What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

Dec. 1996 posts to Happy Hacker -- and Digests
Mon Dec 02 22:27:12 1996
From: Carolyn Meinel <>
Subject: Hacker war
:

Some of you on this list have wondered why we have been quiet so long.
Here's the answer: HACKER WAR!

Yes, you've read about hacker wars in Wired. Now you can play in them,
too -- on this list.

Guaranteed. All the hairiest, scariest hackers on the planet lurk this
list, waiting to pounce on us.

Now if you don't want some hypersensitive famous hacker raising heck with
you for something you post to this list, send it to me
() and request confidentiality. I'll post your item
anonymously.

In the meantime, we'll take back up where we left off. Just as we closed
down and moved the list due to, um, "technical difficulties," two
well-known hackers (and some lesser known ones) were flaming me on this
list. Well, we carried on some fun and games via private email and later
on the dc-stuff hackers' list.

So following is one of our little exchanges. It is between Gregory
Gillis, who specializes in viruses, and myself.

WARNING! If you are humor impaired, DO NOT READ THIS. IT WILL GIVE YOU
ULCERS! Remember, I warned you.

Furthermore, second warning, while the following is almost entirely true,
it is embellished just a tiny bit. This is known as satire.

Greg wrote:

>Carolyn, you are *not* addressing what is *the* major complaint against
you,
>ie -- that you are a know nothing wannabe who is purposely parasitically
>usurping (hacker) knowledge from others to further your own selfish
causes.

Greg, oh, Greg, how soon you forget! Remember that romantic evening at
Def Con III? Back 9in 1995? I had just plugged my laptop into a phone
jack lurking in the ballroom wall. You moved closer and whispered,
"Carolyn, teach me how to forge email."

Gregory, it was ecstasy. We telneted to fantasia.idec.sdl.usu.edu 25. How
I remember her! An Indigo pining away in Logan, Utah. A lonely, tiny
little Mormon town far in space and in the moral universe from our steamy
Las Vegas ballroom. Our excitement grew as you breathlessly keyed in
those commands: HELO...MAIL FROM:...RCPT TO: ... DEBUG...DEBUG! DEBUG!!!
Fantasia, Fantasia, FANTASIA!!!

Then, remember, Gregory, you asked for a memento of our little telnet
session. A text file. Yes, a text file explaining how to forge email by
telneting to a port running simple mail transfer protocol. I gave it to
you on a floppy disk.

Then you gave me a little memento, too. A disk with zipped viruses. And a
cute little pkunzip executable. An executable that, when I ran it,
trashed every file on your disk. Gregory, I still have that disk, a
priceless keepsake of our evening together at Def Con III.

But then, Gregory, it all began to fall apart. Later at Def Con III you
were *selling* copies of that disk with my email forging instructions on
it. Gregory! That was OUR email forging secret!

Well, Gregory, after you began peddling *our* email forging hack, I
figured I might as well go all the way. I began hanging out on street
corners after dark. Accosting passing motorists. "Wanna hack? Latest
sendmail exploit, 50 bucks! OK, $25. All right, all right, 25 cents..."

So now you see me. The Happy Hacker. Just wait until the Jan. Penthouse
comes out. I'll show you, Gregory, you cad, you cad!

In the meantime, you can check out back issues of my Guide to (mostly)
Harmless Hacking at http://www.feist.com/~tqdb/evis-unv.html. For those of
you not on the dc-stuff list, if you want to subscribe, email
majordomo@dis.org with message "subscribe dc-stuff"
 

Carolyn Meinel
M/B Research -- The Technology Brokers
 

Happy Hacker Digests: Dec. 1996

Wed Dec 04 11:19:07 1996
>From hh-owner  Wed Dec  4 09:41:22 1996
From: jericho@dimensional.com
Subject: Happy Hackers 1.1 (questions/comments)

[First of a series of replies to the Happy Hackers files. Input was taken
 from a handful of people and organized by Disorder and se7en. All replies
 should be directed to either dc-stuff@dis.org or hh@cibola.net]

>GUIDE TO (mostly) HARMLESS HACKING
>
>Vol. 1 Number 1
>
>Hacking tip of this column: how to finger a user via telnet.

>Furthermore, hacking is surprisingly easy. I'll give you a chance to prove
>it to yourself, today!

No. It is not easy. It takes a lot of time to learn systems, learn
security concepts associated with multi-user environments, etc.

