TUCoPS :: General Information :: hacklink.txt

Links to Hacking Information

========
Newsgroups: alt.2600,alt.2600.hackerz,alt.hacker
Subject: Newbies: Links to Hacking (and other) Information ..
From: root@127.0.0.1 (-Symbiotic_)
Date: 17 Feb 1998 12:26:01 -0700

This whole post is to contribute to getting this newsgroup back on track. Or at 
least to try. The natives are getting a bit restless with people coming in here 
and /blindly/ asking for cracks, wares, viruses, how to find people and other 
such things that do /not/ apply here or could be found with a little effort. 
This will be posted bi weekly on the days of Tuesday and Friday and will be 
posted to the following groups: alt.2600, alt.2600.hackerz, and alt.hacker.  

A few basic newsgroup etiquette notes before we get down to the nitty 
gritty. 

[Begin Newsgroup Notes:]

1. Before you ask for a software patch, a virus or anything else that 
doesn't apply here or could be found by yourself with some time and 
effort  - READ THIS!! If this posting doesn't get you going in the right 
direction, then I apologize but there is absolutely nothing anyone in 
this group can do for you except maybe give you the name of a decent 
psychologist.

2. If you are going to make a test post, do NOT post it here. Why?? 
Because this is not the newsgroup to practice your posting abilities. 
There is a group devoted especially to this. It's called alt.test. 
Imagine that...

3. This is NOT alt.2600.archangel so please keep your conspiracy theory 
related posts out of here. If you think you have information that reveals 
who Archangel is keep it to yourself or better yet - post these types of 
messages and any other Archangel related messages to alt.2600.archangel.

4. Don't ask anyone to teach you how to hack. Hacking is a very time 
consuming art which cannot be taught via email courses. It is a process 
that has to be learned by an individual in a span of many years. Its not 
a cookie cutter subject that can be spoon fed to you. If you believe that 
it is, then I would suggest choosing an alternative life style.

5. Mailbombing and/or nuking is /not/ hacking despite what you think or 
what you have been told. If you feel the need to mail bomb or nuke 
someone, please leave as we don't want any part of it.

6. Check out Harlequin's posting, "How to Hack - Info for Newbies" which is 
posted biweekly as well.

[:End Newsgroup Notes]

/*Hacking related

This section contains links to find various hacking related material. If 
you are looking for anything else such as software patches, wares, 
phreaking and/or information on how to find people, then scroll down the 
page.

http://symbiotic.home.ml.org (Newbie hackers program)
http://www.ftech.net/~monark/crypto/ (Beginners Guide to Cryptography)
http://www.2600.com (The official 2600 magazine site)
http://www.netscope.net/~icepick/cool2.html (A list of hacking links)
http://www.phrack.com (The official Phrack magazine site)
http://www.cybercom.com/~bsamedi/hack.html (Computer Underground)
http://www.hacked.net (Up to date technical information)
http://www.techbroker.com/happyhacker.html (Happy Hacker's Digest)
http://www.rootshell.com (Rootshell site)
http://www.aracnet.com/~gen2600/ (Genocide 2600)
http://www.l0pht.com (The official Lopht Heavy Industries site)
http://www.thecodex.com/hacking/ (Hacking information, links, utils)
ftp://ds.internic.net/rfc/ (IntetNic's RFC FTP site)
http://www.sysone.demon.co.uk/ (FAQ's, Newbies, and mailing lists)
http://www.thtj.com (The Havoc Technical Journal)

/*Shell accounts

Free shell accounts:

http://www.cyberspace.org (Minimal disk space, but decent practice 
environment)
http://sdf.lonestar.org (5MB disk space, <10-20 w/donation> decent 
constrictions, but slooooooooooooooooow)
http://godson.home.ml.org (An up to date list of free shell account 
servers. Most of them want an essay.)

