Choping Essay, Research Paper
Choping
Contentss ~~~~~~~~
This file will be divided into four parts:
Part 1: What is Choping, A Hacker & # 8217 ; s Code of Ethics, Basic Hacking Safety
Part 2: Package Switch overing Networks: Telenet- How it Works, How to Use it,
Outdials, Network Servers, Private PADs
Part 3: Identifying a Computer, How to Hack In, Operating System
Defaults
Part 4: Conclusion- Final Thoughts, Books to Read, Boardss to Name,
Recognitions
Part One: The Basicss ~~~~~~~~~~~~~~~~~~~~
Equally long as there have been computing machines, there have been hackers. In the 50 & # 8217 ; s
at the Massachusets Institute of Technology ( MIT ) , pupils devoted much clip
and energy to clever geographic expedition of the computing machines. Rules and the jurisprudence were
disregarded in their chase for the & # 8216 ; drudge & # 8217 ; . Merely as they were enthralled with
their chase of information, so are we. The bang of the drudge is non in
interrupting the jurisprudence, it & # 8217 ; s in the chase and gaining control of cognition.
To this terminal, allow me lend my suggestions for guidelines to follow to
guarantee that non merely you stay out of problem, but you pursue your trade without
damaging the computing machines you hack into or the companies who own them.
I. Make non deliberately damage *any* system. II. Do non change any system
files other than 1s needed to guarantee your
flight from sensing and your future entree ( Trojan Horses, Changing
Logs, and the similar are all necessary to your endurance for every bit long as
possible. ) III. Do non go forth your ( or anyone else & # 8217 ; s ) existent name, existent
grip, or existent
phone figure on any system that you entree illicitly. They *can* and
will track you down from your grip! IV. Be careful who you portion
information with. Federals are acquiring trickier.
By and large, if you don & # 8217 ; Ts know their voice phone figure, name, and
business or oasis & # 8217 ; t spoken with them voice on non-info trading
conversations, be wary. V. Do non go forth your existent phone figure to
anyone you don & # 8217 ; T know. This
includes logging on boards, no affair how k-rad they seem. If you
Don & # 8217 ; t cognize the sysop, leave a note stating some trusty people
that will formalize you. VI. Do non chop authorities computing machines. Yes,
there are authorities systems
that are safe to chop, but they are few and far between. And the
authorities has inifitely more clip and resources to track you down than
a company who has to do a net income and justify disbursals. VII. Don & # 8217 ; T usage
codifications unless there is *NO* manner around it ( you don & # 8217 ; Ts have a
local telenet or tymnet outdial and can & # 8217 ; t link to anything 800 & # 8230 ; )
You use codifications long plenty, you will acquire caught. Period. VIII. Don & # 8217 ; t be
afraid to be paranoid. Remember, you *are* interrupting the jurisprudence.
It doesn & # 8217 ; t ache to hive away everything encrypted on your difficult disc, or
maintain your notes buried in the backyard or in the bole of your auto.
You may experience a small amusing, but you & # 8217 ; ll experience a batch funnier when you
when you meet Bruno, your transvestic cellmate who axed his household to
decease. IX. Watch what you post on boards. Most of the truly great
hackers in the
state station *nothing* about the system they & # 8217 ; re presently working
except in the broadest sense ( I & # 8217 ; m working on a UNIX, or a COSMOS, or
something generic. Not & # 8220 ; I & # 8217 ; m choping into General Electric & # 8217 ; s Voice Mail
System & # 8221 ; or something inane and uncovering like that. ) X. Don & # 8217 ; t be afraid
to inquire inquiries. That & # 8217 ; s what more experient hackers
are for. Don & # 8217 ; t expect *everything* you ask to be answered, though.
