The Binary Warlock (02/22/91)
How safe is it to post on alt.hackers regarding future/past hacks ? -- Khaos the Binary Warlock; the most bitwise dude on the block. ( ;-) )
sv1xv@epstech.UUCP (The Paladin of the Night) (02/24/91)
In article <6888@ecs.soton.ac.uk> you write: >How safe is it to post on alt.hackers regarding future/past hacks ? >-- >Khaos the Binary Warlock; the most bitwise dude on the block. ( ;-) ) It's quite safe, I think. All those self-important who have appointed themselves Network Policemen don't know how to read Usenet news..... The Paladin of the Night E-Mail: UUCP: {uunet,ucbvax,unido,mcsun,ukc,munari}!ariadne!epstech!sv1xv BITNET: sv1xv@grathun1 PACKET RADIO: sv1xv @ sv1iw
mathew@mwowm.mantis.co.uk (mathew) (02/25/91)
In <6888@ecs.soton.ac.uk>, The Binary Warlock writes: > How safe is it to post on alt.hackers regarding future/past hacks ? I think it largely depends upon who the target is/was/will be. For example, if I were to tell you about some of the cracking/hacking which has gone on in Cambridge University, I'd probably find a car bomb under my bicycle :-) If I tell you about what happened a few years ago at my old school, however, I'll merely be risking prosecution under the Computer Misuse Act, the latest piece of ill-informed and oppressive legislation to be passed by our elected Conservative dictatorship. (*) So I'll do it anyway. At my old school, we had a network of Acorn BBC Microcomputers. They were linked together using network software developed by a local company; since the company was run by one of the teachers at the school, we used to do a lot of the beta-testing. I still recall the day the new network was connected up, and the EPROMS containing the net drivers were installed in the machines. Go on, said the teacher, try it out. I walked up to one of the terminals, logged in as suggested, typed a line of asterisks, then pressed return. The entire system ground to a halt. An asterisk is used on the BBC Micro to run a ROM or disc command. The first * had convinced the code that what I had typed was a command, so it had deleted the leading '*' and passed it to the command interpreter part of the ROM. Unfortunately (or so I was told when the teacher had calmed down a little), the nifty routine which did the string handling for filename wildcards was also used to do the string comparisons for commands. It interpreted my command as being all sorts of interesting things such as 'delete all files', 'log in as all users' and the like, and crashed -- spewing rubbish down the network connection and killing off all the other machines. This feature was subsequently removed. :-) The most interesting discovery was made when we asked why the NFS needed to reserve so much memory on the networked machines. We were told that the fileserver didn't have much memory, so the machines had to keep quite a bit of state information in their own RAM. A little investigation by various hackers revealed that one of the things which was kept in memory was the sector number on the fileserver hard disk of the current user's personal storage area. It turned out that if you poked this number to be 0, then did a *CAT (catalogue) command, you got some interesting looking output. Furthermore, when you looked through the RAM used to buffer network I/O, you found some extremely interesting data... a list of the passwords for all of the users, from user 0 (super-user) upwards. It happened that sectors 0 onwards were used to store all the user passwords... As you can imagine, we had a field day. A quick ten-line BASIC program was written; it prompted for a user number, and returned his password. Armed with this, some very amusing hacks took place. The users' storage areas on the hard disk were referred to as 'drives', and looked like logical disk drives. Like most BBC disk drives, they had a facility for a short title. One evening I was bored, and wrote a program which went through and labelled every single user's drive with that user's password. This is what is known in the trade as "pointing out a security flaw" :-) The next load of fun began when I discovered that you could put control codes into filenames. The BBC micro has a wonderful Mode 7, which implements teletext (videotex) graphics. You could force the machine into mode 7 using control codes; you could also switch the character output routines on and off using control codes. In no time at all, I had written a program which took a teletext screen and created lots of tiny files, so that when the user asked for a catalogue of his files his machine displayed the teletext screen instead. I had also written a teletext graphics editor, which was used to produce some amusingly childish pictures. Nothing beats the confusion on a naive user's face when he types *CAT to get a directory listing, and instead gets a picture of a helicopter, a poem by e.e.cummings, or a giant phallic emblem in bright pink. [ The latter wasn't my idea, I hasten to add. ] Sooner or later the system administrator got tired of our pranks, and the fileserver code was changed so that the password-grab program no longer worked. Hence my feeling able to tell you about it. Then one evening, I was reading through a technical reference manual... [ Originally here I included a complete set of instructions, including source code, for how to break all the system security on possibly any network of BBC Micros. I decided that the guys at acorn.co.uk probably wouldn't have appreciated my article very much if I had left it in. :-) ] Even more amusingly, I could [deleted for security reasons]. The system administrator wasn't amused when he found himself logged in simultaneously to hundreds of different machines, especially since most of them didn't exist and he didn't know how to log himself out from them... Of course, you still needed to find his password somehow, and the earlier hack had been disabled. [Further extensive deletions here] soon taught us what the protocol was for sending the user number and password to the fileserver as part of a login request. Someone wrote the requisite patch program, and we were off again... There was even a version which ran invisibly, dumping user numbers and passwords for everyone who logged on. I suppose I'd better point out that I'm a reformed character these days, and that I always follow the golden rule of not damaging anything which can't be un-damaged at a moment's notice. mathew. [ Well, perhaps not _totally_ reformed; I have been thrown off of every computer system I've ever been allowed onto... It's just that I've been innocent the last few times... ] [[ And no, I will _not_ mail "How to crack Acorn networks" information to _anybody_, not even people from Acorn. Work out the methods for yourself, it really isn't difficult. ]] (*) This is not a joke.
cs4304ak@evax.arl.utexas.edu (David Richardson) (02/26/91)
In article <6888@ecs.soton.ac.uk> you write: >How safe is it to post on alt.hackers regarding future/past hacks ? Assuming any statutes of limitation have run out, I don't see any risk (unless you hacked a Mafia computer, then I'd keep my mouth shut :). Seriously, this should be regarded as a very-open-forum. Granted, the FROM: lines cannot be trusted, but I wouldn't put it past the fed's (or an anal-retentive former employer) from attempting to take action against someone based on confessions. -- David Richardson U. Texas at Arlington +1 817 856 6637 PO Box 192053 Usually hailing from: b645zax@utarlg.uta.edu Arlington, TX 76019 b645zax@utarlg.bitnet, SPAN: UTSPAN::UTADNX::UTARLG::B645ZAX -2053 USA The Lord is my shepherd, I shall not want.
okunewck@psuvax1.cs.psu.edu (Phil OKunewick) (02/27/91)
cs4304ak@evax.arl.utexas.edu (David Richardson) writes: >In article <6888@ecs.soton.ac.uk> somebody writes: >>How safe is it to post on alt.hackers regarding future/past hacks ? > >Seriously, this should be regarded as a very-open-forum. Granted, the >FROM: lines cannot be trusted, but I wouldn't put it past the fed's >(or an anal-retentive former employer) from attempting to take action >against someone based on confessions. Actually, most good hacks are neither misdemeanors nor felonies. The converse is also true - most computer related misdemeanors and felonies are not good hacks. In other words, a good hack should be perfectly safe to post. Ob(mediocre)Hack: Home printing on a dialup. I have a 2-fer on my modem, with a line going to the printer. DTR and TXD are or'd by putting two diodes in parallel with two 1K resistors, so either the printer or the terminal will supply the pull-up voltage. (reversing the diodes will make an 'and' function.) For printing, I set noecho mode, set the prompt to nothingness, and cat the file to my screen.