{\rtf1\ansi\deff0{\fonttbl{\f0\fnil\fcharset0 Courier New;}}
{\colortbl ;\red0\green0\blue128;}
\viewkind4\uc1\pard\cf1\lang9225\b\f0\fs24 __________________________________________________________ \par
GUIDE TO (mostly) HARMLESS HACKING \par
Vol. 7 No. 1 \par
Introduction to Hacker Wargaming \par
____________________________________________________________ \par
     Since we began running the Hacker Wargame in March 1988, so far (Oct. 1998) \par
\par
we have just two winners (blips and spagheti -- GALF doesn't count because \par
they committed a felony to get in) -- and lots of questions about how to \par
become a winner. "Please explain keystroke by keystroke," people ask again \par
and again. \par
     Sorry, I can't do that for you.  The problem is, when we made the Wargame \par
easy to win, certain script kiddies came in and repeatedly erased key parts \par
of the operating system of the Wargame computer -- which is a pain to fix. \par
So we decided to set up the Wargame so it was harder to use script kiddie \par
programs.  The result, sad to say, was that winners became rare. \par
     It's pretty boring when only two people are able to not just break into but \par
\par
maintain control of one of our Wargame computers.  (You aren't a winner \par
unless you can maintain control.) So this Wargaming series is intended to \par
teach you, the aspiring Uberhacker, how to rise above the level of the \par
script kiddie.  If this series is successful, you will learn how hackers \par
such as blips and spagheti have become computer security experts instead of \par
mere script kiddies.  You will have the opportunity to follow in their \par
footsteps by learning how to discover new computer vulnerabilities, and \par
learning how to fix them yourself, without being told "keystroke by keystroke." \par
************************************************************ \par
In this GTMHH you will learn: \par
* What are script kiddies and why they are lame \par
* Why setting up your own LAN (local area network) is the best way to become \par
an Uberhacker \par
* What kind of hardware you will need \par
* How to get hardware cheap \par
* How to get operating system software cheap \par
************************************************************* \par
What Are Script Kiddies, and Why they Are Lame \par
     Want to know exactly what a script kiddie is? The Web site \par
http://www.antionline.com carries some of the best news about computer \par
break-ins.  Its owner, John Vranesevich <jp@antionline.com> is a \par
self-described hacker, and has interviewed and listened to thousands of \par
hackers. With his permission, here we reprint his recent editorial "Facing \par
the Age of the Script Kiddies" \par
  \par
         In the past, a hacker was an individual who literally had to spend  \par
    years \par
    to learn the inner workings of computer technology,  programming, and \par
    hardware. Only then could he begin to explore  possible vulnerabilities, and \par
    \par
    develop, for himself, ways to  exploit those vulnerabilities, and more \par
    importantly, ways to patch  them. Through out these years of learning, the \par
    hacker would  develop a certain respect for the technology that he was \par
    studying,  and a certain level of maturity would inherently develop as well. \par
    \par
          Now, in present day society, with point and click utilities  abound, a \par
    \par
    younger, less mature, less knowledgeable, and less respectful, generation of \par
    "hackers" have come to life. Individuals  who haven't had to go through the \par
    years of learning, and study.  Individuals, who because of the lack of \par
    experiencing this  "learning process" have not developed the traits which \par
    once went  hand in hand with the persona of \par
    "hacker". Kids who are at that  age, where they have very little self \par
    respect, and even less  respect for others. Kids who are insecure, and have \par
    a strong  desire to feel that sense of belonging. The sense of being \par
    accepted as part of a group, and respected among their peers. The  same \par
    emotional state which once led inner city youth to gangs, is  now leading \par
    them to "hacking". Individuals who feel the ultimate  sense of power in \par
    "hacking a webpage". Their words being read by  thousands of others. Their \par
    ability to control something. The  technology is not a love, but a tool to \par
    accomplish something much  more in their eyes. A tool that can be used to \par
