Table Of ContentSECRETS OF A
SUPER HACKER
By The Knightmare
TO C
Appen dix
Text ripped verbatim
Note: Edited with clarity and space (win 98 word pad in Times new roman)
185 pages
6 yrs old
Kind of outdated and lot of it is garbage but its ok
Constant Sorrow
SECRETS
of a
SUPER
HACKER
By The KNIGHTMARE
Introduction by Gareth Branwyn
Sound Bytes from Reviews of
Secrets of a Super Hacker
"Secrets of a Super Hacker is a fascinating hacker cookbook that reveals the ease of
penetrating even the most stalwart computer system."
-The San Francisco Chronicle
"Not often do the contents of a book match its cover hype, but here is one book that
comes closer than most. Secrets of a Super Hacker, by The Knightmare, is billed as
'every security manager's worst nightmare.' It does, indeed, descend into the realm
of security managers’ darkest fears."
- Info security News
... step-by-step instructions in meaningful hacking [using] a personal computer."
- Booklist
"Excellent. This work will appeal to many, especially business professionals as the
networks and e-mail become more commonplace."
-The Reader's Review
"...the most specific, detailed, general-purpose guide to electronic shenanigans I've
seen. Recommended."
- Reading for Pleasure
"All 205 pages are loaded with clear, concise, and very devious information. It is
well-written, sprinkled with wit and the Knightmare's own personal experiences."
- Selected Book Reviews
"Sysops may find it necessary to read this one, especially if their callers read it first."
- BBS Magazine
"It's readable, interesting, informative, balanced, and accurate, with a nice spirit of
fun and swashbuckling!"
- <solmaker> on alt.books.reviews
"Secrets of a Super Hacker ... should be read by anyone who has the crazy notion
that his data is safe."
- ComputerWorld
Secrets of a
Super Hacker
By The Knightmare
Loompanics Unlimited
Port Townsend, Washington
This book is sold for information purposes only. Neither the author nor the publisher
will be held accountable for the use or misuse of the information contained in this
book.
Secrets of a Super Hacker
1994 by Dennis Fiery
Introduction (c) 1994 by Gareth Branwyn
Cover by Bart Nagel
Illustrations by Dan Wend/MEDIA Graphics
All rights reserved. No part of this book may be reproduced or stored in any form
whatsoever without the prior written consent of the publisher. Reviews may quote
brief passages without the written consent of the publisher as long as proper credit is
given.
Published by:
Loompanics Unlimited
P.O. Box 1197
Port Townsend, WA 98368
Loompanics Unlimited is a division of Loompanics Enterprises, Inc.
ISBN 1-55950-106-5
Library of Congress Catalog Card Number 93-86568
Contents
Introduction: Hackers:
Heroes or Villains?, by Gareth
Branwyn..........................................................................i
PART ONE
Before Hack
Chapter One: The
Basics..............................................................................................................
.......................3
Reading vs. Doing ?Opening Remarks?Equipment Moderns and Speed?
Communications
Software?Handy Features Data Capture?Past and Future?Days of Yore Live
On?Computer
Crime? Stealing Money Sabotage?Various Thieveries?The Seventh Crime?Hacker
Motivations
Chapter Two:
The History Of
Hacking.......................................................................................................13
First Came Hardware?YIPL and TAP?Computer Crime?2600?WarGames and Phrack
?Shadow
Hawk ?The Electronic Frontier Foundation
Chapter Three:
Researching The
Hack.................................................................................................................
...19
Targeting ? Collecting Information ? Some Unusual Research Methods ? On-line
Computer Simulators
and Tutorials ? Sorting Through Trash ? GIRK ? Found Disk Analysis ? Check Up ?
Damage to One Side ? Rips and Tears ? Imperfections ? Examining Screenshots ?
Snooping
Chapter Four:
Passwords And Access
Control.......................................................................................................35
Passwords ? Passwords Supplied by the User ? Possible Password Investigation ?
