Senin, 14 Juli 2008
Minggu, 13 Juli 2008
Hack Attack
Techniques for hacking systems. A Beginners Guide to Hacking Un*x
A Glossary of Computer Security Terms
A NAP/PA file about VAX/VMS machines
A Strict Anomoly Detection Model for Intrusion Detection Systems by sasha / beetle
The base-rate fallacy is one of the cornerstones of Bayesian statistics, stemming from Bayes theorem that describes the relationship between a conditional probability and its opposite, i.e. with the condition transposed.
A Un*x tutorial part 1
A Un*x tutorial part 2
A beginning guide to help you hack unix systems. E
A companion to VaxBuster's phile in Phrack 41
A few Unix password hackers
A hint for the 555 account on AOL
A letter from the national computer systems laboratory
A text file for newbies...
Advanced Host Detection: Techniques To Validate Host-Connectivity by dethy
Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts.
Advanced VMS hacking
All about VAX/VMS
An Architectural Overview of UNIX Network Security
An in- depth guide to hacking UNIX and the concept
An introduction to UNIX - Kernighan
Analysis Techniques for Detecting Coordinated Attacks and Probes by John Green , David Marchette and Stephen Northcutt
Coordinated attacks and probes have been observed against several networks that we protect. We describe some of these attacks and provide insight into how and why they are carried out. We also suggest hypotheses for some of the more puzzling probes. Methods for detecting these coordinated attacks are provided.
Analysis of SSH crc32 Compensation Attack Detector Exploit by David A. Dittrich
Once in the system, a series of operating system commands were replaced with trojan horses to provide back doors for later entry and to conceal the presence of the intruders in the system. A second SSH server was run on a high numbered port (39999/tcp).
Another vulnerability of early ATM's
Audio Distribution System Hacking
Backdooring Binary Objects by klog
Weakening a system in order to keep control over it (or simply to alter some of its functionality) has been detailed in many other papers. From userland code modification to trojan kernel code, most of the common backdooring techniques are either too dirty, or just not portable enough.
Beginner's guide to hacking VAX Systems
Best guide to hacking by neophyte
Bibliography Computer Security Reports
Bibliography of Computer Security Articles
Bibliography of Computer Security Manuals
Bibliography of Computer Security Periodicals
Bibliography of Guidelines
Bibliography of Technical Papers on Computer Security
Bibliography of computer security documents
Biliography of computer security articles
Bill Wall's List of Computer Hacker Incidents by Bill Wall
Hacker incidents from 1961 - 2001!
Bugs for Windows NT
Cards and the Networks - Very helpful
Changing Your Grades by Aaron Winters
How to hack your school and change your grades quickly, quietly, and without a trace. Sometimes.
Common Gateway Interface (CGI) Security, Part 1
Common Gateway Interface (CGI) Security, Part 2
Common Gateway Interface (CGI) Security, Part 3
Common Gateway Interface (CGI) Security, Part 4
Common Gateway Interface (CGI) Security, Part 5
Common Gateway Interface (CGI) Security, Part 6
Common UNIX System Configurations That Can Be Expl
Computer Security Organizations
Computer Security by E.A.Bedwell
Computer Users's Guide to the Protection of Information
Computer jargon
Computer security planning
Computer system ID and password security alert
Custom Local Area Signalling Services
Default Logins & P/W's for VAX
Default Un*x account
Default Unix passwords
Defeating Forensic Analysis on Unix by the grugq
To facilitate a useful discussion of anti-forensic strategies it is important that the reader possess certain background information. In particular, the understanding of anti-forensic file system sanitization requires the comprehension of basic Unix file system organisation. And, of course, the understanding of any anti-forensic theory demands at least a rudimentary grasp of digital forensic methodology and practise.
Defeating Sniffers and Intrusion Detection Systems by horizon
The purpose of this article is to demonstrate some techniques that can be used to defeat sniffers and intrusion detection systems. This article focuses mainly on confusing your average "hacker" sniffer, with some rough coverage of Intrusion Detection Systems (IDS).
Defeating Solaris/SPARC Non-Executable Stack Protection by Horizon
I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexec_user_stack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described previously on this list. Specifically, I have had success in adapting the return into libc methods introduced by Solar Designer and Nergal to Solaris/SPARC.
Defense Information Infrastructure Common Operatin
Denial Of Service Attacks by Hans Husman
Denial of service is about without permission knocking off services, for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved.
DoD Common Messaging System
DoD Information Security Program, Jan 1997
DoD Password Management Guideline (CSC- STD- 002- 85: The Green B
DoD Required Operational Messaging Characteristics
DoD SEIWG- 012 Mag- Stripe Encoding, A Plain Languag
DoD Secure Data Network System's Message Security
Evading Intrusion Detection by Seclabs
There are many different ways in which network traffic can be obtained by a network intrusion detection system (IDS). This document demonstrates that one class of network IDS, which relies on passive network packet capture (commonly referred to as ?sniffing?), is fundamentally flawed. We show that sniffer-based IDS is, as a technology, immature, and thus cannot be relied upon for network security.
Examples of Computer Intrusion at the Naval Surfac
Explanation of ENA and computer conferencing
FORTEZZA File Protection (National Security Agency
File on hacking Unix System V's
Franken Gibe's Unix Command Bible
General TRW Information
Generally Accepted System Security Principles (GASSP)
Getting Admin by Cra58cker
This guide will list all the possible ways there is to get Admin access when you have physical access to a Windows NT Machine! A must Read to all the Hackers\Crackers\Administrators.
Getting better access on any UNIX system
Goverment Open Systems Interconnection Profile (GOSIP)
Guidance to Federal Agencies on the use of Trusted
Guide to RSTS
HP- UX Trusted Operating System Random Man page
Hacker Journeys Through NASA's Secret World
While tripping through NASAs most sensitive computer files, Ricky Wittman suddenly realized he was in trouble. Big trouble.
Hackers handbook
Hacking ATM's
Hacking Chilton Corporation Credit
Hacking Directories #1
Hacking Directories #2
Hacking Directories #3
Hacking Directories #4
Hacking Rite Aid Healthnotes Computers by Omega Red
Wanna learn about health? Or shutdown Rite Aid computers? You can do both on a little trip to Rite Aid and with this tiny article.
Hacking UNIX - Jester Sluggo
Hacking UNIX and VAX
Hacking UNIX on a VAX
Hacking VAX's & Unix
Hacking Webpages by Scrocklez Kilor
How to get into a webpages with a guiding methode and one of the easiest ways of getting superuser access through anonymous ftp access into a webpage. First you need learn a little about the password file.
Hacking Windows Users by protonigger
A comprehensive guide to remotely exploiting Windows home users.
Hacking credit card codes
Hacking passwords
Hacking techniques - from Out Of The Inner Circle
Hacking the vax - commands & default pws
Hacking tutorial
Hacking with Windows by OzScarecrow
This is a very easy method to hack using Windows.
Hacking your school by Timmeh
Have you ever dreamed of gaining total control of your school's computers? Now you can. I have tested this out so don't worry - it WILL work. I thought I should share this with all of you. All I can say is - HAVE FUN!!!
Hardening Windows NT Workstation
Edit your registry and make it much harder for hackers to crack into your Windows NT Workstation system.
Holding On To Root by Anonymous
This article is intended to show you how to hold onto root once you have it. It is intended for hackers and administrators alike.
Holding onto Root Access Once You Get It
How Hackers Do What They Do (DoD)
How Mitnick Hacked Tsutomu Shimomura with an IP Sequence Attack by Tsutomu Shimomura
Two different attack mechanisms were used. IP source address spoofing and TCP sequence number prediction were used to gain initial access to a diskless workstation being used mostly as an X terminal. After root access had been obtained, an existing connection to another system was hijacked by means of a loadable kernel STREAMS module.
How to Break Into Email Accounts by protonigger
A comprehensive guide to an all-to-commonly asked question.
How to Hack a Hotmail Account by Richard "Terminalkillah" Evans
To hack a hotmail account (well it isnt really hacking) download the trojan Sub7 send your victim (preferably your buddy's) the sub7 server with some lame exuse that it's porn or something. Make sure they install it.
How to Hack into VAX
How to Make alt. Newsgroups and Get Sysadmins to Carry Them
How to defeat security
How to dial out on the modem of a Unix system
How useful ARE longer passwords?
Info about pagers
Info on /dev/nit
Info on Dynamic Password Cards (Smartcards)
Internet FAQ: WWW, MUDs, Gophers, FTP, Finger, Etc
Interpreting Network Traffic: A Network Intrusion Detector's Look by Richard Bejtlich
While the interpretation techniques explained here are pertinent to activity logged by a NIDS or firewall, I approach the subject from the NIDS angle. This my favorite subject, and I present this data with a warning: know the inner workings of your NIDS, or suffer frequent false positives and false conclusions.
Introduction to VMS
Intrustion Detection Project (DoD)
List of all unix commands from Unix System V
Loads of great technical information on ATM cards
Local Area Detection of Incoming War Dial Activity by Dan Powell, Steve Schuster
Cracker attack plans often include attempts to gain access to target local computing and networking resources via war dialed entry around firewall-protected gateways. This paper describes two methods for organizations to reduce this risk in environments where removal of unknown modems is not feasible.
Magnetic Stripe Technology and Beyond
Mail Server Attack by Explicit
This is a little theory i have devloped and started to test but never followed through with attacking e-mail servers.
Management Guide to the Protection of Information
Management Guide to the Protection of Information Resources
Microsoft Passport Account Hijack Attack by Obscure
To steal the session cookie, there are three methods. In this paper I discuss the third option: Fooling the System.
Much information on ATMs and PIN security
Multilevel Security in the Department of the Defen
NARC's guide to UNIX
NCSA Draft Security Policy
NCSA Policy Concerning Secuity Product Reviews
NCSL Bulletin: Bibliography of computer security glossaries
NCSL Bulletin: Review of Federal Agency computer security
NFS Tracing by Passive Network Monitoring, 1992
NSA's ORANGE book on trusted computer systems
NTIS catalog of computer security products
Naval Surface Warfare Center AIS FAQ
Naval Surface Warfare Center AIS Security Domain E
Naval Surface Warfare Center's Risk Assesment Form
Naval Surface Warfare Center's Risk Assesment Form
Navy's Computer Incident Response Guidebook for In
NeXT Security Bugs
NetBIOS Hacking by XeNobiTe
This tutorial will explain how to connect to a remote computer which has file and print sharing on. (Windows 9x/ME)
Operations Security (OPSEC): The Basics
Packet Stealing with bind
Paper on Internet Security Attacks (Spoofing), 199
Password Cracking Using Focused Dictionaries by Paul Bobby
Can the chances of cracking an individual?s password be improved by using a more focused dictionary? This dictionary would contain words and information that have a specific relationship to the owner of the targeted password.
