Home  Basic Common  Hacking

“Hacking is a criminal act, The terms hack and hacking are also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable, such as by circuit bending. It is from this usage that the term hacking is often used to refer to more nefarious criminal uses such as identity theft, credit card fraud or other actions categorized as computer crime. So get start preparation for a job interview related to the Hacking”

56 Hacking Questions And Answers

1⟩ How do I crack Unix passwords?

Contrary to popular belief, Unix passwords cannot be decrypted. Unix

passwords are encrypted with a one way function. The login program

encrypts the text you enter at the "password:" prompt and compares

that encrypted string against the encrypted form of your password.

Password cracking software uses wordlists. Each word in the wordlist

is encrypted with each of the 2600 possible salt values and the

results are compared to the encrypted form of the target password.

The best cracking program for Unix passwords is currently Crack by

Alec Muffett. For PC-DOS, the best package to use is currently



3⟩ How do I modify the IRC client to hide my real username?

Get the IRC client from cs.bu.edu /irc/clients. Look at the source

code files irc.c and ctcp.c. The code you are looking for is fairly

easy to spot. Change it. Change the username code in irc.c and the

ctcp information code in ctcp.c. Compile and run your client.


5⟩ What is a hacking loop?

A loop is two phone numbers connected together by the phone company

for testing purposes. A loop has a high end and a low end. If you

dial the high end, you will hear nothing. Not even a ring. If you

dial the low end, you will hear an annoying 1,000hz tone for several

seconds. If you connect to the high end and someone dials the low

end, you can speak to each other.


7⟩ How do I hack ChanOp on IRC?

Find a server that is split from the rest of IRC and create your own

channel there using the name of the channel you want ChanOp on. When

that server reconnects to the net, you will have ChanOp on the real

channel. If you have ServerOp on a server, you can cause it to split

on purpose.


8⟩ What is a Black Box?

A Black Box is a 10k ohm resistor placed across your phone line to

cause the phone company equipment to be unable to detect that you have

answered your telephone. People who call you will then not be billed

for the telephone call.


10⟩ What is MIB?

MIB ( Management Information Base ) is a virtual database. It contains all the formal description about the network objects that can be managed using SNMP. The MIB database is hierarchical and in MIB each managed objects is addressed through object identifiers (OID).


12⟩ What is a Blue Box?

Blue boxes use a 2600hz tone to convince telephone switches that use

in-band signalling that the caller is actually a telephone operator.

The caller may then access special switch functions, with the usual

purpose of making free long distance phone calls, using the

Multi-Frequency tones provided by the Blue Box.


14⟩ How do I build a Red Box?

Red boxes are commonly manufactured from modified Radio Shack tone

dialers, Hallmark greeting cards, or made from scratch from readily

available electronic components.

To make a Red Box from a radio shack tone dialer, open the dialer and

replace the crystal (the largest shiny metal component) with a crystal

close to 6.5Mhz. The most popular choice is the 6.5536Mhz crystal.

When you are finished, program the P1 button with five *'s. That will

simulate a quarter tone. Note that the tone dialer you start with

must have programmable buttons.


15⟩ What is a Red Box?

When a coin is inserted into a payphone, the phone emits a set of

tones. A red box is a device that simulates those tones, with the

purpose of fooling the payphone into believing you have inserted an

actual coin.


16⟩ Do Blue Boxes still work?

Blue Boxes still work in areas using in-band signalling. Modern phone

signalling switches using ESS (Electronic Signalling Systems) use

out-of-band-signalling. Nothing you send over the voice portion of

bandwidth can control the switch.


17⟩ How do I fake posts to UseNet?

Use inews to post. Give inews the following lines:







For a moderated newsgroup, inews will also require this line:


Then add your post and terminate with <Control-D>.


From: Dale Drew

Newsgroups: alt.2600

Subject: Please forgive me

Message-ID: <d_drew.123@tymnet.com>

Date: Fri, 13 Jun 1994 12:15:03

Organization: Tymnet Insecurity


18⟩ How do I gain root from a suid script or program?

1. Change IFS.

If the shell script calls any other programs using the system()

function call, you may be able to fool it by changing IFS. IFS is the

Internal Field Seperator that the shell uses to delimit arguments.

If the program contains a line that looks like this:


and you change IFS to '/' the shell will them interpret the

proceeding line as:

bin date

Now, if you have a program of your own in the path called "bin" the

suid program will run your program instead of /bin/date.

To change IFS, use this command:

set IFS '/'

2. link the script to -i

Create a symbolic link named "-i" to the program. Running "-i"

will cause the interpreter shell (/bin/sh) to start up in interactive

mode. This only works on suid shell scripts.


% ln suid.sh -i

% -i


3. Exploit a race condition

Replace a symbolic link to the program with another program while the

kernel is loading /bin/sh.


nice -19 suidprog ; ln -s evilprog suidroot

4. Send bad input the the program.

Invoke the name of the program and a seperate command on the same

command line.


suidprog ; id


19⟩ How do I break out of a restricted shell?

On poorly implemented restricted shells you can break out of the

restricted environment by running a program that features a shell

function. A good example is vi. Run vi and use this command:

:set shell=/bin/sh

then shell using this command:



20⟩ What is password shadowing?

Password shadowing is a security system where the encrypted password

field of /etc/password is replaced with a special token and the

encrypted password is stored in a seperate file which is not readable

by normal system users.

To defeat password shadowing on many systems, write a program that

uses successive calls to getpwent() to obtain the password file.


#include <pwd.h>



struct passwd *p;


printf("%s:%s:%d:%d:%s:%s:%sn", p->pw_name, p->pw_passwd,

p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);