hacking faq.txt

黑客培训教程

Bud Box - Used to tap into your neighbors fone line. 
Busy Box - Used to kill the dial tone on someone's fone. 
Chartreuse Box - Use the electricty from your phone for other things. 
Cheese Box - Turns your fone into a Payfone. 
Chrome Box - Lets you manipulate traffic signals via remote control. 
Clear Box - Used to make free calls on Fortress Fones. 
Copper Box - Causes cross-talk interference on an extender. 
Crimson Box - Acts as a 'Hold' button for your fone. 
Dark Box - REroutes outgoing or incomming calls to another fone. 
Dayglo Box - Allows you to connect to your neighbors fone line. 
Ditto Box - Allows you to evesdrop on another fone line. 
Divertor Box - REroutes outgoing or incomming calls to another fone. 
DLOC Box - Lets you confrence 2 fone lines (other than your own). 
Gold Box - Allows you to trace a call or tell if its being traced. 
Green Box - Lets you make the Coin Collect, Coin Return, and Ringback tones. 
Jack Box - A touch-tone keypad. 
Light Box - An AM Transmitter. 
Lunch Box - Used to tap into your neighbors fone line. 
Magenta Box - Connects one remote fone line to another remote fone line. 
Mauve Box - Lets you fone tap without cutting into the fone line. 
Neon Box - An external microphone. 
New Gold Box - A new updated version of the Gold Box. 
Noise Box - Creates line noise. 
Olive Box - Used as an external ringer. 
Paisley Box - A combination of almost all the boxes there are. 
Pandora Box - Creates a high intensity tone which can cause pain. Good for pranking. 
Party Box - Lets you make a party line from 2 fone lines. 
Pearl Box - A tone generator. 
Pink Box - Lets you hook 2 seprate fone lines together and have 3 way calling. 
Purple Box - A fone hold button. 
Rainbow Box - Kills a trace by putting 120v into the fone line. 
BoRed x - Lets you make free calls from a payfone by producing the coins tones. 
Rock Box - Adds music to your fone line. 
Scarlet Box - Silver Box - Adds DTMF A, B, C, & D priority tones to your line. 
Slush Box - Can be installed at places of business that have standard multi-line fones. 
Static Box - Keep voltage on a fone line high. 
Switch Box - Adds hold, indicator lights, confrence, etc. 
Tan Box - Line activated telefone recorder. 
Tron Box - Reverse the phase of power to your house, and make your meter run slower. 
Urine Box - Makes a disturbance between the ring and tip wires in someones fone. 
Violet Box - Keeps a payfone from hanging up. 
White Box - A portable DTMF keypad. 
Yellow Box - Add an extention fone.

Q.  How do I make a box?

A.  Each box has a sepperate plan to set it up. Just do a netsearch for phreaking or boxes and you can find all the plans you need.

Q.  What is a loop?

A. This FAQ answer is excerpted from:
ToneLoc v0.99 User Manual by Minor Threat & Mucho Maas
Loops are a pair of phone numbers, usually consecutive, like 836-9998 and 836-9999. They are
used by the phone company for testing. What good do loops do us? Well, they are cool in a few
ways. Here is a simple use of loops. Each loop has two ends, a 'high' end, and a 'low' end. One end
gives a (usually) constant, loud tone when it is called. The other end is silent. Loops don't usually
ring either. When BOTH ends are called, the people that called each end can talk through the loop.
Some loops are voice filtered and won't pass anything but a constant tone; these aren't much use to
you. Here's what you can use working loops for: billing phone calls! First, call the end that gives the loud tone. Then if the operator or someone calls the other end, the tone will go quiet. Act like the phone just rang and you answered it ... say "Hello", "Allo", "Chow", "Yo", or what the fuck ever. The operator thinks that she just called you, and that's it! Now the phone bill will go to the loop, and your local RBOC will get the bill! Use this technique in moderation, or the loop may go down. Loops are probably most useful when you want to talk to someone to whom you don't want to give your phone number.

