Newbies: Links for YOU!


[ Комментарии ] [ Добавить комментарий ] [ Доска объявлений HackZone ]

Отправитель: 313373, April 30, 1998, 02:37:05:

ё#############################################################ё
###############################################################
#### ####
#### Newbies: Links to Hacking (and other) Information ####
#### Release: 1.0 ####
#### Compiled by: -Symbiotic_ ####
#### ####
###############################################################
ё#############################################################ё

I know, I know. The above title with the pitiful ASCII frame is a
flashback to the 1980's; but I was bored and I thought that this list
needed a bit of an overhaul. So sue me. Anyhow ..

The primary purpose of this list is to help the 'newbies' find the
information that they desire. Whether it be in regard to hacking,
phreaking, cracks and wares, mailing lists or to find an address from
a telephone number. But, as you may have guessed, there is an ulterior
motive to this list as well. Yes, I hate to say it but there is. What
is this 'ulterior motive' you ask?? Well, that can be best explained
with an example of what we see here everyday:

"The regulars are sitting in this group, as they do virtually everyday,
doing many things. Answering questions to the best of their abilities.
Taking tortuous threads and forming them to be the slinky in a garbage
disposal threads that you see before you. Posting primers and old
text files for the masses. Correcting these primers and text files for
accuracy. Some don't say much of anything and just hide out in the rafters
and lurk. And of course some are involved in soap opera like discussions,
which could sometimes boggle even the sharpest mind.

But, amidst these everyday activities that most people are consumed in,
they are temporarily distracted by a 'newbie' or a 'llama (How much do
I owe you, Desp??)' asking for the simplest, most redundant things of which
could be found with the use of a search engine or by reading the posts
regularly. Oh, here comes 'ZeRo Co0l LlAmA' now.

"Hey d00dz! I saw a post with a sh!t load of linkZ, but I am 2 laZy 2
click on the UrLz. GiMM3 WAREZZZZZZZZZ !!!!!"

Now, unfortunately my posting will not help this poor, lost soul. I
don't think there is much of anything that could help this person
except maybe for a swift slap across the back of the head and a bottle
of Prozac. Ah, but here comes 'Genuine Newbie' now.

"Greetings everyone. I am new at hacking and I would really like to gain
all the information that I possibly can regarding the subject at hand.
I've already used a search engine to find a lot of links, but my thirst
for knowledge has not yet been quenched. Could you guys give me a hand
by throwing some more links my way?? Thank you."

Of course, if this person had read the group for awhile he/she could
have found numerous links to quench that thirst. /But/ - he/she
was polite enough to post a good, solid request.

Which is where the ulterior motive comes in. (Yes, FINALLY!) No one
in the group wants people like 'ZeRo Co0l LlAmA' or 'Genuine Newbie'
asking these types of questions. So, this list is an effort to trying
to quell the influx of those posts. If this doesn't get you going in
the right direction, then nothing will. Except maybe for a psychologist
and a new hobby that has absolutely nothing to do with computers."

This will be posted on a biweekly basis (Tuesday & Friday) in three
groups: alt.2600, alt.2600.hackerz and alt.hacker. It can also be found
at DejaNews if you do a search on my name.

I also recommend that you read Harlequin's 'Newbie' posts as well:
"How to Hack - Info for Newbies", the alt.2600 FAQ, the alt.2600
survival guide, and his cracks and wares list of links.

Now, enough of my dulling discourse and onto the links.

Categories:

/*Hacking/*
/*Shell Accounts/*
/*Mailing Lists/*
/*Proxy Servers/*
/*Operating System Specifics/*
/*Programming Related/*
/*On-Line Reading Materials/*
/*Search Engines/*
/*Detailed Post from Osiris/*
/*Cracks, Wares and Serial Numbers/*
/*Finding People on the 'Net/*
/*Phreaking Related/*

====================================================================
====================================================================

