planet. You
have developed a burning desire to become one of those Unix wizards yourself. Yes, you're ready for the
next step.
You're ready for a shell account. SHELL ACCOUNT!!!!
*****************************************************
Newbie note: A shell account allows you to use your home computer as a terminal on which you can give
commands to a computer running Unix. The "shell" is the program that translates your keystrokes into Unix
commands. With the right shell account you can enjoy the use of a far more powerful workstation than you
could ever dream of affording to own yourself. It also is a great stepping stone to the day when you will be
running some form of Unix on your home computer.
*****************************************************
Once upon a time the most common way to get on the Internet was through a Unix shell account. But
nowadays everybody and his brother are on the Internet. Almost all these swarms of surfers want just two
things: the Web, and email. To get the pretty pictures of today's Web, the average Internet consumer wants
a mere PPP (point to point) connection account. They wouldn't know a Unix command if it hit them in the
snoot. So nowadays almost the only people who want shell accounts are us wannabe hackers.
The problem is that you used to be able to simply phone an ISP, say "I'd like a shell account," and they
would give it to you just like that. But nowadays, especially if you sound like a teenage male, you'll run into
something like this:
ISP guy: "You want a shell account? What for?"
Hacker dude: "Um, well, I like Unix."
"Like Unix, huh? You're a hacker, aren't you!" Slam, ISP guy hangs up on you.
So how do you get a shell account? Actually, it's possible you may already have one and not know it. So
first we will answer the question, how do you tell whether you may already have a shell account? Then, if
you are certain you don't have one, we'll explore the many ways you can get one, no matter what, from
anywhere in the world.
How Do I Know Whether I Already Have a Shell Account?
First you need to get a program running that will connect you to a shell account. There are two programs
with Windows 95 that will do this, as well as many other programs, some of which are excellent and free.
First we will show you how to use the Win 95 Telnet program because you already have it and it will always
work. But it's a really limited program, so I suggest that you use it only if you can't get the Hyperterminal
program to work.
1) Find your Telnet program and make a shortcut to it on your desktop.
· One way is to click Start, then Programs, then Windows Explorer.
· When Explorer is running, first resize it so it doesn't cover the entire desktop.
· Then click Tools, then Find, then "Files or Folders."
· Ask it to search for "Telnet."
· It will show a file labeled C:\windows\telnet (instead of C:\ it may have another drive). Right click on this
file.
· This will bring up a menu that includes the option "create shortcut." Click on "create shortcut" and then
drag the shortcut to the desktop and drop it.
· Close Windows Explorer.
2) Depending on how your system is configured, there are two ways to connect to the Internet. The easy
way is to skip to step three. But if it fails, go back to this step. Start up whatever program you use to access
the Internet. Once you are connected, minimize the program. Now try step three.
3) Bring up your Telnet program by double clicking on the shortcut you just made.
· First you need to configure Telnet so it actually is usable. On the toolbar click "terminal," then
"preferences," then "fonts." Choose "Courier New," "regular" and 8 point size. You do this because if you
have too big a font, the Telnet program is shown on the screen so big that the cursor from your shell
program can end up being hidden off the screen. OK, OK, you can pick other fonts, but make sure that
when you close the dialog box that the Telnet program window is entirely visible on the screen. Now why
would there be options that make Telnet impossible to use? Ask Microsoft.
· Now go back to the task bar to click Connect, then under it click "Remote system." This brings up another
dialog box.
· Under "host name" in this box type in the last two parts of your email address. For examp le, if your email
address is jane_doe@boring.ISP.com, type "ISP.com" for host name.
· Under "port" in this box, leave it the way it is, reading "telnet."
· Under "terminal type," in this box, choose "VT100."
· Then click the Connect button and wait to see what happens.
· If the connection fails, try entering the last three parts of your email address as the host, in this case
"boring.ISP.com."
Now if you have a shell account you should next get a message asking you to login. It may look something
like this:
Welcome to Boring Internet Services, Ltd.
Boring.com S9 - login: cmeinel
Password:
Linux 2.0.0.
Last login: Thu Apr 10 14:02:00 on ttyp5 from pm20.kitty.net.
sleepy:~$
If you get something like this you are in definite luck. The important thing here, however, is that the
computer used the word "login" to get you started. If is asked for anything else, for example "logon," this is
not a shell account.
As soon as you login, in the case of Boring Internet Services you have a Unix shell prompt on your screen.
But instead of something this simple you may get something like:
BSDI BSD/OS 2.1 (escape.com) (ttyrf)
login: galfina
Password:
Last login: Thu Apr 10 16:11:37 from fubar.net
___________________ ______ ______________
___ / ___/ ___/ \/ \/ __ / ___/
_____ / ___/\__ / /__/ / / /___/ ___/
_______ / / / / / / / / / / / /
_________ \_____/\_____/\_____/\__/___/\_/ \_____/ .com
[ ESCAPE.COM ]
__________________________________________________________________
PLEASE NOTE:
Multiple Logins and Simultaneous Dialups From Different Locations Are
_NOT_ Permitted at Escape Internet Access.
__________________________________________________________________
Enter your terminal type, RETURN for vt100, ? for list:
Setting terminal type to vt100.
Erase is backspace.
MAIN
Escape Main Menu
----[05:45PM]-----------------------------------------------------
==> H) HELP Help & Tips for the Escape Interface. (M)
I) INTERNET Internet Access & Resources (M)
U) USENETM Usenet Conferences (Internet Distribution) (M)
L) LTALK Escape Local Communications Center (M)
B) BULLETINS Information on Escape, Upgrades, coming events. (M)
M) MAIL Escape World Wide and Local Post Office (M)
F) HOME Your Home Directory (Where all your files end up)
C) CONFIG Config your user and system options (M)
S) SHELL The Shell (Unix Environment) [TCSH]
X) LOGOUT Leave System
BACK MAIN HOME MBOX ITALK LOGOUT
----[Mesg: Y]------------[ TAB key toggles menus ]-------[Connected: 0:00]---
CMD>
In this case you aren't in a shell yet, but you can see an option on the menu to get to a shell. So hooray, you
are in luck, you have a shell account. Just enter "S" and you're in.
Now depending on the ISP you try out, there may be all sorts of different menus, all designed to keep the
user from having to ever stumble across the shell itself. But if you have a shell account, you will probably
find the word "shell" somewhere on the menu.
If you don't get something obvious like this, you may have to do the single most humiliating thing a
wannabe hacker will ever do. Call tech support and ask whether you have a shell account and, if so, how to
login. It may be that they just want to make it really, really hard for you to find your shell account.
Now personally I don't care for the Win 95 Telnet program. Fortunately there are many other ways to check
whether you have a shell account. Here's how to use the Hyperterminal program, which, like Telnet, comes
free with the Windows 95 operating system. This requires a different kind of connection. Instead of a PPP
connection we will do a simple phone dialup, the same sort of connection you use to get on most computer
bulletin board systems (BBS).
1) First, find the program Hyperteminal and make a shortcut to your desktop. This one is easy to find. Just
click Start, then Programs, then Accessories. You'll find Hyperterminal on the accessories menu. Clicking on
it will bring up a window with a bunch of icons. Click on the one labeled "hyperterminal.exe."
2) This brings up a dialog box called "New Connection." Enter the name of your local dialup, then in the next
dialog box enter the phone dialup number of your ISP.
3) Make a shortcut to your desktop.
4) Use Hyperterminal to dial your ISP. Note that in this case you are making a direct phone call to your shell
account rather than trying to reach it through a PPP connection.
