NOTE: DUE TO THE MANY DIFFERENT
VERSIONS OF UNIX (BERKLEY UNIX,
BELL SYSTEM III, AND SYSTEM V
THE MOST POPULAR) MANY COMMANDS
FOLLOWING MAY/MAY NOT WORK. I HAVE
WRITTEN THEM IN SYSTEM V ROUTINES.
UNIX/XENIX OPERATING SYSTEMS WILL
BE CONSIDERED IDENTICAL SYSTEMS BELOW.

HOW TO TELL IF/IF NOT YOU ARE ON A
UNIX SYSTEM:  UNIX SYSTEMS ARE QUITE
COMMON SYSTEMS ACROSS THE COUNTRY.
THEIR SECURITY APPEARS AS SUCH:

LOGIN;     (OR LOGIN;)
PASSWORD:

WHEN HACKING ON A UNIX SYSTEM IT IS
BEST TO USE LOWERCASE BECAUSE THE UNIX
SYSTEM COMMANDS ARE ALL DONE IN LOWER-
CASE.
LOGIN; IS A 1-8 CHARACTER FIELD. IT IS
USUALLY THE NAME (I.E. JOE OR FRED)
OF THE USER, OR INITIALS (I.E. J.JONES
OR F.WILSON).  HINTS FOR LOGIN NAMES
CAN BE FOUND TRASHING THE LOCATION OF
THE DIAL-UP (USE YOUR CN/A TO FIND
WHERE THE COMPUTER IS).
PASSWORD: IS A 1-8 CHARACTER PASSWORD
ASSIGNED BY THE SYSOP OR CHOSEN BY THE
USER.
COMMON DEFAULT LOGINS
————————–
LOGIN;       PASSWORD:
ROOT         ROOT,SYSTEM,ETC..
SYS          SYS,SYSTEM
DAEMON       DAEMON
UUCP         UUCP
TTY          TTY
TEST         TEST
UNIX         UNIX
BIN          BIN
ADM          ADM
WHO          WHO
LEARN        LEARN
UUHOST       UUHOST
NUUCP        NUUCP

IF YOU GUESS A LGIN NAME AND YOU ARE
NOT ASKED FOR A PASSWORD, AND HAVE
ACCESSED TO THE SYSTEM, THEN YOU HAVE
WHAT IS KNOWN AS A NON-GIFTED ACCOUNT.
IF YOU GUESS A CORRECT LOGIN AND PASS-
WORD, THEN YOU HAVE A USER ACCOUNT.
AND, IF YOU GUESS THE ROOT PASSWORD,
THEN YOU HAVE A “SUPER-USER” ACCOUNT.
ALL UNIX SYSTEMS HAVE THE FOLLOWING
INSTALLED TO THEIR SYSTEM:
ROOT, SYS, BIN, DAEMON, UUCP, ADM
ONCE YOU ARE IN THE SYSTEM, YOU WILL
GET A PROMPT. COMMON PROMPTS ARE:

$
%
#

BUT CAN BE JUST ABOUT ANYTHING THE
SYSOP OR USER WANTS IT TO BE.

THINGS TO DO WHEN YOU ARE IN: SOME
OF THE COMMANDS THAT YOU MAY WANT TO
TRY FOLLOW BELOW:

WHO IS ON  (SHOWS WHO IS CURRENTLY
LOGGED ON THE SYSTEM.)
WRITE NAME (NAME IS THE PERSON YOU
WISH TO CHAT WITH)
TO EXIT CHAT MODE TRY CTRL-D.
EOT=END OF TRANSFER.
LS -A      (LIST ALL FILES IN CURRENT
DIRECTORY.)
DU -A      (CHECKS AMOUNT OF MEMORY
YOUR FILES USE;DISK USAGE)
CD\NAME    (NAME IS THE NAME OF THE
SUB-DIRECTORY YOU CHOOSE)
CD\        (BRINGS YOUR HOME DIRECTORY
TO CURRENT USE)
CAT NAME   (NAME IS A FILENAME EITHER
A PROGRAM OR DOCUMENTATION
YOUR USERNAME HAS WRITTEN)
MOST UNIX PROGRAMS ARE WRITTEN
IN THE C LANGUAGE OR PASCAL
SINCE UNIX IS A PROGRAMMERS’
ENVIRONMENT.
ONE OF THE FIRST THINGS DONE ON THE
SYSTEM IS PRINT UP OR CAPTURE (IN A
BUFFER) THE FILE CONTAINING ALL USER
NAMES AND ACCOUNTS. THIS CAN BE DONE
BY DOING THE FOLLOWING COMMAND:

CAT /ETC/PASSWD

IF YOU ARE SUCCESSFUL YOU WILL A LIST
OF ALL ACCOUNTS ON THE SYSTEM.  IT
SHOULD LOOK LIKE THIS:

ROOT:HVNSDCF:0:0:ROOT DIR:/:
JOE:MAJDNFD:1:1:JOE COOL:/BIN:/BIN/JOE
HAL::1:2:HAL SMITH:/BIN:/BIN/HAL

THE “ROOT” LINE TELLS THE FOLLOWING
INFO :
LOGIN NAME=ROOT
HVNSDCF   = ENCRYPTED PASSWORD
0         = USER GROUP NUMBER
0         = USER NUMBER
ROOT DIR  = NAME OF USER
/         = ROOT DIRECTORY

IN THE JOE LOGIN, THE LAST PART
“/BIN/JOE ” TELLS US WHICH DIRECTORY
IS HIS HOME DIRECTORY (JOE) IS.

IN THE “HAL” EXAMPLE THE LOGIN NAME IS
FOLLOWED BY 2 COLONS, THAT MEANS THAT
THERE IS NO PASSWORD NEEDED TO GET IN
USING HIS NAME.

CONCLUSION:  I HOPE THAT THIS FILE
WILL HELP OTHER NOVICE UNIX HACKERS
OBTAIN ACCESS TO THE UNIX/XENIX
SYSTEMS THAT THEY MAY FIND. THERE IS
STILL WIDE GROWTH IN THE FUTURE OF
UNIX, SO I HOPE USERS WILL NOT ABUSE
ANY SYSTEMS (UNIX OR ANY OTHERS) THAT
THEY MAY HAPPEN ACROSS ON THEIR
JOURNEY ACROSS THE ELECTRONIC HIGHWAYS  OF AMERICA.  THERE IS MUCH MORE TO BE  LEARNED ABOUT THE UNIX SYSTEM THAT I  HAVE NOT COVERED.  THEY MAY BE FOUND  BY BUYING A BOOK ON THE UNIX SYSTEM  (HOW I LEARNED) OR IN THE FUTURE  I MAY WRITE A PART II TO THIS……..   Downloaded from P-80 Systems……

**********************************************************************
|  The author hereby grants permission to reproduce, redistribute,   |
|  or include this file in your g-file section, electronic or print  |
|  newletter, or any other form of transmission that you choose, as  |
|  long as it is kept intact and whole, with no ommissions, delet-   |
|  ions, or changes.  (C) The Mentor- Phoenix Project Productions    |
|                                     2003,2004  XXX/XXX-XXXX        |
**********************************************************************

Introduction: The State of the Hack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After surveying a rather large g-file collection, my attention was drawn to
the fact that there hasn’t been a good introductory file written for absolute
beginners since back when Mark Tabas was cranking them out (and almost
*everyone* was a beginner!)  The Arts of Hacking and Phreaking have changed
radically since that time, and as the 90′s approach, the hack/phreak community
has recovered from the Summer ’87 busts (just like it recovered from the Fall
’85 busts, and like it will always recover from attempts to shut it down), and
the progressive media (from Reality Hackers magazine to William Gibson and
Bruce Sterling’s cyberpunk fables of hackerdom) is starting to take notice
of us for the first time in recent years in a positive light.
Unfortunately, it has also gotten more dangerous since the early 80′s.
Phone cops have more resources, more awareness, and more intelligence that they
exhibited in the past.  It is becoming more and more difficult to survive as
a hacker long enough to become skilled in the art.  To this end this file
is dedicated .  If it can help someone get started, and help them survive
to discover new systems and new information, it will have served it’s purpose,
and served as a partial repayment to all the people who helped me out when I
was a beginner.