Your statement goes along with that of some clueless person who posted
the following statement to USENET: "Any three-year old can just pop in a
CD and start hacking these days." Ludicrous. Learning how a system works,
communicates, interacts between all of it's different parts, and between
other systems, is how one learns to hack. Also knowing programming
languages is almost essential in learning how to apply the exploits once
they are found. All of this takes time. A long time.

>But regardless of why you want to be a hacker, it is definitely a way to
>have fun, impress your buddies, and get dates. If you are a female hacker
>you become totally irresistible to all men. Take my word for it!;^D

This is so insipid.

Geez: "I wanna be a hacker to express my misplaced adolescent angst!" It
use to be car gangs, surfer/hesher rivalries, then gangs. Now it's
"hacker groups." Getting a life would be better. And that should say
"to a handful of repressed men".

>So what do you need to become a hacker? Before I tell you, however, I am
>going to subject you to a rant.

And more to come, each to push your own views and beliefs on others,
while giving them less than adequate technical details.

See my first response above to see what you really need to become a
hacker. Knowledge and an intense desire to read, learn and experiment.
That is what hacking really is. Not listening to lamers who
have no hacking foundation to rest on, yet professes to know enough to
teach others how to hack. Teachers must know their subject to teach
others.

>Yes, some of these 3l1te types like to flame the newbies. They act like they
>were born clutching a Unix manual in one hand and a TCP/IP specification
>document in the other and anyone who knows less is scum.

No. They have taken a lot of time to learn the ins and outs of networks,
operating systems, protocols, and more. They do not want to just hand
over everything they have achieved to some clueless new person who
recently saw the movie "hackers".

A statement made to attempt to insulate herself from emails such as these
in the eyes of her newbie students so she can save face. Is anyone
actually learning anything useful, and actually applying them to real
world successful hacks? Or is everybody just wasting away their life with
delusions of hacking grandeur? No one will learn how to hack from the
Happy Hackers list/files in its current state. Period.

>Newbie note: 3l1t3, 31337, etc. all mean "elite." The idea is to take either
>the word "elite" or "eleet" and substitute numbers for some or all the
>letters. We also like zs. Hacker d00dz do this sor7 of th1ng l0tz.

No. The real hackers do not do this regularly. The few times they do,
they do it as a joke or to mock others who think it is cool.

>What we worry about is the kind of guy who says, "I want to become a hacker.
>But I *don't* want to learn programming and operating systems. Gimme some
>passwords, d00dz! Yeah, and credit card numbers!!!"

And you wonder why hackers are quick to flame these kind of people?

Lamers get credit card numbers to be able to freely call places like the
Defcon voice bridge, which is about as lame as it gets, and has nothing
to do with hacking.

>How can a clueless newbie trash other people's computers? Easy. There are
>public FTP and Web sites on the Internet that offer canned hacking programs.

The canned hacker programs you speak of do not delete or 'trash' systems.
A clueless newbie can do it by mistyping a simple command. Rather than
typing "rm -f", they might type "rm -rf" and do much more damage than
they had planned.

Recently reviewing the code of many of these programs, an overwhelming
majority of them do not work, and are outdated. What few do work require
source code modification to work properly against the intended target.
They are just plain too old, and take advantage of exploits that have
long since been patched. Your generalizations about hacking are the same
things the media does, and they have demonstrated, as have you, that they
know nothing.

>Thanks to these canned tools, many of the "hackers" you read about getting
>busted are in fact clueless newbies.

Clueless newbies like you. I have yet to see anything of substance from
anything you have ever written yet, including your lame and dodgeful
replies to these emails. The people you speak of are not hackers, nor were
they considered hackers.

>This column will teach you how to do real, yet legal and harmless hacking,

Telling people how to crash machines is not harmless Carolyn. (see later
issues)

>Warning: the tech support person at your ISP may tell you that you have a
>"shell account" when you really don't. Many ISPs don't really like shell
>accounts, either. Guess why? If you don't have a shell account, you can't
>hack!

And how about if I have a ppp account, and connect my linux box to that
account? Please make sure you fully qualify your statements. In hacking,
vague responses are completely worthless. Unix is very specific, vague
teaching will not help anyone.

Look at other groups that give vague responses.. like psychic hotlines,
politicians, etc. Vague replies are often a method of trying to hide
true ignorance.

