March 4, 1999
See the Happy Hacker Web site at http://www.happyhacker.org
Your local firewall blocks you? Try http://happyhacker.org
URL of the day: http://www.antionline for the world's most accurate
In this issue:
* New winners
* A great new Web site on koan.happyhacker
* New Wargame computers!!!
* New Wargame administrators
How to legally hack Web sites -- honest!
Antionline back online
Hackernews.com screws up yet again
Pentium III serial number hacked
*** Wargame News
We have two new Wargame administrators, and an entire team
of Wargame winners!
Those of you who have been playing the hacker Wargame have
koan.happyhacker.org taken over by the tg0d gang and allies.
really popular winners, too. They have added new guest
guest2 etc.) Each account is harder to break into than the last
harder than guest1 and so on). Each higher level account
privileges than the previous one, as well.
Want to see how tg0d's Typo got in? Check out
http://koan.happyhacker.org/~typo/koan.txt. Check out koan's
main Web site,
too, for plenty of news and views from the victors. Oh,
yes, to win the
game it isn't enough to just get root -- whenback rooted koan
early March 2,
but didn't kick tg0d off. On the other hand, maybe whenback
left behind a
back door:):) Stay tuned to http://koan.happyhacker.org
to find out -- will
whenback join tg0d and share root? Will whenback kick tg0d
off? Who will
be next to root koan?
Schematic <firstname.lastname@example.org> gave me a free run on
koan recently when I
needed to set it up on a different T1. I am happy to report
that it is
riddled with back doors and other fun stuff. Whoever gets
root on koan next
will have a merry time trying to lock the tg0d folks out!
If I had to do
it, I'd create a new file structure and reinstall the operating
(FreeBSD) from scratch.
*** New Wargame Computers!
Schematic has just shipped out a new box for the Wargame.
Expect lots more
fun when it is up. Its name will be otter.happyhacker.org.
We now have a router on the Wargame -- see the main page of
http://www.happyhacker.org for the IP address. The router
currently is a
Cisco 2511, but the make and model may change without notice
as new Wargame
administrator Corey W. Gallatin <email@example.com>swaps
out routers from
among his impressive collection. Gallatin is a senior data
Sprint, which is a major Internet backbone company. Gallatin
assisting both Happy Hacker and Antionline with network security.
the router has a guessable password if you know how to guess
are screwed up beyond recognition:)
*** New Wargame Administrators
Yes, Corey Gallatin is one of the new Wargame administrators,
magic it takes to keep the baddies from crashing our LAN.
Way to go, Corey!
And now -- introducing the new Director for the Hacker Wargame
Larsen. He is president of a computer consulting company,
and also a truly
twisted, mostly harmless and definitely funny hacker. Want
to see his
handiwork hacking a Linux kernel? Telnet thirdpig.com and
try logging in as
We thank Mark Schmitz for putting in a year as Director of
Wargame -- it was hard work and took lots of brains. I
(Carolyn Meinel) am
most definitely in awe of Mark!
*** How to Legally "Hack" Web sites
Everyone it seems wants to hack Web sites. OK, OK, we'll
finally tell you
how, keystroke by keystroke.
Oh, no, you're thinking, Happy Hacker has gone bad, Meinel
is really an evil
hackeress, they are teaching people how to hack Web sites!
is a totally legal, harmless way to hack a Web site. However,
be sure to
only use this trick on your friends who have a sense of humor,
or you may
get punched in the nose!
This hack is a Vincent Larsen twisted trick that works on
Windows 95/98 (and
with slight modifications on any other operating system that
is able to
network to the Internet).
What we are going to do here is trick your victim into thinking
his or her
Web site has been hacked, while making only a *slight* modification
or her computer.
The most common case is that your friend has a Web site of
In this case your task is to set up a Web site somewhere else,
one of those free Geocities Web sites. You will need to
make sure you give
your new Web site the same user name as your victim.
