💾 Archived View for spam.works › mirrors › textfiles › hacking › hfnewbies.txt captured on 2023-06-14 at 16:51:57.

View Raw

More Information

-=-=-=-=-=-=-


------------------------------------------------------------------------------
         %%%%%%%%%%%%%%%%%%%%%%%%%%%%-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
         %                                                        %
         %            THE NEOPHYTE'S GUIDE TO HACKING             %
         %            ===============================             %
         %                      1993 Edition                      %
         %                 Completed on 08/28/93                  %
         %           Modification 1.1 Done on 10/10/93            %
         %           Modification 1.2 Done on 10/23/93            %
         %                          by                            %
         %%                >>>>>  Deicide  <<<<<                 %%
         %%%                                                    %%%
         %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

     <   The author of this file grants permission to reproduce and   >
     <   redistribute this file in any way the reader sees fit,       >
     <   including the inclusion of this file in newsletters of any   >
     <   media, provided the file is kept whole and complete,         >
     <   without any modifications, deletions or ommissions.          >
     <   (c) 1993, Deicide                                            >

TABLE OF CONTENTS
=================

1. INTRODUCTION

2. ETHICS/SAFETY

3. WHERE TO START

4. PACKET-SWITCHED NETWORKS
    A. Intro to PSNs
    B. How packet-switching works
    C. The Internet
        1. Introduction
        2. Getting access
        3. FTP
    D. X.25 Networks
        1. NUAs
        2. PADs & NUIs
        3. CUGs
        4. SprintNet
        5. BT Tymnet
        6. Datapac
        7. DNIC List

5. SYSTEM PENETRATION
    A. Unix
    B. VMS
    C. MPE (HP3000 mainframes)
    D. VM/CMS
    E. Primos
    F. TOPS 10/20
    G. IRIS
    H. NOS
    I. DECServer
    J. GS/1
    K. XMUX
    L. Starmaster/PACX
    M. Access 2590
    N. PICK
    O. AOS/VS
    P. RSTS
    Q. WindowsNT
    R. Novell Netware
    S. System75/85
    T. AS400
    U. TSO

6. BRUTE FORCE
    A. Passwords
    B. Usernames
    C. Services

7. SOCIAL ENGINEERING

8. TRASHING

9. ACRONYMS

10. CONCLUSION
    A. Last words
    B. Recommended Reading
    C. BBSes
    D. References
    E. And finally..
    F. Disclaimer


INTRODUCTION:
============
------------

    Over four years ago the final version of the LOD/H's Novice's Guide to
Hacking was created and distributed, and during the years since it has 
served
as a much needed source of knowledge for the many hackers just beginning to
explore the wonders of system penetration and exploration.
    The guide was much needed by the throng of newbies who hadn't the
slightest clue what a VAX was, but were eager to learn the arcane art of
hacking. Many of today's greats and moderates alike relied the guide as a
valuable reference during their tentative(or not) steps into the nets.
    However, time has taken it's toll on the silicon networks and the guide 
is
now a tad out of date. The basic manufacturer defaults are now usually 
secured
, and more operating systems have come on the scene to take a large chunk of
the OS percentile. In over four years not one good attempt at a sequel has
been made, for reasons unbeknownst to me.
    So, I decided to take it upon myself to create my own guide to hacking..
the "Neophyte's Guide to Hacking" (hey..no laughing!) in the hopes that it
might help others in furthering their explorations of the nets.
    This guide is modelled after the original, mainly due to the fact that 
the
original *was* good. New sections have been added, and old sections expanded
upon. However, this is in no means just an update, it is an entirely new 
guide
as you'll see by the difference in size. This guide turned out to be over 4
times the size of The Mentor's guide.
    Also, this guide is NOT an actual "sequel" to the original; it is not
LOD/H sponsored or authorized or whatever, mainly because the LOD/H is now
extinct.
    One last thing.. this guide is in no way complete. There are many OS's I
did not include, the main reasons being their rarity or my non-expertise 
with
them. All the major OS's are covered, but in future releases I wish to 
include
Wang, MVS, CICS, SimVTAM, Qinter, IMS, VOS, and many more. If you
feel you could help, contact me by Internet email or on a board or net(if 
you
can find me). Same thing applies for further expansion of current topics and
operating systems, please contact me.
    Ok, a rather long intro, but fuck it.. enjoy as you wish..
        Deicide - deicide@west.darkside.com

