GUIDE TO (mostly) HARMLESS HACKING
Vol. 3 No. 5
The Dread GTMHH on Cracking
_____________________________________
Nowadays if you ask just about anyone what a hacker is, he or
she will tell you "a person who breaks into computers."
That is partly on account of news stories which make it seem
like the only thing a hacker does is commit computer crime. But
there also is some truth to the public view. An obsession with
breaking into computers has swept the hacker world. In fact,
lots of hackers make fun of the kinds of stuff I think is fun:
forging email and Usenet posts and programming Easter eggs into
commercial software and creating Win 95 bootup screens that say
"Bill Gates' mother wears army boots."
But since everyone and his brother has been emailing me pleading
for instructions on how to break into computers, here it is.
The dread GTMHH on Cracking. Yes, you, too, can become a genuine
computer cracker and make everyone quake in his or her boots
or slippers or whatever footgear they are wearing lately.
"But, but," you say. "This list is for *legal*
hacking. Sez right here in the welcome message you sent me when
I signed up." Welcome to reality, Bub. Hackers fib sometimes.
************************************************
You can go to jail warning: Almost everywhere on the planet,
breaking into a computer is illegal. The only exceptions are
breaking into your own computer, or breaking into a computer
whose owner has given you permission to try to break in. It doesn't
matter if you are just quietly sneaking around doin g no harm.
It doesn't matter if you make some stranger's computer better.
You're still in trouble if you break in without permission.
************************************************
Honestly, this Guide really *is* about harmless hacking. You
don't have to commit a crime to crack into a computer. From time
to time hardy souls offer up their computers for their friends,
or sometimes even the entire world, as targets for cracking.
If you have permission from the owner of a computer, it is most
definitely legal to break into it.
In fact, here's a really fun computer that you have permission
to break into. Damien Sorder invites you to break into his Internet
host computer obscure.sekurity.org.
But how do you know whether this or any other announcement
of a cracker welcome mat is legitimate? How do you know I'm not
just playing a mean old trick on Damien by sending out an invitation
to break into his box to the 5,000 crazed readers of the Happy
Hacker list?
Here's a good way to check the validity of offers to let anyone
try to break into a computer. Get the domain name of the target
computer, in this case obscure.sekurity.org. Then add "root@"
to the domain name, for example root@obscure.sekurity.org. Email
the owner of that computer. Ask him if I was fibbing about his
offer. If he says I made it up, tell him he's just chicken, that
if he was a real hacker he'd be happy to have thousands of clueless
newbies running Satan against his box. Just kidding:)
Actually, in this case you may email info@sekurity.org for
more details on Damien's offer to let one and all try to crack
his box. Also, please be good guys and attack off hours (Mountain
Daylight Savings Time, US) so he can use obscure.sekurity.org
for other stuff during the day.
Also, Damien requests "If you (or anyone) want to try
to hack obscure, please mail root@sekurity.org and mention that
you are doing it, and what domain you are coming from. That way
I can distinguish between legit and real attacks."
We all owe you thanks, Damien, for providing a legal target
for the readers of this GTMHH to test their cracking skills.
So let's assume that you have chosen a legitimate target computer
to try to break into. What? Some guys say it's too hard to break
into a fortified box like obscure.sekurity.org? They say it's
more fun to break into a computer when they're breaking the law?
They say to be a Real Hacker you must run around trashing the
boxes of the cringing masses of Internet hosts? Haw, haw, sendmail
4.0! What lusers, they say. They sure taught those sendmail 4.0
dudes a lesson, right?
I say that those crackers who go searching for vulnerable
computers and breaking into them are like Lounge Lizard Larry
going into a bar and picking up the drunkest, ugliest gal (or
guy) in the place. Yeah, we all are sure impressed.
If you want to be a truly elite cracker, however, you will
limit your forays to computers whose owners consent to your explorations.
This can -- should!-- include your own computer.
So with this in mind -- that you want more from life than
to be the Lounge Lizard Larry of the hacker world -- here are
some basics of breaking into computers.
