Hacker's Arsenal - The Cutting Edge of Hacking

home *** CD-ROM | disk | FTP | other *** search

/ Hacker's Arsenal - The Cutting Edge of Hacking / Hacker's Arsenal - The Cutting Edge of Hacking.iso / texts / gtmhh / gtmhh3-5.txt < prev next >

Wrap

Text File | 2002-01-31 | 33.3 KB | 731 lines

___________________________________________________________ GUIDE TO (mostly) HARMLESS HACKING Vol. 3 No. 5 The Dread GTMHH on Cracking ____________________________________________________________ Nowadays if you ask just about anyone what a hacker is, he or she will tell you "a person who breaks into computers." That is partly on account of news stories which make it seem like the only thing a hacker does is commit computer crime. But there also is some truth to the public view. An obsession with breaking into computers has swept the hacker world. In fact, lots of hackers make fun of the kinds of stuff I think is fun: forging email and Usenet posts and programming Easter eggs into commercial software and creating Win 95 bootup screens that say "Bill Gates' mother wears army boots." But since everyone and his brother has been emailing me pleading for instructions on how to break into computers, here it is. The dread GTMHH on Cracking. Yes, you, too, can become a genuine computer cracker and make everyone quake in his or her boots or slippers or whatever footgear they are wearing lately. "But, but," you say. "This list is for *legal* hacking. Sez right here in the welcome message you sent me when I signed up." Welcome to reality, Bub. Hackers fib sometimes. ************************************************ You can go to jail warning: Almost everywhere on the planet, breaking into a computer is illegal. The only exceptions are breaking into your own computer, or breaking into a computer whose owner has given you permission to try to break in. It doesn't matter if you are just quietly sneaking around doing no harm. It doesn't matter if you make some stranger's computer better. You're still in trouble if you break in without permission. ************************************************ Honestly, this Guide really *is* about harmless hacking. You don't have to commit a crime to crack into a computer. From time to time hardy souls offer up their computers for their friends, or sometimes even the entire world, as targets for cracking. If you have permission from the owner of a computer, it is most definitely legal to break into it. In fact, here's a really fun computer that you have permission to break into. Damien Sorder invites you to break into his Internet host computer obscure.sekurity.org. But how do you know whether this or any other announcement of a cracker welcome mat is legitimate? How do you know I'm not just playing a mean old trick on Damien by sending out an invitation to break into his box to the 5,000 crazed readers of the Happy Hacker list? Here's a good way to check the validity of offers to let anyone try to break into a computer. Get the domain name of the target computer, in this case obscure.sekurity.org. Then add "root@" to the domain name, for example root@obscure.sekurity.org. Email the owner of that computer. Ask him if I was fibbing about his offer. If he says I made it up, tell him he's just chicken, that if he was a real hacker he'd be happy to have thousands of clueless newbies running Satan against his box. Just kidding:) Actually, in this case you may email info@sekurity.org for more details on Damien's offer to let one and all try to crack his box. Also, please be good guys and attack off hours (Mountain Daylight Savings Time, US) so he can use obscure.sekurity.org for other stuff during the day. Also, Damien requests "If you (or anyone) want to try to hack obscure, please mail root@sekurity.org and mention that you are doing it, and what domain you are coming from. That way I can distinguish between legit and real attacks." We all owe you thanks, Damien, for providing a legal target for the readers of this GTMHH to test their cracking skills. So let's assume that you have chosen a legitimate target computer to try to break into. What? Some guys say it's too hard to break into a fortified box like obscure.sekurity.org? They say it's more fun to break into a computer when they're breaking the law? They say to be a Real Hacker you must run around trashing the boxes of the cringing masses of Internet hosts? Haw, haw, sendmail 4.0! What lusers, they say. They sure taught those sendmail 4.0 dudes a lesson, right? I say that those crackers who go searching for vulnerable computers and breaking into them are like Lounge Lizard Larry going into a bar and picking up the drunkest, ugliest gal (or guy) in the place. Yeah, we all are sure impressed. If you want to be a truly elite cracker, however, you will limit your forays to computers whose owners consent to your explorations. This can -- should!