Monday 28 November 2011

Researching The Hack: Snooping

You can go on tours of a lot of places, either of-ficially or unofficially. A tour might be one that is regularly run for wide-eyed kiddies and their par-ents, or it may be one specially set up for you be-cause you say you are a journalist who wants to do an article on the company. While taking your tour you will be gleaning valuable
information about the computer rooms, and about the person conducting the tour. That's all good information that can be put to use in guessing passwords. If you're suave enough, you can talk a proud com-puter owner into showing off the power of his ma-chine or the new game he's gotten. This can only help you when you go
home that night and hack the place.

seeing the screen setup is helpful as I've outlined above.

Now here's a hint I like to make use of, though I get to do so only irregularly. We are all familiar with the phenomenon of phosphorus burnout. That is, when one image is displayed for an extended period of time, the image gets burnt into the screen. Very often menus get burnt into the screen, and so occasionally I've been
in places where there is an old terminal that used to be for employees only, but has been moved into a publicly accessible spot. Many of the functions available for staff use only are visible on the screen and can be put to use or hacked. (You might have to fiddle with the bright-ness controls to see what it all says.) Other times I've
snuck a peek at the computer behind the counter, and although an innocuous screen was being displayed at the time, there was worthwhile stuff barely visible, burnt into the screen.

Many businesses, institutes and organizations run what are called special libraries. These gener-ally concern themselves only with the product or service which is the group's field of interest, but also include valuable details on the group itself. For instance, a company library might have manuals in it to the company's unique
computer system. Often there is a helpful listing of what programs are available on the mainframes. Such a program list-ing might include mention of what security prod-ucts are enabled, and you can write to the maker of those security products for details.

Snooping around buildings undergoing recon-struction can be worthwhile, as can snooping around buildings whose occupants are moving to a new building. In such cases, doors are found wide open, with computers and manuals laying around all over the place.

I remember one building I went to that was temporarily vacated due to construction, which had tons of cartons, desks and workstations out in the corridors (they were repainting offices). I found masses of passwords stuck to keyboards by Post-It Notes, and passwords scribbled on desk blotters, and taped to the underside of drawers. It was amazing that people could leave their secrets lay-ing out in the open like that, and yet it happens all the time.


From snooping around the lounge in a school building, I came up with handy reference manuals,Secret information that must be used every day (such as access codes) is oftenfound hiding on little scraps of paper:(A) on a cork board, (B) attached to the side or top of the monitor, (C) on nearbyfile cabinets or other furniture,(D) under blotter, (E) under mouse pad, (F) in desk drawer, or (G) underneath the the desk.
decade-old literature from a defunct computer users group, programmers' guides, and other stuff. This wasn't all necessarily useful for hacking pur-poses, but it was interesting to read. And it was in-teresting to rescue it from its dusty box on the top shelf of a closet.

In that same building I found a little room whose door was closed and had four signs attached to it. The first, formal and engraved said, "Computer Room." The rest were menacing, either hand lettered or printed by computer: "Keep this door locked at all times!" "For authorized persons ONLY!" And lastly, another stem
reminder, "ALWAYS lock this door when you leave!" Needless to say, the door was unlocked.

Inside there was a huge and informative operating system reference manual and two PCs, each of which had modems. From surfing the hard disks on one of those computers, I found that the termi-nal program was set up with script files <A "script" is a file that you use with a terminal program. You set up the terminal program so that when you log onto a system, the contents of the script file are sent to that system.

So if you have to go through some long and convoluted login procedures, you can put the commands into a script and have the computer automatically log in for you. This is handy, both for legitimate users, and for hackers who happen to gain access to those script files.> that contained phone numbers, passwords and other login procedures. Always look for such things when you snoop.

Snooping can bring to you those tutorial and simulation disks, as well as damaged disks, trash and insider literature which one can only get from either being employed by a company, or by snooping around. It adds a bit of physical excite-ment to the usually passive art of hacking, and it gets you away from the eyestrain of computer screens for a while.

It is not always necessary to research before a hack, but it is always helpful. Research in any form doesn't have to be undertaken with a particular hack in mind. Like my random snoopings of the torn-apart building and the university lounge, general explorations can lead to fruitful information. In other words, all hacking
doesn't have to be done on computers. There is also such a thing as the person who hacks -joyously -life.