July 27, 1998
URL of the day: http://www.avolio.com/tracing.html
See back issues of the Happy Hacker Digest and Guides to (mostly)
Harmless Hacking at http://www.Happyhacker.org.
GTMHH en espanol: http://underhack.islatortuga.com
TABLE OF CONTENTS
* RE: Hiding directories
* AOL exploit
* Re: GTMHH: Part 2, Intro to Computer Viruses
* New Java Security Flaw Found
* The little black book of computer viruses
* RE: VBScript Exploit (What Microsoft [allegedly] had to say.)
* Good encryption/decryption mailing list
* URL for Virus Info
* Old school techniques
* Editorial: Snap, Crackle - Cracked!
*** RE: Hiding directories
From: "Nils van den Heuvel" <firstname.lastname@example.org>
> From: "Stephen Nicholas (AKA: Elfshadow)" <Elfshadow@innocent.com>>
> To Happy Hacker>
> In regards to Thomason's <email@example.com> letter
in the June 23rd edition,
> Thomason was talking about how he had a bunch of directories
that he couldnt
> delete, move, or get any access to, either through dos OR
> Then it goes on to explain by using Ascii char ALT - 255
> can make a directories that can be hidden etc..>
> Well, I have found a way around it. There is a neat little
dos program called
> 'X-Tree Gold', it is a fairly old program, made a while
back. This program
> CAN view, edit, rename, delete, and otherwise manipulate
> an ALT 255 (Or any ascii chars) in the name!!
Well, that's pretty cool, but all the DOS + WIN '95 tools
work on it
too... and it isn't really invisible... look what it says
do a "dir /ad" (ok, I edited it a little to make me
Het volume in station C heeft geen naam.
Het volumenummer is 3764-1E03.
Directory van C:\.
LINUX <DIR> 17-04-98 16:55 linux
KERNEL <DIR> 05-06-98 17:28 kernel
PHRACK <DIR> 10-07-98 16:47 phrack
<DIR> 15-07-98 12:00
2.447.863.808 bytes beschikbaar.
(sorry, I have a dutch version of w '95)
see that line that says
" <DIR> 15-07-98 12:00" ???
That's the ALT-255 directory, you can enter it by typing "cd
where <ALT-255> is the character that's generated by typing
255 on the
numeric keypad while pressing the ALT button...
All of the DOS + W'95 commands accept the <ALT-255> character,
you can deltree it, rd it, etc....
Very funny, Scotty. Now beam down my clothes!
*** AOL exploit
From: "Tiberian Son" <TiberianSon@Erols.Com>
Hello, Happy Hackers everywhere!
Since the magazine has sunk to a new low by mentioning AOL
hacks <G>, I
decided to go let some other people know about AOL. I started
out on AOL.
It used to be trying to phish an overhead account here and there
"superuser" or "root"), or going and dropping
a mijilion messages into
someone's e-mail box. Any person with visual basic can
do it. Well, then
came UTILITYS to do it! YES, utilitys that ran under a GUI and
to blow up chatrooms, type in ascii codes, and kick people offline
exploit in the IM programming that overloaded their soundcards,
AOL, and crashed their computers! Well, and I take my hat
off to Suzbik for
mentioning this, it was found that AOL would store your passowrds
plaintext! Well the problem is that people like, er, people
<G> can get at
this and use it! 'Nuff said.
Another neat AOL trick is "ghosting". It doesn't
ghost your text, but it
ghosts YOU! It is really computer dependant (the more upgrades
software has gone through, the better, and if you have a really
old copy of
AOL, the best!), but it is nice because you can call the 800
number, and the
server won't see you, so it won't... What you do is dial
into AOL (a futile
effort), and connect. When it says "checking password"
at the bottom of
that window, press space (or hit cancel). Now, dial again,
and complete the
process. NOTE: DON'T CHANGE WHERE YOU ARE DIALING
INTO, BECAUSE IT'S THE
DAILUP COMPUTER YOU ARE AFFECTING! If all goes well, try
to IM yourself.
It should return "User is offline". Whoo hoo!
Now, you can lurk in
chatrooms and not show up on the room occupant list, and might
to some new keywords (you have to hit or miss this one, it comes
and goes in
regards to keyword access).
After that, ghosting became fun (IM your worst enemy, taunting
the hell out
of them, and they can't TOS you because, heck, YOUR OFFLINE!),
but it wasn't
enough! We needed blood! The blood of the heretic
Steve Case! Well, we
all ran about, searching for more AOL hacks. About that
disgruntled staff member released his set of tools that made
him a staff
member. People tried to keep it under wraps, but couldn't,
apparently went into all the piracy rooms (piracy is real popular
on AOL due
to non-disclosure and privacy agreements make you invincible
on it, try
private room "Fate", "FateX", or those with
an ascenidng number on them,
such as "Fate1", or "FateX1"), and mass mailed
it to everyone! Whoo hoo!
Well, everyone who tried to use it couldn't, because AOL checks
account, and nicely deletes them for you when it finds you.
