May 6, 1998
URL of the day: http://www.fsf.org
Free Software Foundation
See back issues of the Happy Hacker Digest and Guides to (mostly)
Hacking at http://www.Happyhacker.org.
GTMHH en espanol: http://underhack.islatortuga.com
TABLE OF CONTENTS
* Hacker Wargame update
* How to block finger
* Hacking WinNT
* Win95 hack
* More on CMOS
* More on Linux
* Shell programming permissions
* Free Software Foundation
* Bash history
* Yahoo password problem
* Yahoo bookstore
* Call for volunteers
*** Hacker Wargame Update
From: Kent Davis
before I decided to start my career as a harmless hacker,
I heeded your
advice to warn tech support. I was all set to take them out
to dinner and
realized that the tech crew was 100 people large! I offer a
far more simple
and pleasant way to inform your ISP that you'll be doing harmless
A simple phone call to tech support and informing them of what
why your doing it and that you're willing to help test your own
security did the trick for me! A simple explanation has also
school while testing the network security there. I asked the
if I could test the security and before I knew it, they had me
windows NT webserver, Compaq proliant running Novell and a lab
computers in my free time ;) A simple "Can I do this"
was more than enough
for me, and is a good habit to follow.
[Carolyn: It depends on your ISP how much work it takes to
get them on your
*** How to Block Finger
From: Magnus Kristiansen
Most Unix system uses GNU-finger daemons, which easily may
with a .fingerrc file in your home directory, like this
----------- Cut ----------
# As I don't like ppl poking around in my privacy
echo Please get the he*l away!
----------- Cut ----------
Don't forget to:
chmod +x .fingerrc !
*On very few systems the sysadmin has turned off the possibility
run your own .fingerrc-scripts*
This would not work on system who doesn't use Gnu-finger...
*** Hacking WinNT
From: Capt. Video
>>I'm fairly new to this as far as hacking goes anyway
>friend told me about this really easy hack with win 95 NT
4.0 or win 98.
>I don't know if you know about this or not, but here goes.
>as far as I can tell you have to have file and printer sharing
>rather the victim does at any rate for this to work. you
get an IP address
>go to the start menu go to find then computer input the IP
>address like this
>\\000.000.000.000 then click on find now.
>this will find regular users ISP's whatever this will show
>of the shared drives files whatever. no log in no nothing
as far as it's
>concerned you are on the LAN!!!!
>I got into me ISP's secondary domain server without a password
or even a
>login. As far as I can see unless you password protect your
>drive you are open to this. If you know how to get around
it or close this
>hole let me know I'll pass it on to my ISP.
This may have exploited the stupidity of the ISP's administrative
not Windows NT. I have tested this hack and got very different
will test it further.
The above described process is still a network access and
is subject to
security checks and login. Also, if it is this individual's
own ISP, and he
dialed up successfully, then chances are he has an account on
and was probably already logged on. Further, like in Unix, all
that is available to the public can commonly be accessed (depending
is allowed by the admin) from a guest account and anybody running
compatible networking client can wonder in and see a list of
example, if my name were Bob and I logged on as BobB to my Windows
computer, then tried to search the contents of a share on an
NT system over
the net in the above described fashion (or any other); the NT
try to log me on BobB using my Windows 95 password. Failing
that, it would
log me on as Guest (if the Guest account was enabled by the admin).
Guest account has a password, I would get a message telling me
share is protected by a password and be prompted for it. If
not, then I am
in and allowed to view and access anything I can browse to through
share that has been assigned rights that would permit access
to Guest. If
all the share permissions use the default "Everyone Full
permissions and the drive is a DOS compatible format (FAT) or
permissions are the same as the above share, then that Admin
is stupid and
thoroughly screwed no matter how you slice it. Like Novel and
are Read/Write/delete/change permissions...etc. rights. But
in NT means all rights.
