What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

Happy Hacker Digest Feb. 18-19, 1997
____________________________________
This is a moderated list for discussions of *legal* hacking. Moderator is
Carolyn Meinel. Please don't send us anything you wouldn't email to your
friendly neighborhood narc, OK? Send posts to . Better
yet,
To subscribe or unsubscribe, use the subscribe boxes on the menubar. If you decide you just want to
use the forum and not get these mailings, I promise my feelings won't get
hurt if you unsubscribe from this list.
Happy hacking! "Truth is the beginning of every good thing..." Plato
---------------------------------------------------------

URL 'O the Day: http://www.vcalpha.com/silicon/void-f.html
This is Silicon Toad's home page. He has the best newbie library I've ever
seen, called :Neophyte Haven."

Table of Contents

Email Bomb Program went Oopsie!
Cracker Q&A
Finger Answers
Social Engineering
Mac Web Servers
FTP Answer
Secure Networks Scanner Kit
Quick and Dirty Security Scanning
Ack! Save Us from IRC!
Canadian Law Question
Freedom and Protest in Cyberspace

EMAIL BOMB PROGRAM WENT OOPSIE!

(I want to start off by saying that I DO WANT THIS MESSAGE TO BE KEPT
ANONYMOUS please.  Hey there.  I want to start off by saying that I love
the happy hacker digest series.  I am very much a newbie, but with the aide
of your newsletters, I am constantly learning more and more.  I do have a
concern though.  I had downloaded avalanche 2.0 and was using it to try to
learn about mail bombs.  I know, I should've done my homework first instead
of finding software first off.  Now I know.  How ever, I was playing around
with the program (specifically, the mail list mail bombing function) I
entered a friend of mine's e-mail address and started sending.  It was very
quick.  It may have taken about a second or two.  I didn't think it worked
so I sent one to my address.  I only got hit with 1 mail list, but I have a
feeling that my friend was not so lucky, I estimate that he may have been
hit by about 300-400 lists.  I feel really bad.  Is there a program I can
get that will un-subscribe him?  I never meant to do that to him.  This is
a lesson well learned by me.  Now I know that just getting some programs
doesn't make a hacker.  You can be assured that now I very much do my
homework first.  I would really appreciate any help you can give me.
Thanks allot.  Keep up the good work.

CRACKER Q&A

From: k1neTiK <samk5@idt.net>
Subject: RE: passswd file question

>Anonymous:
>Hi,
>I've found a server that allows for it's passwd file to be
>read/downloaded with an anon. ftp connection.  Is this unusual, or
>standard?  Is it illegal for me to download the file to my home computer?
> What would one do with the passwd file?
It is not unusual for a server to allow it's passwd file to be downloaded,
but you will find that 99 times out of a 100, it will be shadowed.  Open it
with a text file, and if you see something like this:

root:*:0:0:root:/root:/bin/bash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
adm:*:3:4:adm:/var/adm:
lp:*:4:7:lp:/var/spool/lpd:

Then it is shadowed.  Normally you would see encrypted characters where the
* was.  Oh yeah, and after running it through a passwd cracker, you
hopefully would get some valid passwords and then you could use them to login.

Also, on a different note, for everyone that has asked questions about
Finger, it is detailed in RFC1288.

p.s.  My Web Site (the URL of the day for the Feb 17 issue) now has almost
all the digests since October, a few cool links, and a tutorial on how to
find out what a port does, or how to find out info about a specific daemon/port.

p.s.s Are there any known bugs/vulnerabilities in Identd?
             /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
            |/////////////////////////////////////////////////////////|
            |//////////k1neTiK////////////////////////////////////////|
            |//E-mail:  samk5@mail.idt.net////////////////////////////|
            |//IRC: usually on irc.stealth.net from around 5:30 p.m.//|
            |///(under the handle k1neTiK, duh!)//////////////////////|
            |/////////////////////////////////////////////////////////|
             \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
 

Moderator: I made this one anonymous. Sheesh, guys, please remember what I
have in the header of every digest: "Please don't send us anything you
wouldn't email to your friendly neighborhood narc, OK?" Sure, this guy has
an explanation for why he is trying to crack into this box, but if he is
fibbing, anyone who helps him would be in danger of being charged as an
accessory to crime.

