Hacking-Hugo Cornwall-The Hacker's Handbook, Hacking and IT E-Book Dump Release
[ Pobierz całość w formacie PDF ]
Hacker's Handbook
Ok just a quick note, this is a very early version of the book and
was later banned. We've done our best in converting it to ASCII.
It's taken us some time to put it together because of the
reformatting, so I hope it's appreciated. We have kept to the
original page numbering for so that the index will be correct.
Compliments Electronic Images - Gizmo
Century Communications
- T H E -
- H A C K E R ' S -
- H A N D B O O K -
Copyright (c) Hugo Cornwall
All rights reserved
First published in Great Britain in 1985 by Century Communications Ltd
Portland House, 12-13 Greek Street, London W1V 5LE.
Reprinted 1985 (four times)
ISBN 0 7126 0650 5
Printed and bound in Great Britain by Billing & Sons Limited, Worcester.
CONTENTS
Introduction vii
First Principles
2 Computer-to-computer communications 7
3 Hackers' Equipment 15
4 Targets: What you can find on mainframes 30
5 Hackers' Intelligence 42
6 Hackers' Techniques 57
7 Networks 69
8 Viewdata systems 86
9 Radio computer data 99
10 Hacking: the future 108
file:///E|/Books/Hackers Handbook.htm (1 of 133) [11/28/2000 5:58:48 AM]
Hacker's Handbook
Appendices
I troubleshooting 112
II Glossary 117
III CCITT and related standards 130
IV Standard computer alphabets 132
V Modems 141
VI Radio Spectrum 144
VII Port-finder flow chart 148
INTRODUCTION
The word 'hacker' is used in two different but associated
ways: for some, a hacker is merely a computer enthusiast of any kind,
who loves working with the beasties for their own sake, as opposed to
operating them in order to enrich a company or research project --or
to play games.
This book uses the word in a more restricted sense: hacking is a
recreational and educational sport. It consists of attempting to make
unauthorised entry into computers and to explore what is there. The
sport's aims and purposes have been widely misunderstood; most
hackers are not interested in perpetrating massive frauds, modifying
their personal banking, taxation and employee records, or inducing
one world super-power into inadvertently commencing Armageddon in the
mistaken belief that another super-power is about to attack it. Every
hacker I have ever come across has been quite clear about where the
fun lies: it is in developing an understanding of a system and
finally producing the skills and tools to defeat it. In the vast
majority of cases, the process of 'getting in' is much more
satisfying than what is discovered in the protected computer files.
In this respect, the hacker is the direct descendant of the phone
phreaks of fifteen years ago. Phone phreaking became interesting as
intra-nation and international subscriber trunk dialling was
introduced, but when the London-based phreak finally chained his way
through to Hawaii, he usually had no one there to speak to except the
local weather service or American Express office, to confirm that the
desired target had indeed been hit. One of the earliest of the
present generation of hackers, Susan Headley, only 17 when she began
her exploits in California in 1977, chose as her target the local
phone company and, with the information extracted from her hacks, ran
all over the telephone network. She 'retired' four years later, when
friends started developing schemes to shut down part of the phone
system.
There is also a strong affinity with program copy-protection
crunchers. Most commercial software for micros is sold in a form to
prevent obvious casual copying, say by loading a cassette, cartridge
or disk into memory and then executing a 'save' on to a
** Page VII
file:///E|/Books/Hackers Handbook.htm (2 of 133) [11/28/2000 5:58:48 AM]
Hacker's Handbook
blank cassette or disk. Copy-protection devices vary greatly in
their methodology and sophistication and there are those who, without
any commercial motive, enjoy nothing so much as defeating them. Every
computer buff has met at least one cruncher with a vast store of
commercial programs, all of which have somehow had the protection
removed--and perhaps the main title subtly altered to show the
cruncher's technical skills--but which are then never actually used
at all.
Perhaps I should tell you what you can reasonably expect from this
handbook. Hacking is an activity like few others: it is semi-legal,
seldom encouraged, and in its full extent so vast that no individual
or group, short of an organisation like GCHQ or NSA, could hope to
grasp a fraction of the possibilities. So this is not one of those
books with titles like Games Programming with the 6502 where, if the
book is any good and if you are any good, you will emerge with some
mastery of the subject-matter. The aim of this book is merely to give
you some grasp of methodology, help you develop the appropriate
attitudes and skills, provide essential background and some
referencing material--and point you in the right directions for more
knowledge. Up to a point, each chapter may be read by itself; I have
compiled extensive appendices, containing material which will be of
use long after the main body of the text has been absorbed.
It is one of the characteristics of hacking anecdotes, like those
relating to espionage exploits, that almost no one closely involved
has much stake in the truth; victims want to describe damage as
minimal, and perpetrators like to paint themselves as heroes while
carefully disguising sources and methods. In addition, journalists
who cover such stories are not always sufficiently competent to write
accurately, or even to know when they are being hoodwink- ed. (A note
for journalists: any hacker who offers to break into a system on
demand is conning you--the most you can expect is a repeat
performance for your benefit of what a hacker has previously
succeeded in doing. Getting to the 'front page' of a service or
network need not imply that everything within that service can be
accessed. Being able to retrieve confidential information, perhaps
credit ratings, does not mean that the hacker would also be able to
alter that data. Remember the first rule of good reporting: be
sceptical.) So far as possible, I have tried to verify each story
that appears in these pages, but hackers work in isolated groups and
my sources on some of the important hacks of recent years are more
remote than I would have liked. In these
** Page VIII
cases, my accounts are of events and methods which, in all the
circumstances, I believe are true. I welcome notes of correction.