There are an amazing number of ways to break into computers.
The simplest is to social engineer your way in. This generally
involves lying. Here's an example.
*********************************************
From: Oracle Service Humour List <oracle-list-return-@synapse.net>
Subject: HUM: AOL Hacker Turnaround (***)
Read Newfpyr's masterful turning of the tables on a hacker...
Certainly one of the best Absurd IMs we've EVER received! Newfpyr's
comments are in brackets throughout.
Zabu451: Hello from America Online! I'm sorry to inform you
that there has been an error in the I/O section of your account
database, and this server's password information has been temporarily
destroyed. We need you, the AOL user, to hit reply and type in
your password. Thank you for your help.
Newfpyr: Hello! This is Server Manager #563. I'm sorry to hear
that your server has lost the password info. I mean, this has
been happening too much lately. We have developed some solutions
to this problem. Have you got the mail sent out to all server
managers?
Zabu451: no
NewfPyr: Really? Ouch. There's been some problems with the server
mailer lately. Oh, well. Here's a solution to this problem: try
connecting your backup database to your main I/O port, then accessing
the system restart.
Zabu451: no i still need passwords
NewfPyr: I see. Do you want me to send you the list of all the
passwords of
all the screen names of your server?
Zabu451: ya i want that
NewfPyr: Let me get the server manager to send it...
NewfPyr: He says I need your server manager password. Could you
please type
it in?
Zabu451: i dont have one
NewfPyr: What do you mean? That's the first thing every manager
gets!
Zabu451: it got deleted
NewfPyr: Wow! You must be having a lot of trouble. Let me find
out what
server you're using...
[Note: I checked his profile. It said he was from Springfield,
Mass.]
NewfPyr: Okay, your number has been tracked to an area in Springfield,
Mass.
Zabu451: how did u know?!!!?!?!!?!?!?!?!??!!
NewfPyr: I used Server Tracker 5.0 . Don't you have it?
Zabu451: do you know my address!?!?!?!!?!?
NewfPyr: Of course not.
Zabu451: good
NewfPyr: I only know the number you're calling AOL from, which
is from your server, right?
Zabu451: yes
NewfPyr: Good. Okay, now that we have your number, we have your
address, and we are sending a repair team over there.
Zabu451: nonononono dont stop them now
NewfPyr: Why? Isn't your server down?
Zabu451: nonono its working now
NewfPyr: They're still coming, just in case.
Zabu451: STOP THEM NOW
NewfPyr: I can't break AOL Policy.
Zabu451: POEPLE ARE COMING TO MY HOUSE?!?!?!?!??
NewfPyr: No! To your server. You know, where you're calling AOL
from.
Zabu451: im calling from my house
NewfPyr: But you said you where calling from the server!
Zabu451: i lied im not reely a server guy
NewfPyr: But you said you were!
Zabu451: i lied i trying to get passwords please make them stop
NewfPyr: Okay. The repair team isn't coming anymore.
Zabu451: good
NewfPyr: But a team of FBI agents is.
Zabu451: NONONONO
Zabu451: im sorry
Zabu451: ill never do it again please make them not come
Zabu451: PLEASE IL STOP ASKING FOR PASSWORDS FOREVER PLEASE MAKE
THEM STOP!!
NewfPyr: I'm sorry, I can't do that. They should be at your house
in 5 minutes.
Zabu451: IM SORRY IL DO ANYTHING PLEASE I DONT WANT THEM TO HURT
ME
Zabu451: PLEASE
Zabu451: PLEEEEEEEEEEEEEEAAAAAAAAASSSSSSSSE
NewfPyr: They won't hurt you! You'll probably only spend a year
of prison.
Zabu451: no IM ONLY A KID
NewfPyr: You are? That makes it different. You won't go to prison
for a year.
Zabu451: i thout so
NewfPyr: You'll go for two years.
Zabu451: No! IM SORRY
Zabu451: PLEASE MAKE THEM STOP
Zabu451: PLEASE
[I thought this was enough. He was probably wetting his pants.]
