_-~-_-~-_-~-_-~-_-~-_-~-_-~-Preparing the hack-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~ ~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-By: Axon-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_ There's a lot that goes into a really good hack. Everything, of course depends greatly on what you are actually hacking. Before you think about guessing usernames and passwords, Try a few intelligent things. If the place is local, by ALL MEANS go there! Sit across the street and watch what goes on. Stay there all night even, and see when guards arrive, and when they make their rounds. Look for security cameras and other things. Your target: The Dumpster. That's all you're physically going to do at the site of the place you are hacking is wading through a dumpster. Look for papers with phone numbers on them, Printed and discarded e-mail, and anything else that looks like it could provide useful information. If the place you are hacking is on the internet, then try telnetting to it first. IF it asks for a login, print the screen or write the info down, and then break the connection. We aren't going to guess just yet. Finger the host and print that out, too, unless it refuses a finger connection. You may also want to run a port scanning software on the host. This will tell you what services they have enabled for use from the outside world. If they are internetted AND Local, use BOTH of those above tactics (DUH). Internet Service providers (ISP's) are easy to mess with. Call some up and ask if they offer shell accounts. IF they say no, don't waste your time. Call the next one. Once you find a place allowing a shell account, ask if you could test a guest account for a day or two. You can demand this, because after all, you don't want to spend your money on a piece of shit ISP. You want to know what you're buying first. You don't buy a car straight off the lot after you did no more than peek into the window. Once you have a guest account, Set your terminal software to log the comunications, and type "cat /etc/passwd" and hopefully you'll get a list of usernames, and some other funky looking stuff (like encrypted passwords and other things). All the different fields in the password file are separated by a colon (:). The first field is always the user name, and the second is (usually) the encrypted password. If the password field is one character (such as x, * or !) then the password file is shadowed. You can read many text files on how to attempt to un-shadow the file. Once you have the passwd file you have 2 things: A list of every username on the system, and an encrypted password list. If you feel like spending a few days or weeks without using your computer, it is easy to crack a password file. Download any of the password crackers you can find on the internet, and find "Dictionary" files (a huge file with tens, possibly hundreds of thousands of words, that can be used to crack the passwd with) for each password the cracker encounters, it encrypts all the dictionary words, and compares them to the encrypted password in the list). I would suggest "Star Crak" for this...it's one of the fastest programs I've seen. Along similar lines, is a program called "Guess", which checks for those dorks that make their password the same as their username (i've found several passwords this way). If you feel gutsy and try to hack a system/network at your school, be careful. Usually these places know they are vulnerable, but don't have enough money to go and buy fancy security systems, so they compromise by being extremely harsh on hackers. The people never found me out at the high school because I had my laptop hooked into their network and they didn't know where I was physically (they had a map of the school and kept track of their computers' network ID's so they knew exactly where things were coming from...except for me... Several people got busted at my school. No expulsions, but a few good scares and within 2 months of having the network up they had enough hacks to force them to create a poster containing "Internet Usage Guidelines" or some bullshit like that. Colleges are a different story. As soon as I started there I came in with a clean record, but I frequent the computer labs. If you are going to play hacker at a college, act computer dumb in the highest degree. DON'T be found in the computer labs 3 hours a day. I would suggest going to the labs long enough to find out network ID's, IP addresses, Physical locations of any servers, and other things like that, doing so over the period of a month. In other words, keep it to a max of 1 hour, and always complain about having to type. You hate typing but all your instructors want typed shit! ARRGH!!! you get the dripht. Find your info ON campus, Ask who runs the servers maybe if you feel like being bold, and do your hacking from OUTSIDE of the campus if at all possible. (about noon-3pm is a good time to do that, and 2am as well....the bussiest times and the times where NO ONE is there). Most Junior Colleges, universities, and colleges have no hesitations about expelling a rogue computer user. You can always have a friend at another school get info for you about their school, and you give your friend info about your school and hack each other's schools till doomsday. (That trick works sometimes, and if you're careful you won't get caught and you don't even need to act stupid about computers)