Thee Under Ground Presents How to Hack (http://www.theeunderground.com/) The Confessions of a Hacker By Natas Selur So you want to HACK. First, this How To Guide comes with one CONDITION. If you use these methods to gain access to a system you AGREE to cause no malicious damage to a system by using these techniques. If you want to trash systems read a How to Crack manual. Hackers don't CRACK systems, they HACK a system to gain CONTROL of it. CONTROL is the main word in HACKING. DESTROY is the main word in CRACKING. If you use these techniques to CRACK systems then the CURSE of NATAS SELUR be upon thee. BTW, Natas Selur is Rules Satan backwards. Types of Hacks in this How To Manual. 1. Simple PC or Network Hack 2. School or University Hack 3. Commercial Server Hack 4. Government and Military Hack Beware, LAWS exist that can Penalize you if you HACK or CRACK a system. Personally I'd never admit to HACKING a system, but this info does indeed work. Some of the methods are widely known, a few aren't as famous yet. Would I ever CRACK a system, only if I was at WAR with someone or something would I consider TRASHING a system. All though I'll state I have never CRACKED a system, I could see a reason to do such a thing if WAR on the WWW becomes a fact. If someone CRACKS you, then you have the right to CRACK them. If a government trys to do things against personal freedoms on the www, then they should be CRACKED wide open. Here are some great LINKS to other HACK sites, Enjoy NS, Spring 98 How to HACK a Personal or Work Net Computer The Personal or Work Net computer Hack is the easiest, since you have physical access to the computer in both cases. Most HACKERS don't start out as Hackers they start as thiefs. Most STEAL their first PW file from a Net using inside access, instead of Hacking into it remotely. Say, you're in a BS job for the summer and you see a person log onto the Work Net with a User name and PW near you. Bang, as soon as you can, you just log in as them and take your first PW file from a server as soon as you get the chance. All OS's (Operating Sytems ie. MS Net, Unix, etc) store PW's in encrypted files, all these encryption algorithms have Crack or programs to reveal these encrypted files, all the systems use proprietory algorithms to encrypt, so a Unix Crack unencrypts all Unix PW's and a NT Crack unencrypts all NT PW's. If you know where to look for these files on the server you have access to, you can copy the file onto a floppy in seconds or even email it to a fake email account in seconds. You can then use a CRACK PW program at home and wammo, you have everyone's PW's after the CRACK program does it's job. YOU THEN CONTROL THAT NET at your BS job. For a personal computer HACK, you can again watch someone either log in while you are talking to them, and when you have access to the keyboard (when they go to the bathroom), you can get root and take key info or install programs to allow you to have remote access. If your friend uses Win 95 and leaves the room for a few seconds while he is logged in, you have ROOT access, take out your pocket floppy and install whatever you want on his OPEN machine. Make your name come up in a screen saver or something to show them YOU HACKED THEM! If your friends Win 95 is in a secure mode when you have access and you don't know the PW, you can reboot his machine and ESC past any PW protection upon boot up. Once you have a hot keyboard, one that works, look in the machine for the PW file and take the PW for when the screen saver kicks in or change it to keep your friend out of his own machine. If you don't know where the PW file is kept on Windows, read your Windows manual. The same thing can happen in a school or University. Now, some folks aren't too bright, and they use their own User Account to access the Encrypted PW file of a School or Work Net. A smart Admin logs all such activity on his Net. A dummy Admin doesn't do it. So, a smart Hacker uses FAKE ID to get access to the Encrypted PW file. The person you STOLE the User Name and PW from looks like the culprit. Anyway, you have CONTROL of the Net once you get the PW's file, since you then have the Admins PW to Root and can do ANYTHING you want on their net, change permissions, erase or delete files or install programs to HACK other servers. You also have REMOTE access if the machine is ON LINE. The key to hacking is to get control of a server to then use it to HACK other servers from a non traceable dialup. The more servers you own ROOT on, the more POWER you have in the Game called HACK! Now, a Hacker CONTROLS Nets, a CRACKER Destroys Nets. If you want to be a non malicious explorer of Nets you can call yourself a Hacker, if you want to TRASH and DESTROY thinngs call yourself a CRACKER! You now know how to HACK a Personal or Work Net Computer. Go to our LINKS page and check out Hack sites and download files to CRACK Win NT, Unix and VMS PW files. When you CRACK your first PW file you can say you HACKED something. If you go back to the machine you HACKED and DESTROY anything you aren't a HACKER but a malicious person who shoul call themselves a CRACKER. Security Counter by Nick Natas explains very simply how easy it is to be hacked. Computers that are accessible to anyone with a keyboard and login can be hacked this easily. You can use techniques to stop simple hacks like this, teach your employees to make sure before they log in that NO ONE is WATCHING. Employ a physical key lockout on your CPU so no one can do a reboot ESC bypass. Better admins rework the OS (Operating System) to change typical directories that are preset