************************************************************************** ************************************************************************** *********************** NEWBIES HANDBOOK ****************************** ************** HOW TO BEGIN IN THE WORLD OF H/P ************************ ********************** BY : PlowskĄ Phreak *********************************** *************************************************************************** *************************************************************************** Disclaimer- I am not responsible for any of the information in this document, if it is used for any other purpose than educational reading. Some of the information on this page can be used illegally if the reader does not act responsible. The reader is responsible for his own actions. You can copy anything from this file to any other file as long as you quote, dont change it up, and give me the proper credit...like: NEWBIES HANDBOOK HOW TO BEGIN IN THE WORLD OF H/P BY : PlowskĄ Phreak Into: When I got into hacking, i realized that there wasnt many text philes for newbies. so, i decided to write one. i dont really care about misspelled werds or puncuation so, please ignore the mistakes. In this document i will refer you to other documents a lot. (because why should i waste my time rewriting something that has already been writen?) If at anytime while reading this document you ask yourself "So...How do I hack?", then go away now and save yourself the frustration because you'll never learn. To hack you must understand everything about a system, and then you can get ideas and try them out. I tried to keep this phile as short as possible, when you read this you should just get an idea about how to hack and why we hack. If you read this document and the philes that i have listed, you should have a good idea on what to do, how to do it, and why. Remember every 'project' is different. You have to use your brain and adjust to each different one. Tools: There are a few things you need to have to be a hacker/phreaker. 'puter - computer (duh) terminal software - a program like, hyper terminal or ordinary terminal that allows you to dial out to another system. blue box - (exerpted from 2600faq)Blue boxes use a 2600hz tone to size control of telephone switches that use in-band signalling. The caller may then access special switch functions, with the usual purpose of making free long distance phone calls, using the tones provided by the Blue Box. scanner - a scanner is a program that dials out every number in your area and listens for tones that are comming from other modems. (helps you locate your local targets) a good scanner is Toneloc. Find it! Fone (phone) line - I hope you know whut this is... It also helps to know a computer language ex: C, C++ ect. Info resources: I dont know many good boards anymore because almost all of their sysops (system operators) have been busted. But I suggest you get a server that uses netscape and get unlimited access to the www(World wide web). And visit these good homepages by entering their name in the webcrawler search engine (http://webcrawler.com) Silicon Toads Hacking Resources Flamestrike Enterprises The PlowskĄ Page (mine, you can reach me from there) Matervas Hideout Burns Lair Cold fire From these pages you will find a wealth of information on h/p (hacking/phreaking) getting started: the first thing you must do is get on your computer, open your terminal software and connect to a board. (bulletin board, bbs). This is a must! (its also a VERY basic thing). (You can usually find a bbs number on a homepage or enter bbs in a search engine.) Now that you can do that, start reading. Read as many text philes as possible. Required reading: Hackers Manifesto (at bottom) Hackers Code of ethics Any old issues of Phrack any old issues of 2600 2600faq any text documents on systems (unix, iris, dec) DOD (department of defense) standards Any philes on boxes (blue(one at bottom), red, beige) For beginners, which most of you probably are, I suggest you find some of the following systems that exist in your area and work on them first. (they are the easiest and least risky) This next segment is excerpted from: A Novice's Guide to Hacking- 1989 edition by The Mentor Legion of Doom/Legion of Hackers IRIS- IRIS stands for Interactive Real Time Information System. It orig-inally ran on PDP-11's, but now runs on many other minis. You can spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing' banner, and the ACCOUNT ID? prompt. IRIS allows unlimited tries at hacking in, and keeps no logs of bad attempts. I don't know any default passwords, so just try the common ones from the password database below. Common Accounts: MANAGER BOSS SOFTWARE DEMO PDP8 PDP11 ACCOUNTING DEC-10- An earlier line of DEC computer equipment, running the TOPS-10 operating system. These machines are recognized by their '.' prompt. The DEC-10/20 series are remarkably hacker-friendly, allowing you to enter several important commands without ever logging into the system. Accounts are in the format [xxx,yyy] where xxx and yyy are integers. You can get a listing of the accounts and the process names of everyone on the system before logging in with the command .systat (for SYstem STATus). If you seen an account that reads [234,1001] BOB JONES, it might be wise to try BOB or JONES or both for a password on this account. To login, you type .login xxx,yyy and then type the password when prompted for it. The system will allow you unlimited tries at an account, and does not keep records of bad login attempts. It will also inform you if the UIC you're trying (UIC = User Identification Code, 1,2 for example) is bad. Common Accounts/Defaults: 1,2: SYSLIB or OPERATOR or MANAGER 2,7: MAINTAIN 5,30: GAMES UNIX- There are dozens of different machines out there that run UNIX. While some might argue it isn't the best operating system in the world, it is certainly the most widely used. A UNIX system will usually have a prompt like 'login:' in lower case. UNIX also will give you unlimited shots at logging in (in most cases), and there is usually no log kept of bad attempts. Common Accounts/Defaults: (note that some systems are case sensitive, so use lower case as a general rule. Also, many times the accounts will be unpassworded, you'll just drop right in!) root: root admin: admin sysadmin: sysadmin or admin unix: unix uucp: uucp rje: rje guest: guest demo: demo daemon: daemon sysbin: sysbin Code of ethics: Once you get in a system, do not manipulate anything but the log file (erase the record of your bad logins) and anywhere you might have left your handle. (name, a.k.a.) You dont want to leave your handle anywhere because they WILL be able to track you down by your handle alone. Its ok to be paranoid! Dont think for one minute that you are undetectable, if you make any mistakes, you could get caught. Here is a list of things you could do to help yourself from getting in trouble. * Encrypt your entire hard drive * hide your files in a very safe spot. * dont tell anyone that you dont know very well about your hacking. Good hackers never reveal specific details to anyone about their current project. They give only very vague hints of what they are doing. * dont openly give out your real name or address * dont join any major hacking groups, be an individual. * Dont hack government computers, ESPECIALLY YOUR OWN GOVERNMENTS! Foreign computers can sometimes be phun, but dont say i didnt warn you! * Make sure that you dont leave any evidence that you have been in a system and any evidence of who it was. * Use your brain. If you follow most of these guidelines, you should be safe. The last thing you want is to end up in a one room apartment located in the third floor of the state prision with your cellmate Bruno, the ax murderer, whose doing life. Getting in: The hardest thing about hacking is getting the numbers for a system. You can do this by using a scanning program. Then, once you connect to a system you must first recognise what kind of system you have connected to. (by the way, for you real brainiacs, you have to use your terminal software to call another system.) You can usually do this by looking at the prompt you get, if you get one. (check the Unresponsive section) Sometimes a system will tell you as soon as you connect by saying some thing like "hello, welcome to Anycompany using anysystem v 1.0" When you determine what system you have connected to, this is when you start trying your logins. You can try typing in demo and as your userid and see if you can find any users names to try. If you enter a name and you are allowed in without a password you usually, but not always, have entered a name that you cant do a whole lot with but, it can still be phun and you can probably find clues on how to get in on another name. While your in: There are usually many interesting files you can read in all of these systems. You can read files about the system. You might want to try a help command. They will usually tell you a lot. Sometimes, if your lucky, you can manage to download the manual of the system! There is nothing like the thrill of your first hack, even if it wasnt a very good one, it was probably still phun. You could read every text phile in the world and you still probably wouldnt learn as much as you do during your first hack. Have Phun! This next segment is also excerpted from: A Novice's Guide to Hacking- 1989 edition by The Mentor Legion of Doom/Legion of Hackers Unresponsive Systems ~~~~~~~~~~~~~~~~~~~~ Occasionally you will connect to a system that will do nothing but sit there. This is a frustrating feeling, but a methodical approach to the system will yield a response if you take your time. The following list will usually make *something* happen. 1) Change your parity, data length, and stop bits. A system that won't re- spond at 8N1 may react at 7E1 or 8E2 or 7S2. If you don't have a term program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE, with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one. While having a good term program isn't absolutely necessary, it sure is helpful. 2) Change baud rates. Again, if your term program will let you choose odd baud rates such as 600 or 1100, you will occasionally be able to penetrate some very interesting systems, as most systems that depend on a strange baud rate seem to think that this is all the security they need... 3) Send a series of 's. 4) Send a hard break followed by a . 5) Type a series of .'s (periods). The Canadian network Datapac responds to this. 6) If you're getting garbage, hit an 'i'. Tymnet responds to this, as does a MultiLink II. 7) Begin sending control characters, starting with ^A --> ^Z. 8) Change terminal emulations. What your vt100 emulation thinks is garbage may all of a sudden become crystal clear using ADM-5 emulation. This also relates to how good your term program is. 9) Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO, JOIN, HELP, and anything else you can think of. 10) If it's a dialin, call the numbers around it and see if a company answers. If they do, try some social engineering. I tried to keep this phile as short as possible to save downloading time and just telling you the very basics like what you need to do and what you need to read. I hope this was helpful. PlowskĄ Phreak Here are two philes i copied for your reading pleasure: bluebox.txt and The Hackers Manifesto bluebox.txt - The Secrets of the Little Blue Box Originally found in Esquire Magazine THE BLUE BOX IS INTRODUCED: IT'S QUALITIES ARE REMARKED I am in the expensively furnished living room of Al Gilbertson, the creator of the blue box. Gilbertson is holding one of his shiny black-and-silver blue boxes comfortably in the palm of his hand, pointing out the thirteen little red push buttons sticking up from the console. He is dancing his fingers over the buttons, tapping out discordant beeping electronic jingles. He is trying to explain to me how his little blue box does nothing less than place the entire telephone system of the world, satellites, cables and all, at the service of the blue-box operator, free of charge. "That's what it does. Essentially it gives you the power of a super operator. You sieze a tandem with this top button," he presses the top button with his index finger and the blue box emits a high-pitched cheep, "and like that," the box cheeps again "you control the phone company's long distance switching systems from your cute little Princess phone or any old pay phone. And you've got anonymity. An operator has to operate from a definite location. The phone company knows where she is and what she's doing. But with your blue box, once you hop onto a trunk, say from a Holiday Inn 800 number, they don't know where you are, or where you're comi