Playing Hide and Seek, Unix style by Phreak Accident
A "how-to" in successfully hiding and removing your electronic footprints while gaining unauthorized access to someone else's computer system (Unix in this case).
Professor Falken's Guide to Code Hacking
Psycho- Social Factors in the Implementation of Inf
RSTS Basic information
RSTS Hacking
RSTS Programming
RSTS commands
RSTS hacking
RSTSE Hacking (DEC)
Recovering from a UNIX Root Compromise
Reduce Net Zero to Zero by Anonymous
How to get rid of that annoying Net Z banner and gain a couple kb/s.
Remotely snarf yppasswd files
Security Guidelines for Goverment Employees
Signs That Your System Might Have Been Compromised
Simple Active Attack Against TCP by Laurent Joncheray
Passive attacks using sniffers are becoming more and more frequent on the Internet. The attacker obtains a user id and password that allows him to logon as that user. In order to prevent such attacks people have been using identification schemes such as one-time password [skey] or ticketing identification [kerberos].
Site Security Handbook
Sniffin' the Ether by Alaric
A sniffer is a program that puts a NIC (Network Interface Card), also known as an Ethernet card, (one of the necessary pieces of hardware to physically connect computers together) into what is known as promiscuous mode. Once the network card is set to this mode, it will give the sniffer program the ability to capture packets being transmitted over the network.
So you want to be a UNIX wizard?
Still MORE info on TRW
TCP/UDP Logfile Analysis: Overview of the Scripts
TRW Code Information
TRW Definiftions
TRW Info
Tactical Radio Frequency Communication Requirments
Take your laptop on the road - portable hacking
Technical Hacking
Technical Hacking Manual
Technical Hacking: Part One
Techniques Adopted by 'System Crackers' by FIST
Usually corporate networks are not designed and implemented with security in mind, merely functionality and efficiency, although this is good from a business standpoint in the short-term, security problems usually arise later, which can cost millions to solve in larger environments.
The #HACK FAQ
The Art of Rootkits by Cra58cker
This T-file will teach you about Application and Kernel based rootkits. Highly recommended for the beginners are advance *nix users. Have Phun!
The Basics of Hacking 3: Data
The Best beginners guide VMS
The Escapades of Captain Midnight
It started out as just another Saturday. April 26, 1986. John R. MacDougall, 25, spent the day alone at his satellite TV dealership in Ocala, Florida, waiting for customers who never came. "It was," he says, "a normal day in the doldrums of the satellite TV industry." But that night, MacDougall, 5 feet 11, 225 pounds, and prone to nervously running his fingers through his reddish blond hair and adjusting his glasses, would transform into Captain Midnight and set the world of satellite television spinning.
The Ethics of Hacking
The Ethics of Information Warfare and Statecraft by Dan Kuehl
What constitutes an "act of war" in the "information age. This is a question that most members of the "IW community" have wrestled with, and it's a question that places one squarely on the horns of a dilemma: if you cannot easily answer whether an act belongs to the legal codes of war or peace, how can you make a determination of the act's ethical status?
The Hacker's League
The NCSA Draft Security Policy for Organizations
The Navy's Fleet Network Operating System (NOS)
The Social Organization of the Computer Undergroun
The Strange Tale of the Attacks Against GRC.COM by Steve Gibson
Nothing more than the whim of a 13-year old hacker is required to knock any user, site, or server right off the Internet. I believe you will be as fascinated and concerned as I am by the findings of my post-attack forensic analysis, and the results of my subsequent infiltration into the networks and technologies being used by some of the Internet's most active hackers.
The Wonderful World of Pagers by Erik Bloodaxe
Screaming through the electromagnet swamp we live in are hundreds of thousands of messages of varying degrees of importance. Doctors, police, corporate executives, housewives and drug dealers all find themselves constantly trapped at the mercy of a teeny little box: the pager.
The basics of CBI
UNIX IP Stack Tuning Guide v2.7 by Rob Thomas
The purpose of this document is to strengthen the UNIX IP stack against a variety of attack types prevalent on the Internet today. This document details the settings recommended for UNIX servers designed to provide network intensive services such as HTTP or routing (firewall services).
UNIX Security by David A. Curry, SRI International
UNIX System Administrator Responsibilities (Navy R
UNIX Trojan Horses
US Military to Target APC in "Netwar"? by Chris Bailey
A study prepared for the US military on what they call "Netwar" concludes that they must center attention on countering the activities of NGOs using Internet communication.
Unix Myths
Unix Security Holes
Unix System Security Issues
ZZZ
ZZZZZ
This page Copyright © 1997-2008 totse.com.
totse.com certificate signatures
A Glossary of Computer Security Terms
A NAP/PA file about VAX/VMS machines
A Strict Anomoly Detection Model for Intrusion Detection Systems by sasha / beetle
The base-rate fallacy is one of the cornerstones of Bayesian statistics, stemming from Bayes theorem that describes the relationship between a conditional probability and its opposite, i.e. with the condition transposed.
A Un*x tutorial part 1
A Un*x tutorial part 2
A beginning guide to help you hack unix systems. E
A companion to VaxBuster's phile in Phrack 41
A few Unix password hackers
A hint for the 555 account on AOL
A letter from the national computer systems laboratory
A text file for newbies...
Advanced Host Detection: Techniques To Validate Host-Connectivity by dethy
Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts.
Advanced VMS hacking
All about VAX/VMS
An Architectural Overview of UNIX Network Security
An in- depth guide to hacking UNIX and the concept
An introduction to UNIX - Kernighan
Analysis Techniques for Detecting Coordinated Attacks and Probes by John Green , David Marchette and Stephen Northcutt
Coordinated attacks and probes have been observed against several networks that we protect. We describe some of these attacks and provide insight into how and why they are carried out. We also suggest hypotheses for some of the more puzzling probes. Methods for detecting these coordinated attacks are provided.
Analysis of SSH crc32 Compensation Attack Detector Exploit by David A. Dittrich
Once in the system, a series of operating system commands were replaced with trojan horses to provide back doors for later entry and to conceal the presence of the intruders in the system. A second SSH server was run on a high numbered port (39999/tcp).
Another vulnerability of early ATM's
Audio Distribution System Hacking
Backdooring Binary Objects by klog
Weakening a system in order to keep control over it (or simply to alter some of its functionality) has been detailed in many other papers. From userland code modification to trojan kernel code, most of the common backdooring techniques are either too dirty, or just not portable enough.
Beginner's guide to hacking VAX Systems
Best guide to hacking by neophyte
Bibliography Computer Security Reports
Bibliography of Computer Security Articles
Bibliography of Computer Security Manuals
Bibliography of Computer Security Periodicals
Bibliography of Guidelines
Bibliography of Technical Papers on Computer Security
Bibliography of computer security documents
Biliography of computer security articles
Bill Wall's List of Computer Hacker Incidents by Bill Wall
Hacker incidents from 1961 - 2001!
Bugs for Windows NT
Cards and the Networks - Very helpful
Changing Your Grades by Aaron Winters
How to hack your school and change your grades quickly, quietly, and without a trace. Sometimes.
Common Gateway Interface (CGI) Security, Part 1
Common Gateway Interface (CGI) Security, Part 2
Common Gateway Interface (CGI) Security, Part 3
Common Gateway Interface (CGI) Security, Part 4
Common Gateway Interface (CGI) Security, Part 5
Common Gateway Interface (CGI) Security, Part 6
Common UNIX System Configurations That Can Be Expl
Computer Security Organizations
Computer Security by E.A.Bedwell
Computer Users's Guide to the Protection of Information
Computer jargon
Computer security planning
Computer system ID and password security alert
Custom Local Area Signalling Services
Default Logins & P/W's for VAX
Default Un*x account
Default Unix passwords
Defeating Forensic Analysis on Unix by the grugq
To facilitate a useful discussion of anti-forensic strategies it is important that the reader possess certain background information. In particular, the understanding of anti-forensic file system sanitization requires the comprehension of basic Unix file system organisation. And, of course, the understanding of any anti-forensic theory demands at least a rudimentary grasp of digital forensic methodology and practise.
Defeating Sniffers and Intrusion Detection Systems by horizon
The purpose of this article is to demonstrate some techniques that can be used to defeat sniffers and intrusion detection systems. This article focuses mainly on confusing your average "hacker" sniffer, with some rough coverage of Intrusion Detection Systems (IDS).
Defeating Solaris/SPARC Non-Executable Stack Protection by Horizon
I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexec_user_stack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described previously on this list. Specifically, I have had success in adapting the return into libc methods introduced by Solar Designer and Nergal to Solaris/SPARC.
Defense Information Infrastructure Common Operatin
Denial Of Service Attacks by Hans Husman
Denial of service is about without permission knocking off services, for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved.
DoD Common Messaging System
DoD Information Security Program, Jan 1997
DoD Password Management Guideline (CSC- STD- 002- 85: The Green B
DoD Required Operational Messaging Characteristics
DoD SEIWG- 012 Mag- Stripe Encoding, A Plain Languag
DoD Secure Data Network System's Message Security
Evading Intrusion Detection by Seclabs
There are many different ways in which network traffic can be obtained by a network intrusion detection system (IDS). This document demonstrates that one class of network IDS, which relies on passive network packet capture (commonly referred to as ?sniffing?), is fundamentally flawed. We show that sniffer-based IDS is, as a technology, immature, and thus cannot be relied upon for network security.
Examples of Computer Intrusion at the Naval Surfac
Explanation of ENA and computer conferencing
FORTEZZA File Protection (National Security Agency
File on hacking Unix System V's
Franken Gibe's Unix Command Bible
General TRW Information
Generally Accepted System Security Principles (GASSP)
Getting Admin by Cra58cker
This guide will list all the possible ways there is to get Admin access when you have physical access to a Windows NT Machine! A must Read to all the Hackers\Crackers\Administrators.