-- include your own computer. So with this in mind -- that you want more from life than to be the Lounge Lizard Larry of the hacker world -- here are some basics of breaking into computers. There are an amazing number of ways to break into computers. The simplest is to social engineer your way in. This generally involves lying. Here's an example. ********************************************* From: Oracle Service Humour List <oracle-list-return-@synapse.net> Subject: HUM: AOL Hacker Turnaround (***) Read Newfpyr's masterful turning of the tables on a hacker... Certainly one of the best Absurd IMs we've EVER received! Newfpyr's comments are in brackets throughout. Zabu451: Hello from America Online! I'm sorry to inform you that there has been an error in the I/O section of your account database, and this server's password information has been temporarily destroyed. We need you, the AOL user, to hit reply and type in your password. Thank you for your help. Newfpyr: Hello! This is Server Manager #563. I'm sorry to hear that your server has lost the password info. I mean, this has been happening too much lately. We have developed some solutions to this problem. Have you got the mail sent out to all server managers? Zabu451: no NewfPyr: Really? Ouch. There's been some problems with the server mailer lately. Oh, well. Here's a solution to this problem: try connecting your backup database to your main I/O port, then accessing the system restart. Zabu451: no i still need passwords NewfPyr: I see. Do you want me to send you the list of all the passwords of all the screen names of your server? Zabu451: ya i want that NewfPyr: Let me get the server manager to send it... NewfPyr: He says I need your server manager password. Could you please type it in? Zabu451: i dont have one NewfPyr: What do you mean? That's the first thing every manager gets! Zabu451: it got deleted NewfPyr: Wow! You must be having a lot of trouble. Let me find out what server you're using... [Note: I checked his profile. It said he was from Springfield, Mass.] NewfPyr: Okay, your number has been tracked to an area in Springfield, Mass. Zabu451: how did u know?!!!?!?!!?!?!?!?!??!! NewfPyr: I used Server Tracker 5.0 . Don't you have it? Zabu451: do you know my address!?!?!?!!?!? NewfPyr: Of course not. Zabu451: good NewfPyr: I only know the number you're calling AOL from, which is from your server, right? Zabu451: yes NewfPyr: Good. Okay, now that we have your number, we have your address, and we are sending a repair team over there. Zabu451: nonononono dont stop them now NewfPyr: Why? Isn't your server down? Zabu451: nonono its working now NewfPyr: They're still coming, just in case. Zabu451: STOP THEM NOW NewfPyr: I can't break AOL Policy. Zabu451: POEPLE ARE COMING TO MY HOUSE?!?!?!?!?? NewfPyr: No! To your server. You know, where you're calling AOL from. Zabu451: im calling from my house NewfPyr: But you said you where calling from the server! Zabu451: i lied im not reely a server guy NewfPyr: But you said you were! Zabu451: i lied i trying to get passwords please make them stop NewfPyr: Okay. The repair team isn't coming anymore. Zabu451: good NewfPyr: But a team of FBI agents is. Zabu451: NONONONO Zabu451: im sorry Zabu451: ill never do it again please make them not come Zabu451: PLEASE IL STOP ASKING FOR PASSWORDS FOREVER PLEASE MAKE THEM STOP!! NewfPyr: I'm sorry, I can't do that. They should be at your house in 5 minutes. Zabu451: IM SORRY IL DO ANYTHING PLEASE I DONT WANT THEM TO HURT ME Zabu451: PLEASE Zabu451: PLEEEEEEEEEEEEEEAAAAAAAAASSSSSSSSE NewfPyr: They won't hurt you! You'll probably only spend a year of prison. Zabu451: no IM ONLY A KID NewfPyr: You are? That makes it different. You won't go to prison for a year. Zabu451: i thout so NewfPyr: You'll go for two years. Zabu451: No! IM SORRY Zabu451: PLEASE MAKE THEM STOP Zabu451: PLEASE [I thought this was enough. He was probably wetting his pants.] NewfPyr: Since this was a first time offense, I think I can drop charges. Zabu451: yea Zabu451: thankyouthankyouthankyou NewfPyr: The FBI agents have been withdrawn. If you ever do it again, we'll bump you off. Zabu451: i wont im sorry goodbye [He promptly signed off.] One of the RARE RARE occasions that we've actually felt sorry for the hacker. SEVENTY FIVE TOKENS to you, NewfPyr! We're STILL laughing - thanks a lot! Submitted by: Fran C. M. T. @ aol.com (Want more of this humor in a jugular vein? Check out http://www.netforward.com/poboxes/?ablang) ***************************************** Maybe you are too embarrassed to act like a typical AOL social engineering hacker. OK, then maybe you are ready to try the Trojan Horse. This is a type of attack wherein a program that appears to do something legitimate has been altered to attack a computer. For example, on a Unix shell account you might put a Trojan in your home directory named "ls." Then you tell tech support that there is something funny going on in your home directory. If the tech support guy is sufficiently clueless, he may go into you account while he has root permission. He then gives the command "ls" to see what's there. According to Damien Sorder, "This will only work depending on his 'PATH' statement for his shell. If he searches '.' before '/bin', then it will work. Else, it won't." Presuming the sysadmin has been this careless, and if your Trojan is well written, it will call the real ls program to display your file info -- while also spawning a root shell for your very own use! *************************************************** Newbie note: if you can get into a root shell you can do anything -- ANYTHING -- to your victim computer. Alas, this means it is surprisingly easy to screw up a Unix system while operating as root. A good systems administrator will give him or herself root privileges only when absolutely necessary to perform a task. Trojans are only one of the many reasons for this caution. Before you invite your friends to hack your box, be prepared for anything, and I mean ANYTHING, to get messed up even by the most well-meaning of friends. *************************************************** Another attack is to install a sniffer program on an Internet host and grab passwords. What this means is any time you want to log into a computer from another computer by using telnet, your password is at the mercy of any sniffer program that may be installed on any computer through which your password travels. However, to set up a sniffer you must be root on the Unix box on which it is installed. So this attack is clearly not for the beginner. To get an idea of how many computers "see" your password when you telnet into your remote account, give the command (on a Unix system) of "traceroute my.computer" (it's "tracert" in Windows 95) where you substitute the name of the computer you were planning to log in on for the "my.computer." Sometimes you may discover that when you telnet from one computer to another even within the city you live in, you may go through a dozen or more computers! For example, when I trace a route from an Albuquerque AOL session to my favorite Linux box in Albuquerque, I get: C:\WINDOWS>tracert fubar.com Tracing route to fubar.com [208.128.xx.61] over a maximum of 30 hops: 1 322 ms 328 ms 329 ms ipt-q1.proxy.aol.com [152.163.205.95] 2 467 ms 329 ms 329 ms tot-ta-r5.proxy.aol.com [152.163.205.126] 3 467 ms 323 ms 328 ms f4-1.t60-4.Reston.t3.ans.net [207.25.134.69] 4 467 ms 329 ms 493 ms h10-1.t56-1.Washington-DC.t3.ans.net [140.223.57 .25] 5 469 ms 382 ms 329 ms 140.222.56.70 6 426 ms 548 ms 437 ms core3.Memphis.mci.net [204.70.125.1] 7 399 ms 448 ms 461 ms core2-hssi-2.Houston.mci.net [204.70.1.169] 8 400 ms 466 ms 512 ms border7-fddi-0.Houston.mci.net [204.70.191.51] 9 495 ms 493 ms 492 ms american-comm-svc.Houston.mci.net [204.70.194.86 ] 10 522 ms 989 ms 490 ms webdownlink.foobar.net [208.128.37.98] 11 468 ms 493 ms 491 ms 208.128.xx.33 12 551 ms 491 ms 492 ms fubar.com [208.128.xx.61] If someone were to put a sniffer on any computer on that route, they could get my password! Now do you want to go telneting around from one of your accounts to another? A solution to this problem is to use Secure Shell. This is a program you can download for free from http://escert.upc.es/others/ssh/. According to the promotional literature, "Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels." If you want to get a password on a computer that you know is being accessed remotely by people using Windows 3.X, and if it is using Trumpet Winsock, and if you can get physical access to that Windows box, there is a super easy way to uncover the password. You can find the details, which are so easy they will blow your socks off, in the Bugtraq archives. Look for an entry titled "Password problem in Trumpet Winsock." These archives are at http://www.netspace.org/lsv-archive/bugtraq.html Another way to break into a computer is to get the entire password file. Of course