So along comes
a guy, who figures a way around this procees (and most people
have given up,
from all the virii floating around in false mailings of these
HE distributes it to the masses completed.
AOL is orgainised by a series of INVOKES, or numbers assigned
to the windows
of areas. Most of these invokes cannot be used at the keyword
just as example, we can see some of AOL's hypocracy and lies.
keyword prompt, type "upgrade". Opt for the AOL
4 upgrade/Beta Test. Oops,
you can't use it because you use Internet Explorer 4.0!
Oops! I am
conecting to AOL on my Linux box and use Mosiac! Hmmm...
Now try keyword
"Beta". You should be told you don't have access
to this area! I wonder
what is in beta? Try keyword "aol://1722:macbeta".
Note the INVOKE number
in there! It should get you into the area where you can
download AOL 4,
becuase they are LYING TO THE PUBLIC about IE4. In fact,
using IE4 in the beta area! If you can't get in, try ghosting
and then get
in. Again, it seems to be software specific. There
is a beta test form at
keyword "beta", but they have been denying that too
since the tests are so
Now, what was that about the staff tool? Well, no-one
really knows if it is
just another internet myth, or if it was real, but either way,
it works. To
use it, YOU MUST HAVE AOL 3.0 FOR WINDOWS 3.1 INSTALLED.
I installed mine
into "C:\AOL31\", just for the purpose of using this.
It installs a "*"
menu to your toolbar in AOL (if you use it on the win95 version,
boom!), and from there, explore! It has some text files
invokes (but I think you will have much more fun exploring the
some text documents explinging the stuff inside it. Double
Run1st.exe to install it initially, and then on Run2nd.exe to
mask the tools
form AOL. Since you have them, on a lark, install them
but don't click on
Run2nd.exe and watch as AOL cleans out the master tools (have
the ZIP on
disk!). As usual, use at your own risk.
I send all this to you in good company. If I thought
you could hit the CRIS
server (the server for managing the accounts), I wouln't send
it to you
(tell me if you do, I am interested). Second, a point of
RainMan. You've seen the movie, now play the AOL utility!
does is that is allows AOL staff to change their areas (for refrence,
the very tool used by hackers running the very same program to
caption of the OJ Simpson trial to "It's a picture of a
I never had the balls to try it. Again, if you do try it,
tell me what
happens. The Rainman command set invokes should also be
in there, but I
haven't had the occiasion to hack AOL in a loooooooong while.
If you follow
the invokes to "the secret staff area", and this is
eventually hit upon a message board from '93, and it is interesting
(it no longer works, the area was created by hackers, and AOL
on, or maybe they did, it's in ruins now, and is barely intelligable,
scattered crys still haunt it). Second: AOLSpy can
be used to get invokes
from windows. Sometimes they work, other times not.
If an invoke doesn't
work at first, try it agian in five miutes. Sometimes they
can be clogged,
since the invoke system was never intended for navigation, from
Mail me at TiberianSon@Erols.com with any questions.
"Peace upon you, my brothers. May we someday meet
face to face, and unite
Laters, the Tiberian Son
*** Re: GTMHH: Part 2, Intro to Computer Viruses
From: Matt Vollmar <firstname.lastname@example.org>
I am curious if you actually tried this "virus".
to Sun Microsystems, you cannot access system properties on which
applet is running...this, fortunately, turns out to be true,
the "applet" that is mentioned in this article is not
"applet"...it is, however, an application, which MUST
be run from
the command line. This means that a person must purposely download
the java byte-code, download the "homer.sh", and then
run it with
a command like "java Homer". I would recommend trying
to run this
from the web...it will do absolutely nothing but cause the Java
interpreter in Netscape to say:
Applet Homer can't start: exception: java.lang.ClassCastException:
Homer is not an applet
Thank God for reality...who knows what kind of havoc might
if you had actually been right...it's a good thing Sun usually
what they say they will do.
Note: The virus was not even written as an applet, which
from the code to anyone familiar with Java.
-- Matt Vollmar
*** New Java Security Flaw Found
(The following is reprinted from the Bugtraq email list, to subscribe
Bugtraq, email LISTSERV@NETSPACE.ORG with message "subscribe
From: Gary McGraw <gem@RSTCORP.COM>
Princeton's Safe Internet Programming Team recently announced
discovery of a serious Java security hole that can be leveraged
an attack applet. Their description follows:
We have found another Java security flaw that allows a malicious
to disable all security controls in Netscape Navigator 4.0x.
disabling the security controls, the applet can do whatever it
the victim's machine, including arbitrarily reading, modifying,
deleting files. We have implemented a demonstration applet
This flaw, like several previous ones, is in the implementation
"ClassLoader" mechanism that handles dynamic linking
in Java. Despite
changes in the ClassLoader implementation in JDK 1.1 and again
1.2 beta, ClassLoaders are still not safe; a malicous ClassLoader
still override the definition of built-in "system"
java.lang.Class. Under some circumstances, this can lead
subversion of Java's type system and thus a security breach.
