------------------------------------------------------------------------------ %%%%%%%%%%%%%%%%%%%%%%%%%%%%-%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % THE NEOPHYTE'S GUIDE TO HACKING % % =============================== % % 1993 Edition % % Completed on 08/28/93 % % Modification 1.1 Done on 10/10/93 % % Modification 1.2 Done on 10/23/93 % % by % %% >>>>> Deicide <<<<< %% %%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% < The author of this file grants permission to reproduce and > < redistribute this file in any way the reader sees fit, > < including the inclusion of this file in newsletters of any > < media, provided the file is kept whole and complete, > < without any modifications, deletions or ommissions. > < (c) 1993, Deicide > TABLE OF CONTENTS ================= 1. INTRODUCTION 2. ETHICS/SAFETY 3. WHERE TO START 4. PACKET-SWITCHED NETWORKS A. Intro to PSNs B. How packet-switching works C. The Internet 1. Introduction 2. Getting access 3. FTP D. X.25 Networks 1. NUAs 2. PADs & NUIs 3. CUGs 4. SprintNet 5. BT Tymnet 6. Datapac 7. DNIC List 5. SYSTEM PENETRATION A. Unix B. VMS C. MPE (HP3000 mainframes) D. VM/CMS E. Primos F. TOPS 10/20 G. IRIS H. NOS I. DECServer J. GS/1 K. XMUX L. Starmaster/PACX M. Access 2590 N. PICK O. AOS/VS P. RSTS Q. WindowsNT R. Novell Netware S. System75/85 T. AS400 U. TSO 6. BRUTE FORCE A. Passwords B. Usernames C. Services 7. SOCIAL ENGINEERING 8. TRASHING 9. ACRONYMS 10. CONCLUSION A. Last words B. Recommended Reading C. BBSes D. References E. And finally.. F. Disclaimer INTRODUCTION: ============ ------------ Over four years ago the final version of the LOD/H's Novice's Guide to Hacking was created and distributed, and during the years since it has served as a much needed source of knowledge for the many hackers just beginning to explore the wonders of system penetration and exploration. The guide was much needed by the throng of newbies who hadn't the slightest clue what a VAX was, but were eager to learn the arcane art of hacking. Many of today's greats and moderates alike relied the guide as a valuable reference during their tentative(or not) steps into the nets. However, time has taken it's toll on the silicon networks and the guide is now a tad out of date. The basic manufacturer defaults are now usually secured , and more operating systems have come on the scene to take a large chunk of the OS percentile. In over four years not one good attempt at a sequel has been made, for reasons unbeknownst to me. So, I decided to take it upon myself to create my own guide to hacking.. the "Neophyte's Guide to Hacking" (hey..no laughing!) in the hopes that it might help others in furthering their explorations of the nets. This guide is modelled after the original, mainly due to the fact that the original *was* good. New sections have been added, and old sections expanded upon. However, this is in no means just an update, it is an entirely new guide as you'll see by the difference in size. This guide turned out to be over 4 times the size of The Mentor's guide. Also, this guide is NOT an actual "sequel" to the original; it is not LOD/H sponsored or authorized or whatever, mainly because the LOD/H is now extinct. One last thing.. this guide is in no way complete. There are many OS's I did not include, the main reasons being their rarity or my non-expertise with them. All the major OS's are covered, but in future releases I wish to include Wang, MVS, CICS, SimVTAM, Qinter, IMS, VOS, and many more. If you feel you could help, contact me by Internet email or on a board or net(if you can find me). Same thing applies for further expansion of current topics and operating systems, please contact me. Ok, a rather long intro, but fuck it.. enjoy as you wish.. Deicide - deicide@west.darkside.com ETHICS/SAFETY: ============= ------------- One of the most integral parts of a hacker's mindset is his set of ethics. And ethics frequently go hand in hand with safety, which is obviously the most critical part of the process of hacking and the system exploration, if you plan to spend your life outside of the gaol. A hacker's ethics are generally somewhat different from that of an average joe. An average joe would be taught that it is bad to break laws, even though most do anyways. I am encouraging you to break laws, but in the quest for knowledge. In my mind, if hacking is done with the right intentions it is not all that criminal. The media likes to make us out to be psychotic sociopaths bent on causing armageddon with our PCs. Not likely. I could probably turn the tables on the fearmongering media by showing that the average joe who cheats on his taxes is harming the system more than a curious interloper, but I refrain.. let them wallow.. The one thing a hacker must never do is maliciously hack(also known as crash, trash, etc..) a system. Deleting and modifying files unnecessary is BAD. It serves no purpose but to send the sysadmins on a warhunt for your head , and to take away