home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Hack-Phreak Scene Programs
/
cleanhpvac.zip
/
cleanhpvac
/
THC-LH10.ZIP
/
LOGINH.DOC
< prev
next >
Wrap
Text File
|
1996-04-14
|
18KB
|
389 lines
********* * * ****
* * * *
* ****** *
* * * *
* * * ****
The Hacker's Choice
Part I - The Login Hacker
(c) 1996 by van Hauser/THC of L.o.r.E.
-----------------------------------------------------------------------------
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█ █
▀▀▀▀▀▀▀█ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ █ ▄▄▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄
█ █ █ █ █ █ █ █
█ █ █ █▄▄▄█ █ █ █▀▀▀▀▀▀▀▀
█ █ █ █ █ █
█ █ █ █ █ █
█ █ █ █▀▀▀█ █ █ █▄▄▄▄▄▄▄▄
█ █ █ █ █ █ █ █
▀▀▀▀▀▀ ▀▀▀▀▀ ▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█ The Hacker's Choice █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
--------------------------------------------------------------------------------
***** ***** ****** ** **
** *** ** ** ******* ** **
** ** ** ** ** ** **
** ** ** ** ** ** **
** ** ** ** ** ** **
** *** ** ** ******* *****
***** ***** ****** ****
LOGIN HACKER v1.00
PUBLIC FINAL RELEASE
Introduction
----------------------
This is a fine program for hacking systems.
You can use up to 3 dictionary files PLUS 3 Brute Force Generators to
penetrate the target system.
Please note : This tool is for Sysops & SysAdmins only to check it on their
own system. Don't do anything illegal with this!
If this software formats your harddisk, crashes your computer, lets the monitor
explode, fucks your girlfriend and kills your dog - sorry, i don't intended
this program to do THIS, but you do everything on your own risk ... ;-)
If you write a good script and/or a successful one then send it to me!
Email : vh@campus.de
If you need more commands etc. tell me too!
SENSE & SENSELESS existance of a Login Hacker
-------------------------------------------------------
Sure this hack utility is neat, flexible etc. but you may ask why someone
should need and use it. It seems that it's only a program for "lamers" or
newcomers who think about using this program to hack governement computer
is the way to all successful hacking.
Of course most systems are surveilled and when many failed login attempts
are encountered security functions and alarms are triggered.
So this could be a one-way-ticket for novice hacker to jail.
Sure that may happen - and sure that will happen.
Of course thats the same for BBS hacking, after 10 tries the sysop will be
alarmed and know whats going on.
But for unix there are possiblities to check for correct passwords
without triggering logs & alarms but you can do this too with a script
and a nohup + & command to run them while you are offline.
So these AREN'T the thing to use this Login Hacker for.
I needed this 2 times in life :
First : An old telekom computer system, which allows you to do unlimited
password attempts.
Second: A unix system which could only be reached from a telnet platfrom
where i couldn't use the rare known possibilty to hack without alarms,
so i dared to do it with triggering alarms.
Not very much for writing such a big and flexible program.
But while searching for an already written one, i never found one, and many
guys i asked told me they searched too for this shit.
I think everyone who's into hacking tried once to find such a program.
And every toll free scanner or carrier scanner can image at least one phone
number where he could use this program.
Or maybe you want to use it with the risk of triggering alarms in your mind
to get into a closed system because you haven't got another chance
(a bank etc.) - BUT if you do THIS make your call untracable!
Either bei using other outdials, blueboxing, etc. or they'll get ya ass.
Keep this in mind and read on.
What to hack - and what NOT!
----------------------------------------------
For what do you need a login hacker? - Sure to get in.
Either if you just want one account for access to the system - thats OK,
or your goal is SysAdmin access on the target system - if so *NEVER* try
to hack the SysAdmin account directly with this tool!
First their passwords are usally much much stronger then those of the
average user, second on many systems their are special security functions
to prevent a login hacking on the Administration Account.
(On Unix this is an error message with level CRITICAL (auth.crit),
on others, like novell, the option might be turned on to disable the
Sysop account after 3 bad logins. AND nearly every software has got a
special security feature to only allow Sysop/Admin login from the console only!
So *NEVER* try to hack ROOT, OPERATOR, SYSADM, MANAGER, etc. directly)
The important part is to get in - remember that.
Once you are in, the system is much more vulnerable to your attacks.
Try to get the text of the update's description, then you know most time
where the usually security problems of this particular software lie ...
or try to contact some hacker and ask them.
How to know which users to hack : In my experiences femalse users often got
easy to guess passwords. But of course males often too ;-) Try to get to know
how the login names are given out (forenamen, Nickname, Familyname, 1st Forname
Character + Familyname, Fantasyname etc.).
Usual passwords for those accounts are the Loginname, Forename, Familyname,
Forename+Familyname and 1st Forename Character + Familyname ...
and try "bad" passwords like girlnames, football things, "123", "secret", etc.
On Unix systems ya can easily get to know the login names by a) probing with
finger or b) telnet to the smtp port and expand ALL ... and verify them to get
their full names.
