Techniques for hacking systems. A Beginners Guide to Hacking Un*xA Glossary of Computer Security TermsA NAP/PA file about VAX/VMS machinesA Strict Anomoly Detection Model for Intrusion Detection Systems by sasha / beetleThe base-rate fallacy is one of the cornerstones of Bayesian statistics, stemming from Bayes theorem that describes the relationship between a conditional probability and its opposite, i.e. with the condition transposed.A Un*x tutorial part 1A Un*x tutorial part 2A beginning guide to help you hack unix systems. EA companion to VaxBuster's phile in Phrack 41A few Unix password hackersA hint for the 555 account on AOLA letter from the national computer systems laboratoryA text file for newbies...Advanced Host Detection: Techniques To Validate Host-Connectivity by dethySecurity Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses
Techniques for hacking systems. A Beginners Guide to Hacking Un*xA Glossary of Computer Security TermsA NAP/PA file about VAX/VMS machinesA Strict Anomoly Detection Model for Intrusion Detection Systems by sasha / beetleThe base-rate fallacy is one of the cornerstones of Bayesian statistics, stemming from Bayes theorem that describes the relationship between a conditional probability and its opposite, i.e. with the condition transposed.A Un*x tutorial part 1A Un*x tutorial part 2A beginning guide to help you hack unix systems. EA companion to VaxBuster's phile in Phrack 41A few Unix password hackersA hint for the 555 account on AOLA letter from the national computer systems laboratoryA text file for newbies...Advanced Host Detection: Techniques To Validate Host-Connectivity by dethySecurity Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts.Advanced VMS hackingAll about VAX/VMSAn Architectural Overview of UNIX Network SecurityAn in- depth guide to hacking UNIX and the conceptAn introduction to UNIX - KernighanAnalysis Techniques for Detecting Coordinated Attacks and Probes by John Green , David Marchette and Stephen NorthcuttCoordinated attacks and probes have been observed against several networks that we protect. We describe some of these attacks and provide insight into how and why they are carried out. We also suggest hypotheses for some of the more puzzling probes. Methods for detecting these coordinated attacks are provided.Analysis of SSH crc32 Compensation Attack Detector Exploit by David A. DittrichOnce in the system, a series of operating system commands were replaced with trojan horses to provide back doors for later entry and to conceal the presence of the intruders in the system. A second SSH server was run on a high numbered port (39999/tcp).Another vulnerability of early ATM'sAudio Distribution System HackingBackdooring Binary Objects by klogWeakening a system in order to keep control over it (or simply to alter some of its functionality) has been detailed in many other papers. From userland code modification to trojan kernel code, most of the common backdooring techniques are either too dirty, or just not portable enough.Beginner's guide to hacking VAX SystemsBest guide to hacking by neophyteBibliography Computer Security ReportsBibliography of Computer Security ArticlesBibliography of Computer Security ManualsBibliography of Computer Security PeriodicalsBibliography of GuidelinesBibliography of Technical Papers on Computer SecurityBibliography of computer security documentsBiliography of computer security articlesBill Wall's List of Computer Hacker Incidents by Bill WallHacker incidents from 1961 - 2001!Bugs for Windows NTCards and the Networks - Very helpfulChanging Your Grades by Aaron WintersHow to hack your school and change your grades quickly, quietly, and without a trace. Sometimes.Common Gateway Interface (CGI) Security, Part 1Common Gateway Interface (CGI) Security, Part 2Common Gateway Interface (CGI) Security, Part 3Common Gateway Interface (CGI) Security, Part 4Common Gateway Interface (CGI) Security, Part 5Common Gateway Interface (CGI) Security, Part 6Common UNIX System Configurations That Can Be ExplComputer Security OrganizationsComputer Security by E.A.BedwellComputer Users's Guide to the Protection of InformationComputer jargonComputer security planningComputer system ID and password security alertCustom Local Area Signalling ServicesDefault Logins & P/W's for VAXDefault Un*x accountDefault Unix passwordsDefeating Forensic Analysis on Unix by the grugqTo facilitate a useful discussion of anti-forensic strategies it is important that the reader possess certain background information. In particular, the understanding of anti-forensic file system sanitization requires the comprehension of basic Unix file system organisation. And, of course, the understanding of any anti-forensic theory demands at least a rudimentary grasp of digital forensic methodology and practise.Defeating Sniffers and Intrusion Detection Systems by horizonThe purpose of this article is to demonstrate some techniques that can be used to defeat sniffers and intrusion detection systems. This article focuses mainly on confusing your average "hacker" sniffer, with some rough coverage of Intrusion Detection Systems (IDS).Defeating Solaris/SPARC Non-Executable Stack Protection by HorizonI've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexec_user_stack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described previously on this list. Specifically, I have had success in adapting the return into libc methods introduced by Solar Designer and Nergal to Solaris/SPARC.Defense Information Infrastructure Common OperatinDenial Of Service Attacks by Hans HusmanDenial of service is about without permission knocking off services, for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved.DoD Common Messaging SystemDoD Information Security Program, Jan 1997DoD Password Management Guideline (CSC- STD- 002- 85: The Green BDoD Required Operational Messaging CharacteristicsDoD SEIWG- 012 Mag- Stripe Encoding, A Plain LanguagDoD Secure Data Network System's Message SecurityEvading Intrusion Detection by SeclabsThere are many different ways in which network traffic can be obtained by a network intrusion detection system (IDS). This document demonstrates that one class of network IDS, which relies on passive network packet capture (commonly referred to as ?sniffing?), is fundamentally flawed. We show that sniffer-based IDS is, as a technology, immature, and thus cannot be relied upon for network security.Examples of Computer Intrusion at the Naval SurfacExplanation of ENA and computer conferencingFORTEZZA File Protection (National Security AgencyFile on hacking Unix System V'sFranken Gibe's Unix Command BibleGeneral TRW InformationGenerally Accepted System Security Principles (GASSP)Getting Admin by Cra58ckerThis guide will list all the possible ways there is to get Admin access when you have physical access to a Windows NT Machine! A must Read to all the Hackers\Crackers\Administrators.Getting better access on any UNIX systemGoverment Open Systems Interconnection Profile (GOSIP)Guidance to Federal Agencies on the use of TrustedGuide to RSTSHP- UX Trusted Operating System Random Man pageHacker Journeys Through NASA's Secret WorldWhile tripping through NASAs most sensitive computer files, Ricky Wittman suddenly realized he was in trouble. Big trouble.Hackers handbookHacking ATM'sHacking Chilton Corporation CreditHacking Directories #1Hacking Directories #2Hacking Directories #3Hacking Directories #4Hacking Rite Aid Healthnotes Computers by Omega RedWanna learn about health? Or shutdown Rite Aid computers? You can do both on a little trip to Rite Aid and with this tiny article.Hacking UNIX - Jester SluggoHacking UNIX and VAXHacking UNIX on a VAXHacking VAX's & UnixHacking Webpages by Scrocklez KilorHow to get into a webpages with a guiding methode and one of the easiest ways of getting superuser access through anonymous ftp access into a webpage. First you need learn a little about the password file.Hacking Windows Users by protoniggerA comprehensive guide to remotely exploiting Windows home users.Hacking credit card codesHacking passwordsHacking techniques - from Out Of The Inner CircleHacking the vax - commands & default pwsHacking tutorialHacking with Windows by OzScarecrowThis is a very easy method to hack using Windows.Hacking your school by TimmehHave you ever dreamed of gaining total control of your school's computers? Now you can. I have tested this out so don't worry - it WILL work. I thought I should share this with all of you. All I can say is - HAVE FUN!!!Hardening Windows NT WorkstationEdit your registry and make it much harder for hackers to crack into your Windows NT Workstation system.Holding On To Root by AnonymousThis article is intended to show you how to hold onto root once you have it. It is intended for hackers and administrators alike.Holding onto Root Access Once You Get ItHow Hackers Do What They Do (DoD)How Mitnick Hacked Tsutomu Shimomura with an IP Sequence Attack by Tsutomu ShimomuraTwo different attack mechanisms were used. IP source address spoofing and TCP sequence number prediction were used to gain initial access to a diskless workstation being used mostly as an X terminal. After root access had been obtained, an existing connection to another system was hijacked by means of a loadable kernel STREAMS module.How to Break Into Email Accounts by protoniggerA comprehensive guide to an all-to-commonly asked question.How to Hack a Hotmail Account by Richard "Terminalkillah" EvansTo hack a hotmail account (well it isnt really hacking) download the trojan Sub7 send your victim (preferably your buddy's) the sub7 server with some lame exuse that it's porn or something. Make sure they install it.How to Hack into VAXHow to Make alt. Newsgroups and Get Sysadmins to Carry ThemHow to defeat securityHow to dial out on the modem of a Unix systemHow useful ARE longer passwords?Info about pagersInfo on /dev/nitInfo on Dynamic Password Cards (Smartcards)Internet FAQ: WWW, MUDs, Gophers, FTP, Finger, EtcInterpreting Network Traffic: A Network Intrusion Detector's Look by Richard BejtlichWhile the interpretation techniques explained here are pertinent to activity logged by a NIDS or firewall, I approach the subject from the NIDS angle. This my favorite subject, and I present this data with a warning: know the inner workings of your NIDS, or suffer frequent false positives and false conclusions.Introduction to VMSIntrustion Detection Project (DoD)List of all unix commands from Unix System VLoads of great technical information on ATM cardsLocal Area Detection of Incoming War Dial Activity by Dan Powell, Steve SchusterCracker attack plans often include attempts to gain access to target local computing and networking resources via war dialed entry around firewall-protected gateways. This paper describes two methods for organizations to reduce this risk in environments where removal of unknown modems is not feasible.Magnetic Stripe Technology and BeyondMail Server Attack by ExplicitThis is a little theory i have devloped and started to test but never followed through with attacking e-mail servers.Management Guide to the Protection of InformationManagement Guide to the Protection of Information ResourcesMicrosoft Passport Account Hijack Attack by ObscureTo steal the session cookie, there are three methods. In this paper I discuss the third option: Fooling the System.Much information on ATMs and PIN securityMultilevel Security in the Department of the DefenNARC's guide to UNIXNCSA Draft Security PolicyNCSA Policy Concerning Secuity Product ReviewsNCSL Bulletin: Bibliography of computer security glossariesNCSL Bulletin: Review of Federal Agency computer securityNFS Tracing by Passive Network Monitoring, 1992NSA's ORANGE book on trusted computer systemsNTIS catalog of computer security productsNaval Surface Warfare Center AIS FAQNaval Surface Warfare Center AIS Security Domain ENaval Surface Warfare Center's Risk Assesment FormNaval Surface Warfare Center's Risk Assesment FormNavy's Computer Incident Response Guidebook for InNeXT Security BugsNetBIOS Hacking by XeNobiTeThis tutorial will explain how to connect to a remote computer which has file and print sharing on. (Windows 9x/ME)Operations Security (OPSEC): The BasicsPacket Stealing with bindPaper on Internet Security Attacks (Spoofing), 199Password Cracking Using Focused Dictionaries by Paul BobbyCan the chances of cracking an individual?s password be improved by using a more focused dictionary? This dictionary would contain