______________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Hacking tip of this column: how to finger a user via telnet.
_______________________________________________________
Hacking. The word conjures up evil computer geniuses plotting the downfall
of civilization while squirreling away billions in electronically stolen
funds in an Antigua bank.
But I define hacking as taking a playful, adventurous approach to computers.
Hackers don't go by the book. We fool around and try odd things, and when we
stumble across something entertaining we tell our friends about it. Some of
us may be crooks, but more often we are good guys, or at least harmless.
Furthermore, hacking is surprisingly easy. I'll give you a chance to prove
it to yourself, today!
But regardless of why you want to be a hacker, it is definitely a way to
have fun, impress your buddies, and get dates. If you are a female hacker
you become totally irresistible to all men. Take my word for it!;^D
This column can become your gateway into this world. In fact, after reading
just this first Guide to (mostly) Harmless Hacking, you will be able to pull
off a stunt that will impress the average guy or gal unlucky^H^H^H^H^H^H^H
fortunate enough to get collared by you at a party.
So what do you need to become a hacker? Before I tell you, however, I am
going to subject you to a rant.
Have you ever posted a message to a news group or email list devoted to
hacking? You said something like "What do I need to become a hacker?" right?
Betcha you won't try *that* again!
It gives you an education in what "flame" means, right?
Yes, some of these 3l1te types like to flame the newbies. They act like they
were born clutching a Unix manual in one hand and a TCP/IP specification
document in the other and anyone who knows less is scum.
*********************
Newbie note: 3l1t3, 31337, etc. all mean "elite." The idea is to take either
the word "elite" or "eleet" and substitute numbers for some or all the
letters. We also like zs. Hacker d00dz do this sor7 of th1ng l0tz.
********************
Now maybe you were making a sincere call for help. But there is a reason
many hackers are quick to flame strangers who ask for help.
What we worry about is the kind of guy who says, "I want to become a hacker.
But I *don't* want to learn programming and operating systems. Gimme some
passwords, d00dz! Yeah, and credit card numbers!!!"
Honest, I have seen this sort of post in hacker groups. Post something like
this and you are likely to wake up the next morning to discover your email
box filled with 3,000 messages from email discussion groups on agricultural
irrigation, proctology, collectors of Franklin Mint doo-dads, etc. Etc.,
etc., etc....arrrgghhhh!
The reason we worry about wannabe hackers is that it is possible to break
into other people's computers and do serious damage even if you are almost
totally ignorant.
How can a clueless newbie trash other people's computers? Easy. There are
public FTP and Web sites on the Internet that offer canned hacking programs.
Thanks to these canned tools, many of the "hackers" you read about getting
busted are in fact clueless newbies.
This column will teach you how to do real, yet legal and harmless hacking,
without resorting to these hacking tools. But I won't teach you how to harm
other people's computers. Or even how to break in where you don't belong.
******************************
You can go to jail tip: Even if you do no harm, if you break into a portion
of a computer that is not open to the public, you have committed a crime. If
you telnet across a state line to break in, you have committed a federal felony.
*************************************
I will focus on hacking the Internet. The reason is that each computer on
the Internet has some sort of public connections with the rest of the Net.
What this means is that if you use the right commands, you can *legally*
access these computers.
That, of course, is what you already do when you visit a Web site. But I
will show you how to access and use Internet host computers in ways that
most people didn't know were possible. Furthermore, these are *fun* hacks.
In fact, soon you will be learning hacks that shed light on how other people
(Not you, right? Promise?) may crack into the non-public parts of hosts. And
-- these are hacks that anyone can do.
But, there is one thing you really need to get. It will make hacking
infinitely easier:
A SHELL ACCOUNT!!!!
A "shell account" is an Internet account in which your computer becomes a
terminal of one of your ISP's host computers. Once you are in the "shell"
you can give commands to the Unix operating system just like you were
sitting there in front of one of your ISP's hosts.
Warning: the tech support person at your ISP may tell you that you have a
"shell account" when you really don't. Many ISPs don't really like shell
accounts, either. Guess why? If you don't have a shell account, you can't hack!
But you can easily tell if it is a real shell account. First, you should use
a "terminal emulation program" to log on. You will need a program that
allows you to imitate a VT 100 terminal. If you have Windows 3.1 or Windows
95, a VT 100 terminal program is included as one of your accessory program.
Any good ISP will allow you to try it out for a few days with a guest
account. Get one and then try out a few Unix commands to make sure it is
really a shell account.
You don't know Unix? If you are serious about understanding hacking, you'll
need some good reference books. No, I don't mean the kind with breathless
titles like "Secrets of Super hacker." I've bought too many of that kind of
book. They are full of hot air and thin on how-to. Serious hackers study
books on:
a) Unix. I like "The Unix Companion" by Harley Hahn.
b) Shells. I like "Learning the Bash Shell" by Cameron Newham and Bill
Rosenblatt. A "shell" is the command interface between you and the Unix
operating system.
c) TCP/IP, which is the set of protocols that make the Internet work. I
like "TCP/IP for Dummies" by Marshall Wilensky and Candace Leiden.
OK, rant is over. Time to hack!
How would you like to start your hacking career with one of the simplest,
yet potentially hairy, hacks of the Internet? Here it comes: telnet to a
finger port.
Have you ever used the finger command before? Finger will sometimes tell you
a bunch of stuff about other people on the Internet. Normally you would just
enter the command:
finger Joe_Schmoe@Fubar.com
But instead of Joe Schmoe, you put in the email address of someone you would
like to check out. For example, my email address is cmeinel@techbroker.com.
So to finger me, give the command:
finger cmeinel@techbroker.com
Now this command may tell you something, or it may fail with a message such
as "access denied."
But there is a more elite way to finger people. You can give the command:
telnet llama.swcp.com 79
What this command has just done is let you get on a computer with an
Internet address of llama.swcp.com through its port 79 -- without giving it
a password.
But the program that llama and many other Internet hosts are running will
usually allow you to give only ONE command before automatically closing the
connection. Make that command:
cmeinel
This will tell you a hacker secret about why port 79 and its finger programs
are way more significant than you might think. Or, heck, maybe something
else if the friendly neighborhood hacker is still planting insulting
messages in my files.