81 comments

[ 3.5 ms ] story [ 145 ms ] thread
That's amazing people thought it would be a good idea to send MS Word .doc files to phrack.
Virus Total - cheap to access downloads.
very polarizing website, posting many interviews with antisocial hackers(still cool though) but also more nicely minded ones.
polarizing to whom? not understanding your take.
When “Hacking for fun and profit” meant more fun than profit.
Antisocial people who started their own infosec companies and now are high level executives in multinationals that bought them.

It's funny how time (and life) changes people... from the outside.

You forgot Apple Woz was a Phreak back in the day
Caution - very addictive, and glorious obsolete tech. Also full of mystery.

First time I've read one was 1995 on some BBS.

97ish here... re: BBS' - still have my US Robotics 28.8 external modem...
USR? Reeeee! (Zyxel user here ;-)

My /first/ modem though was a "Lightspeed 1200" from some company who's name I forget. You can guess how many bps that one could sling...

USR, that was the rolls royce of modem back then. Aaaahh the sound it made.
And the fortune it cost. My Amiga based local BBS had a pile of them and most online fellows had one while I couldn't even afford a Zyxel but had to connect through a terrible 2400bps unknown name one. Thankfully it had at least Zmodem which was almost new then. Good ol' times...
I can recall when 2400 was the new hotness and getting a hooky prototype 2400 from a colleague at Telecom Gold.

I think he used on of them on his FIDO BBS (Arkham Asylum)

That was the HST modulation training. Gets me every time. Wish I still had my courier dual just for the sound ;)
Wow, uh, '97 was kind of the end of the road for most of that kind of stuff. I used BBSes in the '80s, but as soon as I got to college and onto the pre-WWW Internet I never visited another BBS again. Hacking UNIX and VMS systems was way more fun.

I also got into a whole peck of trouble with credit cards and lock picking. Oh, also, Warez. And lots of other shit. I pretty much abused everything the squares hold dear and lived to tell about it. And wouldn't have done it any differently except for getting caught.

Look at Mr High Falutin' 28.8 over here...

I picked up a secondhand 300 baud modem for my Commodore 64 when I went to someone's house to buy some games. It was like some kind of mysterious magic when I actually connected to a BBS.

Later my parents got the long-distance phone bill... And my fun was somewhat dampened.

e-zines that were transmitted over dial up modems via BBSes back in the days before WWW took off seemed so deliciously subversive.

One night I came across an e-zine that shared a BBS phone number for my city. I made several attempts before giving up. An hour later cops showed up at my door. It turned out I was phoning a secondary number for 911. I got pranked pretty good!

The "Paper Feed" section has 2 articles from 2018 and 2 from 2017. The most recent, "20 Years of Escaping the Java Sandbox" [1] is exactly what 16 year old me loved about phrack back in the day.

[1] http://www.phrack.org/papers/escaping_the_java_sandbox.html

Business lines: I read their Ruby article since we had some of it in a build system. It was the same of type confusion like in a Windows kernel exploit of user defined structs. Throat Clearing: This is why John Carmack likes static types? Non-essential: Who knows, we had to bear bait him with wrong quotes last time. Heroes move on, and no one collects hacker action figurines any more except of Death Ring, where Undertaker threw John Holmes through the floor of the PKD television after JFK stopped imitating the library of dance cadets. &c. The mind approach is an illusion due to integral of simulation. Thus Von Neumann's infinite computation at the end of heat death through particles smaller than Plank length are not Candy Mountain but the pigs aren't the ones on standby, the paw phone is.

And who hasn't got the b-log of a-log saying to microtarget advertising. Even then you get the CTR which is a required KPI.

Much of the early work on buffer overrun exploitation was published in Phrack. The article Brandon Baker and I did for IEEE Security and Privacy had a sidebar on "Nontraditional literature on buffer overruns" that's got some greatest hits like AlephOne’s Smashing the Stack for Fun and Profit from 1996 [1] and The Advanced return-into-lib(c) Exploits from 2001 [2]. Over the years, a surprising number of people have told me that this was their favorite part of the article!

[1] https://www.phrack.org/show.php?p=49&a=14

[2] https://www.phrack.org/show.php?p=58&a=4

Is there a today equivalent ?
Personally for me PoC||GTFO fills up the void. They have some good articles and explaining in very friendly way.

[0] https://www.alchemistowl.org/pocorgtfo/

Indeed! Reading those issues, for me, is a stream of shock and awe but always learning because the contributors generally give sufficient instructions to perform/confirm their achievements yourself.