Contents
~~~~~~~~
This file will be divided into four parts:
Part 1: What is Hacking, A Hacker’s Code of Ethics, Basic Hacking Safety
Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it,
Outdials, Network Servers, Private PADs
Part 3: Identifying a Computer, How to Hack In, Operating System
Defaults
Part 4: Conclusion- Final Thoughts, Books to Read, Boards to Call,
Acknowledgements

Part One: The Basics
~~~~~~~~~~~~~~~~~~~~
As long as there have been computers, there have been hackers.  In the 50′s
at the Massachusets Institute of Technology (MIT), students devoted much time
and energy to ingenious exploration of the computers.  Rules and the law were
disregarded in their pursuit for the ‘hack’.  Just as they were enthralled with
their pursuit of information, so are we.  The thrill of the hack is not in
breaking the law, it’s in the pursuit and capture of knowledge.
To this end, let me contribute my suggestions for guidelines to follow to
ensure that not only you stay out of trouble, but you pursue your craft without
damaging the computers you hack into or the companies who own them.

I.    Do not intentionally damage *any* system.
II.   Do not alter any system files other than ones needed to ensure your
escape from detection and your future access (Trojan Horses, Altering
Logs, and the like are all necessary to your survival for as long as
possible.)
III.  Do not leave your (or anyone else’s) real name, real handle, or real
phone number on any system that you access illegally.  They *can* and
will track you down from your handle!
IV.   Be careful who you share information with.  Feds are getting trickier.
Generally, if you don’t know their voice phone number, name, and
occupation or haven’t spoken with them voice on non-info trading
conversations, be wary.
V.    Do not leave your real phone number to anyone you don’t know.  This
includes logging on boards, no matter how k-rad they seem.  If you
don’t know the sysop, leave a note telling some trustworthy people
that will validate you.
VI.   Do not hack government computers.  Yes, there are government systems
that are safe to hack, but they are few and far between.  And the
government has inifitely more time and resources to track you down than
a company who has to make a profit and justify expenses.
VII.  Don’t use codes unless there is *NO* way around it (you don’t have a
local telenet or tymnet outdial and can’t connect to anything 800…)
You use codes long enough, you will get caught.  Period.
VIII. Don’t be afraid to be paranoid.  Remember, you *are* breaking the law.
It doesn’t hurt to store everything encrypted on your hard disk, or
keep your notes buried in the backyard or in the trunk of your car.
You may feel a little funny, but you’ll feel a lot funnier when you
when you meet Bruno, your transvestite cellmate who axed his family to
death.
IX.   Watch what you post on boards.  Most of the really great hackers in the
country post *nothing* about the system they’re currently working
except in the broadest sense (I’m working on a UNIX, or a COSMOS, or
something generic.  Not “I’m hacking into General Electric’s Voice Mail
System” or something inane and revealing like that.)
X.    Don’t be afraid to ask questions.  That’s what more experienced hackers
are for.  Don’t expect *everything* you ask to be answered, though.
There are some things (LMOS, for instance) that a begining hacker
shouldn’t mess with.  You’ll either get caught, or screw it up for
others, or both.
XI.   Finally, you have to actually hack.  You can hang out on boards all you
want, and you can read all the text files in the world, but until you
actually start doing it, you’ll never know what it’s all about.  There’s
no thrill quite the same as getting into your first system (well, ok,
I can think of a couple of bigger thrills, but you get the picture.)

One of the safest places to start your hacking career is on a computer
system belonging to a college.  University computers have notoriously lax
security, and are more used to hackers, as every college computer depart-
ment has one or two, so are less likely to press charges if you should
be detected.  But the odds of them detecting you and having the personel to
committ to tracking you down are slim as long as you aren’t destructive.
If you are already a college student, this is ideal, as you can legally
explore your computer system to your heart’s desire, then go out and look
for similar systems that you can penetrate with confidence, as you’re already
familar with them.
So if you just want to get your feet wet, call your local college.  Many of
them will provide accounts for local residents at a nominal (under $20) charge.
Finally, if you get caught, stay quiet until you get a lawyer.  Don’t vol-
unteer any information, no matter what kind of ‘deals’ they offer you.
Nothing is binding unless you make the deal through your lawyer, so you might
as well shut up and wait.

