=[ x25-box.com ]=

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Volume 1 , P/HUN Issue #2 , Phile #8 of 9
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

+++++++++++++++++++++++++++++++++++++++++++++++++
| The LOD/H Presents |
++++++++++++++++ ++++++++++++++++
\ A Novice's Guide to Hacking- 1989 edition /
\ ========================================= /
\ by /
\ The Mentor /
\ Legion of Doom/Legion of Hackers /
\ /
\ December, 1988 /
\ Merry Christmas Everyone! /
\+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/

**********************************************************************
| The author hereby grants permission to reproduce, redistribute, |
| or include this file in your g-file section, electronic or print |
| newletter, or any other form of transmission that you choose, as |
| long as it is kept intact and whole, with no ommissions, delet- |
| ions, or changes. (C) The Mentor- Phoenix Project Productions |
| 1988,1989 512/441-3088 |
**********************************************************************

Introduction: The State of the Hack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After surveying a rather large g-file collection, my attention was drawn to
the fact that there hasn't been a good introductory file written for absolute
beginners since back when Mark Tabas was cranking them out (and almost
*everyone* was a beginner!) The Arts of Hacking and Phreaking have changed
radically since that time, and as the 90's approach, the hack/phreak community
has recovered from the Summer '87 busts (just like it recovered from the Fall
'85 busts, and like it will always recover from attempts to shut it down), and
the progressive media (from Reality Hackers magazine to William Gibson and
Bruce Sterling's cyberpunk fables of hackerdom) is starting to take notice
of us for the first time in recent years in a positive light.
Unfortunately, it has also gotten more dangerous since the early 80's.
Phone cops have more resources, more awareness, and more intelligence that they
exhibited in the past. It is becoming more and more difficult to survive as
a hacker long enough to become skilled in the art. To this end this file
is dedicated . If it can help someone get started, and help them survive
to discover new systems and new information, it will have served it's purpose,
and served as a partial repayment to all the people who helped me out when I
was a beginner.

Contents
~~~~~~~~
This file will be divided into four parts:
Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety
Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it,
Outdials, Network Servers, Private PADs
Part 3: Identifying a Computer, How to Hack In, Operating System
Defaults
Part 4: Conclusion- Final Thoughts, Books to Read, Boards to Call,
Acknowledgements

Part One: The Basics
~~~~~~~~~~~~~~~~~~~~
As long as there have been computers, there have been hackers. In the 50's
at the Massachusets Institute of Technology (MIT), students devoted much time
and energy to ingenious exploration of the computers. Rules and the law were
disregarded in their pursuit for the 'hack'. Just as they were enthralled with
their pursuit of information, so are we. The thrill of the hack is not in
breaking the law, it's in the pursuit and capture of knowledge.
To this end, let me contribute my suggestions for guidelines to follow to
ensure that not only you stay out of trouble, but you pursue your craft without
damaging the computers you hack into or the companies who own them.

I. Do not intentionally damage *any* system.
II. Do not alter any system files other than ones needed to ensure your
escape from detection and your future access (Trojan Horses, Altering
Logs, and the like are all necessary to your survival for as long as
possible.)
III. Do not leave your (or anyone else's) real name, real handle, or real
phone number on any system that you access illegally. They *can* and
will track you down from your handle!
IV. Be careful who you share information with. Feds are getting trickier.
Generally, if you don't know their voice phone number, name, and
occupation or haven't spoken with them voice on non-info trading
conversations, be wary.
V. Do not leave your real phone number to anyone you don't know. This
includes logging on boards, no matter how k-rad they seem. If you
don't know the sysop, leave a note telling some trustworthy people
that will validate you.
VI. Do not hack government computers. Yes, there are government systems
that are safe to hack, but they are few and far between. And the
government has inifitely more time and resources to track you down than
a company who has to make a profit and justify expenses.
VII. Don't use codes unless there is *NO* way around it (you don't have a
local telenet or tymnet outdial and can't connect to anything 800...)
You use codes long enough, you will get caught. Period.
VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law.
It doesn't hurt to store everything encrypted on your hard disk, or
keep your notes buried in the backyard or in the trunk of your car.
You may feel a little funny, but you'll feel a lot funnier when you
when you meet Bruno, your transvestite cellmate who axed his family to
death.
IX. Watch what you post on boards. Most of the really great hackers in the
country post *nothing* about the system they're currently working
except in the broadest sense (I'm working on a UNIX, or a COSMOS, or
something generic. Not "I'm hacking into General Electric's Voice Mail
System" or something inane and revealing like that.)
X. Don't be afraid to ask questions. That's what more experienced hackers
are for. Don't expect *everything* you ask to be answered, though.
There are some things (LMOS, for instance) that a begining hacker
shouldn't mess with. You'll either get caught, or screw it up for
others, or both.
XI. Finally, you have to actually hack. You can hang out on boards all you
want, and you can read all the text files in the world, but until you
actually start doing it, you'll never know what it's all about. There's
no thrill quite the same as getting into your first system (well, ok,
I can think of a couple of bigger thrills, but you get the picture.)

One of the safest places to start your hacking career is on a computer
system belonging to a college. University computers have notoriously lax
security, and are more used to hackers, as every college computer depart-
ment has one or two, so are less likely to press charges if you should
be detected. But the odds of them detecting you and having the personel to
committ to tracking you down are slim as long as you aren't destructive.
If you are already a college student, this is ideal, as you can legally
explore your computer system to your heart's desire, then go out and look
for similar systems that you can penetrate with confidence, as you're already
familar with them.
So if you just want to get your feet wet, call your local college. Many of
them will provide accounts for local residents at a nominal (under $20) charge.
Finally, if you get caught, stay quiet until you get a lawyer. Don't vol-
unteer any information, no matter what kind of 'deals' they offer you.
Nothing is binding unless you make the deal through your lawyer, so you might
as well shut up and wait.