ETHICS/SAFETY:
=============
-------------

    One of the most integral parts of a hacker's mindset is his set of 
ethics.
And ethics frequently go hand in hand with safety, which is obviously the 
most
critical part of the process of hacking and the system exploration, if you
plan to spend your life outside of the gaol.
    A hacker's ethics are generally somewhat different from that of an 
average
joe. An average joe would be taught that it is bad to break laws, even 
though
most do anyways. I am encouraging you to break laws, but in the quest for
knowledge. In my mind, if hacking is done with the right intentions it is 
not
all that criminal. The media likes to make us out to be psychotic sociopaths
bent on causing armageddon with our PCs. Not likely. I could probably turn 
the
tables on the fearmongering media by showing that the average joe who cheats
on his taxes is harming the system more than a curious interloper, but I
refrain.. let them wallow..
    The one thing a hacker must never do is maliciously hack(also known
as crash, trash, etc..) a system. Deleting and modifying files unnecessary 
is
BAD. It serves no purpose but to send the sysadmins on a warhunt for your 
head
, and to take away your account. Lame. Don't do it.
    Anyways, if you don't understand all of these, just do your best to 
follow
them, and take my word for it. You'll understand the reasoning behind these
guidelines later.

I.    Don't ever maliciously hack a system. Do not delete or modify files
      unnecessarily, or intentionally slow down or crash a system.
      The lone exception to this rule is the modification of system logs and
      audit trails to hide your tracks.

II.   Don't give your name or real phone number to ANYONE, it doesn't matter
      who they are. Some of the most famous phreaks have turned narcs 
because
      they've been busted, and they will turn you in if you give them a
      chance. It's been said that one out of every three hackers is a fed, 
and
      while this is an exaggeration, use this as a rule and you should do
      fine. Meet them on a loop, alliance, bbs, chat system, whatever, just
      don't give out your voice number.

III.  Stay away from government computers. You will find out very fast that
      attempting to hack a MilTac installation is next to impossible, and 
will
      get you arrested before you can say "oh shit". Big Brother has 
infinite
      resources to draw on, and has all the time it needs to hunt you down.
      They will spend literally years tracking you down. As tempting as it 
may
      be, don't rush into it, you'll regret it in the end.

IV.   Don't use codes from your own home, ever! Period. This is the most
      incredibly lame thing i've seen throughout my life in the 
'underground';
      incredible abuse of codes, which has been the downfall of so many 
people.
      Most PBX/950/800s have ANI, and using them will eventually get you
      busted, without question. And calling cards are an even worse idea.
      Codes are a form of pseudo-phreaking which have nothing to do with the
      exploration of the telephone networks, which is what phreaking is 
about.
      If you are too lazy to field phreak or be inventive, then forget about
      phreaking.

V.    Don't incriminate others, no matter how bad you hate them. Turning in
      people over a dispute is a terrible way to solve things; kick their 
ass,
      shut off their phones/power/water, whatever, just don't bust them.
      It will come back to you in the end..

VI.   Watch what you post. Don't post accounts or codes over open nets as a
      rule. They will die within days, and you will lose your new treasure.
      And the posting of credit card numbers is indeed a criminal offense
      under a law passed in the Reagan years.

VII.  Don't card items. This is actually a worse idea than using codes, the
      chances of getting busted are very high.

VIII. If for some reason you have to use codes, use your own, and nothing
      else. Never use a code you see on a board, because chances are it has
      been abused beyond belief and it is already being monitored.

IX.   Feel free to ask questions, but keep them within reason. People won't
      always be willing to hand out rare accounts, and if this is the case
      don't be surprised. Keep the questions technical as a rule. Try and
      learn as much as you can from pure hands on experience

X.    And finally, be somewhat paranoid. Use PGP to encrypt your files, keep
      your notes/printouts stored secretly, whatever you can do to prolong
      your stay in the h/p world.

XI.   If you get busted, don't tell the authorities ANYTHING. Refuse to 
speak
      to them without a lawyer present.

XII.  If police arrive at your residence to serve a search warrant, look it
      over carefully, it is your right. Know what they can and can't do, and
      if they can't do something, make sure they don't.

XIII. If at all possible, try not to hack off your own phoneline. Splice 
your
      neighbour's line, call from a Fortress Fone, phreak off a junction 
box,
      whatever..  if you hack long enough, chances are one day you'll be
      traced or ANI'd.
      Don't believe you are entirely safe on packet-switched networks 
either,
      it takes a while but if you scan/hack off your local access point they
      will put a trace on it.

XIV.  Make the tracking of yourself as difficult as possible for others.
      Bounce the call off several outdials, or try to go through at least 
two
      different telco companies when making a call to a dialup.
      When on a packet-switched network or a local or wide area network,
      try and bounce the call off various pads or through other networks
      before you reach your destination. The more bounces, the more red tape
      for the investigator and the easier it is for you to make a clean
      getaway.
      Try not to stay on any system for *too* long, and alternate your 
calling
      times and dates.