Part Two: Networks
~~~~~~~~~~~~~~~~~~
The best place to begin hacking (other than a college) is on one of the
bigger networks such as Telenet.  Why?  First, there is a wide variety of
computers to choose from, from small Micro-Vaxen to huge Crays.  Second, the
networks are fairly well documented.  It’s easier to find someone who can help
you with a problem off of Telenet than it is to find assistance concerning your
local college computer or high school machine.  Third, the networks are safer.
Because of the enormous number of calls that are fielded every day by the big
networks, it is not financially practical to keep track of where every call and
connection are made from.  It is also very easy to disguise your location using
the network, which makes your hobby much more secure.
Telenet has more computers hooked to it than any other system in the world
once you consider that from Telenet you have access to Tymnet, ItaPAC, JANET,
DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of
which you can connect to from your terminal.
The first step that you need to take is to identify your local dialup port.
This is done by dialing 1-800-424-9494 (1200 7E1) and connecting.  It will
spout some garbage at you and then you’ll get a prompt saying ‘TERMINAL=’.
This is your terminal type.  If you have vt100 emulation, type it in now.  Or
just hit return and it will default to dumb terminal mode.
You’ll now get a prompt that looks like a @.  From here, type @c mail <cr>
and then it will ask for a Username.  Enter ‘phones’ for the username. When it
asks for a password, enter ‘phones’ again.  From this point, it is menu
driven.  Use this to locate your local dialup, and call it back locally.  If
you don’t have a local dialup, then use whatever means you wish to connect to
one long distance (more on this later.)
When you call your local dialup, you will once again go through the
TERMINAL= stuff, and once again you’ll be presented with a @.  This prompt lets
you know you are connected to a Telenet PAD.  PAD stands for either Packet
Assembler/Disassembler (if you talk to an engineer), or Public Access Device
(if you talk to Telenet’s marketing people.)  The first description is more
correct.
Telenet works by taking the data you enter in on the PAD you dialed into,
bundling it into a 128 byte chunk (normally… this can be changed), and then
transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who
then takes the data and hands it down to whatever computer or system it’s
connected to.  Basically, the PAD allows two computers that have different baud
rates or communication protocols to communicate with each other over a long
distance.  Sometimes you’ll notice a time lag in the remote machines response.
This is called PAD Delay, and is to be expected when you’re sending data
through several different links.
What do you do with this PAD?  You use it to connect to remote computer
systems by typing ‘C’ for connect and then the Network User Address (NUA) of
the system you want to go to.
An NUA takes the form of   031103130002520
\___/\___/\___/
|    |    |
|    |    |____ network address
|    |_________ area prefix
|______________ DNIC

This is a summary of DNIC’s (taken from Blade Runner’s file on ItaPAC)
according to their country and network name.

DNIC   Network Name    Country          DNIC   Network Name    Country
_______________________________________________________________________________
|
02041   Datanet 1       Netherlands  |  03110   Telenet         USA
02062   DCS             Belgium      |  03340   Telepac         Mexico
02080   Transpac        France       |  03400   UDTS-Curacau    Curacau
02284   Telepac         Switzerland  |  04251   Isranet         Israel
02322   Datex-P         Austria      |  04401   DDX-P           Japan
02329   Radaus          Austria      |  04408   Venus-P         Japan
02342   PSS             UK           |  04501   Dacom-Net       South Korea
02382   Datapak         Denmark      |  04542   Intelpak        Singapore
02402   Datapak         Sweden       |  05052   Austpac         Australia
02405   Telepak         Sweden       |  05053   Midas           Australia
02442   Finpak          Finland      |  05252   Telepac         Hong Kong
02624   Datex-P         West Germany |  05301   Pacnet          New Zealand
02704   Luxpac          Luxembourg   |  06550   Saponet         South Africa
02724   Eirpak          Ireland      |  07240   Interdata       Brazil
03020   Datapac         Canada       |  07241   Renpac          Brazil
03028   Infogram        Canada       |  09000   Dialnet         USA
03103   ITT/UDTS        USA          |  07421   Dompac          French Guiana
03106   Tymnet          USA          |

There are two ways to find interesting addresses to connect to.  The first
and easiest way is to obtain a copy of the LOD/H Telenet Directory from the
LOD/H Technical Journal #4 or 2600 Magazine.  Jester Sluggo also put out a good
list of non-US addresses in Phrack Inc. Newsletter Issue 21.  These files will
tell you the NUA, whether it will accept collect calls or not, what type of
computer system it is (if known) and who it belongs to (also if known.)
The second method of locating interesting addresses is to scan for them
manually.  On Telenet, you do not have to enter the 03110 DNIC to connect to a
Telenet host.  So if you saw that 031104120006140 had a VAX on it you wanted to
look at, you could type @c 412 614 (0′s can be ignored most of the time.)
If this node allows collect billed connections, it will say 412 614
CONNECTED and then you’ll possibly get an identifying header or just a
Username: prompt.  If it doesn’t allow collect connections, it will give you a
message such as 412 614 REFUSED COLLECT CONNECTION with some error codes out to
the right, and return you to the @ prompt.
There are two primary ways to get around the REFUSED COLLECT message.  The
first is to use a Network User Id (NUI) to connect.  An NUI is a username/pw
combination that acts like a charge account on Telenet.  To collect to node
412 614 with NUI junk4248, password 525332, I’d type the following:
@c 412 614,junk4248,525332  <—- the 525332 will *not* be echoed to the
screen.  The problem with NUI’s is that they’re hard to come by unless you’re
a good social engineer with a thorough knowledge of Telenet (in which case
you probably aren’t reading this section), or you have someone who can
provide you with them.
The second way to connect is to use a private PAD, either through an X.25
PAD or through something like Netlink off of a Prime computer (more on these
two below.)
The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area
Code that the computer is located in (i.e. 713 xxx would be a computer in
Houston, Texas.)  If there’s a particular area you’re interested in, (say,
New York City 914), you could begin by typing @c 914 001 <cr>.  If it connects,
you make a note of it and go on to 914 002.  You do this until you’ve found
some interesting systems to play with.
Not all systems are on a simple xxx yyy address.  Some go out to four or
five digits (914 2354), and some have decimal or numeric extensions
(422 121A = 422 121.01).  You have to play with them, and you never know what
you’re going to find.  To fully scan out a prefix would take ten million
attempts per prefix.  For example, if I want to scan 512 completely, I’d have
to start with 512 00000.00 and go through 512 00000.99, then increment the
address by 1 and try 512 00001.00 through 512 00001.99.  A lot of scanning.
There are plenty of neat computers to play with in a 3-digit scan, however,
so don’t go berserk with the extensions.
Sometimes you’ll attempt to connect and it will just be sitting there after
one or two minutes.  In this case, you want to abort the connect attempt by
sending a hard break (this varies with different term programs, on Procomm,
it’s ALT-B), and then when you get the @ prompt back, type ‘D’ for disconnect.
If you connect to a computer and wish to disconnect, you can type <cr> @
<cr> and you it should say TELENET and then give you the @ prompt.  From there,
type D to disconnect or CONT to re-connect and continue your session
uninterrupted.

Outdials, Network Servers, and PADs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to computers, an NUA may connect you to several other things.
One of the most useful is the outdial.  An outdial is nothing more than a modem
you can get to over telenet- similar to the PC Pursuit concept, except that
these don’t have passwords on them most of the time.
When you connect, you will get a message like ‘Hayes 1200 baud outdial,
Detroit, MI’, or ‘VEN-TEL 212 Modem’, or possibly ‘Session 1234 established
on Modem 5588′.  The best way to figure out the commands on these is to
type ? or H or HELP- this will get you all the information that you need to
use one.
Safety tip here- when you are hacking *any* system through a phone dialup,
always use an outdial or a diverter, especially if it is a local phone number
to you.  More people get popped hacking on local computers than you can
imagine, Intra-LATA calls are the easiest things in the world to trace inexp-
ensively.
Another nice trick you can do with an outdial is use the redial or macro
function that many of them have.  First thing you do when you connect is to
invoke the ‘Redial Last Number’ facility.  This will dial the last number used,
which will be the one the person using it before you typed.  Write down the
number, as no one would be calling a number without a computer on it.  This
is a good way to find new systems to hack.  Also, on a VENTEL modem, type ‘D’
for Display and it will display the five numbers stored as macros in the
modem’s memory.
There are also different types of servers for remote Local Area Networks
(LAN) that have many machine all over the office or the nation connected to
them.  I’ll discuss identifying these later in the computer ID section.
And finally, you may connect to something that says ‘X.25 Communication
PAD’ and then some more stuff, followed by a new @ prompt.  This is a PAD
just like the one you are on, except that all attempted connections are billed
to the PAD, allowing you to connect to those nodes who earlier refused collect
connections.
This also has the added bonus of confusing where you are connecting from.
When a packet is transmitted from PAD to PAD, it contains a header that has
the location you’re calling from.  For instance, when you first connected
to Telenet, it might have said 212 44A CONNECTED if you called from the 212
area code.  This means you were calling PAD number 44A in the 212 area.
That 21244A will be sent out in the header of all packets leaving the PAD.
Once you connect to a private PAD, however, all the packets going out
from *it* will have it’s address on them, not yours.  This can be a valuable
buffer between yourself and detection.

Phone Scanning
~~~~~~~~~~~~~~
Finally, there’s the time-honored method of computer hunting that was made
famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie
Wargames.  You pick a three digit phone prefix in your area and dial every
number from 0000 –> 9999 in that prefix, making a note of all the carriers
you find.  There is software available to do this for nearly every computer
in the world, so you don’t have to do it by hand.