Part Two: Networks
~~~~~~~~~~~~~~~~~~
The best place to begin hacking (other than a college) is on one of the
bigger networks such as Telenet. Why? First, there is a wide variety of
computers to choose from, from small Micro-Vaxen to huge Crays. Second, the
networks are fairly well documented. It's easier to find someone who can help
you with a problem off of Telenet than it is to find assistance concerning your
local college computer or high school machine. Third, the networks are safer.
Because of the enormous number of calls that are fielded every day by the big
networks, it is not financially practical to keep track of where every call and
connection are made from. It is also very easy to disguise your location using
the network, which makes your hobby much more secure.
Telenet has more computers hooked to it than any other system in the world
once you consider that from Telenet you have access to Tymnet, ItaPAC, JANET,
DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of
which you can connect to from your terminal.
The first step that you need to take is to identify your local dialup port.
This is done by dialing 1-800-424-9494 (1200 7E1) and connecting. It will
spout some garbage at you and then you'll get a prompt saying 'TERMINAL='.
This is your terminal type. If you have vt100 emulation, type it in now. Or
just hit return and it will default to dumb terminal mode.
You'll now get a prompt that looks like a @. From here, type @c mail
and then it will ask for a Username. Enter 'phones' for the username. When it
asks for a password, enter 'phones' again. From this point, it is menu
driven. Use this to locate your local dialup, and call it back locally. If
you don't have a local dialup, then use whatever means you wish to connect to
one long distance (more on this later.)
When you call your local dialup, you will once again go through the
TERMINAL= stuff, and once again you'll be presented with a @. This prompt lets
you know you are connected to a Telenet PAD. PAD stands for either Packet
Assembler/Disassembler (if you talk to an engineer), or Public Access Device
(if you talk to Telenet's marketing people.) The first description is more
correct.
Telenet works by taking the data you enter in on the PAD you dialed into,
bundling it into a 128 byte chunk (normally... this can be changed), and then
transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who
then takes the data and hands it down to whatever computer or system it's
connected to. Basically, the PAD allows two computers that have different baud
rates or communication protocols to communicate with each other over a long
distance. Sometimes you'll notice a time lag in the remote machines response.
This is called PAD Delay, and is to be expected when you're sending data
through several different links.
What do you do with this PAD? You use it to connect to remote computer
systems by typing 'C' for connect and then the Network User Address (NUA) of
the system you want to go to.
An NUA takes the form of 031103130002520
\___/\___/\___/
| | |
| | |____ network address
| |_________ area prefix
|______________ DNIC

This is a summary of DNIC's (taken from Blade Runner's file on ItaPAC)
according to their country and network name.

DNIC Network Name Country DNIC Network Name Country
_______________________________________________________________________________
|
02041 Datanet 1 Netherlands | 03110 Telenet USA
02062 DCS Belgium | 03340 Telepac Mexico
02080 Transpac France | 03400 UDTS-Curacau Curacau
02284 Telepac Switzerland | 04251 Isranet Israel
02322 Datex-P Austria | 04401 DDX-P Japan
02329 Radaus Austria | 04408 Venus-P Japan
02342 PSS UK | 04501 Dacom-Net South Korea
02382 Datapak Denmark | 04542 Intelpak Singapore
02402 Datapak Sweden | 05052 Austpac Australia
02405 Telepak Sweden | 05053 Midas Australia
02442 Finpak Finland | 05252 Telepac Hong Kong
02624 Datex-P West Germany | 05301 Pacnet New Zealand
02704 Luxpac Luxembourg | 06550 Saponet South Africa
02724 Eirpak Ireland | 07240 Interdata Brazil
03020 Datapac Canada | 07241 Renpac Brazil
03028 Infogram Canada | 09000 Dialnet USA
03103 ITT/UDTS USA | 07421 Dompac French Guiana
03106 Tymnet USA |

There are two ways to find interesting addresses to connect to. The first
and easiest way is to obtain a copy of the LOD/H Telenet Directory from the
LOD/H Technical Journal #4 or 2600 Magazine. Jester Sluggo also put out a good
list of non-US addresses in Phrack Inc. Newsletter Issue 21. These files will
tell you the NUA, whether it will accept collect calls or not, what type of
computer system it is (if known) and who it belongs to (also if known.)
The second method of locating interesting addresses is to scan for them
manually. On Telenet, you do not have to enter the 03110 DNIC to connect to a
Telenet host. So if you saw that 031104120006140 had a VAX on it you wanted to
look at, you could type @c 412 614 (0's can be ignored most of the time.)
If this node allows collect billed connections, it will say 412 614
CONNECTED and then you'll possibly get an identifying header or just a
Username: prompt. If it doesn't allow collect connections, it will give you a
message such as 412 614 REFUSED COLLECT CONNECTION with some error codes out to
the right, and return you to the @ prompt.
There are two primary ways to get around the REFUSED COLLECT message. The
first is to use a Network User Id (NUI) to connect. An NUI is a username/pw
combination that acts like a charge account on Telenet. To collect to node
412 614 with NUI junk4248, password 525332, I'd type the following:
@c 412 614,junk4248,525332 < ---- the 525332 will *not* be echoed to the
screen. The problem with NUI's is that they're hard to come by unless you're
a good social engineer with a thorough knowledge of Telenet (in which case
you probably aren't reading this section), or you have someone who can
provide you with them.
The second way to connect is to use a private PAD, either through an X.25
PAD or through something like Netlink off of a Prime computer (more on these
two below.)
The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area
Code that the computer is located in (i.e. 713 xxx would be a computer in
Houston, Texas.) If there's a particular area you're interested in, (say,
New York City 914), you could begin by typing @c 914 001 . If it connects,
you make a note of it and go on to 914 002. You do this until you've found
some interesting systems to play with.
Not all systems are on a simple xxx yyy address. Some go out to four or
five digits (914 2354), and some have decimal or numeric extensions
(422 121A = 422 121.01). You have to play with them, and you never know what
you're going to find. To fully scan out a prefix would take ten million
attempts per prefix. For example, if I want to scan 512 completely, I'd have
to start with 512 00000.00 and go through 512 00000.99, then increment the
address by 1 and try 512 00001.00 through 512 00001.99. A lot of scanning.
There are plenty of neat computers to play with in a 3-digit scan, however,
so don't go berserk with the extensions.
Sometimes you'll attempt to connect and it will just be sitting there after
one or two minutes. In this case, you want to abort the connect attempt by
sending a hard break (this varies with different term programs, on Procomm,
it's ALT-B), and then when you get the @ prompt back, type 'D' for disconnect.
If you connect to a computer and wish to disconnect, you can type @
and you it should say TELENET and then give you the @ prompt. From there,
type D to disconnect or CONT to re-connect and continue your session
uninterrupted.

Outdials, Network Servers, and PADs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to computers, an NUA may connect you to several other things.
One of the most useful is the outdial. An outdial is nothing more than a modem
you can get to over telenet- similar to the PC Pursuit concept, except that
these don't have passwords on them most of the time.
When you connect, you will get a message like 'Hayes 1200 baud outdial,
Detroit, MI', or 'VEN-TEL 212 Modem', or possibly 'Session 1234 established
on Modem 5588'. The best way to figure out the commands on these is to
type ? or H or HELP- this will get you all the information that you need to
use one.
Safety tip here- when you are hacking *any* system through a phone dialup,
always use an outdial or a diverter, especially if it is a local phone number
to you. More people get popped hacking on local computers than you can
imagine, Intra-LATA calls are the easiest things in the world to trace inexp-
ensively.
Another nice trick you can do with an outdial is use the redial or macro
function that many of them have. First thing you do when you connect is to
invoke the 'Redial Last Number' facility. This will dial the last number used,
which will be the one the person using it before you typed. Write down the
number, as no one would be calling a number without a computer on it. This
is a good way to find new systems to hack. Also, on a VENTEL modem, type 'D'
for Display and it will display the five numbers stored as macros in the
modem's memory.
There are also different types of servers for remote Local Area Networks
(LAN) that have many machine all over the office or the nation connected to
them. I'll discuss identifying these later in the computer ID section.
And finally, you may connect to something that says 'X.25 Communication
PAD' and then some more stuff, followed by a new @ prompt. This is a PAD
just like the one you are on, except that all attempted connections are billed
to the PAD, allowing you to connect to those nodes who earlier refused collect
connections.
This also has the added bonus of confusing where you are connecting from.
When a packet is transmitted from PAD to PAD, it contains a header that has
the location you're calling from. For instance, when you first connected
to Telenet, it might have said 212 44A CONNECTED if you called from the 212
area code. This means you were calling PAD number 44A in the 212 area.
That 21244A will be sent out in the header of all packets leaving the PAD.
Once you connect to a private PAD, however, all the packets going out
from *it* will have it's address on them, not yours. This can be a valuable
buffer between yourself and detection.

Phone Scanning
~~~~~~~~~~~~~~
Finally, there's the time-honored method of computer hunting that was made
famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie
Wargames. You pick a three digit phone prefix in your area and dial every
number from 0000 --> 9999 in that prefix, making a note of all the carriers
you find. There is software available to do this for nearly every computer
in the world, so you don't have to do it by hand.

Part Three: I've Found a Computer, Now What?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This next section is applicable universally. It doesn't matter how you
found this computer, it could be through a network, or it could be from
carrier scanning your High School's phone prefix, you've got this prompt
this prompt, what the hell is it?
I'm *NOT* going to attempt to tell you what to do once you're inside of
any of these operating systems. Each one is worth several G-files in its
own right. I'm going to tell you how to identify and recognize certain
OpSystems, how to approach hacking into them, and how to deal with something
that you've never seen before and have know idea what it is.

