Happy Hacker Digest April 8-9, 1997
This is a moderated list for discussions
of *legal* hacking.
Moderator: Carolyn Meinel
Digest archives are held under the "New" button at the Infowar site
Please don't send us anything you wouldn't
email to your friendly neighborhood narc, OK?
To subscribe or unsubscribe,
use the subscribe boxes on the menu bars, please.. If
you just want to use the forum and not get these mailings, we promise
our feelings won't get hurt if
you unsubscribe from this list.
H a p p y h a c k i n g !
URL 'O the Day: http://ntbugtraq.rc.on.ca/index.html
Where to find Windows NT exploits
Table of Contents
Awesome Web Site
How to Catch Email Bombers and Other Spammers
*** Awesome Web Site
From: firstname.lastname@example.org (Tim Gutteridge)
I just found a great WWW site. It's at
http://kryten.eng.monash.edu.au/gspam.html. It's a page on spammers
how to decipher headers to get them. It includes a whole bunch of tools
that you can use over the WWW, like traceroute, whois, and DIG. Time
dig out How to Map the Internet Again...
*** How to Catch Email Bombers and Other Spammers
Please post ANON, because this is probably asking to be spammed.
From: "Kevin Macey" <email@example.com>
> Firstly, I was Looking through a new
Zealand mag that my mom
>bought back from N.Z for me. And It told me of a great spam-stopper
>"Spam Hater", that tells you the person's name, and ISP name.. Found
I have tried this program "Spam Hater" and it works great. I don't
really know if it will trace everything but from my tests it works
great. It is definitely worth the download and it is also easy
It picks up on the "U* ***** 3.0" program that seems to be the most
popular spammer program.
Thank you for your time and please keep up the great work, it has helped
me learn a lot and continue on the "quest for knowledge" please
the hacking Windows 95 selection, it is my favorite.
*** IRC Stuph
please keep this anonymous
>Sounds like an mIRC trick. The mIRC client supports coloured text.
Or you could simply hold down the left mouse button and move the arrow
over the window. (marking text)
The color codes are stripped as long as you hold down the button :)
But I really liked that coding. (Mircoscript newbie as I am :-)
*** Social Engineering
From: "Stainless Steel Rat" <firstname.lastname@example.org>
I have some comments on social engineering.
It seems that a lot of misconceptions about social engineering. It sound
if people want to believe that social engineering can be learned like
programming language or by simply reading some kind of "Beginners Guide
Social Engineering". Well, this couldn't be further from the
truth. I work
in the business and have been on the receiving end of some seriously
social engineering attempts. Things like: "um, hi, um, this is
and, um, the big boss wants you to, um, change some permissions on
files, OK?" Sure thing sparky, I'll get right on it after I write
number off the caller ID box, now get off your daddy's computer and
alone! Social engineering and using a computer to get into a
completely different ball games which require totally different skills.
This is not to say that
social engineering is particularly hard. In fact, it's pretty
easy to get a
person to leak important information, provided the social engineer
enough. However, it is one of the very few aspects of hacking/phreaking
where direct human contact and good social skills are needed in order
successful. You have to give up a little bit of that anonymity
Hackers/Phreakers/Crackers cherish so much. On top of that, a
computer geeks I know have about as much social grace as a drunk monkey
offense intended I'm a computer geek myself) much less enough savior
to charm vital system security information out of somebody. So
programming, social engineering takes a certain amount of innate *social*
ability which can not be learned out of a book or off an IRC.
studying acting and psychology might help, but as far as picking it
of a text doc, you can forget it.
Carolyn: I agree heartily with this post. As a matter of fact, I make
of my living from social engineering. This Happy Hacker list is social
engineering, a technique to discover and publicize the knowledge floating
around the hacker world.
Guess what: the best social engineers never lie. We use our real names.
World-class social engineering is helping people to *want* to give
information. That's why when you join this email list I make my association
with the Infowar site clear (we're the guys who fight computer crime)
tell you where else to learn about me (http://cmeinel.com, or read
me in the book Great Mambo Chicken by Ed Regis, Addison Wesley, 1990.)
The international organization for us guys who make a living on social
engineering is the Society of Competitive Intelligence Professionals,
Diagonal Road, Suite 520, Alexandria VA 22314. But you can't be a member
you get caught telling lies or operating under a false name.
But trust me, it is easier to get information by being honest than through
deceit. That's because it is really, really hard to lie in a convincing
manner. Since lying is also a rotten thing to do, why not go around
yourself on the back for being ethical while also making lots of money
having fun doing social engineering the right way?