I have been working on a Win NT box of an ISP (he's a good friend and we
have a bet going about his security) Dinner and drinks are on the line
here.. I have to leave a sort of "calling card" w/ no trace on the Root
of his net server.. It's an icon of a villain cartoon character..  The
problem that I am having is that doing a port scan on the Pop3 side I
turn up nothing of importance (only four ports available) They are
listed below.
 domain on port 53
     ftp on port 21
     pop3 on port 110
     smtp on port 25

I also tried the obvious Netscape bug and, this is his humor Received a
404 keyboard error saying the files requested are being held hostage by
elves w/ a pic of him grinning ear to ear and also asking if you
mistyped something.. I realized from then that this would be no simple
task and that all the ordinary NT bugs would be fixed, except for the
ping and syn flood.. Which would not be a challenge. Now on the next
server listed via Whois I ran a port scan and found these..

daytime on port 13
     discard on port 9
     domain on port 53
     echo on port 7
     exec on port 512
     finger on port 79
     ftp on port 21
     login on port 513
     shell on port 514
     smtp on port 25
     spooler on port 515
     sunrpc on port 111
     telnet on port 23
     time on port 37
     uucp on port 540--
 
What direction should I head in next? and also to try and keep in
stealth mode would it be advised to look in the way of finding routers
and telenetting to various accounts? One other note is that I Ftp'd to
what seemed to be a sort of virtual drive for clients to dload shareware
progs.. I was able to copy the ls, would this help in any way? Any
information that you could give me would be greatly appreciated

  Thanks in advance..

P.S. I hope that he is not a subscriber to this.. :)

Moderator: Here's another one I figured I'd better make anonymous:

I got into a system running Unix System V.The victims password was the same
as his username, is this stupid or what? So I went to the /etc directory and
tried the "cat" command:
cat - views the inside of a file.

But I was given a message something like "Permission Denied"
SH**.
Could this be that the victim's password is just a user right?
What command do I give to know my rights in Unix? (in novel it's simply
"rights"maybe, if my memory serves me right) What tricks do I do so that I
can manipulated the passwd file?
Thanx.

FINGER ANSWERS

From: pete higgins <kjamez@wiw.org>

> What does "idle" mean? Just what it sounds like. However, could anyone help
> me with the question of why "root" often turns up with an idle time of days
> or even weeks? I hope it doesn't mean someone has logged in as root and left
> that session open on an unattended terminal -- that would really be a no-no.

yep- that's generally what it means.  a telnet account will be idle if you
are in one shell and telnet in as another.

i.e.:  I telnet to wiw.org (my shell) as kjamez, and want to do something
on my box, (zyklonb.wiw.org) I telnet back to there with root.  then
mistakenly go back to wiw as kjamez from root. yeah I think that's what
I mean.  leaving one session of kjamez idle, and root idle as well.

or in xfree86, you may have a xterm on a different console with root
logged in.

for the most part, there is no harm in leaving a root account idle.
unless you are the sysadmin, and leave your office unlocked while you go
out to lunch or something. ;)

(wow, my first post, and maybe a somewhat helpful bit-o-worthless
information at that.
 

SOCIAL ENGINEERING

From: Bernz <bernz@ix.netcom.com>

Maybe it's just me. It probably is. Remote exploits (unless you discover
them yourself) aren't a really good way of getting into a system. They
are fixed damn quick. I'm relatively experienced at this and I have to
say that social engineering is the only way to absolutely get into a
remote system. I always see that people have questions about how to get
into systems and this aspect is continually overlooked. Sneaking in
through a dumb security guard is just as good as sneaking in through a
sendmail bug. People should realize that. There's a world of
scamming/hacking that's hardly been explored.