I have done this many times to NT machines and still not been
able to cross
either the share permissions or the local permissions when I
did not log on
with an account that has access to these files. No matter how
you get to
the shares, if you use the regular interface on your client,
you are subject
to login and file rights settings. If the file rights settings
than they should be then that hole is closed by the admin viewing
securing the access rights on those files.
Be it known that, with NT:
A>Many small ISPs use un-trained admins who do not fully
share and file rights and frequently make mistakes.
B>For ease of use, the default rights are always Everyone
Full Control on
all new shares and newly formatted drives until the Admin sets
C>Using the FAT (DOS compatible) formatting option means
that the drive is
protected by share permissions only.
Any admin reading this who is concerned about share, folder,
security should take a class. NT is a complex networking system
in technology to Novell Netware (at least so far as file permissions
concerned anyway). Or I can answer specific questions care of
*** Win95 Hack
From: William C . Topp
I read your hh on win95. you use DOS a lot. with wfw 3.11
just exit windows and be at a true DOS prompt. not so easy in
this technique appeared in PC magazine Sept. 10, 1996 on p. 339.
in a letter from one Gary Tessler
make sure at least the following path is included in your
edit autoexec.bat so that the last line is
delete or rename c:\windows\logos.sys and c:\windows\logow.sys
find c:\msdos.sys and change the attributes from hidden and
edit this file with notepad to include the statement
BootGui=0 (that's zero)
in the [options] section
save the file and reset (if you want) to hidden and read-only.
what this does is cause the system to boot to DOS but the
last line of
the autoexec.bat loads win95 so the effect is to boot to win95.
when you choose "exit" from the start menu and select
"shut down the
computer" boom, you're at a true DOS prompt. to get back
I've done this on three computers and it always works. I
one small problem. you now can't hit f8 or f5 or whatever
that key is
at boot time and select boot to DOS because now the autoexec.bat
you into windows anyway. you need to select instruction step
"no" to the win in autoexec.bat to actually boot to
so this lets you exit to DOS very easily but it is a pain
to boot to
DOS. I favor the former, I seldom actually turn off my computer.
please note, this isn't my "hack" or whatever you
call it. I got it
from the reference above.
*** More on CMOS
From: Gustavo Olaza
this is the complete debug template for a password crack in PC
It works invalidating the CMOS configurations <save the important
before try this>.
The port 70h is the byte select and the port 71h is the W/R port.
First, we select the address for I/O via out port 70, address
and late we
R/W via port 71.
The byte 0e is the diagnosis status byte, if the bit 5 is set
configuration is invalid.
The bit 7 of port 70 is the NMI mask register <Never alter
its value!>--------------------------------cut here-------------------------------
Cut the text between the lines and paste in a text file for example
and in the DOS prompt at the directory where the file is in,
< CMOS.TXT; this create a file "killcmos.com".
Execute this file, and when
you restart the computer you will see: "CMOS configuration
press F1 to enter setup" or something similar.
Enjoy it. ;-)
1. The post about CMOS security and debug...you can read that
of the last c't magazine (Germany).
2. To get into any Award Bios, there are some "Supervisor
which overrule every user-set password, e.g. "LKWPETER".
Its only one
of many....but if ya didn't know...now you know...
From: Bastian Doetsch
| At 08:59 PM 5/1/98 +0200, anonymous wrote:
|>Make that anonymous pls....
|>|>Something for the digest.....
|>|>1. The post about CMOS security and debug...you can
read that in one
|>of the last c't magazine (Germany).
c't is a printed medium...but you can check out the website
As you perhaps have noticed at least one of the ct-reporters
subscribed to this list (He posted something about Linux security
while booting). Btw...you remember the post about finger
@@@@@@@@@@@@@@@@ attacked.host.com? It is copied (copy paste)
paper about Denial of Service attacks, which I have attached
|>2. To get into any Award Bios, there are some "Supervisor
|>which overrule every user-set password, e.g. "LKWPETER".
|>of many....but if ya didn't know...now you know...
btw...if ya know of supervisor passwords for other bioses....I
appreciate to get them.