Now when you dial your ISP from Hyperterminal you might get a bunch of really weird garbage scrolling
down your screen. But don't give up. What is happening is your ISP is trying to set up a PPP connection
with Hyperterminal. That is the kind of connection you need in order to get pretty pictures on the Web. But
Hyperterminal doesn't understand PPP. Unfortunately I've have not been able to figure out why this
happens sometimes or how to stop it. But the good side of this picture is that the problem may go away the
next time you use Hyperterminal to connect to your ISP. So if you dial again you may get a login sequence.
I've found it often helps to wait a few days and try again. Of course you can complain to tech support at
your ISP. But it is likely that they won't have a clue on what causes their end of things to try to set up a PPP
session with your Hyperterminal connection. Sigh.
But if all goes well, you will be able to log in. In fact, except for the PPP attempt problem, I like the
Hyperterminal program much better than Win 95 Telnet. So if you can get this one to work, try it out for
awhile. See if you like it, too.
There are a number of other terminal programs that are really good for connecting to your shell account.
They include Qmodem, Quarterdeck Internet Suite, and Bitcom. Jericho recommends Ewan, a telnet program
which also runs on Windows 95. Ewan is free, and has many more features than either Hyperterminal or Win
95 Telnet. You may download it from jericho's ftp site at sekurity.org in the /utils directory.
OK, let's say you have logged into your ISP with your favorite program. But perhaps it still isn't clear
whether you have a shell account. Here's your next test. At what you hope is your shell prompt, give the
command "ls -alF." If you have a real, honest-to-goodness shell account, you should get something like
this:
> ls -alF
total 87
drwx--x--x 5 galfina user 1024 Apr 22 21:45 ./
drwxr-xr-x 380 root wheel 6656 Apr 22 18:15 ../
-rw-r--r-- 1 galfina user 2793 Apr 22 17:36 .README
-rw-r--r-- 1 galfina user 635 Apr 22 17:36 .Xmodmap
-rw-r--r-- 1 galfina user 624 Apr 22 17:36 .Xmodmap.USKBD
-rw-r--r-- 1 galfina user 808 Apr 22 17:36 .Xresources
drwx--x--x 2 galfina user 512 Apr 22 17:36 www/
etc.
This is the listing of the files and directories of your home directory. Your shell account may give you a
different set of directories and files than this (which is only a partial listing). In any case, if you see
anything that looks even a little bit like this, congratulations, you already have a shell account!
*******************************************************
Newbie note: The first item in that bunch of dashes and letters in front of the file name tells you what kind of
file it is. "d" means it is a directory, and "-" means it is a file. The rest are the permissions your files have.
"r" = read permission, "w" = write permission, and "x" = execute permission (no, "execute" has nothing to
do with murdering files, it means you have permission to run the program that is in this file). If t here is a
dash, it means there is no permission there.
The symbols in the second, third and fourth place from the left are the permissions that you have as a user,
the following three are the permissions everyone in your designated group has, and the final three are the
permissions anyone and everyone may have. For example, in galfina's directory the subdirectory "www/" is
something you may read, write and execute, while everyone else may only execute. This is the directory
where you can put your Web page. The entire world may browse ("execute") your Web page. But only you
can read and write to it.
If you were to someday discover your permissions looking like:
drwx--xrwx newbie user 512 Apr 22 17:36 www/
Whoa, that "w" in the third place from last would mean anyone with an account from outside your ISP can
hack your Web page!
******************************************************
Another command that will tell you whether you have a shell account is "man." This gives you an online
Unix manual. Usually you have to give the man command in the form of "man" where
is the name of the Unix command you want to study. For example, if you want to know all the
different ways to use the "ls" command, type "man ls" at the prompt.
On the other hand, here is an example of something that, even though it is on a Unix system, is not a shell
account:
BSDI BSD/386 1.1 (dub-gw-2.compuserve.com) (ttyp7)
Connected to CompuServe
Host Name: cis
Enter choice (LOGON, HELP, OFF):
The immediate tip-off that this is not a shell account is that it asks you to "logon" instead of "login:"
How to Get a Shell Account
What if you are certain that you don't already have a shell account? How do you find an ISP that will give
you one?
The obvious place to start is your phone book. Unless you live in a really rural area or in a country where
there are few ISPs, there should be a number of companies to choose from.
So here's your problem. You phone Boring ISP, Inc. and say, "I'd like a shell account." But Joe Dummy on
the other end of the phone says, "Shell? What's a shell account?" You say "I want a shell account. SHELL
ACCOUNT!!!" He says, "Duh?" You say "Shell account. SHELL ACCOUNT!!!" He says, "Um, er, let me talk
to my supervisor." Mr. Uptight Supervisor gets on the phone. "We don't give out shell accounts, you dirty
&%$*# hacker."
Or, worse yet, they claim the Internet access account they are giving you a shell account but you discover it
isn't one.
To avoid this embarrassing scene, avoid calling big name ISPs. I can guarantee you, America Online,
Compuserve and Microsoft Network don't give out shell accounts.
What you want to find is the seediest, tiniest ISP in town. The one that specializes in pasty-faced customers
who stay up all night playing MOOs and MUDs. Guys who impersonate grrrls on IRC. Now that is not to
say that MUD and IRC people are typically hackers. But these definitely are your serious Internet addicts.
An ISP that caters to people like that probably also understands the kind of person who wants to learn Unix
inside and out.
So you phone or email one of these ISPs on the back roads of the Net and say, "Greetings, d00d! I am an evil
haxor and demand a shell account pronto!"
No, no, no! Chances are you got the owner of this tiny ISP on the other end of the line. He's probably a
hacker himself. Guess what? He loves to hack but he doesn't want hackers (or wannabe hackers) for
customers. He doesn't want a customer who's going to be attracting email bombers and wa ging hacker war
and drawing complaints from the sysadmins on whom this deadly dude has been testing exploit code.
So what you do is say something like "Say, do you offer shell accounts? I really, really like to browse the
Web with lynx. I hate waiting five hours for all those pretty pictures and Java applets to load. And I like to
do email with Pine. For newsgroups, I luuuv tin!"
Start out like this and the owner of this tiny ISP may say something like, "Wow, dude, I know what you
mean. IE and Netscape really s***! Lynx uber alles! What user name would you like?"
At this point, ask the owner for a guest account. As you will learn below, some shell accounts are so
restricted that they are almost worthless.
But let's say you can't find any ISP within reach of a local phone call that will give you a shell account. Or
the only shell account you can get is worthless. Or you are well known as a malicious hacker and you've
been kicked off every ISP in town. What can you do?
Your best option is to get an account on some distant ISP, perhaps even in another country. Also, the few
medium size ISPs that offer shell accounts (for example, Netcom) may even have a local dialup number for
you. But if they don't have local dialups, you can still access a shell account located *anywhere* in the
world by setting up a PPP connection with your local dialup ISP, and then accessing your shell account
using a telnet program on your home computer.
*************************************************
Evil Genius Tip: Sure, you can telnet into your shell account from another ISP account. But unless you have
software that allows you to send your password in an encrypted form, someone may sniff your password
and break into your account. If you get to be well known in the hacker world, lots of other hackers will
constantly be making fun of you by sniffing your password. Unfortunately, almost all shell accounts are set
up so you must expose your password to anyone who has hidden a sniffer anywhere between the ISP that
provides your PPP connection and your shell account ISP.
One solution is to insist on a shell account provider that runs ssh (secure shell).
**************************************************
So where can you find these ISPs that will give you shell accounts? One good source is
http://www.celestin.com/pocia/. It provides links to Internet Service Providers categorized by geographic
region. They even have links to allow you to sign up with ISPs serving the Lesser Antilles!