There are some things ( LMOS, for case ) that a begining hacker
shouldn & # 8217 ; t muss with. You & # 8217 ; ll either get caught, or screw it up for
others, or both. Eleven. Finally, you have to really chop. You can hang
out on boards all you
privation, and you can read all the text files in the universe, but until you
really get down making it, you & # 8217 ; ll ne’er know what it & # 8217 ; s all about. There & # 8217 ; s
no bang rather the same as acquiring into your first system ( good, ok,
I can believe of a twosome of bigger bangs, but you get the image. )
One of the safest topographic points to get down your choping calling is on a computing machine system
belonging to a college. University computing machines have notoriously slack security, and
are more used to hackers, as every college computing machine depart-ment has one or two,
so are less likely to press charges if you should be detected. But the odds of
them observing you and holding the personel to committ to tracking you down are
slim every bit long as you aren & # 8217 ; t destructive.
If you are already a college pupil, this is ideal, as you can lawfully
explore your computing machine system to your bosom & # 8217 ; s desire, so travel out and look for
similar systems that you can perforate with assurance, as you & # 8217 ; re already
familar with them.
So if you merely want to acquire your pess wet, name your local college. Many of
them will supply histories for local occupants at a nominal ( under $ 20 ) charge.
Finally, if you get caught, remain quiet until you get a attorney. Don & # 8217 ; t vol-
unteer any information, no affair what sort of & # 8216 ; trades & # 8217 ; they offer you. Nothing
is adhering unless you make the trade through your attorney, so you might every bit good
shut up and delay.
Part Two: Networks ~~~~~~~~~~~~~~~~~~
The best topographic point to get down choping ( other than a college ) is on one of the
bigger webs such as Telenet. Why? First, there is a broad assortment of
computing machines to take from, from little Micro-Vaxen to immense Crays. Second, the
webs are reasonably good documented. It & # 8217 ; s easier to happen person who can assist
you with a job off of Telenet than it is to happen aid refering your
local college computing machine or high school machine. Third, the webs are safer.
Because of the tremendous figure of calls that are fielded every twenty-four hours by the large
webs, it is non financially practical to maintain path of where every call and
connexion are made from. It is besides really easy to mask your location utilizing
the web, which makes your avocation much more secure.
Telenet has more computing machines hooked to it than any other system in the universe
one time you consider that from Telenet you have entree to Tymnet, ItaPAC, JANET,
DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other webs, all of
which you can link to from your terminus.
The first measure that you need to take is to place your local dialup port.
This is done by dialing 1-800-424-9494 ( 1200 7E1 ) and linking. It will spurt
some refuse at you and so you & # 8217 ; ll acquire a prompt stating & # 8216 ; TERMINAL= & # 8217 ; . This is
your terminal type. If you have vt100 emulation, type it in now. Or merely hit
return and it will default to dumb terminal manner.
You & # 8217 ; ll now acquire a prompt that looks like a @ . From here, type @ degree Celsius mail
and so it will inquire for a Username. Enter & # 8216 ; phones & # 8217 ; for the username. When it
asks for a watchword, enter & # 8216 ; phones & # 8217 ; once more. From this point, it is menu driven.
Use this to turn up your local dialup, and name it back locally. If you don & # 8217 ; T
hold a local dialup, so utilize whatever agencies you wish to link to one long
distance ( more on this later. )
When you call your local dialup, you will one time once more go through the TERMINAL=
material, and one time once more you & # 8217 ; ll be presented with a @ . This prompt lets you know
you are connected to a Telenet PAD. PAD stands for either Packet
Assembler/Disassembler ( if you talk to an applied scientist ) , or Public Access Device ( if
you talk to Telenet & # 8217 ; s selling people. ) The first description is more right.
Telenet plants by taking the information you enter in on the PAD you dialed into,
roll uping it into a 128 byte ball ( usually & # 8230 ; this can be changed ) , and so
conveying it at velocities runing from 9600 to 19,200 baud to another PAD, who
so takes the information and hands it down to whatever computing machine or system it & # 8217 ; s
connected to. Basically, the PAD allows two computing machines that have different baud
rates or communicating protocols to pass on with each other over a long
distance. Sometimes you & # 8217 ; ll detect a clip slowdown in the distant machines response.