words and information that have a specific relationship to the owner of the targeted password.Playing Hide and Seek, Unix style by Phreak AccidentA "how-to" in successfully hiding and removing your electronic footprints while gaining unauthorized access to someone else's computer system (Unix in this case).Professor Falken's Guide to Code HackingPsycho- Social Factors in the Implementation of InfRSTS Basic informationRSTS HackingRSTS ProgrammingRSTS commandsRSTS hackingRSTSE Hacking (DEC)Recovering from a UNIX Root CompromiseReduce Net Zero to Zero by AnonymousHow to get rid of that annoying Net Z banner and gain a couple kb/s.Remotely snarf yppasswd filesSecurity Guidelines for Goverment EmployeesSigns That Your System Might Have Been CompromisedSimple Active Attack Against TCP by Laurent JoncherayPassive attacks using sniffers are becoming more and more frequent on the Internet. The attacker obtains a user id and password that allows him to logon as that user. In order to prevent such attacks people have been using identification schemes such as one-time password [skey] or ticketing identification [kerberos].Site Security HandbookSniffin' the Ether by AlaricA sniffer is a program that puts a NIC (Network Interface Card), also known as an Ethernet card, (one of the necessary pieces of hardware to physically connect computers together) into what is known as promiscuous mode. Once the network card is set to this mode, it will give the sniffer program the ability to capture packets being transmitted over the network.So you want to be a UNIX wizard?Still MORE info on TRWTCP/UDP Logfile Analysis: Overview of the ScriptsTRW Code InformationTRW DefiniftionsTRW InfoTactical Radio Frequency Communication RequirmentsTake your laptop on the road - portable hackingTechnical HackingTechnical Hacking ManualTechnical Hacking: Part OneTechniques Adopted by 'System Crackers' by FISTUsually corporate networks are not designed and implemented with security in mind, merely functionality and efficiency, although this is good from a business standpoint in the short-term, security problems usually arise later, which can cost millions to solve in larger environments.The #HACK FAQThe Art of Rootkits by Cra58ckerThis T-file will teach you about Application and Kernel based rootkits. Highly recommended for the beginners are advance *nix users. Have Phun!The Basics of Hacking 3: DataThe Best beginners guide VMSThe Escapades of Captain MidnightIt started out as just another Saturday. April 26, 1986. John R. MacDougall, 25, spent the day alone at his satellite TV dealership in Ocala, Florida, waiting for customers who never came. "It was," he says, "a normal day in the doldrums of the satellite TV industry." But that night, MacDougall, 5 feet 11, 225 pounds, and prone to nervously running his fingers through his reddish blond hair and adjusting his glasses, would transform into Captain Midnight and set the world of satellite television spinning.The Ethics of HackingThe Ethics of Information Warfare and Statecraft by Dan KuehlWhat constitutes an "act of war" in the "information age. This is a question that most members of the "IW community" have wrestled with, and it's a question that places one squarely on the horns of a dilemma: if you cannot easily answer whether an act belongs to the legal codes of war or peace, how can you make a determination of the act's ethical status?The Hacker's LeagueThe NCSA Draft Security Policy for OrganizationsThe Navy's Fleet Network Operating System (NOS)The Social Organization of the Computer UndergrounThe Strange Tale of the Attacks Against GRC.COM by Steve GibsonNothing more than the whim of a 13-year old hacker is required to knock any user, site, or server right off the Internet. I believe you will be as fascinated and concerned as I am by the findings of my post-attack forensic analysis, and the results of my subsequent infiltration into the networks and technologies being used by some of the Internet's most active hackers.The Wonderful World of Pagers by Erik BloodaxeScreaming through the electromagnet swamp we live in are hundreds of thousands of messages of varying degrees of importance. Doctors, police, corporate executives, housewives and drug dealers all find themselves constantly trapped at the mercy of a teeny little box: the pager.The basics of CBIUNIX IP Stack Tuning Guide v2.7 by Rob ThomasThe purpose of this document is to strengthen the UNIX IP stack against a variety of attack types prevalent on the Internet today. This document details the settings recommended for UNIX servers designed to provide network intensive services such as HTTP or routing (firewall services).UNIX Security by David A. Curry, SRI InternationalUNIX System Administrator Responsibilities (Navy RUNIX Trojan HorsesUS Military to Target APC in "Netwar"? by Chris BaileyA study prepared for the US military on what they call "Netwar" concludes that they must center attention on countering the activities of NGOs using Internet communication.Unix MythsUnix Security HolesUnix System Security IssuesZZZZZZZZThis page Copyright © 1997-2008 totse.com.totse.com certificate signatures
Diposting oleh Mister Zetty di 23:12 0 komentar
Introduction to Hacking
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site."My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for."