___________________________________________________________

GUIDE TO (mostly) HARMLESS HACKING

Vol. 3 No. 5

The Dread GTMHH on Cracking
____________________________________________________________

Nowadays if you ask just about anyone what a hacker is, he or she will tell
you "a person who breaks into computers." 

That is partly on account of news stories which make it seem like the only
thing a hacker does is commit computer crime. But there also is some truth
to the public view. An obsession with breaking into computers has swept the
hacker world. In fact, lots of hackers make fun of the kinds of stuff I
think is fun: forging email and Usenet posts and programming Easter eggs
into commercial software and creating Win 95 bootup screens that say "Bill
Gates' mother wears army boots."

But since everyone and his brother has been emailing me pleading for
instructions on how to break into computers, here it is. The dread GTMHH on
Cracking. Yes, you, too, can become a genuine computer cracker and make
everyone quake in his or her boots or slippers or whatever footgear they are
wearing lately.

"But, but," you say. "This list is for *legal* hacking. Sez right here in
the welcome message you sent me when I signed up." 

Welcome to reality, Bub. Hackers fib sometimes.

************************************************
You can go to jail warning: Almost everywhere on the planet, breaking into a
computer is illegal. The only exceptions are breaking into your own
computer, or breaking into a computer whose owner has given you permission
to try to break in. It doesn't matter if you are just quietly sneaking
around doing no harm. It doesn't matter if you make some stranger's computer
better. You're still in trouble if you break in without permission.
************************************************ 

Honestly, this Guide really *is* about harmless hacking. You don't have to
commit a crime to crack into a computer. From time to time hardy souls offer
up their computers for their friends, or sometimes even the entire world, as
targets for cracking. If you have permission from the owner of a computer,
it is most definitely legal to break into it. 

In fact, here's a really fun computer that you have permission to break
into. Damien Sorder invites you to break into his Internet host computer
obscure.sekurity.org.

But how do you know whether this or any other announcement of a cracker
welcome mat is legitimate? How do you know I'm not just playing a mean old
trick on Damien by sending out an invitation to break into his box to the
5,000 crazed readers of the Happy Hacker list? 

Here's a good way to check the validity of offers to let anyone try to break
into a computer. Get the domain name of the target computer, in this case
obscure.sekurity.org. Then add "root@" to the domain name, for example
root@obscure.sekurity.org. Email the owner of that computer. Ask him if I
was fibbing about his offer. If he says I made it up, tell him he's just
chicken, that if he was a real hacker he'd be happy to have thousands of
clueless newbies running Satan against his box. Just kidding:)

Actually, in this case you may email info@sekurity.org for more details on
Damien's offer to let one and all try to crack his box. Also, please be good
guys and attack off hours (Mountain Daylight Savings Time, US) so he can use
obscure.sekurity.org for other stuff during the day. 

Also, Damien requests "If you (or anyone) want to try to hack obscure,
please mail root@sekurity.org and mention that you are doing it, and what
domain you are coming from. That way I can distinguish between legit and
real attacks."

We all owe you thanks, Damien, for providing a legal target for the readers
of this GTMHH to test their cracking skills. 

So let's assume that you have chosen a legitimate target computer to try to
break into. What? Some guys say it's too hard to break into a fortified box
like obscure.sekurity.org? They say it's more fun to break into a computer
when they're breaking the law? They say to be a Real Hacker you must run
around trashing the boxes of the cringing masses of Internet hosts? Haw,
haw, sendmail 4.0! What lusers, they say. They sure taught those sendmail
4.0 dudes a lesson, right?

I say that those crackers who go searching for vulnerable computers and
breaking into them are like Lounge Lizard Larry going into a bar and picking
up the drunkest, ugliest gal (or guy) in the place. Yeah, we all are sure
impressed. 

If you want to be a truly elite cracker, however, you will limit your forays
to computers whose owners consent to your explorations. This can --
should!-- include your own computer. 

So with this in mind -- that you want more from life than to be the Lounge
Lizard Larry of the hacker world -- here are some basics of breaking into
computers.

There are an amazing number of ways to break into computers.

The simplest is to social engineer your way in. This generally involves
lying. Here's an example.

