neoguide.txt

 
------------------------------------------------------------------------------         
         %%%%%%%%%%%%%%%%%%%%%%%%%%%%-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
         %                                                        %
         %            THE NEOPHYTE'S GUIDE TO HACKING             %
         %            ===============================             %
         %                      1993 Edition                      %
         %                 Completed on 08/28/93                  %
         %           Modification 1.1 Done on 10/10/93            %
         %           Modification 1.2 Done on 10/23/93            %
         %                          by                            %
         %%                >>>>>  Deicide  <<<<<                 %%
         %%%                                                    %%%
         %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
                                                                   
     <   The author of this file grants permission to reproduce and   >
     <   redistribute this file in any way the reader sees fit,       >
     <   including the inclusion of this file in newsletters of any   >
     <   media, provided the file is kept whole and complete,         >
     <   without any modifications, deletions or ommissions.          >
     <   (c) 1993, Deicide                                            >

TABLE OF CONTENTS
=================

1. INTRODUCTION

2. ETHICS/SAFETY

3. WHERE TO START

4. PACKET-SWITCHED NETWORKS
    A. Intro to PSNs
    B. How packet-switching works
    C. The Internet
        1. Introduction
        2. Getting access
        3. FTP
    D. X.25 Networks
        1. NUAs
        2. PADs & NUIs
        3. CUGs
        4. SprintNet
        5. BT Tymnet
        6. Datapac
        7. DNIC List

5. SYSTEM PENETRATION
    A. Unix
    B. VMS
    C. MPE (HP3000 mainframes)
    D. VM/CMS
    E. Primos
    F. TOPS 10/20
    G. IRIS
    H. NOS
    I. DECServer
    J. GS/1
    K. XMUX
    L. Starmaster/PACX
    M. Access 2590
    N. PICK
    O. AOS/VS
    P. RSTS
    Q. WindowsNT
    R. Novell Netware
    S. System75/85
    T. AS400
    U. TSO

6. BRUTE FORCE
    A. Passwords
    B. Usernames
    C. Services

7. SOCIAL ENGINEERING

8. TRASHING

9. ACRONYMS

10. CONCLUSION
    A. Last words
    B. Recommended Reading
    C. BBSes
    D. References
    E. And finally..
    F. Disclaimer


INTRODUCTION:
============
------------

    Over four years ago the final version of the LOD/H's Novice's Guide to 
Hacking was created and distributed, and during the years since it has served 
as a much needed source of knowledge for the many hackers just beginning to
explore the wonders of system penetration and exploration.
    The guide was much needed by the throng of newbies who hadn't the 
slightest clue what a VAX was, but were eager to learn the arcane art of 
hacking. Many of today's greats and moderates alike relied the guide as a 
valuable reference during their tentative(or not) steps into the nets.
    However, time has taken it's toll on the silicon networks and the guide is
now a tad out of date. The basic manufacturer defaults are now usually secured
, and more operating systems have come on the scene to take a large chunk of 
the OS percentile. In over four years not one good attempt at a sequel has
been made, for reasons unbeknownst to me.
    So, I decided to take it upon myself to create my own guide to hacking..
the "Neophyte's Guide to Hacking" (hey..no laughing!) in the hopes that it 
might help others in furthering their explorations of the nets.
    This guide is modelled after the original, mainly due to the fact that the
original *was* good. New sections have been added, and old sections expanded
upon. However, this is in no means just an update, it is an entirely new guide
as you'll see by the difference in size. This guide turned out to be over 4 
times the size of The Mentor's guide. 
    Also, this guide is NOT an actual "sequel" to the original; it is not 
LOD/H sponsored or authorized or whatever, mainly because the LOD/H is now 
extinct. 
    One last thing.. this guide is in no way complete. There are many OS's I 
did not include, the main reasons being their rarity or my non-expertise with
them. All the major OS's are covered, but in future releases I wish to include
Wang, MVS, CICS, SimVTAM, Qinter, IMS, VOS, and many more. If you 
feel you could help, contact me by Internet email or on a board or net(if you
can find me). Same thing applies for further expansion of current topics and
operating systems, please contact me.
    Ok, a rather long intro, but fuck it.. enjoy as you wish..
        Deicide - deicide@west.darkside.com