Part Three: I’ve Found a Computer, Now What?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This next section is applicable universally.  It doesn’t matter how you
found this computer, it could be through a network, or it could be from
carrier scanning your High School’s phone prefix, you’ve got this prompt
this prompt, what the hell is it?
I’m *NOT* going to attempt to tell you what to do once you’re inside of
any of these operating systems.  Each one is worth several G-files in its
own right.  I’m going to tell you how to identify and recognize certain
OpSystems, how to approach hacking into them, and how to deal with something
that you’ve never seen before and have know idea what it is.

VMS-       The VAX computer is made by Digital Equipment Corporation (DEC),
and runs the VMS (Virtual Memory System) operating system.
VMS is characterized by the ‘Username:’ prompt.  It will not tell
you if you’ve entered a valid username or not, and will disconnect
you after three bad login attempts.  It also keeps track of all
failed login attempts and informs the owner of the account next time
s/he logs in how many bad login attempts were made on the account.
It is one of the most secure operating systems around from the
outside, but once you’re in there are many things that you can do
to circumvent system security.  The VAX also has the best set of
help files in the world.  Just type HELP and read to your heart’s
content.
Common Accounts/Defaults:  [username: password [[,password]] ]
SYSTEM:     OPERATOR or MANAGER or SYSTEM or SYSLIB
OPERATOR:   OPERATOR
SYSTEST:    UETP
SYSMAINT:   SYSMAINT or SERVICE or DIGITAL
FIELD:      FIELD or SERVICE
GUEST:      GUEST or unpassworded
DEMO:       DEMO  or unpassworded
DECNET:     DECNET

DEC-10-    An earlier line of DEC computer equipment, running the TOPS-10
operating system.  These machines are recognized by their
‘.’ prompt.  The DEC-10/20 series are remarkably hacker-friendly,
allowing you to enter several important commands without ever
logging into the system.  Accounts are in the format [xxx,yyy] where
xxx and yyy are integers.  You can get a listing of the accounts and
the process names of everyone on the system before logging in with
the command .systat (for SYstem STATus).  If you seen an account
that reads [234,1001]   BOB JONES, it might be wise to try BOB or
JONES or both for a password on this account.  To login, you type
.login xxx,yyy  and then type the password when prompted for it.
The system will allow you unlimited tries at an account, and does
not keep records of bad login attempts.  It will also inform you
if the UIC you’re trying (UIC = User Identification Code, 1,2 for
example) is bad.
Common Accounts/Defaults:
1,2:        SYSLIB or OPERATOR or MANAGER
2,7:        MAINTAIN
5,30:       GAMES

UNIX-      There are dozens of different machines out there that run UNIX.
While some might argue it isn’t the best operating system in the
world, it is certainly the most widely used.  A UNIX system will
usually have a prompt like ‘login:’ in lower case.  UNIX also
will give you unlimited shots at logging in (in most cases), and
there is usually no log kept of bad attempts.
Common Accounts/Defaults: (note that some systems are case
sensitive, so use lower case as a general rule.  Also, many times
the accounts will be unpassworded, you’ll just drop right in!)
root:       root
admin:      admin
sysadmin:   sysadmin or admin
unix:       unix
uucp:       uucp
rje:        rje
guest:      guest
demo:       demo
daemon:     daemon
sysbin:     sysbin

Prime-     Prime computer company’s mainframe running the Primos operating
system.  The are easy to spot, as the greet you with
‘Primecon 18.23.05′ or the like, depending on the version of the
operating system you run into.  There will usually be no prompt
offered, it will just look like it’s sitting there.  At this point,
type ‘login <username>’.  If it is a pre-18.00.00 version of Primos,
you can hit a bunch of ^C’s for the password and you’ll drop in.
Unfortunately, most people are running versions 19+.  Primos also
comes with a good set of help files.  One of the most useful
features of a Prime on Telenet is a facility called NETLINK.  Once
you’re inside, type NETLINK and follow the help files.  This allows
you to connect to NUA’s all over the world using the ‘nc’ command.
For example, to connect to NUA 026245890040004, you would type
@nc :26245890040004 at the netlink prompt.
Common Accounts/Defaults:
PRIME       PRIME or PRIMOS
PRIMOS_CS   PRIME or PRIMOS
PRIMENET    PRIMENET
SYSTEM      SYSTEM or PRIME
NETLINK     NETLINK
TEST        TEST
GUEST       GUEST
GUEST1      GUEST

HP-x000-   This system is made by Hewlett-Packard.  It is characterized by the
‘:’ prompt.  The HP has one of the more complicated login sequences
around- you type ‘HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP’.
Fortunately, some of these fields can be left blank in many cases.
Since any and all of these fields can be passworded, this is not
the easiest system to get into, except for the fact that there are
usually some unpassworded accounts around.  In general, if the
defaults don’t work, you’ll have to brute force it using the
common password list (see below.)  The HP-x000 runs the MPE operat-
ing system, the prompt for it will be a ‘:’, just like the logon
prompt.
Common Accounts/Defaults:
MGR.TELESUP,PUB                      User: MGR Acct: HPONLY Grp: PUB
MGR.HPOFFICE,PUB                     unpassworded
MANAGER.ITF3000,PUB                  unpassworded
FIELD.SUPPORT,PUB                    user: FLD,  others unpassworded
MAIL.TELESUP,PUB                     user: MAIL, others
unpassworded
MGR.RJE                              unpassworded
FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96   unpassworded
MGR.TELESUP,PUB,HPONLY,HP3           unpassworded

IRIS-      IRIS stands for Interactive Real Time Information System.  It orig-
inally ran on PDP-11′s, but now runs on many other minis.  You can
spot an IRIS by the ‘Welcome to “IRIS” R9.1.4 Timesharing’ banner,
and the ACCOUNT ID? prompt.  IRIS allows unlimited tries at hacking
in, and keeps no logs of bad attempts.  I don’t know any default
passwords, so just try the common ones from the password database
below.
Common Accounts:
MANAGER
BOSS
SOFTWARE
DEMO
PDP8
PDP11
ACCOUNTING

VM/CMS-    The VM/CMS operating system runs in International Business Machines
(IBM) mainframes.  When you connect to one of these, you will get
message similar to ‘VM/370 ONLINE’, and then give you a ‘.’ prompt,
just like TOPS-10 does.  To login, you type ‘LOGON <username>’.
Common Accounts/Defaults are:
AUTOLOG1:            AUTOLOG or AUTOLOG1
CMS:                 CMS
CMSBATCH:            CMS or CMSBATCH
EREP:                EREP
MAINT:               MAINT or MAINTAIN
OPERATNS:            OPERATNS or OPERATOR
OPERATOR:            OPERATOR
RSCS:                RSCS
SMART:               SMART
SNA:                 SNA
VMTEST:              VMTEST
VMUTIL:              VMUTIL
VTAM:                VTAM

