_______________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 1 Number 1
Hacking tip of this column: how to finger a user via telnet.
_______________________________________________________
Hacking. The word conjures up evil computer geniuses plotting the downfall
of civilization while squirreling away billions in electronically stolen
funds in an Antigua bank.
But I define hacking as taking a playful, adventurous approach to computers.
Hackers don't go by the book. We fool around and try odd things, and when
we stumble across something entertaining we tell our friends about it.
Some of us may be crooks, but more often we are good guys, or at least
harmless.
Furthermore, hacking is surprisingly easy. I?ll give you a chance to
prove it to yourself, today!
But regardless of why you want to be a hacker, it is definitely a way
to have fun, impress your buddies, and get dates. If you are a female hacker
you become totally irresistible to all men. Take my word for it!;^D
This column can become your gateway into this world. In fact, after
reading just this first Guide to (mostly) Harmless Hacking, you will be
able to pull off a stunt that will impress the average guy or gal unlucky^H^H^H^H^H^H^H
fortunate enough to get collared by you at a party.
So what do you need to become a hacker? Before I tell you, however,
I am going to subject you to a rant.
Have you ever posted a message to a news group or email list devoted
to hacking? You said something like ?What do I need to become a hacker??
right? Betcha you won?t try *that* again!
It gives you an education in what ?flame? means, right?
Yes, some of these 3l1te types like to flame the newbies. They act like
they were born clutching a Unix manual in one hand and a TCP/IP specification
document in the other and anyone who knows less is scum.
*********************
Newbie note: 3l1t3, 31337, etc. all mean ?elite.? The idea is to take
either the word ?elite? or ?eleet? and substitute numbers for some or all
the letters. We also like zs. Hacker d00dz do this sor7 of th1ng l0tz.
********************
Now maybe you were making a sincere call for help. But there is a reason
many hackers are quick to flame strangers who ask for help.
What we worry about is the kind of guy who says, "I want to become a
hacker. But I *don't* want to learn programming and operating systems.
Gimme some passwords, d00dz! Yeah, and credit card numbers!!!"
Honest, I have seen this sort of post in hacker groups. Post something
like this and you are likely to wake up the next morning to discover your
email box filled with 3,000 messages from email discussion groups on agricultural
irrigation, proctology, collectors of Franklin Mint doo-dads, etc. Etc.,
etc., etc....arrrgghhhh!
The reason we worry about wannabe hackers is that it is possible to
break into other people?s computers and do serious damage even if you are
almost totally ignorant.
How can a clueless newbie trash other people?s computers? Easy. There
are public FTP and Web sites on the Internet that offer canned hacking
programs.
Thanks to these canned tools, many of the ?hackers? you read about getting
busted are in fact clueless newbies.
This column will teach you how to do real, yet legal and harmless hacking,
without resorting to these hacking tools. But I won?t teach you how to
harm other people?s computers. Or even how to break in where you don?t
belong.
******************************
You can go to jail tip: Even if you do no harm, if you break into a
portion of a computer that is not open to the public, you have committed
a crime. If you telnet across a state line to break in, you have committed
a federal felony.
*************************************
I will focus on hacking the Internet. The reason is that each computer
on the Internet has some sort of public connections with the rest of the
Net. What this means is that if you use the right commands, you can *legally*
access these computers.
That, of course, is what you already do when you visit a Web site. But
I will show you how to access and use Internet host computers in ways that
most people didn?t know were possible. Furthermore, these are *fun* hacks.
In fact, soon you will be learning hacks that shed light on how other
people (Not you, right? Promise?) may crack into the non-public parts of
hosts. And -- these are hacks that anyone can do.
But, there is one thing you really need to get. It will make hacking
infinitely easier:
A SHELL ACCOUNT!!!!
A ?shell account? is an Internet account in which your computer becomes
a terminal of one of your ISP?s host computers. Once you are in the
?shell? you can give commands to the Unix operating system just like you
were sitting there in front of one of your ISP?s hosts.
Warning: the tech support person at your ISP may tell you that you have
a ?shell account? when you really don?t. Many ISPs don?t really like shell
accounts, either. Guess why? If you don?t have a shell account, you can?t
hack!
But you can easily tell if it is a real shell account. First, you should
use a ?terminal emulation program? to log on. You will need a program that
allows you to imitate a VT 100 terminal. If you have Windows 3.1 or Windows
95, a VT 100 terminal program is included as one of your accessory program.
Any good ISP will allow you to try it out for a few days with a guest
account. Get one and then try out a few Unix commands to make sure it is
really a shell account.
You don?t know Unix? If you are serious about understanding hacking,
you?ll need some good reference books. No, I don't mean the kind with breathless
titles like ?Secrets of Super hacker.? I?ve bought too many of that
kind of book. They are full of hot air and thin on how-to. Serious hackers
study books on:
a) Unix. I like "The Unix Companion" by Harley Hahn.
b) Shells. I like "Learning the Bash Shell" by Cameron Newham
and Bill Rosenblatt. A ?shell? is the command interface between you and
the Unix operating system.
c) TCP/IP, which is the set of protocols that make the Internet
work. I like "TCP/IP for Dummies" by Marshall Wilensky and Candace Leiden.
OK, rant is over. Time to hack!
How would you like to start your hacking career with one of the simplest,
yet potentially hairy, hacks of the Internet? Here it comes: telnet to
a finger port.
Have you ever used the finger command before? Finger will sometimes
tell you a bunch of stuff about other people on the Internet. Normally
you would just enter the command:
finger [email protected]
But instead of Joe Schmoe, you put in the email address of someone you
would like to check out. For example, my email address is [email protected].
So to finger me, give the command:
finger [email protected]
Now this command may tell you something, or it may fail with a message
such as ?access denied.?
But there is a more elite way to finger people. You can give the command:
telnet llama.swcp.com 79
What this command has just done is let you get on a computer with an
Internet address of llama.swcp.com through its port 79 -- without giving
it a password.
But the program that llama and many other Internet hosts are running
will usually allow you to give only ONE command before automatically closing
the connection. Make that command:
cmeinel
This will tell you a hacker secret about why port 79 and its finger
programs are way more significant than you might think. Or, heck, maybe
something else if the friendly neighborhood hacker is still planting insulting
messages in my files.
Now, for an extra hacking bonus, try telnetting to some other ports.
For example:
telnet kitsune.swcp.com 13
That will give you the time and date here in New Mexico, and:
telnet slug.swcp.com 19
Will show you a good time!
OK, I'm signing off for this column. And I promise to tell you more
about what the big deal is over telnetting to finger -- but later. Happy
hacking!
*******************************************************
Want to share some kewl hacker stuph? Tell me I?m terrific? Flame me?
For the first two, I?m at [email protected]. Please direct flames
to dev/[email protected]. Happy hacking!
_______________________________________________________
Copyright 1996 Carolyn P. Meinel. You may forward the GUIDE TO (mostly)
HARMLESS HACKING Ezine as long as you leave this notice at the end. To
subscribe, email [email protected] with message "subscribe hacker <[email protected]>"
substituting your real email address for Joe Blow's.
________________________________________________________