Password Studies ? Password Restraints ? Computer Generated Passwords: Fakery
and Analysis of Machine Generated Passwords ? Non-Random Machine-Generated
Passwords ? Programs are People Too
Brute Force Methods ? Foiling the Brute Force Assault ? Conclusion
Chapter Five:
Social
Engineering.......................................................................................................
.......................49
The Noble Form ? Hacker as Neophyte ? Hacker in Power ? Hacker as Helper ? Peak
Hours ? Other Hints Sample Social Engineering Situations ? Miscellaneous Social
Engineering Tips ? Other Roles In-Person Engineering ? Written Engineering ?
Request for Information ? Message From God ? Trouble in Paradise?
Chapter Six:
Reverse Social
Engineering.......................................................................................................
.........63
Overcoming Social Engineering Drawbacks ? Reverse Social Engineering Sabotage
Methods ? RSE
Case Study: The Translation Table ? Solving the Sabotage ? RSE Advertising Methods
? Trouble for Nothing?
PART TWO
During Hack
Chapter Seven:
Public Access Computers And
Terminals..........................................................................................................
............................................71
Introduction to the Three Kinds ? CD-ROM Databases and Information Computers ?
Public Access
Terminals (PATs) ? The Bar Code Hack ? Hidden Commands ? College PATs ? Doing it
the E-Z
Way ? Shoulder Surfing ? Doing it BASICally ? Hardware Methods ? General
Purpose Microcomputers ? Breaking Free ? Freedom Means Free Roaming ? PACK ?
Menu Simulation and Other Sneakiness ? Hiding Your Goody Basket ? Things to
Watch Out For
Chapter Eight:
On-Site Hacking: The Trespasser-
Hacker..................................................................................89
Closed-Circuit Television ? Biometric Systems ? Always a Way ? Acting for the On-Site
Hack ?
Piggybacking ? Other Successful Tricks & Antics ? Electronic Passive Computing ?
Radiation Comprehension ? Van Eck and Britton ? Ups and Downs
Chapter Nine:
Hacking At Home: Dialing Up Computers With Your
Modem...................................................99
Reality ? Who to Connect to ? Paying for the Pleasure ? Packet Switched Networks ?
Other
Networks ? Finding Dial-Up Numbers ? Dial-Up Security Measures ? Scrutinize the
Login Environment
Chapter Ten:
Electronic Bulletin Board
Systems................................................................................................105
Finding BBS Numbers ? Finding Hacker Boards ? Making Connections ? BBS Features
? BBS Exploitation ? Getting to Know You ? Bypassing BBS Security ? Running a BBS ?
Midnight Masquerade ? Hack mail ? Crashing BBSs ? Trojan Horses ? Covering Up
Trojan Horse Activity ? While it is Running ? Before & After ? A Few Tips for the Do-It-
Yourselfer
Chapter Eleven:
Borderline
Hacking............................................................................................................
..........119
Hacking for Ca$h * Filthy Tricks * Bribery * Booze and Broads * Bad Feelings
Chapter Twelve:
What To Do When
Inside............................................................................................................1
23
Hacker Motivations Revisited * Operating Systems * Looking Around * Commands to
Look For
and to Use * File Transfer Protocol (FTP) * Fun 'N Games The User Network *
Becoming a Superuser * Spoofing * Cryptography and DES * Bit by Bit Program
Employment * Viruses * Covert Channels * Get Out of Jail Free * Returning to the
Scene * Mission Accomplished Almost!
PART THREE
After Hack
Chapter Thirteen:
This Lawful Land …………………………………………………………………………………...139
State Computer Crime Laws * Traditional State Crime Laws * Criminal Mischief *
Burglary *Fraud * Larceny * Theft of Trade Secrets + Receipt of Stolen Property *
Theft of Services or LaborUnder False Pretenses * Interference With Use Statutes *
Traditional Federal Crime Laws *Conspiracy * 661, 2113, 641, 912, 1343, 1361, Etc.