***********************************************
Evil Genius tip: Computer criminals and malicious hackers will often get a guest account on a distant ISP and
do their dirty work during the few hours this guest account is available to them. Since this practice provides
the opportunity to cause s o much harm, eventually it may become really hard to get a test run on a guest
account.
***********************************************
But if you want to find a good shell account the hacker way, here's what you do. Start with a list of your
favorite hacker Web sites. For example, let's try http://ra.nilenet.com/~mjl/hacks/codez.htm.
You take the beginning part of the URL (Uniform Resource Locator) as your starting point. In this case it is
"http://ra.nilenet.com." Try surfing to that URL. In many cases it will be the home page for that ISP. It
should have instructions for how to sign up for a shell account. In the case of Nile Net we strike hacker
gold:
Dial-up Accounts and Pricing
NEXUS Accounts
NEXUS Accounts include: Access to a UNIX Shell, full
Internet access, Usenet newsgroups, 5mb of FTP and/or
WWW storage space, and unlimited time.
One Time Activation Fee: $20.00
Monthly Service Fee: $19.95 or
Yearly Service Fee: $199.95
Plus which they make a big deal over freedom of online speech. And they host a great hacker page full of
these Guides to (mostly) Harmless Hacking!
How to Login to Your Shell Account
Now we assume you finally have a guest shell account and are ready to test drive it. So now we need to
figure out how to login. Now all you hacker geniuses reading this, why don't you just forget to flame me for
telling people how to do something as simple as how to login. Please remember that everyone has a first
login. If you have never used Unix, this first time can be intimidating. In any case, if you are a Unix genius
you have no business reading this Beginners' Guide. So if you are snooping around here looking for
flamebait, send your flames to /dev/null.
***********************************************************
Newbie note: "Flames" are insulting, obnoxious rantings and ravings done by people who are severely
lacking in social skills and are a bunch of &$%@#!! but who think they are brilliant computer savants. For
example, this newbie note is my flame against &$%@#!! flamers.
"/dev/null" stands for "device null." It is a file name in a Unix operating system. Any data that is sent to
/dev/null is discarded. So when someone says they will put something in "/dev/null" that means they are
sending it into permanent oblivion.
***********************************************************
The first thing you need to know in order to get into your shell account is your user name and password.
You need to get that information from the ISP that has just signed you up. The second thing you need to
remember is that Unix is "case sensitive." That means if your login name is "JoeSchmoe" the shell will think
"joeschmoe" is a different person than "JoeSchmoe" or "JOESCHMOE."
OK, so you have just connected to your shell account for the first time. You may see all sorts of different
stuff on that first screen. But the one thing you will always see is the prompt:
login:
Here you will type in your user name.
In response you will always be asked :
Password:
Here you type in your password.
After this you will get some sort of a prompt. It may be a simple as:
%
or
$
or
>
Or as complicated as:
sleepy:~$
Or it may even be some sort of complicated menu where you have to choose a "shell" option before you get
to the shell prompt.
Or it may be a simple as:
#
**********************************************************
Newbie note: The prompt "#" usually means you have the superuser powers of a "root" account. The Unix
superuser has the power to do *anything* to the computer. But you won't see this prompt unless either the
systems administrator has been really careless -- or someone is playing a joke on you. Sometimes a hacker
thinks he or she has broken into the superuser account because of seeing the "#" prompt. But sometimes
this is just a trick the sysadmin is playing. So the hacker goes playing around in what he or she thinks is the
root account while the sysadmin and his friends and the police are all laughing at the hacker.
**********************************************************
Ready to start hacking from your shell account? Watch out, it may be so crippled that it is worthless for
hacking. Or, it may be pretty good, but you might inadvertently do something to get you kicked off. To
avoid these fates, be sure to read Beginners' Series #3 Part 2 of How to Get a *Good* Shell Account, coming
out tomorrow.
In that GTMHH section you will learn how to:
· explore your shell account
· decide whether your shell account is any good for hacking
· keep from losing your shell account
In case you were wondering about all the input from jericho in this Guide, yes, he was quite helpful in
reviewing it and making suggestions. Jericho is a security consultant runs his own Internet host,
obscure.sekurity.org. Thank you, jericho@dimensional.com, and happy hacking!
Windows 95 operating system, you can do some fairly serious Internet hacking -- today!
In this lesson we will learn how to:
· Use secret Windows 95 DOS commands to track down and port surf computers used by famous on-line
service providers.
· Telnet to computers that will let you use the invaluable hacker tools of whois, nslookup, and dig.
· Download hacker tools such as port scanners and password crackers designed for use with Windows.
· Use Internet Explorer to evade restrictions on what programs you can run on your school or work
computers.
Yes, I can hear jericho and Rogue Agent and all the other Super Duper hackers on this list laughing. I'll bet
already they have quit reading this and are furiously emailing me flames and making phun of me in 2600
meetings. Windows hacking? Pooh!
Tell seasoned hackers that you use Windows and they will laugh at you. They'll tell you to go away and
don't come back until you're armed with a shell account or some sort of Unix on your PC. Actually, I have
long shared their opinion. Shoot, most of the time hacking from Windoze is like using a 1969 Volkswagon to
race against a dragster using one of VP Racing's high-tech fuels.
But there actually is a good reason to learn to hack from Windows. Some of your best tools for probing and
manipulating Windows networks are found only on Windows NT. Furthermore, with Win 95 you can
practice the Registry hacking that is central to working your will on Win NT servers and the networks they
administer.
In fact, if you want to become a serious hacker, you eventually will have to learn Windows. This is because
Windows NT is fast taking over the Internet from Unix. An IDC report projects that the Unix-based Web
server market share will fall from the 65% of 1995 to only 25% by the year 2000. The Windows NT share is
projected to grow to 32%. This weak future for Unix Web servers is reinforced by an IDC report reporting
that market share of all Unix systems is now falling at a compound annual rate of decline of -17% for the
foreseeable future, while Windows NT is growing in market share by 20% per year. (Mark Winther, "The
Global Market for Public and Private Internet Server Software," IDC #11202, April 1996, 10, 11.)
So if you want to keep up your hacking skills, you're going to have to get wise to Windows. On e of these
days we're going to be sniggering at all those Unix-only hackers.
Besides, even poor, pitiful Windows 95 now can take advantage of lots of free hacker tools that give it
much of the power of Unix.
Since this is a beginners' lesson, we'll go straight to the Big Question: "All I got is AOL and a Win 95 box.
Can I still learn how to hack?"
Yes, yes, yes!
The secret to hacking from AOL/Win 95 -- or from any on-line service that gives you access to the World
Wide Web -- is hidden in Win 95's MS-DOS (DOS 7.0).
DOS 7.0 offers several Internet tools, none of which are documented in either the standard Windows or DOS
help features. But you're getting the chance to learn these hidden features today.
So to get going with today's lesson, use AOL or whatever lame on-line service you may have and make the
kind of connection you use to get on the Web (this will be a PPP or SLIP connection). Then minimize your
Web browser and prepare to hack! Next, bring up your DOS window by clicking Start, then Programs, then
MS-DOS.
For best hacking I've found it easier to use DOS in a window with a task bar which allows me to cut and
paste commands and easily switch between Windows and DOS programs. If your DOS comes up as a full
screen, hold down the Alt key while hitting enter, and it will go into a window. Then if you are missing the
task bar, click the system menu on the left side of the DOS window caption and select Toolbar.
Now you have the option of eight TCP/IP utilities to play with: telnet, arp, ftp, nbtstat, netstat, ping, route,
and tracert.
Telnet is the biggie. You can also access the telnet program directly from Windows. But while hacking you
may need the other utilities that can only be used from DOS, so I like to call telnet from DOS.
With the DOS telnet you can actually port surf almost as well as from a Unix telnet program. But there are
several tricks you need to learn in order to make this work.