/*Hacking Related/*

http://symbiotic.home.ml.org
http://www.hackers.com
http://www.ftech.net/~monark/crypto/
http://www.2600.com
http://www.mit.edu/hacker/hacker.html
http://easyweb.easynet.co.uk/~davegraham/britpack.htm
http://www.krew.org/H.html
http://virtucon.org
http://www.arts.unimelb.edu.au/Dept/Crim/Hack/pap.htm
http://www.unitedcouncil/org
http://www.infowar.com
http://www.netscope.net/~icepick/cool2.html
http://www.phrack.com
http://www.cybercom.com/~bsamedi/hack.html
http://www.hacked.net
http://www.techbroker.com/happyhacker.html
http://www.rootshell.com
http://www.aracnet.com/~gen2600/
http://www.l0pht.com
http://www.thecodex.com/hacking/
ftp://ds.internic.net/rfc/
http://reference.nrcs.usda.gov/ietf/rfc/keywords/all/index.htm
http://www.sysone.demon.co.uk/
http://www.thtj.com
http://globalkos.ml.org/GlobalkOS/index.html
http://sun.soci.niu.edu/~cudigest
http://www.neo.com/Aether/hacker.html
http://www.mediaport.org/~adehaas/files_frame.html
http://www3.l0pht.com/~oblivion/blackcrawlarch.html
http://www.cynet1.com/blindsight/
http://members.aol.com/madzombie/
http://www.tower.net.au/~hellfire/RTFM/rtfm.html
http://www.afn.org/~afn56746/files/hack/hacking.htm
http://www.ozemail.com.au/~geisha/index1.html
http://skynet.ul.ie/~flynng/security/
http://www.escape.com/~samk/
http://207.98.195.250/
http://www.io.com/~ritter/NETLINKS.HTM#CryptoDesigns
http://www.accessorl.net/~cyberwar/codehacks.html
http://main.succeed.net/~coder/spoofit/spoofit.html
http://www.con.wesleyan.edu/~triemer/network/docservs.html
http://www.vvv.com/~tommy/interest.html
http://www.jabukie.com/Hacking.html
http://www.txdirect.net/users/wall/cgisec.htm
http://www.antionline.com/archives/windows/passwdcrack/
ftp://ftp.ox.ac.uk/pub/wordlists/

====================================================================
====================================================================

/*Shell accounts/*

http://godson.home.ml.org

====================================================================
====================================================================

/*Mailing lists/*

http://www.ntsecurity.net/ (Subscribe to the NTSecurity list w/the on-
line sign up page)

Alert - Send an email to [email protected] with the following in the
body of the message - Subscribe alert

BugTraq - Send an email to [email protected] with the following in the
body of the message - SUBSCRIBE BUGTRAQ

Cert - Send an email to [email protected] with the following
in the subject line - SUBSCRIBE your-email-address

FreeBSD Hackers Digest - Send an email to [email protected] with the
following in the body of the message - subscribe freebsd-hackers-digest

====================================================================
====================================================================

/*Proxy Servers/*

proxy.ak.iconz.co.nz:8080
proxy.wn.iconz.co.nz:8080
proxy.pm.iconz.co.nz:8080
proxy.tg.iconz.co.nz:8080
proxy.ch.iconz.co.nz:8080
proxy.ro.iconz.co.nz:8080
proxy.na.iconz.co.nz:8080
proxy.nn.iconz.co.nz:8080
gargoyle.apana.org.au:3128
proxy.magnusnet.com:8080 (or 8085, 8086, 8088)
proxy.third-wave.com:3128
supernova.netscape.com:8080
access.adobe.com:8080
server.librarysafe.com:8080
wwwcache.mcc.ac.uk:3128
www.anonymizer.com:8080

====================================================================
====================================================================

/*Operating System Specifics/*

Linux/Unix related sites:

http://www.freebsd.org
http://www.hawken.edu/help/linux.htm
http://sunsite.unc.edu/mdw/index.html
http://www.linux.org
http://www.ghg.net./crolmstrom/linux.html#archive
http://www.geek-girl.com/Unixhelp/

WindowsNT related sites:

http://www.nmrc.org/files/nt/
http://www.asmodeus.com
http://www.ntsecurity.net
http://www.windowsnt-plus.com/

====================================================================
====================================================================

/*Programming related/*

C/C++:

http://www.cm.cf.ac.uk/Dave/C/CE.html
http://www.delorie.com/djgpp/
http://www.strath.ac.uk/CC/Courses/NewCcourse/ccourse.html

MS-DOS:

http://www.cm.cf.ac.uk/User/P.L.Poulain/project/allcomms.htm
http://log.on.ca/users/rhwatson/dos7/commandintro.html
http://www4.ncsu.edu/unity/users/j/john/html/dosinfo/batch.html
http://www.cit.ac.nz/smac/os100/msdos14.htm