/*Mailing lists

Security related mailing lists:

http://www.ntsecurity.net/ (Subscribe to the NTSecurity list w/the on-
line sign up page)

Alert - Send an email to request-alert@iss.net with the following in the 
body of the message - Subscribe alert

BugTraq - Send an email to LISTERV@NETSPACE.ORG with the following in the 
body of the message - SUBSCRIBE BUGTRAQ

Cert - Send an email to cert-advisory-request@cert.org with the following 
in the subject line - SUBSCRIBE your-email-address

FreeBSD Hackers Digest - Send an email to Majordomo@FreeBSD.ORG with the 
following in the body of the message - subscribe freebsd-hackers-digest

/*Anonymity on the web

I'm not positive that all these proxies will work, but it's the ones I 
found. Most of them support FTP, Gopher and HTTP requests:

proxy.ak.iconz.co.nz:8080
proxy.wn.iconz.co.nz:8080
proxy.pm.iconz.co.nz:8080
proxy.tg.iconz.co.nz:8080
proxy.ch.iconz.co.nz:8080
proxy.ro.iconz.co.nz:8080
proxy.na.iconz.co.nz:8080
proxy.nn.iconz.co.nz:8080
gargoyle.apana.org.au:3128
proxy.magnusnet.com:8080 (or 8085, 8086, 8088)
proxy.third-wave.com:3128
supernova.netscape.com:8080
access.adobe.com:8080
server.librarysafe.com:8080
wwwcache.mcc.ac.uk:3128
www.anonymizer.com:8080 (Slow connection w/pop up banner)

http://search.yahoo.com/search?p=ip+spoofing (Find out how to spoof on 
your own)

/*Operating System related

Linux/Unix related sites:

http://www.freebsd.org (Official FreeBSD site)
http://www.hawken.edu/help/linux.htm (Quick guide to Linux commands)
http://sunsite.unc.edu/mdw/index.html (Linux Documentation Project)
http://www.linux.org (Official Linux site)
http://www.ghg.net./crolmstrom/linux.html#archive (Linux beginners page)

WindowsNT related sites:

http://www.nmrc.org/files/nt/ (Nomad Research Centre)
http://www.asmodeus.com (NT related files)
http://www.ntsecurity.net (NTSecurity's site)

/*Programming related 

C/C++ related sites:

http://www.cm.cf.ac.uk/Dave/C/CE.html
http://www.delorie.com/djgpp/ (FREE DOS C compiler)
http://www.strath.ac.uk/CC/Courses/NewCcourse/ccourse.html
http://www.programmersheaven.com (Various programming lang. info.)

/*Reading materials

Can't afford to buy books like "Unix Unleashed" ??

http://www.mcp.com/personal/ 

(This is MacMillan Publishing's official site where you can 'check out' 
5 books for 90 days each. They offer books such as "Unix Unleashed", 
"Linux System Administrator's Survival Guide", "Teach Yourself TCP/IP in 
14 Days", and "Red Hat Linux Unleashed". Just choose the books that you 
want to 'check out', then save each chapter to file on your HD. You won't 
get the pretty glossy cover, but you have the text. And, it's not the 
widest variety to choose from, but it works if you can't afford the $50+ 
for a book right now.)

/*A few people have asked about the following post from Osiris, and I 
have yet to see it reposted by anyone else (including Osiris), so this 
next section contains the article posted by Osiris awhile back on how to 
begin hacking. Some of these URLs are broken, so just use your common sense to 
reattach them in your browser ..

1. Get Linux or FreeBSD ASAP
2. Acquire one or more books written by Spafford, Bellovin, Cheswick, 
Rubin, or Ranum
3. Get both the Camel and Llama books on PERL
4. Get ORA's book on TCP/IP
5. Purchase some old boxes (386/486) and install network cards

Armed with these items, construct a small UNIX network within your home 
(garage, perhaps?). If you choose LINUX, read all the HOWTOs, 
particularly the networking HOWTO. Create at least 5 user accounts, 
allowing at least shell access for each account on each box. Once this 
configuration has been established (with all networking up and working 
properly), make attempts (as various users) to break one or more boxes on 
the system. (You should ideally attack various services, not just one.) 
Also: download either the SAFEsuite demo, the old ISS, or SATAN. Run 
these utilities against your system, and read the tutorials that 
accompany the documentation provided with these utilities.

