n the following file, all references made to the name Unix, may also be
substituted to the Xenix operating system.
Brief history: Back in the early sixties, during the development of third
generation computers at MIT, a group of programmers studying the potential of
computers, discovered their ability of performing two or more tasks
simultaneously. Bell Labs, taking notice of this discovery, provided funds for
their developmental scientists to investigate into this new frontier. After
about 2 years of developmental research, they produced an operating system they
called "Unix".
Sixties to Current: During this time Bell Systems installed the Unix system
to provide their computer operators with the ability to multitask so that they
could become more productive, and efficient. One of the systems they put on the
Unix system was called "Elmos". Through Elmos many tasks (i.e. billing,and
installation records) could be done by many people using the same mainframe.
Note: Cosmos is accessed through the Elmos system.
Current: Today, with the development of micro computers, such multitasking
can be achieved by a scaled down version of Unix (but just as powerful).
Microsoft,seeing this development, opted to develop their own Unix like system
for the IBM line of PC/XT's. Their result they called Xenix (pronounced
zee-nicks). Both Unix and Xenix can be easily installed on IBM PC's and offer
the same functions (just 2 different vendors).
Note: Due to the many different versions of Unix (Berkley Unix, Bell System
III, and System V the most popular) many commands following may/may not work. I
have written them in System V routines. Unix/Xenix operating systems will be
considered identical systems below.
How to tell if/if not you are on a Unix system: Unix systems are quite common
systems across the country. Their security appears as such:
Login; (or login;)
password:
When hacking on a Unix system it is best to use lowercase because the Unix
system commands are all done in lower- case.
Login; is a 1-8 character field. It is usually the name (i.e. joe or fred)
of the user, or initials (i.e. j.jones or f.wilson). Hints for login names can
be found trashing the location of the dial-up (use your CN/A to find where the
computer is).
Password: is a 1-8 character password assigned by the sysop or chosen by the
user.
Common default logins
--------------------------
login; Password:
root root,system,etc..
sys sys,system
daemon daemon
uucp uucp
tty tty
test test
unix unix
bin bin
adm adm
who who
learn learn
uuhost uuhost
nuucp nuucp
If you guess a login name and you are not asked for a password, and have
accessed to the system, then you have what is known as a non-gifted account. If
you guess a correct login and pass- word, then you have a user account. And,
if you guess the root password, then you have a "super-user" account. All Unix
systems have the following installed to their system: root, sys, bin, daemon,
uucp, adm
Once you are in the system, you will get a prompt. Common prompts are:
$
%
#
But can be just about anything the sysop or user wants it to be.
Things to do when you are in: Some of the commands that you may want to try
follow below:
who is on (shows who is currently logged on the system.)
write name (name is the person you wish to chat with)
To exit chat mode try ctrl-D.
EOT=End of Transfer.
ls -a (list all files in current directory.)
du -a (checks amount of memory your files use;disk usage)
cd\name (name is the name of the sub-directory you choose)
cd\ (brings your home directory to current use)
cat name (name is a filename either a program or documentation your username
has written)
Most Unix programs are written in the C language or Pascal since Unix is a
programmers' environment.
One of the first things done on the system is print up or capture (in a
buffer) the file containing all user names and accounts. This can be done by
doing the following command:
cat /etc/passwd
If you are successful you will a list of all accounts on the system. It
should look like this:
root:hvnsdcf:0:0:root dir:/:
joe:majdnfd:1:1:Joe Cool:/bin:/bin/joe
hal::1:2:Hal Smith:/bin:/bin/hal
The "root" line tells the following info :
login name=root
hvnsdcf = encrypted password
0 = user group number
0 = user number
root dir = name of user
/ = root directory
In the Joe login, the last part "/bin/joe " tells us which directory is his
home directory (joe) is.
In the "hal" example the login name is followed by 2 colons, that means that
there is no password needed to get in using his name.
Conclusion: I hope that this file will help other novice Unix hackers obtain
access to the Unix/Xenix systems that they may find. There is still wide growth
in the future of Unix, so I hope users will not abuse any systems (Unix or any
others) that they may happen across on their journey across the electronic
highways of America. There is much more to be learned about the Unix system
that I have not covered. They may be found by buying a book on the Unix System
(how I learned) or in the future I may write a part II to this........
source taken from http://www.totse.com/en/hack/hack_attack/bhacking.html
Sunday, June 15, 2008
The Beginner Hacking
What is hacking?
----------------
According to popular belief the term hacker and hacking was founded at mit
it comes from the root of a hack writer,someone who keeps "hacking" at
the typewriter until he finishes the story.a computer hacker would be
hacking at the keyboard or password works.
What you need:
--------------
To hack you need a computer equipped with a modem (a device that lets you
transmit data over phone lines) which should cost you from $100 to $1200.
How do you hack?
