Thee Under Ground Presents 
How to Hack (http://www.theeunderground.com/)

The Confessions of a Hacker

By Natas Selur

So you want to HACK.

First, this How To Guide comes with one CONDITION.

If you use these methods to gain access to a system you AGREE to cause no malicious damage
to a system by using these techniques.

If you want to trash systems read a How to Crack manual.

Hackers don't CRACK systems, they HACK a system to gain CONTROL of it.

CONTROL is the main word in HACKING.

DESTROY is the main word in CRACKING.

If you use these techniques to CRACK systems then the CURSE of NATAS SELUR be upon thee.

BTW, Natas Selur is Rules Satan backwards.

Types of Hacks in this How To Manual.

1. Simple PC or Network Hack

2. School or University Hack

3. Commercial Server Hack

4. Government and Military Hack

Beware, LAWS exist that can Penalize you if you HACK or CRACK a system.

Personally I'd never admit to HACKING a system, but this info does indeed work.

Some of the methods are widely known, a few aren't as famous yet.

Would I ever CRACK a system, only if I was at WAR with someone or something would I
consider TRASHING a system.

All though I'll state I have never CRACKED a system, I could see a reason to do such a
thing if WAR on the WWW becomes a fact.

If someone CRACKS you, then you have the right to CRACK them.

If a government trys to do things against personal freedoms on the www, then they should be CRACKED wide open.

Here are some great LINKS to other HACK sites, Enjoy

NS, Spring 98

How to HACK a Personal or Work Net Computer

The Personal or Work Net computer Hack is the easiest, since you have physical access to
the computer in both cases.

Most HACKERS don't start out as Hackers they start as thiefs.

Most STEAL their first PW file from a Net using inside access, instead of Hacking into it
remotely.

Say, you're in a BS job for the summer and you see a person log onto the Work Net with a
User name and PW near you.

Bang, as soon as you can, you just log in as them and take your first PW file from a server
as soon as you get the chance. All OS's (Operating Sytems ie. MS Net, Unix, etc) store PW's
in encrypted files, all these encryption algorithms have Crack or programs to reveal these
encrypted files, all the systems use proprietory algorithms to encrypt, so a Unix Crack
unencrypts all Unix PW's and a NT Crack unencrypts all NT PW's. If you know where to look
for these files on the server you have access to, you can copy the file onto a floppy in
seconds or even email it to a fake email account in seconds.

You can then use a CRACK PW program at home and wammo, you have everyone's PW's after the
CRACK program does it's job. YOU THEN CONTROL THAT NET at your BS job.

For a personal computer HACK, you can again watch someone either log in while you are
talking to them, and when you have access to the keyboard (when they go to the bathroom),
you can get root and take key info or install programs to allow you to have remote access.

If your friend uses Win 95 and leaves the room for a few seconds while he is logged in, you
have ROOT access, take out your pocket floppy and install whatever you want on his
OPEN machine. Make your name come up in a screen saver or something to show them
YOU HACKED THEM!

If your friends Win 95 is in a secure mode when you have access and you don't know the PW,
you can reboot his machine and ESC past any PW protection upon boot up.

Once you have a hot keyboard, one that works, look in the machine for the PW file and take
the PW for when the screen saver kicks in or change it to keep your friend out of his own
machine. If you don't know where the PW file is kept on Windows, read your Windows manual.

The same thing can happen in a school or University.

Now, some folks aren't too bright, and they use their own User Account to access the
Encrypted PW file of a School or Work Net.

A smart Admin logs all such activity on his Net. A dummy Admin doesn't do it. So, a smart
Hacker uses FAKE ID to get access to the Encrypted PW file. The person you STOLE the User
Name and PW from looks like the culprit.

Anyway, you have CONTROL of the Net once you get the PW's file, since you then have the
Admins PW to Root and can do ANYTHING you want on their net, change permissions, erase or
delete files or install programs to HACK other servers.

You also have REMOTE access if the machine is ON LINE. The key to hacking is to get control
of a server to then use it to HACK other servers from a non traceable dialup.

The more servers you own ROOT on, the more POWER you have in the Game called HACK! Now, a
Hacker CONTROLS Nets, a CRACKER Destroys Nets.

If you want to be a non malicious explorer of Nets you can call yourself a Hacker, if you
want to TRASH and DESTROY thinngs call yourself a CRACKER!

You now know how to HACK a Personal or Work Net Computer.

Go to our LINKS page and check out Hack sites and download files to CRACK Win NT, Unix and
VMS PW files.

When you CRACK your first PW file you can say you HACKED something. If you go back to the
machine you HACKED and DESTROY anything you aren't a HACKER but a malicious person who
shoul call themselves a CRACKER.