>You don't know Unix? If you are serious about understanding hacking, you'll
>need some good reference books. No, I don't mean the kind with breathless
>titles like "Secrets of  Super hacker." I've bought too many of that kind of
>book. They are full of hot air and thin on how-to. Serious hackers study
>        c) TCP/IP, which is the set of protocols that make the Internet work. I
>like "TCP/IP for Dummies" by Marshall Wilensky and Candace Leiden.

Excuse me? No. Hackers do not buy 'Dummies' books. They would rather choose
"TCP/IP Illustrated Volume 1-3". Maybe you should read some of these
reference books yourself.

>OK, I'm signing off for this column. And I promise to tell you more about
>what the big deal is over telnetting to finger -- but later. Happy hacking!

So we learned to telnet to three ports, and do basic commands. Once again,
this is not hacking.

Yeah, so where was the file promising to tell us what the big deal over
telnetting to finger? There is no big deal. Maybe to you, but in
objective reality, there is none.

>© 1996 Carolyn P. Meinel. You may forward the GUIDE TO (mostly)
>HARMLESS HACKING Ezine as long as you leave this notice at the end. To
>subscribe, email with message "subscribe hacker
><joe.blow@my.isp.net>" substituting your real email address for Joe Blow's.

So why copyright this Carolyn?

I've been asking her this for months now. She finally answered it. She is
out to commercialize and make a buck from hacking. She doesn't know
anything about it, so she might as well cash in and be a hacking whore
like so many others are doing these days.
 

(This mail copyright 1996 Damien Sorder - All rights reserved. You may
 respond to this mail and quote relevant parts. You may not publish
 any part of this in print without prior written consent.)

***********************************
Wed Dec 04 17:32:14 1996
Happy Hacker Digest
Sender: owner-hh@cibola.net
Precedence: bulk

We've had some requests for a digest format. So I'm going to try putting the
creme de la creme of input to this list in one email per day for awhile.
Let me know how this works.

If you want to unsubscribe, email majordomo@cibola.net with message
"unsubscribe hh"

Moderator's note: this first one gets POST OF THE DAY award! Since he sent
this to me rather than the list, I have anonymized it. Remember, if you want
credit for your posts, please send them to the list, not to me.

Hi Caroline,
May every blessing be heaped upon you for coming out with this Happy Hacker
mother lode of info. Many, many thanks.
 Windows' Telnet: I've been able to telnet to a specific port -- in fact
that's how I ran the fake email stunt, sending a very happy little girl a
letter from Santa. (Much wonderment; who said hacking had to be
baaaaaaad!!??)
Speaking of Santa: He's gonna be bringing me the book "Running Linux" with
the accompanying CD Rom, which has a Linux system as well as a GNU (?)
personal C compiler. (Yes, I'm taking your advice on that and trying to
learn C, too. If my 50-y-o brain goes KAZ-art! my lawyers will be in touch.
And they're Canadians. Whoooo--ooooh.)
I guess my questions are (finally, Mabel, he's gotta question):
1. Will that be a suitable Linux?
2. Should I try for another?
3. What is the meaning of life?
4. If yes, is that shaken or stirruped?
Finally, thanks again for all your work/effort/labor/of/love. Perhaps I'll
hear from you ....
Alan

Moderator's answers:

1) You poor, poor thing. You're going to install Linux for Christmas? I've
found alcohol aids the process.

2) Some people find that Redhat is the easiest brand of Linux to install.
But I had a horrible time with it. Walnut Creek Slackware was easiest for
me. I of course am speaking relatively when I call it "easiest."

3) The meaning of life is 42. Scientists recently verified this through a
determination of the Hubble Constant.

4) Booze consumed while installing Linux should be inhaled along with
nitrous oxide. It is absorbed faster through the membranes of the lungs.
Trust me on this, I am also an expert in human physiology.
 
 

X-Sender: tqdb@wichita.fn.net
To: hh@cibola.net
Subject: Re: HH: Help for people without a shell account
In-Reply-To: <Pine.SUN.3.95.961203104000.10054D-100000@nova.dimensional.com>
Message-ID: <Pine.BSI.3.91.961204114905.13894B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Tue, 3 Dec 1996 jericho@dimensional.com wrote:

> Carolyn: the utils listed at that page give a Win95 user ping,
> nslookup/whois, finger, and archie. That is hardly "almost everything"
> that a shell account offers.