QBasic:

http://www.geocities.com/SiliconValley/Park/4504/qbasic_tutorials.html

Miscellany:

http://www.uni-tuebingen.de/zdv/projekte/linux/books/nag/node1.html
http://www.cybercom.net/~babcock/links/language.html
http://www.programmersheaven.com
http://members.tripod.com/~nir7/prog.html
http://www.strangecreations.com/
http://www.utexas.edu/cc/

====================================================================
====================================================================

/*On-Line Reading Materials/*

http://www.mcp.com/personal/

====================================================================
====================================================================

/*Search Engines/* (Pay Desperado at the door)

http://www.yahoo.com
http://www.altavista.com
http://www.infoseek.com
http://www.lycos.com
http://www.excite.com
http://www.webcrawler.com
http://www.metacrawler.com
http://www.hotbot.com
http://www.dejanews.com
http://www.filez.com
http://www.ftpsearch.com

====================================================================
====================================================================

/*Detailed Post from Osiris/*

1. Get Linux or FreeBSD ASAP
2. Acquire one or more books written by Spafford, Bellovin, Cheswick,
Rubin, or Ranum
3. Get both the Camel and Llama books on PERL
4. Get ORA's book on TCP/IP
5. Purchase some old boxes (386/486) and install network cards

Armed with these items, construct a small UNIX network within your home
(garage, perhaps?). If you choose LINUX, read all the HOWTOs,
particularly the networking HOWTO. Create at least 5 user accounts,
allowing at least shell access for each account on each box. Once this
configuration has been established (with all networking up and working
properly), make attempts (as various users) to break one or more boxes on
the system. (You should ideally attack various services, not just one.)
Also: download either the SAFEsuite demo, the old ISS, or SATAN. Run
these utilities against your system, and read the tutorials that
accompany the documentation provided with these utilities.

Next, acquire all tools located at this URL:
http://www.giga.or.at/pub/hacker/unix

Learn how to use each one. Next, obtain the AUSCERT UNIX security
checklist here:
ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist

Next, obtain the UNIX security checklist located here:
http://stimpy.cac.washington.edu/~dittrich/R870/security-checklist.html

Next, obtain the Site Security Handbook (RFC 1244), which is here:
http://stimpy.cac.washington.edu/~dittrich/R870/rfc1244.txt

Next, obtain this document from SRI:
http://stimpy.cac.washington.edu/~dittrich/R870/SRI-Whitepaper.ps

After reading and understanding all accompanying documentation listed
above (and trying out some or all of the cited tools), read the following
documents:

Intrusion Detection Checklist
ftp://info.cert.org/pub/tech_tips/intruder_detection_checklist

Dan Farmer's Survey on Various Hosts:
http://www.trouble.org/survey/

Improving the Security of Your Site by Breaking Into it
http://www.trouble.org/security/admin-guide-to-cracking.html

All the papers on this page, but especially the work by Nancy Cook and
her partner.
http://www.trouble.org/security/auditing_course/

Murphy's law and computer security by Wietse Venema
http://www.trouble.org/security/murphy.html

After absorbing that information, then seek out these papers:

CIAC-2308_Securing_Internet_Information_Servers.pdf
http://ciac.llnl.gov/ciac/documents/CIAC-
2308_Securing_Internet_Information_Servers.pdf

Securing X Windows
http://ciac.llnl.gov/ciac/documents/CIAC-2316_Securing_X_Windows.pdf

How to Detect an Intrusion
http://ciac.llnl.gov/ciac/documents/CIAC-
2305_UNIX_Incident_Guide_How_to_Detect_an_Intrusion.pdf

Finally, go here and begin the process of studying each hole addressed in
the BUGTRAQ archive. That is located here:

http://www.geek-girl.com/bugtraq/search.html

Other things that will help you tremendously are these:

1. Subscribe to all known mailing lists on UNIX security, e.g. BUGTRAQ,
CIAC, CERT, etc.
2. From these lists, generate a database of email addresses of known
security experts. Good examples would be Farmer, Venema, Spafford, Ranum,
etc.
3. Scour the Internet for any instances of their email addresses -
whether on lists, discussion groups or the web generally. (Note: do *NOT*
bug these guys. Simply read their thoughts and ideas, absorb them, and
move on.)
4. As you encounter exploit code on these lists (which you invariably
will), compile it and execute it. Record your results. (One good reason
to get LINUX or FreeBSD: all compilers are free and already well
configured on a full install.)
5. Try to spend one hour a day studying socket programming.
6. Go to a used bookstore and buy every book you can find on system
administration. In lieu of this, at least buy books that are in
remaindering bins. The cheaper, the better.
7. Don't laugh, but learning at least the basics of these languages would
help:

