alt-2600-hack-faq.txt

           


                                 The

                        alt.2600/#Hack F.A.Q.

                          Beta Revision .013

                   A TNO Communications Production

                                 by
                               Voyager
                         will@gnu.ai.mit.edu

                              Sysop of
                           Hacker's Haven
                           (303)343-4053


                          Greets go out to:

        A-Flat, Al, Aleph1, Bluesman, Cavalier, Cruiser, Cybin, C-Curve,
        DeadKat, Disorder, Edison, Frosty, Glen Roberts, Hobbit,
        Holistic Hacker, KCrow, Major, Marauder, Novocain, Outsider,
        Per1com, Presence, Rogue Agent, Route, sbin, Taran King, Theora,
        ThePublic, Tomes, and TheSaint.



           We work in the dark
           We do what we can
           We give what we have
           Our doubt is our passion, and our passion is our task
           The rest is the madness of art.

                     -- Henry James


           When I picture a perfect reader, I always picture a
           monster of courage and curiosity, also something
           supple, cunning, cautious, a born adventurer and
           discoverer...

                     -- Friedreich Nietzsche





Section A: Computers

  01. How do I access the password file under Unix?
  02. How do I crack Unix passwords?
  03. What is password shadowing?
  04. Where can I find the password file if it's shadowed?
  05. What is NIS/yp?
  06. What are those weird characters after the comma in my passwd file?
  07. How do I access the password file under VMS?
  08. How do I crack VMS passwords?
  09. What can be logged on a VMS system?
  10. What privileges are available on a VMS system?
  11. How do I break out of a restricted shell?
  12. How do I gain root from a suid script or program?
  13. How do I erase my presence from the system logs?
U 14. How do I send fakemail?
  15. How do I fake posts and control messages to UseNet?
  16. How do I hack ChanOp on IRC?
U 17. How do I modify the IRC client to hide my real username?
  18. How to I change to directories with strange characters in them?
U 19. What is ethernet sniffing?
  20. What is an Internet Outdial?
  21. What are some Internet Outdials?
U 22. What is this system?
U 23. What are the default accounts for XXX ?
  24. What port is XXX on?
  25. What is a trojan/worm/virus/logic bomb?
  26. How can I protect myself from viruses and such?
  27. Where can I get more information about viruses?
  28. What is Cryptoxxxxxxx?
  29. What is PGP?
  30. What is Tempest?
  31. What is an anonymous remailer?
U 32. What are the addresses of some anonymous remailers?
  33. How do I defeat copy protection?
  34. What is 127.0.0.1?
  35. How do I post to a moderated newsgroup?
U 36. How do I post to Usenet via e-mail?
  37. How do I defeat a BIOS password?
N 38. What is the password for <encrypted file>?
N 39. Is there any hope of a decompiler that would convert an executable
      program into C/C++ code?
N 40. How does the MS-Windows password encryption work?

Section B: Telephony

U 01. What is a Red Box?
  02. How do I build a Red Box?
  03. Where can I get a 6.5536Mhz crystal?
  04. Which payphones will a Red Box work on?
  05. How do I make local calls with a Red Box?
  06. What is a Blue Box?
  07. Do Blue Boxes still work?
  08. What is a Black Box?
  09. What do all the colored boxes do?
  10. What is an ANAC number?
U 11. What is the ANAC number for my area?
  12. What is a ringback number?
U 13. What is the ringback number for my area?
  14. What is a loop?
U 15. What is a loop in my area?
U 16. What is a CNA number?
  17. What is the telephone company CNA number for my area?
U 18. What are some numbers that always ring busy?
U 19. What are some numbers that temporarily disconnect phone service?
U 20. What is a Proctor Test Set?
U 21. What is a Proctor Test Set in my area?
  22. What is scanning?
  23. Is scanning illegal?
U 24. Where can I purchase a lineman's handset?
  25. What are the DTMF frequencies?
  26. What are the frequencies of the telephone tones?
U 27. What are all of the * (LASS) codes?
  28. What frequencies do cordless phones operate on?
  29. What is Caller-ID?
  30. How do I block Caller-ID?
  31. What is a PBX?
  32. What is a VMB?
  33. What are the ABCD tones for?
N 34. What are the International Direct Numbers?

Section C: Cellular

N 01. What is an MTSO?
N 02. What is a NAM?
N 03. What is an ESN?
N 04. What is an MIN?
N 05. What is a SCN?
N 06. What is a SIDH?
N 07. What are the forward/reverse channels?