ETHICS/SAFETY:
=============
-------------

    One of the most integral parts of a hacker's mindset is his set of ethics.
And ethics frequently go hand in hand with safety, which is obviously the most
critical part of the process of hacking and the system exploration, if you  
plan to spend your life outside of the gaol.
    A hacker's ethics are generally somewhat different from that of an average
joe. An average joe would be taught that it is bad to break laws, even though
most do anyways. I am encouraging you to break laws, but in the quest for 
knowledge. In my mind, if hacking is done with the right intentions it is not
all that criminal. The media likes to make us out to be psychotic sociopaths
bent on causing armageddon with our PCs. Not likely. I could probably turn the
tables on the fearmongering media by showing that the average joe who cheats
on his taxes is harming the system more than a curious interloper, but I 
refrain.. let them wallow..
    The one thing a hacker must never do is maliciously hack(also known 
as crash, trash, etc..) a system. Deleting and modifying files unnecessary is 
BAD. It serves no purpose but to send the sysadmins on a warhunt for your head
, and to take away your account. Lame. Don't do it.
    Anyways, if you don't understand all of these, just do your best to follow
them, and take my word for it. You'll understand the reasoning behind these
guidelines later.

I.    Don't ever maliciously hack a system. Do not delete or modify files
      unnecessarily, or intentionally slow down or crash a system.
      The lone exception to this rule is the modification of system logs and
      audit trails to hide your tracks. 

II.   Don't give your name or real phone number to ANYONE, it doesn't matter
      who they are. Some of the most famous phreaks have turned narcs because
      they've been busted, and they will turn you in if you give them a 
      chance. It's been said that one out of every three hackers is a fed, and
      while this is an exaggeration, use this as a rule and you should do 
      fine. Meet them on a loop, alliance, bbs, chat system, whatever, just
      don't give out your voice number.

III.  Stay away from government computers. You will find out very fast that
      attempting to hack a MilTac installation is next to impossible, and will
      get you arrested before you can say "oh shit". Big Brother has infinite
      resources to draw on, and has all the time it needs to hunt you down. 
      They will spend literally years tracking you down. As tempting as it may 
      be, don't rush into it, you'll regret it in the end. 

IV.   Don't use codes from your own home, ever! Period. This is the most 
      incredibly lame thing i've seen throughout my life in the 'underground'; 
      incredible abuse of codes, which has been the downfall of so many people. 
      Most PBX/950/800s have ANI, and using them will eventually get you 
      busted, without question. And calling cards are an even worse idea.
      Codes are a form of pseudo-phreaking which have nothing to do with the
      exploration of the telephone networks, which is what phreaking is about.
      If you are too lazy to field phreak or be inventive, then forget about 
      phreaking.

V.    Don't incriminate others, no matter how bad you hate them. Turning in 
      people over a dispute is a terrible way to solve things; kick their ass,
      shut off their phones/power/water, whatever, just don't bust them. 
      It will come back to you in the end..

VI.   Watch what you post. Don't post accounts or codes over open nets as a   
      rule. They will die within days, and you will lose your new treasure.
      And the posting of credit card numbers is indeed a criminal offense 
      under a law passed in the Reagan years.

VII.  Don't card items. This is actually a worse idea than using codes, the
      chances of getting busted are very high. 

VIII. If for some reason you have to use codes, use your own, and nothing 
      else. Never use a code you see on a board, because chances are it has
      been abused beyond belief and it is already being monitored. 

IX.   Feel free to ask questions, but keep them within reason. People won't
      always be willing to hand out rare accounts, and if this is the case 
      don't be surprised. Keep the questions technical as a rule. Try and 
      learn as much as you can from pure hands on experience

X.    And finally, be somewhat paranoid. Use PGP to encrypt your files, keep
      your notes/printouts stored secretly, whatever you can do to prolong 
      your stay in the h/p world.

XI.   If you get busted, don't tell the authorities ANYTHING. Refuse to speak
      to them without a lawyer present.

XII.  If police arrive at your residence to serve a search warrant, look it
      over carefully, it is your right. Know what they can and can't do, and
      if they can't do something, make sure they don't.

XIII. If at all possible, try not to hack off your own phoneline. Splice y...