And at last a question....
Which protocol is used to transmit information between keyboard
keyboard port? I know it's a serial interface, but how could
it via a normal serial port of another computer?
From: Capt. Video
>I read the file begin.html and found it most instructive.
I must say,
>however, that the method described for compromising CMOS
>somewhat drastic. So, here is a trick which works on at least
>definitely DOS. I would not be surprised if it worked on
>Unfortunately Win NT blocks it, well, as far as I can tell
Correct, this kind of direct hardware access cannot be performed
by a user
mode application running under NT. However a system level device
(at least in theory) run low level function calls that command
the OS to do
things to the HW in it's behalf. Whether or not this would allow
corrupt the checksum however I could not say. I do not know
that, however I
would doubt it.
From: Daniel Powell
Here's a debug command that will clear part of CMOS if not
all of it. Good
if your sysadmin disabled your floppy drive in BIOS. Once done,
will need to
restart, You should get a check sum error on boot, which will
make it load
default values. It will not clear password...on my machines anyway.
tried this on a Pentium 75 w/phoenix bios and a 200mmx w/award
worked both times.
Start, run, type COMMAND hit enter.
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer
*** More on Linux
From: Adrian Hawkins
Not to beat Linux into the ground, but I had an alternative
Eikli's discussion on Linux:
A man named Patrick Volkerding has put together a flavor of
ZipSlack that simply unzips onto a Zip(tm) disk or HD. Using
don't have to mess around with partitioning their drives or buying
hardware. It just creates a new directory. To run, the user
only has to
type 'Linux' at a DOS command prompt.
This is a fully functional / upgradable spin off Slackware.
This option is great for those who would like an easy way
to mess around
with Linux without losing their current Microsoft setup. ZipSlack
available on any Slackware mirror.
From: Cory Nickerson
For the many people who are asking about running Win95 Linux
OS's on their computers at the same time, I'd like to suggest
into a relatively new program(few months old) called master booter.
Available from download.com, the author purports it to be able
up to 6 operating systems on 6 partitions of the hard drive without
use of boot disks and the likes. From what I've seen, I'd recommend
using the program in conjunction with a stand alone drive partition
program such as partition magic. If you'd like to run more than
like me, its worth looking into(my girlfriend would kick my a**
booted up to a Linux screen:P)
One other thing, I, like more and more people recently switched
cable modem and will soon be getting a static dedicated connection
through it and running a web/ftp and telnet server on my p166.
its unique nature and the fact that it is connected through a
server, what kind of unique security risks and concerns are there
this setup? Thanks.
P.S. Love the digest, just keeps getting better, tell your
From: David Ney
(Regarding Linux on same disk as Win95, with S.u.S.E.) A very
program is included (Yast). The best way to do the setup is to
go to msdos
and start the setup program, make the 3 installation disks and
instructions. If it is time to repartition the hard drives it's
to make 4 primary hd (hda1, hda2 ,hda3 ,hda4) all Linux partitions.
the first as root directory (hda1: / --->size 500MB) and
1500MB). If anything functions the best way we will come back
to win95, you
have just to introduce your msdos disks in the floppy and do
no format of
any hd!!!! Just exit setup and start fdisk from A:\, delete the
hard drives and create a new (or more) DOS partitions. Now you
the computer for installing msdos. Format the hard drives, but
you must pay
attention that you format "C:" and not "the first
drive.." or something like
this. Now if msdos is installed start Linux, take root access
and start #
yast. Now it is the best to control everything (for example if
drive and the usr drive is always installed right. Then you must
update your system, you will come into LILO setup again, make
a new entry
for example Win95 and choose start "msdos" and the
hd to boot from is
/dev/hda3. Now restart your PC and if LILO is booted try with
systems which are installed. There must be Win95 and Linux start
MS-DOS will be started) Then install your CD ROM drive and install
If win95 works without problems you must reenter Linux with your
disk because Win 95 writes the boot configuration on the Linux
restart yast and check everything exit it and make an update
of the system
with the LILO boot program. Now when you make a restart you will
lilo prompt and you must enter the system you want to boot. I
think this is
better like starting Linux with loadlin under windows on a DOS
because it is much more stable.