    gain them  acceptance, a feeling of empowerment, belonging, and control. A \par
    tool to allow them to escape the ridicule of the kids on the bus,  or the \par
    back of their parent's hand. \par
          Oh, and I can hear people screaming "stereotyping" right  now. Well, \par
    call \par
    it what you may. I've talked to literally  thousands of these so called \par
    "hackers" over the past 5 or 6 years.  You'd be surprised at how clear of a \par
    mold many of them come from.  I am really sick of hearing "we hacked that \par
    page to get a message  out". Perhaps, in some very, very, rare cases, that \par
    is true. But,  I submit to you, the vast majority of time a hack is done \par
    first,  and a political agenda is developed after hand to help rationalize \par
    the crime. On top of that, one hardly has to "hack a webpage" to  get their \par
    point of view told. \par
          That's the wonder of the Internet. Everyone is an equal.  Everyone has \par
    the \par
    opportunity to post their views, and share their  thoughts. Once again, \par
    these so called "hackers" avoid the  developmental process. They don't want \par
    to spend the time and  energy necessary to create a successful website of \par
    their own. So,  they maliciously exploit the work of others that have. I'm \par
    19  years old right now. I know what it is like being upset about something, \par
    and feeling that there's no way to share that with  others. \par
        That's one of the reasons that I made AntiOnline. It's my  forum. My way \par
    of \par
    expressing my views on things. To think of me, a  19 year old college drop \par
    out. Yet, my  work is viewed millions  of times every month. That, my little \par
    \par
    "hacker" friends, is power.  That is what the Internet is about. That's why \par
    it works. That's  why it's growing. \par
          Unless you change your ways soon, you will never be truly  \par
    experiencing \par
    the wonder that technology is. To truly love  technology, love how it is \par
    changing our society, bringing mankind  together in a way never before \par
    experienced in the history of the  human race. You'll never truly be \par
    experiencing the very thing that  you feel you have ultimate control over. A \par
    \par
    true irony indeed. \par
          Of course, as with all things, there is hope. There are  people out \par
    their \par
    hanging on tightly to the ways of old, and the  true hacker identity. There \par
    are groups like L0pht, the  distributed.net bovine group, and the kids down \par
    at your local high  school learning visual basic. \par
          Those are the true hackers. A desire to learn, a desire to  be the \par
    first \par
    to discover something new. A true hacker mentality is  something that \par
    shouldn't be thought of as a dark, mischievous  thing, but perhaps, more \par
    like that of a scientist. Study, learn,  experiment, and share what you've \par
    found with others...... \par
                    Yours In CyberSpace, \par
                    John Vranesevich \par
                    Founder, AntiOnline\par
\par
Why Setting up your own LAN Is the Best Way to become an Uberhacker \par
     OK, so you want to become more than a script kiddie?  So do I.  Here's what \par
\par
the best hackers I know say was their route to the top: wargaming on their \par
own and friends' LANs (local area networks).  This is a study technique used \par
by the kind of people who can slide through computer systems like ghosts \par
wafting through walls. \par
     "Wait! Wait!" some of you are saying.  "I thought hackers learn by \par
illegally breaking into the computers of strangers!" True, plenty of people \par
you meet on hacker mailing lists and on IRC make out like they are computer \par
security experts by day and computer criminals by night.  There even are \par
people who have been convicted of computer crimes who work as security \par
experts.  These guys probably are telling you the truth when they say they \par
were foolish enough to learn their trade by committing crime. \par
     However, crime often leads to prison, and prison is no fun.  Guess what \par
happens when bad breath cellmate "Bubba" decides you're cute?  Guess what \par
happens when your name is Kevin Mitnik and Hollywood makes a movie full of \par
lies about you? Besides, when you break into a computer illegally, you miss \par
out on the most fun part, which is being the guy who is fighting back! \par