NewfPyr: Since this was a first time offense, I think I can drop
charges.
Zabu451: yea
Zabu451: thankyouthankyouthankyou
NewfPyr: The FBI agents have been withdrawn. If you ever do it
again, we'll
bump you off.
Zabu451: i wont im sorry goodbye
[He promptly signed off.]
One of the RARE RARE occasions that we've actually felt sorry
for the hacker. SEVENTY FIVE TOKENS to you, NewfPyr! We're STILL
laughing - thanks a lot!
Submitted by: Fran C. M. T. @ aol.com
(Want more of this humor in a jugular vein? Check out
http://www.netforward.com/poboxes/?ablang)
*****************************************
Maybe you are too embarrassed to act like a typical AOL social
engineering hacker. OK, then maybe you are ready to try the Trojan
Horse. This is a type of attack wherein a program that appears
to do something legitimate has been altered to attack a computer.
For example, on a Unix shell account you might put a Trojan
in your home directory named "ls." Then you tell tech
support that there is something funny going on in your home directory.
If the tech support guy is sufficiently clueless, he may go into
you account while he has root permission. He then gives the command
"ls" to see what's there. According to Damien Sorder,
"This will only work depending on his 'PATH' statement for
his shell. If he searches '.' before '/bin', then it will work.
Else, it won't."
Presuming the sysadmin has been this careless, and if your
Trojan is well written, it will call the real ls program to display
your file info -- while also spawning a root shell for your very
own use!
***************************************************
Newbie note: if you can get into a root shell you can do anything
-- ANYTHING -- to your victim computer. Alas, this means it is
surprisingly easy to screw up a Unix system while operating as
root. A good systems administrator will give him or herself root
privileges only when absolutely necessary to perform a task.
Trojans are only one of the many reasons for this caution. Before
you invite your friends to hack your box, be prepared for anything,
and I mean ANYTHING, to get messed up even by the most well-meaning
of friends.
***************************************************
Another attack is to install a sniffer program on an Internet
host and grab passwords. What this means is any time you want
to log into a computer from another computer by using telnet,
your password is at the mercy of any sniffer program that may
be installed on any computer through which your password travels.
However, to set up a sniffer you must be root on the Unix
box on which it is installed. So this attack is clearly not for
the beginner.
To get an idea of how many computers "see" your
password when you telnet into your remote account, give the command
(on a Unix system) of "traceroute my.computer" (it's
"tracert" in Windows 95) where you substitute the name
of the computer you were planning to log in on for the "my.computer."
Sometimes you may discover that when you telnet from one computer
to another even within the city you live in, you may go through
a dozen or more computers! For example, when I trace a route
from an Albuquerque AOL session to my favorite Linux box in Albuquerque,
I get:
C:\WINDOWS>tracert fubar.com
Tracing route to fubar.com [208.128.xx.61]
over a maximum of 30 hops:
1 322 ms 328 ms 329 ms ipt-q1.proxy.aol.com [152.163.205.95]
2 467 ms 329 ms 329 ms tot-ta-r5.proxy.aol.com [152.163.205.126]
3 467 ms 323 ms 328 ms f4-1.t60-4.Reston.t3.ans.net [207.25.134.69]
4 467 ms 329 ms 493 ms h10-1.t56-1.Washington-DC.t3.ans.net [140.223.57
.25]
5 469 ms 382 ms 329 ms 140.222.56.70
6 426 ms 548 ms 437 ms core3.Memphis.mci.net [204.70.125.1]
7 399 ms 448 ms 461 ms core2-hssi-2.Houston.mci.net [204.70.1.169]
8 400 ms 466 ms 512 ms border7-fddi-0.Houston.mci.net [204.70.191.51]
9 495 ms 493 ms 492 ms american-comm-svc.Houston.mci.net [204.70.194.86
]
10 522 ms 989 ms 490 ms webdownlink.foobar.net [208.128.37.98]
11 468 ms 493 ms 491 ms 208.128.xx.33
12 551 ms 491 ms 492 ms fubar.com [208.128.xx.61]
If someone were to put a sniffer on any computer on that route,
they could get my password! Now do you want to go telneting around
from one of your accounts to another?
