FREQUENCY: Inside the Hacker Mind Freq18 February 2002 1. Introduction "Progression" 2. A Breaking Educational Ladder 3. When Hackers Feel Appreciated 4. Information From the Pros 5. Why a Newbie Stays a Newbie 6. Back in the Day - Retro Tech 2 7. How Shell Accounts Are Stolen 8. Dial Ups - The Forgotten Threat 9. Closing Arguments 10. Crosstalk 11. Crew 1. INTRODUCTION "PROGRESSION" First off, I'd like to personally thank all the readers that came to our aid and supplied us with articles. Let it be known that when faced with a problem, hackers are the first to offer up a solution. And for what? Monetary gain? Notoriety? No, they do it because they want to help. And in this case, they did it because they felt people out there needed to hear what they had to say. There are a very limited number of places where a person can speak their mind without fear, but Frequency is one of them. There are others, public access television is an excellent way. Commercial free radio is another, and yes there are many websites that still allow you to say whatever you want. But regardless of these few exceptions, we've seen the world grow wary of allowing people the right to say what they want for fear of it "offending the wrong person." You've probably done it yourself, have you ever held something back because you didn't want to "make waves?" Or have you ever gone along with something, even though you knew it was unjust, simply because you had no alternative? Well thanks to you, Frequency is that alternative, or rather, one alternative. When you stumbled across this publication you found an oasis of free speech, and thanks to readers like you that oasis is still producing the best examples of free speech known to man. But not everything is quite so perfect, there's still much more to be done. The readers that submitted their work have shown us that they truly care about this ezine, and that they want to see it as often as possible, but it can't stop there. It needs to continue. We don't ask for money to "fund" this publication, all we ask for are your voices. Your thoughts on the technological world, where it's going, where it's been, and what we can all expect. It's these things that make up Frequency, and have done so since the beginning. Even as I write this I can hear the wintery weather hitting my window, and oddly enough it reminds me of the early days of this ezine. The days when I would stay up till all hours putting it together so that it could be sent out, hoping the snow and ice didn't knock out the power before that could be done. And then there were the late nights when the power would, in fact, go out…and I'd be left with nothing more mechanical than a battery powered scanner and flashlight. It was then that I would see just how much we relied on technology, and how I was no longer able to communicate with the outside world, except by phone. But who else would have thought to call a payphone to find out how far the blackout reached? Or to use a CB radio to communicate with truckers who happened to be passing by? No one but a hacker of course, a person who considers it their job to find solutions. To make the impossible, possible. Well let me tell you folks, a lot of people said making an ezine such as this was impossible. But once again, hackers came together and did what they do best. But the trouble we're facing won't simply go away, we will need your support throughout. We received several submissions for this issue and are incredibly grateful, but we can't rely on the same people all the time. So please, if you enjoy reading this ezine, send in an article and speak your mind. And now, without further storytelling, we present to you issue XVIII of Frequency: Inside the Hacker Mind. -screamer 2. A BREAKING EDUCATIONAL LADDER: By Cold Sunn As a part of our growth, we must learn. To make our learning both more efficient and quicker, an educational system was developed. I will not get into the history of education, but I will say that for it to be a success, it has to be both efficient and quick. And because of that, our modern educational system, in America, has failed. Sure, we still manage to pump out brilliant scientists and inventors, and of course, hackers. But, it is still not as efficient as it could be. We begin our schooling in kindergarten where we learn basic addition and subtraction, along with simple spelling and learn social skills. This is a very important step because these first things we learn are what we remember most in our academic life. Afterwards we build upon what we know more and more...or do we? By the 6th grade, I had "learned" grammar and parts of speech 5 times. I think I got it by then. Mathematics is a little different because it is harder. But once we get the hang of it, it becomes easier and easier. I was told that middle school (grades 7-8) would prepare me for high school. It didn't. Not at all. The science and english classes were a joke. I was taking an advanced math course that an average student would not take until high school, so of course that did not prepare me. Geography and history merely bored me. I was also told that high school will prepare me for college. Well, I have news for you. I am not going to college. And I doubt it would have prepared me if I did choose to. The reason I state my opinions on the courses is that I know I am not the only one who feels this way. I am sure that almost all of the readers of Frequency have a genius IQ, and most likely higher than mine. These things that we are "taught," only waste our time. Imagine if you could, instead of grades 7-12, take a one year course. During that course, choosing whatever subjects you felt were interesting. After that, you could begin training for your job or attending a special school or possibly a college. Each day, I go to school and I am thinking about how I could be at home, on my computer learning a programming language anything else that either interests me or helps me with the career I want. Instead, I am sitting in a desk listening to the teacher go on about something I already know. That the whole class should already know, because we have "learned" it before. During my time off from school, I have learned about the technocratic form of government, about tartar based acids, the history of education, the list goes on. I have learned more here than in my classes. Our educational system disappoints me, in classes that call themselves "Honors" I fnd people that forgot glass was clear. I am wasting my time. And if I am going to waste my time, I might as well do it at home. We love to learn. But we are not presented with material to learn, but instead to review. To memorize. 