First, we'll try out logging on to a strange computer somewhere. This is a phun thing to show your friends
who don't have a clue because it can scare the heck out them. Honest, I just tried this out on a neighbor. He
got so worried that when he got home he called my husband and begged him to keep me from hacking his
work computer!
To do this (I mean log on to a strange computer, not scare your neighbors) go to the DOS prompt
C:\WINDOWS> and give the command "telnet." This brings up a telnet screen. Click on Connect, then click
Remote System.
This brings up a box that asks you for "Host Name." Type "whois.internic.net" into this box. Below that it
asks for "Port" and has the default value of "telnet." Leave in "telnet" for the port selection. Below that is a
box for "TermType." I recommend picking VT100 because, well, just because I like it best.
The first thing you can do to frighten your neighbors and impress your friends is a "whois." Click on
Connect and you will soon get a prompt that looks like this:
[vt100]InterNIC>
Then ask your friend or neighbor his or her email address. Then at this InterNIC prompt, type in the last two
parts of your friend's email address. For example, if the address is "luser@aol.com," type in "aol.com."
Now I'm picking AOL for this lesson because it is really hard to hack. Almost any other on-line service will
be easier.
For AOL we get the answer:
[vt100] InterNIC > whois aol.com
Connecting to the rs Database . . . . . .
Connected to the rs Database
America Online (AOL-DOM)
12100 Sunrise Valley Drive
Reston, Virginia 22091
USA
Domain Name: AOL.COM
Administrative Contact:
O'Donnell, David B (DBO3) PMDAtropos@AOL.COM
703/453-4255 (FAX) 703/453-4102
Technical Contact, Zone Contact:
America Online (AOL-NOC) trouble@aol.net
703-453-5862
Billing Co ntact:
Barrett, Joe (JB4302) BarrettJG@AOL.COM
703-453-4160 (FAX) 703-453-4001
Record last updated on 13-Mar-97.
Record created on 22-Jun-95.
Domain servers in listed order:
DNS-01.AOL.COM 152.163.199.42
DNS-02.AOL.COM 152.163.199.56
DNS-AOL.ANS.NET 198.83.210.28
These last three lines give the names of some computers that work for America Online (AOL). If we want to
hack AOL, these are a good place to start.
*********************************
Newbie note: We just got info on three "domain name servers" for AOL. "Aol.com" is the domain name for
AOL, and the domain servers are the computers that hold information that tells the rest of the Internet how
to send messages to AOL computers and email addresses.
*********************************
*********************************
Evil genius tip: Using your Win 95 and an Internet connection, you can run a whois query from many other
computers, as well. Telnet to your target computer's port 43 and if it lets you get on it, give your query.
Example: telnet to nic.ddn.mil, port 43. Once connected type "whois DNS-01.AOL.COM," or whatever name
you want to check out. However, this only works on computers that are running the whois service on port
43.
Warning: show this trick to your neighbors and they will really be terrified. They just saw you accessing a
US military computer! But it's OK, nic.ddn.mil is open to the public on many of its ports. Check out its Web
site www.nic.ddn.mil and its ftp site, too -- they are a mother lode of information that is good for hacking.
*********************************
Next I tried a little port surfing on DNS-01.AOL.COM but couldn't find any ports open. So it's a safe bet this
computer is behind the AOL firewall.
**********************************
Newbie note: port surfing means to attempt to access a computer through several different ports. A port is
any way you get information into or out of a computer. For example, port 23 is the one you usually use to
log into a shell account. Port 25 is used to send email. Port 80 is for the Web. There are thousands of
designated ports, but any particular computer may be running only three or four ports. On your home
computer your ports include the monitor, keyboard, and modem.
**********************************
So what do we do next? We close the telnet program and go back to the DOS window. At the DOS prompt
we give the command "tracert 152.163.199.42." Or we could give the command "tracert DNS-01.AOL.COM."
Either way we'll get the same result. This command will trace the route that a message takes, hopping from
one computer to another, as it travels from my computer to this AOL domain server computer. Here's what
we get:
C:\WINDOWS>tracert 152.163.199.42
Tracing route to dns-01.aol.com [152.163.199.42]
over a maximum of 30 hops:
1 * * * Request timed out.
2 150 ms 144 ms 138 ms 204.134.78.201
3 375 ms 299 ms 196 ms glory-cyberport.nm.westnet.net [204.134.78.33]
4 271 ms * 201 ms enss365.nm.org [129.121.1.3]
5 229 ms 216 ms 213 ms h4-0.cnss116.Albuquerque.t3.ans.net [192.103.74.45]
6 223 ms 236 ms 229 ms f2.t112-0.Albuquerque.t3.ans.net [140.222.112.221]
7 248 ms 269 ms 257 ms h14.t64-0.Houston.t3.ans.net [140.223.65.9]
8 178 ms 212 ms 196 ms h14.t80-1.St-Louis.t3.ans.net [140.223.65.14]
9 316 ms * 298 ms h12.t60-0.Reston.t3.ans.net [140.223.61.9]
10 315 ms 333 ms 331 ms 207.25.134.189
11 * * * Request timed out.
12 * * * Request timed out.
13 207.25.134.189 reports: Destination net unreachable.
What the heck is all this stuff? The number to the left is the number of computers the route has been traced
through. The "150 ms" stuff is how long, in thousandths of a second, it takes to send a message to and from
that computer. Since a message can take a different length of time every time you send it, tracert times the
trip three t imes. The "*" means the trip was taking too long so tracert said "forget it." After the timing info
comes the name of the computer the message reached, first in a form that is easy for a human to remember,
then in a form -- numbers -- that a computer prefers.
"Destination net unreachable" probably means tracert hit a firewall.
Let's try the second AOL domain server.
C:\WINDOWS>tracert 152.163.199.56
Tracing route to dns-02.aol.com [152.163.199.56]
over a maximum of 30 hops:
1 * * * Request timed out.
2 142 ms 140 ms 137 ms 204.134.78.201
3 246 ms 194 ms 241 ms glory-cyberport.nm.westnet.net [204.134.78.33]
4 154 ms 185 ms 247 ms enss365.nm.org [129.121.1.3]
5 475 ms 278 ms 325 ms h4-0.cnss116.Albuquerque.t3.ans.net [192.103.74.
45]
6 181 ms 187 ms 290 ms f2.t112-0.Albuquerque.t3.ans.net [140.222.112.22
1]
7 162 ms 217 ms 199 ms h14.t64-0.Houston.t3.ans.net [140.223.65.9]
8 210 ms 212 ms 248 ms h14.t80-1.St-Louis.t3.ans.net [140.223.65.14]
9 207 ms * 208 ms h12.t60-0.Reston.t3.ans.net [140.223.61.9]
10 338 ms 518 ms 381 ms 207.25.134.189
11 * * * Request timed out.
12 * * * Request timed out.
13 207.25.134.189 reports: Destination net unreachable.
Note that both tracerts ended at the same computer named h12.t60-0.Reston.t3.ans.net. Since AOL is
headquartered in Reston, Virginia, it's a good bet this is a computer that directly feeds stuff into AOL. But
we notice that h12.t60-0.Reston.t3.ans.net , h14.t80-1.St-Louis.t3.ans.net, h14.t64-0.Houston.t3.ans.net and
Albuquerque.t3.ans.net all have numerical names beginning with 140, and names that end with "ans.net." So
it's a good guess that they all belong to the same company. Also, that "t3" in each name suggests these
computers are routers on a T3 communications backbone for the Internet.
Next let's check out that final AOL domain server:
C:\WINDOWS>tracert 198.83.210.28
Tracing route to dns-aol.ans.net [198.83.210.28]
over a maximum of 30 hops:
1 * * * Request timed out.