NOS-       NOS stands for Networking Operating System, and runs on the Cyber
computer made by Control Data Corporation.  NOS identifies itself
quite readily, with a banner of ‘WELCOME TO THE NOS SOFTWARE
SYSTEM.  COPYRIGHT CONTROL DATA 1978,1987′.  The first prompt you
will get will be FAMILY:.  Just hit return here.  Then you’ll get
a USER NAME: prompt.  Usernames are typically 7 alpha-numerics
characters long, and are *extremely* site dependent. Operator
accounts begin with a digit, such as 7ETPDOC.
Common Accounts/Defaults:
$SYSTEM              unknown
SYSTEMV              unknown

Decserver- This is not truly a computer system, but is a network server that
has many different machines available from it.  A Decserver will
say ‘Enter Username>’ when you first connect.  This can be anything,
it doesn’t matter, it’s just an identifier.  Type ‘c’, as this is
the least conspicuous thing to enter.  It will then present you
with a ‘Local>’ prompt.  From here, you type ‘c <systemname>’ to
connect to a system.  To get a list of system names, type
‘sh services’ or ‘sh nodes’.  If you have any problems, online
help is available with the ‘help’ command.  Be sure and look for
services named ‘MODEM’ or ‘DIAL’ or something similar, these are
often outdial modems and can be useful!

GS/1-      Another type of network server.  Unlike a Decserver, you can’t
predict what prompt a GS/1 gateway is going to give you.  The
default prompt it ‘GS/1>’, but this is redifinable by the
system administrator.  To test for a GS/1, do a ‘sh d’.  If that
prints out a large list of defaults (terminal speed, prompt,
parity, etc…), you are on a GS/1.  You connect in the same manner
as a Decserver, typing ‘c <systemname>’.  To find out what systems
are available, do a ‘sh n’ or a ‘sh c’.  Another trick is to do a
‘sh m’, which will sometimes show you a list of macros for logging
onto a system.  If there is a macro named VAX, for instance, type
‘do VAX’.

The above are the main system types in use today.  There are
hundreds of minor variants on the above, but this should be
enough to get you started.

Unresponsive Systems
~~~~~~~~~~~~~~~~~~~~
Occasionally you will connect to a system that will do nothing but sit
there.  This is a frustrating feeling, but a methodical approach to the system
will yield a response if you take your time.  The following list will usually
make *something* happen.
1)  Change your parity, data length, and stop bits.  A system that won’t re-
spond at 8N1 may react at 7E1 or 8E2 or 7S2.  If you don’t have a term
program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,
with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.
While having a good term program isn’t absolutely necessary, it sure is
helpful.
2)  Change baud rates.  Again, if your term program will let you choose odd
baud rates such as 600 or 1100, you will occasionally be able to penetrate
some very interesting systems, as most systems that depend on a strange
baud rate seem to think that this is all the security they need…
3)  Send a series of <cr>’s.
4)  Send a hard break followed by a <cr>.
5)  Type a series of .’s (periods).  The Canadian network Datapac responds
to this.
6)  If you’re getting garbage, hit an ‘i’.  Tymnet responds to this, as does
a MultiLink II.
7)  Begin sending control characters, starting with ^A –> ^Z.
8)  Change terminal emulations.  What your vt100 emulation thinks is garbage
may all of a sudden become crystal clear using ADM-5 emulation.  This also
relates to how good your term program is.
9)  Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,
JOIN, HELP, and anything else you can think of.
10) If it’s a dialin, call the numbers around it and see if a company
answers.  If they do, try some social engineering.

Brute Force Hacking
~~~~~~~~~~~~~~~~~~~
There will also be many occasions when the default passwords will not work
on an account.  At this point, you can either go onto the next system on your
list, or you can try to ‘brute-force’ your way in by trying a large database
of passwords on that one account.  Be careful, though!  This works fine on
systems that don’t keep track of invalid logins, but on a system like a VMS,
someone is going to have a heart attack if they come back and see ’600 Bad
Login Attempts Since Last Session’ on their account.  There are also some
operating systems that disconnect after ‘x’ number of invalid login attempts
and refuse to allow any more attempts for one hour, or ten minutes, or some-
times until the next day.
The following list is taken from my own password database plus the data-
base of passwords that was used in the Internet UNIX Worm that was running
around in November of 1988.  For a shorter group, try first names, computer
terms, and obvious things like ‘secret’, ‘password’, ‘open’, and the name
of the account.  Also try the name of the company that owns the computer
system (if known), the company initials, and things relating to the products
the company makes or deals with.

Password List
=============

aaa                daniel             jester             rascal
academia           danny              johnny             really
ada                dave               joseph             rebecca
adrian             deb                joshua             remote
aerobics           debbie             judith             rick
airplane           deborah            juggle             reagan
albany             december           julia              robot
albatross          desperate          kathleen           robotics
albert             develop            kermit             rolex
alex               diet               kernel             ronald
alexander          digital            knight             rosebud
algebra            discovery          lambda             rosemary
alias              disney             larry              roses
alpha              dog                lazarus            ruben
alphabet           drought            lee                rules
ama                duncan             leroy              ruth
amy                easy               lewis              sal
analog             eatme              light              saxon
anchor             edges              lisa               scheme
andy               edwin              louis              scott
andrea             egghead            lynne              scotty
animal             eileen             mac                secret
answer             einstein           macintosh          sensor
anything           elephant           mack               serenity
arrow              elizabeth          maggot             sex
arthur             ellen              magic              shark
asshole            emerald            malcolm            sharon
athena             engine             mark               shit
atmosphere         engineer           markus             shiva
bacchus            enterprise         marty              shuttle
badass             enzyme             marvin             simon
bailey             euclid             master             simple
banana             evelyn             maurice            singer
bandit             extension          merlin             single
banks              fairway            mets               smile
bass               felicia            michael            smiles
batman             fender             michelle           smooch
beauty             fermat             mike               smother
beaver             finite             minimum            snatch
beethoven          flower             minsky             snoopy
beloved            foolproof          mogul              soap
benz               football           moose              socrates
beowulf            format             mozart             spit
berkeley           forsythe           nancy              spring
berlin             fourier            napoleon           subway
beta               fred               network            success
beverly            friend             newton             summer
bob                frighten           next               super
brenda             fun                olivia             support
brian              gabriel            oracle             surfer
bridget            garfield           orca               suzanne
broadway           gauss              orwell             tangerine
bumbling           george             osiris             tape
cardinal           gertrude           outlaw             target
carmen             gibson             oxford             taylor
carolina           ginger             pacific            telephone
caroline           gnu                painless           temptation
castle             golf               pam                tiger
cat                golfer             paper              toggle
celtics            gorgeous           password           tomato
change             graham             pat                toyota
charles            gryphon            patricia           trivial
charming           guest              penguin            unhappy
charon             guitar             pete               unicorn
chester            hacker             peter              unknown
cigar              harmony            philip             urchin
classic            harold             phoenix            utility
coffee             harvey             pierre             vicky
coke               heinlein           pizza              virginia
collins            hello              plover             warren
comrade            help               polynomial         water
computer           herbert            praise             weenie
condo              honey              prelude            whatnot
condom             horse              prince             whitney
cookie             imperial           protect            will
cooper             include            pumpkin            william
create             ingres             puppet             willie
creation           innocuous          rabbit             winston
creator            irishman           rachmaninoff       wizard
cretin             isis               rainbow            wombat
daemon             japan              raindrop           yosemite
dancer             jessica            random             zap