3. WHEN HACKERS FEEL APPRECIATED: by Access Excess What you are reading now is my attempt to write an article about hackers and when they really feel appreciated. So let's get down to business. We'll first start with my own definition of the word/term "hacker": A hacker is a person (male or female, black or white) that takes technology, in all it's forms and studies it and after he learns and understands the ins and outs of that specific technology, be it a cell-phone or any other piece of technology, he tries to exploit it to it's limits and beyond. Also a hacker is a fast learner and a very curios individual eager to explore, with an incredible thirst for knowledge. Of course this is my own opinion on what a hacker is. Now on with the story. I believe that hackers feel useful and pleased with themselves when they use their knowledge for the good of other people and when the those people appreciate them for what they are (explorers), and not for what the media, in all of it's forms and shapes, says (lies) they are. What more pleases a person than the time when he is truly appreciated for his knowledge and the good things that he can do with that knowledge. And hackers make no exception from this rule. A hacker is very happy when he is thanked and cheered by people for his knowledge and the good that he has done with that knowledge and when he is not looked at with hatered and despise or even worse, put behind bars just because he is smarter than the average Joe. But sadly the cheers and thanks come in a percentage of ~90% from other explorers just like him, people that can understand and value his knowledge and actions to the max. I will give an example: Let's take a hacker, we'll call him David. One day he writes a program that goes against the Digital Millennium Copyright Act. After that he puts up a website and on that website he puts his computer program, along with the source code and the documenation for it. When the hacker community hears about this site they all point their browsers to that specific address and get the program. They are all very happy and they thank David for his hard work. David of course is very happy and he soon registers his site with different search engines so his program will be used by used by more and more people. But soon the dark side appears. The FBI finds out about the site and of course being the good guys that they are :) they contact David's hosting company and shut the site down without even asking David about it (I must mention that on the site David puts a little disclamer that stated that he will not be held responsible for what this program is used for). Even more, they get all his personal information (full name, address etc.),despite the fact that the privacy policy of the hosting company stated that no one will have access to his personal info without his knowledge. A day later, the FBI van stops by his house and 6 agents armed with M-16s break down the door and keep his parents at gun point until the other agents go upstairs in his room. David suddenly woke up with a gun at his face and was dragged downstairs where he is loaded in the van like trash. Of course he is judged by a person with zero computer knowledge and he is found guilty in less that an 8 hours and is sentenced to 5 years in prison, no bail, and he is forbidden to use a computer or any device that could acces the Internet until the age of 25 (he is just 15). With his life ruined and with almost zero chance to get a decent job he spends the rest of his life in missery and in sadness, and all of this because he used his brain above the government's allowed limit. So here you have it fellow explorers. This is Access Excess saying Break the System, Explore and Keep it Safe! axs_xs@rol.ro PAGE 2 --> 4. INFORMATION FROM THE PROS: content submitted by Unreal, with commentary from Screamer Chaotix Recently I had received some items that I found rather disturbing. They were sent in by our own NT specialist Unreal, and deal with several computer related issues. While none of these topics is particularly troublesome on their own, the fact that they were provided to students from supposed "professionals" may leave you with a bad taste in your mouth. The first item is a warning we've all seen, a cry for users to maintain complex passwords that cannot be brute forced. Read it for yourself, and remember that we had no part in editing the message. The terms presented here are of their own dictation. _________________________________________________________________________________ A guide to Unix account passwords and password security (This document does not address WWW page passwords, Netscape passwords, or any other passwords for that matter.) What is a password, exactly? A password is a string of characters you give to verify that you're you when you log in to a UNIX system. On most systems, a password is between 6 and 8 characters long. You can use upper-case and lower-case letters, numbers, and symbols in your password. One caveat: don't use the at sign (@) or the hash sign (#) in your password. These two characters have special meanings on some UNIX systems. What is password security? Password security mainly consists of 4 things: Don't tell anyone your password. Don't write your password down anywhere. When you decide on a password, make sure it can't be guessed. If you think there's even a chance someone else might know your password, change it. Why is password security important? There are people out there (henceforth known as Evil Crackers) who will attempt to find out, or crack, your password. Once they get your password, they can do awful things to any information stored in your account. Even worse, they may be able to do awful things to the accounts of other people on the system, or even break in to systems across the world from ours. So the argument, "I don't need a good password, I don't have anything in my account, anyway" doesn't work. System security is everyone's responsibility. Why can't I tell anyone my password? Because you don't know where the information will go after it leaves your lips. Even if you only tell one other person, they could tell one other person, and so on, until your password is in the hands of an Evil Cracker. Besides, why do you want to tell someone your password, anyway? On most UNIX