----------------
Hacking recuires two things:
1. The phone number
2. Answer to identity elements
How do you find the phone #?
----------------------------
There are three basic ways to find a computers phone number.
1. Scanning,
2. Directory
3. Inside info.
What is scanning?
-----------------
Scanning is the process of having a computer search for a carrier tone.
For example,the computer would start at (800) 111-1111 and wait for carrier
if there is none it will go on to 111-1112 etc.if there is a carrier it
will record it for future use and continue looking for more.
What is directory assictance?
-----------------------------
This way can only be used if you know where your target computer is. For this
example say it is in menlo park, CA and the company name is sri.
1. Dial 411 (or 415-555-1212)
2. Say "Menlo park"
3. Say "Sri"
4. Write down number
5. Ask if there are any more numbers
6. If so write them down.
7. Hang up on operator
8. Dial all numbers you were given
9. Listen fir carrier tone
10. If you hear carrier tone write down number, call it on your modem and your
set to hack!
_____________________________________________________________________________
The Basics of Hacking II
Basics to know before doing anything, essential to your continuing
career as one of the elite in the country... This article, "the
introduction to the world of hacking" is meant to help you by telling you
how not to get caught, what not to do on a computer system, what type of
equipment should I know about now, and just a little on the history, past
present future, of the hacker.
Welcome to the world of hacking! We, the people who live outside of the
normal rules, and have been scorned and even arrested by those from the
'civilized world', are becomming scarcer every day. This is due to the
greater fear of what a good hacker (skill wise, no moral judgements
here)|can do nowadays, thus causing anti- hacker sentiment in the masses.
Also, few hackers seem to actually know about the computer systems they
hack, or what equipment they will run into on the front end, or what they
could do wrong on a system to alert the 'higher' authorities who monitor
the system. This article is intended to tell you about some things not to
do, even before you get on the system. I will tell you about the new wave
of front end security devices that are beginning to be used on computers.
I will attempt to instill in you a second identity, to be brought up at
time of great need, to pull you out of trouble. And, by the way, I take no, repeat,
no, responcibility for what we say in this and the forthcoming articles.
Enough of the bullshit, on to the fun: after logging on your favorite bbs,
you see on the high access board a phone number! It says it's a great
system to "fuck around with!" This may be true, but how many other people
are going to call the same number? So: try to avoid calling a number
given to the public. This is because there are at least every other
user calling, and how many other boards will that number spread to?
If you call a number far, far away, and you plan on going thru an
extender or a re-seller, don't keep calling the same access number
(I.E. As you would if you had a hacker running), this looks very suspicious
and can make life miserable when the phone bill comes in the mail.
Most cities have a variety of access numbers and services,
so use as many as you can. Never trust a change in the system...
The 414's, the assholes, were caught for this reason: when one of them
connected to the system, there was nothing good there. The next time,
there was a trek game stuck right in their way! They proceded to play said
game for two, say two and a half hours, while telenet was tracing them!
Nice job, don't you think? If anything looks suspicious, drop the line
immediately!! As in, yesterday!! The point we're trying to get accross is:
if you use a little common sence, you won't get busted. Let the little
kids who aren't smart enough to recognize a trap get busted, it will take
the heat off of the real hackers. Now, let's say you get on a computer
system... It looks great, checks out, everything seems fine.
Ok, now is when it gets more dangerous. You have to know the computer
system to know what not to do.
Basically, keep away from any command something, copy a new file into the
account, or whatever! Always leave the account in the same status you
logged in with. Change *nothing*... If it isn't an account with priv's,
then don't try any commands that require them! All, yes all, systems are
going to be keeping log files of what users are doing, and that will
show up. It is just like dropping a trouble-card in an ESS system,
after sending that nice operator a pretty tone.
Spend no excessive amounts of time on the account in one stretch.
Keep your calling to the very late night ifpossible, or during
business hours (believe it or not!). It so happens
that there are more users on during business hours, and it is very
difficult to read a log file with 60 users doing many commnds every minute.
Try to avoid systems where everyone knows each other, don't try to bluff.
And above all: never act like you own the system, or are the best there
is. They always grab the people who's heads swell... There is some very
interesting front end equipment around nowadays, but first let's
define terms... By front end, we mean any device that you must
pass thru to get at the real computer. There are devices that are made to
defeat hacker programs, and just plain old multiplexers.
To defeat hacker programs, there are now devices that pick up the phone
and just sit there... This means that your device gets no carrier,
thus you think there isn't a computer on the other end. The
only way around it is to detect when it was picked up. If it pickes up
after the same number ring, then you know it is a hacker-defeater.
These devices take a multi-digit code to let you into the system.
Some are, in fact, quite sophisticated to the point where it
will also limit the user name's down, so only one name or set of names
can be valid logins after they input the code... Other devices input a
number code, and then they dial back a pre-programmed number for that code.