2 138 ms 145 ms 135 ms 204.134.78.201
3 212 ms 191 ms 181 ms glory-cyberport.nm.westnet.net [204.134.78.33]
4 166 ms 228 ms 189 ms enss365.nm.org [129.121.1.3]
5 148 ms 138 ms 177 ms h4-0.cnss116.Albuquerque.t3.ans.net [192.103.74.
45]
6 284 ms 296 ms 178 ms f2.t112-0.Albuquerque.t3.ans.net [140.222.112.22
1]
7 298 ms 279 ms 277 ms h14.t64-0.Houston.t3.ans.net [140.223.65.9]
8 238 ms 234 ms 263 ms h14.t104-0.Atlanta.t3.ans.net [140.223.65.18]
9 301 ms 257 ms 250 ms dns-aol.ans.net [198.83.210.28]
Trace complete.
Hey, we finally got all the way through to something we can be pretty certain is an AOL box, and it looks
like it's outside the firewall! But look at how the tracert took a different path this time, going through Atlanta
instead of St. Louis and Reston. But we are still looking at ans.net addresses with T3s, so this last
nameserver is using the same network as the others.
Now what can we do next to get luser@aol.com really wondering if you could actually break into his
account? We're going to do some port surfing on this last AOL domain name server! But to do this we need
to change our telnet settings a bit.
Click on Terminal, then Preferences. In the preferences box you need to check "Local echo." You must do
this, or else you won't be able to see everything that you get while port surfing. For some reason, some of
the messages a remote computer sends to you won't show up on your Win 95 telnet screen unless you
choose the local echo option. However, be warned, in some situations everything you type in will be
doubled. For example, if you type in "hello" the telnet screen may show you "heh lelllo o. This doesn't mean
you mistyped, it just means your typing is getting echoed back at various intervals.
Now click on Connect, then Remote System. Then enter the name of that last AOL domain server, dnsaol.
ans.net. Below it, for Port choose Daytime. It will send back to you the day of the week, date and time of
day in its time zone.
Aha! We now know that dns-aol.ans.net is exposed to the world, with at least one open port, heh, heh. It is
definitely a prospect for further port surfing. And now your friend is wondering, how did you get something
out of that computer?
******************************
Clueless newbie alert: If everyone who reads this telnets to the daytime port of this computer, the sysadmin
will say "Whoa, I'm under heavy attack by hackers!!! There must be some evil exploit for the daytime
service! I'm going to close this port pronto!" Then you'll all email me complaining the hack doesn't work.
Please, try this hack out on different computers and don't all beat up on AOL.
******************************
Now let's check out that Reston computer. I select Remote Host again and enter the name h12.t60-
0.Reston.t3.ans.net. I try some port surfing without success. This is a seriously locked down box! What do
we do next?
So first we remove that "local echo" feature, then we telnet back to whois.internic. We ask about this
ans.net outfit that offers links to AOL:
[vt100] InterNIC > whois ans.net
Connecting to the rs Database . . . . . .
Connected to the rs Database
ANS CO+RE Systems, Inc. (ANS-DOM)
100 Clearbrook Road
Elmsford, NY 10523
Domain Name: ANS.NET
Administrative Contact:
Hershman, Ittai (IH4) ittai@ANS.NET
(914) 789-5337
Technical Contact:
ANS Network Operations Center (ANS-NOC) noc@ans.net
1-800-456-6300
Zone Contact:
ANS Hostmaster (AH-ORG) hostmaster@ANS.NET
(800)456-6300 fax: (914)789-5310
Record last updated on 03-Jan-97.
Record created on 27-Sep-90.
Domain servers in listed order:
NS.ANS.NET 192.103.63.100
NIS.ANS.NET 147.225.1.2
Now if you wanted to be a really evil hacker you could call that 800 number and try to social engineer a
password out of somebody who works for this network. But that wouldn't be nice and there is nothing legal
you can do with ans.net passwords. So I'm not telling you how to social engineer those passwords.
Anyhow, you get the idea of how you can hack around gathering info that leads to the computer that
handles anyone's email.
So what else can you do with your on-line connection and Win 95?
Well... should I tell you about killer ping? It's a good way to lose your job and end up in jail. You do it from
your Windows DOS prompt. Find the gory details in the GTMHH Vol.2 Number 3, which is kept in one of
our archives listed at the end of this lesson. Fortunately most systems administrators have patched things
nowadays so that killer ping won't work. But just in case your ISP or LAN at work or school isn't protected,
don't test it without your sysadmin's approval!
Then there's ordinary ping, also done from DOS. It's sort of like tracert, but all it does is time how long a
message takes from one computer to another, without telling you anything about the computers between
yours and the one you ping.
Other TCP/IP commands hidden in DOS include:
· Arp IP-to-physical address translation tables
· Ftp File transfer protocol. This one is really lame. Don't use it. Get a shareware Ftp program from one of the
download sites listed below.
· Nbtstat Displays current network info -- super to use on your own ISP
· Netstat Similar to Nbstat
· Route Controls router tables -- router hacking is considered extra elite.
Since these are semi-secret commands, you can't get any details on how to use them from the DOS help
menu. But there are help files hidden away for these commands.
· For arp, nbtstat, ping and route, to get help just type in the command and hit enter.
· For netstat you have to give the command "netstat ?" to get help.
· Telnet has a help option on the tool bar.
I haven't been able to figure out a trick to get help for the ftp command.
Now suppose you are at the point where you want to do serious hacking that requires commands other than
these we just covered, but you don't want to use Unix. Shame on you! But, heck, even though I usually
have one or two Unix shell accounts plus Walnut Creek Slackware on my home computer, I still like to hack
from Windows. This is because I'm ornery. So you can be ornery, too.
So what is your next option for doing serious hacking from Windows?
How would you like to crack Win NT server passwords? Download the free Win 95 program NTLocksmith,
an add-on program to NTRecover that allows for the changing of passwords on systems where the
administrative password has been lost. It is reputed to work 100% of the time. Get both NTLocksmith and
NTRecover -- and lots more free hacker tools -- from http://www.ntinternals.com.
**********************************
You can go to jail warning: If you use NTRecover to break into someone else's system, you are just asking
to get busted.
**********************************
How would you like to trick your friends into thinking their NT box has crashed when it really hasn't? This
prank program can be downloaded from http://www.osr.com/insider/insdrcod.htm.
*********************************
You can get punched in the nose warning: need I say more?
*********************************
But by far the deadliest hacking tool that runs on Windows can be downloaded from, guess what?
http://home.microsoft.com
That deadly program is Internet Explorer 3.0. Unfortunately, this program is even better for letting other
hackers break into your home computer and do stuff like make your home banking program (e.g. Quicken)
transfer your life savings to someone in Afghanistan.
But if you're aren't brave enough to run Internet Explorer to surf the Web, you can still use it to hack your
own computer, or other computers on your LAN. You see, Internet Explorer is really an alternate Windows
shell which operates much like the Program Manager and Windows Explorer that come with the Win 94 and
Win NT operating systems.
Yes, from Internet Explorer you can run any program on your own computer. Or any program to which you
have access on your LAN.
***********************************
Newbie note: A shell is a program that mediates between you and the operating system. The big deal about
Internet Explorer being a Windows shell is that Microsoft never told anyone that it was in fact a shell. The
security problems that are plaguing Internet Explorer are mostly a consequence of it turning out to be a
shell. By contrast, the Netscape and Mosaic Web browsers are not shells. They also are much safer to use.