systems (including the ones at Cal Poly), you're not allowed to share your account with someone else. So there would be no legitimate reason for them to use your password. Why can't I write down my password? Again, because you don't know where the information will go after it leaves your brain. A password written on a piece of paper is simply too easy to lose. And someone might be watching the next time you take out that piece of paper to log in. Better to just remember it. How can I tell if my password can be guessed? First, you have to know how Evil Crackers guess passwords. Your password is stored on the system in encrypted form. It has been run through an encryption math algorithm. There is no algorithm that will take a password in encrypted form and give back the original password. So not even the sysadmin knows your password. So Evil Crackers can't find out your password just by asking the system. Instead, they use a program called Crack to breach password security. The Crack program works by taking strings of characters and encrypting them, then comparing the encrypted text against your password in encrypted form. If the two encrypted versions are the same, then the string of characters is your password. It would take way too long to simply try every combination of letters you could have as your password -- over 100,000 years on a reasonably fast machine. So Crack tries the most likely combinations. First, it starts with everything it can find out about you on the system, like your login name, your full name, your address, your social security number, etc. Trying all of these takes a few seconds. Then it moves on to a huge "dictionary" containing words from all languages, place names, people names, names of charaters in books, jargon, slang, and acronyms. It tries all of them as your password. This takes several minutes. After Crack is done with that, it tries variations on those words, such as: any word, written backwords any word, with a punctuation character at the end any word, with a punctuation character at the beginning any word, with a punctuation character in the 3rd character place any word, replacing all ts with 3s any word, capitalized any two words, put together with a number between them and so on. It tries every combination you can imagine. So since you don't want Evil Crackers to crack your password, never use any password based on a word. First you tell me I can't write passwords down. Now you tell me I can't use passwords based on words. How am I ever going to make a password that I can remember? There are tricks to creating a good password that can't be guessed, yet can be remembered. Here's one of the tricks: take a phrase you like and will remember. Now use the first letter of each word. Add any appropriate capitalizations, punctuation, and other character manipulations. For example: three blind mice, see how they run would end up as 3bm,shtr But don't use this one now that I've given it as an example. What if I just use a word as my password? You'll never know. Not true. In order to keep up security on our systems, we run Crack on your password. We figure that if we can find out your password, so could an Evil Cracker. If we discover your password that way, we'll freeze your account to keep anyone else from abusing your account. You'll have to make an appointment to see your system administrator. He/She will make sure you understand everything discussed in this document before unfreezing your account. Written by: kathleen@drseuss.acs.calpoly.edu ___________________________________________________________________________ I suppose I could provide a bit more commentary, but when they're the ones using words like "Evil Cracker" I think they speak for themselves. Next up are two assignments that Unreal, and all other students at his school, has to do in their computer science course. The irony is a bit thicker if you remember that Unreal was formerly employed as a network administrator. ___________________________________________________________________________ Essential Introduction to Computers Name ______________________________________ Date ______________________ Multiple Choice Instructions: Print the page. Circle the correct response. 1. People who use computers directly or use the information they provide are called _________. A) operators B) programmers C) hackers D) users 2. The four operations that comprise the information processing cycle are input, process, output and _________ . A) data B) hardware C) storage D) software 3. All computer processing requires ____________ . A) analysis B) data C) a spread sheet D) functions 4. The five components of a computer are the CPU, input devices, output devices, ____________ and ____________. A) memory, storage B) keyboard, mouse C) disk drive, monitor D) programs, RAM 5. ____________ is the time it takes to locate and retrieve data. A) Processing time B) Access time C) Mega Hertz D) Millisecond 6. One billion bytes are called a ____________. A) kilobyte B) megabyte C) gigabyte D) zigabyte 7. The process of loading the operating system into memory when a computer is powered on is called ____________ . A) loading B) initializing C) booting D) starting 8. ____________ consists of programs to control the operations of computer equipment. A) System software B) Application software C) Spreadsheet software D) Database software 9. A network that covers a large geographical area is called a ____________ . A) local area network B) large area network C) wide area network D) distant area network 10. ____________ software allows the user to enter, retrieve, and update data in an organized and efficient manner. A) Word processing B) Electronic spreadsheet C) Database E) Presentation graphics _________________________________________________________________________ Essential Introduction to Computers Name ______________________________________ Date ______________________ True/False Instructions: Print the page. Circle T if the statement is true or F if the statement is false. T F 1. Information is a collection of raw facts, figures, and symbols given to a computer during the input operation. T F 2. For a computer to perform operations, it must be given a set of instructions that tells it exactly what to do. T F 3. The central processing unit contains the electronic circuits that cause computer processing to occur. T F 4. A memory location can hold different amounts of data depending of the computer and memory size. T F 5. A track is a narrow recording