VMS- The VAX computer is made by Digital Equipment Corporation (DEC),
and runs the VMS (Virtual Memory System) operating system.
VMS is characterized by the 'Username:' prompt. It will not tell
you if you've entered a valid username or not, and will disconnect
you after three bad login attempts. It also keeps track of all
failed login attempts and informs the owner of the account next time
s/he logs in how many bad login attempts were made on the account.
It is one of the most secure operating systems around from the
outside, but once you're in there are many things that you can do
to circumvent system security. The VAX also has the best set of
help files in the world. Just type HELP and read to your heart's
content.
Common Accounts/Defaults: [username: password [[,password]] ]
SYSTEM: OPERATOR or MANAGER or SYSTEM or SYSLIB
OPERATOR: OPERATOR
SYSTEST: UETP
SYSMAINT: SYSMAINT or SERVICE or DIGITAL
FIELD: FIELD or SERVICE
GUEST: GUEST or unpassworded
DEMO: DEMO or unpassworded
DECNET: DECNET

DEC-10- An earlier line of DEC computer equipment, running the TOPS-10
operating system. These machines are recognized by their
'.' prompt. The DEC-10/20 series are remarkably hacker-friendly,
allowing you to enter several important commands without ever
logging into the system. Accounts are in the format [xxx,yyy] where
xxx and yyy are integers. You can get a listing of the accounts and
the process names of everyone on the system before logging in with
the command .systat (for SYstem STATus). If you seen an account
that reads [234,1001] BOB JONES, it might be wise to try BOB or
JONES or both for a password on this account. To login, you type
.login xxx,yyy and then type the password when prompted for it.
The system will allow you unlimited tries at an account, and does
not keep records of bad login attempts. It will also inform you
if the UIC you're trying (UIC = User Identification Code, 1,2 for
example) is bad.
Common Accounts/Defaults:
1,2: SYSLIB or OPERATOR or MANAGER
2,7: MAINTAIN
5,30: GAMES

UNIX- There are dozens of different machines out there that run UNIX.
While some might argue it isn't the best operating system in the
world, it is certainly the most widely used. A UNIX system will
usually have a prompt like 'login:' in lower case. UNIX also
will give you unlimited shots at logging in (in most cases), and
there is usually no log kept of bad attempts.
Common Accounts/Defaults: (note that some systems are case
sensitive, so use lower case as a general rule. Also, many times
the accounts will be unpassworded, you'll just drop right in!)
root: root
admin: admin
sysadmin: sysadmin or admin
unix: unix
uucp: uucp
rje: rje
guest: guest
demo: demo
daemon: daemon
sysbin: sysbin

Prime- Prime computer company's mainframe running the Primos operating
system. The are easy to spot, as the greet you with
'Primecon 18.23.05' or the like, depending on the version of the
operating system you run into. There will usually be no prompt
offered, it will just look like it's sitting there. At this point,
type 'login '. If it is a pre-18.00.00 version of Primos,
you can hit a bunch of ^C's for the password and you'll drop in.
Unfortunately, most people are running versions 19+. Primos also
comes with a good set of help files. One of the most useful
features of a Prime on Telenet is a facility called NETLINK. Once
you're inside, type NETLINK and follow the help files. This allows
you to connect to NUA's all over the world using the 'nc' command.
For example, to connect to NUA 026245890040004, you would type
@nc :26245890040004 at the netlink prompt.
Common Accounts/Defaults:
PRIME PRIME or PRIMOS
PRIMOS_CS PRIME or PRIMOS
PRIMENET PRIMENET
SYSTEM SYSTEM or PRIME
NETLINK NETLINK
TEST TEST
GUEST GUEST
GUEST1 GUEST

HP-x000- This system is made by Hewlett-Packard. It is characterized by the
':' prompt. The HP has one of the more complicated login sequences
around- you type 'HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP'.
Fortunately, some of these fields can be left blank in many cases.
Since any and all of these fields can be passworded, this is not
the easiest system to get into, except for the fact that there are
usually some unpassworded accounts around. In general, if the
defaults don't work, you'll have to brute force it using the
common password list (see below.) The HP-x000 runs the MPE operat-
ing system, the prompt for it will be a ':', just like the logon
prompt.
Common Accounts/Defaults:
MGR.TELESUP,PUB User: MGR Acct: HPONLY Grp: PUB
MGR.HPOFFICE,PUB unpassworded
MANAGER.ITF3000,PUB unpassworded
FIELD.SUPPORT,PUB user: FLD, others unpassworded
MAIL.TELESUP,PUB user: MAIL, others unpassworded
MGR.RJE unpassworded
FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96 unpassworded
MGR.TELESUP,PUB,HPONLY,HP3 unpassworded

IRIS- IRIS stands for Interactive Real Time Information System. It orig-
inally ran on PDP-11's, but now runs on many other minis. You can
spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing' banner,
and the ACCOUNT ID? prompt. IRIS allows unlimited tries at hacking
in, and keeps no logs of bad attempts. I don't know any default
passwords, so just try the common ones from the password database
below.
Common Accounts:
MANAGER
BOSS
SOFTWARE
DEMO
PDP8
PDP11
ACCOUNTING

VM/CMS- The VM/CMS operating system runs in International Business Machines
(IBM) mainframes. When you connect to one of these, you will get
message similar to 'VM/370 ONLINE', and then give you a '.' prompt,
just like TOPS-10 does. To login, you type 'LOGON '.
Common Accounts/Defaults are:
AUTOLOG1: AUTOLOG or AUTOLOG1
CMS: CMS
CMSBATCH: CMS or CMSBATCH
EREP: EREP
MAINT: MAINT or MAINTAIN
OPERATNS: OPERATNS or OPERATOR
OPERATOR: OPERATOR
RSCS: RSCS
SMART: SMART
SNA: SNA
VMTEST: VMTEST
VMUTIL: VMUTIL
VTAM: VTAM

NOS- NOS stands for Networking Operating System, and runs on the Cyber
computer made by Control Data Corporation. NOS identifies itself
quite readily, with a banner of 'WELCOME TO THE NOS SOFTWARE
SYSTEM. COPYRIGHT CONTROL DATA 1978,1987'. The first prompt you
will get will be FAMILY:. Just hit return here. Then you'll get
a USER NAME: prompt. Usernames are typically 7 alpha-numerics
characters long, and are *extremely* site dependent. Operator
accounts begin with a digit, such as 7ETPDOC.
Common Accounts/Defaults:
$SYSTEM unknown
SYSTEMV unknown

Decserver- This is not truly a computer system, but is a network server that
has many different machines available from it. A Decserver will
say 'Enter Username>' when you first connect. This can be anything,
it doesn't matter, it's just an identifier. Type 'c', as this is
the least conspicuous thing to enter. It will then present you
with a 'Local>' prompt. From here, you type 'c ' to
connect to a system. To get a list of system names, type
'sh services' or 'sh nodes'. If you have any problems, online
help is available with the 'help' command. Be sure and look for
services named 'MODEM' or 'DIAL' or something similar, these are
often outdial modems and can be useful!

GS/1- Another type of network server. Unlike a Decserver, you can't
predict what prompt a GS/1 gateway is going to give you. The
default prompt it 'GS/1>', but this is redifinable by the
system administrator. To test for a GS/1, do a 'sh d'. If that
prints out a large list of defaults (terminal speed, prompt,
parity, etc...), you are on a GS/1. You connect in the same manner
as a Decserver, typing 'c '. To find out what systems
are available, do a 'sh n' or a 'sh c'. Another trick is to do a
'sh m', which will sometimes show you a list of macros for logging
onto a system. If there is a macro named VAX, for instance, type
'do VAX'.

The above are the main system types in use today. There are
hundreds of minor variants on the above, but this should be
enough to get you started.