Getting better access on any UNIX system
Goverment Open Systems Interconnection Profile (GOSIP)
Guidance to Federal Agencies on the use of Trusted
Guide to RSTS
HP- UX Trusted Operating System Random Man page
Hacker Journeys Through NASA's Secret World
While tripping through NASAs most sensitive computer files, Ricky Wittman suddenly realized he was in trouble. Big trouble.
Hackers handbook
Hacking ATM's
Hacking Chilton Corporation Credit
Hacking Directories #1
Hacking Directories #2
Hacking Directories #3
Hacking Directories #4
Hacking Rite Aid Healthnotes Computers by Omega Red
Wanna learn about health? Or shutdown Rite Aid computers? You can do both on a little trip to Rite Aid and with this tiny article.
Hacking UNIX - Jester Sluggo
Hacking UNIX and VAX
Hacking UNIX on a VAX
Hacking VAX's & Unix
Hacking Webpages by Scrocklez Kilor
How to get into a webpages with a guiding methode and one of the easiest ways of getting superuser access through anonymous ftp access into a webpage. First you need learn a little about the password file.
Hacking Windows Users by protonigger
A comprehensive guide to remotely exploiting Windows home users.
Hacking credit card codes
Hacking passwords
Hacking techniques - from Out Of The Inner Circle
Hacking the vax - commands & default pws
Hacking tutorial
Hacking with Windows by OzScarecrow
This is a very easy method to hack using Windows.
Hacking your school by Timmeh
Have you ever dreamed of gaining total control of your school's computers? Now you can. I have tested this out so don't worry - it WILL work. I thought I should share this with all of you. All I can say is - HAVE FUN!!!
Hardening Windows NT Workstation
Edit your registry and make it much harder for hackers to crack into your Windows NT Workstation system.
Holding On To Root by Anonymous
This article is intended to show you how to hold onto root once you have it. It is intended for hackers and administrators alike.
Holding onto Root Access Once You Get It
How Hackers Do What They Do (DoD)
How Mitnick Hacked Tsutomu Shimomura with an IP Sequence Attack by Tsutomu Shimomura
Two different attack mechanisms were used. IP source address spoofing and TCP sequence number prediction were used to gain initial access to a diskless workstation being used mostly as an X terminal. After root access had been obtained, an existing connection to another system was hijacked by means of a loadable kernel STREAMS module.
How to Break Into Email Accounts by protonigger
A comprehensive guide to an all-to-commonly asked question.
How to Hack a Hotmail Account by Richard "Terminalkillah" Evans
To hack a hotmail account (well it isnt really hacking) download the trojan Sub7 send your victim (preferably your buddy's) the sub7 server with some lame exuse that it's porn or something. Make sure they install it.
How to Hack into VAX
How to Make alt. Newsgroups and Get Sysadmins to Carry Them
How to defeat security
How to dial out on the modem of a Unix system
How useful ARE longer passwords?
Info about pagers
Info on /dev/nit
Info on Dynamic Password Cards (Smartcards)
Internet FAQ: WWW, MUDs, Gophers, FTP, Finger, Etc
Interpreting Network Traffic: A Network Intrusion Detector's Look by Richard Bejtlich
While the interpretation techniques explained here are pertinent to activity logged by a NIDS or firewall, I approach the subject from the NIDS angle. This my favorite subject, and I present this data with a warning: know the inner workings of your NIDS, or suffer frequent false positives and false conclusions.
Introduction to VMS
Intrustion Detection Project (DoD)
List of all unix commands from Unix System V
Loads of great technical information on ATM cards
Local Area Detection of Incoming War Dial Activity by Dan Powell, Steve Schuster
Cracker attack plans often include attempts to gain access to target local computing and networking resources via war dialed entry around firewall-protected gateways. This paper describes two methods for organizations to reduce this risk in environments where removal of unknown modems is not feasible.
Magnetic Stripe Technology and Beyond
Mail Server Attack by Explicit
This is a little theory i have devloped and started to test but never followed through with attacking e-mail servers.
Management Guide to the Protection of Information
Management Guide to the Protection of Information Resources
Microsoft Passport Account Hijack Attack by Obscure
To steal the session cookie, there are three methods. In this paper I discuss the third option: Fooling the System.
Much information on ATMs and PIN security
Multilevel Security in the Department of the Defen
NARC's guide to UNIX
NCSA Draft Security Policy
NCSA Policy Concerning Secuity Product Reviews
NCSL Bulletin: Bibliography of computer security glossaries
NCSL Bulletin: Review of Federal Agency computer security
NFS Tracing by Passive Network Monitoring, 1992
NSA's ORANGE book on trusted computer systems
NTIS catalog of computer security products
Naval Surface Warfare Center AIS FAQ
Naval Surface Warfare Center AIS Security Domain E
Naval Surface Warfare Center's Risk Assesment Form
Naval Surface Warfare Center's Risk Assesment Form
Navy's Computer Incident Response Guidebook for In
NeXT Security Bugs
NetBIOS Hacking by XeNobiTe
This tutorial will explain how to connect to a remote computer which has file and print sharing on. (Windows 9x/ME)
Operations Security (OPSEC): The Basics
Packet Stealing with bind
Paper on Internet Security Attacks (Spoofing), 199
Password Cracking Using Focused Dictionaries by Paul Bobby
Can the chances of cracking an individual?s password be improved by using a more focused dictionary? This dictionary would contain words and information that have a specific relationship to the owner of the targeted password.
Playing Hide and Seek, Unix style by Phreak Accident
A "how-to" in successfully hiding and removing your electronic footprints while gaining unauthorized access to someone else's computer system (Unix in this case).
Professor Falken's Guide to Code Hacking
Psycho- Social Factors in the Implementation of Inf
RSTS Basic information
RSTS Hacking
RSTS Programming
RSTS commands
RSTS hacking
RSTSE Hacking (DEC)
Recovering from a UNIX Root Compromise
Reduce Net Zero to Zero by Anonymous
How to get rid of that annoying Net Z banner and gain a couple kb/s.
Remotely snarf yppasswd files
Security Guidelines for Goverment Employees
Signs That Your System Might Have Been Compromised
Simple Active Attack Against TCP by Laurent Joncheray
Passive attacks using sniffers are becoming more and more frequent on the Internet. The attacker obtains a user id and password that allows him to logon as that user. In order to prevent such attacks people have been using identification schemes such as one-time password [skey] or ticketing identification [kerberos].
Site Security Handbook
Sniffin' the Ether by Alaric
A sniffer is a program that puts a NIC (Network Interface Card), also known as an Ethernet card, (one of the necessary pieces of hardware to physically connect computers together) into what is known as promiscuous mode. Once the network card is set to this mode, it will give the sniffer program the ability to capture packets being transmitted over the network.
So you want to be a UNIX wizard?
Still MORE info on TRW
TCP/UDP Logfile Analysis: Overview of the Scripts
TRW Code Information
TRW Definiftions
TRW Info
Tactical Radio Frequency Communication Requirments
Take your laptop on the road - portable hacking
Technical Hacking
Technical Hacking Manual
Technical Hacking: Part One
Techniques Adopted by 'System Crackers' by FIST
Usually corporate networks are not designed and implemented with security in mind, merely functionality and efficiency, although this is good from a business standpoint in the short-term, security problems usually arise later, which can cost millions to solve in larger environments.
The #HACK FAQ
The Art of Rootkits by Cra58cker
This T-file will teach you about Application and Kernel based rootkits. Highly recommended for the beginners are advance *nix users. Have Phun!
The Basics of Hacking 3: Data
The Best beginners guide VMS
The Escapades of Captain Midnight
It started out as just another Saturday. April 26, 1986. John R. MacDougall, 25, spent the day alone at his satellite TV dealership in Ocala, Florida, waiting for customers who never came. "It was," he says, "a normal day in the doldrums of the satellite TV industry." But that night, MacDougall, 5 feet 11, 225 pounds, and prone to nervously running his fingers through his reddish blond hair and adjusting his glasses, would transform into Captain Midnight and set the world of satellite television spinning.
The Ethics of Hacking
The Ethics of Information Warfare and Statecraft by Dan Kuehl
What constitutes an "act of war" in the "information age. This is a question that most members of the "IW community" have wrestled with, and it's a question that places one squarely on the horns of a dilemma: if you cannot easily answer whether an act belongs to the legal codes of war or peace, how can you make a determination of the act's ethical status?
The Hacker's League
The NCSA Draft Security Policy for Organizations
The Navy's Fleet Network Operating System (NOS)
The Social Organization of the Computer Undergroun
The Strange Tale of the Attacks Against GRC.COM by Steve Gibson
Nothing more than the whim of a 13-year old hacker is required to knock any user, site, or server right off the Internet. I believe you will be as fascinated and concerned as I am by the findings of my post-attack forensic analysis, and the results of my subsequent infiltration into the networks and technologies being used by some of the Internet's most active hackers.
The Wonderful World of Pagers by Erik Bloodaxe
Screaming through the electromagnet swamp we live in are hundreds of thousands of messages of varying degrees of importance. Doctors, police, corporate executives, housewives and drug dealers all find themselves constantly trapped at the mercy of a teeny little box: the pager.
The basics of CBI
UNIX IP Stack Tuning Guide v2.7 by Rob Thomas
The purpose of this document is to strengthen the UNIX IP stack against a variety of attack types prevalent on the Internet today. This document details the settings recommended for UNIX servers designed to provide network intensive services such as HTTP or routing (firewall services).
UNIX Security by David A. Curry, SRI International
UNIX System Administrator Responsibilities (Navy R
UNIX Trojan Horses
US Military to Target APC in "Netwar"? by Chris Bailey
A study prepared for the US military on what they call "Netwar" concludes that they must center attention on countering the activities of NGOs using Internet communication.
Unix Myths
Unix Security Holes
Unix System Security Issues
ZZZ
ZZZZZ
This page Copyright © 1997-2008 totse.com.
totse.com certificate signatures
Introduction to Hacking
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
"My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for."
-- The Mentor The Hacker's Manifesto by The Mentor
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Batch File Potential by blip
Batch files can introduce directly executable code to a system, potentially malicious. How it is done with two different methods with a harmless, amusing example executable. Gives very little details on how to setup everything for those who would typically want to send someone a malicious executable unless they know how to setup the executable in memory, which I believe is highly unlikely.
Beginner's guide to hacking - LOD Good
Beginners Guide to understanding Unix
Beginners Hacking Guide (TI) #1
Beginners Hacking Guide (TI) #2
Bugs, Keyloggers, and Honey Pots: Who's Watching Your Ass on the Internet? by RW
The world of internet spying is changing rapidly. Not only are technical capabilities for surveillance developing, but many of them are being kept secret from the public so that people cannot take effective countermeasures.