From: mea culpa
>If you will let us have the source code to your joke daemons
credit you on our mail list
Its funny that you keep mentioning source code. I don't think
how simple it is to make daemons like that.
echo " "
echo " "
echo "If you are portscanning this machine with Strobe or
a like scanner,"
echo "you should be aware that it does indeed leave all
sorts of wonderful"
echo "log entries. Many lamers out there don't understand
the value of a"
echo "half-open port scanner. Hell, many lamers don't even
know what one"
echo "is. If you find yourself thinking 'what is one?',
then please quit"
echo "scanning and worry more about learning something."
echo " "
Pretty simple, no? The 'trap' command is telling it to take
any input at
all and ignore it. The rest is basic shell scripting.
So, save the above as your favorite name (above is in.lamerd).
following lines to the following files:
in.lamerd stream tcp nowait nobody /usr/sbin/tcpd
in.lamerd 2145/tcp #
And voila. Don't forget to HUP inetd.
[Newbie note: You have to be root to do this -- Carolyn]
*** Shell Programming File Permissions
From: Mike Miller
chmod 777 sets permissions for all users to read, write, and
file/directory (execute a directory means to change to it). chmod
used two ways; either with numbers or letters. The letter way
simply type chmod <letterstring><filename>where <letterstring>includes
the following syntax <who>+/-<what> The who field
can be u g or a (for user
(the owner), group, and all). The what can be r w or x for read,
execute. So to set a file to world readable, group writeable,
executable, you would type chmod u+rwx g+rw a+r <filename>.
method just uses numbers instead. The three digit code (777 in
your case) is
the three permissions. The first digit is the user, then the
group, then the
world. To figure out the correct number, convert to/from binary.
is a three digit binary number with the first ('hundreds') digit
the next being write, and the last being execute. So, to use
example you could write it as chmod 764 <filename>. In
your case, 777 sets
the directory as readable, writeable, and executable.
*** Free Software Foundation
>"**Historical Note: If you want a role model for
>hacker, try these names: Dennis Ritchie, Bob Metcalfe, Steve
>and yes, Bill Gates."
I agree with the choice of hardware hack Steve Wozniak (and
some of the
others, in an offhanded way) , but I think if we're talking about
"role-models" ( true purveyors of "the right thing"
) I would think that
Richard Stallman, Richard Greenblatt or anyone else that actually
CREATES would be a better philosophical role model. MIT AI lab
About your use of the word "hacker": 99% of your
themselves "hackers", when the real truth of the matter
is, they are
"crackers". A very fundamental difference. A "hacker"
disseminates. A "pirate" steals and freely distributes
and/or data. A "cracker" gains entry to networks, and
slang for lily-white Caucasians... Irony notwithstanding. Media
journalists seem to enjoy the word "hacker", as "It
strikes fear in the
hearts of High Tech CEO's" but that doesn't mean anyone
should buy their
brand of ignorance...
Hmmm... Bill Gates. Bright guy, bad ideals. Almost ruined
computing, and is the sole reason we pay for software today.