Unresponsive Systems
~~~~~~~~~~~~~~~~~~~~
Occasionally you will connect to a system that will do nothing but sit
there. This is a frustrating feeling, but a methodical approach to the system
will yield a response if you take your time. The following list will usually
make *something* happen.
1) Change your parity, data length, and stop bits. A system that won't re-
spond at 8N1 may react at 7E1 or 8E2 or 7S2. If you don't have a term
program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,
with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.
While having a good term program isn't absolutely necessary, it sure is
helpful.
2) Change baud rates. Again, if your term program will let you choose odd
baud rates such as 600 or 1100, you will occasionally be able to penetrate
some very interesting systems, as most systems that depend on a strange
baud rate seem to think that this is all the security they need...
3) Send a series of 's.
4) Send a hard break followed by a .
5) Type a series of .'s (periods). The Canadian network Datapac responds
to this.
6) If you're getting garbage, hit an 'i'. Tymnet responds to this, as does
a MultiLink II.
7) Begin sending control characters, starting with ^A --> ^Z.
Change terminal emulations. What your vt100 emulation thinks is garbage
may all of a sudden become crystal clear using ADM-5 emulation. This also
relates to how good your term program is.
9) Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,
JOIN, HELP, and anything else you can think of.
10) If it's a dialin, call the numbers around it and see if a company
answers. If they do, try some social engineering.

Brute Force Hacking
~~~~~~~~~~~~~~~~~~~
There will also be many occasions when the default passwords will not work
on an account. At this point, you can either go onto the next system on your
list, or you can try to 'brute-force' your way in by trying a large database
of passwords on that one account. Be careful, though! This works fine on
systems that don't keep track of invalid logins, but on a system like a VMS,
someone is going to have a heart attack if they come back and see '600 Bad
Login Attempts Since Last Session' on their account. There are also some
operating systems that disconnect after 'x' number of invalid login attempts
and refuse to allow any more attempts for one hour, or ten minutes, or some-
times until the next day.
The following list is taken from my own password database plus the data-
base of passwords that was used in the Internet UNIX Worm that was running
around in November of 1988. For a shorter group, try first names, computer
terms, and obvious things like 'secret', 'password', 'open', and the name
of the account. Also try the name of the company that owns the computer
system (if known), the company initials, and things relating to the products
the company makes or deals with.

Password List
=============

aaa daniel jester rascal
academia danny johnny really
ada dave joseph rebecca
adrian deb joshua remote
aerobics debbie judith rick
airplane deborah juggle reagan
albany december julia robot
albatross desperate kathleen robotics
albert develop kermit rolex
alex diet kernel ronald
alexander digital knight rosebud
algebra discovery lambda rosemary
alias disney larry roses
alpha dog lazarus ruben
alphabet drought lee rules
ama duncan leroy ruth
amy easy lewis sal
analog eatme light saxon
anchor edges lisa scheme
andy edwin louis scott
andrea egghead lynne scotty
animal eileen mac secret
answer einstein macintosh sensor
anything elephant mack serenity
arrow elizabeth maggot sex
arthur ellen magic shark
asshole emerald malcolm sharon
athena engine mark shit
atmosphere engineer markus shiva
bacchus enterprise marty shuttle
badass enzyme marvin simon
bailey euclid master simple
banana evelyn maurice singer
bandit extension merlin single
banks fairway mets smile
bass felicia michael smiles
batman fender michelle smooch
beauty fermat mike smother
beaver finite minimum snatch
beethoven flower minsky snoopy
beloved foolproof mogul soap
benz football moose socrates
beowulf format mozart spit
berkeley forsythe nancy spring
berlin fourier napoleon subway
beta fred network success
beverly friend newton summer
bob frighten next super
brenda fun olivia support
brian gabriel oracle surfer
bridget garfield orca suzanne
broadway gauss orwell tangerine
bumbling george osiris tape
cardinal gertrude outlaw target
carmen gibson oxford taylor
carolina ginger pacific telephone
caroline gnu painless temptation
castle golf pam tiger
cat golfer paper toggle
celtics gorgeous password tomato
change graham pat toyota
charles gryphon patricia trivial
charming guest penguin unhappy
charon guitar pete unicorn
chester hacker peter unknown
cigar harmony philip urchin
classic harold phoenix utility
coffee harvey pierre vicky
coke heinlein pizza virginia
collins hello plover warren
comrade help polynomial water
computer herbert praise weenie
condo honey prelude whatnot
condom horse prince whitney
cookie imperial protect will
cooper include pumpkin william
create ingres puppet willie
creation innocuous rabbit winston
creator irishman rachmaninoff wizard
cretin isis rainbow wombat
daemon japan raindrop yosemite
dancer jessica random zap