     So ... are you ready to learn about breaking into and defending computers \par
the way the Uberhackers do it? Ready to learn how to run your own hacker \par
wargames? \par
     You can get started with newbie wargaming by reading the GTMHHs on "How to \par
Break into Windows 95 from the Internet."  (See http://www.happyhacker.org) \par
These show you how to set up your Win95 box so you and your friends can \par
practice breaking into each others' computers over the Internet.  This will \par
give you a good start.  But this approach has some problems -- such as you \par
only learn newbie stuff, and strangers might find your purposely vulnerable \par
Win95 or Win98 box connected to the Internet -- and do terrible things to it. \par
     If you want a wargaming technique that will take you all the way to the \par
top, you need to set up a local area network in your home, and get your \par
friends to set up networks, too.  Then you can experiment with configuring \par
firewalls and proxy servers, getting several computers with different \par
operating systems working together, and trying out LAN networking techniques \par
such as Netware, Microsoft Network, and TCP/IP; and much more.  You can \par
increase your fun by trading accounts on your network for accounts on your \par
friends' LANs and get to freely experiment with many LANs. \par
************************************************************* \par
Newbie note: If you are a kid, the FIRST thing you will probably want to do \par
is make sure your parents understand why hacker wargaming will make you rich \par
and famous instead of in jail and infamous. Here's how \par
Paradox@kpservices.com won over his parents. \par
  \par
         "I wrote to you a while ago about how to get my parents to accept  the \par
    fact \par
    of their son being a white-hat hacker... You gave me the  advice to show \par
    them your article in the October issue of  _Scientific American_ (which was \par
    a masterpiece, btw) and take it  from there.  Right after my dad read it ... \par
    All was well!  Then,  by coincidence, my best friend's Win95 box on a \par
    vulnerable cable  connection was invaded as part of a dumb IRC war he had \par
    going  on...  The intruders... trashed my friend's box by using Back  \par
    Orifice and then proceeded to mess with the \par
    server our business  page was on (along with our other e-mail addresses). My \par
    \par
    parents ... are now security paranoid and want me to find out as much as I \par
    can about computer security.  My Aunt (a Sun Microsystems  employee) is \par
    getting me an Ultra 5  SPARC Workstation for  Christmas too!  My parents are \par
    \par
    also buying me a copy of Windows NT  and System Commander so I can run Linux \par
    \par
    too!  I'm also going to  get a (secure) cable connection to the workstation \par
    in my room. \par
         THANK YOU!  THANK YOU!  THANK YOU!\par
****************************************************** \par
What Kind of Hardware you Will Need -- and How to Get it Cheap \par
     "Wait! Wait!" some guys are saying.  "I'm not rich enough to build my own \par
hacker research laboratory!"  Guess what, you can put together a really \par
impressive lab for only a few hundred dollars. \par
     Have you visited the web page of our Wargame computer \par
http://koan.happyhacker.org?  The Web pages downloaded pretty fast, right? \par
Did you get into the guest account and make merry with all the other guys \par
who had shells on koan?  (Hint: the password for the guest account is really \par
stupid. Even a stupid person can guess it.) Did you give the netstat command \par
and see how many people were browsing its Web sites, making ftp connections \par
and logged into shells all at once? Did you know that koan is a mere 25 Mhz \par
486 box? \par
     Koan is so powerful because it runs FreeBSD, a Unix type of operating \par
system, instead of Windows. (The RAM disk for the temp directory helps, \par
too:) Almost any Unix type operating system can take an ancient Intel-type \par
computer and make it run fast!  The 200th fastest supercomputer in the world \par
is a bunch of PCs running Linux and hooked together in parallel, in \par
operation at Los Alamos National Laboratories. \par
     You can get a 25 Mhz PC, or even faster ones, for almost nothing.  Because \par
they are so common, you can find cheap used ones in the classified ads in \par
the local paper, or buy them from computer stores that specialize in used \par
equipment.  Then install Unix type operating systems on them. \par