*********************************************
From: Oracle Service Humour List <oracle-list-return-@synapse.net>
 Subject: HUM: AOL Hacker Turnaround (***)
 
Read Newfpyr's  masterful turning of the tables on a hacker...
Certainly one of the best Absurd IMs we've EVER received! Newfpyr's comments
are in brackets throughout.
 
Zabu451: Hello from America Online! I'm sorry to inform you that there has
been an error in the I/O section of your account database, and this server's
password information has been temporarily destroyed. We need you, the AOL
user, to hit reply and type in your password. Thank you for your
help.

Newfpyr: Hello! This is Server Manager #563. I'm sorry to hear that your
server has lost the password info. I mean, this has been happening too much
lately. We have developed some solutions to this problem. Have you got the
mail sent out to all server managers?

Zabu451: no

NewfPyr: Really? Ouch. There's been some problems with the server mailer
lately. Oh, well. Here's a solution to this problem: try connecting your
backup database to your main I/O port, then accessing the system restart.

Zabu451: no i still need passwords
 
NewfPyr: I see. Do you want me to send you the list of all the passwords of
all the screen names of your server?

Zabu451: ya i want that
 
NewfPyr: Let me get the server manager to send it...

NewfPyr: He says I need your server manager password. Could you please type
it in?

Zabu451: i dont have one

NewfPyr: What do you mean? That's the first thing every manager gets!

 Zabu451: it got deleted
 
NewfPyr: Wow! You must be having a lot of trouble. Let me find out what
server you're using...

[Note: I checked his profile. It said he was from Springfield, Mass.]

NewfPyr: Okay, your number has been tracked to an area in Springfield, Mass.

Zabu451: how did u know?!!!?!?!!?!?!?!?!??!!
 
NewfPyr:  I used Server Tracker 5.0 . Don't you have it?
 
Zabu451: do you know my address!?!?!?!!?!?
 
NewfPyr: Of course not.
 
Zabu451: good
 
NewfPyr: I only know the number you're calling AOL from, which is from your
server, right?

Zabu451: yes

NewfPyr: Good. Okay, now that we have your number, we have your address, and
we are sending a repair team over there.

Zabu451: nonononono dont stop them now

NewfPyr: Why? Isn't your server down?

Zabu451: nonono its working now

NewfPyr: They're still coming, just in case.

Zabu451: STOP THEM NOW

NewfPyr:  I can't break AOL Policy.

Zabu451: POEPLE ARE COMING TO MY HOUSE?!?!?!?!??

NewfPyr: No! To your server. You know, where you're calling AOL from.

Zabu451: im calling from my house

NewfPyr: But you said you where calling from the server!

Zabu451:  i lied im not reely a server guy

NewfPyr:  But you said you were!

Zabu451:  i lied i trying to get passwords please make them stop
NewfPyr:  Okay. The repair team isn't coming anymore.
 
Zabu451:  good
 
NewfPyr:  But a team of FBI agents is.

Zabu451: NONONONO
Zabu451: im sorry
Zabu451: ill never do it again please make them not come
Zabu451: PLEASE IL STOP ASKING FOR PASSWORDS FOREVER PLEASE MAKE THEM STOP!!

NewfPyr: I'm sorry, I can't do that. They should be at your house in 5 minutes.

Zabu451: IM SORRY IL DO ANYTHING PLEASE I DONT WANT THEM TO HURT ME
Zabu451: PLEASE
Zabu451: PLEEEEEEEEEEEEEEAAAAAAAAASSSSSSSSE

NewfPyr: They won't hurt you! You'll probably only spend a year of prison.

Zabu451: no IM ONLY A KID

NewfPyr: You are? That makes it different. You won't go to prison for a year.

Zabu451:  i thout so

NewfPyr: You'll go for two years.

Zabu451:  No! IM SORRY
Zabu451:  PLEASE MAKE THEM STOP
Zabu451:  PLEASE

[I thought this was enough. He was probably wetting his pants.]

NewfPyr: Since this was a first time offense, I think I can drop charges.

Zabu451: yea
Zabu451: thankyouthankyouthankyou

NewfPyr: The FBI agents have been withdrawn. If you ever do it again, we'll
bump you off.