band that forms a full circle on the surface of a disk. T F 6. Auxiliary storage devices are used to store instructions and data when they are not being used in memory. T F 7. A network that connects computers in a limited geographic area is called a local area network. T F 8. When purchasing a computer, you should buy the least expensive one for what you need, because they are all pretty much the same today. T F 9. A spreadsheet is an effective tool for summarizing and comparing prices and components of different computers. T F 10. It is recommended that you buy the smallest computer available, and upgrade the system later if needed. _________________________________________________________________________ Perhaps it isn't fair to summarize the quality of a course based on two assignments and foolishly worded warning, but how much more do we need to show? Dare we skip ahead to the end of the book and read about such advanced topics as "telnet?" I think the point has been made. Today's computer science engineers are limited by what these dull textbooks instruct them to do, causing them to see things as black and white. There is no experimentation, there is no fun, and when we lose these things the only motivation that remains is to "keep the boss happy." How can these computer majors ever hope to combat a growing wave of hackers, some of whom sit at their computers 24 hours a day, 7 days a week? The engineers will do whatever gets them paid, the hackers on the other hand, love to show how smart they are. 5. WHY A NEWBIE STAYS A NEWBIE: by Bilal I was stunned the other day by the fact that increasing amounts of people that use computers HAVE NO IDEA WHAT THEY ARE DEALING WITH. And all thank's goes to MicroAss, AKA "Microsoft". As the easier it gets to use a PC the more people are discouraged to know more about it. Personally I don't care, but when you think of it there are a lot of people out there with potential, who want to learn about becoming a hacker, but they don't know where or how to start. Many don't have enough incentive to start learning, that's why we see a lot of them quit even before they start and many go the wrong way. Why would any one learn how to type the copy command when they can do it with a mouse click, or learn how an exploit works and apply it, when "with another mouse click" he can d/l the script and hack a web-site. Where did the fun of learning & exploring go, and even greater than that, the enormous feeling you get when you know that you have found something new. The only thing he learned is how to click a mouse, and that is boring so he quits. I have seen some of the ideas about newbies, they are boring and stupid with their stupid questions, How do I hack a web-site? of course it is stupid to you, but it is a very smart question to him. Like when you ask a nuclear physicist how to make a nuclear bomb? if he has some humor, he will tell you to get a radioactive uranium atom or a couple and start shooting them with a neutron gun "I wouldn't like to be anywhere near you when you hit one" Screamer and Dash gave a good attitude by letting them hang around, it made it easier for them but is it any better, if you spent all your life looking at a nuclear physicist working, you won't understand anything, unless he gives you 30 minutes of his precious time every day to explain to you what he is doing, eventually you will help him or even invent your own physics low. what I'm saying is that if every hacker adopt's a newbie and become's his Mentor teaching him what to do where to go and how, you may never know he might become your friend and partner in your adventures on the net, some may say and have said that as they had hard time learning the newbie need's to have the same hard time. I'm not telling you to give him all that you have learned on a silver plate, just give him some pointers, some texts to read and a home work assignment, something to make him think to get to the same conclusion you made when you were like him. Make it like the movies, the wise old man give's a hint to the hero and the hero spend's day's even week's before he understand's him, don't make it as hard you have to be the judge of it, as you know how smart is your student and how fast he will catch on. but the important thing is to be PATIENT with him. The next question is why do I need to do this? easy, everyone has a reason but you have to look for it, like :- do you like to teach. do you want the hacker community to fade. do you want bill gate's have his way by keeping all the user's dumb, and sell them a high prised OS. do you want the government to keep calling us criminals and terrorist's. do you have spare time and want to do some thing. do you like to brag? Then brag on about how you turned this boy to an elite hacker. there are many reasons why you are going to teach some one, but most important, if you hate teacher's it's because your teacher's ware bad teachers, be a good teacher and a Mentor and a Friend.Our strength came from us out smarting every one else and by our number's no matter how they tried to catch us, imprison us we are going to stay as long as we stay together. as it said in "The Hacker's Manifesto", I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike. +++Mentor+++ This is my opinion if you have a better solution, Please write about it and send it to Frequency. PAGE 3 --> 6. BACK IN THE DAY - RETRO TECH 2: by Screamer Chaotix Back in Freq6 I had written an article that seems to have had a great impact on a lot of people. It was called, surprisingly enough, "Retro Tech," and dealt mainly with people who refuse to let go of the past. Oddly, these people had typically never even experienced the past years of technology! They were usually new to the game and became obsessed with text files they had read, and this would lead them to fixate on things that no longer existed. One important fact the first article missed, and which I hope to cover here, was that Retro Tech is not always a bad thing. If you have a friend, or perhaps it's you, who insists on dialing using a rotary phone, or spends his days searching for dial up bbs's, then perhaps they/you should get with the times. On the other hand, using older forms of communications and computers can sometimes be the best way to go. 1995, a year of shell accounts and dial ups. The world had become more interconnected than ever, with thousands of people hopping on services such as escape.com, panix.com, and of course The Well out in