by factory installs of OS's. If your PW's (Pass Words) are hidden in a simple and easy to find directory like everyone elses usually are from factory installs such as etc/passwd on Unix systems, such a hack is easier to do for the hacker. You can also shadow PW's to better hide them from such a simple hack. Avoid Sloppy Logins, and also make your employees use HARD PW's. Crack Programs to find encrypted PW's work off the easy to find PW's first. It's much harder to crack PW's that use non words and special character symbols in the PW. If you use names or words that are in a dictionary, your encrypted PW file can be cracked very easily. How to hack a University Computer by Natas Selur There are two levels of University or School Hacks. The first is physical access, it works exactly like the Hacks explained in Personal and Work Net Hacks. Read it and employ the physical access Hacks to a School University system you have physical access to. The Second HACK is really a Hack. You don't have physical access to the computer so you must BREAK INTO the system remotely. A simple Hack that still works on older Universities Networks is called the PHF Attack. You can have the PW file of server actually display on your browser by accessing the url of the University and then simply doing a PHF query from your browser url line. I'd say close to 98 or 99% of US Universities have the patch to stop this remote hack. To find the query to run the PHF query check out the Links page and go to sites about Hack, or lookup PHF in a search engine along with Hacking. You can get ID'd by a new program when running this hack, you dial up and time stamp info is recorded by the University's computer. That is why you don't use a real dialup to do hacking, a trace is left to you. You need a fake dialup. You can Hack Free Dialup accounts by searching for instructions about the ISP files you get when you run the Win 95 Connection Wizard. The Dialup number (which is toll free) the User ID the PW are all kept in plain text files. You can also just pay a local dialup company by cash in person with fake info or ID so your dial up is unknown to cover your tracks. If you use a dialup that traces to you, you will be found. Some use fake CC info to get temporary accounts as well, the CC algorithm to make valid numbers is on the internet, so you can make fake numbers to order temp dialups. It's against the law however to do that. If you like teaching people how to use the www, you can put up flyers in your neighborhoods grocery saying you teach on site www. Use a fake remote access number in your flyers, and when you set up your trainees you have their CC number and logins to use as you wish. Most University Hacks today use Exploits, there are tons of bugs in todays OS's and server includes, plus the Email Exploits are great. For info on all the various Exploits available and sample scripts to use, run a search on exploits hacking and email. Pick your choice and target a *.edu server. Enjoy. Counter Security by Nick The physical access counter is in the article Natas referred to. The PHF attack is rare today in Universities, since it is well know to admins, however, some lazy admins still have not patched this simple security hole. Exploits are the most used breaches of security on most systems today. An admin needs to join all the various maillists to keep abreast of most of these new techniques. The email exploits mentioned by Natas are indeed the easiest way for hackers to gain remote access to info in your system to help hackers. The web revolves around access to email, hackers exist because of email holes. Email, Email Exploits and hackers they all go together. How to Hack a Commercial Server or Web Site By Natas Selur Who hacks websites and pages, dudes that can't handle a real challenge. Want a bad reputation in Hack circles, Hack a web page and brag about it. You'll be laughed at. Simple ways to Hack a website or page is using deceit. You can set up fake accounts for email through places like hotmail or juno, then bitch and moan to free page sites your PW to the site you want to hack is lost and please send you one. If you get the personal info from the sites pages (most free page users keep their bios on page one, name, age etc.) you could easily dupe a rep from a free site to email your PW to the bogus email account. You can give fake info and set up a page and use exploits to Hack PW's, or cruise the PW file and run a Crack program on it. It's so easy to HACK a Commercial site or web page, that Hackers don't even consider it a true Hack. You have access to most commercial sites as a user, join and HACK it's that easy. Now a Commercial site that has it's own T and doesn't have anyone on it but inhouse users of the Corporation can be a little more challenger. However, most can be CRACKED with simple PW Dictionaries if you have a user name you can also get Users ID's and PW's from a sniffer running from a site you have hacked. Counter Security by Nick I wish all hackers thought like Natas, a lot of people enjoy trashing web pages. As Natas mentioned, it's all too easy. If you have a business running on a site with many commercial users, you can be hacked al too easily. All someone has to do is join with bogus info and run exploits internally through CGI scripts all comercial sites allow you to run, or if the admin is real sloppy, merely copy an encrypted PW file that users have access to. Once your PW is hacked your pages can be edited with ease. A business should have their own connection to the www and a secure internal server to display web pages, their