Other possiblities to use the Login Hacker:
Modem Dialups protected with a system password (You just get a "PASSWORD:"
prompt. Or sometimes you get one which sends NOTHING to your modem).
Note:It is very easy to program a script which can hack those "Silent Carriers"
with the Login Hacker ... use your brain and try it out ... those are
the best to deal with ...
The WHO IS WHO in this great package
----------------------------------------------
There are 2 EXE File in this BETA Package :
LOGINH.EXE This one is the main program to hack everyting
LH-COMP.EXE This is the compiler for hack scripts if you want to use them
X00.EXE Fossil Driver. Use if you use EXECUTE. Load with : X00.EXE E 2
other files included in this package :
FILE_ID.DIZ whats that? how has that gone into this package ??
HISTORY.DOC take a look how this program evolved out an idea.
LOGINH.DOC you are reading me (unless you are blind)
SCRIPT.DOC The DOC file for the script language - PRINT IT OUT !
RESULT.DOC The meaning of the result codes reported from Login Hacker
UPDATE.DOC how to update from an old version
VH_BASE.DIC my own basic dictionary!
LH&SCAVE.TXT Example script to use the LOGIN HACKER with the SCAVENGER DIALER
THC&SCAV.SCR SCAVENGER example script you'll need it for LH&SCAVE.TXT script
REBREAK.SCR SCAVENGER example script you may need it for LH&SCAVE.TXT script
HANGUP.SCR SCAVENGER example script you may need it for LH&SCAVE.TXT script
PICKUP.SCR SCAVENGER example script you may need it for LH&SCAVE.TXT script
THC-LH_1.TXT An example of using the script language
THC-LH_2.TXT The second example of using this script language
DEC-SERV.TXT One successful script which got through! (by Tron X)
PASSCODE.TXT Another script (by MindManiac) ;-)
THC.NFO VERY important! Everything about our group ;)
LORE.COM neat intro for LORE BBS, written by Plasmoid (only 2 kb!)
and after some time of using you'll also find LOGINH.CFG (the config file for
LOGIN HACKER) plus file with the following endings :
.LOG These are the logfiles created. If a logfile already exists, all data
will be appended. The logfilename is either specified in the script or
in the online hacking setup.
.SCR These are the script files created with LH-COMP.EXE. Only these files can
be loaded into LOGIN HACKER be and used.
.HCK If you abort a hacking attempt, or something goes wrong, files with these
endings are created. These are the datafiles which point to the actual
dictionary/bruteforce settings when this datafile was created. If you
hack this system again, LOGIN HACKER will asks you if you want to use
the data from this file. So you can abort a hack session and continue
later. IMPORTANT : The Forename of this file is NOT the
scriptfile-forename but the logfile-forename ! So if you write the hack
data of another hack to the same logfile it will ask you to use the (old
and false) data! so keep it in mind.
How to handle this
-------------------------------
It's very much self explaining so there's not much of a docu this time ...
You must write a script to hack hack your targets - and this is the most
powerful tool ever written to help you. You can do (nearly) everything.
But of course it's not that easy ofr novice guys or hackers who never
programmed even with a Basic language.
On Information about programming those scripts consult the file SCRIPT.DOC
and the two examples THC-LH_1.TXT and THC-LH_2.TXT ...
and two actual scripts : PASSCODE.TXT and DEC-SERV.TXT
You must compile the scripts then with LH-COMP.EXE, before you can use them
with the main program. The script must be compiled to check for any errors
so you can be 99% sure that no programming syntax error will occur during
hacking! (if you put in endless loops thats your fault ;)
Command line Parameters
----------------------------------
LOGINH.EXE [scriptfile]/[anything] [-Auto] [-Shh:mm] [Ehh:mm]
[scriptfile] - loads automatically this compiled script file and just waits
for a key from you to start.
[anything] - if the parameter ISN'T an existing file, the hacker starts
without that fucking delay scrolling ;-)
[-Auto] - this parameter starts the script immediately without waiting
for a key.
[-Shh:mm] - Starttime - when the program will start scanning if specified.
Military time format -> 15:30 etc.
[-Ehh:mm] - Endtime - when the program will end scanning if specified.
Military time format -> 15:30 etc.
[-T] - Runt script in TEST mode which means that NO ouput is send
to the modem
[-D] - Turns debug mode on, which shows you the next executing command
and the option to either skip or exec it.
LH-COMP.EXE [scriptfile]
[scriptfile] - you must specify a non-compiled script
Using LOGINH.EXE
----------------
There are 5 options after you started it :
L - Load compiled Script
S - Setup
T - Terminal
I - Information
Q - Quit
Option 1 loads a compiled script and executes it (hacks).
In Option 2 you can setup your modem and some basic hacking limits.
In Option 3 is a small terminal program implemented. have fun with it.
Options 4 ... select it.