Security Counter by Nick

Natas explains very simply how easy it is to be hacked. Computers that are accessible to
anyone with a keyboard and login can be hacked this easily. You can use techniques to stop
simple hacks like this, teach your employees to make sure before they log in that NO ONE is
WATCHING. Employ a physical key lockout on your CPU so no one can do a reboot ESC bypass. 

Better admins rework the OS (Operating System) to change typical directories that are
preset by factory installs of OS's. If your PW's (Pass Words) are hidden in a simple and
easy to find directory like everyone elses usually are from factory installs such as
etc/passwd on Unix systems, such a hack is easier to do for the hacker. You can also shadow
PW's to better hide them from such a simple hack.

Avoid Sloppy Logins, and also make your employees use HARD PW's. Crack Programs to find
encrypted PW's work off the easy to find PW's first. It's much harder to crack PW's that
use non words and special character symbols in the PW. If you use names or words that are
in a dictionary, your encrypted PW file can be cracked very easily.

How to hack a University Computer

by Natas Selur

There are two levels of University or School Hacks. The first is physical access, it works
exactly like the Hacks explained in Personal and Work Net Hacks. Read it and employ the
physical access Hacks to a School University system you have physical access to.

The Second HACK is really a Hack. You don't have physical access to the computer so you
must BREAK INTO the system remotely.

A simple Hack that still works on older Universities Networks is called the PHF Attack. You
can have the PW file of server actually display on your browser by accessing the url of the
University and then simply doing a PHF query from your browser url line.

I'd say close to 98 or 99% of US Universities have the patch to stop this remote hack. To
find the query to run the PHF query check out the Links page and go to sites about Hack, or
lookup PHF in a search engine along with Hacking.

You can get ID'd by a new program when running this hack, you dial up and time stamp info
is recorded by the University's computer.

That is why you don't use a real dialup to do hacking, a trace is left to you.

You need a fake dialup.

You can Hack Free Dialup accounts by searching for instructions about the ISP files you get
when you run the Win 95 Connection Wizard. The Dialup number (which is toll free) the User
ID the PW are all kept in plain text files.

You can also just pay a local dialup company by cash in person with fake info or ID so your
dial up is unknown to cover your tracks.

If you use a dialup that traces to you, you will be found. Some use fake CC info to get
temporary accounts as well, the CC algorithm to make valid numbers is on the internet, so
you can make fake numbers to order temp dialups. It's against the law however to do that.

If you like teaching people how to use the www, you can put up flyers in your neighborhoods
grocery saying you teach on site www. Use a fake remote access number in your flyers, and
when you set up your trainees you have their CC number and logins to use as you wish.

Most University Hacks today use Exploits, there are tons of bugs in todays OS's and server
includes, plus the Email Exploits are great. For info on all the various Exploits available
and sample scripts to use, run a search on exploits hacking and email. Pick your choice and
target a *.edu server.

Enjoy.

Counter Security by Nick

The physical access counter is in the article Natas referred to. The PHF attack is rare
today in Universities, since it is well know to admins, however, some lazy admins still
have not patched this simple security hole.

Exploits are the most used breaches of security on most systems today. An admin needs to
join all the various maillists to keep abreast of most of these new techniques. The email
exploits mentioned by Natas are indeed the easiest way for hackers to gain remote access to
info in your system to help hackers. The web revolves around access to email, hackers exist
because of email holes. Email, Email Exploits and hackers they all go together.

How to Hack a Commercial Server or Web Site

By Natas Selur

Who hacks websites and pages, dudes that can't handle a real challenge. Want a bad
reputation in Hack circles, Hack a web page and brag about it.

You'll be laughed at.

Simple ways to Hack a website or page is using deceit. You can set up fake accounts for
email through places like hotmail or juno, then bitch and moan to free page sites your PW
to the site you want to hack is lost and please send you one. If you get the personal info
from the sites pages (most free page users keep their bios on page one, name, age etc.) you
could easily dupe a rep from a free site to email your PW to the bogus email account.

You can give fake info and set up a page and use exploits to Hack PW's, or cruise the
PW file and run a Crack program on it. 

It's so easy to HACK a Commercial site or web page, that Hackers don't even consider it a
true Hack.

You have access to most commercial sites as a user, join and HACK it's that easy.

Now a Commercial site that has it's own T and doesn't have anyone on it but inhouse users
of the Corporation can be a little more challenger.

However, most can be CRACKED with simple PW Dictionaries if you have a user name you can
also get Users ID's and PW's from a sniffer running from a site you have hacked.