-- The Mentor The Hacker's Manifesto by The MentorAnother one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...Batch File Potential by blipBatch files can introduce directly executable code to a system, potentially malicious. How it is done with two different methods with a harmless, amusing example executable. Gives very little details on how to setup everything for those who would typically want to send someone a malicious executable unless they know how to setup the executable in memory, which I believe is highly unlikely.Beginner's guide to hacking - LOD GoodBeginners Guide to understanding UnixBeginners Hacking Guide (TI) #1Beginners Hacking Guide (TI) #2Bugs, Keyloggers, and Honey Pots: Who's Watching Your Ass on the Internet? by RWThe world of internet spying is changing rapidly. Not only are technical capabilities for surveillance developing, but many of them are being kept secret from the public so that people cannot take effective countermeasures.Computer Crime Investigator's Toolkit by Ronald L. MendellWhat I've tried to do is devise a summary of basic, practical knowledge, "tricks," if you like, that should interest all computer crime investigators. While they may not be the final word in preparing for an examination, these techniques will provide some insight into the ways and means of computer criminals.Concerning Hackers Who Break into Computer Systems by Dorothy E. DenningA diffuse group of people often called ``hackers'' has been characterized as unethical, irresponsible, and a serious danger to society for actions related to breaking into computer systems. This paper attempts to construct a picture of hackers, their concerns, and the discourse in which hacking takes place.Cyber Protests: The Threat to the U.S. Information Infrastructure by NIPCCyber protesters are becoming increasingly more organized and their techniques more sophisticated but, most likely, will continue to deface web sites and perform DoS attacks. There will also be an increase in the number of apparently unrelated hacking groups participating in the cyber protests. National boundaries will not always be clearly delineated in attacks on opposing organizations.Draft Glossary of Communications Security Terms by COMSECANI, CNA, LLLTV, SCIF...Espionage in Information Warfare by Christopher D. NobleAll these definitions appear to call for some form of human action, but this is not an absolute. Spying is done by entities most capable with respect to the information being collected. In cyberspace, digital agents are far more effective as spies than humans.Guide 4 beginning hackerHacker Being by Valerio "Elf Qrin" CapelloA hacker is a person that loves to study all things in depth (definition 1), especially the more apparently meaningless details, to discover hidden peculiarities, new features and weakness in them. For example, it is possible to hack a book, by using it to equalize the legs of a table, or to use the sharp edge of one of its pages to cut something.Hacker's DictionaryFor those of you who always wanted to know what those terms used by hackers but never knew where to get them. Well, now you do! This thing has a shitload of info.Hackers acronym chartHackers' Tricks to Avoid Detection by Chris Prosise and Saumil Udayan ShahHackers are not only clever in how they invade servers; they are also devious in how they disguise their attacks. Malicious attackers use a variety of evasive techniques, which we will examine in this column so that we, as administrators, can be better prepared to detect and respond to them.Hackers, by Steven Levy 1984, a Project GutenbergHacking Guide for Novices from Mentor/LOD (1989)Hacking/Phreaking Reform by AyAn4m1Why hackers are being attacked and what we need to do to fix the problem.Hiding Crimes in Cyberspace by Dorothy E. Denning and William E. Baugh, Jr.We address here the use of encryption and other information technologies to hide criminal activities. We first examine encryption and the options available to law enforcement for dealing with it. Next we discuss a variety of other tools for concealing information: passwords, digital compression, steganography, remote storage, and audit disabling. Finally we discuss tools for hiding crimes through anonymity: anonymous remailers, anonymous digital cash, computer penetration and looping, cellular phone cloning, and cellular phone cards.Honeypot FAQThey are a resource that has no production value, it has no authorized activity. Whenever there is any interaction with a honeypot, this is most likely malicious activity.How Do I Hack? by j0662It's a common enough question, asked on nearly every board across the web, and yet, no one seems to be able to answer it. Here is my atempt.LOD/H's Novice's Guide to HackingLocal Attack by draggieThis is a method for getting the local administrator password on a Windows NT/2k/or XP machine.Malicious Data and Computer Security by W. Olin SibertTraditionally, computer security has focused on containing the effects of malicious users or malicious programs. However, as programs become more complex, an additional threat arises: malicious data. This threat arises because apparently benign programs can be made malicious, or subverted, by introduction of an attacker's data--data that is interpreted as instructions by the program to perform activities that the computer's operator would find undesirable.Massive guide (complete I might also add) to hackiMaximum Security: A Hacker's Guide to Protecting Your Internet Site and Network by AnonymousA decade ago, most servers were maintained by personnel with at least basic knowledge of network security. That fact didn't prevent break-ins, of course, but they occurred rarely in proportion to the number of potential targets. Today, the Internet's population is dominated by those without strong security knowledge, many of whom establish direct links to the backbone. The number of viable targets is staggering.Nemesis: Tactical Guide to Web Server Infiltration by protoniggerIf you picked a good target you should see plenty of exploits to choose from, and since this is an IIS server that you are exploiting, then you should be able to exploit most of the vulnerabilities with yourinternet browser (the simplicity of it all will astonish you).Network Scanning Techniques: Understanding How It Is Done by Ofir ArkinIf the intelligence gathered shows a poorly defended computer system, an attack will be launched, and unauthorized access will be gained. However, if the target is highly protected, the hacker will think twice before attempting to break in. It will be dependent upon the tools and systems that protect the target.Packet Attacks v2 by Dreifachx and Data_ClastA true hacker is one who strives to attain the answers for themselves through curiosity. Its the path we take to those answers that makes us hackers, not destruction of other peoples work.Password Cracking by KittenCracking programs essentially mimic the steps taken by login verification programs. A login sequence is as follows. When a user enters a password at the prompt, the first step is to look up the salt value. So the program searches through the password file until it finds