    You're right, but they can make being stuck with PPP only accounts
more bearable.

> How about the other popular things a shell account offers?
>
> procmail, dig, sed/awk, cut, grep, head/tail, more/less, sort, crontab,
> screen, traceroute, cc/gcc, gopher, etc. Add to that the robust nature of
> unix, the ability to modify existing programs, and a true multithreaded
> OS, and you will see why Win95 is not a replacement for the shell.

    The fact that I was able to write my own script to go through the WWW
access logs, and not only tell me how many hits my site received but also
the exact address of the visitor, what files they looked at and at what
times.  I suppose you might be able to do this with NT or another OS, but
the fact of the matter is that if you usually don't pay for that type of
report you won't be able to get it.  That is the case with our ISP ($25 a
month for web tracking with tons less info than I can generate for free).

    Unix is definitely the most flexible and 'low level' operating system
that I've been exposed to.  Unfortunately, that scares some people
because it allows their users to do more than they might want them to.
Sadly this is the situation here.  Our management has been scared into
thinking that WinNT is the only real safe OS and wants to get rid of Unix
altogether..
.TQDB

  -=| T.Q.D.B. - tqdb@wichita.fn.net - http://www.feist.com/~tqdb |=-
 
           "The term 'hacker' is not necessarily derogatory.
          A small percentage of them give the rest a bad name."
       --Special Agent Andrew Black, FBI SF Computer Crime Squad

X-Sender: tqdb@wichita.fn.net
To: hh@cibola.net
Subject: Re: HH: Re: Port surfing (fwd)
In-Reply-To: <Pine.SUN.3.91.961204074923.29222C-100000@camel.swcp.com>
Message-ID: <Pine.BSI.3.91.961204111534.13894A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 4 Dec 1996, Carolyn Meinel wrote:

> As I discovered from a flame war on the dc-stuff hackers' list yesterday
> (email majordomo@dis.org with message "subscribe dc-stuff"), people get
> really worked up over port assignments. I also discovered that I had only
> sent the info on how to get *all* port assignments to just one Happy
> Hacker list member instead of all of you. So here's the total scoop:
>
> The group that assigns ports is the Internet Assigned Numbers Authority,
> Contact:
>
>          Joyce K. Reynolds
>          Internet Assigned Numbers Authority

    Or just check out:

http://ds2.internic.net/rfc/rfc1700.txt

    and save yourself some time.  While you're there you might as well
check out a few of the other technical RFCs.
.TQDB
  -=| T.Q.D.B. - tqdb@wichita.fn.net - http://www.feist.com/~tqdb |=-
 
           "The term 'hacker' is not necessarily derogatory.
          A small percentage of them give the rest a bad name."
       --Special Agent Andrew Black, FBI SF Computer Crime Squad

(An anonymous post)
 

On Wed, 4 Dec 1996, Carolyn Meinel wrote:

> As I discovered from a flame war on the dc-stuff hackers' list yesterday
> (email majordomo@dis.org with message "subscribe dc-stuff"), people get
> really worked up over port assignments. I also discovered that I had only
> sent the info on how to get *all* port assignments to just one Happy
> Hacker list member instead of all of you. So here's the total scoop:

Hail!
Nothing goes on in DC-Stuff except flame wars, basically, so you might
wanna warn future subscribers of that.  There are discussions on why SF
is better than any city in the modern world, and in the weeks leading up
to the con there are discussions about trips/rides there, but that's
about it.  Almost as high noise/signal ratio cypherpunks, and the little
signal is not as good, I think...
 

(Another anonymous post)
 

You may want to remind people that ping and traceroute are included
with Windows95.  They have to be accessed through a DOS window while a
PPP connection is active.

For ping, at the command prompt, the command is "ping."

For traceroute, since DOS is still limited to 8 character filenames,
the command is "tracert".

The general command line options apply.

As to Jericho's comment:
>I know you can get some of these utils for DOS, but even then.. it just
>isn't the same. This is the second time I have seen you try to justify
>keeping Windows95 if you want to become a "hacker". That is just wrong.

Carolyn has never said Win95 and the available apps for it are an
acceptable substitute for a shell account or running a PPP connection
through Linux, but not everyone is as elite as you Jericho.  She has
merely given solutions for those not able to or not ready to move up to
those levels.