the password file will be encrypted. But if your target computer doesn't run a program to prevent people from picking easy passwords, it is easy to decrypt many passwords. But how do you get password files? A good systems administrator will hide them well so even users on the machine that holds them can't easily obtain the file. The simplest way to get a password file is to steal a backup tape from your victim. This is one reason that most computer breakins are committed by insiders. But often it is easy to get the entire password file of a LAN remotely from across the Internet. Why should this be so? Think about what happens when you log in. Even before the computer knows who you are, you must be able to command it to compare your user name and password with its password file. What the computer does is perform its encryption operation on the password you enter and then compare it with the encrypted entries in the password file. So the entire world must have access somehow to this encrypted password file. You job as the would-be cracker is to figure out the name of this file and then get your target computer to deliver this file to you. A tutorial on how to do this, which was published in the ezine K.R.A.C.K (produced by od^pheak <butler@tir.com>), follows. Comments in brackets have been added to the K.R.A.C.K. text. ********************************************* Strategy For Getting Root With a shadowed Passwd step#1 anonymous ftp into the server get passwd [This step will almost never work, but even the simplest attack may be worth a try.] step #2 To defeat password shadowing on many (but not all) systems, write a program that uses successive calls to getpwent() to obtain the password file. Example: #include <pwd.h> main() { struct passwd *p; while(p=3Dgetpwent()) printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd, p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell); } Or u can Look for the Unshadowed Backup..... [The following list of likely places to find the unshadowed backup is available from the "Hack FAQ" written by Voyager. It may be obtained from http:// www-personal.engin.umich.edu/~jgotts/hack-faq] Unix Path needed Token ---------------------------------------------------------------------- AIX 3 /etc/security/passwd ! or /tcb/auth/files/<first letter # of username>/<username> A/UX 3.0s /tcb/files/auth/?/ * BSD4.3-Reno /etc/master.passwd * ConvexOS 10 /etc/shadpw * ConvexOS 11 /etc/shadow * DG/UX /etc/tcb/aa/user/ * EP/IX /etc/shadow x HP-UX /.secure/etc/passwd * IRIX 5 /etc/shadow x Linux 1.1 /etc/shadow * OSF/1 /etc/passwd[.dir|.pag] * SCO Unix #.2.x /tcb/auth/files/<first letter * of username>/<username> SunOS4.1+c2 /etc/security/passwd.adjunct = ##username SunOS 5.0 /etc/shadow <optional NIS+ private secure maps/tables/whatever> System V Release 4.0 /etc/shadow x System V Release 4.2 /etc/security/* database Ultrix 4 /etc/auth[.dir|.pag] * UNICOS /etc/udb =20 Step #3 crack it [See below for instructions on how to crack a password file.] ************************************************** So let's say you have managed to get an encrypted password file. How do you extract the passwords? An example of one of the many programs that can crack poorly chosen passwords is Unix Password Cracker by Scooter Corp. It is available at ftp://ftp.info.bishkek.su/UNIX/crack-2a/crack-2a.tgz or http://iukr.bishkek.su/crack/index.html A good tutorial on some of the issues of cracking Windows NT passwords may be found at http://ntbugtraq.rc.on.ca/samfaq.htm One password cracker for Windows NT is L0phtcrack v1.5. It is available for FREE from http://www.L0pht.com (that's a ZERO after the 'L', not an 'o'). It comes with source so you can build it on just about any platform. Authors are mudge@l0pht.com and weld@l0pht.com. Another Windows NT password cracker is Alec Muffett's Crack 5.0 at http://www.sun.rhbnc.ac.uk/~phac107/c50a-nt-0.10.tgz Even if you crack some passwords, you will still need to correlate passwords with user names. One way to do this is to get a list of users by fingering your target computer. See the GTMHH Vol.1 No.1 for some ways to finger as many users as possible on a system. The verify command in sendmail is another way to get user names. A good systems administrator will turn off both the finger daemon and the sendmail verify command to make it harder for outsiders to break into their computers. If finger and the verify commands are disabled, there is yet another way to get user names. Oftentimes the part of a person's email that comes before the "@" will also be a user name. If password cracking doesn't work, there are many -- way too many -- other ways to break into a computer. Following are some suggestions on how to learn these techniques. 