Example ... about halfway through Issue 0x02 it is casually mentioned, "You will find by running ‘qemu-system-i386 -fda pocorgtfo02.pdf’ that the PDF file you are reading is also a bootable disk image." o_O !

I remember buffer overflow bugs in the operating systems in the 1970's. They go back a loooong way, and programmers are slow learners :-)
Buffer overflows are common, but control flow injection through memory corruption has a weird little history. You don't see them in the record until RTM's worm (HN connection: pg and rtm were best friends at the time, and pg was a bit player in writeups about the worm). Then: nothing, for 7 years, until Thomas Lopatic publishes the HPUX httpd overflow in '95. It's not like the intervening 7 years were quiet ones in computer security; '88-'95 was more or less the golden age of computer hacking.
The overflow bugs I knew about were used to crash the operating system. They were submitted to DEC who presumably fixed them. As far as I know, using them to inject code hadn't occurred to anyone yet.
Right, there is definitely a longer history of memory corruption vulnerabilities; for instance, there's an old rdist vulnerability that exploits an overflow to overwrite a global variable. What's interesting to me is the initial idea of control flow injection, and how long it took that idea to percolate through to exploit developers.

I was doing software security semi-professionally before the 8lgm Sendmail 8.6.12 vulnerability that set off the modern buffer overflow craze, and worked with a bunch of people frantically reconstructing that exploit (which wasn't published) --- the authors of the first x86 stack overflow vulnerability included my future business partner at Matasano, Dave Goldsmith.

It was light night and day! Before overflows, there was a whole variety of different "kinds" of exploits (you got some command injection with metacharacters, for instance with SunRPC services calling popen and system, but you also got "overwrite a file" or "leak a file" or things like that). Afterwards, it was just: every machine on the Internet had remote code execution via overflows.

It used to be feasible to calibrate an stack exploit for a remote service, for which you didn't even have source, in an hour or two of tinkering. It's crazy to think of how far things have gone since then.

Oh if only there were an alternative C-like language that could guarantee memory safety!
That's a great idea! I should get right on that!
"Smashing the Stack for Fun and Profit" is the reason why I work with computers nowadays. I don't even work in security - this is the article that made me realise computers are full of wonder.
That article brought the knowledge to the security scenes, but pirates cracking video games have been exploiting that for a while too. Those familiar with Morris internet worm also knew about it. This as I can really was the first place that broke it down where you could learn it yourself without a guide. It's also one of my favorite as I knew about it, but didn't know how to personally craft one till I read that.
That's how I remember it too - demystifying an arcane technique.
try this:

  1. clone https://github.com/fdiskyou/Zines
  2. go offline for a week
  (or longer) and enjoy the read!
WARNING DO NOT DOWNLOAD: FILES INCLUDED IN ZIP FILES!

FILE HIT LIST: {HEX}perl.ircbot.Arabhack.47 : /home/$USER/Zines/ZF0/zf0 4.txt {HEX}php.cmdshell.avi.209 : /home/$USER/Zines/ZF0/zf0 5.txt {CAV}Win.Worm.SomeFool-32 : /home/$USER/Zines/h0no/h0no.txt {HEX}php.pktflood.oey.671 : /home/$USER/Zines/owned and exposed/2.txt {YARA}php_backdoor_php : /home/$USER/Zines/29a/29a-3.zip {CAV}Win.Trojan.U-83 : /home/$USER/Zines/29a/29a-5.zip {CAV}Win.Trojan.Flatei-3 : /home/$USER/Zines/29a/29a-7fe.zip {CAV}Win.Trojan.P98M-1 : /home/$USER/Zines/29a/29a-4s.zip {CAV}Win.Worm.rb2-1 : /home/$USER/Zines/29a/29a-8.zip {CAV}Win.Trojan.VirTools-1 : /home/$USER/Zines/29a/29a-1.zip {CAV}Win.Trojan.Flatei-3 : /home/$USER/Zines/29a/29a-7.zip {CAV}Win.Trojan.U-78 : /home/$USER/Zines/29a/29a-6.zip {CAV}Win.Trojan.VirTools-2 : /home/$USER/Zines/29a/29a-2.zip {YARA}telnet_cgi : /home/$USER/Zines/uninformed/3.6.txt {CAV}Win.Trojan.Rootkit-133 : /home/$USER/Zines/uninformed/code.3.6.tgz {CAV}Win.Downloader.51998-1 : /home/$USER/Zines/phrack/65/10.txt {HEX}exp.linux.setuid.6 : /home/$USER/Zines/phrack/61/3.txt {HEX}php.malware.magento.578 : /home/$USER/Zines/phrack/62/6.txt {CAV}Html.Trojan.Shellcode-19 : /home/$USER/Zines/HITB/HITB-Ezine-Issue-001.pdf ===============================================

Well yes, the zines will have a bunch of shellcode and command shell scripts and (from the looks of it) code of some trojans and the like. This will get flagged by AVs, etc.; but that's to be expected, really. :)
Disclosure sometimes helps others. :)
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Makes for a splendid email sig.