* Federal Computer Crime Laws, Or: It's 10:30, DoThey Know Where the Hackers
Are? * Conclusion
Chapter Fourteen:
Hacker Security: How To Keep From Getting
Caught……………………..................................145
In Researching * In Social Engineering * Dialing In * Laptop Hints * Your On-the-
Road Kit *
System Tiptoeing * Lessons From the Hospital + BBS Protection * Other On-line
Security Steps *
Security Logs * In Public and On-Site * While Off-Line: Minimizing Losses *
Maintaining Your
Computer * Keeping Your Other Stuff * Conclusion: How to Get Caught
Chapter Fifteen:
Conclusion…………………………………………………………………………………………….161
The Hacker's Ethic * My Code of Ethics * Combining Principles * My One-Person Tiger
Team *
Principles Combined * Concluding Thoughts * Some Thoughts to the Concerned
Administrator *
Some Thoughts to the Concerned Hacker
Further Reading 169
The Books * Other Sources
Glossary 173
APPENDICES
Appendix A: Explanation of Some ASCII Codes 185
Appendix B: Common Defaults 189
Appendix C: Common Commands 191
Appendix D: Novice Word List 193
Appendix E: job-Related Word List 197
Appendix F: Technical Word List 199
Appendix G: Social Security Number Listing and ICAO Alphabet 201
Appendix H: Additional R/SE Role Playing Situations 205
Introduction:
Hackers: Heroes or Villains?
by Gareth Branwyn
Hacking in the Village
"Where am I?"
"In the Village."
"What do you want?"
"Information."
"Whose side are you on?"
"That would be telling. We want... information... information... information."
"Well you won't get it."
"By hook or by crook, we will!"
Remember the '60s TV show The Prisoner? Created by and starring Patrick
McGoohan, this surrealist series was basically a platform for McGoohan to explore his
own fears of modem surve-illance/spy technology, behavioral engineering, and
society's increasing ability to control people through pacifying pleasures.
He was convinced that all this might soon mean the obliteration of the individual
(expressed in the defiant opening shout: "I am not a number, I am a free man!").
McGoohan's #6 character became a symbol of the lone individual's right to remain an
individual rather than a numbered cog in the chugging machinery of the State.
McGoohan, a Luddite to be sure, despised even the TV technology that brought his
libertarian tale to the masses. He saw no escape from the mushrooming techno-
armed State short of out-and-out violent revolution (it was, after all, the '60s!). As
prescient as The Prisoner series proved to be in some regards, McGoohan failed to
see how individuals armed with the same tech as their warders could fight back. The
#6 character himself comes close to revealing this in a number of episodes, as he
uses his will, his ingenuity, and his own spy skills to reroute #2's attempts to rob
him of his individuality.
One doesn't have to stretch too far to see the connection between The Prisoner and
the subject at hand: hacking. With all the social engineering, spy skills, and street
tech knowledge that #6 possessed, he lacked one important thing: access to the
higher tech that enslaved him and the other hapless village residents. Today's
techno-warriors are much better equipped to hack the powers that be for whatever
personal, social or political gains.
In the last two-part episode of the series, #6 finally reveals why he quit his
intelligence job: "Too
i
many people know too much." Again, this expresses McGoohan's fear that the
powers that be were holding the goods on him and everyone else who was bucking
the status quo at that time. He probably didn't mean "people" as much as he meant
"governments." It is this fact, that "too many [governments/megacorps/special
interest groups] know too much" that has provided an important motivation to many
contemporary hackers and has fueled the rampant techno-romantic myths of the
hacker as a freedom of information warrior.
Let's look at a number of the mythic images of the hacker that have arisen in the
past decade and explore the reality that they both reflect and distort:
The Hacker as Independent Scientist
The first image of hackerdom to emerge in the '60s and 70s was of the benevolent
computer science student pushing the limits of computer technology and his/her own
intellect. Computer labs at MIT, Berkeley, Stanford and many other schools hummed
through the night as budding brainiacs sat mesmerized by the promise of life on the
other side of a glowing computer screen. These early hackers quickly developed a
set of ethics that centered around the pursuit of pure knowledge and the idea that
hackers should share all of their information and brilliant hacks with each other.