***********************************
To use Internet Explorer as a Windows shell, bring it up just like you would if you were going to surf the
Web. Kill the program's attempt to establish an Internet connection -- we don't want to do anything crazy,
do we?
Then in the space where you would normally type in the URL you want to surf, instead type in c:.
Whoa, look at all those file folders that come up on the screen. Look familiar? It's the same stuff your
Windows Explorer would show you. Now for fun, click "Program Files" then click "Accessories" then click
"MSPaint." All of a sudden MSPaint is running. Now paint your friends who are watching this hack very
surprised.
Next close all that stuff and get back to Internet Explorer. Click on the Windows folder, then click on
Regedit.exe to start it up. Export the password file (it's in HKEY_CLASSES_ROOT). Open it in Word Pad.
Remember, the ability to control the Registry of a server is the key to controlling the network it serves.
Show this to your next door neighbor and tell her that you're going to use Internet Explorer to surf her
password files. In a few hours the Secret Service will be fighting with the FBI on your front lawn over who
gets to try to bust you. OK, only kidding here.
So how can you use Internet Explorer as a hacking tool? One way is if you are using a computer that
restricts your ability to run other programs on your computer or LAN. Next time you get frustrated at your
school or library computer, check to see if it offers Internet Explorer. If it does, run it and try entering disk
drive names. While C: is a common drive on your home computer, on a LAN you might get results by
putting in R: or Z: or any other letter of the alphabet.
Next cool hack: try automated port surfing from Windows! Since there are thousands of possible ports that
may be open on any computer, it could take days to fully explore even just one computer by hand. A good
answer to this problem is the NetCop automated port surfer, which can be found at http://www.netcop.com/.
Now suppose you want to be able to access the NTFS file system that Windows NT uses from a Win 95 or
even DOS platform? This can be useful if you are wanting to use Win 95 as a platform to hack an NT
system. http://www.ntinternals.com/ntfsdos.htm offers a program that allows Win 95 and DOS to recognize
and mount NTFS drives for transparent access.
Hey, we are hardly beginning to explore all the wonderful Windows hacking tools out there. It would take
megabytes to write even one sentence about each and every one of them. But you're a hacker, so you'll
enjoy exploring dozens more of these nifty programs yourself. Following is a list of sites where you can
download lots of free and more or less harmless programs that will help you in your hacker career:
ftp://ftp.cdrom.com
ftp://ftp.coast.net
http://hertz.njit.edu/%7ebxg3442/temp.html
http://www.alpworld.com/infinity/void-neo.html
http://www.danworld.com/nettools.html
http://www.eskimo.com/~nwps/index.html
http://www.geocities.com/siliconvalley/park/2613/links.html
http://www.ilf.net/Toast/
http://www.islandnet.com/~cliffmcc
http://www.simtel.net/simtel.net
http://www.supernet.net/cwsapps/cwsa.html
http://www.trytel.com/hack/
http://www.tucows.com
http://www.windows95.com/apps/
http://www2.southwind.net/%7emiker/hack.html
GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series #3 Part 1
How to Get a *Good* Shell Account
In this Guide you will learn how to:
· tell whether you may already have a Unix shell account
· get a shell account
· log on to your shell account
____________________________________________________________
You've fixed up your Windows box to boot up with a lurid hacker logo. You've renamed "Recycle Bin"
"Hidden Haxor Secrets." When you run Netscape or Internet Explorer, instead of that boring corporate logo,
you have a full-color animated Mozilla destroying New York City. Now your friends and neighbors are
terrified and impressed.
But in your heart of hearts you know Windows is scorned by elite hackers. You keep on seeing their hairy
exploit programs and almost every one of them requires the Unix operating system. You realize that when it
comes to messing with computer networks, Unix is the most powerful operating system on the planet. You
have developed a burning desire to become one of those Unix wizards yourself. Yes, you're ready for the
next step.
You're ready for a shell account. SHELL ACCOUNT!!!!
*****************************************************
Newbie note: A shell account allows you to use your home computer as a terminal on which you can give
commands to a computer running Unix. The "shell" is the program that translates your keystrokes into Unix
commands. With the right shell account you can enjoy the use of a far more powerful workstation than you
could ever dream of affording to own yourself. It also is a great stepping stone to the day when you will be
running some form of Unix on your home computer.
*****************************************************
Once upon a time the most common way to get on the Internet was through a Unix shell account. But
nowadays everybody and his brother are on the Internet. Almost all these swarms of surfers want just two
things: the Web, and email. To get the pretty pictures of today's Web, the average Internet consumer wants
a mere PPP (point to point) connection account. They wouldn't know a Unix command if it hit them in the
snoot. So nowadays almost the only people who want shell accounts are us wannabe hackers.
The problem is that you used to be able to simply phone an ISP, say "I'd like a shell account," and they
would give it to you just like that. But nowadays, especially if you sound like a teenage male, you'll run into
something like this:
ISP guy: "You want a shell account? What for?"
Hacker dude: "Um, well, I like Unix."
"Like Unix, huh? You're a hacker, aren't you!" Slam, ISP guy hangs up on you.
So how do you get a shell account? Actually, it's possible you may already have one and not know it. So
first we will answer the question, how do you tell whether you may already have a shell account? Then, if
you are certain you don't have one, we'll explore the many ways you can get one, no matter what, from
anywhere in the world.
How Do I Know Whether I Already Have a Shell Account?
First you need to get a program running that will connect you to a shell account. There are two programs
with Windows 95 that will do this, as well as many other programs, some of which are excellent and free.
First we will show you how to use the Win 95 Telnet program because you already have it and it will always
work. But it's a really limited program, so I suggest that you use it only if you can't get the Hyperterminal
program to work.
1) Find your Telnet program and make a shortcut to it on your desktop.
· One way is to click Start, then Programs, then Windows Explorer.
· When Explorer is running, first resize it so it doesn't cover the entire desktop.
· Then click Tools, then Find, then "Files or Folders."
· Ask it to search for "Telnet."
· It will show a file labeled C:\windows\telnet (instead of C:\ it may have another drive). Right click on this
file.
· This will bring up a menu that includes the option "create shortcut." Click on "create shortcut" and then
drag the shortcut to the desktop and drop it.
· Close Windows Explorer.
2) Depending on how your system is configured, there are two ways to connect to the Internet. The easy
way is to skip to step three. But if it fails, go back to this step. Start up whatever program you use to access
the Internet. Once you are connected, minimize the program. Now try step three.
3) Bring up your Telnet program by double clicking on the shortcut you just made.
· First you need to configure Telnet so it actually is usable. On the toolbar click "terminal," then
"preferences," then "fonts." Choose "Courier New," "regular" and 8 point size. You do this because if you
have too big a font, the Telnet program is shown on the screen so big that the cursor from your shell
program can end up being hidden off the screen. OK, OK, you can pick other fonts, but make sure that
when you close the dialog box that the Telnet program window is entirely visible on the screen. Now why
would there be options that make Telnet impossible to use? Ask Microsoft.
· Now go back to the task bar to click Connect, then under it click "Remote system." This brings up another
dialog box.
· Under "host name" in this box type in the last two parts of your email address. For examp le, if your email
address is jane_doe@boring.ISP.com, type "ISP.com" for host name.
· Under "port" in this box, leave it the way it is, reading "telnet."
· Under "terminal type," in this box, choose "VT100."
· Then click the Connect button and wait to see what happens.
· If the connection fails, try entering the last three parts of your email address as the host, in this case
"boring.ISP.com."
Now if you have a shell account you should next get a message asking you to login. It may look something
like this:
Welcome to Boring Internet Services, Ltd.
Boring.com S9 - login: cmeinel
Password:
Linux 2.0.0.