Why does it have to be an either-or proposition?  Win95 and Linux can
co-exist peacefully on the same hard drive.  I can't afford to go
hunting for and buying a bunch of productivity applications (like
bitmap editors on a par with PhotoShop, a word processor on a par with
MS Word, etc.) for Linux.  Win 95 just has more of the software I need
available.  Plus, I had drivers for my video card when I got Win95.
Support for my video card wasn't added to Xfree86 until the 3.1.2G
beta, and wasn't officially added until the 3.2 release last month.

Linux has its uses, thus I've given it a few hundred megs spread
across my two hard drives (how many of the HH subscribers are old
enough to remember when a 5 meg hard drive in a PC was high-tech?  We
got a Sperry PC clone in the computer lab at my high school in '84 and
we thought that internal 5 megger was just the coolest - as opposed to
the 160k 5.25" floppies we otherwise had to use --- major nostalgia, I
used to do my AP Computer Science homework using Turbo Pascal on a
Commodore 64).

I see no reason why encouraging newbies and tentative hackers to get
their feet wet in Win95 first is wrong, or why having both OS's is a
bad thing.

It may be pre-school level stuff in your opinion, but how many people
were coloring inside the lines at three?  Cut Carolyn and the newer
people some slack.  Just getting Linux up and running is a real
challenge for some people.  Configuring the programs and services
necessary for higher-level hacking can be a real bear, even for people
who have some familiarity with UNIX from work or shell accounts.  Let
people move at their own speed.  They'll get there.
 

From: jericho@dimensional.com
Received: from nova.dimensional.com (jericho@nova.dimensional.com
[208.206.176.11]) by blackhole.dimensional.com (8.7.6/8.6.12) with SMTP id
LAA10547; Tue, 3 Dec 1996 11:58:18 -0700 (MST)
Posted-Date: Tue, 3 Dec 1996 11:58:18 -0700 (MST)
Date: Tue, 3 Dec 1996 11:58:17 -0700 (MST)
Reply-To: jericho@dimensional.com
To: Carolyn Meinel <>
cc: dc-stuff@dis.org, hh@cibola.net
Subject: re: Jericho?
In-Reply-To: <Pine.SUN.3.91.961203095907.25067C-100000@llama.swcp.com>
Message-ID: <Pine.SUN.3.95.961203110306.10490A-100000@nova.dimensional.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
 

> Actually what is even more humorous is exploring the relationships among
> dimensional.com, lemming.com, and why one has most of its ports shut down
> but the other is wide open. And what *IS* that program running on
> lemming's port 22? People want to know.

The relationship between dimensional and lemming is pretty basic.
lemming gets its dedicated service from dimensional. No conspiracy
theories there.

port 22 responds with SSH and a version number.. could that be.. no..
*gasp*.. Secure Shell? You know.. a little application that allows secure
telnets to a machine? I would hardly classify that as "wide open".
However, if you do manage to break through port 22, and defeat SSH, please
write a white paper on it for the next Phrack.

(Editor's note: I'm afraid that http://www.cs.hut.fi/ssh/#further-info has
beaten Phrack to the punch with  a description of how to break into
Jericho's computer. YOU CAN GO TO PRISON NOTE: in Colorado, breaking into
the computer of someone who has not given you permission to do so is a FELONY.)

Why does it have most of its ports shut down? Lemme think.. maybe because
most aren't needed? What should I enable beyond ftp, telnet, ssh, and
sendmail? Nothing. There is no need for 99% of the services offered on a
unix box, at least for me.

(I was asking why dimensional.com is wide open, not lemming.com.)

So by not enabling these other daemons, I am making my box "more secure".
Are we following yet?

Oh, and Carolyn, feel free to portscan my box until your heart is content.
 

At 09:36 AM 12/4/96 -0700, jericho@dimensional.com wrote:
>
>Why do I know this won't go out on the HH list..

(Moderator's note: I don't allow random flaming. But if you have good
points, and the target of flames agrees to allowing the post, I will publish
them. However, he who flames can expect a teensy bit of return flaming.)