Q.  How do I set up an anonymous FTP?

A. Taken from the Internet Security Systems, Inc. text on setting up an anonymous ftp.
- 1.Build a statically linked version of ftpd and put it in ~ftp/bin. Make sure it's owned by root. 
     - 2.Build a statically linked version of /bin/ls if you'll need one. Put it in ~ftp/bin. If you are on a Sun, and need to build one, there's a ported version of the BSD net2 ls command for SunOs
     on ftp.tis.com: pub/firewalls/toolkit/patches/ls.tar.Z Make sure it's owned by root. 
     - 3.Chown ~ftp to root and make it mode 755 THIS IS VERY IMPORTANT 
    -  4.Set up copies of ~ftp/etc/passwd and ~ftp/etc/group just as you would normally, EXCEPT
     make 'ftp's home directory '/' -- make sure they are owned by root. 
    -  5.Write a wrapper to kick ftpd off and install it in /etc/inetd.conf The wrapper should look
     something like: (assuming ~ftp = /var/ftp) 
     main()

     {

     if(chdir("/var/ftp")) {

             perror("chdir /var/ftp");

             exit(1);

     }

     if(chroot("/var/ftp")) {

             perror("chroot /var/ftp");

             exit(1);

     }

     /* optional: seteuid(FTPUID); */

     execl("/bin/ftpd","ftpd","-l",(char *)0);

     perror("exec /bin/ftpd");

     exit(1);

     }
     Options: 
     You can use 'netacl' from the toolkit or tcp_wrappers to achieve the same effect. 
     We use 'netacl' to switch so that a few machines that connect to the FTP service *don't* get
     chrooted first. This makes transferring files a bit less painful. 
     You may also wish to take your ftpd sources and find all the places where it calls seteuid()
     and remove them, then have the wrapper do a setuid(ftp) right before the exec. This means
     that if someone knows a hole that makes them "root" they still won't be. Relax and imagine
     how frustrated they will be. 
     If you're hacking ftpd sources, I suggest you turn off a bunch of the options in ftpcmd.y by
     unsetting the "implemented" flag in ftpcmd.y. This is only practical if your FTP area is
     read-only. 
-   6.As usual, make a pass through the FTP area and make sure that the files are in correct modes
     and that there's nothing else in there that can be executed. 
-   7.Note, now, that your FTP area's /etc/passwd is totally separated from your real /etc/passwd.
     This has advantages and disadvantages. 
-    8.Some stuff may break, like syslog, since there is no /dev/log. Either build a version of ftpd
     with a UDP-based syslog() routine or run a second syslogd based on the BSD Net2 code,
     that maintains a unix-domain socket named ~ftp/dev/log with the -p flag.

Q.  What are some ways I can secure a network?

A.  Taken from the Internet Security Systems text on securing a network.
1. Well first of all you should know what type of resources that you're trying to protect: CPU, files, storage devices phone lines, etc... 
 2. Determine the host-specific security measures needed. Password protection, file
encryption, firewall, etc...
     Determine who the computer systems must be defended. 
     Determine the likelihood of a threat. 
     Implement measures to protect network resource. 

3. Consider the corporate budget when planning for Internet Security.

4. Design a Security Policy that describes your organization's network security
concerns. This policy should take into account the following:

     Network Security Planning 
     Site Security Policy 
     Risk Analysis 
     Risk analysis involves determining the following:
          What you need to protect 
          What you need to protect it from 
          How to protect it 
          Estimating the risk of losing the resource 
          Estimating the importance of the resource 

5. Consider the following factors to determine who will grant access to services on your
networks:
     Will access to services be granted from a central point? 
     What methods will you use to create accounts and terminate access? 

6. Design and Implement Packet Filter Rules

7. Ensure your Firewall has the following properties:
     All traffic from inside to outside, as well as outside to inside must pass through the
     firewall. 
     Allow only authorized traffic as defined by your corporate security policy be
     passed through the firewall. 
     Ensure the firewall is immune to penetration. 

8. Educate users about password protection:
     Educating users not to use passwords that are easy to guess. 
     Ensuring the password lengths are adequate. 
     Running a password guesser. 
     Requiring the use of a password generator. 
     Always using a mixture of upper- and lowercase characters. 
     Always using at least one or two non-alphanumeric characters. 
     Never using dictionary words or ones spelled backwards. 
     Never using a portion or variation of a proper name, address or anything that
     could obviously identify you (the user). 

