********* * * **** * * * * * ****** * * * * * * * * **** The Hacker's Choice Part I - The Login Hacker (c) 1996 by van Hauser/THC of L.o.r.E. ----------------------------------------------------------------------------- The Hacker's Choice -------------------------------------------------------------------------------- ***** ***** ****** ** ** ** *** ** ** ******* ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** *** ** ** ******* ***** ***** ***** ****** **** LOGIN HACKER v1.00 PUBLIC FINAL RELEASE Introduction ---------------------- This is a fine program for hacking systems. You can use up to 3 dictionary files PLUS 3 Brute Force Generators to penetrate the target system. Please note : This tool is for Sysops & SysAdmins only to check it on their own system. Don't do anything illegal with this! If this software formats your harddisk, crashes your computer, lets the monitor explode, fucks your girlfriend and kills your dog - sorry, i don't intended this program to do THIS, but you do everything on your own risk ... ;-) If you write a good script and/or a successful one then send it to me! Email : vh@campus.de If you need more commands etc. tell me too! SENSE & SENSELESS existance of a Login Hacker ------------------------------------------------------- Sure this hack utility is neat, flexible etc. but you may ask why someone should need and use it. It seems that it's only a program for "lamers" or newcomers who think about using this program to hack governement computer is the way to all successful hacking. Of course most systems are surveilled and when many failed login attempts are encountered security functions and alarms are triggered. So this could be a one-way-ticket for novice hacker to jail. Sure that may happen - and sure that will happen. Of course thats the same for BBS hacking, after 10 tries the sysop will be alarmed and know whats going on. But for unix there are possiblities to check for correct passwords without triggering logs & alarms but you can do this too with a script and a nohup + & command to run them while you are offline. So these AREN'T the thing to use this Login Hacker for. I needed this 2 times in life : First : An old telekom computer system, which allows you to do unlimited password attempts. Second: A unix system which could only be reached from a telnet platfrom where i couldn't use the rare known possibilty to hack without alarms, so i dared to do it with triggering alarms. Not very much for writing such a big and flexible program. But while searching for an already written one, i never found one, and many guys i asked told me they searched too for this shit. I think everyone who's into hacking tried once to find such a program. And every toll free scanner or carrier scanner can image at least one phone number where he could use this program. Or maybe you want to use it with the risk of triggering alarms in your mind to get into a closed system because you haven't got another chance (a bank etc.) - BUT if you do THIS make your call untracable! Either bei using other outdials, blueboxing, etc. or they'll get ya ass. Keep this in mind and read on. What to hack - and what NOT! ---------------------------------------------- For what do you need a login hacker? - Sure to get in. Either if you just want one account for access to the system - thats OK, or your goal is SysAdmin access on the target system - if so *NEVER* try to hack the SysAdmin account directly with this tool! First their passwords are usally much much stronger then those of the average user, second on many systems their are special security functions to prevent a login hacking on the Administration Account. (On Unix this is an error message with level CRITICAL (auth.crit), on others, like novell, the option might be turned on to disable the Sysop account after 3 bad logins. AND nearly every software has got a special security feature to only allow Sysop/Admin login from the console only! So *NEVER* try to hack ROOT, OPERATOR, SYSADM, MANAGER, etc. directly) The important part is to get in - remember that. Once you are in, the system is much more vulnerable to your attacks. Try to get the text of the update's description, then you know most time where the usually security problems of this particular software lie ... or try to contact some hacker and ask them. How to know which users to hack : In my experiences femalse users often got easy to guess passwords. But of course males often too ;-) Try