Part Four: Wrapping it up!
~~~~~~~~~~~~~~~~~~~~~~~~~~
I hope this file has been of some help in getting started.  If you’re
asking yourself the question ‘Why hack?’, then you’ve probably wasted a lot
of time reading this, as you’ll never understand.  For those of you who
have read this and found it useful, please send a tax-deductible donation
of $5.00 (or more!) in the name of the Legion of Doom to:
The American Cancer Society
90 Park Avenue
New York, NY  10016

******************************************************************************
References:
1) Introduction to ItaPAC by Blade Runner
Telecom Security Bulletin #1
2) The IBM VM/CMS Operating System by Lex Luthor
The LOD/H Technical Journal #2
3) Hacking the IRIS Operating System by The Leftist
The LOD/H Technical Journal #3
4) Hacking CDC’s Cyber by Phrozen Ghost
Phrack Inc. Newsletter #18
5) USENET comp.risks digest (various authors, various issues)
6) USENET unix.wizards forum (various authors)
7) USENET info-vax forum (various authors)

Recommended Reading:
1) Hackers by Steven Levy
2) Out of the Inner Circle by Bill Landreth
3) Turing’s Man by J. David Bolter
4) Soul of a New Machine by Tracy Kidder
5) Neuromancer, Count Zero, Mona Lisa Overdrive, and Burning Chrome, all
by William Gibson
6) Reality Hackers Magazine c/o High Frontiers, P.O. Box 40271, Berkeley,
California, 94704, 415-995-2606
7) Any of the Phrack Inc. Newsletters & LOD/H Technical Journals you can find.

Acknowledgements:
Thanks to my wife for putting up with me.
Thanks to Lone Wolf for the RSTS & TOPS assistance.
Thanks to Android Pope for proofreading, suggestions, and beer.
Thanks to The Urvile/Necron 99 for proofreading & Cyber info.
Thanks to Eric Bloodaxe for wading through all the trash.
Thanks to the users of Phoenix Project for their contributions.
Thanks to Altos Computer Systems, Munich, for the chat system.
Thanks to the various security personel who were willing to talk to
me about how they operate.


f*p://195.135.232.80/Books/design/8.books.Maya.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/A.Short.Course.in.Digital.Photography.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Adobe.Creative.Suite.Keyboard.Shortcuts.[by.KiN_www.netz.ru]_3,1.MB.rar
f*p://195.135.232.80/Books/design/Adobe.Photoshop.CS.in.10.Simple.Steps.or.Less.(2004).[by.KiN_www.netz.ru]_7,84 MB.rar
f*p://195.135.232.80/Books/design/Adobe.Photoshop.Tutorial.7.Day.Course.html.a.[28.84.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Advanced.3D.Photorealism.Techniques[9,76.MB_RUS_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Bill.Flemming.Advanced.3D.Photorealism.Techniques.[RUS].[by.KiN_www.netz.ru]_9,75 MB.rar
f*p://195.135.232.80/Books/design/Bryce.5.Manual.[by.KiN_www.netz.ru_4.01MB].rar
f*p://195.135.232.80/Books/design/Corel.103.tutorials.RUS.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Designing Secure Web-Based Applications for Windows 2000.zip
f*p://195.135.232.80/Books/design/DHTML.Weekend.Crash.Course[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Digital.Photography.Hacks.[by.KiN_www.netz.ru]_11,76.MB.rar
f*p://195.135.232.80/Books/design/How.To.Do.Everything.With.Illustrator.[by.KiN_www.netz.ru]_30,58.MB.rar
f*p://195.135.232.80/Books/design/How.To.Do.Everything.With.Photoshop.7.[by.KiN_www.netz.ru]_9,8 MB.rar
f*p://195.135.232.80/Books/design/How.To.Draw.Anime.Photoshop.Coloring.Tips.[by.KiN_www.netz.ru]_773 kB.rar
f*p://195.135.232.80/Books/design/How.To.Draw.Manga.Photoshop.Techniques.[by.KiN_www.netz.ru]_343 kB.rar
f*p://195.135.232.80/Books/design/How.To.Use.Adobe.Photoshop.7.[by.KiN_www.netz.ru]_14,66 MB.rar
f*p://195.135.232.80/Books/design/HTML.4.01.Weekend.Crash.Course[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/HTML.Complete.Course.[by.KiN_www.netz.ru]_26,79.MB.rar
f*p://195.135.232.80/Books/design/Learn.How.To.Draw.[by.KiN_www.netz.ru]_1,61.MB.rar
f*p://195.135.232.80/Books/design/Learn.HTML4.In.a.Weekend.[by.KiN_www.netz.ru]_11,02.MB.rar
f*p://195.135.232.80/Books/design/Learning.Macromedia.FlashMX.2004[658.kB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Dreamweaver.4.Bible[8,86.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Dreamweaver.MX.2004.Web.Application.Recipes[6,5.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Flash.MX.2004.ActionScript.Reference.Guide.rar
f*p://195.135.232.80/Books/design/Macromedia.Flash.MX.2004.Using.Components.rar
f*p://195.135.232.80/Books/design/Macromedia.Flashmx.Actionscript.Reference.Guide.2004[2,66.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Flashmx.Using.Components.2004[979.kB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Press.Macromedia.Dreamweaver.MX.Dynamic.Applications.[10.46.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/New.Riders.Photoshop.7.Power.Shortcuts.[by.KiN_www.netz.ru]_3,5 MB.rar
f*p://195.135.232.80/Books/design/NewRiders.MacromediaDreamweaverMx2004WebApplicationRecipes(6,5MB_www.netz.ru).rar f*p://195.135.232.80/Books/design/PhotoShop.&.Illustrator.Tutorial.[14.37.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Photoshop.6.Bible.[13.95.MB_www.netz.ru].rar f*p://195.135.232.80/Books/design/Photoshop.75.tutorial.RUS.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Photoshop.CS.Tips.and.Tricks.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Photoshop.Rus.4-18[6.5Mb,_www.netz.ru].rar

http://www.pcmag.com/article2/0,4149,1306756,00.asp

excl.gif No Active Links, Read the Rules – Edit by Ninja excl.gif

Google is clearly the best general-purpose search engine on the Web (see

www.pcmag.com/searchengines

But most people don’t use it to its best advantage. Do you just plug in a keyword or two and hope for the best? That may be the quickest way to search, but with more than 3 billion pages in Google’s index, it’s still a struggle to pare results to a manageable number.

But Google is an remarkably powerful tool that can ease and enhance your Internet exploration. Google’s search options go beyond simple keywords, the Web, and even its own programmers. Let’s look at some of Google’s lesser-known options.

Syntax Search Tricks

Using a special syntax is a way to tell Google that you want to restrict your searches to certain elements or characteristics of Web pages. Google has a fairly complete list of its syntax elements at

www.google.com/help/operators.html

. Here are some advanced operators that can help narrow down your search results.

Intitle: at the beginning of a query word or phrase (intitle:”Three Blind Mice”) restricts your search results to just the titles of Web pages.

Intext: does the opposite of intitle:, searching only the body text, ignoring titles, links, and so forth. Intext: is perfect when what you’re searching for might commonly appear in URLs. If you’re looking for the term HTML, for example, and you don’t want to get results such as

www.mysite.com/index.html

, you can enter intext:html.

Link: lets you see which pages are linking to your Web page or to another page you’re interested in. For example, try typing in

link:http://www.pcmag.com

Try using site: (which restricts results to top-level domains) with intitle: to find certain types of pages. For example, get scholarly pages about Mark Twain by searching for intitle:”Mark Twain”site:edu. Experiment with mixing various elements; you’ll develop several strategies for finding the stuff you want more effectively. The site: command is very helpful as an alternative to the mediocre search engines built into many sites.

Swiss Army Google

Google has a number of services that can help you accomplish tasks you may never have thought to use Google for. For example, the new calculator feature

(www.google.com/help/features.html#calculator)

lets you do both math and a variety of conversions from the search box. For extra fun, try the query “Answer to life the universe and everything.”

Let Google help you figure out whether you’ve got the right spelling—and the right word—for your search. Enter a misspelled word or phrase into the query box (try “thre blund mise”) and Google may suggest a proper spelling. This doesn’t always succeed; it works best when the word you’re searching for can be found in a dictionary. Once you search for a properly spelled word, look at the results page, which repeats your query. (If you’re searching for “three blind mice,” underneath the search window will appear a statement such as Searched the web for “three blind mice.”) You’ll discover that you can click on each word in your search phrase and get a definition from a dictionary.