>
>You lie Carolyn. Tell these people the truth.
>
>> (email majordomo@dis.org with message "subscribe dc-stuff"), people get
>> really worked up over port assignments. I also discovered that I had only
>
>You preach about port assignments and how well you know "port surfing".
>You then post to the list a port that apparently baffled you, and people
>chimed in with the correct answer.
>
>> I also learned from that flame war that most people don't know where to
>> go for a free copy of ssh (secure shell program). If you run some kind of
>> Unix on your personal computer, and you want to remotely log in without
>> getting hacked, get your free version 1.2.17 from ftp.cs.hut.fi/pub/ssh.
>> Warning! This is a big file!
>
>B******T. YOU were the one who didn't know about SSH. YOU were the one who
>couldn't read the output of port 22 and determine what it was. YOU were
>the one who asked "And what is port 22. People want to know."
>
>> If you want to know why it is a bad idea to run version 1.2.14, go to
>> http://www.cs.hut.fi/ssh/#further-info. I sure hope no one on this list
>> uses that old version any more.
>
>>From the FAQ you quoted the URL to:
>
>6.1 What known security bugs exist in which versions of ssh?
>
>All versions of ssh prior to 1.2.12.92 had a security flaw which allowed
>local users to get access to the secret host key. This is fixed in
>1.2.13 and later.
>
>If you run ssh 1.2.13 on Alpha OSF 1.3 or SCO in C2 security mode, local
>users can gain root access. This is fixed by applying
>ftp://ftp.cs.hut.fi/pub/ssh/ssh-osf1-c2-setluid.patch or by upgrading to
>1.2.14 or later.
>
>Versions of ssh prior to 1.2.17 had problems with authentication agent
>handling on some machines. There is a chance (a race condition)
>that a malicious user could steal another user's credentials. This should
>be fixed in 1.2.17.
>
>=-=
>
>Ok Carolyn. The SSH on lemming suffers from a race condition that a
>malicious user could steal another user's credentials.
>
>1) Are you a user on lemming?
>
>2) Do you know who has accounts there?
>
>3) Do you know which of them use ssh?
>
>4) Can you exploit this race condition?
>
>5) Even if you did steal their credentials, could you do anything with it?
>
>
>Answers!
>
>No. No. No. No. No.
>
>You did this with Daemon9, and now me. Don't pretend you can hack our
>boxes. If you can, I have already told you how to prove it, and already
>told you that I would love to see you do it. I will post to HH and
>DC-stuff telling that you did, if it happens. Until then, quit making
>these half idle threats that you know something about bypassing security.
>

(Moderator's note: I keep on forgetting that there are people who have never
heard of the literary device of the "rhetorical question."  Also, if Damien
Sorder (jericho) had been reading his shell log files he would have known
that I paid a visit to lemming.com long ago. I even left a greeting. But I
was a good girl and did not put the "#" prompt on my screen. But -- I never
said I was some sort of a super hacker, did I? I merely teach beginner
hacking. You and Phrack editor daemon9 are the guys who are so worried
someone might think I actually know something about hacking.)

X-Sender: zoinks@cei.net
To: Carolyn Meinel <>
From: Dark Hour <zoinks@cei.net>
Subject: Re: Telnet question

I believe I am posting correctly, if not forgive me.  I am normally not a
fan of mailing lists.  There is a telnet program for windows that will let
you telnet to any port you like.  I'm sure you have heard of it, it is
called Netterm.  Although I am an avid supporter and user of linux, Netterm
is the best telnet program available when stuck in windows.

(Next post is anonymized. If the author of this excellent piece would like
credit, please let me know. In general, if you post to the list you name
goes on the post, while if you send it to the moderator in private email, it
is posted anonymously. Friendly warning: this post is long, but contains
excellent information.)

At 09:57 12/3/96 -0700, you wrote:
>One of the commonest problems of people who want to hack is getting a Unix
>shell account so they can use all those nifty commands such as finger and
>whois. However, T.Q.D.B. (who kindly hosts the Happy Hacker archives at
>his Web site) has discovered a site that sells Windows 95 programs that
>will give you almost everything that a shell account offers. Check out
>http://www.windows95.com/apps/finger.html!

Hi there.  Just wanted to point out a Web-based WHOIS service, provided by
the InterNIC itself.  The web page address is
<http://rs.internic.net/cgi-bin/whois>.  The also list there some good
instructions on other good snooping tools like nslookup.

BTW: Here's some info that may or may not be use to your readers - do with
it as you will.  I'm not any expert hacker by any means, so you may want to
double-check if everything is correct...

-----------
If you want to get a list of all the computers that are available at a site,
try the following:

If you have an email address or a domain name, you can find all the
computers hosted in that subnet.  In the example of an e-mail address, let's
use my address as an example - <sferrier@achilles.net>.