A solution to this problem is to use Secure Shell. This is
a program you can download for free from http://escert.upc.es/others/ssh/.
According to the promotional literature, "Ssh (Secure Shell)
is a program to log into another computer over a network, to
execute commands in a remote machine, and to move files from
one machine to another. It provides strong authentication and
secure communications over insecure channels."
If you want to get a password on a computer that you know
is being accessed remotely by people using Windows 3.X, and if
it is using Trumpet Winsock, and if you can get physical access
to that Windows box, there is a super easy way to uncover the
password. You can find the details, which are so easy they will
blow your socks off, in the Bugtraq archives. Look for an entry
titled "Password problem in Trumpet Winsock." These
archives are at http://www.netspace.org/lsv-archive/bugtraq.html
Another way to break into a computer is to get the entire
password file. Of course the password file will be encrypted.
But if your target computer doesn't run a program to prevent
people from picking easy passwords, it is easy to decrypt many
passwords.
But how do you get password files? A good systems administrator
will hide them well so even users on the machine that holds them
can't easily obtain the file.
The simplest way to get a password file is to steal a backup
tape from your victim. This is one reason that most computer
breakins are committed by insiders.
But often it is easy to get the entire password file of a
LAN remotely from across the Internet. Why should this be so?
Think about what happens when you log in. Even before the computer
knows who you are, you must be able to command it to compare
your user name and password with its password file. What the
computer does is perform its encryption operation on the password
you enter and then compare it with the encrypted entries in the
password file. So the entire world must have access somehow to
this encrypted password file. You job as the would-be cracker
is to figure out the name of this file and then get your target
computer to deliver this file to you. A tutorial on how to do
this, which was published in the ezine K.R.A.C.K (produced by
od^pheak <butler@tir.com>), follows. Comments in brackets
have been added to the K.R.A.C.K. text.
*********************************************
Strategy For Getting Root With a shadowed Passwd
step#1
anonymous ftp into the server get passwd
[This step will almost never work, but even the simplest attack
may be worth
a try.]
step #2
To defeat password shadowing on many (but not all) systems, write
a program
that uses successive calls to getpwent() to obtain the password
file.
Example:
#include <pwd.h>
main()
{
struct passwd *p;
while(p=3Dgetpwent())
printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name,
p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir,
p->pw_shell);
}
Or u can Look for the Unshadowed Backup.....
[The following list of likely places to find the unshadowed backup
is
available from the "Hack FAQ" written by Voyager. It
may be obtained from
http://
www-personal.engin.umich.edu/~jgotts/hack-faq]
Unix Path needed Token
----------------------------------------------------------------------
AIX 3 /etc/security/passwd !
or /tcb/auth/files/<first letter #
of username>/<username>
A/UX 3.0s /tcb/files/auth/?/ *
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow x
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files/<first letter *
of username>/<username>
SunOS4.1+c2 /etc/security/passwd.adjunct =
##username
SunOS 5.0 /etc/shadow
<optional NIS+ private secure
maps/tables/whatever>
System V Release 4.0 /etc/shadow x
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb =20
Step #3
crack it
[See below for instructions on how to crack a password file.]
**************************************************
So let's say you have managed to get an encrypted password
file. How do you extract the passwords?
An example of one of the many programs that can crack poorly
chosen passwords is Unix Password Cracker by Scooter Corp. It
is available at ftp://ftp.info.bishkek.su/UNIX/crack-2a/crack-2a.tgz
or http://iukr.bishkek.su/crack/index.html
A good tutorial on some of the issues of cracking Windows
NT passwords may be found at http://ntbugtraq.rc.on.ca/samfaq.htm
One password cracker for Windows NT is L0phtcrack v1.5. It
is available for FREE from http://www.L0pht.com (that's a ZERO
after the 'L', not an 'o'). It comes with source so you can build
it on just about any platform. Authors are mudge@l0pht.com and
weld@l0pht.com.