Suppose you want to contact someone and don’t have his phone number handy. Google can help you with that, too. Just enter a name, city, and state. (The city is optional, but you must enter a state.) If a phone number matches the listing, you’ll see it at the top of the search results along with a map link to the address. If you’d rather restrict your results, use rphonebook: for residential listings or bphonebook: for business listings. If you’d rather use a search form for business phone listings, try Yellow Search

(www.buzztoolbox.com/google/yellowsearch.shtml).

Extended Googling

Google offers several services that give you a head start in focusing your search. Google Groups

(http://groups.google.com)

indexes literally millions of messages from decades of discussion on Usenet. Google even helps you with your shopping via two tools: Froogle
CODE
(http://froogle.google.com),

which indexes products from online stores, and Google Catalogs
CODE
(http://catalogs.google.com),

which features products from more 6,000 paper catalogs in a searchable index. And this only scratches the surface. You can get a complete list of Google’s tools and services at

www.google.com/options/index.html

You’re probably used to using Google in your browser. But have you ever thought of using Google outside your browser?

Google Alert

(www.googlealert.com)

monitors your search terms and e-mails you information about new additions to Google’s Web index. (Google Alert is not affiliated with Google; it uses Google’s Web services API to perform its searches.) If you’re more interested in news stories than general Web content, check out the beta version of Google News Alerts

(www.google.com/newsalerts).

This service (which is affiliated with Google) will monitor up to 50 news queries per e-mail address and send you information about news stories that match your query. (Hint: Use the intitle: and source: syntax elements with Google News to limit the number of alerts you get.)

Google on the telephone? Yup. This service is brought to you by the folks at Google Labs

(http://labs.google.com),

a place for experimental Google ideas and features (which may come and go, so what’s there at this writing might not be there when you decide to check it out). With Google Voice Search

(http://labs1.google.com/gvs.html),

you dial the Voice Search phone number, speak your keywords, and then click on the indicated link. Every time you say a new search term, the results page will refresh with your new query (you must have JavaScript enabled for this to work). Remember, this service is still in an experimental phase, so don’t expect 100 percent success.

In 2002, Google released the Google API (application programming interface), a way for programmers to access Google’s search engine results without violating the Google Terms of Service. A lot of people have created useful (and occasionally not-so-useful but interesting) applications not available from Google itself, such as Google Alert. For many applications, you’ll need an API key, which is available free from
CODE
www.google.com/apis

. See the figures for two more examples, and visit

www.pcmag.com/solutions

for more.

Thanks to its many different search properties, Google goes far beyond a regular search engine. Give the tricks in this article a try. You’ll be amazed at how many different ways Google can improve your Internet searching.

Online Extra: More Google Tips

Here are a few more clever ways to tweak your Google searches.

Search Within a Timeframe

Daterange: (start date–end date). You can restrict your searches to pages that were indexed within a certain time period. Daterange: searches by when Google indexed a page, not when the page itself was created. This operator can help you ensure that results will have fresh content (by using recent dates), or you can use it to avoid a topic’s current-news blizzard and concentrate only on older results. Daterange: is actually more useful if you go elsewhere to take advantage of it, because daterange: requires Julian dates, not standard Gregorian dates. You can find converters on the Web (such as

CODE
http://aa.usno.navy.mil/data/docs/JulianDate.html

excl.gif No Active Links, Read the Rules – Edit by Ninja excl.gif

), but an easier way is to do a Google daterange: search by filling in a form at

www.researchbuzz.com/toolbox/goofresh.shtml or www.faganfinder.com/engines/google.shtml

. If one special syntax element is good, two must be better, right? Sometimes. Though some operators can’t be mixed (you can’t use the link: operator with anything else) many can be, quickly narrowing your results to a less overwhelming number.

More Google API Applications

Staggernation.com offers three tools based on the Google API. The Google API Web Search by Host (GAWSH) lists the Web hosts of the results for a given query

(www.staggernation.com/gawsh/).

When you click on the triangle next to each host, you get a list of results for that host. The Google API Relation Browsing Outliner (GARBO) is a little more complicated: You enter a URL and choose whether you want pages that related to the URL or linked to the URL

(www.staggernation.com/garbo/).

Click on the triangle next to an URL to get a list of pages linked or related to that particular URL. CapeMail is an e-mail search application that allows you to send an e-mail to google@capeclear.com with the text of your query in the subject line and get the first ten results for that query back. Maybe it’s not something you’d do every day, but if your cell phone does e-mail and doesn’t do Web browsing, this is a very handy address to know.

For those of you planning on using a flat file system, you can skip this section. For the rest of us, we want to create a MySQL database table that holds user information, here it is:

CREATE TABLE users (
username varchar(30),
password varchar(32));

Of course this table can be modified according to your needs, however the password field must not be less than 32 because it has to store the md5 encrypted versions of passwords which are 32 bytes.
database.php

This file will contain the code that connects you to your MySQL database and the functions that access user information, you need to modify this to show your MySQL username, password and database.

Allow Users to Sign-Up

Before we can login users, we need users. Here we will focus on the code that allows users to sign-up, registering their username and password.
register.php

0);
}

/**
* Inserts the given (username, password) pair
* into the database. Returns true on success,
* false otherwise.
*/
function addNewUser($username, $password){
global $conn;
$q = “INSERT INTO users VALUES (‘$username’, ‘$password’)”;
return mysql_query($q,$conn);
}

/**
* Displays the appropriate message to the user
* after the registration attempt. It displays a
* success or failure status depending on a
* session variable set during registration.
*/
function displayStatus(){
$uname = $_SESSION['reguname'];
if($_SESSION['regresult']){
?>

Registered!

Thank you , your information has been added to the database, you may now log in.

Registration Failed

We’re sorry, but an error has occurred and your registration for the username , could not be completed.
Please try again at a later time.

Registration Page

30){
die(“Sorry, the username is longer than 30 characters, please shorten it.”);
}

/* Check if username is already in use */
if(usernameTaken($_POST['user'])){
$use = $_POST['user'];
die(“Sorry, the username: $use is already taken, please pick another one.”);
}

/* Add the new account to the database */
$md5pass = md5($_POST['pass']);
$_SESSION['reguname'] = $_POST['user'];
$_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
$_SESSION['registered'] = true;
echo “”;
return;
}
else{
/**
* This is the page with the sign-up form, the names
* of the input fields are important and should not
* be changed.
*/
?>

Registration Page

Register

<form action=”" method=”post”>