Counter Security by Nick

I wish all hackers thought like Natas, a lot of people enjoy trashing web pages. As Natas
mentioned, it's all too easy. If you have a business running on a site with many commercial
users, you can be hacked al too easily. All someone has to do is join with bogus info and
run exploits internally through CGI scripts all comercial sites allow you to run, or if the
admin is real sloppy, merely copy an encrypted PW file that users have access to. Once your
PW is hacked your pages can be edited with ease. A business should have their own
connection to the www and a secure internal server to display web pages, their intranet or
network should run BEHIND A SECURE FIREWALL, that way you can stop the easy mutual user
exploits and such that is common to commercial hosting sites with multiple users.

How to Hack a Military or Government Site

by Natas Selur

Written for people that are already experienced in Hacking

NEWBIES BEGONE!

I strongly suggest you don't use these techniques to actually hack a gov or mil site.

You'll end up in jail unless you are a MASTER of COVERING your tracks.

Even then, you should only do it against a minor league country.

If you try any of the big governments, you'll end up in Prison.

In the US all Military sites have a MIL ending and Government sites have a GOV ending.

So, pentagon.mil would be a name for a MIL site while nasa.gov will be a name for a GOV
site.

The White House has a site that's been Hacked and Cracked.

Most of these sites function just like any other site, they use the same TCP and IP
protocols and most of the servers use the same OS as other types of sites.

I've heard some top secret servers that use custom OS's and such, but I've never seen any
examples of it.

Still, basic rules apply to any 2D server.

You have a processor that understands two things 1 and 0.

If you want to really HACK a Mil or Gov site, brush up on Absolute and Assembler, since any
pseudo programs have to eventually get to binary to be processed.

Make sure you only use a weak link to enter the system and chain proxy out the ying yang to
cover your dial up.

The Gov and Mil security will find you even if you use fake dialups. The Phone system is
fully traceable while you are HOT.

A erver that doesn't keep classified info is your entry point in this type of Hack, you
come in from a proxy chain, then you search for a door to some more sensitive info or a
bunch of similar low level machines.

By chaining through the lower levels of GOV and Mil sites when you attack the real target,
you can then put in safety nets to mislead the real security guys you will encounter when
you finally hit the sensitive material secure servers.

Upon your final Attack, you will need to put into your low level root machines all types of
shadow tricks, log creators log trashers etc. Because when the higher level machines
discover you, they will rely upon the lower machines to ID you, and you will use them to
hide you. Pure cat and mouse this type of HACK!

By having a TEMPORARY NET under the High Level machines, you can CONTROL what they are
looking for to ID you, when you are discovered.

Think of it like this, the GOV and Mil sites are like a pyramid. The Top of the Pyramid is
the real sensitive info, your entry will be discovered there, GUARANTEED.

Before you attempt to ROOT the Top of the GOV or MIL sites, you core out the base of the
Pyramid. You gain Root Control server by server of the overall pyramid. If you do your HACK
right on the low level machines before you HACK the higher levels, you can daisy proxy and
shadow through the Gov and Mils own sites UNTRACEABLE at the time of your ATTACK, making
temporary false logs to cover you with their own servers. And then TRASHING the Logs and
Nets at the end of the ATTACK.

The end result, a trace gets lost in their own systems during the ATTACK, since
YOU CONTROL their routing searches into your entry machines by having root over about 20
machines.

To do such a HACK correctly you would need a TEAM of Hacks communicating to intercept the
Gov and Mil commands when your trail is being researched by the security guys in the top.

A scenario would look like this, you spend a ton of time Hacking low level unsecure servers
to eventually build a safety net so when you are at the top, you can FALL BACK into a
controlled enviornment, to lose the security people at the top secure server.

You own root of about 20 unsecure servers through back doors from all your low level Hacks,
you may have preinstalled some security nets in your low level Hacks to TURN ON when the
Heat from above starts looking for who is HACKING into the Top Level Servers, I would
suggest you have Team Players in control of root servers that will be used as a Net. You
should be uploading the Nets as the action gets hot.

That way, your Nets aren't in files that have been backed up for days or weeks, when a Net
is needed, your Team puts it in through Root control as soon at it is loaded and after it
is used an auto delete and trash program is run to CRACK your Net so the Security guys
can't even see what you built to deceive them.

You will most likely find security defenses in the low level machines, programs installed
to safeguard against an attack into a higher level machine. Downloading them and learning
how they work will be your best offense when you ATTACK the top.

If you try this type of HACK yourself, you probably can't monitor all the roots and upload
all the nets when you get discovered, you would have to have several machines going at once
and put in dormant Nets to activate when they are needed. Your clever progamming of Nets
will be discovered in the backups of your low level machines that took time to Hack.

Now, if this type of Hack is done right, you eventually reach very secure machines that
rely on lower machines to find out where an attack is coming from. When the security team
hits a server that you CONTROL, you can temporarilty mislead the security team by telling
their secure severs what ever you want. However, if you leave the logs in place they will
find out how you did it, so erasing your foot steps is the key.

You can't HACK a mil or gov system without also CRACKING it.