Computer Crime Investigator's Toolkit by Ronald L. Mendell
What I've tried to do is devise a summary of basic, practical knowledge, "tricks," if you like, that should interest all computer crime investigators. While they may not be the final word in preparing for an examination, these techniques will provide some insight into the ways and means of computer criminals.
Concerning Hackers Who Break into Computer Systems by Dorothy E. Denning
A diffuse group of people often called ``hackers'' has been characterized as unethical, irresponsible, and a serious danger to society for actions related to breaking into computer systems. This paper attempts to construct a picture of hackers, their concerns, and the discourse in which hacking takes place.
Cyber Protests: The Threat to the U.S. Information Infrastructure by NIPC
Cyber protesters are becoming increasingly more organized and their techniques more sophisticated but, most likely, will continue to deface web sites and perform DoS attacks. There will also be an increase in the number of apparently unrelated hacking groups participating in the cyber protests. National boundaries will not always be clearly delineated in attacks on opposing organizations.
Draft Glossary of Communications Security Terms by COMSEC
ANI, CNA, LLLTV, SCIF...
Espionage in Information Warfare by Christopher D. Noble
All these definitions appear to call for some form of human action, but this is not an absolute. Spying is done by entities most capable with respect to the information being collected. In cyberspace, digital agents are far more effective as spies than humans.
Guide 4 beginning hacker
Hacker Being by Valerio "Elf Qrin" Capello
A hacker is a person that loves to study all things in depth (definition 1), especially the more apparently meaningless details, to discover hidden peculiarities, new features and weakness in them. For example, it is possible to hack a book, by using it to equalize the legs of a table, or to use the sharp edge of one of its pages to cut something.
Hacker's Dictionary
For those of you who always wanted to know what those terms used by hackers but never knew where to get them. Well, now you do! This thing has a shitload of info.
Hackers acronym chart
Hackers' Tricks to Avoid Detection by Chris Prosise and Saumil Udayan Shah
Hackers are not only clever in how they invade servers; they are also devious in how they disguise their attacks. Malicious attackers use a variety of evasive techniques, which we will examine in this column so that we, as administrators, can be better prepared to detect and respond to them.
Hackers, by Steven Levy 1984, a Project Gutenberg
Hacking Guide for Novices from Mentor/LOD (1989)
Hacking/Phreaking Reform by AyAn4m1
Why hackers are being attacked and what we need to do to fix the problem.
Hiding Crimes in Cyberspace by Dorothy E. Denning and William E. Baugh, Jr.
We address here the use of encryption and other information technologies to hide criminal activities. We first examine encryption and the options available to law enforcement for dealing with it. Next we discuss a variety of other tools for concealing information: passwords, digital compression, steganography, remote storage, and audit disabling. Finally we discuss tools for hiding crimes through anonymity: anonymous remailers, anonymous digital cash, computer penetration and looping, cellular phone cloning, and cellular phone cards.
Honeypot FAQ
They are a resource that has no production value, it has no authorized activity. Whenever there is any interaction with a honeypot, this is most likely malicious activity.
How Do I Hack? by j0662
It's a common enough question, asked on nearly every board across the web, and yet, no one seems to be able to answer it. Here is my atempt.
LOD/H's Novice's Guide to Hacking
Local Attack by draggie
This is a method for getting the local administrator password on a Windows NT/2k/or XP machine.
Malicious Data and Computer Security by W. Olin Sibert
Traditionally, computer security has focused on containing the effects of malicious users or malicious programs. However, as programs become more complex, an additional threat arises: malicious data. This threat arises because apparently benign programs can be made malicious, or subverted, by introduction of an attacker's data--data that is interpreted as instructions by the program to perform activities that the computer's operator would find undesirable.
Massive guide (complete I might also add) to hacki
Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network by Anonymous
A decade ago, most servers were maintained by personnel with at least basic knowledge of network security. That fact didn't prevent break-ins, of course, but they occurred rarely in proportion to the number of potential targets. Today, the Internet's population is dominated by those without strong security knowledge, many of whom establish direct links to the backbone. The number of viable targets is staggering.
Nemesis: Tactical Guide to Web Server Infiltration by protonigger
If you picked a good target you should see plenty of exploits to choose from, and since this is an IIS server that you are exploiting, then you should be able to exploit most of the vulnerabilities with yourinternet browser (the simplicity of it all will astonish you).
Network Scanning Techniques: Understanding How It Is Done by Ofir Arkin
If the intelligence gathered shows a poorly defended computer system, an attack will be launched, and unauthorized access will be gained. However, if the target is highly protected, the hacker will think twice before attempting to break in. It will be dependent upon the tools and systems that protect the target.
Packet Attacks v2 by Dreifachx and Data_Clast
A true hacker is one who strives to attain the answers for themselves through curiosity. Its the path we take to those answers that makes us hackers, not destruction of other peoples work.
Password Cracking by Kitten
Cracking programs essentially mimic the steps taken by login verification programs. A login sequence is as follows. When a user enters a password at the prompt, the first step is to look up the salt value. So the program searches through the password file until it finds the user's login name, and converts the two characters representing the salt back into a 12-bit binary value.
Physical Penetrations: The Art of Advanced Social Engineering by Scott Higgins
The subject of physical security may come up after all the current day buzzwords for security have been thrown out. In actuality, physical security may not come up at all. When we think of physical security we visualize cipher locks, electric fences, huge vault doors, guards, and the like. These devices are intended to keep the unauthorized individuals out and keep the honest people honest, as the saying goes.
System Cracking 2k by protonigger
A comprehensive guide to the latest methods of network infiltration.
The Art of Port Scanning by Fyodor
This paper details many of the techniques used to determine what ports (or similar protocol abstraction) of a host are listening for connections. These ports represent potential communication channels. Mapping their existence facilitates the exchange of information with the host, and thus it is quite useful for anyone wishing to explore their networked environment, including hackers.
The Hacker's Ethics by Dissident
I went up to a college this summer to look around, see if it was where I wanted to go and whatnot. The guide asked me about my interests, and when I said computers, he started asking me about what systems I had, etc. And when all that was done, the first thing he asked me was "Are you a hacker?" Well, that question has been bugging me ever since. Just what exactly is a hacker? A REAL hacker?
The Hackers Handbook
The IIRG Hackers' Acronym Chart by The IIRG
In no way do we feel this chart is totally complete, but we feel its a good start for the novice or lazy hacker to quickly look up acronyms.
The Information Warfare Mania
The most obvious (and widely circulated) spin on the IW morass is to focus on the offensive and defensive manipulation of information systems and networks -- i.e., "hacking"
The Newbies Guide to Hacking and Phreaking by Terminal Killah
Hacking is not going into a system and destroying files and just fucking up some guys computer up. Hacking is going into AOL chat rooms and TOS'ing some kids ass. Hacking is not going into the IRC advertising and showing off what script or bot yer using. Hacking is not emailbombing, using programs, winnuking someone, using ICMP attacks on someone, or saying that you are a hacker.
The Social Organization of the Computer Underground by Gordon R. Meyer
This paper examines the social organization of the "computer underground" (CU). The CU is composed of actors in three roles, "computer hackers," "phone phreaks," and "software pirates." These roles have frequently been ignored or confused in media and other accounts of CU activity. By utilizing a data set culled from CU channels of communication this paper provides an ethnographic account of computer underground organization. It is concluded that despite the widespread social network of the computer underground, it is organized primarily on the level of colleagues, with only small groups approaching peer relationships.
The alt.2600 FAQ file on hacking, including loops,
Tracing E-mail
Sometimes people might send you information or hatemail from a fake address. This can be done quite easily simply by changing the "Sender" and "Return-to" fields to something different. You can do this, since these fields, i.e. your identity, are normally not checked by the mailserver when you send mail, but only when you receive mail.
Wardialing Brief by Kingpin
Wardialing consists of using a computer to dial a given set of telephone numbers with a modem. Each phone number that answers with modem handshake tones and is successfully connected to is stored in a log. By searching a range of phone numbers for computers, one can find entry points into unprotected systems and backdoors into seemingly secure systems.
Why Do We Hack? by Hex_Edit
Why do we hack? Is it to alter webpages and leave some type of cybergang inner-city graffiti? Is it to laugh in the face of over paid, under qualified sysadmins? Well for myself, and everyone I associate with, the answer to both of those would be no. So then, why do we do it?
lkm: Kernel Hacking Made Easy by Nicolas Dubee
Memory is divided into roughly two parts: kernel space and user space. Kernel space is where the kernel code lives, and user space is where the user programs live. Of course, a given user program can't write to kernel memory or to another program's memory area. Unfortunately, this is also the case for kernel code.
This page Copyright © 1997-2008 totse.com.
totse.com certificate signatures
"My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for."
-- The Mentor The Hacker's Manifesto by The Mentor
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Batch File Potential by blip
Batch files can introduce directly executable code to a system, potentially malicious. How it is done with two different methods with a harmless, amusing example executable. Gives very little details on how to setup everything for those who would typically want to send someone a malicious executable unless they know how to setup the executable in memory, which I believe is highly unlikely.
Beginner's guide to hacking - LOD Good
Beginners Guide to understanding Unix
Beginners Hacking Guide (TI) #1
Beginners Hacking Guide (TI) #2
Bugs, Keyloggers, and Honey Pots: Who's Watching Your Ass on the Internet? by RW
The world of internet spying is changing rapidly. Not only are technical capabilities for surveillance developing, but many of them are being kept secret from the public so that people cannot take effective countermeasures.
Computer Crime Investigator's Toolkit by Ronald L. Mendell
What I've tried to do is devise a summary of basic, practical knowledge, "tricks," if you like, that should interest all computer crime investigators. While they may not be the final word in preparing for an examination, these techniques will provide some insight into the ways and means of computer criminals.
Concerning Hackers Who Break into Computer Systems by Dorothy E. Denning
A diffuse group of people often called ``hackers'' has been characterized as unethical, irresponsible, and a serious danger to society for actions related to breaking into computer systems. This paper attempts to construct a picture of hackers, their concerns, and the discourse in which hacking takes place.
