The Hack FAQ: General FAQ Info

1. General FAQ Info

The following was originally compiled in June 1998. It answers some basic questions about this FAQ and hacking.

Send comments about info in this FAQ to faq@nmrc.org. Simple flames about typos, the "that's not right" one liners will be ignored. If you wish to contribute corrections please include your research and source of facts. Also if you wish to add your information, I will include it if I can include your email address, unless I can verify the info independently. This way if someone has questions, they can bug you, not me.

It is prefered that you include OS flavor and versions, and other conditions used in testing. Theoretical discussion is fine, just try and back up your findings. Also note that we may often rewrite your submissions to match the "elite" nature of our FAQ ;-)

Anonymous submissions are okay. Encrypt them if you like, here's Simple Nomad's PGP key (also available from MIT's key server):

And the PGP 5 key...

1.2 How was this FAQ prepared?

Testing for a large part of the material was completed in the NMRC lab and at various field locations. Most of the tools used during testing are available from the NMRC web site in the files section (alternate locations are listed in the resources section for these tools).

Specific testing for Netware was done in the lab and at field locations. For NT the lab was used, but due to a recent "moment of clarity" NT is no longer operational in the labs. Field locations will be used from now on. Web related hacking information has been done in the field but due to a couple of odd related projects we currently have resources for this type of testing in the lab. Unix testing is also done in the lab, but primarily limited to Linux, OpenBSD, FreeBSD, and AIX.

Technical info has been discovered (read "quoted without permission because it was out in a public forum so I leeched it") and collected, often the technical detail is complete and self-explanatory in its original source, so I feel no reason to "test" it in a lab environment. I try and quote original material when I can, if I have left you out, let me know.

The actual FAQ was assembled from the various text files and turned into SGML source. The SGML-Tools package was used and only slightly altered to create these web pages. This gives us a single starting place during revisions and the opportunity for a multitude of output formats.

1.3 Is this FAQ available by anonymous FTP or WWW?

This FAQ is available online from the following locations:

www.nmrc.org/faqs/hackfaq/index.html.

This FAQ is available in other formats, including its raw SGML. See the www.nmrc.org/faqs/index.html page for details.

Currently due to the new processing of the information manual mirrors will not be supported. Once we've implemented the processes, we will more than likely be providing updates to this FAQ once a month.

1.4 What is the mission and goal of the FAQ?

If I said "to teach hacking" I would be lying. First off, no documentation will teach you how to hack. This FAQ answers common questions regarding some of the underlying mechanics from a hacker perspective. Second, I will not be drawn into a debate regarding usage of the term hacker, cracker, phreaker, hacking, cracking, and will certainly not be drawn into a discussion on the moral and legal issues involved. The material is what it is -- no more, no less, and I use terms the way I see fit to answer a question from the intruder perspective.

So the goal here is simply information disemination.

1.5 Where is the disclaimer?

There is no disclaimer. Disclaimers are lame and idiotic LawyerSpeak. I don't care how you use this information. If you use it to break the law, fine. If you get caught, fine. If you use it to secure a system, fine. I am responsible for myself, therefore I need no "disclaimer". Instead, here is my EXclaimer -- PISS OFF.

The only thing more lame than a disclaimer on a web page is a disclaimer in a sig file (we all know how millions of dollars in attorney's fees are saved by sig files every year).