You must DESTROY LOGS in this type of Hack and DESTROY various sectors of hard drives that
temporarilty held your nets. If you don't destroy harddrives, then erased logs and nets
will be undeleted.

When I say DESTROY, I mean you to have use erase programs that the Pentagon uses, it writes
say 100 times OVER the info you need to DESTROY.

That way Mil and Gov defragmenting programs can't unerase what you deleted.

The Hard Drives are useable after such an erase, so you don't DESTROY them physically, but
you must CRACK the Logs and Nets or you will be found even if you delete logs and nets.

Also, by only uploading your Nets at the last moment to activate when you are found while
HACKING the top of the pyramid, makes your ID during the Hack all that more protected.

The key to a Gov or Mil attack is to be prepared for what the security team will throw at
you, that is tracers. Their job is find you, turn off your entry and then arrest you.

If you realize Logs of entry machines is their only trail, you have to CONTROL the low
level Logs and roots to stop or delay searches while you are in the Hack. If your Hack is
compromised, your phone will be traced to. So the last precaution is to use a non traceable
connection to your intitial entry point.

That way, if the nets don't work, when the Feds find the originating source for the dialup
they will be looking for you in a Hotel Room, or a leased apartment to a fake ID.

Don't leave fingerprints behind when the final attack is done, don't brag about it, and do
it from a place you have never been in. Far away from where you live.

Now, if you plant dormant Nets before you do your FINAL ATTACK, they will exist on BACKUP
files of the machines you controlled before the final HACK is done. The safest step is to
only leave low level root doors to bounce from Net to Net in your FINAL ATTACK, your path
is again less traceable, since your Nets are only uploaded when you need to start your
smoke and mirrors routine.

You don't use low level servers you Hack to do anything once you root them.

This is a sample of such a Hack, lets say some ancient low level servers with old non
classified crap is your entry machines, lets say there are 12 machines you Hack in this
level, you CONTROL them through Root, you always shadow log or erase logs in your proxy so
there is no trace to your outside proxy chains when ever you enter to Hack this type of
machine. Once you gain root of such a machine, DON'T USE IT UNTIL the FINAL ATTACK!

The time comes to move up the ladder, some newer servers still with non classified crap is
your next level of Hack. You need about 6 machines that you again own through Root, you
don't put in any Nets yet. You may come across security at this point and if you do, you
must trash any low level entry points or bs remote roots you used to Hack into this level
if you get locked onto.

Now you own two levels of the pyramid, the third level is the toughest, it is secure severs
where you have to use completely new unknown programs to Hack these targets. They shouldn't
be TOP LEVEL Servers, just machines with low to mid level security. If you use some of your
lower level servers to hack at this level, you might have to trash most of your lower level
to reach say 3 servers in this point. You need to replace what ever you lose below to
maintain this final level before you attempt the Top.

For this example, you would need 12 low level non secure servers, 6 mid level non secure or
low secure servers, 3 mid level mid secure servers. That's 21 Gov or Mil Roots you need to
OWN. All with no programs or nets left behind by you so your chances of being discovered
before the real HACK is moot.

You simply gained Root and left it in the BANK as a valuable asset to use in your real HACK
of the Top of the Pyramid.

When you attempt to mount the top and take root, the pyramid becomes like a house of cards.
The Mil and Gov people use systems you CONTROL to see who you are. You have 21 servers they
need to find you, all doing WHAT YOU WANT!

As you lose control of the low level machines, your house of CARDS starts to fall. They can
simply turn off comprmised low level servers once they realize you are shadowing yourself.

When you hit the Top of the Pyramid and knock on their front door from one server, you bang
it again with another, then another, when they trace the lower level bangs on their front
door, you create all kinds of smoke and mirror routes to shadows.

Your nets start being uploaded right before the assault beings, your log erasers and
trashers start to kick in as you lose low level nets.

With enough time you could Hack Root of the top through various methods, however what took
most likely months to organize could all be shot in minutes.

You would be the commander in the largest assualt on a secure Mil or Gov server if you
follow this GAME PLAN.

What would you end up controlling?

Root of the world perhaps.

If you have targets in mind for what is at the top, you could install programs if you gain
Root, to change protocols for other servers and programs and launch who knows what.

As long as the world and governments depend upon 2D Technolgy, there is no such thing as a
Secure Server.

As long as it has an OS, a keyboard, a Floppy or a port to another machine, it isn't SECURE.

Remember, if you attempt a Hack like this, you will be hunted and if not KILLED for being
the most dangerous person on Earth, you will end up in Prison.

I've only done this Hack on paper and pencil, and in my dreams.

I enjoy freedom, so I would never use this attack.

However, if a certain country became a facist regime, I would join an opposition force and
employ this Hack to CRACK EVIL!