Experienced hackers may identify one or two curious gaps in the
range of coverage, or less than full explanations; you can chose any
combination of the following explanations without causing me any
worry: first, I may be ignorant and incompetent; second, much of the
fun of hacking is making your own discoveries and I wouldn't want to
file:///E|/Books/Hackers Handbook.htm (3 of 133) [11/28/2000 5:58:48 AM]
Hacker's Handbook
spoil that; third, maybe there are a few areas which are really best
left alone.
Nearly all of the material is applicable to readers in all
countries; however, the author is British and so are most of his
experiences.
The pleasures of hacking are possible at almost any level of
computer competence beyond rank beginner and with quite minimal
equipment. It is quite difficult to describe the joy of using the
world's cheapest micro, some clever firmware, a home-brew acoustic
coupler and find that, courtesy of a friendly remote PDP11/70, you
can be playing with Unix, the fashionable multitasking operating
system.
The assumptions I have made about you as a reader are that you own a
modest personal computer, a modem and some communications software
which you know, roughly, how to use. (If you are not confident yet,
practise logging on to a few hobbyist bulletin boards.) For more
advanced hacking, better equipment helps; but, just as very tasty
photographs can be taken with snap-shot cameras, the computer
equivalent of a Hasselblad with a trolley- load of accessories is not
essential.
Since you may at this point be suspicious that I have vast
technical resources at my disposal, let me describe the kit that has
been used for most of my network adventures. At the centre is a
battered old Apple II+, its lid off most of the time to draw away the
heat from the many boards cramming the expansion slots. I use an
industry standard dot matrix printer, famous equally for the variety
of type founts possible, and for the paper-handling path, which
regularly skews off. I have two large boxes crammed full of software,
as I collect comms software in particular like a deranged
philatelist, but I use one package almost exclusively. As for
modems--well, at this point the set-up does become unconventional; by
the phone point are jack sockets for BT 95A, BT 96A, BT 600 and a
North American modular jack. I have two acoustic couplers, devices
for plunging telephone handsets into so that the computer can talk
down the line, at operating speeds of 300/300 and 75/1200. I also
have three heavy, mushroom coloured 'shoe-boxes', representing modem
technology of 4 or 5 years ago and operating at various speeds and
combinations of duplex/half- duplex. Whereas the acoustic coupler
connects my computer to the line by audio, the modem links up at the
electrical level and is more accurate and free from error. I have
access to other equipment in my work and through friends, but this is
what I use most of the time.
** Page IX
Behind me is my other important bit of kit: a filing cabinet.
Hacking is not an activity confined to sitting at keyboards and
watching screens. All good hackers retain formidable collections of
articles, promotional material and documentation; read on, and you
will see why.
file:///E|/Books/Hackers Handbook.htm (4 of 133) [11/28/2000 5:58:48 AM]
Hacker's Handbook
Finally, to those who would argue that a hacker's handbook must be
giving guidance to potential criminals, I have two things to say:
First, few people object to the sports of clay-pigeon shooting or
archery, although rifles, pistols and crossbows have no 'real'
purpose other than to kill things--and hackers have their own code of
responsibility, too. Second, real hacking is not as it is shown in
the movies and on tv, a situation which the publication of this book
may do something to correct. The sport of hacking itself may involve
breach of aspects of the law, notably theft of electricity, theft of
computer time and unlicensed usage of copyright material; every
hacker must decide individually each instance as it arises.
Various people helped me on various aspects of this book; they
must all remain unnamed--they know who they are and that they have my
thanks.
** Page X
CHAPTER 1
First Principles
The first hack I ever did was executed at an exhibition stand run
by BT's then rather new Prestel service. Earlier, in an adjacent
conference hall, an enthusiastic speaker had demonstrated view-
data's potential world-wide spread by logging on to Viditel, the
infant Dutch service. He had had, as so often happens in the these
circumstances, difficulty in logging on first time. He was using one
of those sets that displays auto-dialled telephone numbers; that was
how I found the number to call. By the time he had finished his third
unsuccessful log-on attempt I (and presumably several others) had all
the pass numbers. While the BT staff were busy with other visitors to
their stand, I picked out for myself a relatively neglected viewdata
set. I knew that it was possible to by-pass the auto-dialler with its
pre-programmed phone numbers in this particular model, simply by
picking up the the phone adjacent to it, dialling my preferred
number, waiting for the whistle, and then hitting the keyboard button
labelled 'viewdata'. I dialled Holland, performed my little by-pass
trick and watched Viditel write itself on the screen. The pass
numbers were accepted first time and, courtesy of...no, I'll spare
them embarrassment...I had only lack of fluency in Dutch to restrain
my explorations. Fortunately, the first BT executive to spot what I
had done was amused as well.
Most hackers seem to have started in a similar way. Essentially
you rely on the foolishness and inadequate sense of security of
computer salesmen, operators, programmers and designers.
In the introduction to this book I described hacking as a sport;
and like most sports, it is both relatively pointless and filled with
rules, written or otherwise, which have to be obeyed if there is to
be any meaningfulness to it. Just as rugby football is not only about
file:///E|/Books/Hackers Handbook.htm (5 of 133) [11/28/2000 5:58:48 AM]
[ Pobierz całość w formacie PDF ]