قالب وردپرس درنا توس
Home / Tips and Tricks / How to Hack Like It & # 39; s 1987 (An Introduction to the Telehack Retro Game) «Null Byte :: WonderHowTo

How to Hack Like It & # 39; s 1987 (An Introduction to the Telehack Retro Game) «Null Byte :: WonderHowTo



Whether you miss Telnet's good old days or want to know what hacking was like when security was nothing more than a side issue, Telehack is the game for you. The text-based hacking game is a simulation of a stylized combination of ARPANET and Usenet, circa 1985 to 1990, with a full multi-user universe and player interaction, including 26,600 hosts.

Before cloud computing, social media and online shopping, there was something called ARPANET, the forerunner of the Internet as we know it. When ARPANET expanded in the '80s, it became the wild west of computers. PCs became a thing and were no longer reserved for prestigious universities and national laboratories. And hacking only became illegal in 1

986 when the Federal Computer Fraud and Abuse Act became law.

After that, pop culture turned hackers into super-intelligent savants who could do anything with a computer and movies like "WarGames" "worsened the idea.

Hacking was then far from what we could recognize today, with modems and the literally dialing up a computer And hacks were much easier, sometimes as easy as changing a file name There is actually a fascinating Nova documentary that tells the story of a computer scientist who discovered KGB hackers in 1990. Look at it and you will see how far we have come.

Thanks to the hard work of Forbin, who is named after the chief designer of a supercomputer in the movie "Colossus: The Forbin Project", we can all experience the same style of hacking without us Having to camp a computer or use a jerry-built squeaker.

Telehack has a few great features:

  • More than 26,000 simulated hosts, with historically accurate ghost users collected from UUCP network maps.
  • Group chats with relay and one-to-one chats with send or talk .
  • Reconstructed Usenet Archives from the Wiseman Collection.
  • A BASIC Interpreter.
  • Adventure, Zork and other Z code text adventure games.
  • And of course hidden hosts and programs that you can only find by hacking Telehack

If any of those things seem like fun, let's see how you can become part of the experience too. You don't even have to open a terminal window to play.

Step 1: Access to Telehack

While you could use telnet telehack.com to telnet directly into the game, this is not the best option as far as security goes; Leaving Telnet enabled on a Windows computer can make you quite vulnerable. Instead, I recommend connecting via SSH or just the website telehack.com. SSH is the safest of the two because you use an encrypted tunnel.

When you go to SSH, two great customers are PuTTY or my personal favorite, the secure shell app for Chrome. If you want to connect, use the IP address 64.13.139.230 and port 6668. Once connected, by default you will create a guest user account and the basic commands will be displayed.

  Connected to TELEHACK port 75

It's 4:06 p.m. on Friday, May 15, 2020 in Mountain View, California, USA.
There are 45 local users. There are 26639 hosts on the network.

Type HELP for a detailed command list.
Type NEWUSER to create an account.

May the command line live forever.

Command, one of the following:
2048? a2 ac advent basic
bf c8 cal calc ching clear
clock cowsay date echo eliza factor
figlet finger fnord geoip help hosts
ipaddr joke login mac md5 morse
newuser notes octopus phoon pig ping
primes privacy qr rain edge rfc
rig roll rot13 drag starwars traceroute
units uptime usenet users uumap uupath
uuplot again when zc zork zrun

Step 2: Create an account

Now that a connection has been established, it is time to create an account with the command newuser . You will be asked if you are under the age of 13 and if you would like to read the privacy policy; you can easily respond n to each, assuming you are over 13 years old.

  .newuser
Are you under 13 years old? (y / N) n
Read privacy policy? (Y / n) n 

Your username must be between two and nine characters long, starting with a lowercase letter. It should only contain lowercase letters and numbers.

  Username: hoid
Password: ************
Re-enter password: ************ 

You will then be asked if you want to enable a recovery email address. I highly recommend doing this because you don't want to lose all your efforts just because you forgot a password. After you have retrieved the verification code from your email and entered it in the terminal, your user account will be created.

  Enable password reset via email? (Y / n) y
E-mail address:
A verification code has been sent.
Enter "resend" to resend the verification code.
Verification code: ****
Logged in as user HOID. 

Step 3: Check your & # 39; email & # 39;

The first thing to note after creating your account – even before your first command prompt appears – is the message you have mail.

  You have mail.
@ 

This email is far from the Gmail you are probably used to. It's all command line based without any GUI. You can see the whole process of how these emails would have been sent in the next 80's BBC special.

Step 4: Check your local directory

Now let's look around and see what we have access to. Use the command ls to display all files in the current workbook.

  @ls
advent.gam against ip.txt basic.man basic15.a2
bbslist.txt c8test.c8 changelog.txt colossus.txt
command.txt crackdown.txt do-well.txt etewaf.txt
finger.txt fnord.txt future.txt graph.png
hammurabi.bas ien137.txt jfet.a2 johnnycode.txt
k-rad.txt learncode.txt exits.txt lem.bas
lostpig.gam mastermind.bas notes.txt orange-book.txt
oregon.bas porthack.exe privacy.txt rogue.gam
rootkit.exe satcom.man smile.c8 starwars.txt
sysmon.txt telehack.txt underground.txt unix.txt
wardial.exe wumpus.bas xmodem.exe zork.gam
@ 

You will see quite a few files, especially four executables: rootkit, wardial, porthack and xmodem. These will be our first tools to hack other hosts on the network. There are also quite a few text files that you can read. Let's take the advice of the email and start with telehack.txt, which can be read with the command more telehack.txt .