Part Four: Wrapping it up!
~~~~~~~~~~~~~~~~~~~~~~~~~~
I hope this file has been of some help in getting started. If you're
asking yourself the question 'Why hack?', then you've probably wasted a lot
of time reading this, as you'll never understand. For those of you who
have read this and found it useful, please send a tax-deductible donation
of $5.00 (or more!) in the name of the Legion of Doom to:
The American Cancer Society
90 Park Avenue
New York, NY 10016

******************************************************************************
References:
1) Introduction to ItaPAC by Blade Runner
Telecom Security Bulletin #1
2) The IBM VM/CMS Operating System by Lex Luthor
The LOD/H Technical Journal #2
3) Hacking the IRIS Operating System by The Leftist
The LOD/H Technical Journal #3
4) Hacking CDC's Cyber by Phrozen Ghost
Phrack Inc. Newsletter #18
5) USENET comp.risks digest (various authors, various issues)
6) USENET unix.wizards forum (various authors)
7) USENET info-vax forum (various authors)

Recommended Reading:
1) Hackers by Steven Levy
2) Out of the Inner Circle by Bill Landreth
3) Turing's Man by J. David Bolter
4) Soul of a New Machine by Tracy Kidder
5) Neuromancer, Count Zero, Mona Lisa Overdrive, and Burning Chrome, all
by William Gibson
6) Reality Hackers Magazine c/o High Frontiers, P.O. Box 40271, Berkeley,
California, 94704, 415-995-2606
7) Any of the Phrack Inc. Newsletters & LOD/H Technical Journals you can find.

Acknowledgements:
Thanks to my wife for putting up with me.
Thanks to Lone Wolf for the RSTS & TOPS assistance.
Thanks to Android Pope for proofreading, suggestions, and beer.
Thanks to The Urvile/Necron 99 for proofreading & Cyber info.
Thanks to Eric Bloodaxe for wading through all the trash.
Thanks to the users of Phoenix Project for their contributions.
Thanks to Altos Computer Systems, Munich, for the chat system.
Thanks to the various security personel who were willing to talk to
me about how they operate.

Boards:
I can be reached on the following systems with some regularity-
The Phoenix Project: 512/441-3088 300-2400 baud
Hacker's Den88: 718/358-9209 300-1200 baud
Smash Palace South: 512/478-6747 300-2400 baud
Smash Palace North: 612/633-0509 300-2400 baud

X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Another file downloaded from: The NIRVANAnet(tm) Seven

& the Temple of the Screaming Electron Taipan Enigma 510/935-5845
Burn This Flag Zardoz 408/363-9766
realitycheck Poindexter Fortran 510/527-1662
Lies Unlimited Mick Freen 801/278-2699
The New Dork Sublime Biffnix 415/864-DORK
The Shrine Rif Raf 206/794-6674
Planet Mirth Simon Jester 510/786-6560

"Raw Data for Raw Nerves"
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
** BASICS OF HACKING I: DECS'S **

WELCOME TO BASICS OF HACKING I: DEC'S. IN THIS ARTICLE YOU WILL LEARN HOW TO L
OG IN TO DEC'S, LOGGING OUT, AND ALL THE FUN STUFF TO DO IN-BETWEEN. ALL OF TH
IS INFORMATION IS BASED ON A STANDARD DEC SYSTEM. SINCE THERE ARE DEC SYSTEM S
10 AND 20, AND WE FAVOR, THE DEC 20, THERE WILL BE MORE INFO ON THEM IN THIS
ARTICLE. IT JUST SO HAPPENS THAT THE DEC 20 IS ALSO THE MORE COMMON OF THE T
WO, AND IS USED BY MUCH MORE INTERESTING PEOPLE (IF YOU KNOW WHAT WE MEAN...)
OK , THE FIRST THING YOU WANT TO DO WHEN YOU ARE RECEIVING CARRIER FROM A DEC
SYSTEM IS TO FIND OUT THE FORMAT OF LOGIN NAMES. YOU CAN DO THIS BY LOOKING
AT WHO IS ON THE SYSTEM. DEC=> @ (THE 'EXEC' LEVEL PROMPT) YOU=> SY SY IS SHO
RT FOR SY(STAT) AND SHOWS YOU THE SYSTEM STATUS. YOU SHOULD SEE THE FORMAT OF
L OGIN NAMES... A SYSTAT USUALLY COMES UP IN THIS FORM: JOB LINE PROGRAM USER
JOB: THE JOB NUMBER (NOT IMPORTANT UNLESS YOU WANT TO LOG THEM OFF LATER)
LINE: WHAT LINE THEY ARE ON (USED TO TALK TO THEM...) THESE ARE BOTH TWO OR
THREE DIGIT NUMBERS. PROGRAM: WHAT PROGRAM ARE THEY RUNNING UNDER? IF IT
SAYS 'EXEC' THEY AREN'T DOING ANYTHING AT ALL... USER: AHHHAHHHH! THIS IS TH
E USER NAME THEY ARE LOGGED IN UNDER... COPY THE FORMAT, AND HACK YOURSELF OUT
A WORKING CODE... LOGIN FORMAT IS AS SUCH: DEC=> @ YOU=> LOGIN USERNAME PASS
WORD USERNAME IS THE USERNAME IN THE FORMAT YOU SAW ABOVE IN THE SYSTAT. AF
TER YOU HIT THE SPACE AFTER YOUR USERNAME, IT WILL STOP ECHOING CHARACTERS
BACK TO YOUR SCREEN. THIS IS THE PASSWORD YOU ARE TYPING IN... REMEMBER ,
PEOPLE USUALLY USE THEIR NAME, THEIR DOG'S NAME, THE NAME OF A FAVORITE CHAR
ACTER IN A BOOK, OR SOMETHING LIKE THIS. A FEW CLEVER PEOPLE HAVE IT SET TO A
KEY CLUSTER (QWERTY OR ASDFG). PW'S CAN BE FROM 1 TO 8 CHARACTERS LONG,
ANYTHING AFTER THAT IS IGNORED. YOU ARE FINALLY IN... IT WOULD BE NICE TO
HAVE A LITTLE HELP, WOULDN'T IT? JUST TYPE A ? OR THE WORD HELP, AND IT WILL
GIVE YOU A WHOLE LIST OF TOPICS... SOME HANDY CHARACTERS FOR YOU TO KNOW
WOULD BE THE CONTROL KEYS, WOULDN'T IT? BACKSPACE ON A DEC 20 IS RUB WHICH IS
255 ON YOUR ASCII CHART. ON THE DEC 10 IT IS CNTRL-H. TO ABORT A LONG
LISTING OR A PROGRAM, CNTRL-C WORKS FINE. USE CNTRL-O TO STOP LONG OUTPUT TO
THE TERMINAL. THIS IS HANDY WHEN PLAYING A GAME, BUT YOU DON'T WANT TO
CNTRL-C OUT. CNTRL-T FOR THE TIME. CNTRL-U WILL KILL THE WHOLE LINE YOU ARE
TYPING AT THE MOMENT. YOU MAY ACCIDENTLY RUN A PROGRAM WHERE THE ONLY WAY OUT
IS A CNTRL-X, SO KEEP THAT IN RESERVE. CNTRL-S TO STOP LISTING, CNTRL-Q TO
CONTINUE ON BOTH SYSTEMS. IS YOUR TERMINAL HAVING TROUBLE?? LIKE, IT PAUSES
FOR NO REASON, OR IT DOESN'T BACKSPACE RIGHT? THIS IS BECAUSE BOTH SYSTEMS
SUPPORT MANY TERMINALS, AND YOU HAVEN'T TOLD IT WHAT YOURS IS YET... YOU ARE
USING A VT05 (ISN'T THAT FUNNY ? I THOUGHT I HAD AN APPLE) SO YOU NEED TO TELL
IT YOU ARE ONE. DEC=> @ YOU=> INFORMATION TERMINAL OR... YOU=> INFO TER THIS