Another Windows NT password cracker is Alec Muffett's Crack
5.0 at http://www.sun.rhbnc.ac.uk/~phac107/c50a-nt-0.10.tgz Even
if you crack some passwords, you will still need to correlate
passwords with user names. One way to do this is to get a list
of users by fingering your target computer. See the GTMHH Vol.1
No.1 for some ways to finger as many users as possible on a system.
The verify command in sendmail is another way to get user names.
A good systems administrator will turn off both the finger daemon
and the sendmail verify command to make it harder for outsiders
to break into their computers.
If finger and the verify commands are disabled, there is yet
another way to get user names. Oftentimes the part of a person's
email that comes before the "@" will also be a user
name.
If password cracking doesn't work, there are many -- way too
many -- other ways to break into a computer. Following are some
suggestions on how to learn these techniques.
1. Learn as much as you can about the computer you have targeted.
Find out what operating system it runs; whether it is on a local
area network; and what programs it is running. Of special importance
are the ports that are open and the daemons running on them.
For example, if you can get physical access to the computer,
you can always get control of it one way or another. See the
GTMHHs on Windows for many examples. What this means, of course,
is that if you have something on your computer you absolutely,
positively don't want anyone to read, you had better encrypt
it with RSA. Not PGP, RSA. Then you should hope no one discovers
a fast way to factor numbers (the mathematical Achilles Heel
of RSA and PGP).
If you can't get physical access, your next best bet is if
you are on the same LAN. In fact, the vast majority of computer
breakins are done by people who are employees of the company
that is running that LAN on which the victim computer is attached.
The most common mistake of computer security professionals is
to set up a firewall against the outside world while leaving
their LAN wide open to insider attack.
Important note: if you have even one Windows 95 box on your
LAN, you can't even begin to pretend you have a secure network.
That is in large part because it will run in DOS mode, which
allows any user to read, write and delete files.
If the computer you have targeted is on the Internet, your
next step would be to determine how it is connected to the Internet.
The most important issue here is what TCP/IP ports are open and
what daemons run on these ports.
***************************************************
Newbie note: TCP/IP ports are actually protocols used to direct
data into programs called "daemons" that run all the
time an Internet host computer is turned on and connected to
the Net, waiting for incoming or outgoing data to spur it into
action.
An example of a TCP/IP port is number 25, called SMTP (simple
mail transport protocol). An example of a daemon that can do
interesting things when it gets data under SMTP is sendmail.
See the GTMHH on forging email for examples of fun ways to play
*legally* with port 25 on other people's computers. For a complete
list of commonly used TCP/IP ports, see RFC 1700. One place you
can look this up is http://ds2.internic.net/rfc/rfc1700.txt
****************************************************
2. Understand the operating system of the computer you plan
to crack. Sure, lots of people who are ignorant on operating
systems break into computers by using canned programs against
pitifully vulnerable boxes. As one teen hacker told me after
returning from Def Con V, "Many of the guys there didn't
even know the 'cat' command!" Anyone can break into some
computer somewhere if they have no pride or ethics. We assume
you are better than that. If the breakin is so easy you can do
it without having a clue what the command "cat" is,
you aren't a hacker. You're just a computer vandal.
3. Study the ways other people have broken into a computer
with that operating system and software. The best archives of
breakin techniques for Unix are Bugtraq http://www.netspace.org/lsv-archive/bugtraq.html.
For Windows NT, check out http://ntbugtraq.rc.on.ca/index.html.
A cheap and easy partial shortcut to this arduous learning process
is to run a program that scans the ports of your target computer,
finds out what daemons are running on each port, and then tells
you whether there are breakin techniques known to exist for those
daemons. Satan is a good one, and absolutely free. You can download
it from ftp://ftp.fc.net/pub/defcon/SATAN/ or a bazillion other
hacker ftp sites.