Zabu451:  i wont im sorry goodbye

[He promptly signed off.]

One of the RARE RARE occasions that we've actually felt sorry for the
hacker. SEVENTY FIVE TOKENS to you, NewfPyr! We're STILL laughing - thanks a
lot!

				Submitted by: Fran C. M. T. @ aol.com

(Want more of this humor in a jugular vein? Check out
http://www.netforward.com/poboxes/?ablang)
*****************************************

Maybe you are too embarrassed to act like a typical AOL social engineering
hacker. OK, then maybe you are ready to try the Trojan Horse. This is a type
of attack wherein a program that appears to do something legitimate has been
altered to attack a computer. 

For example, on a Unix shell account you might put a Trojan in your home
directory named "ls." Then you tell tech support that there is something
funny going on in your home directory. If the tech support guy is
sufficiently clueless, he may go into you account while he has root
permission. He then gives the command "ls" to see what's there. According to
Damien Sorder, "This will only work depending
on his 'PATH' statement for his shell. If he searches '.' before '/bin',
then it will work. Else, it won't."

Presuming the sysadmin has been this careless, and if your Trojan is well
written, it will call the real ls program to display your file info -- while
also spawning a root shell for your very own use! 

***************************************************
Newbie note: if you can get into a root shell you can do anything --
ANYTHING -- to your victim computer. Alas, this means it is surprisingly
easy to screw up a Unix system while operating as root. A good systems
administrator will give him or herself root privileges only when absolutely
necessary to perform a task. Trojans are only one of the many reasons for
this caution. Before you invite your friends to hack your box, be prepared
for anything, and I mean ANYTHING, to get messed up even by the most
well-meaning of friends.
***************************************************

Another attack is to install a sniffer program on an Internet host and grab
passwords. What this means is any time you want to log into a computer from
another computer by using telnet, your password is at the mercy of any
sniffer program that may be installed on any computer through which your
password travels.

However, to set up a sniffer you must be root on the Unix box on which it is
installed. So this attack is clearly not for the beginner.

To get an idea of how many computers "see" your password when you telnet
into your remote account, give the command (on a Unix system) of "traceroute
my.computer" (it's "tracert" in Windows 95) where you substitute the name of
the computer you were planning to log in on for the "my.computer."

Sometimes you may discover that when you telnet from one computer to another
even within the city you live in, you may go through a dozen or more
computers! For example, when I trace a route from an Albuquerque AOL session
to my favorite Linux box in Albuquerque, I get:

C:\WINDOWS>tracert fubar.com

Tracing route to fubar.com [208.128.xx.61]
over a maximum of 30 hops:

  1   322 ms   328 ms   329 ms  ipt-q1.proxy.aol.com [152.163.205.95]
  2   467 ms   329 ms   329 ms  tot-ta-r5.proxy.aol.com [152.163.205.126]
  3   467 ms   323 ms   328 ms  f4-1.t60-4.Reston.t3.ans.net [207.25.134.69]
  4   467 ms   329 ms   493 ms  h10-1.t56-1.Washington-DC.t3.ans.net [140.223.57
.25]
  5   469 ms   382 ms   329 ms  140.222.56.70
  6   426 ms   548 ms   437 ms  core3.Memphis.mci.net [204.70.125.1]
  7   399 ms   448 ms   461 ms  core2-hssi-2.Houston.mci.net [204.70.1.169]
  8   400 ms   466 ms   512 ms  border7-fddi-0.Houston.mci.net [204.70.191.51]
  9   495 ms   493 ms   492 ms  american-comm-svc.Houston.mci.net [204.70.194.86
]
 10   522 ms   989 ms   490 ms  webdownlink.foobar.net [208.128.37.98]
 11   468 ms   493 ms   491 ms  208.128.xx.33
 12   551 ms   491 ms   492 ms  fubar.com [208.128.xx.61]

If someone were to put a sniffer on any computer on that route, they could
get my password! Now do you want to go telneting around from one of your
accounts to another?