the user's login name, and converts the two characters representing the salt back into a 12-bit binary value.Physical Penetrations: The Art of Advanced Social Engineering by Scott HigginsThe subject of physical security may come up after all the current day buzzwords for security have been thrown out. In actuality, physical security may not come up at all. When we think of physical security we visualize cipher locks, electric fences, huge vault doors, guards, and the like. These devices are intended to keep the unauthorized individuals out and keep the honest people honest, as the saying goes.System Cracking 2k by protoniggerA comprehensive guide to the latest methods of network infiltration.The Art of Port Scanning by FyodorThis paper details many of the techniques used to determine what ports (or similar protocol abstraction) of a host are listening for connections. These ports represent potential communication channels. Mapping their existence facilitates the exchange of information with the host, and thus it is quite useful for anyone wishing to explore their networked environment, including hackers.The Hacker's Ethics by DissidentI went up to a college this summer to look around, see if it was where I wanted to go and whatnot. The guide asked me about my interests, and when I said computers, he started asking me about what systems I had, etc. And when all that was done, the first thing he asked me was "Are you a hacker?" Well, that question has been bugging me ever since. Just what exactly is a hacker? A REAL hacker?The Hackers HandbookThe IIRG Hackers' Acronym Chart by The IIRGIn no way do we feel this chart is totally complete, but we feel its a good start for the novice or lazy hacker to quickly look up acronyms.The Information Warfare ManiaThe most obvious (and widely circulated) spin on the IW morass is to focus on the offensive and defensive manipulation of information systems and networks -- i.e., "hacking"The Newbies Guide to Hacking and Phreaking by Terminal KillahHacking is not going into a system and destroying files and just fucking up some guys computer up. Hacking is going into AOL chat rooms and TOS'ing some kids ass. Hacking is not going into the IRC advertising and showing off what script or bot yer using. Hacking is not emailbombing, using programs, winnuking someone, using ICMP attacks on someone, or saying that you are a hacker.The Social Organization of the Computer Underground by Gordon R. MeyerThis paper examines the social organization of the "computer underground" (CU). The CU is composed of actors in three roles, "computer hackers," "phone phreaks," and "software pirates." These roles have frequently been ignored or confused in media and other accounts of CU activity. By utilizing a data set culled from CU channels of communication this paper provides an ethnographic account of computer underground organization. It is concluded that despite the widespread social network of the computer underground, it is organized primarily on the level of colleagues, with only small groups approaching peer relationships.The alt.2600 FAQ file on hacking, including loops,Tracing E-mailSometimes people might send you information or hatemail from a fake address. This can be done quite easily simply by changing the "Sender" and "Return-to" fields to something different. You can do this, since these fields, i.e. your identity, are normally not checked by the mailserver when you send mail, but only when you receive mail.Wardialing Brief by KingpinWardialing consists of using a computer to dial a given set of telephone numbers with a modem. Each phone number that answers with modem handshake tones and is successfully connected to is stored in a log. By searching a range of phone numbers for computers, one can find entry points into unprotected systems and backdoors into seemingly secure systems.Why Do We Hack? by Hex_EditWhy do we hack? Is it to alter webpages and leave some type of cybergang inner-city graffiti? Is it to laugh in the face of over paid, under qualified sysadmins? Well for myself, and everyone I associate with, the answer to both of those would be no. So then, why do we do it?lkm: Kernel Hacking Made Easy by Nicolas DubeeMemory is divided into roughly two parts: kernel space and user space. Kernel space is where the kernel code lives, and user space is where the user programs live. Of course, a given user program can't write to kernel memory or to another program's memory area. Unfortunately, this is also the case for kernel code.This page Copyright © 1997-2008 totse.com.totse.com certificate signatures
Diposting oleh Mister Zetty di 23:02 0 komentar
Hacking tutorial
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.Hacking TutorialWhat is hacking?----------------According to popular belief the term hacker and hacking was founded at mitit comes from the root of a hack writer,someone who keeps "hacking" atthe typewriter until he finishes the story.a computer hacker would behacking at the keyboard or password works.What you need:--------------To hack you need a computer equipped with a modem (a device that lets youtransmit data over phone lines) which should cost you from $100 to $1200.How do you hack?----------------Hacking recuires two things:1. The phone number2. Answer to identity elementsHow do you find the phone #?----------------------------There are three basic ways to find a computers phone number.1. Scanning,2. Directory3. Inside info.What is scanning?-----------------Scanning is the process of having a computer search for a carrier tone.For example,the computer would start at (800) 111-1111 and wait for carrierif there is none it will go on to 111-1112 etc.if there is a carrier itwill record it for future use and continue looking for more.What is directory assictance?-----------------------------This way can only be used if you know where your target computer is. For thisexample say it is in menlo park, CA and the company name is sri.1. Dial 411 (or 415-555-1212)2. Say "Menlo park"3. Say "Sri"4. Write down number5. Ask if there are any more numbers6. If so write them down.7. Hang up on operator8. Dial all numbers you were given9. Listen fir carrier tone10. If you hear carrier tone write down number, call it on your modem and yourset to hack!