--
Bernz
http://members.tripod.com/~bernz
http://www.aracnet.com/~gen2600

"Tell me what you want, a zigahzigzah."
-From "The wit and wisdom of the Spice Girls"

MAC WEBSERVERS

From: Pete <pete@servtech.com>

Well, we seem to be having a few discussions going on, so I thought I'd
join into all of them :-).

>I work at an ISP where, for two years, we've been running on Macs.
>Although no
>one's tried on us yet, I've found that the Mac has had many attempts made
>on it-
>no success yet. That may seem like a broad, sweeping statement, but it's
>true.
>More people out there use Macs for serving than some people think- there's a
>reason for that.

I heard somewhere that Macs make up 20% of the servers on the Internet,
which is quite large considering that they have such a small market share.
I think that Macs may be hackable in the ways that NT is, with
denial-of-service attacks, freezing the machine, etc. Unlike Unix, the Mac
OS is not a group-oriented OS. It is a personal setup, where once you're
in, you're in, but it is much harder to GET in. You can't use little
loopholes like finding unshadowed passwords from a password file you get
off FTP. Macs don't have password files to check groups and such. So, in
this way, the Mac is a tougher nut to crack.

>     Without trying to start any OS wars, I think it is safe to claim that
> most technical people move on to other OSes rather than stick with MacOS
> and due to this there is a lack of real Mac hackers.  Give people a few
> months, when the become bored with Unix, WinNT and Novell and you'll
> start hearing about some more Mac exploits.

I don't think that anyone will get bored with Unix, but I understand your
point. If Apple launched a major "secure server" publicity campaign, there
might be a lot of interest from hackers who want to prove them wrong.
Although Apple has a disproportionate "server share," Macs are so low
profile that they haven't brought any major hacking attention. Perhaps
after NT gets picked over...

FTP ANSWER

From: jericho@dimensional.com

> I've found a server that allows for it's passwd file to be
> read/downloaded with an anon. ftp connection.  Is this unusual, or
> standard?  Is it illegal for me to download the file to my home computer?
>  What would one do with the passwd file?
>
> Moderator: I'll bet this availability of the password file is accidental.
> Since the server made no attempt to protect it, IMHO you probably won't get
> in trouble. What some hackers would do with this file is run it through a

Carolyn. Go to any ftp server and you will find a 'passwd' file more often
than not. This is not the machines normal passwd file, but a separate
passwd file for ftp accounts only.

SECURE NETWORKS SCANNER KIT

Approved-By: aleph1@UNDERGROUND.ORG
Date:  Tue, 18 Feb 1997 10:38:59 -0500
Reply-To: *Hobbit* <hobbit@AVIAN.ORG>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: *Hobbit* <hobbit@AVIAN.ORG>
Subject:      New CIFS paper up for grabs
To: BUGTRAQ@NETSPACE.ORG

I have released a white paper that digs into many attack and defense related
details of NetBIOS and CIFS resource-sharing protocols.  This should help
flesh out some aspects of the Secure Networks scanner kit.  Anyone running
or evaluating W95 / NT servers and the like may especially want to grab it.

        http://avian.org/avian/papers/cifs.txt

Enjoy!  At 118K or so, it may take a while to wade through...

QUICK AND DIRTY SECURITY SCANNING

From: Warpy <Warpy@null.net>

The following could be used by users to determine whether common
security holes/bugs, etc are present on their ISP, hence posing a threat
to their account..

Two words: ftp and sendmail..

Wu-FTPD is an ftp server daemon which is notorious for it's various bugs
and exploits. Too often sysadmins put off what the CERT advisory has told
them to do, i.e. install the correct patch, and run the risk of a security
breach.