SHOWS YOU WHAT YOUR TERMINAL IS SET UP AS... DEC=> ALL SORTS OF SHIT, THEN
THE @ YOU=> SET TER VT05 THIS SETS YOUR TERMINAL TYPE TO VT05. NOW LET'S SEE
WHAT IS IN THE ACCOUNT (HERE AFTER ABBREVIATED ACCT.) THAT YOU HAVE HACKED
ONTO... SAY => DIR SHORT FOR DIRECTORY, IT SHOWS YOU WHAT THE USER OF THE CODE
HAS SAVE TO THE DISK. THERE SHOULD BE A FORMAT LIKE THIS: XXXXX.OOO XXXXX IS
THE FILE NAME, FROM 1 TO 20 CHARACTE RS LONG. OOO IS THE FILE TYPE, ONE OF:
EXE, TXT, DAT, BAS, CMD AND A FEW OTHERS THAT ARE SYSTEM DEPENDANT. EXE IS A
COMPILED PROGRAM THAT CAN BE RUN (JUST BY TYPING ITS NAME AT THE @). TXT IS A
TEXT FILE, WHICH YOU CAN SEE BY TYPING= > TYPE XXXXX.TXT DO NOT TRY TO=> TYPE
XXXXX.EXE THIS IS VERY BAD FOR YOUR TERMINAL AND WILL TELL YOU ABSOLUTLY
NOTHING. DAT IS DATA THEY HAVE SAVED. BAS IS A BASIC PROGRAM, YOU CAN HAVE
IT TYPED OUT FOR YOU. CMD IS A COMMAND TYPE FILE, A LITTLE TOO COMPLICATED TO
GO INTO HERE. TRY => TAKE XXXXX.CMD BY THE WAY, THERE ARE OTHER USERS OUT
THERE WHO MAY HAVE FILES YOU CAN USE (GEE, WHY ELSE AM I HERE?). TYPE => DIR
< *.*> (DEC 20) => DIR [*,*] (DEC 10) * IS A WILDCARD, AND WILL ALLOW YOU TO
ACCESS THE FILES ON OTHER ACCOUNTS IF THE USER HAS IT SET FOR PUBLIC ACCESS.
IF IT ISN'T SET FOR PUBLIC ACCESS, THEN YOU WON'T SEE IT. TO RUN THAT PROGRAM:
DEC=> @ YOU=> USERNAME PROGRAM-NAME USERNAME IS THE DIRECTORY YOU SAW THE FILE
LISTED UNDER, AND FILE NAME WAS WHAT ELSE BUT THE FILE NAME? ** YOU ARE NOT
ALONE ** REMEMBER, YOU SAID (AT THE VERY START) SY SHORT FOR SYSTAT, AND HOW
WE SAID THIS SHOWED THE OTHER USERS ON THE SYSTEM? WELL, YOU CAN TALK TO THEM,
OR AT LEAST SEND A MESSAGE TO ANYONE YOU SEE LISTED IN A SYSTAT. YOU CAN DO
THIS BY: DEC=> THE USER LIST (FROM YOUR SYSTAT) YOU=> TALK USERNAME (DEC 20)
SEND USERNAME (DEC 10) TALK ALLOWS YOU AND THEM IMMEDIATE TRANSMISSION OF
WHATEVER YOU/THEY TYPE TO BE SENT TO THE OTHER. SEND ONLY ALLOW YOU ONE
MESSAGE TO BE SENT, AND ONLY AFTER YOU HIT . WITH SEND, THEY WILL
SEND BACK TO YOU, WITH TALK YOU CAN JUST KEEP GOING. BY THE WAY, YOU MAY BE
NOTICING WITH THE TALK COMMAND THAT WHAT YOU TYPE IS STILL ACTED UPON BY THE
PARSER (CONTROL PROGRAM). TO AVOID THE CONSTANT ERROR MESSAGES TYPE EITHER:
YOU=> ;YOUR MESSAGE YOU=> REM YOUR MESSAGE THE SEMI-COLON TELLS THE PARSER THAT
WHAT FOLLOWS IS JUST A COMMENT. REM IS SHORT FOR 'REMARK' AND IGNORES YOU
FROM THEN ON UNTIL YOU TYPE A CNTRL-Z OR CNTRL-C, AT WHICH POINT IT PUTS YOU
BACK IN THE EXEC MODE. TO BREAK THE CONNECTION FROM A TALK COMMAND TYPE:
YOU=> BREAK PRIV'S: IF YOU HAPPEN TO HAVE PRIVS, YOU CAN DO ALL SORTS OF
THINGS. FIRST OF ALL, YOU HAVE TO ACTIVATE THOSE PRIVS. YOU=> ENABLE THIS
GIVES YOU A $ PROMPT, AND ALLOWS YOU TO DO THIS: WHATEVER YOU CAN DO TO YOUR
OWN DIRECTORY YOU CAN NOW DO TO ANY OTHER DIRECTORY. TO CREATE A NEW ACCT.
USING YOUR PRIVS, JUST TYPE = > BUILD USERNAME IF USERNAME IS OLD, YOU CAN EDIT
IT, IF IT IS NEW, YOU CAN DEFINE IT TO BE WHATEVER YOU WISH. PRIVACY MEANS
NOTHING TO A USER WITH PRIVS. BY THE WAY, THERE ARE VARIOUS LEVELS OF PRIVS:
OPERATOR, WHEEL, CIA WHEEL IS THE MOST POWERFUL, BEING THAT HE CAN LOG IN FROM
ANYWHERE AND HAVE HIS POWERS. OPERATORS HAVE THEIR POWER BECAUSE THEY ARE AT
A SPECIAL TERMINAL ALLOWING THEM THE PRIVS. CIA IS SHORT FOR 'CONFIDENTIAL
INFORMATION ACCESS', WHICH ALLOWS YOU A LOW LEVEL AMOUNT OF PRIVS. NOT TO
WORRY THOUGH, SINCE YOU CAN READ THE SYSTEM LOG FILE, WHICH ALSO HAS THE
PASSWORDS TO ALL THE OTHER ACCOUNTS. TO DE-ACTIVATE YOUR PRIVS, TYPE YOU=>
DISABLE

WHEN YOU HAVE PLAYED YOUR GREEDY HEART OUT, YOU CAN FINALLY LEAVE THE SYSTEM
WITH THE COMMAND=> LOGOUT THIS LOGS THE JOB YOU ARE USING OFF THE SYSTEM
(THERE MAY BE VARIENTS OF THIS SUCH AS KJOB, OR KILLJOB). BY THE WAY, YOU CAN
SAY (IF YOU HAVE PRIVS) => LOGOUT USERNAME AFL KILLS THE USERNAME'S TERMINAL.

THERE ARE MANY MORE COMMANDS, SO TRY THEM OUT. JUST REMEMBER: LEAVE THE
ACCOUNT IN THE SAME STATE AS YOU FOUND IT. THIS WAY THEY MAY NEVER KNOW THAT
YOU ARE PLAYING LEECH OFF THEIR ACCT. NEXT TIME: THE BASICS OF HACKING II: V
AX'S (UNIX)
******************************************************************************
THIS ARTICLE WRITTEN BY: THE KNIGHTS OF SHADOW
******************************************************************************

X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Another file downloaded from: The NIRVANAnet(tm) Seven

& the Temple of the Screaming Electron Taipan Enigma 510/935-5845
Burn This Flag Zardoz 408/363-9766
realitycheck Poindexter Fortran 510/527-1662
Lies Unlimited Mick Freen 801/278-2699
The New Dork Sublime Biffnix 415/864-DORK
The Shrine Rif Raf 206/794-6674
Planet Mirth Simon Jester 510/786-6560

"Raw Data for Raw Nerves"
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
** THE BASICS OF HACKING II: VAX'S ** UNIX **

UNIX IS A TRADEMARK OF BELL LABS ** ** (AND YOU KNOW WHAT *THAT* MEANS) ** **
WELCOME TO THE BASICS OF HACKING II: VAX'S AND UNIX. IN THIS ARTICLE, WE
DISCUSS THE UNIX SYSTEM THAT RUNS ON THE VARIOUS VAX SYSTEMS. IF YOU ARE ON
ANOTHER UNIX-TYPE SYSTEM, SOME COMMANDS MAY DIFFER, BUT SINCE IT IS LICENCED
TO BELL, THEY CAN'T MAKE MANY CHANGES. HACKING ONTO A UNIX SYSTEM IS VERY
DIFFICULT, AND IN THIS CASE, WE ADVISE HAVING AN INSIDE SOURCE, IF POSSIBLE.
THE REASON IT IS DIFFICULT TO HACK A VAX IS THIS: MANY VAX, AFTER YOU GET A
CARRIER FROM THEM, RESPOND=> LOGIN: THEY GIVE YOU NO CHANCE TO SEE WHAT THE
LOGIN NAME FORMAT IS. MOST COMMONLY USED ARE SINGLE WORDS, UNDER 8 DIGITS,
USUALLY THE PERSON'S NAME. THERE IS A WAY AROUND THIS: MOST VAX HAVE AN
ACCT. CALLED 'SUGGEST' FOR PEOPLE TO USE TO MAKE A SUGGESTION TO THE SYSTEM
ROOT TERMINAL. THIS IS USUALLY WATCHED BY THE SYSTEM OPERATOR, BUT AT LATE HE