A solution to this problem is to use Secure Shell. This is a program you can
download for free from http://escert.upc.es/others/ssh/. According to the
promotional literature, "Ssh (Secure Shell) is a program to log into another
computer over a network, to execute commands in a remote machine, and to
move files from one machine to another. It provides strong authentication
and secure communications over insecure channels."

If you want to get a password on a computer that you know is being accessed
remotely by people using Windows 3.X, and if it is using Trumpet Winsock,
and if you can get physical access to that Windows box, there is a super
easy way to uncover the password. You can find the details, which are so
easy they will blow your socks off, in the Bugtraq archives. Look for an
entry titled "Password problem in Trumpet Winsock." These archives are at
http://www.netspace.org/lsv-archive/bugtraq.html

Another way to break into a computer is to get the entire password file. Of
course the password file will be encrypted. But if your target computer
doesn't run a program to prevent people from picking easy passwords, it is
easy to decrypt many passwords.

But how do you get password files? A good systems administrator will hide
them well so even users on the machine that holds them can't easily obtain
the file.

The simplest way to get a password file is to steal a backup tape from your
victim. This is one reason that most computer breakins are committed by
insiders.

But often it is easy to get the entire password file of a LAN remotely from
across the Internet. Why should this be so? Think about what happens when
you log in. Even before the computer knows who you are, you must be able to
command it to compare your user name and password with its password file.

What the computer does is perform its encryption operation on the password
you enter and then compare it with the encrypted entries in the password
file. So the entire world must have access somehow to this encrypted
password file. You job as the would-be cracker is to figure out the name of
this file and then get your target computer to deliver this file to you.

A tutorial on how to do this, which was published in the ezine K.R.A.C.K
(produced by od^pheak <butler@tir.com>), follows. Comments in brackets have
been added to the K.R.A.C.K. text.

*********************************************
Strategy For Getting Root With a shadowed Passwd

step#1


anonymous ftp into the server get passwd

[This step will almost never work, but even the simplest attack may be worth
a try.]

step #2

	To defeat password shadowing on many (but not all) systems, write a program
that uses successive calls to getpwent() to obtain the password file.

Example:

#include <pwd.h>
main()
{
struct passwd *p;
while(p=3Dgetpwent())
printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name,
p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir,
p->pw_shell);
}

Or u can Look for the Unshadowed Backup.....

[The following list of likely places to find the unshadowed backup is
available from the "Hack FAQ" written by Voyager. It may be obtained from
http://
www-personal.engin.umich.edu/~jgotts/hack-faq]

Unix                            Path                    needed  Token
----------------------------------------------------------------------
AIX 3                       /etc/security/passwd                 !
       or                   /tcb/auth/files/<first letter        #
			    of username>/<username>
A/UX 3.0s                   /tcb/files/auth/?/                   *
BSD4.3-Reno                 /etc/master.passwd                   *
ConvexOS 10                 /etc/shadpw                          *
ConvexOS 11                 /etc/shadow                          *
DG/UX                       /etc/tcb/aa/user/                    *
EP/IX                       /etc/shadow                          x
HP-UX                       /.secure/etc/passwd                  *
IRIX 5                      /etc/shadow                          x
Linux 1.1                   /etc/shadow                          *
OSF/1                       /etc/passwd[.dir|.pag]               *
SCO Unix #.2.x              /tcb/auth/files/<first letter        *
			    of username>/<username>
SunOS4.1+c2                 /etc/security/passwd.adjunct         =
##username
SunOS 5.0                   /etc/shadow
			    <optional NIS+ private secure
			    maps/tables/whatever>
System V Release 4.0        /etc/shadow                          x
System V Release 4.2        /etc/security/* database
Ultrix 4                    /etc/auth[.dir|.pag]                 *
UNICOS                      /etc/udb   =20



Step #3

crack it

[See below for instructions on how to crack a password file.]

**************************************************

So let's say you have managed to get an encrypted password file. How do you
extract the passwords?

An example of one of the many programs that can crack poorly chosen
passwords is Unix Password Cracker by Scooter Corp. It is available at 
ftp://ftp.info.bishkek.su/UNIX/crack-2a/crack-2a.tgz
or http://iukr.bishkek.su/crack/index.html

A good tutorial on some of the issues of cracking Windows NT passwords may
be found at 
http://ntbugtraq.rc.on.ca/samfaq.htm

One password cracker for Windows NT is L0phtcrack v1.5. It is available for
FREE from http://www.L0pht.com (that's a ZERO after the 'L', not an 'o'). It
comes with source so you can build it on just about any platform. Authors
are mudge@l0pht.com and weld@l0pht.com.