This is called PAD Delay, and is to be expected when you & # 8217 ; re directing informations through
several different links.
What do you make with this PAD? You use it to link to remote computing machine
systems by typing & # 8216 ; C & # 8217 ; for connect and so the Network User Address ( NUA ) of the
system you want to travel to.
An NUA takes the signifier of 031103130002520
___/___/___/
| | |
| | |____ web reference
| |_________ country prefix
|______________ DNIC
This is a sum-up of DNIC & # 8217 ; s ( taken from Blade Runner & # 8217 ; s file on ItaPAC )
harmonizing to their state and web name.
DNIC Network Name Country DNIC Network Name Country __________
_____________________________________________________________________
| 02041 Datanet 1 Netherlands |
03110 Telenet USA 02062 DCS Belgium | 03340
Telepac Mexico 02080 Transpac France | 03400 UDTS-
Curacau Curacau 02284 Telepac Switzerland | 04251 Isranet
Israel 02322 Datex-P Austria | 04401 DDX-P Japan
02329 Radaus Austria | 04408 Venus-P Japan 02342
PSS UK | 04501 Dacom-Net South Korea 02382
Datapak Denmark | 04542 Intelpak Singapore 02402
Datapak Sweden | 05052 Austpac Australia 02405
Telepak Sweden | 05053 Midas Australia 02442 Finpak
Finland | 05252 Telepac Hong Kong 02624 Datex-P
West Germany | 05301 Pacnet New Zealand 02704 Luxpac
Luxembourg | 06550 Saponet South Africa 02724 Eirpak
Ireland | 07240 Interdata Brazil 03020 Datapac Canada
| 07241 Renpac Brazil 03028 Infogram Canada |
09000 Dialnet USA 03103 ITT/UDTS USA | 07421
Dompac French Guiana 03106 Tymnet USA |
There are two ways to happen interesting references to link to. The first
and easiest manner is to obtain a transcript of the LOD/H Telenet Directory from the
LOD/H Technical Journal # 4 or 2600 Magazine. Jester Sluggo besides put out a good
list of non-US references in Phrack Inc. Newsletter Issue 21. These files will
Tell you the NUA, whether it will accept cod calls or non, what type of
computing machine system it is ( if known ) and who it belongs to ( besides if known. )
The 2nd method of turn uping interesting references is to scan for them
manually. On Telenet, you do non hold to come in the 03110 DNIC to link to a
Telenet host. So if you saw that 031104120006140 had a VAX on it you wanted to
expression at, you could type @ c 412 614 ( 0 & # 8217 ; s can be ignored most of the clip. )
If this node allows collect billed connexions, it will state 412 614 CONNECTED
and so you & # 8217 ; ll perchance acquire an identifying heading or merely a Username: prompt.
If it doesn & # 8217 ; t let cod connexions, it will give you a message such as 412
614 REFUSED COLLECT CONNECTION with some mistake codes out to the right, and
return you to the @ prompt.
There are two primary ways to acquire around the REFUSED COLLECT message. The
foremost is to utilize a Network User Id ( NUI ) to link. An NUI is a username/pw
combination that acts like a charge history on Telenet. To roll up to node 412
614 with NUI junk4248, watchword 525332, I & # 8217 ; d type the followers: @ degree Celsiuss 412
614, junk4248,525332 9999 in that prefix, doing a note of all the bearers you
discovery. There is
package available to make this for about every computing machine in the
universe, so you don & # 8217 ; Ts have to make it by manus.
Part Three: I & # 8217 ; ve Found a Computer, Now What? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~
This following subdivision is applicable universally. It doesn & # 8217 ; t count how you found
this computing machine, it could be through a web, or it could be from bearer
scanning your High School & # 8217 ; s phone prefix, you & # 8217 ; ve got this prompt this prompt,
what the snake pit is it?
I & # 8217 ; m *NOT* traveling to try to state you what to make one time you & # 8217 ; re inside of any
of these runing systems. Each one is deserving several G-files in its ain right.