to get to know how the login names are given out (forenamen, Nickname, Familyname, 1st Forname Character + Familyname, Fantasyname etc.). Usual passwords for those accounts are the Loginname, Forename, Familyname, Forename+Familyname and 1st Forename Character + Familyname ... and try "bad" passwords like girlnames, football things, "123", "secret", etc. On Unix systems ya can easily get to know the login names by a) probing with finger or b) telnet to the smtp port and expand ALL ... and verify them to get their full names. Other possiblities to use the Login Hacker: Modem Dialups protected with a system password (You just get a "PASSWORD:" prompt. Or sometimes you get one which sends NOTHING to your modem). Note:It is very easy to program a script which can hack those "Silent Carriers" with the Login Hacker ... use your brain and try it out ... those are the best to deal with ... The WHO IS WHO in this great package ---------------------------------------------- There are 2 EXE File in this BETA Package : LOGINH.EXE This one is the main program to hack everyting LH-COMP.EXE This is the compiler for hack scripts if you want to use them X00.EXE Fossil Driver. Use if you use EXECUTE. Load with : X00.EXE E 2 other files included in this package : FILE_ID.DIZ whats that? how has that gone into this package ?? HISTORY.DOC take a look how this program evolved out an idea. LOGINH.DOC you are reading me (unless you are blind) SCRIPT.DOC The DOC file for the script language - PRINT IT OUT ! RESULT.DOC The meaning of the result codes reported from Login Hacker UPDATE.DOC how to update from an old version VH_BASE.DIC my own basic dictionary! LH&SCAVE.TXT Example script to use the LOGIN HACKER with the SCAVENGER DIALER THC&SCAV.SCR SCAVENGER example script you'll need it for LH&SCAVE.TXT script REBREAK.SCR SCAVENGER example script you may need it for LH&SCAVE.TXT script HANGUP.SCR SCAVENGER example script you may need it for LH&SCAVE.TXT script PICKUP.SCR SCAVENGER example script you may need it for LH&SCAVE.TXT script THC-LH_1.TXT An example of using the script language THC-LH_2.TXT The second example of using this script language DEC-SERV.TXT One successful script which got through! (by Tron X) PASSCODE.TXT Another script (by MindManiac) ;-) THC.NFO VERY important! Everything about our group ;) LORE.COM neat intro for LORE BBS, written by Plasmoid (only 2 kb!) and after some time of using you'll also find LOGINH.CFG (the config file for LOGIN HACKER) plus file with the following endings : .LOG These are the logfiles created. If a logfile already exists, all data will be appended. The logfilename is either specified in the script or in the online hacking setup. .SCR These are the script files created with LH-COMP.EXE. Only these files can be loaded into LOGIN HACKER be and used. .HCK If you abort a hacking attempt, or something goes wrong, files with these endings are created. These are the datafiles which point to the actual dictionary/bruteforce settings when this datafile was created. If you hack this system again, LOGIN HACKER will asks you if you want to use the data from this file. So you can abort a hack session and continue later. IMPORTANT : The Forename of this file is NOT the scriptfile-forename but the logfile-forename ! So if you write the hack data of another hack to the same logfile it will ask you to use the (old and false) data! so keep it in mind. How to handle this ------------------------------- It's very much self explaining so there's not much of a docu this time ... You must write a script to hack hack your targets - and this is the most powerful tool ever written to help you. You can do (nearly) everything. But of course it's not that easy ofr novice guys or hackers who never programmed even with a Basic language. On Information about programming those scripts consult the file SCRIPT.DOC and the two examples THC-LH_1.TXT and THC-LH_2.TXT ... and two actual scripts : PASSCODE.TXT and DEC-SERV.TXT You must compile the scripts then with LH-COMP.EXE, before you can use them with the main program. The script must be compiled to check for any errors so you can be 99% sure that no programming syntax error will occur during hacking! (if you put in endless loops thats your fault ;) Command line Parameters ---------------------------------- LOGINH.EXE [scriptfile]/[anything] [-Auto] [-Shh:mm] [Ehh:mm] [scriptfile] - loads automatically this compiled script file and just waits for a key from