A. PERL
B. AWK/GAWK/NAWK
C. SED
D. Expect

Also, it would be of some help to get a translation table that shows
variances between similar or identical tasks performed in sh/bash/csh. In
addition, you may wish to seek out the differences between disparate
versions of UNIX. It is worth buying old manuals for AIX, HP-UX, Unicos,
IRIX, Data General, SunOS, Solaris, XENIX, SYS V, and so forth. What
follows is a list of books that might help you. (These are in
alphabetical order, so order does not indicate preference. Personally, I
prefer books authored by those I cited above.)

Building Internet Firewalls
D. Brent Chapman, Elizabeth D. Zwicky (1995)
ISBN: 1565921240

Commonsense Computer Security: Your Practical Guide to Information
Protection
Martin R. Smith (1994)
ISBN: 0077078055

Computer Crime: A Crimefighter's Handbook
David J. Icove, David, Seger, Karl Icove, Karl A. Seger, Vonstorch (1995)
ISBN: 1565920864

Computer Security
John M. Carroll (1996)
ISBN: 0750696001

Computer Security Basics
Deborah Russell, G.T. Gangemi (1991)
ISBN: 0937175714

Computer Security Handbook
Arthur E. Hutt, Seymour Bosworth, Douglas B. Hoyt (1995)
ISBN: 0471118540

Firewalls and Internet Security: Repelling the Wily Hacker
William R. Cheswick, Steven M. Bellovin (1994)
ISBN: 0201633574

Fundamentals of Computer Security Technology
Edward G. Amoroso (1994)
ISBN: 0131089293

Hacker Proof: The Ultimate Guide to Network Security
Lars Klander, Edward J. Renehan (1997)
ISBN: 188413355X

Halting the Hacker: A Practical Guide to Computer Security
Donald L. Pipkin (1997)
ISBN: 013243718X

Information Warfare : Chaos on the Electronic Superhighway
Winn Schwartau (1996)
ISBN: 1560251328

Internet Firewalls and Network Security
Chris Hare, Karanjit S. Siyan (1996)
ISBN: 1562056328

Internet Firewalls and Network Security
Karanjit, Ph.D. Siyan, Chris Hare (1996)
ISBN: 1562054376

Internet Security: Professional Reference
Derek Atkins, Tom Sheldon, Tim Petru, Joel Snyder (1997)
ISBN: 156205760X

Maximum Security: A Hacker's Guide to Protecting Your Internet Site and
Network
Anonymous (1997)
ISBN: 1575212684

Personal Computer Security
Edward Tiley (1996)
ISBN: 1568848145

Practical Unix and Internet Security
Simson Garfinkel, Gene Spafford (1996)
ISBN: 1565921488

Protecting Your Web Site With Firewalls
Marcus Goncalves, Vinicius A. Goncalves (1997)
ISBN: 0136282075

Protection and Security on the Information Superhighway
Frederick B. Cohen (1995)
ISBN: 0471113891

Secrets of a Super Hacker
Knightmare, the Knightmare (1994)
ISBN: 1559501065

Security in Computing
Charles P. Pfleeger (1996)
ISBN: 0133374866

Web Commerce Cookbook
Gordon McComb (1997)
ISBN: 0471196630

Web Security Sourcebook
Avi Rubin, Daniel Geer, Marcus J. Ranum, Aviel D. Rubin, Dan Geer (1997)
ISBN: 047118148X

Web Security & Commerce (Nutshell Handbook)
Simson Garfinkel, Gene Spafford (1997)
ISBN: 1565922697
http://www.amazon.com/exec/obidos/ISBN=1565922697/t/0560-5831826-082656

Access Control and Personal Identification Systems
Dan M. Bowers (1988)
ISBN: 0409900834

Internet Security Secrets
John R. Vacca. (1996)
ISBN: 1-56884-457-3.

Network and Internetwork Security: Principles and Practice.
William Stallings. (1995)
ISBN: 0-02-415483-0

Network Security: How to Plan for It and Achieve It.
Richard H. Baker. (1994)
ISBN: 0-07-005141-0

UNIX Security for the Organization.
R. Bringle Bryant. (1994)
ISBN: 0-672-30571-2.

UNIX Security: A Practical Tutorial.
N. Derek Arnold.
ISBN: 0-07-002560-6 (1993)

UNIX System Security: How to Protect Your Data and Prevent Intruders.
Rick Farrow. (1991)
ISBN: 0-201-57030-0

UNIX System Security Essentials.
Christoph Braun and Siemens Nixdorf. (1995)
ISBN: 0-201-42775-3

UNIX System Security.
David A. Curry. (1992)
ISBN: 0-201-56327-4

UNIX Unleashed. 1994
Susan Peppard, Pete Holsberg, James Armstrong Jr., Salim Douba, S.Lee
Henry, Ron Rose, Richard Rummel, Scott Parker, Ann Marshall, Ron Dippold,
Chris Negus, John Valley, Jeff Smith, Dave Taylor, Sydney Weinstein and
David Till
ISBN: 0-672-30402-3.

Lastly, you will need to get some good tools to experiment with. They are
here:

http://ciac.llnl.gov/ciac/SecurityTools.html

Basically, that should get you started. It is not necessary that you
learn everything all at once. Obviously, the firm offering you the
position does not expect the impossible. However, UNIX security is an on-
going and complex field. You aren't going to ace it in a day. The idea is
to get yourself up to speed with older problems, so that when newer ones
crop up, you will understand their basis and origin.

The reason for creating a network in your garage is that it offers you a
chance to screw things up without any repercussions. Also, it simulates a
micro-network, and allows you to view logs and responses from both the
attack and victim sides. This is invaluable, as it will prepare you to
instantly recognize trouble, just from examining the logs. Chief areas
that you should cover are these:

1. NFS
2. The R Services
3. Passwords - proactive password checkers, DES in general, Crack, etc.
4. Spoofing
5. Routing techniques
6. Firewalls
7. CGI (if web servers are an integral part of the architecture of that
network).

It is recommended that you get the TIS Firewall Tooklit when you are
ready. (Though, I suspect that the firm hiring you is more interested in
local security that remote problems. Nevertheless, it is worth doing).

====================================================================
====================================================================

/*Cracks, Wares and Serial Numbers/*

http://www.compucall.com/keys.htm
http://hack.box.sk/
http://www.fravia.org
http://www.lordcaligo.org
http://www.t50.com (Top 50 wares sites)
http://www.wwisp.com/~wsg/cbd/cracks.html
http://members.tripod.com/~tnwo/
http://www.fortune500.net/super/
http://leoworld:[email protected]/index2.html
http://208.232.128.18/frames.htm
http://pcrew.ml.org

If the links above do not offer what you are looking for, then here is a
list of the appropriate news groups that cracks, wares, and serial number
requests should be made in (In other words, not here!):

news://alt.cracks
news://alt.binaries.cracks
news://alt.binaries.cracks.phrozen-crew
news://alt.2600.warez
news://alt.2600.programz
news://alt.warez.ibm-pc
news://alt.warez.ibm-pc
news://alt.binaries.warez.linux
news://alt.binaries.warez.mac
news://alt.binaries.warez.macintosh

====================================================================
====================================================================

/*Finding People on the 'Net/*

http://www.anywho.com
http://www.infospace.com
http://www.whowhere.com
http://www.four11.com
http://www.switchboard.com
http://www.cis.ohio-state.edu/hypertext/faq/usenet/finding-
addresses/faq.html
http://www.thecodex.com/search.htm
http://rs.internic.net/cgi-bin/whois/

====================================================================
====================================================================

/*Phreaking Related/*

http://www.ameritech.net/users/jmartino/index.html
http://www-personal.engin.umich.edu/~jgotts/underground/boxes.html
http://www.netcore.ca/~locutus/boxes/boxes.htm
http://www.netcore.ca/~locutus/phreak/phreak.htm
http://members.tripod.com/~iang
http://www.phonelosers.org/

====================================================================
====================================================================

I hope that this posting has been of some value to you and has not
proved to be a complete waste of time on my part. If you have
any links that should be added or if any of these links are dead, feel
free to email me at [email protected][/dev/null]technologist.com. Have fun ..

--
-Symbiotic_
http://symbiotic.home.ml.org
"This is how the world ends; Not with a bang but a whimper." -T.S. Eliot


Комментарии:


Цитировать сообщение


[ Комментарии ] [ Доска объявлений HackZone ]