*** Domain Name Question
From: email@example.com (LiquidMetal)
Correct me if I'm wrong, but only American domains end with a .com
South African domains would end with a .co.za
Mmmmmmmmmm....Then how can "The Red Baron" claim to be a hacker from
South-Africa and have a @hotmail.com thingy...
(Unless he used a re-mailer....)
Carolyn: Hotmail is a Web-based email system. You surf into your account
from anywhere in the world.
Also, there is no law that says that a domain name must reflect the
of origin. For example, skyinet.net is an Asian ISP but uses the .net
domain. The US domain is .us, but how many US domains end with .us?
*** Observations on the Latest User-Friendly DOS Attack Program
hmmmm...still don't see it yet..but soon i will!!! and yes in a way
all that a*** a**** has on u******4.0 but i don't think it should come
program...if someone wants to ping someone off the net its fine with
me...but learn it and do the codes don't just type in the IP and hit
on some stupid program...actually to me its more fun to learn it and
type of stuff with codes anyway...makes you feel better in the end
*** Where to Buy Computer Manuals Online?
From: Erica Douglass <firstname.lastname@example.org>
Hi! I was reading some time ago in the HH Digest that there is a book
called _Secrets of Windows 95_ that tells how to edit the registry.
I finally got some spare time and browsed around amazon.com, but came
empty. I'd really like to learn how to edit the registry. I live in
rural area and buy CDs and books online. If anyone can find this or
book like it, could you please let me know? Thanks!
*** More on Cracking
From: Bryce Lynch <email@example.com>
> From: BJ Johnson <firstname.lastname@example.org>
> I'm thinking of installing Linux but my hard-drive is too small to
> that on and leave Win 95 on. I still want to have Win 95 as
my main OS
> since I'm not the only user of the computer. I was wondering
> knew how to install it (preferably Red Hat 4.1) onto a ZipDisk.
It's easily done. The newer releases of kernels (2.0.0+) have
precompiled in for the parallel port ZipDisk. You'll either have
LILO on your primary drive (don't know how your current bootloader
like that), or go the boot disk route. Either way, use Linux's
utility to generate ext2 partitions on the Zip Disk and install away.
This also works on JAZ drives, BTW.
> Hopefully then I would be able to use a bootdisk to switch over to
> when I boot up. I've read most of the How-To's at sunsite.com
> haven't found any relevant information.
Just treat it like any other hard drive. If you try to do anything
special, you'll just mess up. When you boot your install disks,
the ZipDisk just like you'd mount your regular hard drive (mount
/dev/sda4 /mnt) and go to work. Just remember that /dev/sd4 is
kernel will put access to the Zip Drive, and you can't go wrong.
> One idea I had was if it would be possible to use UMSDOS and just
> it think that the ZipDisk is another partition on my hard-drive.
> makes any difference, it's the parallel-port version.)
See? You already know what to do!
> Also, what programs/files would I need if I just want Internet
> software? Thanks!
Get the basic netpackage (I forget the archive name at present), pppd,
and maybe tinyX if you've a mind to go graphical (and can get Netscape
work. good luck).
-m alias=x /bin/cat /etc/passwd
I've never really dissected the exploit, but I'll take a shot at it...
/usr/local/bin/ph is the name of the SGI script you ran.
-m is a command-line switch, though I do not know what it does at present.
alias=c is another parameter, though I do not know what this means,
/bin/cat is the command to run the 'cat' command which will display
file to the standard output device (your screen).
/etc/passwd is the location of the password file, which you're passing
/bin/cat as a parameter.
> What does this mean? On some systems with the bug present, the
> file follows, while on others, it doesn't. On one system I was on,
On the sites it works on, a flaw is utilised which lets a remote user
look at any file on the system (which is what you did, with the password
file as a specific target). You could just as easily add a line
something like that. You could probably write a program line
by line on
the remote system, compile, and run it as well.
> ls to see the etc directory. Since the password file was shadowed,
> /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/shadow, which I had just
> was present. However, all I got was /usr/local/bin/ph -m alias=x
> /etc/shadow and nothing after. Why is this? Is it hidden or something?
It looks like the program you were using didn't have privileges to read
the file where the password strings are stored (which shoots down one
my theories.. oh well).
> I know that only some
UNIX commands work like this. Does rm work
> (I'm curious; I would have just tried if I wanted to delete something)?
Don't know. Why not use the exploit to create a file in the /tmp
directory, see if it exists, and then erase it and see what happens?
> Carolyn: Congratulations, you have a shell account. But I am puzzled
> telnet localhost (same as telnet 127.0.0.1) gives you a different
> system. Anyone have ideas?