your account. Lame. Don't do it. Anyways, if you don't understand all of these, just do your best to follow them, and take my word for it. You'll understand the reasoning behind these guidelines later. I. Don't ever maliciously hack a system. Do not delete or modify files unnecessarily, or intentionally slow down or crash a system. The lone exception to this rule is the modification of system logs and audit trails to hide your tracks. II. Don't give your name or real phone number to ANYONE, it doesn't matter who they are. Some of the most famous phreaks have turned narcs because they've been busted, and they will turn you in if you give them a chance. It's been said that one out of every three hackers is a fed, and while this is an exaggeration, use this as a rule and you should do fine. Meet them on a loop, alliance, bbs, chat system, whatever, just don't give out your voice number. III. Stay away from government computers. You will find out very fast that attempting to hack a MilTac installation is next to impossible, and will get you arrested before you can say "oh shit". Big Brother has infinite resources to draw on, and has all the time it needs to hunt you down. They will spend literally years tracking you down. As tempting as it may be, don't rush into it, you'll regret it in the end. IV. Don't use codes from your own home, ever! Period. This is the most incredibly lame thing i've seen throughout my life in the 'underground'; incredible abuse of codes, which has been the downfall of so many people. Most PBX/950/800s have ANI, and using them will eventually get you busted, without question. And calling cards are an even worse idea. Codes are a form of pseudo-phreaking which have nothing to do with the exploration of the telephone networks, which is what phreaking is about. If you are too lazy to field phreak or be inventive, then forget about phreaking. V. Don't incriminate others, no matter how bad you hate them. Turning in people over a dispute is a terrible way to solve things; kick their ass, shut off their phones/power/water, whatever, just don't bust them. It will come back to you in the end.. VI. Watch what you post. Don't post accounts or codes over open nets as a rule. They will die within days, and you will lose your new treasure. And the posting of credit card numbers is indeed a criminal offense under a law passed in the Reagan years. VII. Don't card items. This is actually a worse idea than using codes, the chances of getting busted are very high. VIII. If for some reason you have to use codes, use your own, and nothing else. Never use a code you see on a board, because chances are it has been abused beyond belief and it is already being monitored. IX. Feel free to ask questions, but keep them within reason. People won't always be willing to hand out rare accounts, and if this is the case don't be surprised. Keep the questions technical as a rule. Try and learn as much as you can from pure hands on experience X. And finally, be somewhat paranoid. Use PGP to encrypt your files, keep your notes/printouts stored secretly, whatever you can do to prolong your stay in the h/p world. XI. If you get busted, don't tell the authorities ANYTHING. Refuse to speak to them without a lawyer present. XII. If police arrive at your residence to serve a search warrant, look it over carefully, it is your right. Know what they can and can't do, and if they can't do something, make sure they don't. XIII. If at all possible, try not to hack off your own phoneline. Splice your neighbour's line, call from a Fortress Fone, phreak off a junction box, whatever.. if you hack long enough, chances are one day you'll be traced or ANI'd. Don't believe you are entirely safe on packet-switched networks either, it takes a while but if you scan/hack off your local access point they will put a trace on it. XIV. Make the tracking of yourself as difficult as possible for others. Bounce the call off several outdials, or try to go through at least two different telco companies when making a call to a dialup. When on a packet-switched network or a local or wide area network, try and bounce the call off various pads or through other networks before you reach your destination. The more bounces, the more red tape for the investigator and the easier it is for you to make a clean getaway. Try not to stay on any system for *too* long, and alternate your calling times and dates. XV. Do not keep written notes! Keep all information on computer, encrypted with PGP or another military-standard encryption program. Written notes will only serve to incriminate you in a court of law. If you write something down originally, shred the paper.. itty bitty pieces is best, or even better, burn it! Feds DO trash, just like us, and throwing out your notes complete will land in their hands, and they'll use it against you. XVI. Finally, the day/night calling controversy. Some folks think it is a better idea to call during the day(or whenever the user would