Is it because nothing will ever detect it in an email signature?

If you want excellent detection rates, you might consider this string: <script type="text/javascript" src="http://web.nba1001.net:8888/tj/tongji.js"></script>

Lots of AVs will detect this even if you put the string into an image file.

This is not true, retard.
One time in 19A4, I made my personal computing device and open honeypot and self installed all the virii I could find.

Whale shit at the bottom of the ocean occasionally finds itself in 13 Corinthians.

Memories come back of the time when Phrack Magazine and digital copies of The Anarchist Cookbook were shared via IPXCOPY.EXE or floppies at 10Base2 LAN parties or other scene gatherings. Interesting ISDN hacks and also ntpwc.c and other things were published in Phrack back then. It's almost like looking at a vintage car magazine now.
All this BBS talk takes me back to about 10 years ago, when I had a business encounter with a consultant engineer from IBM in Chicago. After our business meeting, we went to lunch and this gentleman dropped me off at my place of work in his car (IIRC, it was a Toyota Avalon with white leather interior). We had some small talk during the short drive - about some of my pet projects at the time and what I was doing outside of work, etc. He was very encouraging and appeared very curious. I appreciated that.

Little did I know at the time that I was in the presence of greatness and driving with a legend. He was Ward Christensen. I was so totally ignorant of his awesomeness that I'm ashamed. And so embarrassed now thinking about how vain I was talking to him about my barely getting my feet wet with Android application development. :$

That was my only encounter with Ward. I think I connected the dots a few months later when I read about him in 2600. (@Ward - If you are reading this, hi!! And my apologies for my ignorance).

> I was so totally ignorant of his awesomeness that I'm ashamed.

I would speculate it's likely it made for a much more interesting conversation for both of you than if you had been aware of his accomplishments. You also got a much more interesting anecdote as a result of that.

FWIW I hadn't heard of him until your comment. I suspect for every one person I have heard of there's at least a hundred I haven't heard of whose accomplishments are no less great.

Unless you are a narcissist, it must really suck to be so famous that you can never have a conversation with anybody in a symmetric fashion.

I haven't been able to buy a working voltmeter in this zip code. Not sure what is wrong with the instructions despite using Home Depot.

I have read the Army Survival Guide. I am looking for 4 hour work week but my lawyer and bother in law said everyone signs non-competes that last for 2 years. As pro se in person I would just say indentured servitude is illegal in the 13 colonies.

I am a narcissist. You may delete this comment. I will just file for stored and useless (unemployment) like everyone else.

-SKT

In my college days, I often hitchhiked to places instead of taking the train. It was just more fun to talk to people of various kinds.

One day on my way back from a trade show about the future of technology (1992?), I get picked up by this chain smoking hippy guy in an old beat up Ford Escort.

We had a pleasant conversation. And then it suddenly hit me that I was talking to a famous (in my country) radio comedian.

And that’s where the conversation stopped.

It was exactly as you described: I just felt embarrassed talking about mundane stuff like the full color flat LCD panels that were so cool.

What do you say to somebody like that?

I once hired this guy, whom I'd met at a 2600 meet up at Union Station in LA, to work for me at one of the first web-development agencies in California. I had him all set up as a sysadmin doing sysadmin'y things, got him a new SGI machine as requested, sat him in the corner and watched him type away happily, doing web-development/sysadmin'y things.

Little did I know that he was writing his seminal paper in a terminal on the side .. "Smashing the Stack for Fun and Profit" has gone on to be one of the most famous of Phrack articles .. if only I'd known, I would've asked to proof-read it first. ;)

(Likewise: hi @AlephOne!)

What has AlephOne been up to since?
I guess he's continued his career as a security researcher .. I really don't know. I extricated myself from that company back then and moved on, myself, to other things .. but it always amuses me to remember looking over his shoulder and seeing MIPS assembly up there and wondering "hmm.. what does this have to do with the website we're building, hmm.." ;)
AlephOne was CTO of SecurityFocus which was acquired by Symantec back in 2002. He stayed on until 2011 and is now at Cisco.