Section D: Resources

  01. What are some ftp sites of interest to hackers?
  02. What are some fsp sites of interest to hackers?
U 03. What are some newsgroups of interest to hackers?
U 04. What are some telnet sites of interest to hackers?
U 05. What are some gopher sites of interest to hackers?
U 06. What are some World wide Web (WWW) sites of interest to hackers?
  07. What are some IRC channels of interest to hackers?
U 08. What are some BBS's of interest to hackers?
U 09. What are some books of interest to hackers?
U 10. What are some videos of interest to hackers?
U 11. What are some mailing lists of interest to hackers?
U 12. What are some print magazines of interest to hackers?
U 13. What are some e-zines of interest to hackers?
U 14. What are some organizations of interest to hackers?
U 15. What are some radio programs of interest to hackers?
N 16. What are other FAQ's of interest to hackers?
  17. Where can I purchase a magnetic stripe encoder/decoder?
  18. What are the rainbow books and how can I get them?


Section E: 2600

  01. What is alt.2600?
  02. What does "2600" mean?
  03. Are there on-line versions of 2600 available?
  04. I can't find 2600 at any bookstores.  What can I do?
  05. Why does 2600 cost more to subscribe to than to buy at a newsstand?


Section F: Miscellaneous

  01. What does XXX stand for?
  02. How do I determine if I have a valid credit card number?
U 03. What is the layout of data on magnetic stripe cards?
  04. What are the ethics of hacking?
  05. Where can I get a copy of the alt.2600/#hack FAQ?



U == Updated since last release of the alt.2600/#hack FAQ
N == New since last release of the alt.2600/#hack FAQ




Section A: Computers
~~~~~~~~~~~~~~~~~~~~

01. How do I access the password file under Unix?

In standard Unix the password file is /etc/passwd.  On a Unix system
with either NIS/yp or password shadowing, much of the password data may
be elsewhere.  An entry in the password file consists of seven colon
delimited fields:

Username
Encrypted password (And optional password aging data)
User number
Group Number
GECOS Information
Home directory
Shell

]
] Sample entry from /etc/passwd:
]
] will:5fg63fhD3d5gh:9406:12:Will Spencer:/home/fsg/will:/bin/bash
]

Broken down, this passwd file line shows:

          Username: will
Encrypted password: 5fg63fhD3d5gh
       User number: 9406
      Group Number: 12
 GECOS Information: Will Spencer
    Home directory: /home/fsg/will
             Shell: /bin/bash


02. How do I crack Unix passwords?

Contrary to popular belief, Unix passwords cannot be decrypted.  Unix
passwords are encrypted with a one way function.  The login program
encrypts the text you enter at the "password:" prompt and compares
that encrypted string against the encrypted form of your password.

Password cracking software uses wordlists.  Each word in the wordlist
is encrypted and the results are compared to the encrypted form of the
target password.

The best cracking program for Unix passwords is currently Crack by
Alec Muffett.  For PC-DOS, the best package to use is currently
CrackerJack.  CrackerJack is available via ftp from clark.net
/pub/jcase/.


03. What is password shadowing?

Password shadowing is a security system where the encrypted password
field of /etc/passwd is replaced with a special token and the
encrypted password is stored in a separate file which is not readable
by normal system users.

To defeat password shadowing on many (but not all) systems, write a
program that uses successive calls to getpwent() to obtain the
password file.

Example:

#include <pwd.h>
main()
{
struct passwd *p;
while(p=getpwent())
printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
}


04. Where can I find the password file if it's shadowed?

Unix                  Path                            Token
-----------------------------------------------------------------
AIX 3                 /etc/security/passwd            !
       or             /tcb/auth/files/<first letter   #
                            of username>/<username>
A/UX 3.0s             /tcb/files/auth/?/*
BSD4.3-Reno           /etc/master.passwd              *
ConvexOS 10           /etc/shadpw                     *
ConvexOS 11           /etc/shadow                     *
DG/UX                 /etc/tcb/aa/user/               *
EP/IX                 /etc/shadow                     x
HP-UX                 /.secure/etc/passwd             *
IRIX 5                /etc/shadow                     x
Linux 1.1             /etc/shadow                     *
OSF/1                 /etc/passwd[.dir|.pag]          *
SCO Unix #.2.x        /tcb/auth/files/<first letter   *
                            of username>/<username>
SunOS4.1+c2           /etc/security/passwd.adjunct    ##username
SunOS 5.0             /etc/shadow
                      <optional NIS+ private secure maps/tables/whatever>
System V Release 4.0  /etc/shadow                     x
System V Release 4.2  /etc/security/* database
Ultrix 4              /etc/auth[.dir|.pag]            *
UNICOS                /etc/udb       ...