normally use his account) as to not arouse the sysadmin's suspicion of abnormal calling times, while others think it is better to call when nobody is around. This is a tough one, as there is no real answer. If the sysadmin keeps logs(and reads over them) he will definetly think it strange that a secretary calls in at 3 am.. he will probably then look closer and find it even stranger that the secretary then grabbed the password file and proceeded to set him/herself up with a root shell. On the other hand, if you call during the time the user would normally call, the real owner of the account may very well log in to see his name already there, or even worse be denied access because his account is already in use. In the end, it is down to your opinion. And remember, when you make a decision stick to it; remember the time zone changes. WHERE TO START ============== -------------- Probably the hardest period in hacking is that of when you are first starting. Finding and penetrating your first system is a major step, and can be approached in many ways. The common ways to find a system to hack are; - UNIVERSITIES : Universities commonly have hundreds of users, many of which aren't too computer literate, which makes hacking a relatively simple chore. And security is often poor, so if you don't abuse the system too much your stay could be a long one. On the other hand, for a nominal fee you can usually pick up a cheap *legitimate* (now there's a concept) account. Or you could enroll in the university for a few credits, and just go until the accounts are handed out. Unfortunely, if you are caught hacking off your own account it won't be hard to trace it back to you. If you get a legimate account at first, you might be best to hack a student's account for your other-system hacking. The other fun part about universities is often they will provide access to a number of nets, usually including the Internet. Occasionally you'll have access to a PSN as well. - CARRIER SCANNING: Carrier scanning in your LATA(Local Access Transport Area), commonly known as wardialing, was popularized in the movie War Games. Unfortunely, there are a few problems inherent in finding systems this way; you are limited to the systems in your area, so if you have a small town you may find very little of interest, and secondly, ANI is a problem within your own LATA, and tracing is simple, making security risks high. If you are going to hack a system within your own lata, bounce it at least once. There are many programs, such as ToneLoc and CodeThief (ToneLoc being superior to all in my humble opinion), which will automate this process. - PACKET-SWITCHED : This is my favorite by far, as hacking on PSNs is how NETWORKS I learned nearly all I know. I've explored PSNs world-wide, and never ran out of systems to hack. No matter what PSN you try you will find many different, hackable systems. I will go more indepth on PSNs in the next section. PACKET-SWITCHED NETWORKS ======================== ------------------------ Intro to PSNs ============= First off, PSNs are also known as PSDNs, PSDCNs, PSSs and VANs to name a few. Look up the acronyms in the handy acronym reference chart. The X.25 PSNs you will hear about the most are; Sprintnet(formerly Telenet), BT Tymnet(the largest), and Datapac(Canada's largest). All these networks have advantages and disadvantages, but i'll say this; if you are in the United States, start with Sprintnet. If you are in Canada, Datapac is for you. The reason PSNs are so popular for hackers are many. There are literally thousands of systems on PSNs all around the world, all of which(if you have the right facilities) are free of charge for you to reach. And because of the immense size of public PSNs, it is a rare thing to ever get caught for scanning. Tracing is also a complicated matter, especially with a small amount of effort on your part to avoid a trace. How packet-switching works ========================== The following explanation applies for the most part to all forms of packet-switching, but is specifically about PSNs operating on the X series of protocols, such as Datapac & SprintNet, as opposed to the Internet which operates on TCP/IP. It is the same principle in essense, however. Packet-Switched Networks are kinda complicated, but I'll attempt to simplify the technology enough to make it easy to understand. You, the user, connect to the local public access port for your PSN, reachable via a phone dialup. You match communications parameters with the network host and you are ready to go. From there, all the data you send across the network is first bundled into packets, usually of 128 or 256 bytes. These packets are assembled using Packet Assembly/Disassembly, performed by the public access port, also known as a public PAD(Packet Assembler/Disassembler), or a DCE(Data Communicating Equipment or Data Circuit-Terminating Equipment). The packets are sent along the network to their destination by means of the various X protocol