To determine what version of wuftpd the system is running simply ftp to
it. Then note whether it is running wuftp..

It may say something like wu-2.4(?) above the login prompt. If it does
the system is running wu. Then do a web search for "hacking ftp", "exploits
ftp",
etc.. and see whether your ISP is running an exploitable version. If it is
be sure
to email your sysadmin and let him know.. ;)

Sendmail is another commonly exploited aspect of a system. To determine
your ISP's version of sendmail, telnet to port 25 on your ISP and not which
version
it is running. It may say something like 8.6.4, or 8.7.5.. Those two versions
mentioned are both well known for bugs/exploits which are commonly used to gain
illicit access to system.. Do another web search for "hacking sendmail" or
something
similar, and check whether the system is running an exploitable version. If
so you should,
as always, let your sysadmin know..

Warpy

P.S. Check out Infowar's IRC server at www.infowar.com port 6667..
Carolyn even turned up once.. :P
--
Life is far too serious to take seriously...
                                           Unknown

ACK! SAVE US FROM IRC!

From: bbuster@succeed.net (Bronc Buster)

Ack, are you this desperate for an article? If you were put out the word!
Please don't waste a newbies( and everyone else's) time, and steer him in the
wrong direction, talking about IRC. IRC is a curse to new "hackers". I read
that you're kind of new to the world of IRC, well might I suggest you stay
that way! IRC is 100% addictive. Once you get on, you want to stay on.
Newbies either get hooked and get off the path of get so discouraged they
quit all together! Let them find (if they don't already know) about IRC
themselves. I was almost an IRC victim myself, so I know :)
 
 

Regards                   \__ ^^ __/
   BB                        X  X
                             \  /
                              \/

CANADIAN LAW QUESTION

From: Chris <chpakova@planet.eon.net>

First off I would like to say thank you. :) Your guides are an
incredible idea!! This has got to be the best way to educate neophytes,
and interest young people in system operations. Thank you so much :)
I don't know if you have ever tried to ask a question in one of the
hacker channels on IRC, but icy silence is the common response..
So on to my queries..
1) All the laws that you refer to are of course American, but what about
Canadian law? Would you happen to know what there is on the books re:
international computer crime laws? Can someone be extradited<sp> for
cracking an American system from outside the US? Any help that you could
give me in this respect would be greatly appreciated..

FREEDOM AND PROTEST IN CYBERSPACE

From: Pete <pete@servtech.com>

>and in the spirit of a true openness, I will send to the offending
>webmaster the URL of my "anti-website".

One of the problems/good things about the net is that people can flock to
people who think exactly the same way they do. If some crazy right-winger
(*are* there conservative hackers? Does anyone know?) is down at the local
bar, he could get into a fight with some liberal. On the net, he can chill
with millions of guys who agree with him, then build up the courage and
spam a liberal newsgroup. The thing with the net is that you can't convince
lunatics to see the problems with their ways. If you edit a web page, all
you do is increase the paranoia and the hatred. Your link to an
"anti-website" will just be flamed and erased. The anonymity of the web
does not promote nice, thoughtful conversations between two people who
totally disagree. There's no bouncer around to drag them out of a bar.

On the subject of kicking email bombers off their sites, you have to
realize that Carolyn's only solution is to notify their ISP. Whereas you
really don't have the right to say what can and can't go on the Internet,
you have the right to raise your concerns with a sysadmin, who *does* have
the right to control what comes out of his neck of the woods. Plus, you can
be as selective as you want. All you're doing is notifying someone that
material might be questionable. If you like Silicon Toad's site, you don't
tell his provider, and there's less of a chance it will go. Because this
isn't just taking a site off the net, but asking for a site to be removed,
you're exercising your right to protest, and then the ISP can decide what
should happen.