IS PROBABLY AT HOME SLEEPING OR SCREWING SOMEONE'S BRAINS OUT. SO WE CAN
WRITE A PROGRAM TO SEND AT THE VAX THIS TYPE OF A MESSAGE: A SCREEN FREEZE
(CNTRL-S), SCREEN CLEAR (SYSTEM DEPENDANT), ABOUT 255 GARBAGE CHARACTERS, AND
THEN A COMMAND TO CREATE A LOGIN ACCT., AFTER WHICH YOU CLEAR THE SCREEN
AGAIN, THEN UN- FREEZE THE TERMINAL. WHAT THIS DOES: WHEN THE TERMINAL IS
FROZEN, IT KEEPS A BUFFER OF WHAT IS SENT. WELL, THE BUFFER IS ABOUT 127
CHARACTERS LONG. SO YOU OVERFLOW IT WITH TRASH, AND THEN YOU SEND A COMMAND
LINE TO CREATE AN ACCT. (SYSTEM DEPENDANT). AFTER THIS YOU CLEAR THE BUFFER
AND SCREEN AGAIN, THEN UNFREEZE THE TERMINAL. THIS IS A BAD WAY TO DO IT, AND
IT IS MUCH NICER IF YOU JUST SEND A COMMAND TO THE TERMINAL TO SHUT THE SYSTEM
DOWN, OR WHATEVER YOU ARE AFTER... THERE IS ALWAYS, *ALWAYS* AN ACCT.
CALLED ROOT, THE MOST POWERFUL ACCT. TO BE ON, SINCE IT HAS ALL OF THE SYSTEM
FILES ON IT. IF YOU HACK YOUR WAY ONTO THIS ONE, THEN EVERYTHING IS EASY FROM
HERE ON... ON THE UNIX SYSTEM, THE ABOR T KEY IS THE CNTRL-D KEY. WATCH HOW
MANY TIMES YOU HIT THIS, SINCE IT IS ALSO A WAY TO LOG OFF THE SYSTEM! A
LITTLE ABOUT UNIX ARCHITECHTURE: THE ROOT DIRECTORY, CALLED ROOT, IS WHERE
THE SYSTEM RESIDES. AFTER THIS COME A FEW 'SUB' ROOT DIRECTORIES, USUALLY TO
GROUP THINGS (STATS HERE, PRIV STUFF HERE, THE USER LOG HERE...). UNDER THIS
COMES THE SUPERUSER (THE OPERATOR OF THE SYSTEM), AND THEN FINALLY THE NORMAL
USERS. IN THE UNIX 'SHELL' EVERYTHING IS TREATED THE SAME. BY THIS WE MEAN:
YOU CAN ACCESS A PROGRAM THE SAME WAY YOU ACCESS A USER DIRECTORY, AND SO ON.
THE WAY THE UNIX SYSTEM WAS WRITTEN, EVERYTHING , USERS INCLUDED, ARE JUST
PROGRAMS BELONGING TO THE ROOT DIRECTORY. THOSE OF YOU WHO HACKED ONTO THE
ROOT, SMILE, SINCE YOU CAN SCREW EVERYTHING... THE MAIN LEVEL (EXEC LEVEL)
PROMPT ON THE UNIX SYSTEM IS THE $, AND IF YOU ARE ON THE ROOT, YOU HAVE A #
(SUPER- USER PROMPT). OK, A FEW BASICS FOR THE SYSTEM... TO SEE WHERE YOU
ARE, AND WHAT PATHS ARE ACTIVE IN REGUARDS TO YOUR USER ACCOUNT, THEN TYPE =>
PWD THIS SHOWS YOUR ACCT. SEPERATED BY A SLASH WITH AN OTHER PATHNAME (ACCT.),
POSSIBLY MANY TIMES. TO CONNECT THROUGH TO ANOTHER PATH, OR MANY PATHS, YOU
WOULD TYPE: YOU=> PATH1/PATH2/PATH3 AND THEN YOU ARE CONNECTED ALL THE WAY
FROM PATH1 TO PATH3. YOU CAN RUN THE PROGRAMS ON ALL THE PATHS YOU ARE
CONNECTED TO. IF IT DOES NOT ALLOW YOU TO CONNECT TO A PATH, THEN YOU HAVE
INSUFFICIENT PRIVS, OR THE PATH IS CLOSED AND ARCHIVED ONTO TAPE. YOU CAN RUN
PROGRAMS THIS WAY ALSO: YOU=> PATH1/PATH2/PATH3/PROGRAM-NAME UNIX TREATS
EVERYTHING AS A PROGRAM, AND THUS THERE A FEW COMMANDS TO LEARN... TO SEE WHAT
YOU HAVE ACCESS TO IN THE END PATH, TYPE=> LS FOR LIST. THIS SHOW THE
PROGRAMS YOU CAN RUN. YOU CAN CONNECT TO THE ROOT DIRECTORY AND RUN I T'S
PROGRAMS WITH=> /ROOT BY THE WAY, MOST UNIX SYSTEMS HAVE THEIR LOG FILE ON THE
ROOT, SO YOU CAN SET UP A WATCH ON THE FILE, WAITING FOR PEOPLE TO LOG IN AND
SNATCH THEIR PASSWORD AS IT PASSES THRU THE FILE. TO CONNECT TO A DIRECTORY,
USE THE COMMAND: => CD PATHNAME THIS ALLOWS YOU TO DO WHAT YOU WANT WITH THAT
DIRECTORY. YOU MAY BE ASKED FOR A PASSWORD, BUT THIS IS A GOOD WAY OF FINDING
OTHER USER NAMES TO HACK ONTO. THE WILDCARD CHARACTER IN UNIX, IF YOU WANT TO
SEARCH DOWN A PATH FOR A GAME OR SUCH, IS THE *. => LS /* SHOULD SHOW YOU
WHAT YOU CAN ACCESS. THE FILE TYPES ARE THE SAME AS THEY ARE ON A DEC, SO R
EFER TO THAT SECTION WHEN EXAMINING FILE. TO SEE WHAT IS IN A FILE, USE THE
=> PR FILENAME COMMAND, FOR PRINT FILE. WE ADVISE PLAYING WITH PATHNAMES TO
GET THE HANG OF THE CONCEPT. THERE IS ON-LINE HELP AVAILABLE ON MOST SYSTEMS
WITH A 'HELP' OR A '?'. WE ADVISE YOU LOOK THRU THE HELP FILES AND PAY ATTENT
ION TO ANYTHING THEY GIVE YOU ON PATHNAMES, OR THE COMMANDS FOR THE SYSTEM.
YOU CAN, AS A USER, CREATE OR DESTROY DIRECTORIES ON THE TREE BENEATH YOU.
THIS MEANS THAT ROOT CAN KILL EVERY- THING BUT ROOT, AND YOU CAN KILL ANY THAT
ARE BELOW YOU. THESE ARE THE => MKDIR PATHNAME => RMDIR PATHNAME COMMANDS.
ONCE AGAIN, YOU ARE NOT ALONE ON THE SYSTEM... TYPE=> WHO TO SEE WHAT OTHER
USERS ARE LOGGED IN TO THE SYSTEM AT THE TIME. IF YOU WANT TO TALK TO THEM=>
WRITE USERNAME WILL ALLOW YOU TO CHAT AT THE SAME TIME, WITHOUT HAVING TO
WORRY ABOUT THE PARSER. TO SEND MAIL TO A USER, SAY => MAIL AND ENTER THE
MAIL SUB-SYSTEM. TO SEND A MESSAGE TO ALL THE USERS ON THE SYSTEM, SAY => WALL
WHICH STANDS FOR 'WRITE ALL' BY THE WAY, ON A FEW SYSTEMS, ALL YOU HAVE TO DO
IS HIT THE KEY TO END THE MESSAGE, BUT ON OTHERS YOU MUST HIT THE
CNTRL-D KEY. TO SEND A SINGLE MESSAGE TO A USER, SAY => WRITE USERNAME THIS IS
VERY HANDY AGAIN! IF YOU SEND THE SEQUENCE OF CHARACTERS DISCUSSED AT THE
VERY BEGINNING OF THIS ARTICLE, YOU CAN HAVE THE SUPER-USER TERMINAL DO TRICKS
FOR YOU AGAIN. PRIVS: IF YOU WANT SUPER-USER PRIVS, YOU CAN EITHER LOG IN AS
ROOT, OR EDIT YOUR ACCT. SO IT CAN SAY => SU THIS NOW GIVES YOU THE # PROMPT,
AND ALLOWS YOU TO COMPLETELY BY-PASS THE PROTECTION. THE WONDERFUL SECURITY
CONSCIOUS DEVELOPERS AT BELL MADE IT VERY DIFFICULT TO DO MUCH WITHOUT PRIVS,
BUT ONCE YOU HAVE THEM, THERE IS ABSOLUTELY NOTHING STOPPING YOU FROM DOING
ANYTHING YOU WANT TO. TO BRING DOWN A UNIX SYSTEM: => CHDIR / BIN => RM *
THIS WIPES OUT THE PATHNAME BIN, WHERE ALL THE SYSTEM MAINTENANCE FILES ARE.
OR TRY: => R -R THIS RECURSIVELY REMOVES EVERYTHING FROM THE SYSTEM EXCEPT
THE REMOVE COMMAND ITSELF. OR TRY: => KILL -1,1 => SYNC THIS WIPES OUT THE
SYSTEM DEVICES FROM OPERATION. WHEN YOU ARE FINALLY SICK AND TIRED FROM
HACKING ON THE VAX SYSTEMS, JUST HIT YOUR CNTRL-D AND REPE AT KEY, AND YOU WILL
EVENTUALLY BE LOGGED OUT. THE REASON THIS FILE SEEMS TO BE VERY SKETCHY IS THE