XV.   Do not keep written notes! Keep all information on computer, encrypted
      with PGP or another military-standard encryption program.
      Written notes will only serve to incriminate you in a court of law.
      If you write something down originally, shred the paper.. itty bitty
      pieces is best, or even better, burn it! Feds DO trash, just like us,
      and throwing out your notes complete will land in their hands, and
      they'll use it against you.

XVI.  Finally, the day/night calling controversy. Some folks think it is a
      better idea to call during the day(or whenever the user would normally
      use his account) as to not arouse the sysadmin's suspicion of abnormal
      calling times, while others think it is better to call when nobody is
      around.
      This is a tough one, as there is no real answer. If the sysadmin keeps
      logs(and reads over them) he will definetly think it strange that a
      secretary calls in at 3 am.. he will probably then look closer and 
find
      it even stranger that the secretary then grabbed the password file and
      proceeded to set him/herself up with a root shell.
      On the other hand, if you call during the time the user would normally
      call, the real owner of the account may very well log in to see his
      name already there, or even worse be denied access because his account
      is already in use.
      In the end, it is down to your opinion.
      And remember, when you make a decision stick to it; remember the time
      zone changes.

WHERE TO START
==============
--------------

    Probably the hardest period in hacking is that of when you are first
starting. Finding and penetrating your first system is a major step, and can
be approached in many ways. The common ways to find a system to hack are;

    - UNIVERSITIES    : Universities commonly have hundreds of users, many 
of
                        which aren't too computer literate, which makes
                        hacking a relatively simple chore. And security is
                        often poor, so if you don't abuse the system too 
much
                        your stay could be a long one.
                        On the other hand, for a nominal fee you can usually
                        pick up a cheap *legitimate* (now there's a concept)
                        account. Or you could enroll in the university for
                        a few credits, and just go until the accounts are
                        handed out. Unfortunely, if you are caught hacking
                        off your own account it won't be hard to trace it
                        back to you. If you get a legimate account at first,
                        you might be best to hack a student's account for 
your
                        other-system hacking.
                        The other fun part about universities is often they
                        will provide access to a number of nets, usually
                        including the Internet.
                        Occasionally you'll have access to a PSN as well.

    - CARRIER SCANNING: Carrier scanning in your LATA(Local Access Transport
                        Area), commonly known as wardialing, was popularized
                        in the movie War Games.
                        Unfortunely, there are a few problems inherent in
                        finding systems this way; you are limited to the
                        systems in your area, so if you have a small town 
you
                        may find very little of interest, and secondly,
                        ANI is a problem within your own LATA, and tracing 
is
                        simple, making security risks high. If you are going
                        to hack a system within your own lata, bounce it at
                        least once.
                        There are many programs, such as ToneLoc and 
CodeThief
                        (ToneLoc being superior to all in my humble 
opinion),
                        which will automate this process.

    - PACKET-SWITCHED : This is my favorite by far, as hacking on PSNs is 
how
      NETWORKS          I learned nearly all I know. I've explored PSNs
                        world-wide, and never ran out of systems to hack.
                        No matter what PSN you try you will find many
                        different, hackable systems. I will go more indepth
                        on PSNs in the next section.


PACKET-SWITCHED NETWORKS
========================
------------------------

Intro to PSNs
=============

    First off, PSNs are also known as PSDNs, PSDCNs, PSSs and VANs to name
a few. Look up the acronyms in the handy acronym reference chart<g>.
    The X.25 PSNs you will hear about the most are; Sprintnet(formerly
Telenet), BT Tymnet(the largest), and Datapac(Canada's largest).
    All these networks have advantages and disadvantages, but i'll say this;
if you are in the United States, start with Sprintnet. If you are in Canada,
Datapac is for you.
    The reason PSNs are so popular for hackers are many. There are literally
thousands of systems on PSNs all around the world, all of which(if you have
the right facilities) are free of charge for you to reach. And because of 
the
immense size of public PSNs, it is a rare thing to ever get caught for
scanning. Tracing is also a complicated matter, especially with a small
amount of effort on your part to avoid a trace.

How packet-switching works
==========================

    The following explanation applies for the most part to all forms of
packet-switching, but is specifically about PSNs operating on the X series 
of
protocols, such as Datapac & SprintNet, as opposed to the Internet which
operates on TCP/IP. It is the same principle in essense, however.
    Packet-Switched Networks are kinda complicated, but I'll attempt to
simplify the technology enough to make it easy to understand.
    You, the user, connect to the local public access port for your PSN,
reachable via a phone dialup. You match communications parameters with the
network host and you are ready to go.
    From there, all the data you send across the network is first bundled 
into
packets, usually of 128 or 256 bytes. These packets are assembled using
Packet Assembly/Disassembly, performed by the public access port, also known
as a public PAD(Packet Assembler/Disassembler), or a DCE(Data Communicating
Equipment or Data Circuit-Terminating Equipment).
    The packets are sent along the network to their destination by means of
the various X protocol