These systems are best to leave alone,
because they know someone is playing with their phone. You may think "but
i'll just reprogram the dial-back." Think again, how stupid that is...
Then they have your number, or a test loop if you were just a little
smarter. If it's your number, they have your balls (if male...),
If its a loop, then you are screwed again, since those loops
are *monitored*. As for multiplexers... What a plexer is supposed
to do is this:
The system can accept multiple users. We have to time share, so we'll let
the front-end processor do it... Well, this is what a multiplexer does.
Usually they will ask for something like "enter class" or "line:". Usually
it is programmed for a double digit number, or a four to five letter word.
There are usually a few sets of numbers it accepts, but those numbers also
set your 300/1200/2400 baud data type.
These multiplexers are inconvenient at best, so not to worry. A little
about the history of hacking: hacking, by my definition, means a great
knowledge of some special area. Doctors and lawyers
are hackers of a sort, by this definition. But most often, it is
being used in the computer context, and thus we have a definition of
"anyone who has a great amount of computer or telecommunications
knowledge." You are not a hacker because you have a list of codes...
Hacking, by my definition, has then been around only about 15 years.
It started, where else but, mit and colleges where they had computer
science or electrical engineering departments.
Hackers have created some of the best computer languages, the
most awesome operating systems, and even gone on to make millions.
Hacking used to have a good name, when we could honestly say
"we know what we are doing". Now it means (in the public eye):
the 414's, ron austin, the nasa hackers, the arpanet hackers...
All the people who have been caught,
have done damage, and are now going to have to face fines and sentences.
Thus we come past the moralistic crap, and to our purpose: educate the
hacker community, return to the days when people actually knew something...
_______________________________________________________________________________
Hacking TRW
When you call TRW, the dial up will identify itself with the message "TRW".
It will then wait for you to type the appropiate answer back (such as CTRL-G)
Once This has been done, the system will say "CIRCUIT BUILDING IN PROGRESS"
Along with a few numbers. After this, it clears the screen
(CTRL L) followed by a CTRL-Q. After the system sends the CTRL-Q, It is
ready for the request. You first type the 4 character identifyer for the
geographical area of the account..
(For Example) TCA1 - for certain Calif. & Vicinity subscribers.
TCA2 - A second CALF. TRW System.
TNJ1 - Their NJ Database.
TGA1 - Their Georgia Database.
The user then types A and then on the next line, he must type
his 3 char. Option. Most Requests use the RTS option.
OPX, RTX, and a few others exist. (NOTE) TRW will accept an A, C,
or S as the 'X' in the options above.) Then finally, the user types his 7
digit subscriber code. He appends his 3-4 character password after it. It
seems that if you manage to get hold of a TRW Printout (Trashing at Sears,
Saks, ETC. or from getting your credit printout from them) Their subscriber
code will be on it leaving only a 3-4 character p/w up to you.
For Example,
(Call the DialUp)
TRW System Types, ST) CTRL-G
(You type,YT) Circuit building in progress 1234
(ST) CTRL-L CRTL-Q (TCA1 CYT) BTS 3000000AAA
(YT]
Note: This sytem is in Half Duplex, Even Parity, 7 Bits per word and
2 Stop Bits.
CAUTION: It is a very stressed rumor that after typing in the TRW
password Three (3) times.. It sets an Automatic Number Identification on your
ass, so be careful. And forget who told you how to do this..
_____________________________________________________________________________
More TRW Info
Trw is a large database in which company's and banks can run credit
checks on their customers. Example: John Jones orders 500$ worth of stereo
equipment from the Joe Blow Electronic distributtng Co. Well it could be that
he gave the company a phony credit card number, or doesn't have enough credit,
etc. Well they call up Trw and then run a check on him, trw then lists his
card numbers (everything from sears to visa) and tells the numbers, credit,
when he lost it last (if he ever did) and then of course tells if he has had
any prior problems paying his bills.
I would also like to add that although Trw contains information on
millions of people, not every part of the country is served, although the major
area are.. So if you hate someone and live in a small state, you probably
wont be able to order him 300 pink toilet seats from K-mart.
Logging on
==========
To log on, you dial-up your local access number (or long-distance, what
ever turns you on) and wait for it to say "trw" at this promt, you type
either an "A" or a "Ctrl-G" and it will say "circuit building in progress"
it will wait for a minute and then clear the screen, now you will type
one of the following.
Tca1
Tca2
Tnj1
Tga1
This is to tell it what geographical area the customer is in, it really
doesnt matter which you use, because trw will automatically switch when
it finds the record..