Another great port scanner is Internet Security Scanner. It
is offered by Internet Security Systems of Norcross, Georgia
USA, 1-800-776-2362. This tool costs lots of money, but is the
security scanner of choice of the people who want to keep hackers
out. You can reach ISS at http://www.iss.net/. Internet Security
Systems also offers some freebie programs. The "Localhost"
Internet Scanner SAFEsuite is set to only run a security scan
on the Unix computer on which it is installed (hack your on box!)
You can get it from http://www.blanket.com/iss.html. You can
get a free beta copy of their scanner for Win NT at http://www.iss.net/about/whatsnew.html#RS_NT.
In theory ISS programs are set so you can only use them at most
to probe computer networks that you own. However, a few months
ago I got a credible report that a giant company that uses ISS
to test its boxes on the Internet backbone accidentally shut
down an ISP in El Paso with an ISS automated syn flood attack.
If you want to get a port scanner from a quiet little place,
try out http://204.188.52.99. This offers the Asmodeus Network
Security Scanner for Windows NT 4.0.
In most places it is legal to scan the ports of other people's
computers. Nevertheless, if you run Satan or any other port scanning
tool against computers that you don't have permission to break
into, you may get kicked off of your ISP.
For example, recently an Irish hacker was running "security
audits" of the Emerald Island's ISPs. He was probably doing
this in all sincerity. He emailed each of his targets a list
of the vulnerabilities he found. But when this freelance security
auditor probed the ISP owned by one of my friends, he got that
hacker kicked off his ISP.
"But why give him a hard time for just doing security
scans? He may have woken up an administrator or two," I
asked my friend. "For the same reason they scramble an F-16
for a bogie," he replied. The way I get around the problem
of getting people mad from port scanning is to do it by hand
using a telnet program. Many of the GTMHHs show examples of port
scanning by hand. This has the advantage that most systems administrators
assume you are merely curious.
However, some have a daemon set up so that every time you
scan even one port of their boxes, it automatically sends an
email to the systems administrator of the ISP you use complaining
that you tried to break in -- and another email to you telling
you to turn yourself in!
The solution to this is to use IP spoofing. But since I'm
sure you are only going to try to break into computers where
you have permission to do so, you don't need to know how to spoof
your IP address.
******************************************************
You may laugh yourself silly warning: If you port scan by hand
against obscure.sekurity.org, you may run into some hilarious
daemons installed on weird high port numbers.
******************************************************
4. Now that you know what vulnerable programs are running
on your target computer, next you need to decide what program
you use to break in. But aren't hackers brilliant geniuses that
discover new ways to break into computers? Yes, some are. But
the average hacker relies on programs other hackers have written
to do their deeds. That's why, in the book Takedown, some hacker
(maybe Kevin Mitnick, maybe not) broke into Tsutomu Shimomura's
computer to steal a program to turn a Nokia cell phone into a
scanner that could eavesdrop on other people's cell phone calls.
This is where those zillions of hacker web pages come into
play. Do a web search for "hacker" and "haxor"
and "h4ck3r" etc. You can spend months downloading
all those programs with promising names like "IP spoofer."
Unfortunately, you may be in for an ugly surprise or two. This
may come as a total shock to you, but some of the people who
write programs that are used to break into computers are not
exactly Eagle Scouts.
For example, the other day a fellow who shall remain nameless
wrote to me "I discovered a person has been looting my www
dir, where I upload stuff for friends so I am gonna leave a nice
little surprise for him in a very cool looking program ;) (if
you know what I mean)"
But let's say you download a program that promises to exploit
that security hole you just found with a Satan scan. Let's say
you aren't going to destroy all your files from some nice little
surprise. Your next task may be to get this exploit program to
compile and run.
Most computer breakin programs run on Unix. And there are
many different flavors of Unix. For each flavor of Unix you can
mix or match several different shells. (If none of this makes
sense to you, see the GTMHHs on how to get a good shell account.)
The problem is that a program written to run in, for example,
the csh shell on Solaris Unix may not run from the bash shell
on Slackware Linux or the tcsh shell on Irix, etc.