Options 5 ... uh i forgot why i put this in ... I think I'll remove it in
the future ... ;-)
THE SCREEN WHILE IN ONLINE HACKING MODE
-----------------------------------------------
(after loading & running a script)
Everything from the modem is sent is displayed in normal white.
Everything written to the LOGfile will be written in Dark Blue if you enabled
the Option "Print Logoutput to Screen too"
Every SYSTEM Message, like CONNECT, ALARM, HANGUPs, ERRORs etc. will be
displayed in HIGHLIGHTED BLUE.
KEYS WHILE ONLINE HACKING MODE
----------------------------------------
Press ESCAPE to Pause/Quit Menu
F1 For a HELP Screen
ALT-B Bosskey (Hides the screen and pauses)
ALT-C to clear the screen
ALT-D Turns Debug Mode on/off
ALT-H HangUp Menu
ALT-I Information/Statistic Display
ALT-J to jump to DOS (BETA! DOESN't WORK BY NOW!)
ALT-L Special LOGing Menu.
ALT-T -> ENTER TERMINAL MODE
in this mode the screen is paused and the system is under your control.
you may do verything you wish, use any of the keys above (except ESC).
to EXIT TERMINAL MODE you may either press ALT-T again or press ALT-X
you get then a menu where you can choose what to do now (restart, quit, contin)
------------------------------------------------------------------------------
Okay thats all ... HAVE PHUN !
-------------------------------------------------------------------------------
Remember : * Read SCRIPT.DOC and the examples. This is the most powerful thing
and should be used anytime, cause you can make it more flexible
and secure then the internal procedures from LOGINH.EXE
* If you like you may send any good script to vh@campus.de
* If you encounter ANY bug or need a special function - tell me!
* Please send all flames & police warrants to null@localhost
-------------------------------------------------------------------------------
For suggestions or bug report, call L.o.r.E. BBS ++49-(0)69-823282
Login : THC Password : THC
to write a comment to sysop, leech any THC release or get one of the
things this board is distributor, for example the SCAVENGER DIALER, VLAD
magazine etc.
e@mail : vh@campus.com
on ARRESTED DEVELOPMENT BBS send mail to van Hauser (No. in THC.NFO)
Ciao...
-> van Hauser <-
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.1
mQCNAzB6PNQAAAEEALx5p2jI/2rNF9tYandxctI6jP+ZJUcGPTs7QTFtF2c+zK9H
ElFfvsC0QkaaUJjyTq7TyII18Na1IuGj2duIHTtG1DTDOnbnZzIRsXndfjCIz5p+
Dt6UYhotbJhCQKkxuIT5F8EZpLTAL88WqaMZJ155uvSTb9uk58pv3AI7GIx9AAUT
tBp2YW4gSGF1c2VyL1RIQyBvZiBMT1JFIEJCUw==
=6UhL
-----END PGP PUBLIC KEY BLOCK-----
--------------------------------------------------------------------------------
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█ █
▀▀▀▀▀▀▀█ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ █ ▄▄▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄
█ █ █ █ █ █ █ █
█ █ █ █▄▄▄█ █ █ █▀▀▀▀▀▀▀▀
█ █ █ █ █ █
█ █ █ █ █ █
█ █ █ █▀▀▀█ █ █ █▄▄▄▄▄▄▄▄
█ █ █ █ █ █ █ █
▀▀▀▀▀▀ ▀▀▀▀▀ ▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█ The Hacker's Choice █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!
This file is for informational purpose only!
The Sysop-Team is NOT RESPONSIBLE for anything you do after reading this text!
!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!
┌────────────────[Sysop : van Hauser]────────────────┐
│ │
│ ▄ ▄ ▄ ▄ │
│ ▄█ ▄██▀■▀██▄ ▄█▀▀██▄ ▄█▀▀██▄ │
│ ▓█▌ ▐▓█▌ ▐█░▌ ▓█▌ ██▌ ▓█▌▄ ▀▀ │
│ ▒█▌ █▒█ █▒█ ▒█ ▀█▄▀ ▒█▌▀██▄ │
│ ▐░█▌■▄ ▐░█▌ ▐█▓▌▐░█▌ ▄█▓ ▐░█▌ ▀ │
│ ▀█▀ ▀██▄ ▀██▄■▄██▀ ▀█▀ ▐██▀ ▀█▀ ▀██▄ │
│ ▀ ▀ ▀ ▀ ▀ │
│ │
│ 3000 H/P/A/V/C/M Files │
│ Biggest Hpavcm Board In Germany │
│ BIG Message Base ! │
│ Experts Only! Lamer Protection! │
│ │
│ ┌─[ ++49-69-823282 ]─┐ │
└───────────────┤ NUP : <ask4it!> ├───────────────┘
└─[ ++49-69-PRIVAT ]─┘
!!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!!
Dieses File dient nur zur Information und Aufklaerung!
Die Sysops erklaeren sich NICHT VERANTWORTLICH
für Rechtsverstoesse, die durch diese Informationen entstehen.
!!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!!
H/P/A/V/M/C/I/D/P/!/L/F/O/!
--------------------------------------------------------------------------------