Beruflich Dokumente
Kultur Dokumente
_______________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 1 Number 6
It's vigilante phun day one more time! How to nuke offensive
Web sites.
_______________________________________________________
*******************
They can go to jail note: In the US and many other
countries, kiddie porn is
illegal. If the imagery is hosted on a physical storage
device within the
jurisdiction of a country with laws against it, the person
who puts this
imagery on the storage device can go to jail. So if you know
enough to help
Page 2
gtmhh1-6
the authorities get a search warrant, by all means contact
them. In the US,
this would be the FBI.
*******************
But the kind of mass outrage that keeps spammers on the run
can also drive
kiddie porn off the Web. *We* have the power.
The key is that no one can force an ISP to carry kiddie porn
-- or anything
else. In fact, most human beings are so disgusted at kiddie
porn that they
will jump at the chance to shut it down. If the ISP is run
by some pervert
who wants to make money by offering kiddie porn, then you go
to the next
level up, to the ISP that provides connectivity for the
kiddie porn ISP.
There someone will be delighted to cut off the b*****ds.
So, how do you find the people who can put a Web site on the
run? We start
with the URL.
I am going to use a real URL. But please keep in mind that I
am not saying
this actually is a web address with kiddie porn. This is
being used for
purposes of illustration only because this URL is carried by
a host with so
many hackable features. It also, by at least some standards,
carries X-rated
material. So visit it at your own risk.
http://www.phreak.org
Now let's say someone just told you this was a kiddie porn
site. Do you just
launch an attack? No.
But it could just be the that the machine that runs the disk
that holds this
Web site is temporarily down. There is a way to tell if the
computer that
serves a domain name is running: the ping command:
/usr/etc/ping phreak.org
The answer is:
Now if this Web site had been up, it would have responded
like my Web site does:
/usr/etc/ping techbroker.com
This gives the answer:
techbroker.com is alive
*************************
Evil Genius Note: Ping is a powerful network diagnostic
tool. This example
is from BSD Unix. Quarterdeck Internet Suite and many other
software
packages also offer this wimpy version of the ping command.
But in its most
powerful form -- which you can get by installing Linux on
your computer --
the ping-f command will send out packets as fast as the
target host can
respond for an indefinite length of time. This can keep the
target extremely
busy and may be enough to put the computer out of action. If
several people
do this simultaneously, the target host will almost
Page 4
gtmhh1-6
certainly be unable to
maintain its network connection. So -- *now* do you want to
install Linux?
*************************
*************************
Netiquette warning: "Pinging down" a host is incredibly
easy. It's way too
easy to be regarded as elite, so don't do it to impress your
friends. If you
do it anyhow, be ready to be sued by the owner of your
target and kicked off
your ISP-- or much worse! If you should accidentally get the
ping command
running in assault mode, you can quickly turn it off by
holding down the
control key while pressing the "c" key.
*************************
*************************
You can go to jail warning: If it can be shown that you ran
the ping-f
command on purpose to take out the host computer you
targeted, this is a
denial of service attack and hence illegal.
************************
OK, now we have established that at least right now,
http://phreak.com
either does not exist, or else that the computer hosting it
is not connected
to the Internet.
link: http://www.phreak.org
host: http://www.phreak.org
Page 5
gtmhh1-6
But they turn up nothing. So it looks like the phreak.org
site is not real
popular.
whois phreak.org
Phreaks, Inc. (PHREAK-DOM)
Phreaks, Inc.
1313 Mockingbird Lane
San Jose, CA 95132 US
Domain Name: PHREAK.ORG
PC.PPP.ABLECOM.NET 204.75.33.33
ASYLUM.ASYLUM.ORG 205.217.4.17
NS.NEXCHI.NET 204.95.8.2
Next I wait a few hours and ping phreak.org again. I
discover it is now
alive. So now we have learned that the computer hosting
phreak.org is
sometimes connected to the Internet and sometimes not. (In
fact, later
probing shows that it is often down.)
telnet phreak.org
Trying 204.75.33.33 ...
Connected to phreak.org.
Page 6
gtmhh1-6
Escape character is '^]'.
______________ _______________________________ __
___ __ \__ / / /__ __ \__ ____/__ |__
//_/____________________ _
__ /_/ /_ /_/ /__ /_/ /_ __/ __ /| |_ ,< _ __ \_
___/_ __ `/
_ ____/_ __ / _ _, _/_ /___ _ ___ | /| |__/ /_/ / /
_ /_/ /
/_/ /_/ /_/ /_/ |_| /_____/ /_/ |_/_/ |_|(_)____//_/
_\__, /
/____/
;
Connection closed by foreign host.
Aha! Someone has connected the computer hosting phreak.org
to the Internet!
The fact that this gives just ASCII art and no login prompt
suggests that
this host computer does not exactly welcome the casual
visitor. It may well
have a firewall that rejects attempted logins from anyone
who telnets in
from a host that is not on its approved list.
Next I finger their technical contact:
finger rain@phreak.org
[phreak.org]
Page 7
gtmhh1-6
The fact that phreak.org runs a finger service is
interesting. Since finger
is one of the best ways to crack into a system, we can
conclude that either:
telnet phreak.org 80
This gives:
<ADDRESS><A
HREF="http://www.phreak.org/thttpd/">thttpd/1.00</A></ADDRES
S</BODY></HTML>
********************************
You can go to jail note: Are you are as tempted as I am?
These guys have
notorious cracker highway port 79 open, AND a buggy port 80!
But, once
again, I'm telling you, it is against the law to break into
non-public parts
of a computer. If you telnet over US state lines, it is a
federal felony.
Even if you think there is something illegal on that thttpd
server, only
someone armed with a search warrant has the right to look it
over from the
root account.
********************************
First, if in fact there were a problem with phreak.org
(remember, this is
just being used as an illustration) I would email a
complaint to the
technical and administrative contacts of the ISPs that
provide phreak.org's
connection to the Internet. So I look to see who they are:
whois PC.PPP.ABLECOM.NET
Hostname: PC.PPP.ABLECOM.NET
Address: 204.75.33.33
System: Sun 4/110 running SunOS 4.1.3
whois ASYLUM.ASYLUM.ORG
And get:
[No name] (ASYLUM4-HST)
Hostname: ASYLUM.ASYLUM.ORG
Address: 205.217.4.17
System: ? running ?
Record last updated on 30-Apr-96.
Again, I would email postmaster@ASYLUM.ORG
NEXUS-Chicago (BUDDH-HST)
1223 W North Shore, Suite 1E
Chicago, IL 60626
Hostname: NS.NEXCHI.NET
Address: 204.95.8.2
System: Sun running Unix
Coordinator:
Torres, Walter (WT51) walter-t@MSN.COM
312-352-1200
*************************
Netiquette alert: If you are just burning with curiosity
about whether
thttpd can be made to crash to root, *DON'T* run experiments
on phreak.org's
computer. The sysadmin will probably notice all those weird
accesses to port
80 on the shell log file. He or she will presume you are
trying to break in,
and will complain to your ISP. You will probably lose your
account.
*************************
*************************
Evil Genius note: The symptoms of being hackable that we see
in thttpd are
the kind of intellectual challenge that calls for installing
Linux on your
PC. Once you get Linux up you could install thttpd. Then you
may experiment
with total impunity.
OK, I'm signing off for this column. I look forward to your
contributions to
this list. Happy hacking -- and don't get busted!
____________________________________________________________
______
Page 15