Another Windows NT password cracker is Alec Muffett's
Crack 5.0 at         http://www.sun.rhbnc.ac.uk/~phac107/c50a-nt-0.10.tgz

Even if you crack some passwords, you will still need to correlate passwords
with user names. One way to do this is to get a list of users by fingering
your target computer. See the GTMHH Vol.1 No.1 for some ways to finger as
many users as possible on a system. The verify command in sendmail is
another way to get user names. A good systems administrator will turn off
both the finger daemon and the sendmail verify command to make it harder for
outsiders to break into their computers.

If finger and the verify commands are disabled, there is yet another way to
get user names. Oftentimes the part of a person's email that comes before
the "@" will also be a user name.

If password cracking doesn't work, there are many -- way too many -- other
ways to break into a computer. Following are some suggestions on how to
learn these techniques.

1. Learn as much as you can about the computer you have targeted. Find out
what operating system it runs; whether it is on a local area network; and
what programs it is running. Of special importance are the ports that are
open and the daemons running on them.

For example, if you can get physical access to the computer, you can always
get control of it one way or another. See the GTMHHs on Windows for many
examples. What this means, of course, is that if you have something on your
computer you absolutely, positively don't want anyone to read, you had
better encrypt it with RSA. Not PGP, RSA. Then you should hope no one
discovers a fast way to factor numbers (the mathematical Achilles Heel of
RSA and PGP). 

If you can't get physical access, your next best bet is if you are on the
same LAN. In fact, the vast majority of computer breakins are done by people
who are employees of the company that is running that LAN on which the
victim computer is attached. The most common mistake of computer security
professionals is to set up a firewall against the outside world while
leaving their LAN wide open to insider attack. 

Important note: if you have even one Windows 95 box on your LAN, you can't
even begin to pretend you have a secure network. That is in large part
because it will run in DOS mode, which allows any user to read, write and
delete files.

If the computer you have targeted is on the Internet, your next step would
be to determine how it is connected to the Internet. The most important
issue here is what TCP/IP ports are open and what daemons run on these ports.

***************************************************
Newbie note: TCP/IP ports are actually protocols used to direct data into
programs called "daemons" that run all the time an Internet host computer is
turned on and connected to the Net, waiting for incoming or outgoing data to
spur it into action. 

An example of a TCP/IP port is number 25, called SMTP (simple mail transport
protocol). An example of a daemon that can do interesting things when it
gets data under SMTP is sendmail. See the GTMHH on forging email for
examples of fun ways to play *legally* with port 25 on other people's computers.

For a complete list of commonly used TCP/IP ports, see RFC 1700. One place
you can look this up is http://ds2.internic.net/rfc/rfc1700.txt
****************************************************

2. Understand the operating system of the computer you plan to crack. Sure,
lots of people who are ignorant on operating systems break into computers by
using canned programs against pitifully vulnerable boxes. As one teen hacker
told me after returning from Def Con V, "Many of the guys there didn't even
know the 'cat' command!" 

Anyone can break into some computer somewhere if they have no pride or
ethics. We assume you are better than that. If the breakin is so easy you
can do it without having a clue what the command "cat" is, you aren't a
hacker. You're just a computer vandal.

3. Study the ways other people have broken into a computer with that
operating system and software. The best archives of breakin techniques for
Unix are Bugtraq http://www.netspace.org/lsv-archive/bugtraq.html. For
Windows NT, check out http://ntbugtraq.rc.on.ca/index.html.

A cheap and easy partial shortcut to this arduous learning process is to run
a program that scans the ports of your target computer, finds out what
daemons are running on each port, and then tells you whether there are
breakin techniques known to exist for those daemons. Satan is a good one,
and absolutely free. You can download it from
ftp://ftp.fc.net/pub/defcon/SATAN/ or a bazillion other hacker ftp sites. 