_____________________________________________________________________________The Basics of Hacking IIBasics to know before doing anything, essential to your continuingcareer as one of the elite in the country... This article, "theintroduction to the world of hacking" is meant to help you by telling youhow not to get caught, what not to do on a computer system, what type ofequipment should I know about now, and just a little on the history, pastpresent future, of the hacker.Welcome to the world of hacking! We, the people who live outside of thenormal rules, and have been scorned and even arrested by those from the'civilized world', are becomming scarcer every day. This is due to thegreater fear of what a good hacker (skill wise, no moral judgementshere)can do nowadays, thus causing anti- hacker sentiment in the masses.Also, few hackers seem to actually know about the computer systems theyhack, or what equipment they will run into on the front end, or what theycould do wrong on a system to alert the 'higher' authorities who monitorthe system. This article is intended to tell you about some things not todo, even before you get on the system. I will tell you about the new waveof front end security devices that are beginning to be used on computers.I will attempt to instill in you a second identity, to be brought up attime of great need, to pull you out of trouble. And, by the way, I take no, repeat,no, responcibility for what we say in this and the forthcoming articles.Enough of the bullshit, on to the fun: after logging on your favorite bbs,you see on the high access board a phone number! It says it's a greatsystem to "fuck around with!" This may be true, but how many other peopleare going to call the same number? So: try to avoid calling a numbergiven to the public. This is because there are at least every otheruser calling, and how many other boards will that number spread to?If you call a number far, far away, and you plan on going thru anextender or a re-seller, don't keep calling the same access number(I.E. As you would if you had a hacker running), this looks very suspiciousand can make life miserable when the phone bill comes in the mail.Most cities have a variety of access numbers and services,so use as many as you can. Never trust a change in the system...The 414's, the assholes, were caught for this reason: when one of themconnected to the system, there was nothing good there. The next time,there was a trek game stuck right in their way! They proceded to play saidgame for two, say two and a half hours, while telenet was tracing them!Nice job, don't you think? If anything looks suspicious, drop the lineimmediately!! As in, yesterday!! The point we're trying to get accross is:if you use a little common sence, you won't get busted. Let the littlekids who aren't smart enough to recognize a trap get busted, it will takethe heat off of the real hackers. Now, let's say you get on a computersystem... It looks great, checks out, everything seems fine.Ok, now is when it gets more dangerous. You have to know the computersystem to know what not to do.Basically, keep away from any command something, copy a new file into theaccount, or whatever! Always leave the account in the same status youlogged in with. Change *nothing*... If it isn't an account with priv's,then don't try any commands that require them! All, yes all, systems aregoing to be keeping log files of what users are doing, and that willshow up. It is just like dropping a trouble-card in an ESS system,after sending that nice operator a pretty tone.Spend no excessive amounts of time on the account in one stretch.Keep your calling to the very late night ifpossible, or duringbusiness hours (believe it or not!). It so happensthat there are more users on during business hours, and it is verydifficult to read a log file with 60 users doing many commnds every minute.Try to avoid systems where everyone knows each other, don't try to bluff.And above all: never act like you own the system, or are the best thereis. They always grab the people who's heads swell... There is some veryinteresting front end equipment around nowadays, but first let'sdefine terms... By front end, we mean any device that you mustpass thru to get at the real computer. There are devices that are made todefeat hacker programs, and just plain old multiplexers.To defeat hacker programs, there are now devices that pick up the phoneand just sit there... This means that your device gets no carrier,thus you think there isn't a computer on the other end. Theonly way around it is to detect when it was picked up. If it pickes upafter the same number ring, then you know it is a hacker-defeater.These devices take a multi-digit code to let you into the system.Some are, in fact, quite sophisticated to the point where itwill also limit the user name's down, so only one name or set of namescan be valid logins after they input the code... Other devices input anumber code, and then they dial back a pre-programmed number for that code.These systems are best to leave alone,because they know someone is playing with their phone. You may think "buti'll just reprogram the dial-back." Think again, how stupid that is...Then they have your number, or a test loop if you were just a littlesmarter. If it's your number, they have your balls (if male...),If its a loop, then you are screwed again, since those loopsare *monitored*. As for multiplexers... What a plexer is supposedto do is this:The system can accept multiple users. We have to time share, so we'll letthe front-end processor do it... Well, this is what a multiplexer does.Usually they will ask for something like "enter class" or "line:". Usuallyit is programmed for a double digit number, or a four to five letter word.There are usually a few sets of numbers it accepts, but those numbers alsoset your 300/1200/2400 baud data type.These multiplexers are inconvenient at best, so not to worry. A littleabout the history of hacking: hacking, by my definition, means a greatknowledge of some special area. Doctors and lawyersare hackers of a sort, by this definition. But most often, it isbeing used in the computer context, and thus we have a definition of"anyone who has a great amount of computer or