What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

Happy Hacker Digest March 4-5, 1997
===============================================================================
         This is a moderated list for discussions of *legal* hacking.
                           Moderator is Carolyn Meinel.
 
                       
              Better yet, post to the
                        Hackers forum: http://www.infowar.com

                   Please don't send us anything you wouldn't
                  email to your friendly neighborhood narc, OK?

     To subscribe or unsubscribe, just
     use the subscribe boxes on the menubars. If you decide you
      just want to use the forum and not get these mailings, I promise my
           feelings won't get hurt if you unsubscribe from this list.
                                 Happy hacking!
-------------------------------------------------------------------------------
"Truth is often eclipsed but never extinguished." -- Livy
-------------------------------------------------------------------------------
URL 'O the Day: Another newbie hacker page. Check it out!
                  http://oscar.teclink.net/~kyle/newbi.html
-------------------------------------------------------------------------------

TABLE OF CONTENTS
   o NEW HACKER ZINE
   o SHOULD WE BE AFRAID OF HACKERS?
   o HACKER/PHREAKER (h/p) NEWSLETTER/WEB SITES
   o IP NAME QUESTION
   o MORE ON WIN95STARTUP SCREEN
   o GOT PERMISSION TO HACK
   o WHAT'S WRONG WITH BEING NEWBIE?
   o GOT THE PASSWD, BUT...
   o A PINE QUESTION
   o MORE X-HACKS
   o EMAIL BY TELNET

===============================================================================
*** New Hacker Zine
===============================================================================

Moderator:
 
   od^phreak <butler@tir.com>, who wrote the recent
   Overdosed Unix posts, has restarted the K.R.A.C.K. hacking
   ezine. This is for intermediate hackers, and focuses on Unix.
   There is some use of bad language, and no warning about the
   legality of what it teaches. Parental discretion advised. To
   subscribe, email butler@tir.com with message "subscribe."

===============================================================================
*** Should We Be Afraid of Hackers?
===============================================================================

<Anonymous>

   Hello Carolyn: I sometimes see you saying things like "Now if you
   do such and such to a REAL hacker you might get some unpleasantries
   happening to you."  I'm fairly new, and I'm curious exactly as to
   what hackers can do to someone if provoked enough. I'm aware of
   email-bombing (not that its hacking, but a pain in the butt), but
   what else can one of the "elite" guys do to someone?  I'd like to
   get a clear picture, none of that crap from the movie "hackers"
   (where they made buddy dead, and that stupid cookie monster virus
   etc...).  A friend of mine caught someone attempting to drive up
   his phone bill.  My friend saw this guy (who he knew and hated) in
   a car in front of his house with wires attached to one of his phone
   boxes.  The guy wound up in the hospital, and my friend got charged
   with assault.  Don't know about the punishment the guy got from the
   phreaking though :). Anyways if you could shed some light on it i'd
   appreciate it.

Moderator:
   There are several books that detail the fallout from hacker wars:

      _Takedown_ by Tsutomo Shimomura and John Markoff (Hyperion,
      1996, paperback, 494 pages, $5.99).

      _The Cyberthief and the Samurai_, by Jeff Goodell, Dell, 1996,
      paperback, 328 pages, $7.99.

      _The Fugitive Game: Online with Kevin Mitnick_ by Jonathan
      Littman (Little, Brown and Company, 1996, 1997, paperback, 397
      pages, $13.95).

   The first of these makes out Kevin Mitnick to be a big time
   computer criminal. But if you read between the lines you will
   realize it was actually a hacker war between Tsutomo Shimomura and
   his friends vs Mitnick and Mitnick's friends.

   Goodell and Littman both marshal an impressive body of evidence to
   show that Mitnick was guilty, at worst, of making free cellular
   phone calls and being a generalized pest. They make the hacker war
   nature of the conflict more obvious. It becomes clear to the reader
   that when Tsutomo and Markoff (who was mad at Mitnick for snooping
   in his account at The Well) got sufficiently angry, they were happy
   to use their investigative talents to put Mitnick in jail.