For example, let's say your friend has a Web site named:
Your first step is to set up your own Web site at a different
with the same user name, for example:
Next you need to find out the numerical IP address for your
server www.mywebsite.com. You can discover that by connecting
to your Web
site with your browser, then going to the MS-DOS prompt and giving
This should show you something like:
Proto Local Address
Foreign Address State
The "Foreign Address" is the numerical IP address
of the computer that has
your Web site. The ":80" means it is connected
to port 80, the most common
port fro Web connections. (The other address is your computer's
at least for this connection).
Now you are ready for the next step -- to get on the computer
uses. (See the GTMHHs on breaking into Windows 95 for instructions
aren't able to simply persuade your victim to let you briefly
use his or her
You can go to jail warning: This had better be a good friend
member you are doing this to, because breaking into someone's
without permission is against the law. Your safest way
to do this hack is
to get permission to briefly use the victim computer and sneak
necessary changes during this use.
Once you are on that Windows 95/98 computer, give the command:
(If the hard drive that has the windows directory is different
substitute the appropriate drive.)
Next, type in this command:
For 126.96.36.199 substitute the IP address of your web
server, and for
www.fubish.com/~yourfriend substitute the URL of your friend's
Now tell your friend his or her Web site has been hacked.
Sit back and
laugh your head off when your victim sees your Web site instead!
Troubleshooting: What if it doesn't work? What
if you just see the same
boring old Web site? If that happens, it's because the
browser brought up
an old cached copy rather than your hacked one. So just
tell your friend to
click "view" then "reload" and it will bring
up your awful "hacked" Web site.
The amazing thing about this hack is that the window of the
the URL of your friend's real Web site. If your victim
gives the command
"netstat," under the "Foreign Address" column
it will show the URL of the
victim's real Web site. The only way the victim can tell
his or her Web
browser isn't connected to the real Web site is to give the command
-n." This will reveal the numerical address of your
Web site instead of the
victim's Web site.
How does this hack work? If you have Windows 98, there
is a file that
explains this, "hosts.sam." However, this file
gives a boring and highly
technical explanation. The Happy Hacker explanation is
that the "hosts"
file allows you to save time by having your home computer translate
name of a Web site into a numerical IP address instead of having
server somewhere on the Internet do it for you.
Oh, yes, this hack also works on Windows NT. The hosts
file is in
If you look closely, you will find some sort of hosts file
already exists or
can be created on almost any operating system which is capable
to the Internet.
Have fun spoofing hacked Web sites. However, if you
get punched in the nose
-- remember, I warned you!
*** Antionline Back Online!
Want hacker news that gets the stories straight? John
http://www.antionline.com is back up and better than ever! Vranesevich,
is only 20 years old, is already famous as one of the world's
journalists covering hacker news. He also is a pretty good
systems administrator -- a rare combination. He knows what
he is writing
about, unlike most reporters who are at the mercy of whatever
law enforcement officials and computer criminals feed them.
Vranesevich even has a portion of his site where you can see
being made against Antionline.com. Guess what -- someone
doesn't want him
to be on the Internet. These someones are obviously computer
since you can watch them trying -- quite unsuccessfully -- to
computer crime against him.
*** Hackernews.com Screws up Yet Again
If you enjoy reading inaccurate or just plain bogus "news"
http://www.hackernews.com should be entertaining for you.
Hackernews.com was infamous for putting out a phony story about
and his allies in the Legion of Downloading supposedly declaring
China and Iraq. There appears that there was NO TRUTH to
However, the national media spread the story around, assuming
folks at hackernews.com had some facts behind the story.
Imagine how Bronc Buster must have felt when all of a sudden
his name was
splashed across many news stories for something that apparently
was just a
rumor started on Internet Relay Chat (IRC). Then the L0pht
Hackernews.com), the Cult of the Dead Cow and several other hacker
put out a joint press statement condemning this supposed declaration
against China and Iraq -- getting themselves lots of publicity.
Another phony Hackernews.com story was a report that Antionline.com
hacked. Baloney, says its owner Vranesevich!