telecommunicationsknowledge." You are not a hacker because you have a list of codes...Hacking, by my definition, has then been around only about 15 years.It started, where else but, mit and colleges where they had computerscience or electrical engineering departments.Hackers have created some of the best computer languages, themost awesome operating systems, and even gone on to make millions.Hacking used to have a good name, when we could honestly say"we know what we are doing". Now it means (in the public eye):the 414's, ron austin, the nasa hackers, the arpanet hackers...All the people who have been caught,have done damage, and are now going to have to face fines and sentences.Thus we come past the moralistic crap, and to our purpose: educate thehacker community, return to the days when people actually knew something..._______________________________________________________________________________Hacking TRWWhen you call TRW, the dial up will identify itself with the message "TRW".It will then wait for you to type the appropiate answer back (such as CTRL-G)Once This has been done, the system will say "CIRCUIT BUILDING IN PROGRESS"Along with a few numbers. After this, it clears the screen(CTRL L) followed by a CTRL-Q. After the system sends the CTRL-Q, It isready for the request. You first type the 4 character identifyer for thegeographical area of the account..(For Example) TCA1 - for certain Calif. & Vicinity subscribers.TCA2 - A second CALF. TRW System.TNJ1 - Their NJ Database.TGA1 - Their Georgia Database.The user then types A and then on the next line, he must typehis 3 char. Option. Most Requests use the RTS option.OPX, RTX, and a few others exist. (NOTE) TRW will accept an A, C,or S as the 'X' in the options above.) Then finally, the user types his 7digit subscriber code. He appends his 3-4 character password after it. Itseems that if you manage to get hold of a TRW Printout (Trashing at Sears,Saks, ETC. or from getting your credit printout from them) Their subscribercode will be on it leaving only a 3-4 character p/w up to you.For Example,(Call the DialUp)TRW System Types, ST) CTRL-G(You type,YT) Circuit building in progress 1234(ST) CTRL-L CRTL-Q (TCA1 CYT) BTS 3000000AAA(YT]Note: This sytem is in Half Duplex, Even Parity, 7 Bits per word and2 Stop Bits.CAUTION: It is a very stressed rumor that after typing in the TRWpassword Three (3) times.. It sets an Automatic Number Identification on yourass, so be careful. And forget who told you how to do this.._____________________________________________________________________________More TRW InfoTrw is a large database in which company's and banks can run creditchecks on their customers. Example: John Jones orders 500$ worth of stereoequipment from the Joe Blow Electronic distributtng Co. Well it could be thathe gave the company a phony credit card number, or doesn't have enough credit,etc. Well they call up Trw and then run a check on him, trw then lists hiscard numbers (everything from sears to visa) and tells the numbers, credit,when he lost it last (if he ever did) and then of course tells if he has hadany prior problems paying his bills.I would also like to add that although Trw contains information onmillions of people, not every part of the country is served, although the majorarea are.. So if you hate someone and live in a small state, you probablywont be able to order him 300 pink toilet seats from K-mart.Logging on==========To log on, you dial-up your local access number (or long-distance, whatever turns you on) and wait for it to say "trw" at this promt, you typeeither an "A" or a "Ctrl-G" and it will say "circuit building in progress"it will wait for a minute and then clear the screen, now you will typeone of the following.Tca1Tca2Tnj1Tga1This is to tell it what geographical area the customer is in, it reallydoesnt matter which you use, because trw will automatically switch whenit finds the record..Next, you will type in the pswd and info on the person you are trying toget credit info on: you type it in a format like this:Rts Pswd Lname Fname ...,House number First letter of street name Zip now you type ctrl s and 2 ctrl q's here is what it looks like in real life:Ae: Dialing xxx-xxx-xxxx(screen clear)Trw ^Gcircuit building in progress(pause . . . screen clear)Tca1Rtc 3966785-cm5 Johnson David ...,4567R 56785^s ^q ^qand then it will wait for a few seconds and print out the file on him(if it can locate one for the guy)note: you may have to push return when you first connect to get the systemsattention.Getting Your Passwords======================To obtain pswds, you go down to your favorite bank or sears store anddig through the trash (hence the name trashing) looking for printouts, ifthey are a big enough place, and live in a trw area, then they will probablyhave some. The printouts will have the 7 digit subscriber code, leaving the3-4 digit pswd up to you. Much like trashing down at good old ma bell.____________________________________________________________________________Hacking Vax's & UnixUnix is a trademark of At&t (and you know what that means)_______________________________________In this article, we discuss the unix system that runs onthe various vax systems. If you are on another unix-type system, somecommands may differ, but since it is licenced to bell, they can't make manychanges._______________________________________Hacking onto a unix system is very difficult, and in this case, we advisehaving an inside source, if possible. The reason it is difficult to hack avax is this: Many vax, after you get a carrier from them, respond=>Login:They give you no chance to see what the login name format is. Most commonlyused are single words, under 8 digits, usually the person's name. There isa way around this: Most vax have an acct. called 'suggest' for people touse to make a suggestion to the system root terminal. This is usually watchedby the system operator, but at late he is probably at home sleeping orscrewing someone's brains out. So we can write a program to send at thevax this type of a message:A screen freeze (Cntrl-s), screen clear (system dependant), about 255garbage characters, and then a command to create a login acct., after whichyou clear the screen again, then unfreeze the terminal. What