Next, you will type in the pswd and info on the person you are trying to
get credit info on: you type it in a format like this:
Rts Pswd Lname Fname ...,House number First letter of street name Zip
now you type ctrl s and 2 ctrl q's here is what it looks like in real life:
Ae: Dialing xxx-xxx-xxxx
(screen clear)
Trw ^G
circuit building in progress
(pause . . . screen clear)
Tca1
Rtc 3966785-cm5 Johnson David ...,4567
R 56785
^s ^q ^q
and then it will wait for a few seconds and print out the file on him
(if it can locate one for the guy)
note: you may have to push return when you first connect to get the systems
attention.
Getting Your Passwords
======================
To obtain pswds, you go down to your favorite bank or sears store and
dig through the trash (hence the name trashing) looking for printouts, if
they are a big enough place, and live in a trw area, then they will probably
have some. The printouts will have the 7 digit subscriber code, leaving the
3-4 digit pswd up to you. Much like trashing down at good old ma bell.
____________________________________________________________________________
Hacking Vax's & Unix
Unix is a trademark of At&t (and you know what that means)
_______________________________________
In this article, we discuss the unix system that runs on
the various vax systems. If you are on another unix-type system, some
commands may differ, but since it is licenced to bell, they can't make many
changes.
_______________________________________
Hacking onto a unix system is very difficult, and in this case, we advise
having an inside source, if possible. The reason it is difficult to hack a
vax is this: Many vax, after you get a carrier from them, respond=>
Login:
They give you no chance to see what the login name format is. Most commonly
used are single words, under 8 digits, usually the person's name. There is
a way around this: Most vax have an acct. called 'suggest' for people to
use to make a suggestion to the system root terminal. This is usually watched
by the system operator, but at late he is probably at home sleeping or
screwing someone's brains out. So we can write a program to send at the
vax this type of a message:
A screen freeze (Cntrl-s), screen clear (system dependant), about 255
garbage characters, and then a command to create a login acct., after which
you clear the screen again, then unfreeze the terminal. What this does:
When the terminal is frozen, it keeps a buffer of what is sent. well, the
buffer is about 127 characters long. so you overflow it with trash, and then
you send a command line to create an acct. (System dependant). after this
you clear the buffer and screen again, then unfreeze the terminal. This is
a bad way to do it, and it is much nicer if you just send a command to
the terminal to shut the system down, or whatever you are after...
There is always, *Always* an acct. called root, the most powerful acct.
to be on, since it has all of the system files on it. If you hack your
way onto this one, then everything is easy from here on...
On the unix system, the abort key is the Cntrl-d key. watch how many times
you hit this, since it is also a way to log off the system!
A little about unix architechture: The root directory, called root, is
where the system resides. After this come a few 'sub' root directories,
usually to group things (stats here, priv stuff here, the user log here...).
Under this comes the superuser (the operator of the system), and then
finally the normal users. In the unix 'Shell' everything is treated the same.
By this we mean: You can access a program the same way you access a user
directory, and so on. The way the unix system was written, everything,
users included, are just programs belonging to the root directory. Those
of you who hacked onto the root, smile, since you can screw everything...
the main level (exec level) prompt on the unix system is the $, and if you
are on the root, you have a # (superuser prompt).
Ok, a few basics for the system... To see where you are, and what paths
are active in regards to your user account, then type
=> pwd
This shows your acct. seperated by a slash with another pathname (acct.),
possibly many times. To connect through to another path,
or many paths, you would type:
You=> path1/path2/path3
and then you are connected all the way from path1 to path3. You can
run the programs on all the paths you are connected to. If it does
not allow you to connect to a path, then you have insufficient privs, or
the path is closed and archived onto tape. You can run programs this way
also:
you=> path1/path2/path3/program-name
Unix treats everything as a program, and thus there a few commands to
learn...
To see what you have access to in the end path, type=>
ls
for list. this show the programs you can run. You can connect to
the root directory and run it's programs with=>
/root
By the way, most unix systems have their log file on the root, so you
can set up a watch on the file, waiting for people to log in and snatch their
password as it passes thru the file. To connect to a directory, use the
command:
=> cd pathname This allows you to do what you want
with that directory. You may be asked for a password, but this is a good
ay of finding other user names to hack onto.
The wildcard character in unix, if you want to search down a path for
a game or such, is the *.
=> ls /*
Should show you what you can access. The file types are the same as they
are on a dec, so refer to that section when examining file. To see what is
in a file, use the
=> pr
filename command, for print file.
We advise playing with pathnames to get the hang of the concept. There
is on-line help available on most systems with a 'help' or a '?'.
We advise you look thru the help files and pay attention to anything
they give you on pathnames, or the commands for the system.
You can, as a user, create or destroy directories on the tree beneath you.
This means that root can kill everything but root, and you can kill any
that are below you. These are the
=> mkdir pathname
=> rmdir pathname
commands.