   But please don't get the idea that hackers are in general
   dangerous. My experience is that for every destructive GALF type
   there are 100 hackers who are polite and helpful.

   The biggest danger in hacker wars is that when you do something
   illegal, history tells us that many hackers will work hard and very
   effectively to help the authorities catch you.

   Remember -- a popular career path for hackers is to become computer
   security professionals. So that is one reason I don't want anyone
   emailing me anything that could get them in trouble if a law
   enforcement agent were to read it. You never know who is reading
   your email to me.

===============================================================================
*** HACKER/PHREAKER (h/p) NEWSLETTER/WEB SITES
===============================================================================

From: the mechanic <mechanic@javanet.com>

   Well, I would like to inform everyone from the HH mailing list, of
   the site for the h/p group I write for. We write about a lot of h/p
   related stuff, but would like to get it spread around more, so I
   thought this would be a good place to post it.

      ------------------------------------------------------------
      | Visit The Digital Misfit Syndicate Web Site at:          |
      | http://www.javanet.com/~mechanic            |
      | http://mechanic.base.org                                 |
      ------------------------------------------------------------

   To get on the mailing list, send mail to
      mechanic@javanet.com
   with a subject of <Subscribe_Mailing_List> DMS is currently looking
   for writers, please mail mechanic@javanet.com with your article, or
   if you are interested.

   later.

   [mechanic DMS]

===============================================================================
*** IP NAME QUESTION
===============================================================================

<Anonymous>

   I recently ran across a machine name that, when pinged, returned a
   different name. ("Ping -a www.fred.com" returns "pinging
   george.jet.com...")

   Naturally, my curiosity was aroused. So, I tried Telnetting into a
   couple of its ports.  To my disgust, Nothing was doin'. Except for
   2 ports, FTP and HTML.  When I FTPed in, my connection was refused!
   Arg!

   So... I Telnetted into the FTP port and was logged in anonymously.
   I typed HELP and got a list of available commands. But When I tried
   some of the available commands, it said either "Command not
   implemented" or something like "huh?  that's not a command".  So
   what is up here?  None of its commands work.

   Going to the HTML port, I get this:

      HTTP/1.0 400 Bad Request
      Server: Netscape-Enterprise/2.01
      Then <Your server sent something ours doesn't understand>

   Then I got booted off.

   BTW- The machines Telnet port works and gives:

      UNIX(r) System V Release 4.0
      Login: (doesn't allow anonymous)

   So other than a brute force attack on login attempts, being a
   newbie, I am stuck.  Hints on what I should learn before
   proceeding?  I don't want to be spoon fed, just need a starting
   point.

   ThanX

   IOScream!

Moderator:

   Several (and therefore different) IP numbers can map to one IP
   name, and several IP names can map to one IP number. It isn't
   unusual.

===============================================================================
*** MORE ON WIN95STARTUP SCREEN
===============================================================================

From: Joey Street <jlsjkw@flinet.com>

   >Moderator: Gee, well on my Win95 operating system, the startup
   >screen uses the same file as the background screen. But I
   >suppose it is possible that other versions of Win95 are not set
   >up to do this. All I can say is I do what works. Isn't that
   >what hacking is?

   Sorry for the long, semi-off topic post. I just couldn't stand
   seeing people misled.

   It can't use the same file. The background has to be a file with a
   .BMP extension and the startup and shutdown screens have .SYS
   extensions. However, the graphics in the files are similar, and it
   is possible to use one as the other, with a little manipulation. \,
   so you may actually be seeing the same screen.

   The startup screen (with the color bar at the bottom) is called
   logo.sys. You may or may not have one in your root directory. If
   you do not, Win95 uses the default one that is stored in IO.SYS.
   Any file placed in root named LOGO.SYS is used instead of the
   default.

   The shutting down screen (first one) is a file named LOGOW.SYS in
   <windows directory>. I don't know if there is a default for this or
   not. I am pretty sure there isn't.

   The shut down screen (ie: the one that says "It is now safe to turn
   off..."), is the file LOGOS.SYS in <win>. Same as above.