San Francisco. These were some of the same systems Kevin Mitnick did his hacking on, transferring files to and from different machines, telnetting to strange new places, and learning all sorts of new and exciting things. Other hackers were here as well, sharing information on usenet, using "Talk" to communicate with other users on UNIX boxes, and sending email all over the world. It was truly the beginning of a connected world, where explorers and adventurers were welcome to move about and see what they could find. There was no clutter, little spam, pop ups did not exist…it was really a great time to be a hacker. But now, things have changed. Now, more than ever, things are done on the world wide web. With cutesy web pages, push and click messaging services, and computers so simple that anyone can use them, technology has become a tool of both business and everyday communications. And while few would argue that either of these is a bad thing, many hackers long for the days of yesteryear. The days when files were moved using command line-driven FTP programs, and connections were established through telnet. Yes, these days are over. Or are they… While using my Linux box to telnet into my former university's VAX (relax, the account was legit), and then transfer files from it back to my home…I saw for the first time that I too had a serious case of Retro Tech. No, not in the traditional sense of the term. I wasn't trapped in an old fashion world unable to break free, I knew perfectly well I could have used some fancy GUI FTP program to get the job done, but at the same time I didn't want to. It wasn't that a command line FTP program amazed me, it was because I preferred it. There were no pop ups, no annoying confirmation beeps…just a program that got the job done. It didn't end there, next I telnetted to my account on freeshell.org, and then over to m-net.arbornet.org. Once there, I typed "w" to see who was on and what they were doing, followed by an email check, and last but not least some file cleaning. Here I was, using shell accounts and old fashion technology…not because I had to, because I wanted to. Why? Why would anyone want to use Talk when ICQ is so much easier? Why telnet to a remote machine to store files when hard drives are cheap as can be nowadays? I suppose the only explanation is the one I've created, I have a slight case of Retro Tech. I prefer to use Linux, command lines, telnet, and other old fashion technologies. I prefer it because it's more involved, and more know-how is required, something that newer ways lack. Seldom, if ever, do you need to know how a browser opens a connection to port 80 in order for you to view a web page. It's all done behind the scenes. But with these older ways, you need to have a better understanding of the computing environment around you. Maybe this turns other people away, but I find it extremely appealing. You get what you want without the clutter. Let us not however, forget the best part of all about using these older ways…it's fun. Visiting a web page is by far an exciting thing anymore. You open a connection to their http port and view it's content, wow. But by connecting to another machine using telnet, and now of course ssh, you can actually control another computer out on the internet, which is what hackers love to do. You can talk with other users on that machine, and be comfortable in the knowledge that they too know at least a little about the machine they're using. The people using AOL by choice are rarely on there, because the only thing they want to interact with are the push and click aspects of the internet. They have no desire to learn how it all works, to use their minds, and above all else, they have no desire to explore. Hackers do, which is why I think these shell accounts are so essential. Outdated, perhaps. But they're still a viable source for both information and fun on the net. So go ahead, use your instant messengers and webpages…if you want me, I'll be logged into m-net or freeshell, along with all the other people infected with Retro Tech. -screamer 7. HOW SHELL ACCOUNTS ARE STOLEN: by JayX This article could be called "Getting Free Shell Accounts," but since that's not a guarantee (and quite illegal) I decided against it. Recently, I'd say within the past two weeks or so, several people had approached me with a problem. They had scoured the internet for free shell accounts that would allow them to have access to telnet, ftp, irc, and other daemons. Most of the time what they found were shells with restrictions, such as sdf.lonestar.org. While any free service is good, these people wanted more. They wanted shells that would allow them to actually make outbound connections, rather than just write text files. And let's face it, that's pretty much all you can do with most shells. Considering I'm not really an anarchist type of person, I don't see a problem with someone charging users to use their machine and services…isn't that fair? Sending a single payment of 30 dollars for a lifetime of unlimited, unrestricted access sounds like a great deal to me…but apparently others disagree. For that reason, I've written up this article as a way of showing people some alternatives. But most importantly, considering I don't condone illegal activity in anyway, this article will show you how to scan networks more efficiently. Remember, I said more efficiently…not more safely. While there may be absolutely nothing illegal about port scanning, a lot of people don't like it and are not afraid to show it. First off, let's assume you did want a shell. And rather than take the smart course of action and simply purchase one, you choose to rip off someone else's. How would you go about doing it? Telnet to a site and try brute forcing? No, you'd need to be a bit smarter than that. Although brute forcing is the method we will use, and you'll see why in a moment. First off, what you're going to want to do is get a copy of Nmap for Linux, or Superscan for Windows. Again, I can't stress enough that it's up to you to use these tools the best you can and at your own discretion. With that out of the way, let's assume you're using Nmap (as Superscan is somewhat self explanatory). What you'll want to do is find a large network, I recommend at least a Class B. A university is a good bet. Run Nmap as follows (note the #, you'll need root to make these packets): #nmap -sS -p79 XXX.XXX.1-255.