Oh the golden days of #phrack and #2600 in the 90's. Was a teenager armed with a dialup to a BBS with an IRC gateway. The modem so slow I would type lines and wait for the characters to catch up on the screen.

many moons ago, i was able to escape the restricted shell of the first internet provider in my country, type the magical incantation cat etc/passwd and watch the file scroll on my screen. Then panic, exit the shell, make some dumb gopher search for my class. Never felt so alive until i ... for the first time with my girlfriend :-)

Thank you phrack, could not have done it without you! (i mean the first thing, Phrack was good but not that good!)

Reminds me of HOW0x16uck.TXT in 8 bit.
I remember reading SET (Saqueadores Edicion Tecnica) in Spanish alonside with Prack while in college.

Just found out they also have a website. Enjoy it: http://www.set-ezine.org/

mama mia, que recuerdos! gracias por el link!
Think I can safely say that without Phrack I wouldn't have gotten as into computers as I did and never would have had this successful career that followed.

Thank you Phrack.

After reading the "smashing the stack for fun and profit", I got interested in reverse engineering. The most fun tutorial was from lena151[0]. ARTeam had published several papers for beginners and advanced reverse engineers. Deroko who was a member of the ARTeam had published an article about PEB hooking[2] and was sited from phrack[1]. I miss hacking and reverse engineering. I would like to go back to those times if time would allow me to do so. Sometimes, I end up reading this article[3] again and again.

[0] - https://tuts4you.com/e107_plugins/download/download.php?list...

[1] - http://www.phrack.org/issues/65/10.html

[2] - https://www.exploit-db.com/ezines/kr5hou2zh4qtebqk.onion/ART...

[3] - http://phrack.org/issues/7/3.html

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike!
Randy and Craig (Taran King and Knight Lightning) did an amazing job with Phrack. It was an honor to write for them, and I almost never see them mentioned when people talk about the zine. The zine, and the St. Louis Summercons, were hugely influential. I'm still friends with a bunch of folks from that scene.

If it weren't for a timely late night phone call from Craig needing some more content for an issue, the Conscience of a Hacker would probably not have been written.

Thank you for writing that. Those words spoke deeply to me and many others that wander these halls even so many years on. It is odd to look back on years later and happen across the author.

I hope life is finding you well!

The same is sort of true of the mid-late '90s Phrack scene; I was skimming through some of the front matter on those issues and noticing how many people in the greets sections were people I'm still in touch with. Of course, this stuff got lucrative for us in a way that I'm not sure it was in the late '80s. But you guys had more fun than we did.
Howdy crap The Mentor itself... your Hacker Manifesto marked me as a kid in the 80s. It gave meaning to my life growing in a remote Mexican city where few people understood about computers.

Thank you :)

(comment deleted)
And me in the late 90s/early 00s :D

I printed it and carried it with me to school and read it over and over.

Agreed, same here, the Hacker Manifesto was amazing to read as a kid diving into computers, hacking and Phreaking...
Jesus and the Mary Chain, the Mentor himself in the flesh.

When I was a senior in college studying Anthropology and subcultures (specifically hacker culture), several of my roommates who were engineers and CS majors told me I absolutely needed to read your essay.

To this day, it's still one of the most influential essays I read about the culture and understanding the ethos of an ethical hacker. After getting involved in the scene in the late 90's, I found out reading your essay was almost a rite of passage.

It's an amazing work that is timeless and still resonates to this day.

I could not be the same after reading your essay. Thank you sir.
While we're talking "old skool" hackerdom, does anybody know/remember Voyager, of the "Hacker's Haven" BBS? I spent so many hours on that site back in the mid to late 90's, making the long-distance dial-up call by beige-boxing off a COCOT phone in a gas-station parking lot, in the wee hours of the night, hoping no cops would pull up and wonder what was going on with the super-long phone cable running from my car to the payphone.

For anybody who wasn't around back then, a "beige box" wasn't actually a "box" involving tone generation like a blue box or a red box. It just meant clipping onto the red and green wires in the demarc box and connecting to an RJ-14 plug to plug into a phone. It worked well with COCOT's (Customer Owned Coin Operated Telephones) because the phone line for a COCOT was just a regular line that you could make long distance calls on. The mechanism that made it a pay-phone was all contained inside the phone itself, as opposed to a "telephone company payphone" where the actual line itself was special. Thos were the ones you could use a red-box on, to simulate dropping quarters into the phone.

I had fun thinking about what the different color 'boxes' were e.g. blue boxes, beige boxes etc. I don't think I ever used a blue box, but I messed with payphones and tapped into landlines pretty easily
I wish i photocopied the ones I had. :( I just sold them on ebay.
Read this all the time as a kid. This was the best. Thanks for making my life in the middle of nowhere infinitely more interesting. You showed me what technology really was.