Last week Hackernews.com decided to manufacture yet more news
(yes, I'm a frequent target). Here's the story in
contributed by Weld Pond
Carolyn Meinel, a self-described computer security
consultant had this to say "It's in a foreign country, and
they're not gonna extradite a whole room full of geeks,"
while attempting to crack a computer in Poland during a
demonstration in a crowded University of New Mexico
classroom to the local group New Mexicans for Science
Anyone who feels that this reasoning is ample
justification for breaking into a site is likely to have a
visit by some Men in Black.
This story is simply baloney. True, I gave a demonstration
for a meeting of
New Mexicans for Science and Reason of how to "hack"
a Polish computer. It
was written up in a story in the Albuquerque Journal along with
description of the difference between "hacking" (just
playing and exploring)
and "cracking" (trying to break in). In my demonstration
I port scanned the
target computer, and showed how to evaluate the services running
on the open
ports. We found an unusual service on port 69 which
looked like a back
door. At the end of the demonstration I emailed the sysadmins
of the target
computer with a list of some vulnerabilities I found. At
no time did I
attempt to "crack" this computer.
I did make a joke about extraditing a room full of geeks.
So what? Since
when is it a newsworthy crime to crack jokes? Duh, fellas!
Pond might have the excuse that he does not grasp the distinction
hacking and cracking. However, Pond is a respected computer
expert. In fact, he has demonstrated awesome abilities
which I admire. In
any case, he could have found out what I really did at that meeting
by emailing either me or phoning me. The fact is, Pond
has never contacted
me for input to any of the "news" stories he has written
If any one wonders what I really did at that meeting, the
President of New
Mexicans for Science and Reason is willing to answer emails on
question. He's Dave Thomas, <firstname.lastname@example.org>.
And, for the record -- I am AGAINST breaking into computers
*** Pentium III Serial Number Cracked
Feb. 28, 1999
On February 26, 1999, Owl Services, publisher of OSAll
http://www.aviary-mag.com released an article about security
flaws in the
yet-to-be-released Intel Pentium III processor.
The article informed visitors to the site that an OSAll writer
(who asked to
remain anonymous) has 'cracked' the Pentium III serial number
scheme. The flaw was uncovered in a system using a 450
MHz Pentium III
processor on an Abit motherboard with a beta version of an Award
OSAll Editor-In-Chief Mike Hudack (referred to on the website
Wiggin) has not independently verified the story, but has seen
the hack in
action. Although it is not news that the serial number
feature can be
hacked, this article sheds new light on the subject: the writer
was able to
determine the processor's serial number without activating the
feature, without a reboot, and without warning to the user.
log information or any other tell tales exist. There is
absolutely no way
for the user to realize that he or she has been hacked.
For more information, please contact Mike Hudack through his
203-332-2470 or through e-mail: mailto:email@example.com.
Mike Hudack, editor of OSAll, is a fifteen-year-old high school
Fairfield, CT. He maintains the website in his spare time,
between babysitting and computer sales.
OSAll originally debuted on a personal site, javanet.com/~owlclone,
six months ago. Since then, the site grew both in content
until transferred to its own domain: aviary-mag.com. Since
page views have surpassed the 110,000 mark.
Mike Hudack is also webmaster of the Happy Hacker Digest,
founded by Carolyn
Meinel. The website can be found at happyhacker.org.
This is a list devoted to *legal* hacking! If you plan to
information in this Digest or at our Web site to commit crime,
Foo on you! Don't email us bragging about any crimes you may
We mean it.
For Windows questions, email firstname.lastname@example.org or email@example.com
For Unix questions, contact firstname.lastname@example.org.
For Macs, email Strider <email@example.com>
Happy Hacker staff: Unix editor, <firstname.lastname@example.org>;
Windows editor, Keydet89 <email@example.com>; postmasters
Zerulik and William Lewis <>; Hacker
Vincent Larsen <firstname.lastname@example.org>; Wargame Sysadmin,
<Satori@rt66.com>; Clown Princess: Carolyn Meinel <>
Happy Hacker is a 501 (c) (3) tax deductible organization
in the United States operating under Shepherd's Fold Ministries.
This is all a plot to save your immortal souls!