It is also possible that the guy who wrote that breakin program
may have a conscience. He or she may have figured that most people
would want to use it maliciously. So they made a few little teeny
weeny changes to the program, for example commenting out some
lines. So Mr./Ms. Tender Conscience can feel that only people
who know how to program will be able to use that exploit software.
And as we all know, computer programmers would never, ever do
something mean and horrible to someone else's computer.
So this brings us to the next thing you should know in order
to break into computers.
5. Learn how to program! Even if you use other peoples' exploit
programs, you may need to tweak a thing or two to get them to
run. The two most common languages for exploit programs are probably
C (or C++) and Perl.
********************************************
Newbie note: If you can't get that program you just downloaded
to run, it may be that it is designed to run on the Unix operating
system, but you are running Windows. A good tip off that this
may be your problem is a file name that ends with ".gz".
********************************************
So, does all this mean that breaking into computers is really,
really hard? Does all this mean that if you break into someone's
computer you have proven your digital manhood (or womanhood)?
No. Some computers are ridiculously easy to break into. But
if you break into a poorly defended computer run by dunces, all
you have proven is that you lack good taste and like to get into
really stupid kinds of trouble. However, if you manage to break
into a computer that is well managed, and that you have permission
to test, you are on your way to a high paying career in computer
security.
Remember this! If you get busted for breaking into a computer,
you are in trouble big time. Even if you say you did no harm.
Even if you say you made the computer better while you were prowling
around in it. And your chances of becoming a computer security
professional drop almost to zero. And -- do you have any idea
of how expensive lawyers are?
I haven't even hinted in this tutorial at how to keep from
getting caught. It is at least as hard to cover your tracks as
it is to break into a computer. So if you had to read this to
learn how to break into computers, you are going to wind up in
a world of hurt if you use this to trespass in other people's
computers.
So, which way do you plan to go? To be known as a good guy,
making tons of money, and having all the hacker fun you can imagine?
Or are you going to slink around in the dark, compulsively breaking
into strangers'' computers, poor, afraid, angry? Busted? Staring
at astronomical legal bills?
If you like the rich and happy alternative, check out back
issues of the Happy Hacker Digests to see what computers are
open to the public to try to crack into. We'll also make new
announcements as we discover them. And don't forget to try to
crack obscure.sekurity.org. No one has managed to break it when
attacking from the outside. I don't have a clue of how to get
inside it, either. You may have to discover a new exploit to
breach its defenses.
But if you do, you will have experienced a thrill that is
far greater than breaking into some Lower Slobovian businessman's
386 box running Linux 2.0 with sendmail 4.whatever. Show some
chivalry and please don't beat up on the helpless, OK? And stay
out of jail or we will all make fun of you when you get caught.
Of course this Guide barely scrapes the surface of breaking
into computers. We haven't even touched on topics such as how
to look for back doors that other crackers may have hidden on
your target computer, or keystroke grabbers, or attacks through
malicious code you may encounter while browsing the Web. (Turn
off Java on your browser! Never, ever use Internet Explorer.)
But maybe some of you ubergenius types reading this could help
us out. Hope to hear from you!
___________________________________________
Warning! Use this information at your own risk. Get busted for
trying this out on some Lower Slobovian businessman's computer
and we will all make fun of you, I promise! That goes double
for Upper Slobovian boxes!! Want to see back issues of Guide
to (mostly) Harmless Hacking? See http://goodweb.scol.net/hacker/index.html(the
official Happy Hacker archive site). Want to share some kewl stuph with the Happy Hacker list? Correct
mistakes? Send your messages to list@cmeinel.com. To send
me confidential email (please, no discussions of illegal activities)
use and be sure to state in your message
that you want me to keep this confidential. If you wish your
message posted anonymously, please say so! Direct flames to dev/null@cmeinel.com.
Happy hacking!
© 1997 Carolyn P. Meinel. You may forward or post
this GUIDE TO (mostly) HARMLESS HACKING on your Web site as long
as you leave this notice at the end.
