frequently asked questions about hacking and computers

7/30/2019 Frequently Asked Questions About Hacking and Computers

1/8

Frequently asked questions about hacking and computers

Topics Covered

What are Wingates?

Where do I find out the addresses of Wingates?

What are Proxys?

What are Firewalls?

How do I forge email?

What are Email headers?

What does the stuff in an Email header mean?

What is IRC?

How can I hack Ops on an IRC channel?

How can I change my Windows boot-up/turn-off screens?

How can I break into a windows 9x system?

What are Wingates?

A wingate is a windows-based computer that can be used as a gateway toother computers. It is running the software 'Wingate'. The idea is that youwould install it on a LAN (Local Area Network) and then it would allow thepeople on the LAN to connect to the internet under the wingate computersmodem. However, if the person who setup the wingate is stupid (which mostof them are) they will leave it improperly configured. This means that notjust people who are on the LAN have access to it, everyone on the Internethas access!Wingates are kind of like divertions that you can take when connecting toservers (Do I explain this well or what?). Here is an example (using Telnet):If I want to connect to "Phreak.org" on port "25", I could simply load telnet

up, tell it to connect - and Bingo Im connected. But how anonymous is that?The chances are that when I connect to that server it logs my IP addressalong with the time I connected and the date. If I do anything bad, they cancontact my Internet Service Provider and get me flung off.So, what your probably saying is, "Ok, so is there anyway I can fake my IPaddress so that they cant find out who I am?". Well, thats where theWingates come in. Lets try connecting to Phreak.org again this time througha Wingate:I load up telnet, and instead of connecting straight to phreak.org - I connectto the wingate, say, Wingate.com on port 23 (port 23 is the usual port


2/8


3/8


4/8

What does the stuff in an Email header mean?Right, now the analysis of what that garbage means! First, why would youwant to know what the headers mean? Heres a few reasons why you NEED toknow:1> It will give you loads of computer names that you can explore and yes!,even hack.2> Ever had some spam mail sent to you with loads of adverts, or wondered

who email bombed you? The first step to earning how to spot email forgeriesand spot the culprit is to be able to read headers.3> Learn how you can forge email and avoid getting found out.4> Find out the weaknesses of your enemies computer by reading theirheaders.Heres that email example again:Return-Path: Received: from fubar.org ([57.11.151.287]) by mta2-svc.dodgy.net(InterMail v4.01.01.02 201-229-111-106) with SMTPid for ; Fri, 30 Jul 1999 10:38:10 +0100

Received: med fubar.org via smail vid stdioDate: Fri, 30 Jul 1999 04:42:37 -0500 (CDT)From: Wang To: [email protected]: Wang is hereMessage-Id: MIME-Version: 1.0Content-Type: TEXT/PLAIN; charset=US-ASCIILets go through that previous email one section at a time:Return-Path: This is the address that will be used if you choose to click 'reply' in youremail program.Received: from fubar.org ([57.11.151.287]) by mta2-svc.dodgy.net(InterMail v4.01.01.02 201-229-111-106) with SMTPid for ; Fri, 30 Jul 1999 10:38:10 +0100This tells us that fubar.org (with the IP address 57.11.151.287) passed thismail onto the computer named mta2-svc.dodgy.net which was running theInterMail email program. SMTP stands for 'simple mail transfer protocol' bythe way. Then we can see that this email was sent to [email protected], andthen it has the date and time information. So basically this part of the headernames the computers involved in the mail transfer process, the programsinvolved and the target address.Received: med fubar.org via smail vid stdiook, so this header isn't exactly an everyday one, I am not sure exactly whatthis part means, but I take it it just tells us that the email was receivedfrom fubar.org, and the second part is the program that handled it. Smailcould be SendMail, you could test that by connecting to the server on port 25and seeing what it greets you with.Date: Fri, 30 Jul 1999 04:42:37 -0500 (CDT)From: Wang


5/8

To: [email protected]: Wang is hereThese few lines are self explanatory.Message-Id: The first part of this message ID says 'Pine'. Pine is an email program forUnix type systems (stands for 'Pine is not Elm'). So we could gather that theperson who sent this message was using a unix type system or a shell

account loaded with Pine (and he was as well, because I sent this messagefrom my shell account!). The second part of the ID is 19990730 - the date(30/07/99). The next part is the time, 0442 - 04:42. The 13156 is the numberidentifying who wrote the email.MIME-Version: 1.0Content-Type: TEXT/PLAIN; charset=US-ASCIIMime (Multipurpose Internet Mail Extensions)is a protocol to view email.The character set "us-ascii" tells us what character set this email will use.Some email uses ISO ascii instead, generally if it originates outside the US.Well, we just analysed that header - I know thats a lot to take in, but try it!When you get an email, check out the headers and use the guide above as a

guide. Headers vary LOADS, so dont expect to see exactly what was in myheader. However, most of it will be the same, try getting some server namesand then telneting to them on ports 25 or 110 (SMTP and POP ports).Hacker Hacker covered this topic really well in GTMHH volume 3, so if youwant more info, download that.