1. Learn as much as you can about the computer you have targeted. Find out what operating system it runs; whether it is on a local area network; and what programs it is running. Of special importance are the ports that are open and the daemons running on them. For example, if you can get physical access to the computer, you can always get control of it one way or another. See the GTMHHs on Windows for many examples. What this means, of course, is that if you have something on your computer you absolutely, positively don't want anyone to read, you had better encrypt it with RSA. Not PGP, RSA. Then you should hope no one discovers a fast way to factor numbers (the mathematical Achilles Heel of RSA and PGP). If you can't get physical access, your next best bet is if you are on the same LAN. In fact, the vast majority of computer breakins are done by people who are employees of the company that is running that LAN on which the victim computer is attached. The most common mistake of computer security professionals is to set up a firewall against the outside world while leaving their LAN wide open to insider attack. Important note: if you have even one Windows 95 box on your LAN, you can't even begin to pretend you have a secure network. That is in large part because it will run in DOS mode, which allows any user to read, write and delete files. If the computer you have targeted is on the Internet, your next step would be to determine how it is connected to the Internet. The most important issue here is what TCP/IP ports are open and what daemons run on these ports. *************************************************** Newbie note: TCP/IP ports are actually protocols used to direct data into programs called "daemons" that run all the time an Internet host computer is turned on and connected to the Net, waiting for incoming or outgoing data to spur it into action. An example of a TCP/IP port is number 25, called SMTP (simple mail transport protocol). An example of a daemon that can do interesting things when it gets data under SMTP is sendmail. See the GTMHH on forging email for examples of fun ways to play *legally* with port 25 on other people's computers. For a complete list of commonly used TCP/IP ports, see RFC 1700. One place you can look this up is http://ds2.internic.net/rfc/rfc1700.txt **************************************************** 2. Understand the operating system of the computer you plan to crack. Sure, lots of people who are ignorant on operating systems break into computers by using canned programs against pitifully vulnerable boxes. As one teen hacker told me after returning from Def Con V, "Many of the guys there didn't even know the 'cat' command!" Anyone can break into some computer somewhere if they have no pride or ethics. We assume you are better than that. If the breakin is so easy you can do it without having a clue what the command "cat" is, you aren't a hacker. You're just a computer vandal. 3. Study the ways other people have broken into a computer with that operating system and software. The best archives of breakin techniques for Unix are Bugtraq http://www.netspace.org/lsv-archive/bugtraq.html. For Windows NT, check out http://ntbugtraq.rc.on.ca/index.html. A cheap and easy partial shortcut to this arduous learning process is to run a program that scans the ports of your target computer, finds out what daemons are running on each port, and then tells you whether there are breakin techniques known to exist for those daemons. Satan is a good one, and absolutely free. You can download it from ftp://ftp.fc.net/pub/defcon/SATAN/ or a bazillion other hacker ftp sites. Another great port scanner is Internet Security Scanner. It is offered by Internet Security Systems of Norcross, Georgia USA, 1-800-776-2362. This tool costs lots of money, but is the security scanner of choice of the people who want to keep hackers out. You can reach ISS at http://www.iss.net/. Internet Security Systems also offers some freebie programs. The "Localhost" Internet Scanner SAFEsuite is set to only run a security scan on the Unix computer on which it is installed (hack your on box!) You can get it from http://www.blanket.com/iss.html. You can get a free beta copy of their scanner for Win NT at http://www.iss.net/about/whatsnew.html#RS_NT. In theory ISS programs are set so you can only use them at most to probe computer networks that you own. However, a few months ago I got a credible report that a giant