* >/home/user/username/university & This will run a stealth scan for port 79 on the entire network, and considering it will take some time I've chosen to run it in the background using &. As you know, port 79 is "finger," and will allow you to see who's logged onto the machine. This is the first step toward getting a shell, as well as getting a better idea of who's logged on where. Now if you're like me, you may be saying "Who the hell would leave finger open?" and that's an excellent question, considering it's such a foolish thing to do. You must realize though, that we're talking about a university or business with hundreds of machines. It's extremely likely that some have finger open…in fact, I'm willing to bet a lot do. OK, now that the scan has completed and saved itself to the file named "university" in your home directory, let's search through the results. Yes, we could use "less" and scan through the file, but let's make the machine do the work for us. Type the following: #grep -C open university | less Grep is a fantastic program, one of my favorites actually, because it can help cut down on needless searching. When issued as it was above, grep will search the text file "university" for the word "open." The -C option prints out the lines surrounding the word, and the default number of lines is 2. This will enable us to see the IP address of the machine with the open finger port. And of course, all of this is piped into less so that we can view it more easily. Should you choose, you may also add ">/home/user/username/universityopen" to the end of the above command, instead of piping it into less. This will allow you to have a new file where only the information you want is stored. But however you choose to do this, you should now have a listing of all machines on the network that have finger open. Alright, time to get some usernames. Begin by fingering the first machine on the list, let's use 148.144.24.88 for example (note: that's a made up IP). If finger is open, and people are logged onto that machine, you should see a list of usernames. Beside them, a list of the users REAL names. If you like, you can either write these down or save them to a file. Continue this process, fingering each open machine you found, until you have all the usernames you can get. Now, here comes the truly tedious part…but that's the price you pay for the life you choose. Sorry, thought I'd throw in a little Godfather III there. If you really want to try for a shell, you need to take the usernames and try each one of them at a login screen for that particular system. To save time, I recommend trying the username as the pass, the person's real last name, or perhaps some combination of their first and last names. For example, John Smith could be jsmith or smithj. If you've found enough usernames, you'll most likely come across one that has a ridiculously easy password. Maybe the pass will even be something like 1234…believe me, people do make foolish passwords. Most of the time it's because they have one of those "who's going to hack me?" attitudes, and they wind up making something so insanely easy to guess it's amazing they're even allowed on the computer. If you've stuck through all of this pointless garbage, you probably have a shell account. Congrats, I hope you can do whatever you want. Now comes the reality check. Every time you connect your location is logged, and this can easily be checked by the rightful owner. I'm always sure to do a "last jayx" whenever I login, to make sure there are no locations I don't recognize…and if I find one, I'm quick to let it be known. Also, if you go about this you'd be foolish to store files, even in hidden directories. The best you could possibly do is use this as a wingate, but why bother when so many routers and peripherals (see back issues) are wide open? All you'd be doing is getting someone in trouble (yes even with the routers and peripherals). True you could commandeer the account, perhaps find someone that never logs on…maybe then you could own it for a while, but most likely the rightful person will notice something is up. And even if you don't get caught, odds are you'll lose the account. Well ladies and gents, that's how accounts are stolen. This article doesn't cover people who get root, only those that wish for user level access for whatever reason. But as we all know, once you're in obtaining root gets a whole lot easier. I hope you found this article informative, entertaining, and educational. Hopefully it's taught you that no one is immune, so be sure to use secure passwords. It might not protect you from everything, but it should help make things difficult for an intruder. Thanks for reading, and remember…buying a shell is the way to go. 8. DIAL UPS - THE FORGOTTEN THREAT: by Sad Is Tic Ah yes, wardialers. I love them…but according to a lot of people they're of no use to me anymore. Everything is done on the internet nowadays. Everything is connected using TCP/IP. Everything. You see, I never liked that word. Everything was so final, so damn all encompassing. And you know what? In this case, it's one hundred percent wrong. Wardialers, or demon dialers, came about in the 80's as a way of dialing thousands of phone numbers automatically, without having to partake in the tedious process of dialing digits by hand. You phone phreaks may still obsess over that, but these dialers came about to make it extinct (why people like doing things the hard way I'll never know). Here's how they worked. You would open the program in a dos window, point it to your modem port, and give it a block of numbers to dial. There were other options as well, such as how long to wait before dialing the next number etc, but that's not important right now. Once set, you would run the program and sit back. Hell, you could even go to sleep. The wardialer would call up all the numbers you specified, searching for carrier frequencies. Numbers that led to modems, and upon finding one, would mark it so you could check it out later. Yes, some people complain that these things annoy far too many people…in fact, if you call a thousand homes, you're essentially making a thousand people run for the phone. But remember this…you only need to call each person once. And if they have a phone, I see no harm in calling it once. But that's not done today, right? For the most part, to state something like that would be correct. However, this, like so many other things, is a huge misconception. There is nothing about computers today that says they can't still be dialed into. Modems are still