Next, acquire all tools located at this URL:
http://www.giga.or.at/pub/hacker/unix

Learn how to use each one. Next, obtain the AUSCERT UNIX security 
checklist here:
ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist

Next, obtain the UNIX security checklist located here:
http://stimpy.cac.washington.edu/~dittrich/R870/security-checklist.html

Next, obtain the Site Security Handbook (RFC 1244), which is here:
http://stimpy.cac.washington.edu/~dittrich/R870/rfc1244.txt

Next, obtain this document from SRI:
 http://stimpy.cac.washington.edu/~dittrich/R870/SRI-Whitepaper.ps

After reading and understanding all accompanying documentation listed 
above
(and trying out some or all of the cited tools), read the following 
documents:

Intrusion Detection Checklist
ftp://info.cert.org/pub/tech_tips/intruder_detection_checklist

Dan Farmer's Survey on Various Hosts:
http://www.trouble.org/survey/

Improving the Security of Your Site by Breaking Into it
http://www.trouble.org/security/admin-guide-to-cracking.html

All the papers on this page, but especially the work by Nancy Cook and 
her partner.
http://www.trouble.org/security/auditing_course/

Murphy's law and computer security by Wietse Venema
http://www.trouble.org/security/murphy.html

After absorbing that information, then seek out these papers:

CIAC-2308_Securing_Internet_Information_Servers.pdf
 http://ciac.llnl.gov/ciac/documents/CIAC-
2308_Securing_Internet_Information_Servers.pdf

Securing X Windows
 http://ciac.llnl.gov/ciac/documents/CIAC-2316_Securing_X_Windows.pdf

How to Detect an Intrusion
 http://ciac.llnl.gov/ciac/documents/CIAC-
2305_UNIX_Incident_Guide_How_to_Detect_an_Intrusion.pdf

Finally, go here and begin the process of studying each hole addressed in 
the BUGTRAQ archive. That is located here:

http://www.geek-girl.com/bugtraq/search.html

Other things that will help you tremendously are these:

1. Subscribe to all known mailing lists on UNIX security, e.g. BUGTRAQ, 
CIAC, CERT, etc.
2. From these lists, generate a database of email addresses of known 
security experts. Good examples would be Farmer, Venema, Spafford, Ranum, 
etc.
3. Scour the Internet for any instances of their email addresses - 
whether on lists, discussion groups or the web generally. (Note: do *NOT* 
bug these guys. Simply read their thoughts and ideas, absorb them, and 
move on.)
4. As you encounter exploit code on these lists (which you invariably 
will), compile it and execute it. Record your results. (One good reason 
to get LINUX or FreeBSD: all compilers are free and already well 
configured on a full install.)
5. Try to spend one hour a day studying socket programming.
6. Go to a used bookstore and buy every book you can find on system 
administration. In lieu of this, at least buy books that are in 
remaindering bins. The cheaper, the better.
7. Don't laugh, but learning at least the basics of these languages would 
help:

A. PERL
B. AWK/GAWK/NAWK
C. SED
D. Expect

Also, it would be of some help to get a translation table that shows 
variances between similar or identical tasks performed in sh/bash/csh. In 
addition, you may wish to seek out the differences between disparate 
versions of UNIX. It is worth buying old manuals for AIX, HP-UX, Unicos, 
IRIX, Data General, SunOS, Solaris, XENIX, SYS V, and so forth. What 
follows is a list of books that might help you. (These are in alphabetical 
order, so order does not indicate preference. Personally, I prefer books 
authored by those I cited above.)

Building Internet Firewalls
D. Brent Chapman, Elizabeth D. Zwicky (1995)
ISBN: 1565921240

Commonsense Computer Security: Your Practical Guide to Information 
Protection
Martin R. Smith (1994)
ISBN: 0077078055

Computer Crime: A Crimefighter's Handbook
David J. Icove, David, Seger, Karl Icove, Karl A. Seger, Vonstorch (1995)
ISBN: 1565920864

Computer Security
John M. Carroll (1996)
ISBN: 0750696001

Computer Security Basics
Deborah Russell, G.T. Gangemi (1991)
ISBN: 0937175714

Computer Security Handbook
Arthur E. Hutt, Seymour Bosworth, Douglas B. Hoyt (1995)
ISBN: 0471118540

Firewalls and Internet Security: Repelling the Wily Hacker
William R. Cheswick, Steven M. Bellovin (1994)
ISBN: 0201633574

Fundamentals of Computer Security Technology
Edward G. Amoroso (1994)
ISBN: 0131089293

Hacker Proof: The Ultimate Guide to Network Security
Lars Klander, Edward J. Renehan (1997)
ISBN: 188413355X

Halting the Hacker: A Practical Guide to Computer Security
Donald L. Pipkin (1997)
ISBN: 013243718X