I & # 8217 ; m traveling to state you how to place and acknowledge certain OpSystems, how to
attack choping into them, and how to cover with something that you & # 8217 ; ve ne’er
seen before and have know thought what it is.
VMS- The VAX computing machine is made by Digital Equipment Corporation ( DEC ) ,
and runs the VMS ( Virtual Memory System ) operating system.
VMS is characterized by the & # 8216 ; Username: & # 8217 ; prompt. It will non state
you if you & # 8217 ; ve entered a valid username or non, and will unplug
you after three bad login efforts. It besides keeps path of all
failed login efforts and informs the proprietor of the history following clip
s/he logs in how many bad login efforts were made on the history.
It is one of the most unafraid runing systems around from the
outside, but one time you & # 8217 ; re in there are many things that you can make
to besiege system security. The VAX besides has the best set of
aid files in the universe. Just type HELP and read to your bosom & # 8217 ; s
content.
Common Accounts/Defaults: [ username: watchword [ [ , watchword ] ] ]
System: Operator or MANAGER or SYSTEM or SYSLIB
Operator: Operator
SYSTEST: UETP
SYSMAINT: SYSMAINT or SERVICE or DIGITAL
Field: FIELD or SERVICE
Guest: Guest or unpassworded
Demonstration: DEMO or unpassworded
DECNET: DECNET
DEC-10- An earlier line of DEC computing machine equipment, running the TOPS-10
operating system. These machines are recognized by their
& # 8216 ; . & # 8217 ; prompt. The DEC-10/20 series are unusually hacker-friendly,
leting you to come in several of import bids without of all time
logging into the system. Histories are in the format [ xxx, yyy ] where
thirty and yyy are whole numbers. You can acquire a listing of the histories and
the procedure names of everyone on the system before logging in with
the bid.systat ( for SYstem STATus ) . If you seen an history
that reads [ 234,1001 ] BOB JONES, it might be wise to seek BOB or
Jones or both for a watchword on this history. To login, you type
.login thirty, yyy and so type the watchword when prompted for it.
The system will let you limitless attempts at an history, and does
non maintain records of bad login efforts. It will besides inform you
if the UIC you & # 8217 ; re seeking ( UIC = User Identification Code, 1,2 for
illustration ) is bad.
Common Accounts/Defaults:
1,2: SYSLIB or OPERATOR or MANAGER
2,7: MAINTAIN
5,30: Game
UNIX- There are tonss of different machines out at that place that run UNIX.
While some might reason it isn & # 8217 ; t the best operating system in the
universe, it is surely the most widely used. A UNIX system will
normally have a prompt like & # 8216 ; login: & # 8217 ; in lower instance. UNIX besides
will give you limitless shootings at logging in ( in most instances ) , and
there is normally no log kept of bad efforts.
Common Accounts/Defaults: ( note that some systems are instance
sensitive, so utilize lower instance as a general regulation. Besides, many times
the histories will be unpassworded, you & # 8217 ; ll merely drop right in! )
root: root
admin: admin
sysadmin: sysadmin or admin
UNIX: UNIX
uucp: uucp
rje: rje
invitee: invitee
demo: demo
devil: devil
sysbin: sysbin
Prime- Prime computing machine company & # 8217 ; s mainframe running the Primos operating
system. The are easy to descry, as the greet you with
& # 8216 ; Primecon 18.23.05 & # 8242 ; or the similar, depending on the version of the
operating system you run into. There will normally be no prompt
offered, it will merely look like it & # 8217 ; s sitting at that place. At this point,
type & # 8216 ; login & # 8216 ; . If it is a pre-18.00.00 version of Primos,
you can hit a clump of ^C & # 8217 ; s for the watchword and you & # 8217 ; ll bead in.
Unfortunately, most people are running versions 19+ . Primos besides
comes with a good set of aid files. One of the most utile
characteristics of a Prime on Telenet is a installation called NETLINK. Once
you & # 8217 ; re inside, type NETLINK and follow the aid files. This allows
you to link to NUA & # 8217 ; s all over the universe utilizing the & # 8216 ; nc & # 8217 ; bid.