Read through the code and see what it’s doing, there are comments there to help you. It was written with you in mind, I tried to make it so people could just paste their website specific html code in between the php code with ease. Don’t be scared when you see the use of session variables right away, they are used to tell the script key information like the requested username, registration attempt and registration success. With this information the script knows what to display, and when the registration is done, it “forgets” the information (by unsetting the variables).
Note

You’ll notice that the script immediately refreshes itself after the registration request, this is done to eliminate the case where users, for any reason, hit the Refresh button on their browser and cause a pop-up window that says the page has expired and prompts the user to send the registration request again. This technique is also used in the login script, so watch out for it.
Allow Users to Log-In

Now the fun begins, now that we have users, we can log them in. This is the heart of this tutorial, it will create the login script with the “Remember me” feature that we all want, and it accomplishes this by using cookies.
login.php

<?

/**
* Checks whether or not the given username is in the
* database, if so it checks if the given password is
* the same password in the database for that user.
* If the user doesn’t exist or if the passwords don’t
* match up, it returns an error code (1 or 2).
* On success it returns 0.
*/
function confirmUser($username, $password){
global $conn;
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}

/* Verify that user is in database */
$q = “select password from users where username = ‘$username’”;
$result = mysql_query($q,$conn);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}

/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);

/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}

/**
* checkLogin – Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user’s
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}

/* Username and password have been set */
if(isset($_SESSION['username']) && isset($_SESSION['password'])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}

/**
* Determines whether or not to display the login
* form or to show the user that he is logged in
* based on if the session variables are set.
*/
function displayLogin(){
global $logged_in;
if($logged_in){
echo “

Logged In!

“;
echo “Welcome $_SESSION[username], you are logged in. Logout“;
}
else{
?>

Login

30){
die(“Sorry, the username is longer than 30 characters, please shorten it.”);
}

/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['pass']);
$result = confirmUser($_POST['user'], $md5pass);

/* Check error codes */
if($result == 1){
die(‘That username doesn\’t exist in our database.’);
}
else if($result == 2){
die(‘Incorrect password, please try again.’);
}

/* Username and password correct, register session variables */
$_POST['user'] = stripslashes($_POST['user']);
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;

/**
* This is the cool part: the user has requested that we remember that
* he’s logged in, so we set two cookies. One to hold his username,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if(isset($_POST['remember'])){
setcookie(“cookname”, $_SESSION['username'], time()+60*60*24*100, “/”);
setcookie(“cookpass”, $_SESSION['password'], time()+60*60*24*100, “/”);
}

/* Quick self-redirect to avoid resending data on refresh */
echo “”;
return;
}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

?>

This one’s a little bit tricky because of the function calling. Let me just clarify what this script does.

It first checks to see if the login form has just been filled out and submitted, if not it checks to see if a session has already been established where the username and password are already known. This is true in two cases, when the user has chosen to be remembered and a session is established automatically, or when the user has not chosen to be remembered but has already logged in and is still using the same browser window that he used to log in.

If either of these two cases is true, then it verifies that the username is in the database and that the password is valid, if these two checks pass then the almighty $logged_in variable is set to true, false otherwise. If the user has just filled out the login form and submitted it, the script detects this and then verifies the authenticity of the username and password, if all is well then session variables are set with the username and md5 encrypted password.

Great, but when does the login form get displayed? That’s all up to you. It’s up to you the programmer to display the login form when the $logged_in variable is false. But wait! I have added a function that you can call that relieves you of this horrible burden. The displayLogin() function is there to check if the $logged_in variable is true or not and displays information accordingly. How to use this function is described in the Usage section.
Note

login.php is not meant to be a stand-alone file like register.php, it is meant to be included at the top of every file that needs to use it, so it doesn’t contain the call to “session_start()”, that should be at the top of the file that wants to include login.php, as you will see in the examples below.
Remember Me Feature

So, how was this accomplished again? As is described in login.php, when a user chooses to be remembered, two cookies are set on the user’s computer. Well, really one cookie, but one that contains two important pieces of information: the username and the md5 encrypted password. What is a cookie anyways? It is a temporary file that is stored on the user’s computer on behalf of the website in order to hold information that is important to the website. How long does this temporary file last? As long as we say so. As written, the expiry time is 100 days, after which the cookie will be deleted. However, it also gets deleted when the user decides to log out, as you will soon see.
Allow Users to Log-Out

If users want to log-out, we should let them. All we need to do is delete the cookies we’ve set if they chose to be remembered, and simply unset the session variables. Done.
logout.php

Logging Out

<?

if(!$logged_in){
echo “

Error!

\n”;
echo “You are not currently logged in, logout failed. Back to main“;
}
else{
/* Kill session variables */
unset($_SESSION['username']);
unset($_SESSION['password']);
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.

echo “

Logged Out

\n”;
echo “You have successfully logged out. Back to main“;
}

?>

You’re probably wondering why login.php was included in logout.php, seems a little weird right? Well, if the user is not logged in how can we log them out? We use login.php to verify that the user really is logged in with the help of the variable $logged_in which gets set when login.php is run.
Flat File Database

If you don’t have MySQL, don’t worry, you can still use this script! All you would have to do is change the following functions to include your flat file user management code, but remember to keep the operations and return values consistent with the documentation.

* In register.php – change usernameTaken() and addNewUser()
* In login.php – change confirmUser() and checkLogin()

Usage

Now that everything has been coded, all that’s left is for you to know how to actually use this beast.

* database.php – make sure you put your own MySQL information into it
* register.php and logout.php – no changes needed, however you could change the html to reflect that of your website
* login.php – In order to use it within a file you must call “session_start()” before the line where you include login.php.

I’ve mentioned the function “displayLogin()” found within login.php. If you call it within one of your files, it will display the login form if no user is logged in, if a user is logged in, it displays a message reflecting such. The point of this is so that you won’t have to include that code in all of your files, all you have to do is just call the function:
Example: main.php

Jpmaster77′s Login Script

You should also know that login.php sets a boolean variable called $logged_in, which is true when a user is logged in, and false when no user is logged in. You can use this variable in your files for whatever you’d like.
Example: main2.php

Jpmaster77′s Login Script

<?
if($logged_in){
echo ‘Logged in as ‘.$_SESSION['username'].’, logout‘;
}else{
echo ‘Not logged in.’;
}
?>