you to start. [anything] - if the parameter ISN'T an existing file, the hacker starts without that fucking delay scrolling ;-) [-Auto] - this parameter starts the script immediately without waiting for a key. [-Shh:mm] - Starttime - when the program will start scanning if specified. Military time format -> 15:30 etc. [-Ehh:mm] - Endtime - when the program will end scanning if specified. Military time format -> 15:30 etc. [-T] - Runt script in TEST mode which means that NO ouput is send to the modem [-D] - Turns debug mode on, which shows you the next executing command and the option to either skip or exec it. LH-COMP.EXE [scriptfile] [scriptfile] - you must specify a non-compiled script Using LOGINH.EXE ---------------- There are 5 options after you started it : L - Load compiled Script S - Setup T - Terminal I - Information Q - Quit Option 1 loads a compiled script and executes it (hacks). In Option 2 you can setup your modem and some basic hacking limits. In Option 3 is a small terminal program implemented. have fun with it. Options 4 ... select it. Options 5 ... uh i forgot why i put this in ... I think I'll remove it in the future ... ;-) THE SCREEN WHILE IN ONLINE HACKING MODE ----------------------------------------------- (after loading & running a script) Everything from the modem is sent is displayed in normal white. Everything written to the LOGfile will be written in Dark Blue if you enabled the Option "Print Logoutput to Screen too" Every SYSTEM Message, like CONNECT, ALARM, HANGUPs, ERRORs etc. will be displayed in HIGHLIGHTED BLUE. KEYS WHILE ONLINE HACKING MODE ---------------------------------------- Press ESCAPE to Pause/Quit Menu F1 For a HELP Screen ALT-B Bosskey (Hides the screen and pauses) ALT-C to clear the screen ALT-D Turns Debug Mode on/off ALT-H HangUp Menu ALT-I Information/Statistic Display ALT-J to jump to DOS (BETA! DOESN't WORK BY NOW!) ALT-L Special LOGing Menu. ALT-T -> ENTER TERMINAL MODE in this mode the screen is paused and the system is under your control. you may do verything you wish, use any of the keys above (except ESC). to EXIT TERMINAL MODE you may either press ALT-T again or press ALT-X you get then a menu where you can choose what to do now (restart, quit, contin) ------------------------------------------------------------------------------ Okay thats all ... HAVE PHUN ! ------------------------------------------------------------------------------- Remember : * Read SCRIPT.DOC and the examples. This is the most powerful thing and should be used anytime, cause you can make it more flexible and secure then the internal procedures from LOGINH.EXE * If you like you may send any good script to vh@campus.de * If you encounter ANY bug or need a special function - tell me! * Please send all flames & police warrants to null@localhost ------------------------------------------------------------------------------- For suggestions or bug report, call L.o.r.E. BBS ++49-(0)69-823282 Login : THC Password : THC to write a comment to sysop, leech any THC release or get one of the things this board is distributor, for example the SCAVENGER DIALER, VLAD magazine etc. e@mail : vh@campus.com on ARRESTED DEVELOPMENT BBS send mail to van Hauser (No. in THC.NFO) Ciao... -> van Hauser <- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAzB6PNQAAAEEALx5p2jI/2rNF9tYandxctI6jP+ZJUcGPTs7QTFtF2c+zK9H ElFfvsC0QkaaUJjyTq7TyII18Na1IuGj2duIHTtG1DTDOnbnZzIRsXndfjCIz5p+ Dt6UYhotbJhCQKkxuIT5F8EZpLTAL88WqaMZJ155uvSTb9uk58pv3AI7GIx9AAUT tBp2YW4gSGF1c2VyL1RIQyBvZiBMT1JFIEJCUw== =6UhL -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- The Hacker's Choice !! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !! This file is for informational purpose only! The Sysop-Team is NOT RESPONSIBLE for anything you do after reading this text! !! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !!! REMEMBER !! [Sysop : van Hauser]Ŀ ޲ ۰ ۱ ۱ ް ް ۲ް ۲ ް 3000 H/P/A/V/C/M Files Biggest Hpavcm Board In Germany BIG Message Base ! Experts Only! Lamer Protection! [ ++49-69-823282 ]Ŀ Ĵ NUP : [ ++49-69-PRIVAT ] !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! Dieses File dient nur zur Information und Aufklaerung! Die Sysops erklaeren sich NICHT VERANTWORTLICH fr Rechtsverstoesse, die durch diese Informationen entstehen. !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! ACHTUNG !!! H/P/A/V/M/C/I/D/P/!/L/F/O/! --------------------------------------------------------------------------------