For illustration, to link to NUA 026245890040004, you would type
@ nc:26245890040004 at the netlink prompt.
Common Accounts/Defaults:
Premier PRIME or PRIMOS
PRIMOS_CS PRIME or PRIMOS
PRIMENET PRIMENET
SYSTEM SYSTEM or Prime
NETLINK NETLINK
Trial Trial
GUEST Guest
GUEST1 GUEST
HP-x000- This system is made by Hewlett-Packard. It is characterized by the
& # 8216 ; : & # 8217 ; prompt. The HP has one of the more complicated login sequences
around- you type & # 8216 ; HELLO SESSION NAME, USERNAME, ACCOUNTNAME, GROUP & # 8217 ; .
Fortunately, some of these Fieldss can be left clean in many instances.
Since any and all of these Fieldss can be passworded, this is non
the easiest system to acquire into, except for the fact that there are
normally some unpassworded histories around. In general, if the
defaults don & # 8217 ; t work, you & # 8217 ; ll have to brute force it utilizing the
common watchword list ( see below. ) The HP-x000 runs the MPE operat-
ing system, the prompt for it will be a & # 8216 ; : & # 8217 ; , merely like the logon
prompt.
Common Accounts/Defaults:
MGR.TELESUP, PUB User: MGR Acct: HPONLY Grp: Public house
MGR.HPOFFICE, PUB unpassworded
MANAGER.ITF3000, PUB unpassworded
FIELD.SUPPORT, PUB user: FLD, others unpassworded
MAIL.TELESUP, PUB user: MAIL, others unpassworded
MGR.RJE unpassworded
FIELD.HPPl89, HPPl87, HPPl89, HPPl96 unpassworded
MGR.TELESUP, PUB, HPONLY, HP3 unpassworded
IRIS- IRIS stands for Interactive Real Time Information System. It orig-
inally ran on PDP-11 & # 8217 ; s, but now runs on many other minis. You can
topographic point an Iris by the & # 8216 ; Welcome to & # 8220 ; IRIS & # 8221 ; R9.1.4 Timesharing & # 8217 ; streamer,
and the ACCOUNT ID? prompt. IRIS allows limitless attempts at choping
in, and keeps no logs of bad efforts. I don & # 8217 ; t cognize any default
watchwords, so merely seek the common 1s from the watchword database
below.
Common Histories:
Director
Foreman
Software
Demonstration
PDP8
PDP11
Accounting
VM/CMS- The VM/CMS operating system runs in International Business Machines
( IBM ) mainframes. When you connect to one of these, you will acquire
message similar to & # 8216 ; VM/370 ONLINE & # 8217 ; , and so give you a & # 8216 ; . & # 8217 ; prompt,
merely like TOPS-10 does. To login, you type & # 8216 ; LOGON & # 8216 ; .
Common Accounts/Defaults are:
AUTOLOG1: AUTOLOG or AUTOLOG1
Centimeter: Centimeter
CMSBATCH: CMS or CMSBATCH
EREP: EREP
MAINT: MAINT or MAINTAIN
OPERATNS: OPERATNS or Operator
Operator: Operator
RSCS: RSCS
Smart: Smart
SNA: SNA
VMTEST: VMTEST
VMUTIL: VMUTIL
VTAM: VTAM
NOS- NOS stands for Networking Operating System, and runs on the Cyber
computing machine made by Control Data Corporation. NOS identifies itself
rather readily, with a streamer of & # 8216 ; WELCOME TO THE NOS SOFTWARE
SYSTEM. COPYRIGHT CONTROL DATA 1978,1987 & # 8242 ; . The first prompt you
will acquire will be FAMILY: . Just hit return here. Then you & # 8217 ; ll acquire
a USER Name: prompt. Usernames are typically 7 alpha-numerics
characters long, and are *extremely* site dependant. Operator
histories begin with a figure, such as 7ETPDOC.
