Aug. 31, 1998
URL of the day: http://thor.prohosting.com/~sp3cialk/text/unix.txt
basic Unix commands
See back issues of the Happy Hacker Digest and Guides to (mostly)
Harmless Hacking at http://www.Happyhacker.org.
GTMHH en espanol: http://underhack.islatortuga.com
TABLE OF CONTENTS
**This week's posts**
* What is "elite"?
* Online BO installer
* Re: The Magical Mystical Crypto-Primer
* Back Orifice, and PGP (2 topics, not related)
* Hacking Lessons On-Line
* How to download Real Audio files
* Another BO detector that is actually a trojan
* Re: GTMHH: Part 2 of War Tools!
* Juno gold
* PhreakNIC v2.0
**This week's Questions**
* Virii question
**Answers to previous Questions**
* IRC answer
**Editorial - InfoWarCon 98 coming up!**
*** What is "elite"?
From: keydet89 <email@example.com>
I have an answer to the question...what is "elite"?
In English: elite
In "haxor": 31337
In binary : 0111101001101001
In Hex : 7A69
Maybe I should get a black t-shirt with '7A69'
printed in big, white letters on the back...
*** Online BO installer
The applet that installs BO online is at:
Just thought you'd be interested if you didn't already know...
Thanks for the HHD! Keep up the good work - nice to see a
TRUE hacker - Keep
*** Re: The Magical Mystical Crypto-Primer
From: David Jackson <firstname.lastname@example.org>
Hi all,In regards to "Part 2, The Magical Mystical Crypto-Primer",
good program for browser encryption is Safe Passage Web Proxy.
It needs a bit of work to set it up, but once it is working,
it is fine.
It offers a wide range of ciphers that can be used, including
(is the most secure cipher available), RC4-MD5 (the most widely
cipher type), EXP-RC4-MD5 (the most commonly supported cipher
export-crippled servers), and EXP-RC2-CBC-MD5 (sometimes supported
export-crippled servers). There are around fifteen other
that can also be used.
This is available for Win3.1/95/NT (not yet for Mac) and has
unrestricted (I think :) ) evaluation copy.
There is also another page like https://www.fortify.net/sslcheck.html
checking how secure your connection is. It is:
David Jackson email@example.com
"Some mistakes are too much fun to only make once!"
*** Back Orifice, and PGP (2 topics, not related)
From: Hidden Access <firstname.lastname@example.org>
I've just had a curious (unpleasant <:( ) experience.
While more or less
innocently surfing the net, I couldn't help but notice that my
rebooted 3 times. Without my permission! I also found a rude
message on my
desktop (Win 95). I did a 'netstat -a' and discovered that I
had left the
server program for Back Orifice (BO)running after testing it.
This left the
31337 port open for attack. I promptly removed BO (and the rude
Follow this link to safety:
Moral: Don't leave BO running on your own box! and regularly
-a' to make sure no one else has either!
I also found an interesting and frustrating limitation to PGP.
encrypting one of my hard drives, I discovered that I could't
because my system didn't have enough RAM to allow it (file size
= 253.5 MB;
RAM = 64 MB). Since I had deleted the source info for the encryption,
_was_ trapped!! This is no excuse not to encrypt, just be careful.
Moral: Do not delete source info until you are sure you can
fully decrypt it!!
"While experience is a great teacher, someone else's
experience is a safer
one!" - Me
*** Hacking Lessons On-Line
From: UQ Mail <Anonymous>
Dear Happy Hacker,
I'd like to point out for people the new 'step by step' hacking
It's still in the process of massive expansion right now,
with a lot of
hackers sending further chapters for different areas, but until
should already lead people through some of the basic ideas about
Also, some good text files through the tutorial.
*** How to download Real Audio files
Ok, here's something useful- how to download real audio files:
1. save the link as a file (it will have the *.ram extention)
2. open the ram file in notepad
3. go to the url in the file (it will have a *.ra extention)
4. save the ra file and then open it with real player
If you know this trick you probebly think it is too simple
to mention in the
HHD but many people have asked me how to download real audio
files from web
pages and many think that it can't be done.
*** Another BO detector that is actually a trojan
From: Ken Williams <jkwilli2@UNITY.NCSU.EDU>
I recently came across a program called "BoSniffer.zip"
author claims will "block key points in the registry from
BO as well as
search for existing installs of the backdoor."
Close examination has revealed that this is actually a BO
with the "SpeakEasy" plugin installed. If you
run "BoSniffer.exe", the
BoSniffer executable (read: BO Server Trojan w/ SpeakEasy) will
to log into a predetermined IRC server on channel #BO_OWNED with
username. It then proceeds to announce its IP address and
message every few minutes."
This program, "BoSniffer.zip" is currently being
as a "cure for Back Orifice infections". It is
probably being distributed
with other software packages and with other names too.
Listed below are
relevant details about this program.
