This is an old revision of the document!


8. Hacking

So you want to hack? To break into computers? Take them over? Get root access? Crash them or use their CPU cycles to do work for you?

Aim high, but I have some advice. Those activities aren't hacking. Those activities are part of cracking. For more information about the meaning of hack, you might read two other chapters from The Jargon File:

  • The Meaning of 'Hack' and
  • Crackers, Phreaks, & Lamers.

You might find some people in COM Mode who would like to talk about these things, but most of them are really tired of kiddies coming into the lobby & asking "Do any of you know how to hack?" So you'll need to be more subtle. It's like real life; you don't walk into a room, interrupt the current conversation, & loudly ask if anyone will sell you nose candy. It's just rude.

Information about security holes is pretty easy to find without help. Just use Google to search for things like "computer security virus hole exploit". What you need is the knowledge to make use of that information. You need to learn straightforward programming techniques, especially networking8.1, before you can make use of all that security information that is readily available. So instead of asking people to teach you to crack, it might be more worthwhile & fun to talk programming with people.

While we're on the topic, I guess I can throw out a bone. Take a look at "CIFS: Common Insecurities Fail Scrutiny" ([Hob77]).

Also, be aware that most of the protocols in use on the Internet are defined in the Request For Comment (RFC) documents. One database of RFCs is The RFC Editor. Another such database is RFCs at Ohio State University.

Why do you care about the RFCs? Because to find a hole in some protocol, you need to know the actual protocol, not just heresay that people slip to you in a chat room. To know the protocol, you need to refer to its definitive source. For most protocols on the Internet, that's the RFCs.

For example, let's say you wanted to research holes in Internet multicast. You could go to either of those RFC databases & search for "multicast". You conclude that any of these RFCs were worth your time

id title author data
RFC1112 Host extensions of IP multicasting S.E. Deering 1 Aug 1989
RFC3513 Internet Protocol Version 6 (IPv6) Addressing Architecture R. Hinden, S. Deering Apr 2003
RFC3261 SIP: Session Initiation Protocol lots of blokes Jun 2002

That's just an example. By the way, if none of those title make you at least a little curious to know what's in those documents, then you might not be cut-out to be a computer hacker or a cracker.