Common Accounts/Defaults:
$ SYSTEM unknown
SYSTEMV unknown
Decserver- This is non genuinely a computing machine system, but is a web waiter that
has many different machines available from it. A Decserver will
state & # 8216 ; Enter Username & gt ; & # 8217 ; when you foremost link. This can be anything,
it doesn & # 8217 ; t affair, it & # 8217 ; s merely an identifier. Type & # 8216 ; c & # 8217 ; , as this is
the least conspicuous thing to come in. It will so show you
with a & # 8216 ; Local & gt ; & # 8217 ; prompt. From here, you type & # 8216 ; c & # 8216 ; to
connect to a system. To acquire a list of system names, type
& # 8217 ; sh services & # 8217 ; or & # 8217 ; sh nodes & # 8217 ; . If you have any jobs, online
aid is available with the & # 8216 ; aid & # 8217 ; bid. Be certain and expression for
services named & # 8216 ; MODEM & # 8217 ; or & # 8216 ; DIAL & # 8217 ; or something similar, these are
frequently outdial modems and can be utile!
GS/1- Another type of web waiter. Unlike a Decserver, you can & # 8217 ; T
predict what prompt a GS/1 gateway is traveling to give you. The
default motivate it & # 8216 ; GS/1 & gt ; & # 8217 ; , but this is redifinable by the
system decision maker. To prove for a GS/1, do a & # 8217 ; sh d & # 8217 ; . If that
prints out a big list of defaults ( terminal velocity, prompt,
para, etc & # 8230 ; ) , you are on a GS/1. You connect in the same mode
as a Decserver, typing & # 8216 ; c & # 8216 ; . To happen out what systems
are available, make a & # 8217 ; sh n & # 8217 ; or a & # 8217 ; sh c & # 8217 ; . Another fast one is to make a
& # 8217 ; sh m & # 8217 ; , which will sometimes demo you a list of macros for logging
onto a system. If there is a macro named VAX, for case, type
& # 8216 ; make VAX & # 8217 ; .
The above are the chief system types in usage today. There are
100s of minor discrepancies on the above, but this should be
plenty to acquire you started.
Unresponsive Systems ~~~~~~~~~~~~~~~~~~~~
Occasionally you will link to a system that will make nil but sit at that place.
This is a frustrating feeling, but a methodical attack to the system will
give a response if you take your clip. The undermentioned list will normally do
*something* happen. 1 ) Change your para, informations length, and halt spots. A
system that won & # 8217 ; t re-
spond at 8N1 may respond at 7E1 or 8E2 or 7S2. If you don & # 8217 ; Ts have a term
plan that will allow you put para to EVEN, ODD, SPACE, MARK, and NONE,
with informations length of 7 or 8, and 1 or 2 stop spots, travel out and purchase one.
While holding a good term plan International Relations and Security Network & # 8217 ; t perfectly necessary, it certainly is
helpful. 2 ) Change baud rates. Again, if your term plan will allow you
choose odd
baud rates such as 600 or 1100, you will on occasion be able to perforate
some really interesting systems, as most systems that depend on a strange
baud rate seem to believe that this is all the security they need & # 8230 ; 3 ) Send
a series of & # 8217 ; s. 4 ) Send a difficult interruption followed by a. 5 ) Type a series
of. & # 8217 ; s ( periods ) . The Canadian web Datapac responds
to this. 6 ) If you & # 8217 ; re acquiring refuse, hit an & # 8216 ; i & # 8217 ; . Tymnet responds to this,
as does
a MultiLink II. 7 ) Get down directing control characters, get downing with ^A & # 8211 ; & gt ;
^Z. 8 ) Change terminal emulations. What your vt100 emulation thinks is refuse
may all of a sudden become crystal clear utilizing ADM-5 emulation. This besides
relates to how good your term plan is. 9 ) Type LOGIN, HELLO, LOG, ATTACH,
CONNECT, START, RUN, BEGIN, LOGON, GO,
JOIN, HELP, and anything else