Once again, you are not alone on the system... type=>
who
to see what other users are logged in to the system at the time. If you
want to talk to them=>
write username
Will allow you to chat at the same time, without having to worry
about the parser. To send mail to a user, say
=> mail
And enter the mail sub-system. To send a message to all the users
on the system, say
=> wall
Which stands for 'write all'. By the way, on a few systems,
all you have to do is hit the key to end the message,
but on others you must hit the cntrl-d key.
To send a single message to a user, say
=> write username
this is very handy again! If you send the sequence of characters discussed
at the very beginning of this article, you can have the super-user terminal do
tricks for you again.
Privs:
If you want superuser privs, you can either log in as root, or edit your
acct. so it can say
=> su
this now gives you the # prompt, and allows you to completely by-pass the
protection. The wonderful security conscious developers at bell made it
very difficult to do much without privs, but once you have them, there
is absolutely nothing stopping you from doing anything you want to.
To bring down a unix system:
=> chdir /bin
=> rm *
this wipes out the pathname bin, where all the system maintenance files are.
Or try:
=> r -r
This recursively removes everything from the system except the remove
command itself.
Or try:
=> kill -1,1
=> sync
This wipes out the system devices from operation.
When you are finally sick and tired from hacking on the vax systems, just
hit your cntrl-d and repeat key, and you will eventually be logged out.
_______________________________________
The reason this file seems to be very sketchy is the fact that bell has 7
licenced versions of unix out in the public domain, and these commands are
those common to all of them. I recommend you hack onto the root or
bin directory, since they have the highest levels of privs, and there
is really not much you can do (except develop software) without them.
_________________________/\ This file downloaded from Trauma Hounds...
\ /\______________________________________________
Call these anarchy boards! \/
The People Farm ..................... 916-673-8412 ... 12- 2400 ... 24h/7d
Restaurant At End Of The Universe ... 718-428-6776 ... 12- 2400 ... 24h/7d
Ripco ............................... 312-528-5020 ... 12- 2400 ... 24h/7d
Shadows of IGA ...................... 707-527-7711 ... 24-19200 ... 24h/7d
Temple of the Screaming Electron .... 415-935-5845 ... 12- 2400 ... 24h/7d
Tommy's Holiday Camp ................ 604-361-1464 ... 12-19200 ... 24h/7d
Trauma Hounds ....................... 604-589-1570 ... 12-19200 ... 24h/7d
source taken from http://www.totse.com/en/hack/
----------------
According to popular belief the term hacker and hacking was founded at mit
it comes from the root of a hack writer,someone who keeps "hacking" at
the typewriter until he finishes the story.a computer hacker would be
hacking at the keyboard or password works.
What you need:
--------------
To hack you need a computer equipped with a modem (a device that lets you
transmit data over phone lines) which should cost you from $100 to $1200.
How do you hack?
----------------
Hacking recuires two things:
1. The phone number
2. Answer to identity elements
How do you find the phone #?
----------------------------
There are three basic ways to find a computers phone number.
1. Scanning,
2. Directory
3. Inside info.
What is scanning?
-----------------
Scanning is the process of having a computer search for a carrier tone.
For example,the computer would start at (800) 111-1111 and wait for carrier
if there is none it will go on to 111-1112 etc.if there is a carrier it
will record it for future use and continue looking for more.
What is directory assictance?
-----------------------------
This way can only be used if you know where your target computer is. For this
example say it is in menlo park, CA and the company name is sri.
1. Dial 411 (or 415-555-1212)
2. Say "Menlo park"
3. Say "Sri"
4. Write down number
5. Ask if there are any more numbers
6. If so write them down.
7. Hang up on operator
8. Dial all numbers you were given
9. Listen fir carrier tone
10. If you hear carrier tone write down number, call it on your modem and your
set to hack!
_____________________________________________________________________________
The Basics of Hacking II
Basics to know before doing anything, essential to your continuing
career as one of the elite in the country... This article, "the
introduction to the world of hacking" is meant to help you by telling you
how not to get caught, what not to do on a computer system, what type of
equipment should I know about now, and just a little on the history, past
present future, of the hacker.
Welcome to the world of hacking! We, the people who live outside of the
normal rules, and have been scorned and even arrested by those from the
'civilized world', are becomming scarcer every day. This is due to the
greater fear of what a good hacker (skill wise, no moral judgements
here)|can do nowadays, thus causing anti- hacker sentiment in the masses.
Also, few hackers seem to actually know about the computer systems they
hack, or what equipment they will run into on the front end, or what they
could do wrong on a system to alert the 'higher' authorities who monitor
the system. This article is intended to tell you about some things not to
do, even before you get on the system. I will tell you about the new wave
of front end security devices that are beginning to be used on computers.
I will attempt to instill in you a second identity, to be brought up at
time of great need, to pull you out of trouble. And, by the way, I take no, repeat,
no, responcibility for what we say in this and the forthcoming articles.
