hacking faq.txt

黑客培训教程

Q.  How do I crack a Novell password?

A.  Taken from the Novell Netware Hack FAQ.

If Intruder Detection is off, you can use a "brute force" password cracker.

Encrypted passwords is Novell's way of protecting passwords from sniffers.
Since older versions of Netware (2.15c) sent passwords as plain text over the
wire, a sniffer could see the password as it went by. To secure things,
Novell gave the administrator a way to control this. Later versions of the
LOGIN.EXE program would encrypt the password before transmitting it across
the wire to the server. But before this could happen, the shell (NETX) had
to be updated. Since some locations had to have older shells and older
versions of LOGIN.EXE to support older equipment, the administrator has the
option of allowing unencrypted passwords to access the server. This is done
by typing SET ALLOW UNENCRYPTED PASSWORDS=ON at the console or by adding it
to the AUTOEXEC.NCF. The default is OFF, which means NOVELBFH could be beeping
the server console every attempt! Fortunately most sites turn this switch on to
support some old device.

If you have access to the console, either by standing in front of it or by
RCONSOLE, you can use SETSPASS.NLM, SETSPWD.NLM or SETPWD.NLM to reset passwords.
Just load the NLM and pass it command line parameters:

        NLM             Account(s) reset        Netware version(s) supported
        ------------    -----------------       ----------------------------
        SETSPASS.NLM    SUPERVISOR              3.x
        SETSPWD.NLM     SUPERVISOR              3.x, 4.x
        SETPWD.NLM      any valid account       3.x, 4.x

If you can plant a password catcher or keystroke reader, you can get them
this way. The LOGIN.EXE file is located in the SYS:LOGIN directory, and
normally you will not have access to put a file in that directory. The best
place to put a keystroke capture program is in the workstation's path, with
the ATTRIB set as hidden. The advantage is that you'll get the password and
Netware won't know you swiped it. The disadvantage is getting access to the
machine to do this. The very best place to put one of these capture programs
is on a common machine, like a pcAnywhere box, which is used for remote access.
Many locations will allow pcAnywhere access to a machine with virtually no 
software on it, and control security access to the LAN by using Netware's 
security features. Uploading a keystroke capture program to a machine like 
this defeats this.