set up, plugged in, and ready to receive outside calls. In fact, services such as time clocks (2600 18:3) still use dial up numbers. But that's not all, many businesses have dial ups wide open without even knowing it. Or perhaps my favorite one of all, some companies think that just because they're not on the net they're safe…how wrong they are. Using a wardialer such as ToneLoc, scan your local exchanges. Let it go overnight, or for as long as you have to. The phone company shouldn't care, at most all they'll do is ask you what's going on. And once done, see how many carriers you received. Perhaps more than you expected. Here's the fun part, using a dial up program (Windows hyperterminal works nicely, but Linux allows you to open a terminal connection as well), dial up the number you found and see what you get. You may have to play around with the parity settings, but if you search long enough, you're bound to find a machine that's wide open. And I mean exactly that…many people don't even password protect their dial ups. Why? Because they're safe as long as they're not on the internet…right? Wrong. In fact a gentleman on the west coast, his name slips me at the moment, was able to find hundreds of open computers by using a wardialer. You can too, and who knows where they may lead. Of course, as with any open system caution must be used. If you don't recognize an operating system, it's probably best if you didn't play with it. You never know what you might accidentally do. Granted they shouldn't have had it wide open, but I think you know who they'll come for. I realize this is by far the most technical article out there, but its message is an important one. Dial ups do exist in today's world, and the fact that so few people are aware of this is the reason why many feel safe leaving them wide open. Well, now you know. Not everything is done on the internet. PAGE 4 -->9. CLOSING ARGUMENTS Wow. That's really the only word I can use to describe what a month this has been. No, actually that's the only word to describe this entire year so far. From starting up our new digest, Equal Access, to changing the course of my entire life…this has been a month I will never forget. And for once, everything seems to have worked out in the end. Well, I suppose in reality not everything can work out. We just have to hope that we can get as close as we can. Equal Access, Hackermind Productions' first ever printed magazine has been released and already has numerous subscribers, all learning the inner workings of the phone network and joining the rest of the phreaks already out there. For more information, you can visit www.hackermind.net and simply click on the "Equal Access" link. The magazine is already a success, thanks to reader support. With some people committing themselves to the magazine for years to come, it's clear that Equal Access has become the newest addition to the growing Hackermind world. We hope you enjoy it. Never one to turn an ezine into an advertisement, I'll move on. Although I do so with a warning, the following material is very personal and brings out a lot of emotion in me. You've been warned. Since the beginning of both Frequency and Hackermind you've undoubtedly heard me complain about my school, Southern Connecticut State University. Dozens, if not hundreds of times I've whined about how horrible it was. Thankfully many of you were supportive, and offered your condolences as well as your understanding. Recently I reached a decision. It was time to leave the school I hated so much, and pursue a new avenue in my life. One that will better fit my needs and experiences. I have chosen to leave SCSU behind and begin an 18 month course at Porter and Chester technical school, where I will be placed into a job making no less than 30-40,000 a year. The choice, as so many of you already know, was anything but easy. You find yourself torn between the need to have closure, and the desire to go for what you really want. For a while I refused to leave Southern, no matter how much I despised everything about it, and few people understood my reasoning. If there were only one reason why I was reluctant, I would say it was because I don't like loose ends…never have, never will. The idea of going through so much at the school…only to leave it all behind and move on to something else, is extremely difficult for me to grasp. A part of me cries out, demanding that I go back and graduate…if only to let my parents and loved ones see that I did it. To see that I graduated from a university. And yet now, for the time being anyway, that won't happen. All is not lost however, far from it. On the upside of all this, I'm going to a school that excites me, and one that I'm actually looking forward to. I'll be learning computers (albeit many things I, and most hackers, already know) and getting the skills to be a professional. Or if that doesn't sit well, I'll be getting a sheet of paper that says I possess those skills. For the first time in my life I finally feel as though I'm on the right track. I feel as though I've made the right decision, and it was a decision I should have made long ago. But no regrets. Regrets, for the most part, are for people who can't see the big picture. I can, and from what I can see Southern will always be a part of my journey through life. It will remind me that sometimes, no matter how much you want to finish something, you have to let it go and find your true path. I've done that, and as with anything else, I had to choose one path over the other. My decision has been made, and in the end I think it was the right one. Not everything is perfect, but it's as close as it's going to be. To all my friends at Southern, I'll miss you. I wish you the best of luck, and hope you give that school nothing but the absolute hell it deserves. There's too many of you to list, but even if your name isn't printed here you'll be remembered. So to Derek, Mike, Narcy, Jen, Pete, Jim, Maria, Amy, Bryant, and of course my orientation buddy Joe, I hope you all succeed and make your dreams come true. I'm sure we'll meet again somewhere down the line, but until then, thanks for making Southern a little less painful. And with that, I bid you all a farewell. We'll see you in Freq19, and until then, keep finding the path. -screamer 10. CROSSTALK > Frequency, I noticed you were nearing your 20th issue. Any special plans for it, or will it just be an issue like any other? If I may suggest something, why not a "top ten" list of