9. Security-related organizations play an integral role in the development and
deployment of Internet technologies. Keep abreast of the latest in security-related
activities by visiting their Web sites. Here are some key security-rated organizations
which aid corporations such as yours in keeping the Internet a safer place to compute:
     ACM/SIGSAC at gopher://gopher.acm.org/.
     CERT (a 24-hour Computer Emergency Response Team) at:
     ftp://info.cert.org/pub/cert_faq and
     http://www.sei.cmu.edu/SEI/programs/cert.html.
     CIAC (U.S. Department of Energy's Computer Incident Advisory
     Capability) at: http://ciac.llnl.gov/
     CPSR (Computer Professionals for Social Responsibility) at:
     http://cpsr.org.home
     EFF (Electronic Frontier Foundation) at: http://www.eff.org/
     EPIC (Electronic Privacy Information Center) at: http:/epic.org/
     FIRST (Forum of Incident Reponse and Security Teams) at:
     http://first.org/first/
     Internet Society at http://www.isoc.org/

Q.  What is a "rainbow book?"

A.  Rainbow Books are books on security. The current book listing is listed below.

Orange Book- Department of Defense Trusted Computer System Evaluation Criteria.
Green Book- Department of Defense Password Management Guideline.
Yellow Book- Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments.
Tan Book- A Guide to Understanding Audit in Trusted Systems.
Bright Blue Book- A Guide for Vendors.
Neon Orange Book- A Guide to Understanding Discretionary Access Control in Trusted Systems.
Teal Green Book-  Glossary of Computer Security Terms.
Red Book- Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria.
Burgandy Book- A Guide to Understanding Design Documentation in Trusted Systems.
Dark Lavender Book- A Guide to Understanding Trusted Distribution in Trusted Systems.
Venice Blue Book- Computer Security Subsystem Interpretation of the Trusted Computer System Evaluation Criteria.
Aqua Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Security Modeling in Trusted Systems.
Dark Red Book- Guidance for Applying the Trusted Network Interpretation.
Pink Book- Department of Defense Trusted Computer System Evaluation Criteria Rating Maintenance Phase.
Purple Book- Department of Defense Trusted Computer System Evaluation Criteria Guidelines for Formal Verification Systems.
Brown Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Trusted Facility Management.
Yellow-Green Book- Department of Defense Trusted Computer System Evaluation Criteria Guidelines for Writing Trusted Facility Manuals.
Light Blue Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Identification and Authentication in Trusted Systems.
Blue Book- Department of Defense Trusted Computer System Evaluation Criteria Trusted Product Evaluation Questionnaire.
Grey Book-Department of Defense Trusted Computer System Evaluation Criteria Trusted Unix Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the Unix System.
Lavender Book- Department of Defense Trusted Computer System Evaluation Criteria Trusted Data Base Management System Interpretation of the Trusted Computer System Evaluation Criteria.
Bright Orange Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understandng Security Testing and Test Documentation in Trusted Systems.
Hot Peach Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Writing the Security Features User's Guide for Trusted Systems.
Turquoise Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems.
Violet Book- Department of Defense Trusted Computer System Evaluation Criteria Assessing Controlled Access Protection.
Light Pink Book- Department of Defense Trusted Computer System Evaluation Criteria A Guide to Understanding Covert Channel Analysis of Trusted Systems.
C1 Technical Report-001- Department of Defense Trusted Computer System Evaluation Criteria Computer Viruses: Prevention, Detection, and Treatment.
C Technical Report 79-91- Department of Defense Trusted Computer System Evaluation Criteria Integrity in Automated Information Systems.
C Technical Report 39-92-  Department of Defense Trusted Computer System Evaluation Criteria The Design and Evaluation of INFOSEC systems: The Computer Security Contributions to the Composition Discussion.
NTISSAM COMPUSEC/1-87- Department of Defense Trusted Computer System Evaluation Criteria Advisory Memorandum on Office Automation Security Guideline.



Q.  What is a firewall?

A. A firewall is a system or group of systems that enforces an access control policy between two networks. The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. Probably the most important thing to recognize about a firewall is that it implements an access control policy. If you don't have a good idea what kind of access you want to permit or deny, or you simply permit someone or some product to configure a
firewall based on what they or it think it should do, then they are making policy for your organization as a whole.