Another great port scanner is Internet Security Scanner. It is offered by
Internet Security Systems of Norcross, Georgia USA, 1-800-776-2362. This
tool costs lots of money, but is the security scanner of choice of the
people who want to keep hackers out. You can reach ISS at http://www.iss.net/.

Internet Security Systems also offers some freebie programs. The "Localhost"
Internet Scanner SAFEsuite is set to only run a security scan on the Unix
computer on which it is installed (hack your on box!) You can get it from
http://www.blanket.com/iss.html. You can get a free beta copy of their
scanner for Win NT at http://www.iss.net/about/whatsnew.html#RS_NT.

In theory ISS programs are set so you can only use them at most to probe
computer networks that you own. However, a few months ago I got a credible
report that a giant company that uses ISS to test its boxes on the Internet
backbone accidentally shut down an ISP in El Paso with an ISS automated syn
flood attack. 

If you want to get a port scanner from a quiet little place, try out
http://204.188.52.99. This offers the Asmodeus Network Security Scanner for
Windows NT 4.0.

In most places it is legal to scan the ports of other people's computers.
Nevertheless, if you run Satan or any other port scanning tool against
computers that you don't have permission to break into, you may get kicked
off of your ISP. 

For example, recently an Irish hacker was running "security audits" of the
Emerald Island's ISPs. He was probably doing this in all sincerity. He
emailed each of his targets a list of the vulnerabilities he found. But when
this freelance security auditor probed the ISP owned by one of my friends,
he got that hacker kicked off his ISP.

"But why give him a hard time for just doing security scans? He may have
woken up an administrator or two," I asked my friend. 

"For the same reason they scramble an F-16 for a bogie," he replied.

The way I get around the problem of getting people mad from port scanning is
to do it by hand using a telnet program. Many of the GTMHHs show examples of
port scanning by hand. This has the advantage that most systems
administrators assume you are merely curious. 

However, some have a daemon set up so that every time you scan even one port
of their boxes, it automatically sends an email to the systems administrator
of the ISP you use complaining that you tried to break in -- and another
email to you telling you to turn yourself in! 

The solution to this is to use IP spoofing. But since I'm sure you are only
going to try to break into computers where you have permission to do so, you
don't need to know how to spoof your IP address.

******************************************************
You may laugh yourself silly warning: If you port scan by hand against
obscure.sekurity.org, you may run into some hilarious daemons installed on
weird high port numbers.
******************************************************

4. Now that you know what vulnerable programs are running on your target
computer, next you need to decide what program you use to break in.

But aren't hackers brilliant geniuses that discover new ways to break into
computers? Yes, some are. But the average hacker relies on programs other
hackers have written to do their deeds. That's why, in the book Takedown,
some hacker (maybe Kevin Mitnick, maybe not) broke into Tsutomu Shimomura's
computer to steal a program to turn a Nokia cell phone into a scanner that
could eavesdrop on other people's cell phone calls.

This is where those zillions of hacker web pages come into play. Do a web
search for "hacker" and "haxor" and "h4ck3r" etc. You can spend months
downloading all those programs with promising names like "IP spoofer."

Unfortunately, you may be in for an ugly surprise or two. This may come as a
total shock to you, but some of the people who write programs that are used
to break into computers are not exactly Eagle Scouts. 

For example, the other day a fellow who shall remain nameless wrote to me "I
discovered a person has been looting my www dir, where I upload stuff for
friends so I am gonna leave a nice little surprise for him in a very cool
looking program ;)  (if you know what I mean)"

But let's say you download a program that promises to exploit that security
hole you just found with a Satan scan. Let's say you aren't going to destroy
all your files from some nice little surprise. Your next task may be to get
this exploit program to compile and run.

Most computer breakin programs run on Unix. And there are many different
flavors of Unix. For each flavor of Unix you can mix or match several
different shells. (If none of this makes sense to you, see the GTMHHs on how
to get a good shell account.) The problem is that a program written to run
in, for example, the csh shell on Solaris Unix may not run from the bash
shell on Slackware Linux or the tcsh shell on Irix, etc. 