It might just be a cosmetic difference. You can change the login
easily. Or he might not be on a SunOS box to begin with.
> On my shell account I get about the same thing...there are individual
> selections for things like telnet and ftp. If you want to run
from a prompt
> so you can use things like whois etc... on mine I can just press
^Z (ctrl +
> Z) This drops me at a prompt where I can just enter commands.
If I do
> things like telnet from the menu I have to do something like this:
If that's all you need to do to get to a shell, it sounds like you're
logged into a shell, and then your ~/.login file contains a command
run the menu shell. Just edit that file with pico or vi or something
remove it, and it should drop you into a shell by default.
> something of that effect. Once you get to the a prompt of any kind,
> time to buy a few UNIX/Linux books (depending on your needs), then
> there! Note: better save up for these books - a lot of the good ones
> can run up to $60. Personally, I recommend O'Reilly, as most people
> list would as well.....
Libraries work miracles.
Regarding people looking to find like-minded people to converse with
Buy an issue of 2600, and look for the meeting closest to where you
live. Stop by the first Friday of every month, and just start
people. It's a great way to make friends even if they aren't
into the h/p scene.
*** More IRC Wars
From: email@example.com (J. R. Sevilla)
Hi Happy Hackers,
I just had a bad experience in IRC. Some guys at #teenmature of
irc.qdeck.com just took over my newly created #apprentice where I was
was just being friendly giving op to others but I think I was a bit
friendly. I was really mad and sad (now I'm no happy hacker).
I read about access levels and stuff but I can't quite understand how
work. I also wanted to know how I can prevent someone from de-opping
even though I give him an op. Please try to help me regarding
please be very elaborate in giving me instructions (I'm just a newbie).
Also, if you can help me avenge myself to those naughty, good-for-nothing
guys, please tell me how.
Thanks very much Happy Hackers.
*** Perl for Win 95
Please make this anonymous.
There is a port of Perl version 5 for windows 95. The best place
look for Perl ports or any other Perl stuff is the Perl Home Page
(http://www.perl.com/perl). If that doesn't have what you're
for, try going to your favorite search engine and typing in "CPAN"
(stands for Comprehensive Perl Archive Network). Hope that helps!
Carolyn: Perl is a shell programming language. It is one of the two
valuable languages for hacking (C++ is the other).
*** Looking for Local Hackers
From: Gebhardt <firstname.lastname@example.org>
I'm looking for beginning/intermediate hackers in the Santa Barbara
County area, specifically the Lompoc, Vandenberg AFB, and Santa Maria
areas. Santa Barbara city, also, of course.
From: Bjørn Jensen <Cyberbears@vip.cybercity.dk>
I would like 2 know if N E 1 knows any hacker clubs in Denmark.
*** Carolyn Puts on Propeller Hat
Carolyn: In case any of you have been following the anti-Happy Hacker
war on the dc-stuff email list, you may have been mislead on some technical
topics. So it's time to put aside my jokes and put on the propeller
1) Those guys are making a big deal about how I have supposedly been
people to telnet into keyboards, monitors and printers. The issue is
whether you can telnet into them -- you can't, and I never told anyone
could. But in defense of newbies, I have not gotten even *one* report
newbie trying to telnet into a monitor, printer or keyboard on account
not having beaten this point into submission.
However, these guys are dead wrong when they claim only the numbered
ports can be called ports. Monitors and keyboard are also ports! A
defined as a anything that brings data (or "stuff" in the general sense)
into or out of a black box -- which could be a computer. Now if you
start calling your printer port the "printer thingie" on account of
believing the claims of the dc-stuff flamers that it isn't a port,
will laugh their heads off at you.
Another confusing thing in this flame war is some comments that a printer
cannot be used as a route to break into a computer. Wrongo! Today's
are in themselves pretty sophisticated computers. And, guess what,
many exploits which take advantage of not only printers but also device
drivers, which are the programs that tell an operating system how to
interact with devices such as, yes, a printer, monitor or keyboard.
According to some of the flames I have gotten, I must have led people
install Linux into thinking that when you install it, thousands of
thingies must have to be added to your computer to handle each and
the kind of port that is a service, i.e. something you can telnet into.
I have not gotten one single post from a newbie saying he or she thought
this. Guess what, newbies are not as dumb as those flamer d00ds think.
But just in case there are legions of dazed newbies out there trying
telnet into their monitors, here's the straight answer. If you give
command "telnet #" where # is any number that gets you a result, guess
you are telnetting into a service. See the GTMHH "Port Surf's Up" for
details on what these ports and their services are. But basically a
is a program which accepts your input and reacts to it in some way.
can't find a port number assigned to a port you want to access, for
hda, that means it is a device driver, in this case a piece of software
Unix that tells your computer how to port data to and from a hard drive.