Information Warfare : Chaos on the Electronic Superhighway
Winn Schwartau (1996)
ISBN: 1560251328

Internet Firewalls and Network Security
Chris Hare, Karanjit S. Siyan (1996)
ISBN: 1562056328

Internet Firewalls and Network Security
Karanjit, Ph.D. Siyan, Chris Hare (1996)
ISBN: 1562054376

Internet Security: Professional Reference
Derek Atkins, Tom Sheldon, Tim Petru, Joel Snyder (1997)
ISBN: 156205760X

Maximum Security: A Hacker's Guide to Protecting Your Internet Site and 
Network
Anonymous (1997)
ISBN: 1575212684

Personal Computer Security
Edward Tiley (1996)
ISBN: 1568848145

Practical Unix and Internet Security
Simson Garfinkel, Gene Spafford (1996)
ISBN: 1565921488

Protecting Your Web Site With Firewalls
Marcus Goncalves, Vinicius A. Goncalves (1997)
ISBN: 0136282075

Protection and Security on the Information Superhighway
Frederick B. Cohen (1995)
ISBN: 0471113891

Secrets of a Super Hacker
Knightmare, the Knightmare (1994)
ISBN: 1559501065

Security in Comput. Its not 
a cookie ger (1996)
ISBN: 0133374866

Web Commerce Cookbook
Gordon McComb (1997)
ISBN: 0471196630

Web Security Sourcebook
Avi Rubin, Daniel Geer, Marcus J. Ranum, Aviel D. Rubin, Dan Geer (1997)
ISBN: 047118148X

Web Security & Commerce (Nutshell Handbook)
Simson Garfinkel, Gene Spafford (1997)
ISBN: 1565922697
http://www.amazon.com/exec/obidos/ISBN=1565922697/t/0560-5831826-082656

Access Control and Personal Identification Systems
Dan M. Bowers (1988)
ISBN: 0409900834

Internet Security Secrets
John R. Vacca. (1996)
ISBN: 1-56884-457-3.

Network and Internetwork Security: Principles and Practice.
William Stallings. (1995)
ISBN: 0-02-415483-0

Network Security: How to Plan for It and Achieve It.
Richard H. Baker. (1994)
ISBN: 0-07-005141-0

UNIX Security for the Organization.
R. Bringle Bryant. (1994)
ISBN: 0-672-30571-2.

UNIX Security: A Practical Tutorial.
N. Derek Arnold.
ISBN: 0-07-002560-6 (1993)

UNIX System Security: How to Protect Your Data and Prevent Intruders.
Rick Farrow. (1991)
ISBN: 0-201-57030-0

UNIX System Security Essentials.
Christoph Braun and Siemens Nixdorf. (1995)
ISBN: 0-201-42775-3

UNIX System Security.
David A. Curry. (1992)
ISBN: 0-201-56327-4

UNIX Unleashed. 1994
Susan Peppard, Pete Holsberg, James Armstrong Jr., Salim Douba, S.Lee 
Henry, Ron Rose, Richard Rummel, Scott Parker, Ann Marshall, Ron Dippold, 
Chris Negus, John Valley, Jeff Smith, Dave Taylor, Sydney Weinstein and 
David Till
ISBN: 0-672-30402-3.

Lastly, you will need to get some good tools to experiment with. They are 
here:

http://ciac.llnl.gov/ciac/SecurityTools.html

Basically, that should get you started. It is not necessary that you 
learn everything all at once. Obviously, the firm offering you the 
position does not expect the impossible. However, UNIX security is an on-
going and complex field. You aren't going to ace it in a day. The idea is 
to get yourself up to speed with older problems, so that when newer ones 
crop up, you will understand their basis and origin.

The reason for creating a network in your garage is that it offers you a 
chance to screw things up without any repercussions. Also, it simulates a 
micro-network, and allows you to view logs and responses from both the 
attack and victim sides. This is invaluable, as it will prepare you to 
instantly recognize trouble, just from examining the logs. Chief areas 
that you should cover are these:

1. NFS
2. The R Services
3. Passwords - proactive password checkers, DES in general, Crack, etc.
4. Spoofing
5. Routing techniques
6. Firewalls
7. CGI (if web servers are an integral part of the architecture of that 
network).