Cyber Protests: The Threat to the U.S. Information Infrastructure by NIPC
Cyber protesters are becoming increasingly more organized and their techniques more sophisticated but, most likely, will continue to deface web sites and perform DoS attacks. There will also be an increase in the number of apparently unrelated hacking groups participating in the cyber protests. National boundaries will not always be clearly delineated in attacks on opposing organizations.
Draft Glossary of Communications Security Terms by COMSEC
ANI, CNA, LLLTV, SCIF...
Espionage in Information Warfare by Christopher D. Noble
All these definitions appear to call for some form of human action, but this is not an absolute. Spying is done by entities most capable with respect to the information being collected. In cyberspace, digital agents are far more effective as spies than humans.
Guide 4 beginning hacker
Hacker Being by Valerio "Elf Qrin" Capello
A hacker is a person that loves to study all things in depth (definition 1), especially the more apparently meaningless details, to discover hidden peculiarities, new features and weakness in them. For example, it is possible to hack a book, by using it to equalize the legs of a table, or to use the sharp edge of one of its pages to cut something.
Hacker's Dictionary
For those of you who always wanted to know what those terms used by hackers but never knew where to get them. Well, now you do! This thing has a shitload of info.
Hackers acronym chart
Hackers' Tricks to Avoid Detection by Chris Prosise and Saumil Udayan Shah
Hackers are not only clever in how they invade servers; they are also devious in how they disguise their attacks. Malicious attackers use a variety of evasive techniques, which we will examine in this column so that we, as administrators, can be better prepared to detect and respond to them.
Hackers, by Steven Levy 1984, a Project Gutenberg
Hacking Guide for Novices from Mentor/LOD (1989)
Hacking/Phreaking Reform by AyAn4m1
Why hackers are being attacked and what we need to do to fix the problem.
Hiding Crimes in Cyberspace by Dorothy E. Denning and William E. Baugh, Jr.
We address here the use of encryption and other information technologies to hide criminal activities. We first examine encryption and the options available to law enforcement for dealing with it. Next we discuss a variety of other tools for concealing information: passwords, digital compression, steganography, remote storage, and audit disabling. Finally we discuss tools for hiding crimes through anonymity: anonymous remailers, anonymous digital cash, computer penetration and looping, cellular phone cloning, and cellular phone cards.
Honeypot FAQ
They are a resource that has no production value, it has no authorized activity. Whenever there is any interaction with a honeypot, this is most likely malicious activity.
How Do I Hack? by j0662
It's a common enough question, asked on nearly every board across the web, and yet, no one seems to be able to answer it. Here is my atempt.
LOD/H's Novice's Guide to Hacking
Local Attack by draggie
This is a method for getting the local administrator password on a Windows NT/2k/or XP machine.
Malicious Data and Computer Security by W. Olin Sibert
Traditionally, computer security has focused on containing the effects of malicious users or malicious programs. However, as programs become more complex, an additional threat arises: malicious data. This threat arises because apparently benign programs can be made malicious, or subverted, by introduction of an attacker's data--data that is interpreted as instructions by the program to perform activities that the computer's operator would find undesirable.
Massive guide (complete I might also add) to hacki
Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network by Anonymous
A decade ago, most servers were maintained by personnel with at least basic knowledge of network security. That fact didn't prevent break-ins, of course, but they occurred rarely in proportion to the number of potential targets. Today, the Internet's population is dominated by those without strong security knowledge, many of whom establish direct links to the backbone. The number of viable targets is staggering.
Nemesis: Tactical Guide to Web Server Infiltration by protonigger
If you picked a good target you should see plenty of exploits to choose from, and since this is an IIS server that you are exploiting, then you should be able to exploit most of the vulnerabilities with yourinternet browser (the simplicity of it all will astonish you).
Network Scanning Techniques: Understanding How It Is Done by Ofir Arkin
If the intelligence gathered shows a poorly defended computer system, an attack will be launched, and unauthorized access will be gained. However, if the target is highly protected, the hacker will think twice before attempting to break in. It will be dependent upon the tools and systems that protect the target.
Packet Attacks v2 by Dreifachx and Data_Clast
A true hacker is one who strives to attain the answers for themselves through curiosity. Its the path we take to those answers that makes us hackers, not destruction of other peoples work.
Password Cracking by Kitten
Cracking programs essentially mimic the steps taken by login verification programs. A login sequence is as follows. When a user enters a password at the prompt, the first step is to look up the salt value. So the program searches through the password file until it finds the user's login name, and converts the two characters representing the salt back into a 12-bit binary value.
Physical Penetrations: The Art of Advanced Social Engineering by Scott Higgins
The subject of physical security may come up after all the current day buzzwords for security have been thrown out. In actuality, physical security may not come up at all. When we think of physical security we visualize cipher locks, electric fences, huge vault doors, guards, and the like. These devices are intended to keep the unauthorized individuals out and keep the honest people honest, as the saying goes.
System Cracking 2k by protonigger
A comprehensive guide to the latest methods of network infiltration.
The Art of Port Scanning by Fyodor
This paper details many of the techniques used to determine what ports (or similar protocol abstraction) of a host are listening for connections. These ports represent potential communication channels. Mapping their existence facilitates the exchange of information with the host, and thus it is quite useful for anyone wishing to explore their networked environment, including hackers.
The Hacker's Ethics by Dissident
I went up to a college this summer to look around, see if it was where I wanted to go and whatnot. The guide asked me about my interests, and when I said computers, he started asking me about what systems I had, etc. And when all that was done, the first thing he asked me was "Are you a hacker?" Well, that question has been bugging me ever since. Just what exactly is a hacker? A REAL hacker?
The Hackers Handbook
The IIRG Hackers' Acronym Chart by The IIRG
In no way do we feel this chart is totally complete, but we feel its a good start for the novice or lazy hacker to quickly look up acronyms.
The Information Warfare Mania
The most obvious (and widely circulated) spin on the IW morass is to focus on the offensive and defensive manipulation of information systems and networks -- i.e., "hacking"
The Newbies Guide to Hacking and Phreaking by Terminal Killah
Hacking is not going into a system and destroying files and just fucking up some guys computer up. Hacking is going into AOL chat rooms and TOS'ing some kids ass. Hacking is not going into the IRC advertising and showing off what script or bot yer using. Hacking is not emailbombing, using programs, winnuking someone, using ICMP attacks on someone, or saying that you are a hacker.
The Social Organization of the Computer Underground by Gordon R. Meyer
This paper examines the social organization of the "computer underground" (CU). The CU is composed of actors in three roles, "computer hackers," "phone phreaks," and "software pirates." These roles have frequently been ignored or confused in media and other accounts of CU activity. By utilizing a data set culled from CU channels of communication this paper provides an ethnographic account of computer underground organization. It is concluded that despite the widespread social network of the computer underground, it is organized primarily on the level of colleagues, with only small groups approaching peer relationships.
The alt.2600 FAQ file on hacking, including loops,
Tracing E-mail
Sometimes people might send you information or hatemail from a fake address. This can be done quite easily simply by changing the "Sender" and "Return-to" fields to something different. You can do this, since these fields, i.e. your identity, are normally not checked by the mailserver when you send mail, but only when you receive mail.
Wardialing Brief by Kingpin
Wardialing consists of using a computer to dial a given set of telephone numbers with a modem. Each phone number that answers with modem handshake tones and is successfully connected to is stored in a log. By searching a range of phone numbers for computers, one can find entry points into unprotected systems and backdoors into seemingly secure systems.
Why Do We Hack? by Hex_Edit
Why do we hack? Is it to alter webpages and leave some type of cybergang inner-city graffiti? Is it to laugh in the face of over paid, under qualified sysadmins? Well for myself, and everyone I associate with, the answer to both of those would be no. So then, why do we do it?
lkm: Kernel Hacking Made Easy by Nicolas Dubee
Memory is divided into roughly two parts: kernel space and user space. Kernel space is where the kernel code lives, and user space is where the user programs live. Of course, a given user program can't write to kernel memory or to another program's memory area. Unfortunately, this is also the case for kernel code.
This page Copyright © 1997-2008 totse.com.
totse.com certificate signatures
Hacking tutorial
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Hacking Tutorial
What is hacking?
----------------
According to popular belief the term hacker and hacking was founded at mit
it comes from the root of a hack writer,someone who keeps "hacking" at
the typewriter until he finishes the story.a computer hacker would be
hacking at the keyboard or password works.
What you need:
--------------
To hack you need a computer equipped with a modem (a device that lets you
transmit data over phone lines) which should cost you from $100 to $1200.
How do you hack?
----------------
Hacking recuires two things:
1. The phone number
2. Answer to identity elements
How do you find the phone #?
----------------------------
There are three basic ways to find a computers phone number.
1. Scanning,
2. Directory
3. Inside info.
What is scanning?
-----------------
Scanning is the process of having a computer search for a carrier tone.
For example,the computer would start at (800) 111-1111 and wait for carrier
if there is none it will go on to 111-1112 etc.if there is a carrier it
will record it for future use and continue looking for more.
What is directory assictance?
-----------------------------
This way can only be used if you know where your target computer is. For this
example say it is in menlo park, CA and the company name is sri.
1. Dial 411 (or 415-555-1212)
2. Say "Menlo park"
3. Say "Sri"
4. Write down number
5. Ask if there are any more numbers
6. If so write them down.
7. Hang up on operator
8. Dial all numbers you were given
9. Listen fir carrier tone
10. If you hear carrier tone write down number, call it on your modem and your
set to hack!
_____________________________________________________________________________
The Basics of Hacking II
Basics to know before doing anything, essential to your continuing
career as one of the elite in the country... This article, "the
introduction to the world of hacking" is meant to help you by telling you
how not to get caught, what not to do on a computer system, what type of
equipment should I know about now, and just a little on the history, past
present future, of the hacker.
Welcome to the world of hacking! We, the people who live outside of the
normal rules, and have been scorned and even arrested by those from the
'civilized world', are becomming scarcer every day. This is due to the
greater fear of what a good hacker (skill wise, no moral judgements
here)|can do nowadays, thus causing anti- hacker sentiment in the masses.
Also, few hackers seem to actually know about the computer systems they
hack, or what equipment they will run into on the front end, or what they
could do wrong on a system to alert the 'higher' authorities who monitor
the system. This article is intended to tell you about some things not to
do, even before you get on the system. I will tell you about the new wave
of front end security devices that are beginning to be used on computers.
I will attempt to instill in you a second identity, to be brought up at
time of great need, to pull you out of trouble. And, by the way, I take no, repeat,
no, responcibility for what we say in this and the forthcoming articles.
Enough of the bullshit, on to the fun: after logging on your favorite bbs,
you see on the high access board a phone number! It says it's a great
system to "fuck around with!" This may be true, but how many other people
are going to call the same number? So: try to avoid calling a number
given to the public. This is because there are at least every other
user calling, and how many other boards will that number spread to?
If you call a number far, far away, and you plan on going thru an
extender or a re-seller, don't keep calling the same access number
(I.E. As you would if you had a hacker running), this looks very suspicious
and can make life miserable when the phone bill comes in the mail.
Most cities have a variety of access numbers and services,
so use as many as you can. Never trust a change in the system...
The 414's, the assholes, were caught for this reason: when one of them
connected to the system, there was nothing good there. The next time,
there was a trek game stuck right in their way! They proceded to play said
game for two, say two and a half hours, while telenet was tracing them!
Nice job, don't you think? If anything looks suspicious, drop the line
immediately!! As in, yesterday!! The point we're trying to get accross is:
if you use a little common sence, you won't get busted. Let the little
kids who aren't smart enough to recognize a trap get busted, it will take
the heat off of the real hackers. Now, let's say you get on a computer
system... It looks great, checks out, everything seems fine.
Ok, now is when it gets more dangerous. You have to know the computer
system to know what not to do.
Basically, keep away from any command something, copy a new file into the
account, or whatever! Always leave the account in the same status you
logged in with. Change *nothing*... If it isn't an account with priv's,
then don't try any commands that require them! All, yes all, systems are
going to be keeping log files of what users are doing, and that will
show up. It is just like dropping a trouble-card in an ESS system,
after sending that nice operator a pretty tone.
Spend no excessive amounts of time on the account in one stretch.
Keep your calling to the very late night ifpossible, or during
business hours (believe it or not!). It so happens
that there are more users on during business hours, and it is very
difficult to read a log file with 60 users doing many commnds every minute.
Try to avoid systems where everyone knows each other, don't try to bluff.
And above all: never act like you own the system, or are the best there
is. They always grab the people who's heads swell... There is some very
interesting front end equipment around nowadays, but first let's
define terms... By front end, we mean any device that you must
pass thru to get at the real computer. There are devices that are made to
defeat hacker programs, and just plain old multiplexers.
To defeat hacker programs, there are now devices that pick up the phone
and just sit there... This means that your device gets no carrier,
thus you think there isn't a computer on the other end. The
only way around it is to detect when it was picked up. If it pickes up
after the same number ring, then you know it is a hacker-defeater.
These devices take a multi-digit code to let you into the system.
Some are, in fact, quite sophisticated to the point where it
will also limit the user name's down, so only one name or set of names
can be valid logins after they input the code... Other devices input a
number code, and then they dial back a pre-programmed number for that code.
These systems are best to leave alone,
because they know someone is playing with their phone. You may think "but
i'll just reprogram the dial-back." Think again, how stupid that is...
Then they have your number, or a test loop if you were just a little
smarter. If it's your number, they have your balls (if male...),
If its a loop, then you are screwed again, since those loops
are *monitored*. As for multiplexers... What a plexer is supposed
to do is this:
The system can accept multiple users. We have to time share, so we'll let
the front-end processor do it... Well, this is what a multiplexer does.
Usually they will ask for something like "enter class" or "line:". Usually
it is programmed for a double digit number, or a four to five letter word.
There are usually a few sets of numbers it accepts, but those numbers also
set your 300/1200/2400 baud data type.
These multiplexers are inconvenient at best, so not to worry. A little
about the history of hacking: hacking, by my definition, means a great
knowledge of some special area. Doctors and lawyers
are hackers of a sort, by this definition. But most often, it is
being used in the computer context, and thus we have a definition of
"anyone who has a great amount of computer or telecommunications
knowledge." You are not a hacker because you have a list of codes...
Hacking, by my definition, has then been around only about 15 years.
It started, where else but, mit and colleges where they had computer
science or electrical engineering departments.
Hackers have created some of the best computer languages, the
most awesome operating systems, and even gone on to make millions.
Hacking used to have a good name, when we could honestly say
"we know what we are doing". Now it means (in the public eye):
the 414's, ron austin, the nasa hackers, the arpanet hackers...
All the people who have been caught,
have done damage, and are now going to have to face fines and sentences.
Thus we come past the moralistic crap, and to our purpose: educate the
hacker community, return to the days when people actually knew something...
_______________________________________________________________________________
Hacking TRW
When you call TRW, the dial up will identify itself with the message "TRW".
It will then wait for you to type the appropiate answer back (such as CTRL-G)
Once This has been done, the system will say "CIRCUIT BUILDING IN PROGRESS"
Along with a few numbers. After this, it clears the screen
(CTRL L) followed by a CTRL-Q. After the system sends the CTRL-Q, It is
ready for the request. You first type the 4 character identifyer for the
geographical area of the account..
(For Example) TCA1 - for certain Calif. & Vicinity subscribers.
TCA2 - A second CALF. TRW System.
TNJ1 - Their NJ Database.
TGA1 - Their Georgia Database.
The user then types A and then on the next line, he must type
his 3 char. Option. Most Requests use the RTS option.
OPX, RTX, and a few others exist. (NOTE) TRW will accept an A, C,
or S as the 'X' in the options above.) Then finally, the user types his 7
digit subscriber code. He appends his 3-4 character password after it. It
seems that if you manage to get hold of a TRW Printout (Trashing at Sears,
Saks, ETC. or from getting your credit printout from them) Their subscriber
code will be on it leaving only a 3-4 character p/w up to you.
For Example,
(Call the DialUp)
TRW System Types, ST) CTRL-G
(You type,YT) Circuit building in progress 1234
(ST) CTRL-L CRTL-Q (TCA1 CYT) BTS 3000000AAA
(YT]
Note: This sytem is in Half Duplex, Even Parity, 7 Bits per word and
2 Stop Bits.
CAUTION: It is a very stressed rumor that after typing in the TRW
password Three (3) times.. It sets an Automatic Number Identification on your
ass, so be careful. And forget who told you how to do this..
_____________________________________________________________________________
More TRW Info
Trw is a large database in which company's and banks can run credit
checks on their customers. Example: John Jones orders 500$ worth of stereo
equipment from the Joe Blow Electronic distributtng Co. Well it could be that
he gave the company a phony credit card number, or doesn't have enough credit,
etc. Well they call up Trw and then run a check on him, trw then lists his
card numbers (everything from sears to visa) and tells the numbers, credit,
when he lost it last (if he ever did) and then of course tells if he has had
any prior problems paying his bills.
I would also like to add that although Trw contains information on
millions of people, not every part of the country is served, although the major
area are.. So if you hate someone and live in a small state, you probably
wont be able to order him 300 pink toilet seats from K-mart.
Logging on
==========
To log on, you dial-up your local access number (or long-distance, what
ever turns you on) and wait for it to say "trw" at this promt, you type
either an "A" or a "Ctrl-G" and it will say "circuit building in progress"
it will wait for a minute and then clear the screen, now you will type
one of the following.
Tca1
Tca2
Tnj1
Tga1
This is to tell it what geographical area the customer is in, it really
doesnt matter which you use, because trw will automatically switch when
it finds the record..
Next, you will type in the pswd and info on the person you are trying to
get credit info on: you type it in a format like this:
Rts Pswd Lname Fname ...,House number First letter of street name Zip
now you type ctrl s and 2 ctrl q's here is what it looks like in real life:
Ae: Dialing xxx-xxx-xxxx
(screen clear)
Trw ^G
circuit building in progress
(pause . . . screen clear)
Tca1
Rtc 3966785-cm5 Johnson David ...,4567
R 56785
^s ^q ^q
and then it will wait for a few seconds and print out the file on him
(if it can locate one for the guy)
note: you may have to push return when you first connect to get the systems
attention.
Getting Your Passwords
======================
To obtain pswds, you go down to your favorite bank or sears store and
dig through the trash (hence the name trashing) looking for printouts, if
they are a big enough place, and live in a trw area, then they will probably
have some. The printouts will have the 7 digit subscriber code, leaving the
3-4 digit pswd up to you. Much like trashing down at good old ma bell.
____________________________________________________________________________
Hacking Vax's & Unix
Unix is a trademark of At&t (and you know what that means)
_______________________________________
In this article, we discuss the unix system that runs on
the various vax systems. If you are on another unix-type system, some
commands may differ, but since it is licenced to bell, they can't make many
changes.
_______________________________________
Hacking onto a unix system is very difficult, and in this case, we advise
having an inside source, if possible. The reason it is difficult to hack a
vax is this: Many vax, after you get a carrier from them, respond=>
Login:
They give you no chance to see what the login name format is. Most commonly
used are single words, under 8 digits, usually the person's name. There is
a way around this: Most vax have an acct. called 'suggest' for people to
use to make a suggestion to the system root terminal. This is usually watched
by the system operator, but at late he is probably at home sleeping or
screwing someone's brains out. So we can write a program to send at the
vax this type of a message:
A screen freeze (Cntrl-s), screen clear (system dependant), about 255
garbage characters, and then a command to create a login acct., after which
you clear the screen again, then unfreeze the terminal. What this does:
When the terminal is frozen, it keeps a buffer of what is sent. well, the
buffer is about 127 characters long. so you overflow it with trash, and then
you send a command line to create an acct. (System dependant). after this
you clear the buffer and screen again, then unfreeze the terminal. This is
a bad way to do it, and it is much nicer if you just send a command to
the terminal to shut the system down, or whatever you are after...
There is always, *Always* an acct. called root, the most powerful acct.
to be on, since it has all of the system files on it. If you hack your
way onto this one, then everything is easy from here on...
On the unix system, the abort key is the Cntrl-d key. watch how many times
you hit this, since it is also a way to log off the system!
A little about unix architechture: The root directory, called root, is
where the system resides. After this come a few 'sub' root directories,
usually to group things (stats here, priv stuff here, the user log here...).
Under this comes the superuser (the operator of the system), and then
finally the normal users. In the unix 'Shell' everything is treated the same.
By this we mean: You can access a program the same way you access a user
directory, and so on. The way the unix system was written, everything,
users included, are just programs belonging to the root directory. Those
of you who hacked onto the root, smile, since you can screw everything...
the main level (exec level) prompt on the unix system is the $, and if you
are on the root, you have a # (superuser prompt).
Ok, a few basics for the system... To see where you are, and what paths
are active in regards to your user account, then type
=> pwd
This shows your acct. seperated by a slash with another pathname (acct.),
possibly many times. To connect through to another path,
or many paths, you would type:
You=> path1/path2/path3
and then you are connected all the way from path1 to path3. You can
run the programs on all the paths you are connected to. If it does
not allow you to connect to a path, then you have insufficient privs, or
the path is closed and archived onto tape. You can run programs this way
also:
you=> path1/path2/path3/program-name
Unix treats everything as a program, and thus there a few commands to
learn...
To see what you have access to in the end path, type=>
ls
for list. this show the programs you can run. You can connect to
the root directory and run it's programs with=>
/root
By the way, most unix systems have their log file on the root, so you
can set up a watch on the file, waiting for people to log in and snatch their
password as it passes thru the file. To connect to a directory, use the
command:
=> cd pathname This allows you to do what you want
with that directory. You may be asked for a password, but this is a good
ay of finding other user names to hack onto.
The wildcard character in unix, if you want to search down a path for
a game or such, is the *.
=> ls /*
Should show you what you can access. The file types are the same as they
are on a dec, so refer to that section when examining file. To see what is
in a file, use the
=> pr
filename command, for print file.
We advise playing with pathnames to get the hang of the concept. There
is on-line help available on most systems with a 'help' or a '?'.
We advise you look thru the help files and pay attention to anything
they give you on pathnames, or the commands for the system.
You can, as a user, create or destroy directories on the tree beneath you.
This means that root can kill everything but root, and you can kill any
that are below you. These are the
=> mkdir pathname
=> rmdir pathname
commands.
Once again, you are not alone on the system... type=>
who
to see what other users are logged in to the system at the time. If you
want to talk to them=>
write username
Will allow you to chat at the same time, without having to worry
about the parser. To send mail to a user, say
=> mail
And enter the mail sub-system. To send a message to all the users
on the system, say
=> wall
Which stands for 'write all'. By the way, on a few systems,
all you have to do is hit the key to end the message,
but on others you must hit the cntrl-d key.
To send a single message to a user, say
=> write username
this is very handy again! If you send the sequence of characters discussed
at the very beginning of this article, you can have the super-user terminal do
tricks for you again.
Privs:
If you want superuser privs, you can either log in as root, or edit your
acct. so it can say
=> su
this now gives you the # prompt, and allows you to completely by-pass the
protection. The wonderful security conscious developers at bell made it
very difficult to do much without privs, but once you have them, there
is absolutely nothing stopping you from doing anything you want to.
To bring down a unix system:
=> chdir /bin
=> rm *
this wipes out the pathname bin, where all the system maintenance files are.
Or try:
=> r -r
This recursively removes everything from the system except the remove
command itself.
Or try:
=> kill -1,1
=> sync
This wipes out the system devices from operation.
When you are finally sick and tired from hacking on the vax systems, just
hit your cntrl-d and repeat key, and you will eventually be logged out.
_______________________________________
The reason this file seems to be very sketchy is the fact that bell has 7
licenced versions of unix out in the public domain, and these commands are
those common to all of them. I recommend you hack onto the root or
bin directory, since they have the highest levels of privs, and there
is really not much you can do (except develop software) without them.
_________________________/\ This file downloaded from Trauma Hounds...
\ /\______________________________________________
Call these anarchy boards! \/
The People Farm ..................... 916-673-8412 ... 12- 2400 ... 24h/7d
Restaurant At End Of The Universe ... 718-428-6776 ... 12- 2400 ... 24h/7d
Ripco ............................... 312-528-5020 ... 12- 2400 ... 24h/7d
Shadows of IGA ...................... 707-527-7711 ... 24-19200 ... 24h/7d
Temple of the Screaming Electron .... 415-935-5845 ... 12- 2400 ... 24h/7d
Tommy's Holiday Camp ................ 604-361-1464 ... 12-19200 ... 24h/7d
Trauma Hounds ....................... 604-589-1570 ... 12-19200 ... 24h/7d
Hacking Tutorial
What is hacking?
----------------
According to popular belief the term hacker and hacking was founded at mit
it comes from the root of a hack writer,someone who keeps "hacking" at
the typewriter until he finishes the story.a computer hacker would be
hacking at the keyboard or password works.
What you need:
--------------
To hack you need a computer equipped with a modem (a device that lets you
transmit data over phone lines) which should cost you from $100 to $1200.
How do you hack?
----------------
Hacking recuires two things:
1. The phone number
2. Answer to identity elements
How do you find the phone #?
----------------------------
There are three basic ways to find a computers phone number.
1. Scanning,
2. Directory
3. Inside info.
What is scanning?
-----------------
Scanning is the process of having a computer search for a carrier tone.
For example,the computer would start at (800) 111-1111 and wait for carrier
if there is none it will go on to 111-1112 etc.if there is a carrier it
will record it for future use and continue looking for more.
What is directory assictance?
-----------------------------
This way can only be used if you know where your target computer is. For this
example say it is in menlo park, CA and the company name is sri.
1. Dial 411 (or 415-555-1212)
2. Say "Menlo park"
3. Say "Sri"
4. Write down number
5. Ask if there are any more numbers
6. If so write them down.
7. Hang up on operator
8. Dial all numbers you were given
9. Listen fir carrier tone
10. If you hear carrier tone write down number, call it on your modem and your
set to hack!
_____________________________________________________________________________
The Basics of Hacking II
Basics to know before doing anything, essential to your continuing
career as one of the elite in the country... This article, "the
introduction to the world of hacking" is meant to help you by telling you
how not to get caught, what not to do on a computer system, what type of
equipment should I know about now, and just a little on the history, past
present future, of the hacker.
Welcome to the world of hacking! We, the people who live outside of the
normal rules, and have been scorned and even arrested by those from the
'civilized world', are becomming scarcer every day. This is due to the
greater fear of what a good hacker (skill wise, no moral judgements
here)|can do nowadays, thus causing anti- hacker sentiment in the masses.
Also, few hackers seem to actually know about the computer systems they
hack, or what equipment they will run into on the front end, or what they
could do wrong on a system to alert the 'higher' authorities who monitor
the system. This article is intended to tell you about some things not to
do, even before you get on the system. I will tell you about the new wave
of front end security devices that are beginning to be used on computers.
I will attempt to instill in you a second identity, to be brought up at
time of great need, to pull you out of trouble. And, by the way, I take no, repeat,
no, responcibility for what we say in this and the forthcoming articles.
Enough of the bullshit, on to the fun: after logging on your favorite bbs,
you see on the high access board a phone number! It says it's a great
system to "fuck around with!" This may be true, but how many other people
are going to call the same number? So: try to avoid calling a number
given to the public. This is because there are at least every other
user calling, and how many other boards will that number spread to?
If you call a number far, far away, and you plan on going thru an
extender or a re-seller, don't keep calling the same access number
(I.E. As you would if you had a hacker running), this looks very suspicious
and can make life miserable when the phone bill comes in the mail.
Most cities have a variety of access numbers and services,
so use as many as you can. Never trust a change in the system...
The 414's, the assholes, were caught for this reason: when one of them
connected to the system, there was nothing good there. The next time,
there was a trek game stuck right in their way! They proceded to play said
game for two, say two and a half hours, while telenet was tracing them!
Nice job, don't you think? If anything looks suspicious, drop the line
immediately!! As in, yesterday!! The point we're trying to get accross is:
if you use a little common sence, you won't get busted. Let the little
kids who aren't smart enough to recognize a trap get busted, it will take
the heat off of the real hackers. Now, let's say you get on a computer
system... It looks great, checks out, everything seems fine.
Ok, now is when it gets more dangerous. You have to know the computer
system to know what not to do.
Basically, keep away from any command something, copy a new file into the
account, or whatever! Always leave the account in the same status you
logged in with. Change *nothing*... If it isn't an account with priv's,
then don't try any commands that require them! All, yes all, systems are
going to be keeping log files of what users are doing, and that will
show up. It is just like dropping a trouble-card in an ESS system,
after sending that nice operator a pretty tone.
Spend no excessive amounts of time on the account in one stretch.
Keep your calling to the very late night ifpossible, or during
business hours (believe it or not!). It so happens
that there are more users on during business hours, and it is very
difficult to read a log file with 60 users doing many commnds every minute.
Try to avoid systems where everyone knows each other, don't try to bluff.
And above all: never act like you own the system, or are the best there
is. They always grab the people who's heads swell... There is some very
interesting front end equipment around nowadays, but first let's
define terms... By front end, we mean any device that you must
pass thru to get at the real computer. There are devices that are made to
defeat hacker programs, and just plain old multiplexers.
To defeat hacker programs, there are now devices that pick up the phone
and just sit there... This means that your device gets no carrier,
thus you think there isn't a computer on the other end. The
only way around it is to detect when it was picked up. If it pickes up
after the same number ring, then you know it is a hacker-defeater.
These devices take a multi-digit code to let you into the system.
Some are, in fact, quite sophisticated to the point where it
will also limit the user name's down, so only one name or set of names
can be valid logins after they input the code... Other devices input a
number code, and then they dial back a pre-programmed number for that code.
These systems are best to leave alone,
because they know someone is playing with their phone. You may think "but
i'll just reprogram the dial-back." Think again, how stupid that is...
Then they have your number, or a test loop if you were just a little
smarter. If it's your number, they have your balls (if male...),
If its a loop, then you are screwed again, since those loops
are *monitored*. As for multiplexers... What a plexer is supposed
to do is this:
The system can accept multiple users. We have to time share, so we'll let
the front-end processor do it... Well, this is what a multiplexer does.
Usually they will ask for something like "enter class" or "line:". Usually
it is programmed for a double digit number, or a four to five letter word.
There are usually a few sets of numbers it accepts, but those numbers also
set your 300/1200/2400 baud data type.
These multiplexers are inconvenient at best, so not to worry. A little
about the history of hacking: hacking, by my definition, means a great
knowledge of some special area. Doctors and lawyers
are hackers of a sort, by this definition. But most often, it is
being used in the computer context, and thus we have a definition of
"anyone who has a great amount of computer or telecommunications
knowledge." You are not a hacker because you have a list of codes...
Hacking, by my definition, has then been around only about 15 years.
It started, where else but, mit and colleges where they had computer
science or electrical engineering departments.
Hackers have created some of the best computer languages, the
most awesome operating systems, and even gone on to make millions.
Hacking used to have a good name, when we could honestly say
"we know what we are doing". Now it means (in the public eye):
the 414's, ron austin, the nasa hackers, the arpanet hackers...
All the people who have been caught,
have done damage, and are now going to have to face fines and sentences.
Thus we come past the moralistic crap, and to our purpose: educate the
hacker community, return to the days when people actually knew something...
_______________________________________________________________________________
Hacking TRW
When you call TRW, the dial up will identify itself with the message "TRW".
It will then wait for you to type the appropiate answer back (such as CTRL-G)
Once This has been done, the system will say "CIRCUIT BUILDING IN PROGRESS"
Along with a few numbers. After this, it clears the screen
(CTRL L) followed by a CTRL-Q. After the system sends the CTRL-Q, It is
ready for the request. You first type the 4 character identifyer for the
geographical area of the account..
(For Example) TCA1 - for certain Calif. & Vicinity subscribers.
TCA2 - A second CALF. TRW System.
TNJ1 - Their NJ Database.
TGA1 - Their Georgia Database.
The user then types A
his 3 char. Option. Most Requests use the RTS option.
OPX, RTX, and a few others exist. (NOTE) TRW will accept an A, C,
or S as the 'X' in the options above.) Then finally, the user types his 7
digit subscriber code. He appends his 3-4 character password after it. It
seems that if you manage to get hold of a TRW Printout (Trashing at Sears,
Saks, ETC. or from getting your credit printout from them) Their subscriber
code will be on it leaving only a 3-4 character p/w up to you.
For Example,
(Call the DialUp)
TRW System Types, ST) CTRL-G
(You type,YT) Circuit building in progress 1234
(ST) CTRL-L CRTL-Q (TCA1 CYT) BTS 3000000AAA
Note: This sytem is in Half Duplex, Even Parity, 7 Bits per word and
2 Stop Bits.
CAUTION: It is a very stressed rumor that after typing in the TRW
password Three (3) times.. It sets an Automatic Number Identification on your
ass, so be careful. And forget who told you how to do this..
_____________________________________________________________________________
More TRW Info
Trw is a large database in which company's and banks can run credit
checks on their customers. Example: John Jones orders 500$ worth of stereo
equipment from the Joe Blow Electronic distributtng Co. Well it could be that
he gave the company a phony credit card number, or doesn't have enough credit,
etc. Well they call up Trw and then run a check on him, trw then lists his
card numbers (everything from sears to visa) and tells the numbers, credit,
when he lost it last (if he ever did) and then of course tells if he has had
any prior problems paying his bills.
I would also like to add that although Trw contains information on
millions of people, not every part of the country is served, although the major
area are.. So if you hate someone and live in a small state, you probably
wont be able to order him 300 pink toilet seats from K-mart.
Logging on
==========
To log on, you dial-up your local access number (or long-distance, what
ever turns you on) and wait for it to say "trw" at this promt, you type
either an "A" or a "Ctrl-G" and it will say "circuit building in progress"
it will wait for a minute and then clear the screen, now you will type
one of the following.
Tca1
Tca2
Tnj1
Tga1
This is to tell it what geographical area the customer is in, it really
doesnt matter which you use, because trw will automatically switch when
it finds the record..
Next, you will type in the pswd and info on the person you are trying to
get credit info on: you type it in a format like this:
Rts Pswd Lname Fname ...,House number First letter of street name Zip
now you type ctrl s and 2 ctrl q's here is what it looks like in real life:
Ae: Dialing xxx-xxx-xxxx
(screen clear)
Trw ^G
circuit building in progress
(pause . . . screen clear)
Tca1
Rtc 3966785-cm5 Johnson David ...,4567
R 56785
^s ^q ^q
and then it will wait for a few seconds and print out the file on him
(if it can locate one for the guy)
note: you may have to push return when you first connect to get the systems
attention.
Getting Your Passwords
======================
To obtain pswds, you go down to your favorite bank or sears store and
dig through the trash (hence the name trashing) looking for printouts, if
they are a big enough place, and live in a trw area, then they will probably
have some. The printouts will have the 7 digit subscriber code, leaving the
3-4 digit pswd up to you. Much like trashing down at good old ma bell.
____________________________________________________________________________
Hacking Vax's & Unix
Unix is a trademark of At&t (and you know what that means)
_______________________________________
In this article, we discuss the unix system that runs on
the various vax systems. If you are on another unix-type system, some
commands may differ, but since it is licenced to bell, they can't make many
changes.
_______________________________________
Hacking onto a unix system is very difficult, and in this case, we advise
having an inside source, if possible. The reason it is difficult to hack a
vax is this: Many vax, after you get a carrier from them, respond=>
Login:
They give you no chance to see what the login name format is. Most commonly
used are single words, under 8 digits, usually the person's name. There is
a way around this: Most vax have an acct. called 'suggest' for people to
use to make a suggestion to the system root terminal. This is usually watched
by the system operator, but at late he is probably at home sleeping or
screwing someone's brains out. So we can write a program to send at the
vax this type of a message:
A screen freeze (Cntrl-s), screen clear (system dependant), about 255
garbage characters, and then a command to create a login acct., after which
you clear the screen again, then unfreeze the terminal. What this does:
When the terminal is frozen, it keeps a buffer of what is sent. well, the
buffer is about 127 characters long. so you overflow it with trash, and then
you send a command line to create an acct. (System dependant). after this
you clear the buffer and screen again, then unfreeze the terminal. This is
a bad way to do it, and it is much nicer if you just send a command to
the terminal to shut the system down, or whatever you are after...
There is always, *Always* an acct. called root, the most powerful acct.
to be on, since it has all of the system files on it. If you hack your
way onto this one, then everything is easy from here on...
On the unix system, the abort key is the Cntrl-d key. watch how many times
you hit this, since it is also a way to log off the system!
A little about unix architechture: The root directory, called root, is
where the system resides. After this come a few 'sub' root directories,
usually to group things (stats here, priv stuff here, the user log here...).
Under this comes the superuser (the operator of the system), and then
finally the normal users. In the unix 'Shell' everything is treated the same.
By this we mean: You can access a program the same way you access a user
directory, and so on. The way the unix system was written, everything,
users included, are just programs belonging to the root directory. Those
of you who hacked onto the root, smile, since you can screw everything...
the main level (exec level) prompt on the unix system is the $, and if you
are on the root, you have a # (superuser prompt).
Ok, a few basics for the system... To see where you are, and what paths
are active in regards to your user account, then type
=> pwd
This shows your acct. seperated by a slash with another pathname (acct.),
possibly many times. To connect through to another path,
or many paths, you would type:
You=> path1/path2/path3
and then you are connected all the way from path1 to path3. You can
run the programs on all the paths you are connected to. If it does
not allow you to connect to a path, then you have insufficient privs, or
the path is closed and archived onto tape. You can run programs this way
also:
you=> path1/path2/path3/program-name
Unix treats everything as a program, and thus there a few commands to
learn...
To see what you have access to in the end path, type=>
ls
for list. this show the programs you can run. You can connect to
the root directory and run it's programs with=>
/root
By the way, most unix systems have their log file on the root, so you
can set up a watch on the file, waiting for people to log in and snatch their
password as it passes thru the file. To connect to a directory, use the
command:
=> cd pathname This allows you to do what you want
with that directory. You may be asked for a password, but this is a good
ay of finding other user names to hack onto.
The wildcard character in unix, if you want to search down a path for
a game or such, is the *.
=> ls /*
Should show you what you can access. The file types are the same as they
are on a dec, so refer to that section when examining file. To see what is
in a file, use the
=> pr
filename command, for print file.
We advise playing with pathnames to get the hang of the concept. There
is on-line help available on most systems with a 'help' or a '?'.
We advise you look thru the help files and pay attention to anything
they give you on pathnames, or the commands for the system.
You can, as a user, create or destroy directories on the tree beneath you.
This means that root can kill everything but root, and you can kill any
that are below you. These are the
=> mkdir pathname
=> rmdir pathname
commands.
Once again, you are not alone on the system... type=>
who
to see what other users are logged in to the system at the time. If you
want to talk to them=>
write username
Will allow you to chat at the same time, without having to worry
about the parser. To send mail to a user, say
And enter the mail sub-system. To send a message to all the users
on the system, say
=> wall
Which stands for 'write all'. By the way, on a few systems,
all you have to do is hit the
but on others you must hit the cntrl-d key.
To send a single message to a user, say
=> write username
this is very handy again! If you send the sequence of characters discussed
at the very beginning of this article, you can have the super-user terminal do
tricks for you again.
Privs:
If you want superuser privs, you can either log in as root, or edit your
acct. so it can say
=> su
this now gives you the # prompt, and allows you to completely by-pass the
protection. The wonderful security conscious developers at bell made it
very difficult to do much without privs, but once you have them, there
is absolutely nothing stopping you from doing anything you want to.
To bring down a unix system:
=> chdir /bin
=> rm *
this wipes out the pathname bin, where all the system maintenance files are.
Or try:
=> r -r
This recursively removes everything from the system except the remove
command itself.
Or try:
=> kill -1,1
=> sync
This wipes out the system devices from operation.
When you are finally sick and tired from hacking on the vax systems, just
hit your cntrl-d and repeat key, and you will eventually be logged out.
_______________________________________
The reason this file seems to be very sketchy is the fact that bell has 7
licenced versions of unix out in the public domain, and these commands are
those common to all of them. I recommend you hack onto the root or
bin directory, since they have the highest levels of privs, and there
is really not much you can do (except develop software) without them.
_________________________/\ This file downloaded from Trauma Hounds...
\ /\______________________________________________
Call these anarchy boards! \/
The People Farm ..................... 916-673-8412 ... 12- 2400 ... 24h/7d
Restaurant At End Of The Universe ... 718-428-6776 ... 12- 2400 ... 24h/7d
Ripco ............................... 312-528-5020 ... 12- 2400 ... 24h/7d
Shadows of IGA ...................... 707-527-7711 ... 24-19200 ... 24h/7d
Temple of the Screaming Electron .... 415-935-5845 ... 12- 2400 ... 24h/7d
Tommy's Holiday Camp ................ 604-361-1464 ... 12-19200 ... 24h/7d
Trauma Hounds ....................... 604-589-1570 ... 12-19200 ... 24h/7d
Langganan:
Postingan (Atom)
Postingan