slightly outweighs the value of DOS) Might ought to be burned
stake for sending out code in binary state. "Hacker"
he is NOT,
"cracker" (in the "forcibly-going-to-enter-your-network"
seriously doubt. ) Bloatware. Need I say more. Not a good choice
role model for today's youth. "Get really rich via seek
Microsoft may be a problem, but the true evil is with Intel:
MICROSOFT, have been the TRUE MONOPOLISTS. Socket 5, 6 7 are,
they realize it or not, are now worldwide standards, in which
charge other makers of semiconductors a hefty licensing fee for
chip sold. Semiconductor Mafioso. That is a monopoly. Bundling
with an OS, is like telling auto manufacturers they can't include
stereo in their new cars, as it would be unfair trade practices
car stereo manufacturers. Netscape is losing, and they don't
seem to be
taking it very well... They lost focus, and started telling users
they would get, as opposed to listening to what they want. Microsoft
listened. They win. The Intel would-be AMD/CYRIX/Centaur Technologies
killer, the Pentium II, is simply a Pentium Pro (lots of L2 cache
back end) in a different socket. Zero performance gain with the
socket, but certainly an efficient way to attempt to kill the
competition and produce a new marketing campaign, all in one
package. Might want to enlighten your readers. Microsoft bashing,
this point, is just a sign of ignorance and immaturity... besides,
are better as a marketing firm than a software vendor... Anyone
viewed "the blue screen of death" in NT can attest
I freely admit I use high-end Intel-based systems when I design
love an SGI Octane, but I'd prefer to feed and clothe my wife
daughters), as I have neither the time, nor the inclination to
the Adobe (and others) software I utilize on the Intel platform
other platforms. Not Logical. That doesn't mean for one moment
don't support the Free Software Foundation and the CopyLeft ideals:
creating (still working) on a multitrack audio recording system
Linux/unix X11 platform, to give to the world FREE. (Not trying
self-righteous) Why don't you teach your subscribers/students
(http://www.fsf.org) It's free. Get them unhooked from being
Microsoft dumbed-down OS's... "Hacking on Windows 95/98"....
funny, in that it's quite the oxymoron... big deal... "telnet"....
I suspect, is the biggest problem today with our computing youth,
that everyone wants their "warez", and no one wants
to think for
Big Rant Over,
it's shagadelic, baby...
*** Bash History
>Some bashes do it one way, some the other -- arghhh, I'll
have to make that
Well, they don't until you make them to.
(from man bash)
The name of the file in which command history is
saved (see HISTORY below). The default value is
~/.bash_history. If unset, the command history
not saved when an interactive shell exits.
*** Yahoo Password Problem
From: Capt. Video
>From: Craig Harvey
>>I downloaded that crappy Yahoo news ticker and I believe
it is a security
>threat to people who use this and/or Yahoo mail, Chat. The
>keeps the persons password in the registry in plain text,
no encryption or
Any application (virus, activeX control, etc.) could look
for and extract
The defense is not to save your password at the YAHOO news
Also, use a different password than what you use to access the
rest of your
system. That way, all they can hack are your news ticker choices.
I use separate user names and passwords for everything.
*** Infowar Bookstore
Internet Attack Methodologies Countermeasures Instructed By Chris
NOW AVAILABLE ON VHS
A comprehensive Network Security video including topics on:
Advanced Network Attacks
Denial of Service Attacks
Masking the Intrusion
Intrusion Detection Systems
On sale at the www.infowar.com bookstore
Assistant to Mr. Winn Schwartau
* Call for Volunteers
We need more people who could help edit our Digests. We
are getting lots
of good input and really, really hate to lose good posts when
none of our
volunteer editors have the time to put out Digests.
The alternative is an unmoderated mail list. But if we just
everything that comes in (an unmoderated list) you would have
to put up with
lots of flames, cuss words, misspellings and off topic posts.
If you love
the English language as much as you love to hack, please contact
basic requirements are that you give us your true identity, promise
don't commit computer crime, and have enough of a sense of humor
to be able
to put up with working with the rest of us Happy Hackers.
If you believe you are enough of a masochist to take this unpaid
please email .
message "subscribe hh."
This is a list devoted to *legal* hacking! If you plan to use
information in this Digest or at our Web site to commit crime,
go away! Foo
on you! Happy Hacker is a 501 (c) (3) tax exempt organization
in the United
States operating under Shepherd's Fold Ministries. Yes! This
is all a plot
to save your immortal souls!
For Windows questions, please write Roger Prata; for Macs, write
Strider; and Unix,
Carolyn Meinel. Other general questions go to R.J. Gosselin.
Happy Hacker email list maintainer: Jonathan D. Zerulik