Enough of the bullshit, on to the fun: after logging on your favorite bbs,
you see on the high access board a phone number! It says it's a great
system to "fuck around with!" This may be true, but how many other people
are going to call the same number? So: try to avoid calling a number
given to the public. This is because there are at least every other
user calling, and how many other boards will that number spread to?
If you call a number far, far away, and you plan on going thru an
extender or a re-seller, don't keep calling the same access number
(I.E. As you would if you had a hacker running), this looks very suspicious
and can make life miserable when the phone bill comes in the mail.
Most cities have a variety of access numbers and services,
so use as many as you can. Never trust a change in the system...
The 414's, the assholes, were caught for this reason: when one of them
connected to the system, there was nothing good there. The next time,
there was a trek game stuck right in their way! They proceded to play said
game for two, say two and a half hours, while telenet was tracing them!
Nice job, don't you think? If anything looks suspicious, drop the line
immediately!! As in, yesterday!! The point we're trying to get accross is:
if you use a little common sence, you won't get busted. Let the little
kids who aren't smart enough to recognize a trap get busted, it will take
the heat off of the real hackers. Now, let's say you get on a computer
system... It looks great, checks out, everything seems fine.
Ok, now is when it gets more dangerous. You have to know the computer
system to know what not to do.
Basically, keep away from any command something, copy a new file into the
account, or whatever! Always leave the account in the same status you
logged in with. Change *nothing*... If it isn't an account with priv's,
then don't try any commands that require them! All, yes all, systems are
going to be keeping log files of what users are doing, and that will
show up. It is just like dropping a trouble-card in an ESS system,
after sending that nice operator a pretty tone.
Spend no excessive amounts of time on the account in one stretch.
Keep your calling to the very late night ifpossible, or during
business hours (believe it or not!). It so happens
that there are more users on during business hours, and it is very
difficult to read a log file with 60 users doing many commnds every minute.
Try to avoid systems where everyone knows each other, don't try to bluff.
And above all: never act like you own the system, or are the best there
is. They always grab the people who's heads swell... There is some very
interesting front end equipment around nowadays, but first let's
define terms... By front end, we mean any device that you must
pass thru to get at the real computer. There are devices that are made to
defeat hacker programs, and just plain old multiplexers.
To defeat hacker programs, there are now devices that pick up the phone
and just sit there... This means that your device gets no carrier,
thus you think there isn't a computer on the other end. The
only way around it is to detect when it was picked up. If it pickes up
after the same number ring, then you know it is a hacker-defeater.
These devices take a multi-digit code to let you into the system.
Some are, in fact, quite sophisticated to the point where it
will also limit the user name's down, so only one name or set of names
can be valid logins after they input the code... Other devices input a
number code, and then they dial back a pre-programmed number for that code.
These systems are best to leave alone,
because they know someone is playing with their phone. You may think "but
i'll just reprogram the dial-back." Think again, how stupid that is...
Then they have your number, or a test loop if you were just a little
smarter. If it's your number, they have your balls (if male...),
If its a loop, then you are screwed again, since those loops
are *monitored*. As for multiplexers... What a plexer is supposed
to do is this:
The system can accept multiple users. We have to time share, so we'll let
the front-end processor do it... Well, this is what a multiplexer does.
Usually they will ask for something like "enter class" or "line:". Usually
it is programmed for a double digit number, or a four to five letter word.
There are usually a few sets of numbers it accepts, but those numbers also
set your 300/1200/2400 baud data type.
These multiplexers are inconvenient at best, so not to worry. A little
about the history of hacking: hacking, by my definition, means a great
knowledge of some special area. Doctors and lawyers
are hackers of a sort, by this definition. But most often, it is
being used in the computer context, and thus we have a definition of
"anyone who has a great amount of computer or telecommunications
knowledge." You are not a hacker because you have a list of codes...
Hacking, by my definition, has then been around only about 15 years.
It started, where else but, mit and colleges where they had computer
science or electrical engineering departments.
Hackers have created some of the best computer languages, the
most awesome operating systems, and even gone on to make millions.
Hacking used to have a good name, when we could honestly say
"we know what we are doing". Now it means (in the public eye):
the 414's, ron austin, the nasa hackers, the arpanet hackers...
All the people who have been caught,
have done damage, and are now going to have to face fines and sentences.
Thus we come past the moralistic crap, and to our purpose: educate the
hacker community, return to the days when people actually knew something...
_______________________________________________________________________________
Hacking TRW
When you call TRW, the dial up will identify itself with the message "TRW".
It will then wait for you to type the appropiate answer back (such as CTRL-G)
Once This has been done, the system will say "CIRCUIT BUILDING IN PROGRESS"
Along with a few numbers. After this, it clears the screen
(CTRL L) followed by a CTRL-Q. After the system sends the CTRL-Q, It is
ready for the request. You first type the 4 character identifyer for the
geographical area of the account..
(For Example) TCA1 - for certain Calif. & Vicinity subscribers.