Q.  How can I use PGP to benefit me?

A. PGP is easy to use, it does give you enough rope so that you can hang yourself. You should
become thoroughly familiar with the various options in PGP before using it to send serious
messages. For example, giving the command pgp -sat <filename> will only sign a message, it
will not encrypt it. Even though the output looks like it is encrypted, it really isn't. Anybody in the
world would be able to recover the original text.

Q.  What is a sniffer?

A.  Taken from the Sniffer FAQ.
Unlike telephone circuits, computer networks are shared communication channels. It is simply too expensive to dedicate local loops to the switch (hub) for each pair of communicating computers. Sharing means that computers can receive information that was intended for other machines. To capture the information going over the network is called sniffing. 

The most popular way of connecting computers is through ethernet. Ethernet protocol works by sending packet information to all the hosts on the same circuit. The packet header contains the proper address of the destination machine. Only the machine with the matching address is suppose to accept the packet. A machine that is accepting all packets, no matter what the packet header says, is said to be in promiscuous mode. 

Because, in a normal networking environment, account and password information is passed along
ethernet in clear-text, it is not hard for an intruder once they obtain root to put a machine into
promiscuous mode and by sniffing, compromise all the machines on the net.


Q.  What is Psychotic?

A. I would describe Psychotic as more of a proffessional group rather than just a hacking clan. We think about money first and hacking second, even though I'm sure that most of you have seen a few of our hacking projects...

Q.  Is psychotic looking for new members?

A. Well as of now we aren't looking for any additions to our staff, but stay posted we might decide that we need new members.

Q.  What is Psychosis?

A. Psychosis is a personal project taken up by Virtual Circuit. It's an award that he gives out to hackers that have done something to stand out(good webpage, revealed exploits, etc.). If you think that you should receive the award you can mail him about it.  But I can tell you now that the award isn't easy to get.

Q.  What is the "Devil's Gateway?"

A. The "Devil's Gateway" is a personal project taken up by VooDooHex. It's kind of like an information retrival guild, but yet it's still like a group. If you are interested in joining the Devil's Gateway you should mail VooDoo about it. 

Q.  Where can I find some good resources on hacking and phreaking?

A.  Well we aren't much for links but you should check the Psychosis page for his webpage award winners. He picks only the best.

Q.  Who are all the members in Psychotic?

A.  We would like to stay anonymous. But you will see a members name every now and then.

Q.  What are Psychotic's offered services?

A.  Psychotic has many different services, security testing, webpage design, graphic design, sponsoring, pop accounts, and webpage hosting. Each service has a different price.  You can read more about our services on the services section of the page.


This is only the fisrt copy of our FAQ. We will be updating and adding information and questions to it as often as possible. I would appriciate if you would distribute and spready this text as much as you can. We don't want people asking us these questions anymore. Have fun and keep the underground alive.


Another one got caught today, it's all over the papers. "Teenager Arrested in Computer
   Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all
  alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a
 look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces
 shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world
  that begins with school... I'm smarter than most of the other kids, this crap they teach us
  bores me... Damn underachiever.They're all alike. I'm in junior high or high school. I've
 listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it.
 "No, Ms. Smith, I didn't show my work. I did it inmy head..." Damn kid. Probably copied
  it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is
   cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not
  because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or
doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're
 all alike. And then it happened... a door opened to a world... rushing through the phone line
   like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the
    day-to-day incompetencies is sought... a board is found. "This is it... this is where I
 belong..." I know everyone here... even if I've never met them, never talked to them, may
  never hear from them again... I know you all... Damn kid. Tying up the phone line again.
  They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at
  school when we hungered for steak... the bits of meat that you did let slip through were
 pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic.
 The few that had something to teach found us willing pupils, but those few are like drops of
  water in the desert. This is our world now... the world of the electron and the switch, the
  beauty of the baud. We make use of a service already existing without paying for what
 could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We
 explore... and you call us criminals. We seek after knowledge... and you call us criminals.
  We exist without skin color, without nationality, without religious bias... and you call us
 criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try
 to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My
  crime is that of curiosity. My crime is that of judging people by what they say and think,
 not what they look like. My crime is that of outsmarting you, something that you will never
  forgive me for. I am a hacker, and this is my manifesto. You may stop this individual,but
                   you can't stop us all... after all, we're all alike. 

                              +++The Mentor+++