   These files are actually bitmaps with a .SYS extension. They are
   320 x 400 pixel bitmaps in 8-bit color (256). Win95 stretches them
   to fill the screen. The motion on the startup screen is because 95
   rotates certain colors to make it seem to move, like those moving
   X-mas lights. [And no, that isn't the Unix version of Christmas. :)
   ]

   To make your own startup and shutdown screens, use a graphics
   program like MSPaint. Set the image attributes to 640 x 480 (trust
   me). Draw your picture the way you want it to look, but don't try
   to use too many colors, and certain colors may not work. Save the
   file with whatever name you want, so that you can easily modify it,
   if you want to.

   Now use Edit>Select All (in MSPaint). Go to  Image>Stretch/Skew >
   Horizontal enter 50. Hit OK. Check the attributes. It should say
   320 x 400 (make sure Pels is selected) -- if not, you screwed up.

   Now save the file as a 256-Color Bitmap named LOGO.SYS, LOGOW.SYS,
   or LOGOS.SYS, depending on which one you want it to be and in the
   correct directory (root for startup LOGO.SYS, <win> for shutdown.)

   That's how to make your own custom screens. To be able to change
   the screens on a regular basis, and get some more screens, look at
   SHAREWARE.COM or TUCOWS.COM and you should be able to find freeware
   or cheap shareware.

   BTW, an easy way to make a new screen: open the LOGO.SYS file, and
   invert the colors. Weird.

   Now for a question. Does anyone know of any retail stores that sell
   any versions of Linux? Or is it only possible to mail-order?

   ----
   Millennium
   jlsjkw@flinet.com

===============================================================================
*** GOT PERMISSION TO HACK
===============================================================================

<Anonymous>

   thanks to your tip, i asked permission from my ISP sysadmin to hack
   into their system. and he agreed!

   of course it helped that i know the guy, but previously, i was
   thinking of hacking without permission, which put me in a paranoid
   situation because. i knew they could always trace me if i made a
   wrong move and it would be embarrassing for me, since i knew the
   sysadmin.

   so i wrote a letter broaching the subject and he agreed. on
   condition i don't destroy anything, and report to him what i did,
   how i did it, and what, if possible, could remedy the loophole.

   naturally, i agreed. the only problem though is the sysadmin is so
   good about security that they refuse to give shell accounts and you
   can't even telnet into their main systems (except for one, whose
   passwd i now have to crack).

   so my question now is: if i install linux and have access to unix
   commands, this means i don't need a telnet or shell account, right?

   thanks a lot! although i think HH is a bit slow, it only takes
   patience and wait for something to turn a gem.

   goodluck!

Moderator:

   You're right, with Linux or any other Unix that works on your home
   computer, you can do almost anything you could with a shell
   account.

===============================================================================
*** WHAT'S WRONG WITH BEING NEWBIE?
===============================================================================

From: "BeAvEr" <beaver11@themall.net>

   Hello fellow GTMHH readers,

   This is your good ole' friend BeAvEr and I am here to tell you
   guys a few tidbits.  All I here now-a-dayz (on the IRC, and in
   GTMHH) is, "I am a newbie!" or "Don't flame me for this newbie
   question!"

   What is wrong with being a newbie?  I am a newbie, I
   barely know what Linux is, and I am still running under that
   wonderful Windoze.  Since a majority on the net tend to call
   themselves newbies, why are they all afraid to ask questions?  Is
   there no empathy in the IRC domain?  To all the so called 311313 out
   there try and empathize a little with the younger "newbie" generation.
   If we ask what Linux is, don't flame us. At least tell us to f*** off
   nicely.  Don't ping us with packets of 4096 till we want to die.
   Basically under where we "The Newbie Generation" is coming from.  That
   is all from the BeAvEr today.

   Until next time, keep the heads up and those minds aware. Cause
   you never know what's around the corner!

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: " Jeffrey  Steinbrecher" <darkling69@hotmail.com>

   I have a win95 laptop, and am looking to double boot linux on it. I
   have no idea where to find linux, and only a rough idea on how to
   get it working.