TCA2 - A second CALF. TRW System.
TNJ1 - Their NJ Database.
TGA1 - Their Georgia Database.
The user then types A
his 3 char. Option. Most Requests use the RTS option.
OPX, RTX, and a few others exist. (NOTE) TRW will accept an A, C,
or S as the 'X' in the options above.) Then finally, the user types his 7
digit subscriber code. He appends his 3-4 character password after it. It
seems that if you manage to get hold of a TRW Printout (Trashing at Sears,
Saks, ETC. or from getting your credit printout from them) Their subscriber
code will be on it leaving only a 3-4 character p/w up to you.
For Example,
(Call the DialUp)
TRW System Types, ST) CTRL-G
(You type,YT) Circuit building in progress 1234
(ST) CTRL-L CRTL-Q (TCA1 CYT) BTS 3000000AAA
Note: This sytem is in Half Duplex, Even Parity, 7 Bits per word and
2 Stop Bits.
CAUTION: It is a very stressed rumor that after typing in the TRW
password Three (3) times.. It sets an Automatic Number Identification on your
ass, so be careful. And forget who told you how to do this..
_____________________________________________________________________________
More TRW Info
Trw is a large database in which company's and banks can run credit
checks on their customers. Example: John Jones orders 500$ worth of stereo
equipment from the Joe Blow Electronic distributtng Co. Well it could be that
he gave the company a phony credit card number, or doesn't have enough credit,
etc. Well they call up Trw and then run a check on him, trw then lists his
card numbers (everything from sears to visa) and tells the numbers, credit,
when he lost it last (if he ever did) and then of course tells if he has had
any prior problems paying his bills.
I would also like to add that although Trw contains information on
millions of people, not every part of the country is served, although the major
area are.. So if you hate someone and live in a small state, you probably
wont be able to order him 300 pink toilet seats from K-mart.
Logging on
==========
To log on, you dial-up your local access number (or long-distance, what
ever turns you on) and wait for it to say "trw" at this promt, you type
either an "A" or a "Ctrl-G" and it will say "circuit building in progress"
it will wait for a minute and then clear the screen, now you will type
one of the following.
Tca1
Tca2
Tnj1
Tga1
This is to tell it what geographical area the customer is in, it really
doesnt matter which you use, because trw will automatically switch when
it finds the record..
Next, you will type in the pswd and info on the person you are trying to
get credit info on: you type it in a format like this:
Rts Pswd Lname Fname ...,House number First letter of street name Zip
now you type ctrl s and 2 ctrl q's here is what it looks like in real life:
Ae: Dialing xxx-xxx-xxxx
(screen clear)
Trw ^G
circuit building in progress
(pause . . . screen clear)
Tca1
Rtc 3966785-cm5 Johnson David ...,4567
R 56785
^s ^q ^q
and then it will wait for a few seconds and print out the file on him
(if it can locate one for the guy)
note: you may have to push return when you first connect to get the systems
attention.
Getting Your Passwords
======================
To obtain pswds, you go down to your favorite bank or sears store and
dig through the trash (hence the name trashing) looking for printouts, if
they are a big enough place, and live in a trw area, then they will probably
have some. The printouts will have the 7 digit subscriber code, leaving the
3-4 digit pswd up to you. Much like trashing down at good old ma bell.
____________________________________________________________________________
Hacking Vax's & Unix
Unix is a trademark of At&t (and you know what that means)
_______________________________________
In this article, we discuss the unix system that runs on
the various vax systems. If you are on another unix-type system, some
commands may differ, but since it is licenced to bell, they can't make many
changes.
_______________________________________
Hacking onto a unix system is very difficult, and in this case, we advise
having an inside source, if possible. The reason it is difficult to hack a
vax is this: Many vax, after you get a carrier from them, respond=>
Login:
They give you no chance to see what the login name format is. Most commonly
used are single words, under 8 digits, usually the person's name. There is
a way around this: Most vax have an acct. called 'suggest' for people to
use to make a suggestion to the system root terminal. This is usually watched
by the system operator, but at late he is probably at home sleeping or
screwing someone's brains out. So we can write a program to send at the
vax this type of a message:
A screen freeze (Cntrl-s), screen clear (system dependant), about 255
garbage characters, and then a command to create a login acct., after which
you clear the screen again, then unfreeze the terminal. What this does:
When the terminal is frozen, it keeps a buffer of what is sent. well, the
buffer is about 127 characters long. so you overflow it with trash, and then
you send a command line to create an acct. (System dependant). after this
you clear the buffer and screen again, then unfreeze the terminal. This is
a bad way to do it, and it is much nicer if you just send a command to
the terminal to shut the system down, or whatever you are after...
There is always, *Always* an acct. called root, the most powerful acct.
to be on, since it has all of the system files on it. If you hack your
way onto this one, then everything is easy from here on...