     Or, for major fun, buy ancient workstation computers.  You will rarely see \par
them for sale in the classified ads of newspapers.  However, you can often \par
pick them up at auctions.  Of course you need to know a thing or two about \par
the hardware you buy at auctions, because usually you won't get to try them \par
out before bidding on them.  Many people who buy workstations at auctions \par
figure most of them have things wrong with them.  So they buy a bunch of \par
them and then use parts from some of them to fix the others. \par
     You would be surprised by what an ancient Sun can do.  A Sun SPARC \par
workstation running at 25 Mhz is surprisingly fast for the same reason a 25 \par
Mhz PC is fast running some sort of Unix -- it's the Unix that makes it \par
fast!  In addition, if you want to have many simultaneous users, for example \par
if you want to give shell accounts to many users, a Sun should be faster \par
than a PC with an equivalent clock speed. \par
     If you don't feel you have the hardware expertise to piece together a cheap \par
\par
Sun workstation yourself, by paying a little bit more you can buy them from \par
resellers who get them at auctions.  If you can find a local auction that \par
sells workstations, you best bet may be to go to the auction and introduce \par
yourself to the people you see buying hardware that you want to own.  They \par
will probably be willing to resell to you as soon as they get the equipment \par
working. \par
     If you can't find a cheap place to buy workstations nearby, there are two \par
places in Albuquerque where you can get refurbished workstations: \par
http://nmol.com/users/jcents (email jcents@nmol.com); or email Jake Garcia \par
at jakeg@rt66.com.  They pick them up at auctions of used equipment from \par
places such as Sandia National Laboratories, where people design nuclear \par
weapons and nanomachinery.  Sorry, you won't find classified data left \par
behind on these workstations! \par
     Your next step in getting ready to set up your hacker laboratory is the \par
networking equipment.  How do you get your computers talking to each other? \par
For that I recommend a 10BaseT Ethernet.  This is probably the easiest \par
network you can set up. \par
     The hardware you will need for an Ethernet will consist of a hub, an \par
Ethernet device for each computer you plan to network together, and either \par
Category 3 or Category 5 Ethernet cables.  The Ethernet cables look like \par
oversized phone cables. \par
     You can usually find a used hub for $20 or so at a used computer store. \par
Workstations usually have an Ethernet device of some sort already built into \par
them. However, look to see whether yours has a connector on the back that \par
looks like a slightly oversized phone jack.  If it does, great.  If instead \par
your workstation only has a connector that looks like what you use for a \par
cable TV (round with a wire in the center), and next to it a connector that \par
looks like the serial port on the back of your PC, you have a slight \par
problem.  You will need to buy an AUI to 10BaseT transceiver.  It is a \par
little box with LEDs on it which hooks on one side to the thing that looks \par
like a serial port, and on the other side has a thing that looks like a big \par
phone jack.  These are somewhat hard to find, and cost about $30 new.  The \par
electronic parts supplier Hamilton Hallmark sells them, as do many other \par
electronics parts suppliers.  You rarely will find these transceivers in \par
computer stores because the average consumer doesn't run around networking \par
old Unix workstations. \par
     For PCs you usually need to buy an Ethernet card.  Even new, you can buy \par
one for only $20.  The cabling costs very little, and can often be gotten \par
for free if you pay a visit to an office building that is being renovated. \par
I've gotten several hundred feet of Cat3 cable that way. \par
     Once you have gotten this far, you have all the hardware you need for your \par
hacker laboratory. \par
How to Get Operating System Software Cheap \par
     Your next problem will be operating system software.  One problem with \par
buying old Unix workstations is that they generally have old operating \par
systems for which there are many exploit programs floating around the \par
Internet.  While it may be fun for a while proving to yourself that within \par
seconds you can break into these old boxes, pretty soon this will get \par
