The following was originally compiled in June 1998. It answers some basic questions about this FAQ and hacking.
Send comments about info in this FAQ to faq@nmrc.org. Simple flames about typos, the "that's not right" one liners will be ignored. If you wish to contribute corrections please include your research and source of facts. Also if you wish to add your information, I will include it if I can include your email address, unless I can verify the info independently. This way if someone has questions, they can bug you, not me.
It is prefered that you include OS flavor and versions, and other conditions used in testing. Theoretical discussion is fine, just try and back up your findings. Also note that we may often rewrite your submissions to match the "elite" nature of our FAQ ;-)
Anonymous submissions are okay. Encrypt them if you like, here's Simple Nomad's PGP key (also available from MIT's key server):
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzEQrjMAAAEEANaIf2AiInhVwmrZEFZ5V2eyZfuJfjoI9unJwRhokwJ4TtVh ApEwjXVEbJBCPRKOHzibi5IEF2BirpzzlSy0Aj82yZk/iqYtJO60S0aycSPNPBl5 BmoLJaUjxakmnMMXOl3qdeWWtScpP7B4QTHyfsHRvQz0HSUPxh6RUqAiTzdxAAUR tCRTaW1wbGUgTm9tYWQgPHRoZWdub21lQGZhc3RsYW5lLm5ldD4= =v0Xj -----END PGP PUBLIC KEY BLOCK-----
And the PGP 5 key...
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP for Personal Privacy 5.0 mQGiBDSfNs4RBADW7TK+WK6lta5deV0Pin2KInmwtG9+yB8lBr3yJHh+MPPfG6NU vmqoJh1STmaGG8tJ+P4p+vl7PZXflmEneuTwD7ItgtwQWTtUqYkIEKESUumW1Xaq 44aBAK9Fi7r3P+zT31vJFJmnRNRhE7tWgwk+YmIODpuUukd2uTWwOVXJrQCg/6Z2 DncKMjg2fQf8mVpk08pe2uEEAKSmSVASHJB4LHXwO8nEGmQYd/ahIIWo2kI288hM NH87xkOdileWmEVHVG3+sHreX1EMKAgPWjuYpG3Jo0hUYothpN3mOrT2nfmZp3OI I23A4LSc8mT1dnDIKwrjJgEVK5IyEVfSMD27fXFJm4nvC3HYMuLv35JYzQ2T2fSJ 552wA/9UhLe72U0NpOScnfHdHfMpBifL2MPM+UVGs0co99d2caBMRMtqGiB3tR2o 041EGr80gfBG6FBohZNyCzXE4J7y2CtfxYeNZ4YwB92xKNoZvjerB1Z3WEnIBm57 sRd4cAMyXomWdYgO1Wwb48bIJxFtGVEjXXjiIdOJKOk3gyEv37QgU2ltcGxlIE5v bWFkIDx0aGVnbm9tZUBubXJjLm9yZz6JAEsEEBECAAsFAjSfNs4ECwMBAgAKCRAk eqS9aDjxHRUoAJ4hnn4bIRbO70DfT61RPv3kSiPfbACbBC3L7R/FpiJvV7y+4RpC idBfHNq5BA0ENJ83ExAQAPkYoH5aBmF6Q5CV3AVsh4bsYezNRR8O2OCjecbJ3HoL rOQ/40aUtjBKU9d8AhZIgLUV5SmZqZ8HdNP/46HFliBOmGW42A3uEF2rthccUdhQ yiJXQym+lehWKzh4XAvb+ExN1eOqRsz7zhfoKp0UYeOEqU/Rg4Soebbvj6dDRgjG zB13VyQ4SuLE8OiOE2eXTpITYfbb6yUOF/32mPfIfHmwch04dfv2wXPEgxEmK0Ng w+Po1gr9oSgmC66prrNlD6IAUwGgfNaroxIe+g8qzh90hE/K8xfzpEDp19J3tkIt AjbBJstoXp18mAkKjX4t7eRdefXUkk+bGI78KqdLfDL2Qle3CH8IF3KiutapQvMF 6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ +PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarT W56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY72 88kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy 1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XrPdYX AAICEACOO5eqfVXbBp2hoUaikkiOHQ5BO1rWHJr8WdNgpwxghm8L8LmaM8td6TaW lFJtG5OlpHDOoLFHTHh1FJFzi+YpiWvmfkj18pjCiFCGZ04kHfVJ/YGngWCzlYnu nT1bO7E9JPb6lBDE1QWgvGBykiTXVUyij7Ih0w0XSQimBNLIG+9OWRxdTbTL8BBH 4NrVc6pj6ofvD6fcpgQ1QYVvWC28h5MT4vIJE1EySrFs7nTdZvcAB9VOLNVJequ4 HjU5FP9uFxWxYPdJ5GS+EqwpMOcaFzXZEmNTrSfml8RgE+lQPYKGrgvO9qMFA/rH +wgXbRMGLYMtmi7J6vScKhtgdH8N8WI8+M675oTPR1zCexOaWNpcvnC8wHLKiRCJ oRklXFaFkPzT7jDEChSibYeTOJ19js+clx4ZTlTHeuzsmzJbjCXkqSkA8v6xnn8e RltFPBQviG2SF19eODdJ2DEzXxqSFTJmqd/bVWRI006Vtg7KP+45bVfNOpW654Zb urjmJHm0SiykBINTro6mk67eSlXR/OwcowTFecqOm+IrtNLkV2zbDTRLWO7NIvy/ yat6gn5WcSLQFifaCekngPdyPf9dD3JvXPMhfvC8eZHgHtzbHm62PsVP6pI345Sv 2pVD/LwFNJvQejs0VzeW1vQDyTvuZsLu2CoRQlUNltvnCAS/7okAPwMFGDSfNxMk eqS9aDjxHRECbR0AoMCWRgpax3dcWcso23jEYb1A4N/8AKDSVipa2SJk3yUtI7qW pRIi/CztAg== =c+/T -----END PGP PUBLIC KEY BLOCK-----