File Sizes (in bytes)-
MD5 fingerprints and strings (checksums)-
MD5 (BoSniffer.zip) = 2d75c4ac54b675778ff22f76f9a6a77f
MD5 ("string") = b45cffe084dd3d20d928bee85e7b0f21
MD5 (BoSniffer.exe) = 63748087b2e1598fcf34498b0295212e
MD5 ("string") = b45cffe084dd3d20d928bee85e7b0f21
Evidence that BoSniffer.zip is really BO Server with SpeakEasy
irc.lightning.net:7000:Hey MASTER where are u!!!
sector 0x0303F0 - sector 0x0306D8
BO ButtPlugs and goodies...http://www.netninja.com/bo.html
AJ Reznor: The pierced, tattooed grand master god of flame wars!
Who is John Galt?
Yes, you too can own my box with this special introductory offer
I'm sad to see Kontrol Faktory go away.Use Linux!
This box is now property of the Illuminati.
<<tap>> <<tap>> <<tap>>...Is
this thing on?
Where do *YOU* want to go today?!
sector 0x0318A8 - sector 0x031980
#BO_OWNED with IRC commands:
Own Me @ .NOTICE .JOIN #BO_OWNED host server :Owned USERNICK
.QUIT Psssst...Speakeasy was told to shut down
.NOTICE #BO_OWNED :Psssst...Speakeasy just started up
You get the idea by now, hopefully.
Instructions on removing BO Servers from compromised servers
found at: http://www.iss.net/xforce/alerts/advise5.html
or by searching through the NTBUGTRAQ archives at:
If anyone wants a copy of BoSniffer.zip for further examination,
email to Packet Storm Security at PackStorm@Genocide2600.com
Please note that we will disregard any non-corporate or suspicious
Packet Storm Security http://www.Genocide2600.com/~tattooman/index.shtml
E.H.A.P. Corporation http://www.ehap.org/ email@example.com
NCSU Comp Sci Dept http://www.csc.ncsu.edu/
PGP DSS/DH/RSA Keys http://www.genocide2600.com/cgi-bin/finger?tattooman
*** Re: GTMHH: Part 2 of War Tools!
You wrote: while you can protect your Windows boxes
from attacks from the
Internet with a well-configured router and firewall, what if
the intruder is
inside your LAN?
Here's your answer:
I've found a "personal firewall" device that performs
tasks and connects to a LAN from an individual desktop PC:
I have one, and it works perfectly.
*** Juno gold
Hey, I saw a file you wrote on hacking SMTP. Well, thanks
info. Anonymously emailing my friends will keep me happy
for a while.
Well, I feel obligated to share some info with you now, so...
I don't know if your use juno or not, but they've recently
promoting "juno gold", their new service that finally
lets you get file
attachments with your email. Up until now, when someone
sent any juno
member a file attachment, the attachment was shown at the end
message as a bunch of garbage. Well, you don't need to
pay to get file
attachments with Juno. You're savior will be Winzip (www.winzip.com)
Here's what you do:
1. Use the "save as text file" option under
the file menu
2. Open the text file with any version of Winzip
3. Extract the files from the text file.
You see, winzip treats that text file like an archive, probably
because Juno's central computers UUencode binary file attachments
tack them on to the bottom of mail, and Winzip understands UUencoding.
You may have to rename the files you "extract" from
the text file because
when they're extracted, they may still have the TXT extension.
for anything you can get for free ;)
*** PhreakNIC v2.0
From: jonnyx <firstname.lastname@example.org>
Good lord! It's
`88888b. 88 88 .d88888 888888P oOo
`88~ dP~88 d88 Y8888P o888b.
88 8D 88 88 88' 88 88
dP Yb 88 dP 88 d8V8 88
88ood8F 88ooo88 `Yboo88 88oood dC 5b
88,dP 88 d8V88 88 88
8888F~ 88~~~88 d8'88 88~~~T 88ooo88
88`Yb 88d8P 88 88 88
88 88 88
dV 88 88 88~~~88 88
Yb 888P 88 88 Y8L..d8
d88b 88 88vdV
88v888888b.88 88v88, Yb.88P 88
1010000 1001000 1010010 1000101 1000001 1001011 1001110
THE QUICK & DIRTY
Who: se2600 (Nashville/Atlanta hackers) What: a weekend of hacking,
discussions, partying and other mayhem Where: Drury Inn south,
Harding Place, Nashville TN, 615.834.7170 When: 30 October -
01 November Why:
Greetings! This is the initial invitation to and announcement
a convention for hackers, phone phreaks, cypherpunks, programmers,
libertarians, ham/scanner enthusiasts and culture jammers. Not
one of the
above? No prob. Network engineers, ISP owners, sysops, security
the generally curious and (especially) those who want to learn
about some of
the more "underground" elements of our technological
culture are all
encouraged to attend. We're even inviting a few feds.
The con starts 3:00pm Friday and runs nonstop until noon Sunday;
may be a few additional events afterwards, so check our contact
http://se2600.org/phreaknic on a regular basis. There will be
films and videos, a series of lectures and panel discussions
to 6:00pm Saturday, a costume party and mini-rave Halloween evening,
numerous informal tech talks and demos. We're also providing
space to the
Nashville Linux User's Group for a Saturday install-fest and
A computer network will be set up early Friday for a weekend-long
r00t wars. The goal will be to hack into as many LOCAL machines
and take them over, while preventing the same from happening
Participants will learn a LOT about internet and network security.
your own ethernet/RJ45 equipped computer(s); the network will
Why are we doing this?
