Okay, clear your mind of any thoughts you've ever had about computers. We're going to start at the very beginning.
Let's say you had a computer that only did one thing. For instance, think of a coin operated arcade game. That's a computer which plays but a single game. With a one-game computer, as soon as you push the on switch, the game can start running. Af-ter all, there's nothing else to do with the machine except play that
game.
Now let's add a second thing to our computer. Let's say, not only does the computer play a game, it also does word processing. So we now have a two-task computer.
What happens when we push the on switch? Does it go right to the game? It can't - what if we wanted to do word processing? You see, now we have to make a choice. When we turn on the com-puter, we now have to specify somehow whether we want the game or word processing. How do we let the computer know where to go?
Well, we could have two separate switches, meaning any time I press the left switch, the game goes on and when I press the right switch, the word processor goes on. That may be a good solution for a little while, but what if I want to add a third thing to my computer? Or a fourth? Do I keep adding more switches?
What I do is, instead of adding hardware switches, I add a third program, a software switch. The third program is called the operating system (or OS), and when I push the computer's switch, the computer will automatically turn on the operating system program.
The operating system is a program that lets me choose between the game or the word processor. For example, when the operating system is started it may put a prompt on the screen such as, "Which program?" to which I would reply, "Game" or "Word Processor."
As you are well aware, this is basically what happens in real-world operating systems. In the early days of computing, when computers didn't do much more than run a few select programs, the controlling software was called "the monitor." As computers became more complex, there came the need to control multiple
users, many peripherals, security, and an interlacing of program function-ings. The monitor grew to become an all-encompassing program which did a lot more than just allowing the user to choose between a few programs. And so the term "operating system" is now used to describe this complicated piece of software.
Operating systems control the functioning of the entire computer; they control how resources will be allocated to the tasks at hand, how memory is used, which programs are to be run and in what order. It is the absolute master-control program; when you understand it, you have the understand-mg necessary to master the computer.
Some operating systems you are most likely to run into are "UNIX," "MS-DOS" or "P&DOS" (on IBM compatibles), "PRIMOS," "RSTS" (on Digital Equipment Corporation's PDP-11 minicomputers), and "VMS."
It is important to understand operating systems because:
1. If you don't know the commands and syntax that control the computer, you won't be able to get the
computer to do anything.
2. When you understand how an operating sys-tem works, you will be better able to look for bugs in it. Bugs invariably lead to security loopholes, which lead to a happier you.
3. You want to be familiar with the limitations of the operating system's security, so that you can exploit those limitations.
4. When you know how an operating system works, you will know what the computer's managers can do to
trip you up, keep track of your whereabouts, and keep you from coming back.
All of this leads up to one big THEREFORE...
Therefore, if you want to be a REAL HACKER, you have to actually know something about computers. If you want to control a computer, you have to know how to tame the software which controls that com-puter - you have to understand very fundamental things about its operating system.
Sure, a hacker may be able to get bv using so-cial methods and a tidbit of programmmg here and there, but there is no escaping the fact that real hacking requires real knowledge. And I'm talking about seV-taught knowledge. You have to go out and learn this stuff on your own.
Does this sound intimidating? Then maybe you don't have what it takes to be a hacker.<Hey, I'm talking Big Manuals here - thousands of pages long, and written in the ghastliest corporate/tech-nical mumbo jumbo imaginable.>
Realistically, there is no way to make a 100% guarantee that a particular computer system is safe from intruders. It is theoretically possible to break into any system. A good hacker should be able to break into most systems. An even better one will be able to get into all of them. And the absolute finest hacker will not only be able to enter every com-puter he encounters, but will be able to do some-thing constructive once inside to make the trip worthwhile.
I mean, it's one thing to hack one's way into an on-line database. It's another thing entirely to fig-ure out how to alter records in that database, and to do so without being caught.
If you want to have the ability to enter any system that you encounter and take action once inside,
then you must become knowledgeable about its OS. At the simplest level that means knowing the basic commands that any user of the system requires on a day to day basis to interact with files, to send and receive mail, and to perform any needed action on the machine.
A hacker needs to know the obscure commands as well, and should also be familiar with any files, software and directories commonly found on ma-chines under that OS. He needs to know how the manuals are structured and the "jargon" of the OS. He needs to know who uses such an OS and how they use it. And he needs to know the meanings of error messages.
But we still haven't gotten to the hard part yet. You see, all of the above is just the tip of the ice-berg. After all, all of this information is easily avail-able from standard sources such as manuals and design specification guides. What a hacker needs to know about an OS is the secret stuff that doesn't come in the manuals, or
if it is printed there it is so technical and obscure that it is information decipherable only by a select few. Those lists of "basic things a hacker should learn" describe what the OS is and what it does. But a hacker - to effectively enter and exploit any system he or she encounters - needs to know how the OS works, and
why it works as it does.
Operating systems are so huge that they can never be adequately checked to ensure that every single bug has been worked out. They are some-times altered to include features or functions that a particular computer manager finds desirable, but those alterations open up security holes. Sometimes multiple programmers
working on different parts of the system don't communicate about vital as-pects and so distant processes may explode if forced into contact. Additionally, the software that is used may have been designed for the plain-Jane version of the OS and so incompatibilities (and hence glitches) develop. Or two or more pieces of
software being used together may open up sources of insecurity.
The casual user is oblivious to all of these pos-sible security breaches. A hacker may be oblivious to them, but if the hacker has a fundamental under-standing of the operating system which underlies all these sources of intrusion, then that hacker will, with a bit of thought, realize where the traps are and how they can be usefully manipulated.
Needless to say, this book is not going to suddenly turn into an explanation of the technical aspects of every single operating system, and a true hacker wouldn't want it to be. So, go out there and find some operating system you can get acquainted with. Learn its basic commands, but then go a Step beyond that and learn how those commands were programmed. Figure out ways you could simulate the command without typing it directly at the OS prompt. What happens to memory when the com-mand is executed? Are there ways to change memory?
These are the kinds of things that are impor-tant to a hacker who wants to accomplish big dreams.
Examples of such techno-oriented hacker meth-ods abound throughout the rest of this chapter. The reason is simple and unavoidable: the best things in life are often not free. You have to work hard if you want to do great and exciting things after invading a system. Sure, you may find it convenient to learn certain things only as the need arises, such as a particular shell programming language, or the way an application works. But when you lack knowl-edge about underlying principles of the operating system, you are hacking blindly - you are just as oblivious to the exploitable faults and flaws of the system as any other user. Let's get away from all this heady stuff for awhile and go back to the impetus for this discussion of operating systems: After you get in, what the hell comes next?