It is also possible that the guy who wrote that breakin program may have a
conscience. He or she may have figured that most people would want to use it
maliciously. So they made a few little teeny weeny changes to the program,
for example commenting out some lines.  So Mr./Ms. Tender Conscience can
feel that only people who know how to program will be able to use that
exploit software. And as we all know, computer programmers would never, ever
do something mean and horrible to someone else's computer.

So this brings us to the next thing you should know in order to break into
computers.

5. Learn how to program! Even if you use other peoples' exploit programs,
you may need to tweak a thing or two to get them to run. The two most common
languages for exploit programs are probably C (or C++) and Perl.

********************************************
Newbie note: If you can't get that program you just downloaded to run, it
may be that it is designed to run on the Unix operating system, but you are
running Windows. A good tip off that this may be your problem is a file name
that ends with ".gz".
********************************************

So, does all this mean that breaking into computers is really, really hard?
Does all this mean that if you break into someone's computer you have proven
your digital manhood (or womanhood)?

No. Some computers are ridiculously easy to break into. But if you break
into a poorly defended computer run by dunces, all you have proven is that
you lack good taste and like to get into really stupid kinds of trouble.
However, if you manage to break into a computer that is well managed, and
that you have permission to test, you are on your way to a high paying
career in computer security.

Remember this!  If you get busted for breaking into a computer, you are in
trouble big time. Even if you say you did no harm. Even if you say you made
the computer better while you were prowling around in it. And your chances
of becoming a computer security professional drop almost to zero. And -- do
you have any idea of how expensive lawyers are?

I haven't even hinted in this tutorial at how to keep from getting caught.
It is at least as hard to cover your tracks as it is to break into a
computer. So if you had to read this to learn how to break into computers,
you are going to wind up in a world of hurt if you use this to trespass in
other people's computers.

So, which way do you plan to go? To be known as a good guy, making tons of
money, and having all the hacker fun you can imagine?

Or are you going to slink around in the dark, compulsively breaking into
strangers'' computers, poor, afraid, angry? Busted? Staring at astronomical
legal bills?

If you like the rich and happy alternative, check out back issues of the
Happy Hacker Digests to see what computers are open to the public to try to
crack into. We'll also make new announcements as we discover them.

And don't forget to try to crack obscure.sekurity.org. No one has managed to
break it when attacking from the outside. I don't have a clue of how to get
inside it, either. You may have to discover a new exploit to breach its
defenses. 

But if you do, you will have experienced a thrill that is far greater than
breaking into some Lower Slobovian businessman's 386 box running Linux 2.0
with sendmail 4.whatever. Show some chivalry and please don't beat up on the
helpless, OK? And stay out of jail or we will all make fun of you when you
get caught.

Of course this Guide barely scrapes the surface of breaking into computers.
We haven't even touched on topics such as how to look for back doors that
other crackers may have hidden on your target computer, or keystroke
grabbers, or attacks through malicious code you may encounter while browsing
the Web. (Turn off Java on your browser! Never, ever use Internet Explorer.)
But maybe some of you ubergenius types reading this could help us out. Hope
to hear from you!
____________________________________________________________
Warning! Use this information at your own risk. Get busted for trying this
out on some Lower Slobovian businessman's computer and we will all make fun
of you, I promise! That goes double for Upper Slobovian boxes!!
Want to see back issues of Guide to (mostly) Harmless Hacking? See
http://goodweb.scol.net/hacker/index.html(the official Happy Hacker archive
site).
Subscribe to our discussion list by emailing to hacker@techbroker.com with
message "subscribe"
Want to share some kewl stuph with the Happy Hacker list? Correct mistakes?
Send your messages to list@techbroker.com.  To send me confidential email
(please, no discussions of illegal activities) use cmeinel@techbroker.com
and be sure to state in your message that you want me to keep this
confidential. If you wish your message posted anonymously, please say so!
Direct flames to dev/null@techbroker.com. Happy hacking!
_____________________________________________________
Copyright 1997 Carolyn P. Meinel. You may forward or post this GUIDE TO
(mostly) HARMLESS HACKING on your Web site as long as you leave this notice
at the end.
________________________________________________________
Carolyn Meinel
M/B Research -- The Technology Brokers
http://techbroker.com