articles? You could have readers vote for their favorite articles from past issues in Freq19, and then put the results in Freq20! -Anonymous REPLY> At this time we have no special plans in store for Freq20, after all 100 is a much more monumental number. Still, your idea for a top ten is intriguing, so let's take this opportunity to find out what the readers think. Do you want to see a top ten list? It sounds like a good idea to me, but your opinions are what count. > Frequency, I think you've really captured the hacker spirit, never have I seen a publication that quite understood exactly how hackers view the world like yours does. You show people that hackers are not merely computer engineers, but artists, poets, and downright good natured people looking to journey through the digital worlds that surround us all. I love the subtle mix of commentary and information, it's the perfect combination of innocent fun and hardcore activism. Keep up the great work guys, you're helping the hacker community in a big way. REPLY> Thanks for the kind words. We've always strived to capture that feeling that hackers possess, the desire to go new places and do new things from the comfort of their own home. To get corny for a moment, it's an almost magical feeling to know that you can do so much with a computer, phone, or radio. And for a lot of people, it's a great stress reliever as well. The world can be a rough place, but when you're at a computer you're in control. According to what you've said we've accomplished our goal, and will continue to do so to the best of our ability. You mentioned that we are both "innocent" and "hardcore," and I have to admit that I understand what you're saying completely. This too doesn't go unnoticed. Sometimes the ezine has a more light hearted feel, focusing on the fun of being a hacker, while other times it's much more serious. But this, like all aspects of life, is just the way it goes. Sometimes we can sit back and have fun, other times we have to let our voices be heard. In the end, its your voices that make the difference, and make this ezine what it is. >Frequency, All I hear you saying is how hackers do so many great things for the world, and yet where are the results? When was the last time you saw a hacker do one good thing for humanity? Never! The only things hackers do are show off, and then hide behind a veil of lies that are meant to inspire the rebellious attitude in youngsters. By telling these kids that being a hacker is cool, and a good thing to do, you're putting them in prison yourselves. And the opinions in your magazine are preposterous, most of which are written by preteens that won't understand how the world worked for at least ten years. Instead of spouting off about the wrongs of the world and pissing and moaning for things to get better, how about you tell kids to get off their computers, go to school, and make a difference in the world? If I wrote an article about how stupid hackers were, and how much of a waste of time they are, would you print that? I seriously doubt it, which is ironic considering this mag claims to print everything. REPLY> We printed your comments didn't we? So yes, if you wrote an article that described your hatred of hackers, and it was well written and informative, yes it would get printed. Now, onto the rest of your comments. I won't waste readers time explaining what hackers have done for the world, because we've already mentioned the changes that have been brought about because of them (improved phone service, personal computers, open source operating systems, etc). Show off and try to inspire youngsters…you've never shown off before I presume. Never shown someone how good you were at something? Wow, you're better than a lot of people. As for inspiring youngsters, if you think youngsters need inspiration you're mistaken. Youngsters are looking for a place to express themselves, and that's why we're here. Our readers opinions are preposterous…this to me sounds like the words of a very shallow thinker. Do you presume to have all the answers? Finally, no one in this ezine has ever said that school should be dismissed, or been encouraged to not help the world. On the contrary, we've always told people that they CAN make a difference. You may see this as pissing and moaning, but others see it as a way of getting results. > Frequency, What should I do to start my own ezine? REPLY> Ideally, all you need is the desire and inspiration to do so. Realistically, you need the time and resources, especially if you want to create a hacker ezine. It won't be easy, and will consume most of your time, but if you want to do it badly enough you should give it a shot. The great thing about being a hacker is that you can experiment for no other reason than to see what happens, so I say go for it. But be sure to make it unlike anything anyone has ever seen before. There are lots of hacker zines dedicated to giving out information, so what you need to do is find something original. For Frequency, that originality came in the form of editorials. We chose to focus primarily on what people were thinking, and it evolved from there. Decide how you want to make your ezine, and then give it your best shot. Just remember, you'll need lots of time…the Hackermind crew hosts a show, makes this ezine, and publishes a quarterly digest, and that consumes virtually all their time. Good luck. 11. CREW Editor-in-Chief - Screamer Chaotix Webmaster - Dash Interrupt Network Administrator - Da Peng NT Specialist - Unreal Writers - Cold Sunn, Access Excess, Unreal, Bilal, JayX, Sad Is Tic Cover Layout/Design - Dash Interrupt Cover Concept - Screamer Chaotix Shout Outs - Friends at Southern, John Ardell, The Screen Savers, Kevin Mitnick, Emmanuel Goldstein, Buzzy WRITE FOR FREQUENCY! Send article submissions to articles@hackermind.net TUNE INTO HACKERMIND EVERY THURSDAY AT 10PM ET, VISIT WWW.HACKERMIND.NET FOR DETAILS. SUBSCRIBE TO EQUAL ACCESS!, THE DIGEST OF THE MODERN PHONE PHREAK, AT WWW.HACKERMIND.NET "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -Benjamin Franklin "There are only two things that are infinite, the universe and human stupidity…and I'm not so sure about the former." -Albert Einstein "Yes, women." -Professor Stephen Hawking, known as the world's smartest man, after being asked if there was anything about the universe he didn't understand. "Wars are won in temples, long before they are fought." -Sun Tzu "The Art of War" W W W . H A C K E R M I N D . N E T