This Guide was written in 1996
when the Internet was young. Things that have changed since then
are:
*You probably won't find UUCP protocol
on the Internet today.
*Most Internet communications go
on a more or less static route over commercial backbones instead
of being relayed from one little computer to the next all over
the place (at least in the developed world).
GUIDE TO (mostly) HARMLESS HACKING
Vol. 2 Number 1
Internet for
Dummies -- skip this if you are a Unix wizard. But
if you read on you’ll get some more kewl hacking instructions.
____________________________________________________________
The six Guides to (mostly) Harmless Hacking of Vol. 1 jumped
immediately into how-to hacking tricks. But if you are like me,
all those details of probing ports and playing with hypotheses
and pinging down hosts gets a little dizzying.
So how about catching our breath, standing back and reviewing
what the heck it is that we are playing with? Once we get the
basics under control, we then can move on to serious hacking.
Also, I have been wrestling with my conscience over whether
to start giving you step-by-step instructions on how to gain
root access to other peoples’ computers. The little angel
on my right shoulder whispers, “Gaining root without permission
on other people’s computers is not nice. So don’t tell
people how to do it.” The little devil on my left shoulder
says, “Carolyn, all these hackers think you don’t know
nothin’! PROOVE to them you know how to crack!” The
little angel says, “If anyone reading Guide to (mostly)
Harmless Hacking tries out this trick, you might get in trouble
with the law for conspiracy to damage other peoples’ computers.”
The little devil says, “But, Carolyn, tell people how to
crack into root and they will think you are KEWL!”
So here’s the deal. In this and the next few issues of
Guide to (mostly) Harmless Hacking I’ll tell you several
ways to get logged on as the superuser in the root account of
some Internet host computers. But the instructions will leave
a thing or two to the imagination.
My theory is that if you are willing to wade through all this,
you probably aren’t one of those cheap thrills hacker wannabes
who would use this knowledge to do something destructive that
would land you in jail.
*****************************
Technical tip: If you wish to become a *serious* hacker, you’ll
need Linux (a freeware variety of Unix) on your PC. One reason
is that then you can crack into root legally all you want --
on your own computer. It sure beats struggling around on someone
else’s computer only to discover that what you thought was
root was a cleverly set trap and the sysadmin and FBI laugh at
you all the way to jail.
Linux can be installed on a PC with as little as a 386 CPU,
only 2 Mb RAM and as little as 20 MB of hard disk. You will need
to reformat your hard disk. While some people have successfully
installed Linux without trashing their DOS/Windows stuff, don’t
count on getting away with it. Backup, backup, backup!
*****************************
*****************************
You can go to jail warning: Crack into root on someone else’s
computer and the slammer becomes a definite possibility. Think
about this: when you see a news story about some hacker getting
busted, how often do you recognize the name? How often is the
latest bust being done to someone famous, like Dark Tangent or
se7en or Emmanuel Goldstein? How about, like, never! That’s
because really good hackers figure out how to not do stupid stuff.
They learn how to crack into computers for the intellectual challenge
and to figure out how to make computers safe from intruders.
They don’t bull their way into root and make a mess of things,
which tends to inspire sysadmins to call the cops.
*********************************
Exciting notice: Is it too boring to just hack into your own
Linux machine? Hang in there. Ira Winkler of the National Computer
Security Association, Dean Garlick of the Space Dynamics Lab
of Utah State University and I are working on setting up hack.net,
a place where it will be legal to break into computers. Not only
that, we’re looking for sponsors who will give cash awards
and scholarships to those who show the greatest hacking skills.
Now does that sound like more phun than jail?
*****************************
So, let’s jump into our hacking basics tutorial with a look
at the wondrous anarchy that is the Internet.
Note that these Guides to (mostly) Harmless Hacking focus
on the Internet. That is because there are many legal ways to
hack on the Internet. Also, there are over 10 million of these
readily hackable computers on the Internet, and the number grows
every day.
Internet Basics
No one owns the Internet. No one runs it. It was never planned
to be what it is today. It just happened, the mutant outgrowth
of a 1969 US Defense Advanced Research Projects Agency experiment.
This anarchic system remains tied together because its users
voluntarily obey some basic rules. These rules can be summed
up in two words: Unix and TCP/IP (with a nod to UUCP). If you
understand, truly understand Unix and TCP/IP (and UUCP), you
will become a fish swimming in the sea of cyberspace, an Uberhacker
among hacker wannabes, a master of the Internet universe.
To get technical, the Internet is a world-wide distributed
computer/communications network held together by a common communications
standard, Transmission Control Protocol/Internet Protocol (TCP/IP)
and a bit of UUCP. These standards allow anyone to hook up a
computer to the Internet, which then becomes another node in
this network of the Internet. All that is needed is to get an
Internet address assigned to the new computer, which is then
known as an Internet "host," and tie into an Internet
communications link. These links are now available in almost
all parts of the world.
If you use an on-line service from your personal computer,
you, too, can temporarily become part of the Internet. There
are two main ways to hook up to an on-line service.
There is the cybercouch potato connection that every newbie
uses. It requires either a point-to-point (PPP) or SLIPconnection,
which allows you to run pretty pictures with your Web browser.
If you got some sort of packaged software from your ISP, it automatically
gives you this sort of connection.
Or you can connect with a terminal emulator to an Internet
host. This program may be something as simple as the Windows
3.1 “Terminal” program under the “Accessories”
icon. Once you have dialed in and connected you are just
another terminal on this host machine. It won’t give you
pretty pictures. This connection will be similar to what you
get on an old-fashioned BBS. But if you know how to use this
kind of connection, it could even give you root access to that
host.
But how is the host computer you use attached to the Internet?
It will be running some variety of the Unix operating system.
Since Unix is so easy to adapt to almost any computer, this means
that almost any computer may become an Internet host.
For example, I sometimes enter the Internet through a host
which is a Silicon Graphics Indigo computer at Utah State University.
Its Internet address is fantasia.idec.sdl.usu.edu. This is a
computer optimized for computer animation work, but it can also
operate as an Internet host. On other occasions the entry point
used may be pegasus.unm.edu, which is an IBM RS 6000 Model 370.
This is a computer optimized for research at the University of
New Mexico.
Any computer which can run the necessary software -- which
is basically the Unix operating system -- has a modem, and is
tied to an Internet communications link, may become an Internet
node. Even a PC may become an Internet host by running one of
the Linux flavors of Unix. After setting it up with Linux you
can arrange with the ISP of your choice to link it permanently
to the Internet.
More Internet for Dummies --->