It is recommended that you get the TIS Firewall Tooklit when you are 
ready. (Though, I suspect that the firm hiring you is more interested in 
local security that remote problems. Nevertheless, it is worth doing).

/*Cracks, wares, and serial #'s

The following list is for all you wares wanting, crack wanting, serial 
number wanting people that can't seem to find the information that you 
seek:

http://www.geocities.com/SunsetStrip/Palms/5678/serial.txt (Serial #'s)
http://www.compucall.com/keys.htm (Key generators and software patches)
http://hack.box.sk/ (Serial numbers, cracks and utilities)
http://www.iaehv.nl/users/zwets/sn/ (Serial numbers)
http://cracking.byus.com/cscripts/cracks.asp (Kracka Vista)
http://cracking.byus.com/fravia/ (Fravia's Page of Reverse Engineering)
http://astalavista.box.sk (AstaLaVista software patch search engine)
http://www.t50.com (Top 50 wares sites)
http://www.nettaxi.com/citizens/caligo/cracking.htm (Utilities for making                                        
your /own/ software patches)

If the links above do not offer what you are looking for, then here is a 
list of the appropriate newsgroups that cracks, wares, and serial number 
requests should be made in (In other words, not here!):

(NOTE: When making a request, be polite or you won't get anything but a 
flame and/or possibly just ignored if you are lucky. When requesting 
something, make sure the subject line looks like so - "REQ: patch for 
certain software - URL included." Then in the message, /ask/ <don't tell> 
if anyone has a patch, serial number or a keygen for the particular 
software that you are looking for. And include the URL so they know what 
you are on about. You'll be surprised what a little common respect and 
politeness gets you. And above all - search for the crack, keygen, serial 
number /before/ requesting it in the group yourself, because chances are 
one of the sites above already have it.)

news://alt.2600.crackz
news://alt.cracks
news://alt.binaries.cracks
news://alt.binaries.cracks.phrozen-crew
news://alt.2600.warez
news://alt.2600.programz
news://alt.warez.ibm-pc
news://alt.warez.ibm-pc
news://alt.binaries.warez.linux
news://alt.binaries.warez.mac
news://alt.binaries.warez.macintosh

/*Viruses

This link is for all of you virus wanting kiddies:

http://www.chibacity.com/chiba/vrc/html

/*Finding people on the net

http://www.anywho.com (General people information)
http://www.infospace.com (General people information)
http://www.whowhere.com (General people information)
http://www.four11.com (General people information)
http://www.switchboard.com (General people information)
http://www.cis.ohio-state.edu/hypertext/faq/usenet/finding-
addresses/faq.html (FAQ for finding people)
http://www.thecodex.com/search.htm (Stalking the net)
http://www.internic.net/wp/whois/html (Find who owns a particular domain)
http://rs.internic.net/cgi-bin/whois/ (Find who owns a particular domain)

/*Phreaking related

http://www-personal.engin.umich.edu/~jgotts/underground/boxes.html 
(Boxes)
http://www.netcore.ca/~locutus/boxes/boxes.htm (Boxes)
http://www.netcore.ca/~locutus/phreak/phreak.htm (Misc. info.)
http://members.tripod.com/~iang/ (UK related phreaking info.)
http://www.phonelosers.org/ (General phreaking info.)
http://www.thtj.com (The Havoc Technical Journal)

Have fun....

-- 
/*
 * Digital FingerPrint
 *
 *   
 * XyVaBs3xYq9bDFd.3xQsabDT@usKabDPx5nv8kZXZy49
 * wabDfd.3xsKd.3xPx5nv8kZVabDQs7eMFPx5nv8kZQsabD
 * T@usKabDSLmZpPx5nv8kZLz23QsLo0yxZy49wabDT@u
 * 9bDFLz23sKPx5nv8kzxZy49wabD9bDfd.3xsKd.3xPx5nv8k
 * ZVabDQs7eMFPx5nv8kZLz23Qs[Ic}/_abDxZy49wM_sKSL
 * mZpPx5nv8kZLo0ysKxZy49wOjk06?fqhsKd.3xPx5nv8kZxZ
 * y49wabD9bDfd.3xsKd.3xPx5nv8kZVabDQs7eMFPx5nv8kZ  
 * d,3x?fXz6abDsKfqhM_?fXz6*Yt10zYZ2XyVaBs
 *
 *
 */

/* End. */

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH