How to Hack
Essay Preview: How to Hack
Report this essay
This was one of the first and most influential texts on hacking I ever read. Copied here, because it seems to be no longer available from mc2.nu, which is where I originally found it. (anyone remember mc2? jabukie? the original hackers.com? HNC? AS-Mag? dtmf.org? nmrc? get in touch, Id love to share archives)
You stay up all night on the PC typing and typing. No, youre not hacking. Youre begging someone on IRC to teach you how to hack! Lets look at the facts:
1. Youre a luser and youre annoying. No one likes you if you ask others how to hack without taking the least amount of initiative.
2. Youre not worthy of any title even resembling hacker, cracker, phreaker, etc., so dont go around calling yourself that! The more you do, the less likely you are to find someone willing to teach you how to hack (which is an infinitesimal chance, any way).
3. Youre wasting your time (if you couldnt infer that in the first place). Many real hackers (not those shitty script kiddies) spend all their insomniac hours reading and, yes even, HACKING! (Hacking doesnt necessarily (but usually does) mean breaking into another system. It could mean just working on your own system, BUT NOT WINDOWS 9x (unless youre doing some really menacing registry shit, in which case, youre kind of cool).)
Youre probably thinking, “Then what should I do. If no ones going to help me, how can I learn to hack?” Have you ever tried READING (I assume this far that you are literate). Read anything and everything you can get your hands on! I recommend hitting a computer store and looking for discount books (books that are usually out of date, but so are a lot of the systems on the net, so theyre still relevant!). Youll be surprised what you can learn from a book even when youre paying a dollar for every hundred pages. I recommend the following books to start off with:
* Maximum Security I or II: this is not a guide to hacking, despite what you might have heard, but you can get enough info to learn the basics of how hackers hack! (Isnt that more fun than being lamed, email bombed, and kicked off IRC).
* Practical Unix and Internet Security (Sec. Edition): This is mostly a book about how to secure Unix (if you dont know what Unix is, either shoot yourself now, or read OReillys Learning the Unix OS), but half of learning to hack is learning a system from the inside out. How can you expect to hack a site (w/o using a kiddie script, which i must restate, is NOT hacking) if you dont know how to use the system?!
* Linux Unleashed/Red Hat Linux Unleashed: these books are kind of cool. First of all, they come with Red Hat Linux (*sigh*, just go to www.linux.org and read everything there) 5.1 and 5.2 respectively (if you get the newest versions of the book, which you should). Read everything you can from it.
* Sendmail in a nutshell: This is only after you read everything else. Sendmail, for those of you who still dont know, is a program that sends mail. It sounds stupid, but this is a buggy program, and usually is the avenue of attack many hackers take because of its vulnerabilities.
* TCP/IP Blueprints: this will clear up a lot of things concerning TCP/IP.
* TCP/IP Administration: havent read it, but cant wait to! (Ive been bogged down by a lot of other REAL computer stuff).
After youve read them all, re-read them! Trust me, you gain a ton of information the second time you read them just as you gain perspicacity the second time through a movie with a twisted plot.
Then, read a ton of RFCs. RFCs are Request for Comments by the people who practically shaped the Internet. Here is a good list of RFCs (the books above give about the same list):
* RFC0760 – DoD Standard Internet Protocol
* RFC0792 – Internet Control Message Protocol
* RFC0819 – The Domain Naming Convention for Internet User Applications
* RFC0821 – Simple Mail Transfer Protocol
* RFC0822 – Standard for the Format of ARPA Internet Text Messages
* RFC0976 – UUCP Mail Interchange Format Standard
* RFC1123 – Requirements for Internet Hosts — Applications and Support
* RFC1135 – The Helminthiasis of the Internet (Morris Worm)
* RFC1244 – Site Security Handbook
* RFC1521 – MIME (Multipurpose Internet Email Extensions) Part One
* RFC1522 – MIME (Multipurpose Internet Email Extensions) Part Two
* RFC1651 – SMTP Service Extensions
* RFC1652 – SMTP Service Extension for 8bit-MIMEtransport
* RFC1652 – SMTP Service Extension for Message Size Declaration
* RFC1675 – Security Concerns for IPng
* RFC1704 – On Internet Authentication
* RFC1739 – A Primer On Internet and TCP/IP Tools
* RFC1750 – Randomness Recommendations for Security
* RFC1825 – Security Architecture for the Internet Protocol
* RFC1891 – SMTP Service Extension for Delivery Status Notifications
* RFC1892 – The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages
* RFC1893 – Enhanced Mail System Status Codes
* RFC1894 – An Extensible Message Format for Delivery Status Notifications
* RFC1918 – Address Allocation for Private Internets