   If some one has a how too, including www/ftp sites to use, please
   email me at Darkling69@hotmail.com - BtW, this address is immune to
   e-mail bombs, so that's the only reason i have it up here. I'm not
   asking you to test that, just that you check out www.hotmail.com,
   and get your own free account ;).

   Any help with double booting linux with win95 and where to get it
   is appreciated (sp).

   The Darkling
   (no, I'm not a complete newbie... just not a linux person)

===============================================================================
*** GOT THE PASSWD, BUT...
===============================================================================

From: "candyman" <candyman@voicenet.com>

   I have a question regarding how to view in full a password data
   base file.

   Well I hacked into my ISP (with permission from the sysadmin) and
   got the passwd file and another file called pwd.db.

   Now how do I view this pwd.db file? I tried Paradox 5 but it said
   the file's header is corrupted.

   Another thing: in the passwd file all of the users have " :*: " as
   their password. How do I find out their password? One of the users
   also has no password " :: " but when I try to login as that user,
   the system asks for a password. Can someone help me please ?

   CANDYMAN
   I Am A Force Of Pure Destruction !!

===============================================================================
*** A PINE QUESTION
===============================================================================

From: "prata@boss1.bossnt.com" <prata@cyber-wizard.com>

   Hello!  I have a question about Pine on my Linux 2.0.27 system.   I
   am using Minicom with pppd to connect to my isp.  Now, I have a
   shell acct on my isp's Linux box.  I use Pine when I telnet to that
   box.

   Is it possible to use MY Pine to send and receive email from a
   remote box when connected through ppp??

   I tried setting it up, but it doesn't seem to work.  Any clues??

   TIA,
   Rog

===============================================================================
*** MORE X-HACKS
===============================================================================

From: <n-treeg@ix.netcom.com>

   Hey, will the person who posted this please e-mail me at:
   N-TREEG@mobsters.com I'd like to get some more information on this
   hack.  I am on an AIX 4 system running X-windows.  I need to know
   what this "magic cookie" is, more info on the 2 second, period.

   And how do you connect to another workstation?  Also, at what time
   do you run the program?  If you could e-mail me, I'd really
   appreciate it. I'm really interested in trying out this hack.
   Also, is there a possibility of running this hack remotely if you
   spoof your ip to be the domain of the internal network?  Thanks...

   N-TREEG

   >===============================================================
   >*** X WINDOWS TRICK
   >===============================================================

   >
   >Anonymous:
   >
   >   I've noticed a little feature in the network of our school
   >   that could be interested for "happy hackers," since I'm
   >   talking of "internal hacking" (this thing won't work outside
   >   your network, I think) and it won't damage anything.
   >
   >   We are running a network on AIX version 4 with IBM (NCD) X
   >   Terminals ; the X Window version running on this network is
   >   release 5
   >
   >   Now to the interesting part : when a X workstation closes
   >   its current session, there are two seconds before the magic
   >   cookie is installed ; so you can open a display to any
   >   workstation if you connect to it in these two seconds.
 

===============================================================================
*** EMAIL BY TELNET
===============================================================================

From: Wendy Mosiman <wmosiman@feist.com>

   I heard there is a way to route your e-mail using telnet port 25...
   could anyone help me out with this?

===============================================================================
=M-o-d-e-r-a-t-o-r-s===========================================================
Carolyn Meinel
M/B Research -- The Technology Brokers
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ruben d. canlas jr.
http://www.skyinet.net/users/benc
===============================================================================
     To subscribe or unsubscribe, just
     use the subscribe boxes on the menubars. If you decide you
      just want to use the forum and not get these mailings, I promise my
           feelings won't get hurt if you unsubscribe from this list.
===============================================================================
                      End Happy Hacker Digest March 4-5, 1997
=E-d-i-t-o-r===================================================================
     Peter Beckman  .  beckman@purplecow.com  .  http://www.purplecow.com/

 © 2013 Happy Hacker All rights reserved.