On the unix system, the abort key is the Cntrl-d key. watch how many times
you hit this, since it is also a way to log off the system!
A little about unix architechture: The root directory, called root, is
where the system resides. After this come a few 'sub' root directories,
usually to group things (stats here, priv stuff here, the user log here...).
Under this comes the superuser (the operator of the system), and then
finally the normal users. In the unix 'Shell' everything is treated the same.
By this we mean: You can access a program the same way you access a user
directory, and so on. The way the unix system was written, everything,
users included, are just programs belonging to the root directory. Those
of you who hacked onto the root, smile, since you can screw everything...
the main level (exec level) prompt on the unix system is the $, and if you
are on the root, you have a # (superuser prompt).
Ok, a few basics for the system... To see where you are, and what paths
are active in regards to your user account, then type
=> pwd
This shows your acct. seperated by a slash with another pathname (acct.),
possibly many times. To connect through to another path,
or many paths, you would type:
You=> path1/path2/path3
and then you are connected all the way from path1 to path3. You can
run the programs on all the paths you are connected to. If it does
not allow you to connect to a path, then you have insufficient privs, or
the path is closed and archived onto tape. You can run programs this way
also:
you=> path1/path2/path3/program-name
Unix treats everything as a program, and thus there a few commands to
learn...
To see what you have access to in the end path, type=>
ls
for list. this show the programs you can run. You can connect to
the root directory and run it's programs with=>
/root
By the way, most unix systems have their log file on the root, so you
can set up a watch on the file, waiting for people to log in and snatch their
password as it passes thru the file. To connect to a directory, use the
command:
=> cd pathname This allows you to do what you want
with that directory. You may be asked for a password, but this is a good
ay of finding other user names to hack onto.
The wildcard character in unix, if you want to search down a path for
a game or such, is the *.
=> ls /*
Should show you what you can access. The file types are the same as they
are on a dec, so refer to that section when examining file. To see what is
in a file, use the
=> pr
filename command, for print file.
We advise playing with pathnames to get the hang of the concept. There
is on-line help available on most systems with a 'help' or a '?'.
We advise you look thru the help files and pay attention to anything
they give you on pathnames, or the commands for the system.
You can, as a user, create or destroy directories on the tree beneath you.
This means that root can kill everything but root, and you can kill any
that are below you. These are the
=> mkdir pathname
=> rmdir pathname
commands.
Once again, you are not alone on the system... type=>
who
to see what other users are logged in to the system at the time. If you
want to talk to them=>
write username
Will allow you to chat at the same time, without having to worry
about the parser. To send mail to a user, say
And enter the mail sub-system. To send a message to all the users
on the system, say
=> wall
Which stands for 'write all'. By the way, on a few systems,
all you have to do is hit the
but on others you must hit the cntrl-d key.
To send a single message to a user, say
=> write username
this is very handy again! If you send the sequence of characters discussed
at the very beginning of this article, you can have the super-user terminal do
tricks for you again.
Privs:
If you want superuser privs, you can either log in as root, or edit your
acct. so it can say
=> su
this now gives you the # prompt, and allows you to completely by-pass the
protection. The wonderful security conscious developers at bell made it
very difficult to do much without privs, but once you have them, there
is absolutely nothing stopping you from doing anything you want to.
To bring down a unix system:
=> chdir /bin
=> rm *
this wipes out the pathname bin, where all the system maintenance files are.
Or try:
=> r -r
This recursively removes everything from the system except the remove
command itself.
Or try:
=> kill -1,1
=> sync
This wipes out the system devices from operation.
When you are finally sick and tired from hacking on the vax systems, just
hit your cntrl-d and repeat key, and you will eventually be logged out.
_______________________________________
The reason this file seems to be very sketchy is the fact that bell has 7
licenced versions of unix out in the public domain, and these commands are
those common to all of them. I recommend you hack onto the root or
bin directory, since they have the highest levels of privs, and there
is really not much you can do (except develop software) without them.
_________________________/\ This file downloaded from Trauma Hounds...
\ /\______________________________________________
Call these anarchy boards! \/
The People Farm ..................... 916-673-8412 ... 12- 2400 ... 24h/7d
Restaurant At End Of The Universe ... 718-428-6776 ... 12- 2400 ... 24h/7d
Ripco ............................... 312-528-5020 ... 12- 2400 ... 24h/7d
Shadows of IGA ...................... 707-527-7711 ... 24-19200 ... 24h/7d
Temple of the Screaming Electron .... 415-935-5845 ... 12- 2400 ... 24h/7d
Tommy's Holiday Camp ................ 604-361-1464 ... 12-19200 ... 24h/7d
Trauma Hounds ....................... 604-589-1570 ... 12-19200 ... 24h/7d
source taken from http://www.totse.com/en/hack/
Subscribe to:
Posts (Atom)