Last login: Thu Apr 10 14:02:00 on ttyp5 from pm20.kitty.net.
sleepy:~$
If you get something like this you are in definite luck. The important thing here, however, is that the
computer used the word "login" to get you started. If is asked for anything else, for example "logon," this is
not a shell account.
As soon as you login, in the case of Boring Internet Services you have a Unix shell prompt on your screen.
But instead of something this simple you may get something like:
BSDI BSD/OS 2.1 (escape.com) (ttyrf)
login: galfina
Password:
Last login: Thu Apr 10 16:11:37 from fubar.net
___________________ ______ ______________
___ / ___/ ___/ \/ \/ __ / ___/
_____ / ___/\__ / /__/ / / /___/ ___/
_______ / / / / / / / / / / / /
_________ \_____/\_____/\_____/\__/___/\_/ \_____/ .com
[ ESCAPE.COM ]
__________________________________________________________________
PLEASE NOTE:
Multiple Logins and Simultaneous Dialups From Different Locations Are
_NOT_ Permitted at Escape Internet Access.
__________________________________________________________________
Enter your terminal type, RETURN for vt100, ? for list:
Setting terminal type to vt100.
Erase is backspace.
MAIN
Escape Main Menu
----[05:45PM]-----------------------------------------------------
==> H) HELP Help & Tips for the Escape Interface. (M)
I) INTERNET Internet Access & Resources (M)
U) USENETM Usenet Conferences (Internet Distribution) (M)
L) LTALK Escape Local Communications Center (M)
B) BULLETINS Information on Escape, Upgrades, coming events. (M)
M) MAIL Escape World Wide and Local Post Office (M)
F) HOME Your Home Directory (Where all your files end up)
C) CONFIG Config your user and system options (M)
S) SHELL The Shell (Unix Environment) [TCSH]
X) LOGOUT Leave System
BACK MAIN HOME MBOX ITALK LOGOUT
----[Mesg: Y]------------[ TAB key toggles menus ]-------[Connected: 0:00]---
CMD>
In this case you aren't in a shell yet, but you can see an option on the menu to get to a shell. So hooray, you
are in luck, you have a shell account. Just enter "S" and you're in.
Now depending on the ISP you try out, there may be all sorts of different menus, all designed to keep the
user from having to ever stumble across the shell itself. But if you have a shell account, you will probably
find the word "shell" somewhere on the menu.
If you don't get something obvious like this, you may have to do the single most humiliating thing a
wannabe hacker will ever do. Call tech support and ask whether you have a shell account and, if so, how to
login. It may be that they just want to make it really, really hard for you to find your shell account.
Now personally I don't care for the Win 95 Telnet program. Fortunately there are many other ways to check
whether you have a shell account. Here's how to use the Hyperterminal program, which, like Telnet, comes
free with the Windows 95 operating system. This requires a different kind of connection. Instead of a PPP
connection we will do a simple phone dialup, the same sort of connection you use to get on most computer
bulletin board systems (BBS).
1) First, find the program Hyperteminal and make a shortcut to your desktop. This one is easy to find. Just
click Start, then Programs, then Accessories. You'll find Hyperterminal on the accessories menu. Clicking on
it will bring up a window with a bunch of icons. Click on the one labeled "hyperterminal.exe."
2) This brings up a dialog box called "New Connection." Enter the name of your local dialup, then in the next
dialog box enter the phone dialup number of your ISP.
3) Make a shortcut to your desktop.
4) Use Hyperterminal to dial your ISP. Note that in this case you are making a direct phone call to your shell
account rather than trying to reach it through a PPP connection.
Now when you dial your ISP from Hyperterminal you might get a bunch of really weird garbage scrolling
down your screen. But don't give up. What is happening is your ISP is trying to set up a PPP connection
with Hyperterminal. That is the kind of connection you need in order to get pretty pictures on the Web. But
Hyperterminal doesn't understand PPP. Unfortunately I've have not been able to figure out why this
happens sometimes or how to stop it. But the good side of this picture is that the problem may go away the
next time you use Hyperterminal to connect to your ISP. So if you dial again you may get a login sequence.
I've found it often helps to wait a few days and try again. Of course you can complain to tech support at
your ISP. But it is likely that they won't have a clue on what causes their end of things to try to set up a PPP
session with your Hyperterminal connection. Sigh.
But if all goes well, you will be able to log in. In fact, except for the PPP attempt problem, I like the
Hyperterminal program much better than Win 95 Telnet. So if you can get this one to work, try it out for
awhile. See if you like it, too.
There are a number of other terminal programs that are really good for connecting to your shell account.
They include Qmodem, Quarterdeck Internet Suite, and Bitcom. Jericho recommends Ewan, a telnet program
which also runs on Windows 95. Ewan is free, and has many more features than either Hyperterminal or Win
95 Telnet. You may download it from jericho's ftp site at sekurity.org in the /utils directory.
OK, let's say you have logged into your ISP with your favorite program. But perhaps it still isn't clear
whether you have a shell account. Here's your next test. At what you hope is your shell prompt, give the
command "ls -alF." If you have a real, honest-to-goodness shell account, you should get something like
this:
> ls -alF
total 87
drwx--x--x 5 galfina user 1024 Apr 22 21:45 ./
drwxr-xr-x 380 root wheel 6656 Apr 22 18:15 ../
-rw-r--r-- 1 galfina user 2793 Apr 22 17:36 .README
-rw-r--r-- 1 galfina user 635 Apr 22 17:36 .Xmodmap
-rw-r--r-- 1 galfina user 624 Apr 22 17:36 .Xmodmap.USKBD
-rw-r--r-- 1 galfina user 808 Apr 22 17:36 .Xresources
drwx--x--x 2 galfina user 512 Apr 22 17:36 www/
etc.
This is the listing of the files and directories of your home directory. Your shell account may give you a
different set of directories and files than this (which is only a partial listing). In any case, if you see
anything that looks even a little bit like this, congratulations, you already have a shell account!
*******************************************************
Newbie note: The first item in that bunch of dashes and letters in front of the file name tells you what kind of
file it is. "d" means it is a directory, and "-" means it is a file. The rest are the permissions your files have.
"r" = read permission, "w" = write permission, and "x" = execute permission (no, "execute" has nothing to
do with murdering files, it means you have permission to run the program that is in this file). If t here is a
dash, it means there is no permission there.
The symbols in the second, third and fourth place from the left are the permissions that you have as a user,
the following three are the permissions everyone in your designated group has, and the final three are the
permissions anyone and everyone may have. For example, in galfina's directory the subdirectory "www/" is
something you may read, write and execute, while everyone else may only execute. This is the directory
where you can put your Web page. The entire world may browse ("execute") your Web page. But only you
can read and write to it.
If you were to someday discover your permissions looking like:
drwx--xrwx newbie user 512 Apr 22 17:36 www/
Whoa, that "w" in the third place from last would mean anyone with an account from outside your ISP can
hack your Web page!
******************************************************
Another command that will tell you whether you have a shell account is "man." This gives you an online
Unix manual. Usually you have to give the man command in the form of "man
different ways to use the "ls" command, type "man ls" at the prompt.
On the other hand, here is an example of something that, even though it is on a Unix system, is not a shell
account:
BSDI BSD/386 1.1 (dub-gw-2.compuserve.com) (ttyp7)
Connected to CompuServe
Host Name: cis
Enter choice (LOGON, HELP, OFF):
The immediate tip-off that this is not a shell account is that it asks you to "logon" instead of "login:"
How to Get a Shell Account
What if you are certain that you don't already have a shell account? How do you find an ISP that will give
you one?
The obvious place to start is your phone book. Unless you live in a really rural area or in a country where
there are few ISPs, there should be a number of companies to choose from.