What is IRC?IRC always you to connect to millions of chat servers around the world. Everyserver has a number of rooms (some of them over 1000) dealing withdifferent topics (yes, you guessed it...hacking is quite a big topic there!) Mostpeople will advise you not to go into rooms such as #Hack, #Hacking,#Phreaking, #Crackers etc. and say "I want to know how to hack, teachme!"...and I agree with them! If you do this, the chances are all the hackerswill laugh at you and probably nuke you (Nuking involves them using aprogram to either disconnect you from the chat server, or even crash yourcomputer. These are known as DOS attacks - Denial Of Service)Now your probably thinking - why tell us to get on IRC then? Well, if you wantto learn about programing - this is a good place to get answers. When I waslearning the language Pascal and I got stuck on a few things, I went on IRCand asked some people to help me with them.The best IRC client for windows is mIRC. mIRC is quite a neat little programwhich has its own programing language built in to let you customize it andcreate your own commands (hacking central or what). When you program inmIRC your programs are called Scripts. There are millions of websitesdedicated to distributing these scripts, and there are many different types(Utility scripts, Friendly scripts, War script etc.)You can get mIRC at: www.mirc.comYou can get Scripts from: www.mircx.com / www.mirc.net /www.xcalibre.com

If you use Unix or linux or something similar, then your best client isprobably BitchX (be afraid, be very afraid). This is available from:


6/8

www.bitchx.com

Ok, now the programming knowledge bit. This is difficult because it really isimpossible to write a text file which you can read and then say, right I canprogram in X now. What you can do though, is read a text file and get a basicidea of how the language works - and then experiment yourself (also trydownloading some source codes)

How can I hack Ops on an IRC channel?Well, you want the moon on a stick don't you? Oh well, heres what you willneed:An IRC client, whether it be mIRC or BitchX (Not Globalchat !! urghh!)A nice script with quick access to Op commands/Chanserv/NickservA LinkLookerA MCBLets take a large IRC network, "Irc.Dal.net". Dalnet consist of around 20servers all around the world so that people can connect to the servers nearthem and get faster speeds/less lag. Sometimes, a particular IRC server willsplit from the rest of the network and be 'marooned' on its own for a while. It

will then rejoin the rest of the network and everything will go back to normal.There is however, a good exploit of IRC that can happen when these Splitsoccur.When a split occurs, if you quickly connect to the server that has split andjoin a normally thriving channel (such as #mIRC, #Hackers etc.) you will(usually) find that the room is empty, and you have Ops!! (An @ by yourname). When the server then rejoins the rest of the network you will find thatyou join the 'Real' channel with all the people in - but you still have Ops! Thisis how most hacks of Channel Ops work. So now your probably saying "Sohow do I know when a server splits??".A Link looker is a tool that will detect a server split. You give it a nicknameand some details (including the server to connect to) and it will connect andsit there monitoring the network activity. If a server splits - you will see sometext appear warning you of a split. This is when you would normally rush offto join that server/join the room to hack. When you are on a large server likeDalnet, because it has lots of child servers it is more likely to experience asplit. However, if you load up a link looker don't suspect to see splitsinstantly, you may have to wait quite a while!So, what happens when your split server rejoins the network and you haveOps in the channel? Well, the experienced will tell you - they quickly deopyou to make sure you don't attempt a takeover. They may even have a botin the room to make sure that no unauthorised nicknames get ops.MCB (Multi Collide Bot) is a great program that creates a clone of a nick youwant to kill (almost always an op on the channel you are trying to hack) on aserver that has split (yes the one Link Looker informed you of). Basically youfeed MCB the name or names of the nick you want to kill and tell it what splitserver to establish those clones and upon rejoin - BAM/SMACK/KIILL!! Yesthats right, the target is thrown out of the channel (losing ops) and must re-establish a connection with a server to get back onto IRC and into thechannel. So yes, you have figured it out. If you kill all of the ops on a channeland you ride in on a split you will be the only op in the channel.