A very wise man once said "Don't get mad at the media,
BECOME the media!"
We see this as a chance to dispel many of the misconceptions
lies spread by certain greedy corporations (especially those
telecommunications industry) about our subculture, expose the
bad laws their
lobbyists sponsor and our politicians pass (usually over the
experts), and chastise the mainstream media for frequently poor
reporting (and for perverting the word "hacker", which
was a complement up
until the 80's). Assuming anyone wants to listen, that is...
It's also an excuse for a big party Halloween weekend. See
PS - Did we mention that its free?
*** Virii question
From: Dmitry Markushevich <Dmitry@Home.Com>
Hello HH. Been reading you for some time, and i think that
you are great ;-)
My question is, how close to truth are these "virus warnings"
(read CCMaker File on the net, last digest).
Through the several years that I've been using computers, I
heard about a lot of programs claiming to **damage** your
computer **physically**. Such things as for example, destroying
your hard-drive (perhaps a low level format with wrong
tracks/clusters/heads), blowing up your computer, burning up
the video card and/or monitor.
Did anyone ever encounter such programs? Are they actually
possible? And if you did, how did they work?
Dmitry Markushevich 11:39 PM
Black clothes: Ideal tool for removing cat hair from furniture.
*** IRC answer
From: cdcd <email@example.com>
In response to Raymond's question about IRC:
There is no legit way from IRC to snoop on someone. You may
Orifice (it has a key logger) that was grabbing what you type
he simply snatched that file. ircN (6.02?) and several other
scripts (LittleStar, etc) have a CTCPREPLY exploit. He may have
something there. Check out http://www.rootshell.com and see if
suseptable to the WinHack. If you are and you log your msgs,
he may have
simply gotten the log right off your pc. Or, my final thought,
connection was sniffed.
Good luck on the answer,
From: Jim Conner <firstname.lastname@example.org>
Hi! Let me answer your question. Before I do let
me tell you who I am.
My name is Jim. I run an IRC network and I can probably
tell you exactly
how this guy was doing what he was doing...because I've done
Anyone who assumes any traffic over the Internet is completely
people looking at the data transmission is fooling themselves.
was probably running something called a packet sniffer.
The one I use is
called sniffit. If this guy was indeed using a packet sniffer
your conversation then he knows something about how the Internet
is a little tough to get a packet sniffer to sniff packets outside
domain of your ISP or the network on which you are broadcasting
admit I don't quite FULLY understand how that all works since
I have never
successfully been able to sniff packets outside my domain.
I would love to
have someone explain that to me because I believe it requires
I watch for hackers on my network with sniffit. But
hackers can watch for
other nifty things on the net with it too. I have watched
conversations before in the past. However, don't get paranoid
that this person was definitely watching what you were saying.
still per se. There is a possibility that this person was
also somehow in
kahoots with the person you were in chat with. They might
know each other.
The person you were talking to might have been cut & pasting
to the guy whom you were talking about. I have seen this
happen a lot and
wouldn't put it past someone you don't know in IRC to play a
prank such as this.
If anyone can tell me more about how sniffit works past the
domain it is
executed in please email me.
remove (nospam) from the name to reply.
*** Editorial - InfoWarCon 98 coming up!
From: Dale Holmes <email@example.com>
It is not very often that a really cool hacker type Con comes
to the DC area
*and* I get to go... I am not sure that InfoWarCon 98 qualifies
as a hacker
type of Con, but it should prove very enlightening anyway.
I am looking forward to meeting some of the people who will
be there to
demonstrate the "Tools of the trade". I plan to attend
as many sessions as I
can, and will report to the digest readers the things that I
find in future
I especially can't wait for the "Why Infowar is a Paranoid
Counterpoint" discussion - it should be a very lively and
perhaps heated debate.
The "Information Terrorism and the Dangerous Insider"
session should be
interesting too - I wonder how much of it will be substantive
and how much
will be hyperbole. You'll find out shortly after I do.
The "Cops Breaking the Law to Enforce the Law" session
for obvious reasons.
The web site for the Con promises attendees will receive conference
materials from all sessions, whether you attend them or not (optional
tutorials excluded), so I should have a lot of material to digest
report on in the Digest. :) Stay tuned for more...
This is a list devoted to *legal* hacking! If you plan to
information in this Digest or at our Web site to commit crime,
Foo on you! Happy Hacker is a 501 (c) (3) tax deductible organization
in the United States operating under Shepherd's Fold Ministries.
This is all a plot to save your immortal souls!
For Windows questions, please write Roger Prata<firstname.lastname@example.org>;
for Macs, write Strider <Strider@clarityconnect.com>,
and Unix, write Josh Fritsch <email@example.com> or
Happy Hacker Digest editor: Dale Holmes <firstname.lastname@example.org>
Happy Hacker Grand Pooh-bah: Carolyn Meinel <>