So here's your problem. You phone Boring ISP, Inc. and say, "I'd like a shell account." But Joe Dummy on
the other end of the phone says, "Shell? What's a shell account?" You say "I want a shell account. SHELL
ACCOUNT!!!" He says, "Duh?" You say "Shell account. SHELL ACCOUNT!!!" He says, "Um, er, let me talk
to my supervisor." Mr. Uptight Supervisor gets on the phone. "We don't give out shell accounts, you dirty
&%$*# hacker."
Or, worse yet, they claim the Internet access account they are giving you a shell account but you discover it
isn't one.
To avoid this embarrassing scene, avoid calling big name ISPs. I can guarantee you, America Online,
Compuserve and Microsoft Network don't give out shell accounts.
What you want to find is the seediest, tiniest ISP in town. The one that specializes in pasty-faced customers
who stay up all night playing MOOs and MUDs. Guys who impersonate grrrls on IRC. Now that is not to
say that MUD and IRC people are typically hackers. But these definitely are your serious Internet addicts.
An ISP that caters to people like that probably also understands the kind of person who wants to learn Unix
inside and out.
So you phone or email one of these ISPs on the back roads of the Net and say, "Greetings, d00d! I am an evil
haxor and demand a shell account pronto!"
No, no, no! Chances are you got the owner of this tiny ISP on the other end of the line. He's probably a
hacker himself. Guess what? He loves to hack but he doesn't want hackers (or wannabe hackers) for
customers. He doesn't want a customer who's going to be attracting email bombers and wa ging hacker war
and drawing complaints from the sysadmins on whom this deadly dude has been testing exploit code.
So what you do is say something like "Say, do you offer shell accounts? I really, really like to browse the
Web with lynx. I hate waiting five hours for all those pretty pictures and Java applets to load. And I like to
do email with Pine. For newsgroups, I luuuv tin!"
Start out like this and the owner of this tiny ISP may say something like, "Wow, dude, I know what you
mean. IE and Netscape really s***! Lynx uber alles! What user name would you like?"
At this point, ask the owner for a guest account. As you will learn below, some shell accounts are so
restricted that they are almost worthless.
But let's say you can't find any ISP within reach of a local phone call that will give you a shell account. Or
the only shell account you can get is worthless. Or you are well known as a malicious hacker and you've
been kicked off every ISP in town. What can you do?
Your best option is to get an account on some distant ISP, perhaps even in another country. Also, the few
medium size ISPs that offer shell accounts (for example, Netcom) may even have a local dialup number for
you. But if they don't have local dialups, you can still access a shell account located *anywhere* in the
world by setting up a PPP connection with your local dialup ISP, and then accessing your shell account
using a telnet program on your home computer.
*************************************************
Evil Genius Tip: Sure, you can telnet into your shell account from another ISP account. But unless you have
software that allows you to send your password in an encrypted form, someone may sniff your password
and break into your account. If you get to be well known in the hacker world, lots of other hackers will
constantly be making fun of you by sniffing your password. Unfortunately, almost all shell accounts are set
up so you must expose your password to anyone who has hidden a sniffer anywhere between the ISP that
provides your PPP connection and your shell account ISP.
One solution is to insist on a shell account provider that runs ssh (secure shell).
**************************************************
So where can you find these ISPs that will give you shell accounts? One good source is
http://www.celestin.com/pocia/. It provides links to Internet Service Providers categorized by geographic
region. They even have links to allow you to sign up with ISPs serving the Lesser Antilles!
***********************************************
Evil Genius tip: Computer criminals and malicious hackers will often get a guest account on a distant ISP and
do their dirty work during the few hours this guest account is available to them. Since this practice provides
the opportunity to cause s o much harm, eventually it may become really hard to get a test run on a guest
account.
***********************************************
But if you want to find a good shell account the hacker way, here's what you do. Start with a list of your
favorite hacker Web sites. For example, let's try http://ra.nilenet.com/~mjl/hacks/codez.htm.
You take the beginning part of the URL (Uniform Resource Locator) as your starting point. In this case it is
"http://ra.nilenet.com." Try surfing to that URL. In many cases it will be the home page for that ISP. It
should have instructions for how to sign up for a shell account. In the case of Nile Net we strike hacker
gold:
Dial-up Accounts and Pricing
NEXUS Accounts
NEXUS Accounts include: Access to a UNIX Shell, full
Internet access, Usenet newsgroups, 5mb of FTP and/or
WWW storage space, and unlimited time.
One Time Activation Fee: $20.00
Monthly Service Fee: $19.95 or
Yearly Service Fee: $199.95
Plus which they make a big deal over freedom of online speech. And they host a great hacker page full of
these Guides to (mostly) Harmless Hacking!
How to Login to Your Shell Account
Now we assume you finally have a guest shell account and are ready to test drive it. So now we need to
figure out how to login. Now all you hacker geniuses reading this, why don't you just forget to flame me for
telling people how to do something as simple as how to login. Please remember that everyone has a first
login. If you have never used Unix, this first time can be intimidating. In any case, if you are a Unix genius
you have no business reading this Beginners' Guide. So if you are snooping around here looking for
flamebait, send your flames to /dev/null.
***********************************************************
Newbie note: "Flames" are insulting, obnoxious rantings and ravings done by people who are severely
lacking in social skills and are a bunch of &$%@#!! but who think they are brilliant computer savants. For
example, this newbie note is my flame against &$%@#!! flamers.
"/dev/null" stands for "device null." It is a file name in a Unix operating system. Any data that is sent to
/dev/null is discarded. So when someone says they will put something in "/dev/null" that means they are
sending it into permanent oblivion.
***********************************************************
The first thing you need to know in order to get into your shell account is your user name and password.
You need to get that information from the ISP that has just signed you up. The second thing you need to
remember is that Unix is "case sensitive." That means if your login name is "JoeSchmoe" the shell will think
"joeschmoe" is a different person than "JoeSchmoe" or "JOESCHMOE."
OK, so you have just connected to your shell account for the first time. You may see all sorts of different
stuff on that first screen. But the one thing you will always see is the prompt:
login:
Here you will type in your user name.
In response you will always be asked :
Password:
Here you type in your password.
After this you will get some sort of a prompt. It may be a simple as:
%
or
$
or
>
Or as complicated as:
sleepy:~$
Or it may even be some sort of complicated menu where you have to choose a "shell" option before you get
to the shell prompt.
Or it may be a simple as:
#
**********************************************************
Newbie note: The prompt "#" usually means you have the superuser powers of a "root" account. The Unix
superuser has the power to do *anything* to the computer. But you won't see this prompt unless either the
systems administrator has been really careless -- or someone is playing a joke on you. Sometimes a hacker
thinks he or she has broken into the superuser account because of seeing the "#" prompt. But sometimes
this is just a trick the sysadmin is playing. So the hacker goes playing around in what he or she thinks is the
root account while the sysadmin and his friends and the police are all laughing at the hacker.
**********************************************************
Ready to start hacking from your shell account? Watch out, it may be so crippled that it is worthless for
hacking. Or, it may be pretty good, but you might inadvertently do something to get you kicked off. To
avoid these fates, be sure to read Beginners' Series #3 Part 2 of How to Get a *Good* Shell Account, coming
out tomorrow.
In that GTMHH section you will learn how to:
· explore your shell account
· decide whether your shell account is any good for hacking
· keep from losing your shell account
In case you were wondering about all the input from jericho in this Guide, yes, he was quite helpful in
reviewing it and making suggestions. Jericho is a security consultant runs his own Internet host,
obscure.sekurity.org. Thank you, jericho@dimensional.com, and happy hacking!
Subscribe to:
Posts (Atom)