intranet or network should run BEHIND A SECURE FIREWALL, that way you can stop the easy mutual user exploits and such that is common to commercial hosting sites with multiple users. How to Hack a Military or Government Site by Natas Selur Written for people that are already experienced in Hacking NEWBIES BEGONE! I strongly suggest you don't use these techniques to actually hack a gov or mil site. You'll end up in jail unless you are a MASTER of COVERING your tracks. Even then, you should only do it against a minor league country. If you try any of the big governments, you'll end up in Prison. In the US all Military sites have a MIL ending and Government sites have a GOV ending. So, pentagon.mil would be a name for a MIL site while nasa.gov will be a name for a GOV site. The White House has a site that's been Hacked and Cracked. Most of these sites function just like any other site, they use the same TCP and IP protocols and most of the servers use the same OS as other types of sites. I've heard some top secret servers that use custom OS's and such, but I've never seen any examples of it. Still, basic rules apply to any 2D server. You have a processor that understands two things 1 and 0. If you want to really HACK a Mil or Gov site, brush up on Absolute and Assembler, since any pseudo programs have to eventually get to binary to be processed. Make sure you only use a weak link to enter the system and chain proxy out the ying yang to cover your dial up. The Gov and Mil security will find you even if you use fake dialups. The Phone system is fully traceable while you are HOT. A erver that doesn't keep classified info is your entry point in this type of Hack, you come in from a proxy chain, then you search for a door to some more sensitive info or a bunch of similar low level machines. By chaining through the lower levels of GOV and Mil sites when you attack the real target, you can then put in safety nets to mislead the real security guys you will encounter when you finally hit the sensitive material secure servers. Upon your final Attack, you will need to put into your low level root machines all types of shadow tricks, log creators log trashers etc. Because when the higher level machines discover you, they will rely upon the lower machines to ID you, and you will use them to hide you. Pure cat and mouse this type of HACK! By having a TEMPORARY NET under the High Level machines, you can CONTROL what they are looking for to ID you, when you are discovered. Think of it like this, the GOV and Mil sites are like a pyramid. The Top of the Pyramid is the real sensitive info, your entry will be discovered there, GUARANTEED. Before you attempt to ROOT the Top of the GOV or MIL sites, you core out the base of the Pyramid. You gain Root Control server by server of the overall pyramid. If you do your HACK right on the low level machines before you HACK the higher levels, you can daisy proxy and shadow through the Gov and Mils own sites UNTRACEABLE at the time of your ATTACK, making temporary false logs to cover you with their own servers. And then TRASHING the Logs and Nets at the end of the ATTACK. The end result, a trace gets lost in their own systems during the ATTACK, since YOU CONTROL their routing searches into your entry machines by having root over about 20 machines. To do such a HACK correctly you would need a TEAM of Hacks communicating to intercept the Gov and Mil commands when your trail is being researched by the security guys in the top. A scenario would look like this, you spend a ton of time Hacking low level unsecure servers to eventually build a safety net so when you are at the top, you can FALL BACK into a controlled enviornment, to lose the security people at the top secure server. You own root of about 20 unsecure servers through back doors from all your low level Hacks, you may have preinstalled some security nets in your low level Hacks to TURN ON when the Heat from above starts looking for who is HACKING into the Top Level Servers, I would suggest you have Team Players in control of root servers that will be used as a Net. You should be uploading the Nets as the action gets hot. That way, your Nets aren't in files that have been backed up for days or weeks, when a Net is needed, your Team puts it in through Root control as soon at it is loaded and after it is used an auto delete and trash program is run to CRACK your Net so the Security guys can't even see what you built to deceive them. You will most likely find security defenses in the low level machines, programs installed to safeguard against an attack into a higher level machine. Downloading them and learning how they work will be your best offense when you ATTACK the top. If you try this type of HACK yourself, you probably can't monitor all the roots and upload all the nets when you get discovered, you would have to have several machines going at once and put in dormant Nets to activate when they are needed. Your clever progamming of Nets will be discovered in the backups of your low level machines that took time to Hack. Now, if this type of Hack is done right, you eventually reach very secure machines that rely on lower machines to find out where an attack is coming from. When the security team hits a server that you CONTROL, you can temporarilty mislead the security team by telling their secure severs what ever you want. However, if you leave the logs in place they will find out how you did it, so erasing your foot steps is the key. You can't HACK a mil or gov system without also CRACKING it. You must DESTROY LOGS in this type of Hack and DESTROY