Q.  What are the domain codes?

A. Below is the current list of domain codes.
AD   Andorra
AE   United Arab Emirates
AF   Afghanistan
AG   Antigua and Barbuda
AI   Anguilla
AL   Albania
AM   Armenia
AN   Netherland Antilles
AO   Angola
AQ   Antarctica
AR   Argentina
AS   American Samoa
AT   Austria
AU   Australia
AW   Aruba
AZ   Azerbaidjan
BA   Bosnia-Herzegovina
BB   Barbados
BD   Banglades
BE   Belgium
BF   Burkina Faso
BG   Bulgaria
BH   Bahrain
BI   Burundi
BJ   Benin
BM   Bermuda
BN   Brunei Darussalam
BO   Bolivia
BR   Brazil
BS   Bahamas
BT   Buthan
BV   Bouvet Island
BW   Botswana
BY   Belarus
BZ   Belize
CA   Canada
CC   Cocos (Keeling) Islands
CF   Central African Republic
CG   Congo
CH   Switzerland
CI   Ivory Coast
CK   Cook Islands
CL   Chile
CM   Cameroon
CN   China
CO   Colombia
CR   Costa Rica
CS   Czechoslovakia
CU   Cuba
CV   Cape Verde
CX   Christmas Island
CY   Cyprus
CZ   Czech Republic
DE   Germany
DJ   Djibouti
DK   Denmark
DM   Dominica
DO   Dominican Republic
DZ   Algeria
EC   Ecuador
EE   Estonia
EG   Egypt
EH   Western Sahara
ES   Spain
ET   Ethiopia
FI   Finland
FJ   Fiji
FK   Falkland Islands (Malvinas)
FM   Micronesia
FO   Faroe Islands
FR   France
FX   France (European Territory)
GA   Gabon
GB   Great Britain (UK)
GD   Grenada
GE   Georgia
GH   Ghana
GI   Gibraltar
GL   Greenland
GP   Guadeloupe (French)
GQ   Equatorial Guinea
GF   Guyana (French)
GM   Gambia
GN   Guinea
GR   Greece
GT   Guatemala
GU   Guam (US)
GW   Guinea Bissau
GY   Guyana
HK   Hong Kong
HM   Heard and McDonald Islands
HN   Honduras
HR   Croatia
HT   Haiti
HU   Hungary
ID   Indonesia
IE   Ireland
IL   Israel
IN   India
IO   British Indian Ocean Territory
IQ   Iraq
IR   Iran
IS   Iceland
IT   Italy
JM   Jamaica
JO   Jordan
JP   Japan
KE   Kenya
KG   Kirgistan
KH   Cambodia
KI   Kiribati
KM   Comoros
KN   Saint Kitts Nevis Anguilla
KP   North Korea
KR   South Korea
KW   Kuwait
KY   Cayman Islands
KZ   Kazachstan
LA   Laos
LB   Lebanon
LC   Saint Lucia
LI   Liechtenstein
LK   Sri Lanka
LR   Liberia
LS   Lesotho
LT   Lithuania
LU   Luxembourg
LV   Latvia
LY   Libya
MA   Morocco
MC   Monaco
MD   Moldavia
MG   Madagascar
MH   Marshall Islands
ML   Mali
MM   Myanmar
MN   Mongolia
MO   Macau
MP   Northern Mariana Islands
MQ   Martinique (French)
MR   Mauritania
MS   Montserrat
MT   Malta
MU   Mauritius
MV   Maldives
MW   Malawi
MX   Mexico
MY   Malaysia
MZ   Mozambique
NA   Namibia
NC   New Caledonia (French)
NE   Niger
NF   Norfolk Island
NG   Nigeria
NI   Nicaragua
NL   Netherlands
NO   Norway
NP   Nepal
NR   Nauru
NT   Neutral Zone
NU   Niue
NZ   New Zealand
OM   Oman
PA   Panama
PE   Peru
PF   Polynesia (French)
PG   Papua New
PH   Philippines
PK   Pakistan
PL   Poland
PM   Saint Pierre and Miquelon
PN   Pitcairn
PT   Portugal
PR   Puerto Rico (US)
PW   Palau
PY   Paraguay
QA   Qatar
RE   Reunion (French)
RO   Romania
RU   Russian Federation
RW   Rwanda
SA   Saudi Arabia
SB   Solomon Islands
SC   Seychelles
SD   Sudan
SE   Sweden
SG   Singapore
SH   Saint Helena
SI   Slovenia
SJ   Svalbard and Jan Mayen Islands
SK   Slovak Republic
SL   Sierra Leone
SM   San Marino
SN   Senegal
SO   Somalia
SR   Suriname
ST   Saint Tome and Principe
SU   Soviet Union
SV   El Salvador
SY   Syria
SZ   Swaziland
TC   Turks and Caicos Islands
TD   Chad
TF   French Southern Territory
TG   Togo
TH   Thailand
TJ   Tadjikistan
TK   Tokelau
TM   Turkmenistan
TN   Tunisia
TO   Tonga
TP   East Timor
TR   Turkey
TT   Trinidad and Tobago
TV   Tuvalu
TW   Taiwan
TZ   Tanzania
UA   Ukraine
UG   Uganda
UK   United Kingdom
UM   US Minor Outlying Islands
US   United States
UY   Uruguay
UZ   Uzbekistan
VA   Vatican City State
VC   Saint Vincent and Grenadines
VE   Venezuela
VG   Virgin Islands (British)
VI   Virgin Islands (US)
VN   Vietnam
VU   Vanuatu
WF   Wallis and Futuna Islands
WS   Samoa
YE   Yemen
YU   Yugoslavia
ZA   South Africa
ZM   Zambia
ZR   Zaire
ZW   Zimbabwe
ARPA   Old style Arpanet
COM   US Commercial
EDU   US Educational
GOV   US Government
INT   International
MIL   US Military
NATO   Nato field
NET   Network
ORG   Non-Profit



Q.  What is phreaking?

A. Phreaking is anything illegal that has to do with phones and phone lines.

Q.  How do I start phreaking?

A. You should start by learning about boxes and reading up on different types of phreaking.

Q. What kind of boxes are there?

A.Below is a list of the most common boxes and what they do.

Acrylic Box - Steal Three-Way-Calling and Call Waiting. 
Aero Box - Make free fone calls from Payfones. 
Aqua Box - Drain voltage from a FBI Lock In Trace call. 
Beige Box - Replicates a line mens hand-set. 
Black Box - Allows the calling party not to get charged for the call they place. 
Blast Box - Fone Microphone Amplifier. 
Blotto Box - Shorts every fone out in the area. 
Blue Box - Utilizing 2600Hz tones for free fone calls. 
Brown Box - Creates a party line from 2 existing fone lines.