boring.  You will get the craving to upgrade to the latest versions of these \par
operating systems. \par
     This is where you may get to faint, when you find out what this costs. \par
There are exceptions, however. \par
     My favorite kind of used workstations is Suns.  The reason I like old Suns \par
is that you can either run them using whatever operating system it came with \par
(either Sun OS or Solaris, which will probably be an old version and easy to \par
break into) or you can upgrade cheaply to the latest version of Solaris, to \par
Sun Linux, or Sun OpenBSD.  Even a SPARC 1 can run the latest versions of \par
all of these! To get the latest Solaris for almost nothing, see \par
http://www.sun.com/developers/solarispromo.html.  This offer includes the \par
manuals as well as a set of installation CDs. Or, you can get a version of \par
Linux that runs on Sun workstations (Red Hat) at http://www.redhat.com, or \par
of OpenBSD from http://www.openBSD.org. \par
     For PCs, your best bet for cheap Unix, if you are a total beginner, is Red \par
Hat.  It is easy to install and tech support is great.  There are at least \par
two other Linux distributions that beginners find easy to use: Slackware 3.5 \par
(http://www.cdrom.com) and Debian (http://www.debian.com).  While they are a \par
bit harder to install, they are easier to make secure. \par
     You can also get a version of Solaris that will run on PCs (see above URL). \par
\par
 If Linux is new to you, check out http://sunsite.unc.edu/mdw/ldp.html for \par
lots of beginner information. Or, start out with Trinux, at \par
http://www.trinux.org, for a beginner's version that doesn't require you to \par
repartition your hard disk (which the other Linuxes do). \par
     If you are already a power user of Linux, and want to build a really secure \par
\par
LAN, you may wish to move up to either FreeBSD (http://www.freebsd.org or \par
http://www.cdrom.com) or Open BSD (http://www.openbsd.org).  These operating \par
systems, along with Solaris 2.6 and above, are designed to resist most of \par
the buffer overflows that are the basis of many break-in techniques.  These \par
BSD operating systems are more difficult to install, however. \par
     I wish I could tell you how to get a cheap version of Windows NT Server \par
4.0. However, the only way I know of is not exactly legal.  You may be able \par
to obtain a free beta copy of Windows NT 5.0, however -- keep checking out \par
the Microsoft Web site (http://www.microsoft.com) for opportunities. \par
     How about LAN software?  If you have decided to work with Windows only, and \par
\par
don't plan on connecting your LAN to the Internet, all you have to do is \par
cable each computer to your hub, and point and click your way through \par
networking. As for Novell Netware -- sorry, I don't know of a cheap way to \par
get it. \par
     If you are serious about hacking, you will be connecting several different \par
operating systems together on your LAN.  For this I recommend using TCP/IP \par
and making one of your computers a gateway to the Internet.  This is a \par
little harder than "Network Neighborhood" style networking.  I know that \par
because -- you will be shocked to hear this -- I am living proof that it is \par
easy to make mistakes when setting up a TCP/IP network.  Imagine that!  So \par
I'm going to devote the next Guide in this series to how to set up a LAN \par
with an Internet gateway and both Windows and Unix boxes on it using TCP/IP. \par
Maybe I can figure out how to explain it so it will be easier for you than \par
it was for me. \par
Thanks to keydet89@yahoo.com for reviewing and contributing to this Guide. \par
_______________________________________________________________________ \par
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out \par
the official Happy Hacker Web page at http://www.happyhacker.org. \par
We are against computer crime. We support good, old-fashioned hacking of the \par
kind that led to the creation of the Internet and a new era of freedom of \par
information. But we hate computer crime.  So don't email us about any crimes \par
you may have committed! \par
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless \par
Hacking, please email hacker@techbroker.com with message "subscribe \par
happy-hacker" in the body of your message. \par
Copyright 1998 Carolyn Meinel.  You may forward, print out or post this \par
GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave \par
this notice at the end. \par
_________________________________________________________ \par
\par
}