various sectors of hard drives that temporarilty held your nets. If you don't destroy harddrives, then erased logs and nets will be undeleted. When I say DESTROY, I mean you to have use erase programs that the Pentagon uses, it writes say 100 times OVER the info you need to DESTROY. That way Mil and Gov defragmenting programs can't unerase what you deleted. The Hard Drives are useable after such an erase, so you don't DESTROY them physically, but you must CRACK the Logs and Nets or you will be found even if you delete logs and nets. Also, by only uploading your Nets at the last moment to activate when you are found while HACKING the top of the pyramid, makes your ID during the Hack all that more protected. The key to a Gov or Mil attack is to be prepared for what the security team will throw at you, that is tracers. Their job is find you, turn off your entry and then arrest you. If you realize Logs of entry machines is their only trail, you have to CONTROL the low level Logs and roots to stop or delay searches while you are in the Hack. If your Hack is compromised, your phone will be traced to. So the last precaution is to use a non traceable connection to your intitial entry point. That way, if the nets don't work, when the Feds find the originating source for the dialup they will be looking for you in a Hotel Room, or a leased apartment to a fake ID. Don't leave fingerprints behind when the final attack is done, don't brag about it, and do it from a place you have never been in. Far away from where you live. Now, if you plant dormant Nets before you do your FINAL ATTACK, they will exist on BACKUP files of the machines you controlled before the final HACK is done. The safest step is to only leave low level root doors to bounce from Net to Net in your FINAL ATTACK, your path is again less traceable, since your Nets are only uploaded when you need to start your smoke and mirrors routine. You don't use low level servers you Hack to do anything once you root them. This is a sample of such a Hack, lets say some ancient low level servers with old non classified crap is your entry machines, lets say there are 12 machines you Hack in this level, you CONTROL them through Root, you always shadow log or erase logs in your proxy so there is no trace to your outside proxy chains when ever you enter to Hack this type of machine. Once you gain root of such a machine, DON'T USE IT UNTIL the FINAL ATTACK! The time comes to move up the ladder, some newer servers still with non classified crap is your next level of Hack. You need about 6 machines that you again own through Root, you don't put in any Nets yet. You may come across security at this point and if you do, you must trash any low level entry points or bs remote roots you used to Hack into this level if you get locked onto. Now you own two levels of the pyramid, the third level is the toughest, it is secure severs where you have to use completely new unknown programs to Hack these targets. They shouldn't be TOP LEVEL Servers, just machines with low to mid level security. If you use some of your lower level servers to hack at this level, you might have to trash most of your lower level to reach say 3 servers in this point. You need to replace what ever you lose below to maintain this final level before you attempt the Top. For this example, you would need 12 low level non secure servers, 6 mid level non secure or low secure servers, 3 mid level mid secure servers. That's 21 Gov or Mil Roots you need to OWN. All with no programs or nets left behind by you so your chances of being discovered before the real HACK is moot. You simply gained Root and left it in the BANK as a valuable asset to use in your real HACK of the Top of the Pyramid. When you attempt to mount the top and take root, the pyramid becomes like a house of cards. The Mil and Gov people use systems you CONTROL to see who you are. You have 21 servers they need to find you, all doing WHAT YOU WANT! As you lose control of the low level machines, your house of CARDS starts to fall. They can simply turn off comprmised low level servers once they realize you are shadowing yourself. When you hit the Top of the Pyramid and knock on their front door from one server, you bang it again with another, then another, when they trace the lower level bangs on their front door, you create all kinds of smoke and mirror routes to shadows. Your nets start being uploaded right before the assault beings, your log erasers and trashers start to kick in as you lose low level nets. With enough time you could Hack Root of the top through various methods, however what took most likely months to organize could all be shot in minutes. You would be the commander in the largest assualt on a secure Mil or Gov server if you follow this GAME PLAN. What would you end up controlling? Root of the world perhaps. If you have targets in mind for what is at the top, you could install programs if you gain Root, to change protocols for other servers and programs and launch who knows what. As long as the world and governments depend upon 2D Technolgy, there is no such thing as a Secure Server. As long as it has an OS, a keyboard, a Floppy or a port to another machine, it isn't SECURE. Remember, if you attempt a Hack like this, you will be hunted and if not KILLED for being the most dangerous person on Earth, you will end up in Prison. I've only done this Hack on paper and pencil, and in my dreams. I enjoy freedom, so I would never use this attack. However, if a certain country became a facist regime, I would join an opposition force and employ this Hack to CRACK EVIL!