company that uses ISS to test its boxes on the Internet backbone accidentally shut down an ISP in El Paso with an ISS automated syn flood attack. If you want to get a port scanner from a quiet little place, try out http://204.188.52.99. This offers the Asmodeus Network Security Scanner for Windows NT 4.0. In most places it is legal to scan the ports of other people's computers. Nevertheless, if you run Satan or any other port scanning tool against computers that you don't have permission to break into, you may get kicked off of your ISP. For example, recently an Irish hacker was running "security audits" of the Emerald Island's ISPs. He was probably doing this in all sincerity. He emailed each of his targets a list of the vulnerabilities he found. But when this freelance security auditor probed the ISP owned by one of my friends, he got that hacker kicked off his ISP. "But why give him a hard time for just doing security scans? He may have woken up an administrator or two," I asked my friend. "For the same reason they scramble an F-16 for a bogie," he replied. The way I get around the problem of getting people mad from port scanning is to do it by hand using a telnet program. Many of the GTMHHs show examples of port scanning by hand. This has the advantage that most systems administrators assume you are merely curious. However, some have a daemon set up so that every time you scan even one port of their boxes, it automatically sends an email to the systems administrator of the ISP you use complaining that you tried to break in -- and another email to you telling you to turn yourself in! The solution to this is to use IP spoofing. But since I'm sure you are only going to try to break into computers where you have permission to do so, you don't need to know how to spoof your IP address. ****************************************************** You may laugh yourself silly warning: If you port scan by hand against obscure.sekurity.org, you may run into some hilarious daemons installed on weird high port numbers. ****************************************************** 4. Now that you know what vulnerable programs are running on your target computer, next you need to decide what program you use to break in. But aren't hackers brilliant geniuses that discover new ways to break into computers? Yes, some are. But the average hacker relies on programs other hackers have written to do their deeds. That's why, in the book Takedown, some hacker (maybe Kevin Mitnick, maybe not) broke into Tsutomu Shimomura's computer to steal a program to turn a Nokia cell phone into a scanner that could eavesdrop on other people's cell phone calls. This is where those zillions of hacker web pages come into play. Do a web search for "hacker" and "haxor" and "h4ck3r" etc. You can spend months downloading all those programs with promising names like "IP spoofer." Unfortunately, you may be in for an ugly surprise or two. This may come as a total shock to you, but some of the people who write programs that are used to break into computers are not exactly Eagle Scouts. For example, the other day a fellow who shall remain nameless wrote to me "I discovered a person has been looting my www dir, where I upload stuff for friends so I am gonna leave a nice little surprise for him in a very cool looking program ;) (if you know what I mean)" But let's say you download a program that promises to exploit that security hole you just found with a Satan scan. Let's say you aren't going to destroy all your files from some nice little surprise. Your next task may be to get this exploit program to compile and run. Most computer breakin programs run on Unix. And there are many different flavors of Unix. For each flavor of Unix you can mix or match several different shells. (If none of this makes sense to you, see the GTMHHs on how to get a good shell account.) The problem is that a program written to run in, for example, the csh shell on Solaris Unix may not run from the bash shell on Slackware Linux or the tcsh shell on Irix, etc. It is also possible that the guy who wrote that breakin program may have a conscience. He or she may have figured that most people would want to use it maliciously. So they made a few little teeny weeny changes to the program, for example commenting out some lines. So Mr./Ms. Tender Conscience can feel that only people who know how to program will be able to use that exploit software. And as we all know, computer programmers would never, ever do something mean and horrible to someone else's computer. So this brings us to the next thing you should know in order to break into computers. 