Steven Levy summarizes this ethic in his 1984 book Hackers: "To a hacker a closed
door is an insult, and a locked door is an outrage. Just as information should be
clearly and elegantly transported within the computer, and just as software should be
freely disseminated, hackers believed people should be allowed access to files or
tools which might promote the hacker quest to find out and improve the way the
world works. When a hacker needed something to help him create, explore, or fix,
he did not bother with such ridiculous concepts as property rights."
While this ethic continues to inform many hackers, including the author of the book
you are holding, it has become more difficult for many to purely embrace, as the
once innocent and largely sheltered world of hackerdom has opened up onto a vast
geography of data continents with spoils beyond measure, tempting even the most
principled hackers. The Knightmare weaves his way in and out of these ethical
issues throughout Secrets of a Super Hacker.
The Hacker as Cowboy
The cowboy has always served as a potent American myth of individuality and
survivalism in the face of a harsh and lawless frontier. It is no accident that William
Gibson chose cowboy metaphors for his groundbreaking cyberpunk novel
Neuromancer (1984). Case and the other "console cowboys" in the novel ride a
cybernetic range as data rustlers for hire, ultimately sad and alone in their harsh
nomadic world. They are both loner heroes and bad assed predators of the law
abiding cyber citizenry they burn in their wake.
I don't think I need to tell readers here what impact Gibson's fictional world has had
on fueling hacker fan-tasies or what potent similarities exist between Gibson's world
and our own.
Like the cowboy tales of the wild west, the myth of the hacker as cowboy is
undoubtedly more image over substance (as are most of the myths we will explore
here), but there are some important kernels of truth: a) hackers are often loners, b)
there are many nomadic and mercenary aspects to the burgeoning cyberspace of the
1990s, and c) it is a wide open and lawless territory where the distinctions between
good and bad, following the law and forging a new one, and issues of free access and
property rights are all up for grabs (remember the Indians?). Not surprisingly,
Electronic Frontier Foundation co-founder John Perry Barlow (a Wyoming cattle
rancher himself) chose frontier metaphors when he wrote his landmark essay "Crime
and Puzzlement" (Whole Earth Review, Fall 1990). The first section of this lengthy
essay, that lead to the birth of the EFF was entitled, "Desperadoes of the
DataSphere."
The Hacker as Techno-Terrorist
When I was a budding revolutionary in the 70s, with my Abbie Hoffman and Jimi
Hendrix
posters and my cache of middle class weapons (.22 caliber rifles, .12 gauge shotgun,
hunting bows), 1, like McGoohan, was gearing up for the Big Confrontation. With a
few friends (who seemed more interested in firearms than revolutionary rhetoric), I
used to do maneuvers in the woods near my house. We would fantasize how it was
all gonna come down and what role we (the "Radicals for Social Improvement")
would play in the grand scheme of things. It doesn't take a military genius to see
the futility of armed force against the U.S. military on its own turf. The idea that
bands of weekend rebels, however well trained and coordinated, could bring down
"The Man" was pure romance. Part of me knew this the same part of me that was
more interested in posture than real revolution and in getting laid more than in
fucking up the State. My friends and I were content to play act, to dream the
impossible dream of overthrow.
One of the first "aha's" I had about computer terrorism in the late '80s was that the
possibilities for insurrection and for a parity of power not based on brute force had
changed radically with the advent of computer networks and our society's almost
complete reliance on them. There was now at least the possibility that groups or
individual hackers could seriously compromise the U.S. military and/or civilian
electronic infrastructure. The reality of this hit home on November 2, 1988, when
Robert Morris, Jr., the son of a well known computer security researcher, brought
down over 10% of the Internet with his worm
(a program that self propagates over a network, reproducing as it goes). This event
led to a media feeding frenzy which brought the heretofore computer underground
into the harsh lights of television cameras and sound bite journalism. "Hacker
terrorists," "viruses," "worms," "computer espionage"...all of a sudden, everyone was
looking over their shoulders for lurking cyberspooks and sniffing their computer disks
and downloads to see if they had con-tracted nasty viruses. A new computer
security industry popped up overnight, offering counseling, virus protection software
(sometimes with antidotes to viruses that didn't even exist!), and work shops,
seminars and books on computer crime.