7/8

You can get these programs and more from the WangScript website (http://come.to/wangscript ), just download the WarTools addon.

How can I change my Windows boot-up/turn off screens?Don' you hate that Windows boot-up graphic? Oh! And what about that 'It isnow safe to turn off your computer' screen! If you want to show your friendsthat youre really serious about hacking, lets think about changing those

screens. After all, your friends will probably worship you after you changeyour 'it is now safe...' screen into a 'It is NEVER safe to turn off yourcomputer' screen. Microsoft has tried to hide these screens from you bymaking them have different extensions (e.g. a picture would usually have anextension of .jpg, .gif, or .bmp). Here is where to find them:Bootup graphic is hidden in either a file named c:\logo.sys and/or ip.sys. Tosee this file, open File Manager, click "view", then click "by file type," thencheck the box for "show hidden/system files." Then, back on "view," click "allfile details." To the right of the file logo.sys you will see the letters "rhs."These mean this file is "read-only, hidden, system."The 'It is now safe', and 'Windows is now shutting down...' screens are in the

c:\windows\system directory, I think they are also hidden - so just switch on"show all files". They are called 'Logos.sys' and 'Logow.sys'.Now, get hold of an image editing program (you could use MSPaint thatcomes with Windows, or get hold of a better one like Paint Shop Pro).Load up one of the files (I would start with logos.sys or logow.sys), and alterit to your desire, be sure not to alter the size of the picture or the number ofcolours it uses etc. (It is quite precise about what it should be, if you muck itup then the graphic will not be shown at all! hint: keep a spare copy!)Now the trouble with using one of the existing logo files is that they onlyallow you to use their original colours. If you really want to go alter it well,start a fresh image but make sure the width is 320 and height is 400. Nowyou are free to use any colour combination available in this program.Remember to save the file as c:\logo.sys for your start-up logo, orc:\windows\logow.sys and or c:\windows\logos.sys for your shutdownscreens.Now, say you need to get rid of the image you have changed it to, or youhave someone who wants to sue your computer - and you don't want themto see what you've done. Here's what you can do to get your start-up logoback. Just change the name of c:logo.sys to something else. Something likelogo.bak.Microsoft programmed Windows to recognise that their is no screen, and totherefore put the normal one back on (a hidden copy that windows has)!

How can I break into a windows 9x system?Right, you load up a windows9x computer and your greeted with a LOGONdialog screen - what do you do??? Here are the things you can try:1> Try pressing (yes, its true) CANCEL, christ! sometimes that actuallyworks! How much security do you think windows has now??2> Load up the computer and press whatever F key you press to get into theBoot menu (on my comp I press F8, but on some it may be different - like F5
http://come.to/wangscripthttp://come.to/wangscript


8/8

or something). Choose to go to MSDOS or similar, so you can access DOS.When you get the DOS prompt type:rename c:\windows\*.pwl c:\windows\*.zzzThis renames the *.pwl files (the one that stored the password) to somethingso that Windows can't find it. Now when you get to that damn Logon screen,just type anything as the password and you'll get in! When you want to put itback to normal, just go back to dos and type:

rename c:\windows\*.zzz c:\windows\*.pwl3> Ok, what if you cant access the boot keys because someone has disabledthem? Turn off the computer, insert a boot disk. When the computer loads up(if it boots from A:\ drive then C:\) it should read the boot disk and drop youinto DOS. Now you can use the above technique to gain access.4> Right, what if they have been clever and disabled their boot keys ANDmade sure that it doesn't boot from a:\ ? Well, this is a little extreme...but:Get a screwdriver, solder sucker and soldering iron. Open up your thecomputers casing. Remove the battery, then plug the battery back in. Yourcomputer now hopefully has the CMOS default settings. Go into the CMOSand set it to first check the A: drive when booting up. There may be an

alternative to taking the battery out: many motherboards have a 3 pinjumper to reset the CMOS to its default settings. Look for a jumper close tothe battery or look at your manual if you have one.

ConclusionSome useful stuff there to kick start your Hacking career. Most of the stuffthere is for newbies, so if you are already an amazing hacker - please don'tbother reading these guides as they will only go over stuff you probablyalready know! If there is anything I haven't covered and you would like me toconsider putting into my next text file OR you have any alternative answersto what I have given, please fill in the online form athttp://www.wangproducts.co.uk or email me at: [email protected]://welcome.to/wangsdomainhttp://www.wangproducts.co.uk

frequently asked questions about hacking and computers

Documents