Also, there was mass confusion and derision on the dc-stuff list about
comments on the Infowar IRC channel about "black boxes." First, a quick
question to those of you who have recently studied computer science.
teach you guys nowadays about finite state machine theory? To sum it
excellent way to model a control system -- for example, a computer
-- is to
model it as a series of black boxes connected by lines coming out of
ports representing data flow and characterized by state transition
functions. The reason for modeling things this way is that you can
characterize the system without knowing anything about what is inside
black boxes. All you need to know is how many black boxes do you have,
are the ports, how are the boxes connected to each other, and what
state transition functions.
In the case of the Internet, the services that we like to port surf
host computers on the Internet behave like the black boxes of finite
machine theory. The software that we know as services are the state
transition functions. IP addresses define the black boxes, and the
protocol provides the I/O.
What this means is that when you telnet over to a strange computer you
need to know what hardware it uses. You don't need to know its operating
system, or any of the programs being run on it. All you need to know
IP address and that -- to give a specific example -- when you
command "telnet strange.computer.org 19" you are asking it to run a
character generator (chargen) program. (You could also give the command
"telnet strange.computer.org chargen" and get the same results.)If
running chargen, then you get a string of ASCII characters in order
can use to check for dropped packets between you and that computer.
2) There has been a bunch of profoundly clueless talk about encryption
the dc-stuff list, following up my April 2 appearance on IRC at Infowar.
starters, you don't have to decide whether you should take my word
someone else's word on this topic. You can read an excellent book on
mathematical underpinnings of encryption -- and of the topic in general
how do you tell whether it is possible to find an algorithm that can
problem whose answer can be summed up as either "yes" or "no" fast,
whether such a problem inherently is difficult to solve. The book is
"Computers and Complexity." It's out of print, but your nearest university
library can get it for you on Interlibrary Loan.
Now if you like to get seriously into math, here is a more detailed
explanation of what I tried to get across to the encryption "experts"
at Infowar on April 2. Szechuan Death had asserted that DES (data encryption
standard) had been proven secure. But my response was that the only
can "prove" that *any* encryption technique is secure is if and only
unprovable assumptions hold true. As I mentioned on IRC, this even
such basic assumptions as the laws of commutation and association.
example, A*B is not equal to B*A if A and B are matrices!)
Most significantly, the classes of P and NP-Complete may not be distinct
from each other. It is conceivable that someday someone may prove,
example, that NP-Complete is a subset of P. In that case the house
will collapse for public key encryption, and many other algorithms,
there is no possible way to prove that NP-Complete is not a subset
of P. We
can only say that problems within NP-Complete are all transformable
other by algorithms whose upper bound on the computational steps required
for the transformation is no more than a polynomial function of the
the problem N.
The class P means the class of optimization problems whose answer is
yes or no that may be solved in a number of iterations that is a polynomial
function of the number N of the elements of that problem. An example
class P is the spanning tree problem, in which N might represent a
cities and the spanning tree may be the highway system that may connect
all with the shortest distance of highway.
The class NP-Complete is short for nondeterministic polynomial time
complete, which is the class of optimization problems whose answer
yes or no that may be solved in a number of iterations whose upper
a polynomial function of the number N of elements of the problem if
if the solver of the problem is supplied with a lucky guess
(nondeterministic) on how to solve the problem (in the case of encryption
the lucky guess is the decryption key). Otherwise, without the lucky
or decryption key, the upper bound of the number of iterations required
solve the problem is an exponential function of the number of elements
the problem N. "Complete" refers to the fact that that any problem
be shown to be transformable by a P type algorithm into any one problem
within the set NP-Complete may also be transformed into any other element
this set by a P type algorithm. An example of an NP-Complete problem
traveling salesman, where the objective is to minimize travel distance
through a set of cities without ever retracing one's path, ending at
city where one began.
Is your head spinning yet? What practical use is lots of math knowledge
hacker? Have you ever seen the movie Sneakers? The plot line is a
mathematician discovers a means to factor numbers using an algorithm
has an upper bound that is a polynomial function of the size N of the
problem. This meant that RSA and PGP became worthless for encryption.
the car chases and crawling through attics and murders and stuff of
of the movie flowed from that premise.
So watch out for a cryptic news announcement someday having to do with
factoring numbers. It could turn cyberspace upside down.
*** Is your head spinning? Had enough propeller head stuff? Good,
this is the end of this Digest. Bye, folks!