The flaw is not directly exploitable unless the attacker can
other secondary flaw to gain a foothold. Netscape 4.0x
has such a
secondary flaw (a security manager bug found by Mark LaDue),
so we were
able to demonstrate how to subvert Netscape's security controls.
not aware of any usable secondary flaws in Microsoft's and Sun's
Java implementations, so they appear not to be vulnerable to
Please direct any inquiries to Edward Felten at (609) 258-5906
Dirk Balfanz, Drew Dean, Edward Felten, and Dan Wallach
Secure Internet Programming LabDepartment of Computer Science
*** The little black book of computer viruses
I just thought you'd want to tell everyone on the HH list
can download "the little black book of computer viruses"
by Mark A.
Ludwig for free from:
The book is in the public domain.
Keep up the good work,
*** RE: VBScript Exploit (What Microsoft [allegedly] had
From: "Ben Wright" <email@example.com>
In response to the message posted by <VM370x@aol.com>:
I contacted a friend at Microsoft and he said that "Microsoft"
was up to the users to use their common sense in the matter but
nonetheless he did recognise it to be a substantial problem.
to the comment about appending del c:\io.sys to autoexec.bat
understand that it would return an Access Denied error, although
sure it isn't to difficult to figure out a workaround ;o) - (I
been able to test this so don't go trying it!)
(P.S. Is there any chance what so ever of having a Win95/98
box such as
the Unix ones used in the Happy Hacker Wargames)
[Dale: Got one to spare???]
*** Good encryption/decryption mailing list
From: "BOB AUGER" <firstname.lastname@example.org>
I recently came upon a good encryption/decryption mailing
list that may
come in handy to you or your subscribers.
(Not really good for newbies)
To subscribe to the list, send a message to:
To remove your address from the list, send a message to:
*** URL for Virus Info
From: "Nancy Nancy" <email@example.com>
The following URL contains lots of info on viruses. It's frequently
and sometimes has a tutorial on writing viruses.
*** Old school techniques
I was just wondering why you guys haven't mentioned this age
technique in one of your news letters to the newbies....
(example: type one of the above, after a servers name....and
with a little
suerte, you might get some thing like this: /usr/local/bin/ph
I have had some rather interesting results with this in the
past, and still
everyonce-and-awhile get something back like "smile your
on candid camera"
or a big ASCII middle finger.
[Carolyn: This is the phf exploit. It almost never works
any more. If your
ISP catches you using it, you might get kicked off your account.]
*** Editorial: Snap, Crackle - Cracked!
From Dale Holmes <firstname.lastname@example.org>
I was making myself breakfast this morning when I saw it.
I don't mind
telling you that breakfast is my favorite meal of the day and
great pride in my breakfast making abilities. Sometimes I pour
right into the center of the bowl, other times I pour it gently
the side. While pouring my milk this morning, however, I was
by a television commercial. The voice on TV said "The European
cryptography industry has one word for the US Government - Thanks!"
I laughed so hard I spilled milk all over the table. I knew
meant. They were referring to the HUGE debate in the US over
encryption export policy. The US government controls the export
encryption software, and has long argued that 56-bit DES encryption
was sufficiently secure that it was made the US standard in 1977.
It has limited exports of software using DES technology to 40-bit
The government has argued that cracking 56-bit DES would require
an investment in time and money that is was nearly impossible.
The Electronic Frontier Foundation (EEF), a civil liberties
group, built a machine that cost $210,000, made from "old"
that successfully broke 56-bit DES encryption in less than 3
They have written a book about how it was done, entitled "Cracking
Secrets of Encryption Research, Wiretap Politics, and Chip Design",
available now from O'Reilly and Associates. I suggest you buy
Soon, if not already, every enemy that the US government fears
have the technology to crack 56-bit DES, and they will be doing
US companies that build encryption into their products will no
be able to compete in the global marketplace - nobody in their
mind will buy 56-bit DES now that they know how weak it is.
Most businesses outside the United States are using 128-bit
American companies are too, but only here in the US. Now that
has demonstrated how simple and cheap it is to crack the US encryption
standard, look for the US crypto policy debate to really heat
TV ad that I saw this morning was a call for citizens to get
in the debate. Once the ad was over, I looked down and noticed
milk all over my table.
There is no sense crying over spilled milk, but the current
policy, well, that is another matter...
This is a list devoted to *legal* hacking! If you plan to
information in this Digest or at our Web site to commit crime,
Foo on you! Happy Hacker is a 501 (c) (3) tax deductible organization
in the United States operating under Shepherd's Fold Ministries.
This is all a plot to save your immortal souls!
For Windows questions, please write Roger Prata<email@example.com>;
for Macs, write Strider <Strider@clarityconnect.com>,
and Unix, write Josh Fritsch <firstname.lastname@example.org>
Happy Hacker Digest editor: Dale Holmes <email@example.com>
Happy Hacker Grand Pooh-bah: Carolyn Meinel <>