From: "ruben d canlas jr" <benc@skyinet.net>

ruben d. canlas jr said:
> >
> >I'd like to argue on two levels. here's the first:
> >
> >there is a big difference between arguing in the abstract and in the
> >concrete. for instance, you are using the nazi experience to validate
> >that violating children is not offensive.

willm@intermind.com (Will Munslow) said:
 
> I disagree. He did NOT say, "As the Jews were persecuted for their
> religious beliefs, so are the child molesters." In fact, he did not even
> say child molester. He said that if he sees a site that he may "find
> distasteful" he has no right to destroy it. Absolutely correct. Now, back to
> the original argument. Kiddie porn is illegal. Hacking is illegal.
> Illegally hack illegal kiddie porn sites. Fine with me.

my say:

will: I didn't say child molester either, if that's where you want to
carry the discussion. but let's not. I agree with your argument too.
;)

there's only one glitch though. that term "legal" is often the
interpretation of the ruling class over the ruled. arguing on the
"legality" and "illegality" of things is problematic, which is what
mulder was pointing out from the start.
 

ruben d. canlas jr.
http://www.skyinet.net/users/benc
-------------------

From: mulder@jumbo.ntplx.net (Hunter Rose)
Subject: Re: Happy Hacker Digest Feb. 17, 1997
 

>Moderator: IMHO, trying to discuss ethics without referring to experts in
>ethics such as Jesus, Gandhi and Martin Luther King is like trying to
>discuss TCP/IP without referencing RFCs.
>Carolyn Meinel
 

ethics, in my opinion,  can be completely well understood without EVER
referring to religious figures.
        (note; while the following may seem to stray into religious debate,
I also don't need someone writing em and saying "Christ hater!" and then
burning down my house or something. I have a POINT. just bear with me.)
        History has shown over the years that religion has little or
nothing to do with ethics. more death has been caused by those who believed
that their god made them higher in status than others than any natural
cause. The "new" religious right is exactly the same as the ones who called
themselves the inquisition, only now they have better p.r. agents. Ethics
and religion should always be separate; no god should have to reward you
for being kind, fair, open, and loving.
        Likewise, though the great men listed above were truly heroes and
people I personally model my self after, is they were alive to witness the
deification of their names and images they would turn into recluses and
retreat form the world of men.
        So in no way does religion enter into ethics; well, maybe it does,
but it shouldn't. If any one religion were ultimately true, we would all
believe in it by definition. it's truth would not be open to
interpretation.
        In the same way, so are people's ethics different...though most of
us regard the newer hacker laws as complete political backwash, many
believe they aren't strict enough.
        The point of all this rambling was this:
        ethics should be self evident. we need to accept the fact that to
live peacefully and in happiness we must treat each other with respect. all
other dogma can be kindly left in the hearts of it's followers, and all the
more strength to those who hold faith.

--Daniel barrette
 

 +++++++++++++++

KADATH

mulder@ntplx.net

From: willm@intermind.com (Will Munslow)
Subject: Re: Happy Hacker Digest Feb. 17, 1997

>Moderator: IMHO, trying to discuss ethics without referring to experts in
>ethics such as Jesus, Gandhi and Martin Luther King is like trying to
>discuss TCP/IP without referencing RFCs.

Funny. Depends on who we decide the experts are. Ayn Rand? Aristotle? I
vote for William S. Burroughs.

Moderator: In case you are unfamiliar with Will's hero, William Seward
Burroughs has been characterized as a bookworm with strong homoerotic urges,
a fascination with guns and crime, a tendency to consume huge quantities of
mind-altering substances, and a natural inclination to break every rule he
could find. He was supported by his wealthy parents most of his life, and
wrote some well-received books which reflected his self-destructive
lifestyle. For details of his life and quotes from his books, see
http://www.peg.apc.org/~firehorse/wsb/nova/welcome.html. Parental discretion
advised!
Carolyn Meinel
M/B Research -- The Technology Brokers

More--->>

 © 2013 Happy Hacker All rights reserved.