FACT THAT BELL HAS 7 LICENCED VERSIONS OF UNIX OUT IN THE PUBLIC DOMAIN, AND
THESE COMMANDS ARE THOSE COMMON TO ALL OF THEM. WERE COMMEND YOU HACK ONTO
THE ROOT OR BIN DIRECTORY, SINCE THEY HAVE THE HIGHEST LEVELS OF PRIVS, AND
THERE IS REALLY NOT MUCH YOU CAN DO (EXCEPT DEVELOPE SOFTWARE) WITHOUT THEM.
NEXT TO COME: THE BASICS OF HACKING III: DATA GENERAL

THIS ARTICLE WRITTEN BY: THE KNIGHTS OF SHADOW

X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Another file downloaded from: The NIRVANAnet(tm) Seven

& the Temple of the Screaming Electron Taipan Enigma 510/935-5845
Burn This Flag Zardoz 408/363-9766
realitycheck Poindexter Fortran 510/527-1662
Lies Unlimited Mick Freen 801/278-2699
The New Dork Sublime Biffnix 415/864-DORK
The Shrine Rif Raf 206/794-6674
Planet Mirth Simon Jester 510/786-6560

"Raw Data for Raw Nerves"
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
** THE BASICS OF HACKING III: DATA **
******************************************************************************
WELCOME TO THE BASICS OF HACKING III: DATA GENERAL COMPUTERS. DATA GENERAL IS
FAVORED BY LARGE CORPORATIONS WHO NEED TO HAVE A LOT OF DATA ON-LINE. THE DATA
GENERAL AOS, WHICH STANDS FOR ADVANCED OPERATING SYSTEM, IS A VERSION OF
BASTARDIZED UNIX. ALL THE COMMANDS WHICH WERE IN THE UNIX ARTICLE, WILL WORK
ON A DATA GENERAL. ONCE AGAIN, WE HAVE THE PROBLEM OF NOT KNOWING THE FORMAT
FOR THE LOGIN NAME ON THE DATA GENERAL YOU WANT TO HACK. AS SEEMS TO BE
STANDARD, TRY NAMES FROM ONE TO 8 DIGIT S LONG. DATA GENERAL DESIGNED THE
COMPUTER TO BE FOR BUSINESSMEN, AND IS THUS VERY SIMPLISTIC, AND BASICALLY FOOL
PROOF (BUT NOT DAMN FOOL PROOF). IT FOLLOWS THE SAME LOGIN FORMAT AS THE UNIX
SYSTEM: DG=> LOGIN: YOU=> USERNAME DG=> PASSWORD: YOU=> PASSWORD PASSWORDS
CAN BE A MAXIMUM OF 8 CHARACTERS, AND THEY ARE ALMOST ALWAYS SET TO A DEFAULT
OF 'AOS' OR 'DG'. (ANY YOU KNOW ABOUT BUSINESSMEN...) A WORD ABOUT CONTROL
CHARACTERS: CNTRL-O STOPS MASSIVE PRINTOUTS TO THE SCREEN, BUT LEAVES YOU IN
WHATEVER MODE YOU WERE. (A TECHNICAL WORD ON WHAT THIS ACTUALLY DOES: IT
TELLS THE CPU TO IGNORE THE TERMINAL, AND PRINTS EVERYTHING OUT TO THE CPU!
THIS IS ABOUT 19200 BAUD, AND SO IT SEEMS LIKE IT JUST CANCELS.) CNTRL-U KILLS
THE LINE YOU ARE TYPING AT THE TIME. NOW FOR THE WEIRD ONE: CNTRL-C TELLS THE
CPU TO STOP, AND WAIT FOR ANOTHER CNTRL CHARACTER. TO STOP A PROGRAM, YOU
ACTUALLY NEED TO TYPE CNTR L-C AND THEN A CNTRL-B. ONCE YOU GET ON, TYPE
'HELP'. MANY DG (DATA GENERAL) COMPUTERS ARE SOLD IN A PACKAGE DEAL, WHICH
ALSO GETS THE COMPANY FREE CUSTOMIZING. SO YOU NEVER KNOW WHAT COMMANDS THERE
MIGHT BE. SO WE WILL FOLLOW WHAT IS KNOWN AS THE 'ECLIPSE STANDARD', OR WHAT
IT COMES OUT OF THE FACTORY LIKE. TO FIND OUT THE FILES ON THE DIRECTORY YOU
ARE USING, TYPE => DIR TO RUN A PROGRAM, JUST LIKE ON A DEC, JUST TYPE ITS
NAME. OTHER THAN THIS, AND RUNNING OTHER PEOPLE'S PROGRAMS, THERE REALLY ISN'T
A STANDARD... *** HARK, YON OTHER SYSTEM USERS *** TO SEE WHO IS ON, TYPE =>
WHO (AND A LOT OF THE OTHER UNIX COMMAN DS, REMEMBER?). THIS SHOWS THE OTHER
USERS, WHAT THEY ARE DOING, AND WHAT PATHS THEY ARE CONNECTED ACROSS. THIS IS
HANDY, SO TRY A FEW OF THOSE PATHS YOUR SELF. TO SEND A MESSAGE, SAY => SEND
USERNAME THIS IS A ONE TIME MESSAGE, JUST LIKE SEND ON THE DEC 10. FROM HERE
ON, TRY COMMANDS FROM THE OTHER PREVIOUS FILES AND FROM THE 'HELP' LISTING.
SUPERUSER: IF YOU CAN GET PRIVS, JUST SAY: => SUPERUSER ON AND YOU TURN THOSE
PRIVS ON! BY THE WAY, YOU REMEMBER THAT COMPUTERS KEEP A LOG OF WHAT PEOPLE
DO? TYPE: => SYSLOG /STOP AND IT NO LONGER RECORDS ANYTHING YOU DO ON THE
SYSTEM, OR ANY OF THE OTHER USERS. IT SCREAMS TO HIGH HEAVEN THAT IT WAS YOU
WHO TURNED IT OFF, BUT IT KEEPS NO TRACK OF ANY ACCOUNTS CREATED OR WHATEVER
ELSE YOU MAY DO. YOU CAN SAY=> SYSLOG /STA RT TO TURN IT BACK ON (NOW WHY
WOULD YOU WANT TO DO SOMETHING LIKE THAT????? ) TO EXIT FROM THE SYSTEM,
TYPE=> BYE AND THE SYSTEM WILL HANG UP ON YOU. MOST OF THE SYSTEMS AROUND,
INCLUDING DECS, VAX'S, AND DG'S, HAVE GAMES. THESE ARE USUALLY LOCATED IN A
PATH OR DIRECTORY OF THE NAME GAMES OR OR GAMES: TRY LOOKING IN THEM,
AND YOU MAY FIND SOME TREK GAMES, ADVENTURE, ZORK, WUMPUS (WITH BENT ARROWS IN
HAND) OR A MULTITUDE OF OTHERS. THERE MAY ALSO BE GAMES CALLED 'CB' OR
'FORUM'. THESE ARE A SORT OF COMPUTER CONFERENCE CALL. USE THEM ON WEEKENDS,
AND YOU CAN MEET ALL SORTS OF INTERESTING PEOPLE.
******************************************************************************
IF YOU WOULD LIKE TO SEE MORE ARTICLES ON HACKING (THIS TIME FAR MORE THAN JUS
T THE BASICS), OR MAYBE ARTICLES ON NETWORKS AND SUCH, THEN LEAVE US MAIL IF WE
ARE ON THE SYSTEM, OR HAVE THE SYSOP SEARCH US DOWN. WE CALL A LOT OF PLACES,
AND YOU MAY JUST FIND US. THIS COMPLETES THE SERIES OF ARTICLES ON HACKING...
THESE ARTICLES WERE: THE BASICS OF HACKING: INTRODUCTION THE BASICS OF
HACKING I: DEC'S THE BASICS OF HACKING II: VAX'S (UNIX) THE BASICS OF HACKING
III: DG'S THIS AND THE PREVIOUS ARTICLES BY: THE KNIGHTS OF SHADOW [END] 1984
NOTE FOR MORE INFORMATION ON THESE ARTI CLES LEAVE EMAIL TO : THE KNIGHTS OF
SHADOW ON THE PPS SUPERSYSTEM (206) 783-9798 [25] COUNT 'EM [25] MEGS!

X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Another file downloaded from: The NIRVANAnet(tm) Seven

& the Temple of the Screaming Electron Taipan Enigma 510/935-5845
Burn This Flag Zardoz 408/363-9766
realitycheck Poindexter Fortran 510/527-1662
Lies Unlimited Mick Freen 801/278-2699
The New Dork Sublime Biffnix 415/864-DORK
The Shrine Rif Raf 206/794-6674
Planet Mirth Simon Jester 510/786-6560

"Raw Data for Raw Nerves"
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X