Hysteria over hacker terrorism reached another plateau in 1990 with the execution of
Operation Sundevil, a wide net Secret Service operation in tended to cripple the now
notorious hacker underground. Like a cat chasing its own tail, the busts and media
coverage and additional busts, followed by more sensational reportage, created a
runaway loop of accelerating hysteria and misinformation. One radio report on the
"stealing" (copying, actually) of a piece of information "critical to the operations of
the Emergency 911 system" for Bell South opined: "It's a miracle that no one was
seriously hurt." Of course, the truth turned out to be far less dramatic. The copied
booty was a very boring text document on some management aspects of the Bell
South system. For a thorough and lively account of this and many of the other
arrests made during Operation Sundevil, check out Bruce Sterling's The Hacker
Crackdown (Bantam, 1992).
Whatever the truth of these particular incidents, computer crime is here big time and
the boasts of even the most suspect hacker/cracker are usually at least theoretically
possible. Computer terrorism has yet to rear its head in any significant fashion, but
the potential is definitely there. This is very unsettling when you think how many
people can gain access to critical systems and how many loony tunes there are out
there armed with computers, modems, and less than honorable intentions.
Wireheads of every gauge would do well to study volumes like Secrets of a Super
Hacker to stay abreast of the game and to cover their backsides should the
proverbial shit hit the fan.
The Hacker as Pirate
Next to "cowboy," the most Potent and popular image of the hacker is that of a
pirate. Oceanographic and piracy metaphors are equally as common in cyberculture
as ones about lawless frontiers and modem-totin' cowboys and cowgirls. People talk
of "surfing the edge," and the "vast oceans of the Internet." Bruce Sterling's near
future novel about data piracy was named Islands in the Net. In it, third world
countries and anarchist enclaves operate data havens, buying and selling global
information through the world's wide
bandwidth computer networks.
Anarchist theorist and rantmeister Hakim Bey penned an essay called "Temporary
Autonomous Zones
(or T.A.Z.)" inspired by Sterling's data islands. Bey sees in the rapidly growing
techno-
iv
sphere of our planet the possibilities for a new form of nomadic anarchic culture that
might resemble the sea-faring pirate societies of the 18th century. Using all the
resources of the global nets, individ-ual cybernauts can come together to form
tempo-rary and virtual enclaves. These bands can wreak havoc, throw a party,
exchange intelligence, or whatever else they want. Once the deed is done, the party
over, the nomadic bands simply disappear back into the dense fabric of cyberspace.
While de-cidedly romantic, the TAZ idea is attractive to many hackers and
cyberspace residents who daily feel the fluidity of movement and the potential for
invisibility offered on "the nets."
Of course, let's not kid ourselves, pirates were mainly concerned with stealing things.
In cyber-space, piracy becomes a more ambiguous and con-tested can of worms.
Are you really taking some-thing if you're simply looking at it or making a copy of it?
If you copy copyrighted material - let's say an image - and then alter it significantly,
to the point that it is almost unrecognizable, have you violated the copyright? What
if you're using it as raw materials in a piece of art, like collage? What does stealing
mean when what is stolen is nothing more than a particular assemblage of electrical
im-pulses? I regularly download recognizable audio bytes from networks, process
them in a sound edi-tor, and then use them in various audio art projects. Am I
stealing? If I publish the work commercially, THEN is it plagiarism? All of these
questions about sampling, copying, cutting, pasting, re-purposing, and altering have
become the thorny legal and ethical issues of our cybernetic age. Hackerdom is one
of the domains that is rapidly fueling the fire.
The Hacker as Biblical David