this does:When the terminal is frozen, it keeps a buffer of what is sent. well, thebuffer is about 127 characters long. so you overflow it with trash, and thenyou send a command line to create an acct. (System dependant). after thisyou clear the buffer and screen again, then unfreeze the terminal. This isa bad way to do it, and it is much nicer if you just send a command tothe terminal to shut the system down, or whatever you are after...There is always, *Always* an acct. called root, the most powerful acct.to be on, since it has all of the system files on it. If you hack yourway onto this one, then everything is easy from here on...On the unix system, the abort key is the Cntrl-d key. watch how many timesyou hit this, since it is also a way to log off the system!A little about unix architechture: The root directory, called root, iswhere the system resides. After this come a few 'sub' root directories,usually to group things (stats here, priv stuff here, the user log here...).Under this comes the superuser (the operator of the system), and thenfinally the normal users. In the unix 'Shell' everything is treated the same.By this we mean: You can access a program the same way you access a userdirectory, and so on. The way the unix system was written, everything,users included, are just programs belonging to the root directory. Thoseof you who hacked onto the root, smile, since you can screw everything...the main level (exec level) prompt on the unix system is the $, and if youare on the root, you have a # (superuser prompt).Ok, a few basics for the system... To see where you are, and what pathsare active in regards to your user account, then type=> pwdThis shows your acct. seperated by a slash with another pathname (acct.),possibly many times. To connect through to another path,or many paths, you would type:You=> path1/path2/path3and then you are connected all the way from path1 to path3. You canrun the programs on all the paths you are connected to. If it doesnot allow you to connect to a path, then you have insufficient privs, orthe path is closed and archived onto tape. You can run programs this wayalso:you=> path1/path2/path3/program-nameUnix treats everything as a program, and thus there a few commands tolearn...To see what you have access to in the end path, type=>lsfor list. this show the programs you can run. You can connect tothe root directory and run it's programs with=>/rootBy the way, most unix systems have their log file on the root, so youcan set up a watch on the file, waiting for people to log in and snatch theirpassword as it passes thru the file. To connect to a directory, use thecommand:=> cd pathname This allows you to do what you wantwith that directory. You may be asked for a password, but this is a gooday of finding other user names to hack onto.The wildcard character in unix, if you want to search down a path fora game or such, is the *.=> ls /*Should show you what you can access. The file types are the same as theyare on a dec, so refer to that section when examining file. To see what isin a file, use the=> prfilename command, for print file.We advise playing with pathnames to get the hang of the concept. Thereis on-line help available on most systems with a 'help' or a '?'.We advise you look thru the help files and pay attention to anythingthey give you on pathnames, or the commands for the system.You can, as a user, create or destroy directories on the tree beneath you.This means that root can kill everything but root, and you can kill anythat are below you. These are the=> mkdir pathname=> rmdir pathnamecommands.Once again, you are not alone on the system... type=>whoto see what other users are logged in to the system at the time. If youwant to talk to them=>write usernameWill allow you to chat at the same time, without having to worryabout the parser. To send mail to a user, say=> mailAnd enter the mail sub-system. To send a message to all the userson the system, say=> wallWhich stands for 'write all'. By the way, on a few systems,all you have to do is hit the key to end the message,but on others you must hit the cntrl-d key.To send a single message to a user, say=> write usernamethis is very handy again! If you send the sequence of characters discussedat the very beginning of this article, you can have the super-user terminal dotricks for you again.Privs:If you want superuser privs, you can either log in as root, or edit youracct. so it can say=> suthis now gives you the # prompt, and allows you to completely by-pass theprotection. The wonderful security conscious developers at bell made itvery difficult to do much without privs, but once you have them, thereis absolutely nothing stopping you from doing anything you want to.To bring down a unix system:=> chdir /bin=> rm *this wipes out the pathname bin, where all the system maintenance files are.Or try:=> r -rThis recursively removes everything from the system except the removecommand itself.Or try:=> kill -1,1=> syncThis wipes out the system devices from operation.When you are finally sick and tired from hacking on the vax systems, justhit your cntrl-d and repeat key, and you will eventually be logged out._______________________________________The reason this file seems to be very sketchy is the fact that bell has 7licenced versions of unix out in the public domain, and these commands arethose common to all of them. I recommend you hack onto the root orbin directory, since they have the highest levels of privs, and thereis really not much you can do (except develop software) without them._________________________/\ This file downloaded from Trauma Hounds...\ /\______________________________________________Call these anarchy boards! \/The People Farm ..................... 916-673-8412 ... 12- 2400 ... 24h/7dRestaurant At End Of The Universe ... 718-428-6776 ... 12- 2400 ... 24h/7dRipco ............................... 312-528-5020 ... 12- 2400 ... 24h/7dShadows of IGA ...................... 707-527-7711 ... 24-19200 ... 24h/7dTemple of the Screaming Electron .... 415-935-5845 ... 12- 2400 ... 24h/7dTommy's Holiday Camp ................ 604-361-1464 ... 12-19200 ... 24h/7dTrauma Hounds ....................... 604-589-1570 ... 12-19200 ... 24h/7d
12 years ago
0 Comment:
Post a Comment