Testing for a large part of the material was completed in the NMRC lab and at various field locations. Most of the tools used during testing are available from the NMRC web site in the files section (alternate locations are listed in the resources section for these tools).
Specific testing for Netware was done in the lab and at field locations. For NT the lab was used, but due to a recent "moment of clarity" NT is no longer operational in the labs. Field locations will be used from now on. Web related hacking information has been done in the field but due to a couple of odd related projects we currently have resources for this type of testing in the lab. Unix testing is also done in the lab, but primarily limited to Linux, OpenBSD, FreeBSD, and AIX.
Technical info has been discovered (read "quoted without permission because it was out in a public forum so I leeched it") and collected, often the technical detail is complete and self-explanatory in its original source, so I feel no reason to "test" it in a lab environment. I try and quote original material when I can, if I have left you out, let me know.
The actual FAQ was assembled from the various text files and turned into SGML source. The SGML-Tools package was used and only slightly altered to create these web pages. This gives us a single starting place during revisions and the opportunity for a multitude of output formats.
This FAQ is available online from the following locations:
www.nmrc.org/faqs/hackfaq/index.html.
This FAQ is available in other formats, including its raw SGML. See the www.nmrc.org/faqs/index.html page for details.
Currently due to the new processing of the information manual mirrors will not be supported. Once we've implemented the processes, we will more than likely be providing updates to this FAQ once a month.
If I said "to teach hacking" I would be lying. First off, no documentation will teach you how to hack. This FAQ answers common questions regarding some of the underlying mechanics from a hacker perspective. Second, I will not be drawn into a debate regarding usage of the term hacker, cracker, phreaker, hacking, cracking, and will certainly not be drawn into a discussion on the moral and legal issues involved. The material is what it is -- no more, no less, and I use terms the way I see fit to answer a question from the intruder perspective.
So the goal here is simply information disemination.
There is no disclaimer. Disclaimers are lame and idiotic LawyerSpeak. I don't care how you use this information. If you use it to break the law, fine. If you get caught, fine. If you use it to secure a system, fine. I am responsible for myself, therefore I need no "disclaimer". Instead, here is my EXclaimer -- PISS OFF.
The only thing more lame than a disclaimer on a web page is a disclaimer in a sig file (we all know how millions of dollars in attorney's fees are saved by sig files every year).
Here are a few of our many contributors of info:
...and various sources who wish to remain anonymous...
Tech Support (and special thanks to):
Lab Support:
Ace, Mike, Knobster, Up-uat, Fourth Stooge, B.C.
Documentation and Compilation:
Music Heard During Revising/Editing/Testing:
Here are the changes that have been made to this FAQ:
March 21, 1999