"achilles.net" is the domain name.  So, from a UNIX command-prompt, type
"nslookup".  This will give you something that looks a little like this
(less the dotted lines):

----------
Default Server:  nic.achilles.net
Address:  198.53.206.6

>
----------

The ">" character is your new prompt.  If you type "?", you should get a
help screen that looks something like:

----------
$Id: nslookup.help,v 4.9.1.3 1993/12/06 00:43:17 vixie Exp $

Commands:       (identifiers are shown in uppercase, [] means optional)
NAME            - print info about the host/domain NAME using default server
NAME1 NAME2     - as above, but use NAME2 as server
help or ?       - print info on common commands; see nslookup(1) for details
set OPTION      - set an option
    all         - print options, current server and host
    [no]debug   - print debugging information
    [no]d2      - print exhaustive debugging information
    [no]defname - append domain name to each query
    [no]recurse - ask for recursive answer to query
    [no]vc      - always use a virtual circuit
    domain=NAME - set default domain name to NAME
    srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
    root=NAME   - set root server to NAME
    retry=X     - set number of retries to X
    timeout=X   - set initial time-out interval to X seconds
    querytype=X - set query type, e.g., A,ANY,CNAME,HINFO,MX,NS,PTR,SOA,TXT,WKS
    type=X      - synonym for querytype
    class=X     - set query class to one of IN (Internet), CHAOS, HESIOD or ANY
server NAME     - set default server to NAME, using current default server
lserver NAME    - set default server to NAME, using initial server
finger [USER]   - finger the optional NAME at the current default host
root            - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
    -a          -  list canonical names and aliases
    -h          -  list HINFO (CPU type and operating system)
    -s          -  list well-known services
    -d          -  list all records
    -t TYPE     -  list records of the given type (e.g., A,CNAME,MX, etc.)
view FILE       - sort an 'ls' output file and view it with more
exit            - exit the program, ^D also exits
----------

There are all sorts of goodies in there.  But, to concentrate on getting
those machine names...

First, you want to find out the name server (the machine that will hold the
list of all the computers that have dedicated addresses) for that domain.
To find that out, try the following:

----------
> set quertype=mx
> achilles.net
Server:  nic.achilles.net
Address:  198.53.206.6

achilles.net    preference = 5, mail exchanger = mailhost.achilles.net
achilles.net    preference = 20, mail exchanger = mail.ottawa.istar.net
achilles.net    nameserver = nic.achilles.net
achilles.net    nameserver = nic.fonorola.net
mailhost.achilles.net   internet address = 198.53.206.6
mail.ottawa.istar.net   internet address = 204.191.213.2
nic.achilles.net        internet address = 198.53.206.6
nic.fonorola.net        internet address = 198.53.64.7
>
----------

The "set quertype=mx" line tells it that you want to know what route
incoming mail would take to get it.  It also gives us some other usefull
information.  For example, you can tell from this who is the ISP for my ISP
- namely <istar.net>.  It tells you that incoming mail will be routed to the
machine <mailhost.achilles.net>.  It also tells you the master DNS
nameserver - <nic.achilles.net>.  Now that we know the nameserver, try this:

----------
> server nic.achilles.net
Default Server:  nic.achilles.net
Address:  198.53.206.6

>
----------

This will tell it to disconnect from your local DNS and connect to the
remote DNS server for the domain in question.  From here, try this:

----------
>ls achilles.net
----------

And presto!  You have a list of all the computers in their sub-net that have
dedicated addresses!  Now, more often than not, many of the names in here
will be useless - ie: they will be for dialup accounts or whatnot, or
perhaps have multiple names for the same IP address, but you will most
definately come up with at least a few good machine names to play with.
Some sites will give you a list of literally hundreds of entries.  For
these, it would be much more usefull to have the date stored in a file
rather than displayed to the screen.  To accomplish this, simply modify the
above command to read:

----------
>ls achilles.net > achilles.txt
[nic.achilles.net]
#######
Received 370 records.
>
----------

This will store all the retrieved data into the file "achilles.txt" in the
current directory.  It also nicely tells you how many names were obtained
:-)  To quit "nslookup", simply enter the command "exit".

For more fun, try "set quertype=hinfo", then entering one of the specific
machine names that you found!

Have fun!

More --->>

 © 2013 Happy Hacker All rights reserved.