5. Learn how to program! Even if you use other peoples' exploit programs, you may need to tweak a thing or two to get them to run. The two most common languages for exploit programs are probably C (or C++) and Perl. ******************************************** Newbie note: If you can't get that program you just downloaded to run, it may be that it is designed to run on the Unix operating system, but you are running Windows. A good tip off that this may be your problem is a file name that ends with ".gz". ******************************************** So, does all this mean that breaking into computers is really, really hard? Does all this mean that if you break into someone's computer you have proven your digital manhood (or womanhood)? No. Some computers are ridiculously easy to break into. But if you break into a poorly defended computer run by dunces, all you have proven is that you lack good taste and like to get into really stupid kinds of trouble. However, if you manage to break into a computer that is well managed, and that you have permission to test, you are on your way to a high paying career in computer security. Remember this! If you get busted for breaking into a computer, you are in trouble big time. Even if you say you did no harm. Even if you say you made the computer better while you were prowling around in it. And your chances of becoming a computer security professional drop almost to zero. And -- do you have any idea of how expensive lawyers are? I haven't even hinted in this tutorial at how to keep from getting caught. It is at least as hard to cover your tracks as it is to break into a computer. So if you had to read this to learn how to break into computers, you are going to wind up in a world of hurt if you use this to trespass in other people's computers. So, which way do you plan to go? To be known as a good guy, making tons of money, and having all the hacker fun you can imagine? Or are you going to slink around in the dark, compulsively breaking into strangers'' computers, poor, afraid, angry? Busted? Staring at astronomical legal bills? If you like the rich and happy alternative, check out back issues of the Happy Hacker Digests to see what computers are open to the public to try to crack into. We'll also make new announcements as we discover them. And don't forget to try to crack obscure.sekurity.org. No one has managed to break it when attacking from the outside. I don't have a clue of how to get inside it, either. You may have to discover a new exploit to breach its defenses. But if you do, you will have experienced a thrill that is far greater than breaking into some Lower Slobovian businessman's 386 box running Linux 2.0 with sendmail 4.whatever. Show some chivalry and please don't beat up on the helpless, OK? And stay out of jail or we will all make fun of you when you get caught. Of course this Guide barely scrapes the surface of breaking into computers. We haven't even touched on topics such as how to look for back doors that other crackers may have hidden on your target computer, or keystroke grabbers, or attacks through malicious code you may encounter while browsing the Web. (Turn off Java on your browser! Never, ever use Internet Explorer.) But maybe some of you ubergenius types reading this could help us out. Hope to hear from you! ____________________________________________________________ Warning! Use this information at your own risk. Get busted for trying this out on some Lower Slobovian businessman's computer and we will all make fun of you, I promise! That goes double for Upper Slobovian boxes!! Want to see back issues of Guide to (mostly) Harmless Hacking? See http://goodweb.scol.net/hacker/index.html(the official Happy Hacker archive site). Subscribe to our discussion list by emailing to hacker@techbroker.com with message "subscribe" Want to share some kewl stuph with the Happy Hacker list? Correct mistakes? Send your messages to list@techbroker.com. To send me confidential email (please, no discussions of illegal activities) use cmeinel@techbroker.com and be sure to state in your message that you want me to keep this confidential. If you wish your message posted anonymously, please say so! Direct flames to dev/null@techbroker.com. Happy hacking! _____________________________________________________ Copyright 1997 Carolyn P. Meinel. You may forward or post this GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave this notice at the end. ________________________________________________________ Carolyn Meinel M/B Research -- The Technology Brokers http://techbroker.com