  @more telehack.txt
Telehack

Telehack is a simulation of a stylized arpanet / usenet, circa 1985-1990.
It is a full multi-user simulation including 26,600 hosts and BBS
from the early net, thousands of files from that time, a collection of
adventure and IF games, a working BASIC interpreter with a library of
programs to run, simulated historical users and more.

To connect
----------

On the Internet: http://telehack.com/

or open a shell and type

telnet telehack.com

Telehack is accessible via

* Telnet on ports 23 (the default telnet port), 443, 1337, 8080, and 31173
* HTTP on port 80 (the default HTTP port)
* SSH on port 6668
* FTP on port 21 (the default ftp port) NOTE: The FTP server is RFC 959
compatible and probably will not work with more modern FTP clients

Accessibility
-------------

Non-sighted users: type STTY / dumb after connecting to telehack.
This invokes regular terminal mode in the Z code games and avoids using them
ANSI cursor addressing.

For users connecting to Teletypes or other Teleprinter Terminal settings
type STTY / tty after connection to turn telehack into a more Teletype
friendly mode.

About this document
-------------------

Telehack is not case sensitive. Commands are often capitalized
distinguish them from the surrounding text. Note that you don't have to type
uppercase commands. For example:

Type DIR for a list of files
operator: + priv RTFM. Congrats
--More - (6%) 

The file contains all kinds of information about using and accessing Telehack, and how to get help and get rid of it. The Enter or Down Arrow scrolls down one line at a time, while the Space bar goes down. The B key can be used to go back one page.

I strongly recommend that you read this file, as information can be quite useful when you eventually get into the game. When you reach EOF (end of file), you will even find a nice little Easter egg.

  EDF
---



@ 

Step 5: See who is online and check your score

If you are like me (very competitive) then something you are very interested in is checking who is online and comparing scores. To see other users, we can run the finger command, which will show us all kinds of interesting information like username and status, which port they are on, when they last logged in and what she & # 39; as well as where they are in the world.

  @finger
TELEHACK SYSTEM STATUS 15-May-20 12:10:41
51 users load 0.00 to 51d

port username status last thing true
---- -------- ------ ---- ---- -----
0 operator System Operator 6m console
* 85 hoid Hoid 0s finger [REDACTED]
43 - 2s Ho Chi Minh, Vietnam
39 gamax GAMAx 11s telekomb Modena, Italy
57-1m Santa Rosa, CA.
31 forbin Starfish Prime 4m relay Mountain View, CA
60 underwood Tough TTY 8m relay London, UK
74 mendax Mendax 9m relay Pompano Beach, FL
53 chuk Shut Up and Dance 9m San Francisco, CA
68 deltas 1x Supreme HACKERMAN 14m relay Pineville, NC
75 b077ooga booga 16m relay Kermit, WV
81 - 19m Aguadilla, Puerto Rico
58 smittyone Original Kinkster 22m relay Hull, UK
82 party man Czech Hacker: D 24m pppd Prague, Czech Republic
84 nsamrsoc NSA MRSOC-SIGINT 28m ptycon San Antonio, TX
@ 

Although users seem to be mainly from the United States, quite a few have logged in from all over the world.

If you are curious about a particular user, you have two options. You can check the detailed statistics of a specific user with finger {username} . If they look like they are doing something exciting, try the command link {port number} . If they don't run a program to block the action, you can see what they are typing in the console in real time.

  @finger hoid
USER: hoid
status message: Hoid
system level: 3 (USER)
location: [REDACTED]
first login: 23m
last active: 0s
system connects: 1
performed assignments: 9

user status bits:
RTFM Was that so difficult? May 15, 20 12:02:10 PM
POSTMASTER I read your email May 15, 20 11:56:47 PM
ACCT registered user 15-May-20 11:50:42

No plan.
@ 

The finger command also works on NPC users when you encounter them on remote hosts.

Step 6: Connecting to other computers on ARPANET

On the Internet, you are used to navigating to any website or server you want – it is not like that on ARPANET. Instead, you can only access hosts that are only one jump away from you, i.e. the ones you are directly connected to. Run the command netstat to access the table of available hosts. The list of hosts differs from the user list and appears to be based on geographic location or random generation.

  @netstat
location of the host organization
---- ------------ --------
acract American Computer Rental, Inc. Arlington, VA
adaptex Adaptec Inc. Grapevine, Texas
trash can cisco Systems Menlo Park, CA.
release O & # 39; Reilly Associates Gilford, CT
mimsy University of Maryland, College Park College Park, MD
oddjob University of Chicago Chicago, Illinois
omalos Technical University of Crete, Chani, Greece
Oracle Oracle Corporation Belmont, CA
tandem Tandem Computers, Inc. Cupertino, CA.
ucselx San Diego State University San Diego, CA
veritas VERITAS Software Santa Clara, CA
@ 

In modern times, guest user access is disabled by default and considered a security risk, but in the good old days it was considered a courtesy to have guest accounts on your computer for anyone who wanted to use it. It's one of those funny little quirks of a bygone era when security wasn't a big deal in people's minds yet.

Use telnet {hostname} to access one of the hosts.

  @telnet mimsy
To attempt ...
Connected to MIMSY

- Linked to University of Maryland, College Park -
Username: 

Once connected, use guest as login, and you should get guest user access.

  Username: guest
DEC Vax-8600 4.3BSD

Last interactive login on Tue May 15 12:26:43 CDT 2020

Note: modem lines have been changed.
New number: 301.405.2749
/ etc / motd:
Note: KABACHOK has ROOT here from Mon May 15 09:02:18 CDT 2020
mimsy $ 

There are a few things to keep in mind when logging into a new host. You may see a phone number that can be used to make a call and connect to the network with xmodem . But the most important thing for us, and in the context of the game, is / etc / motd, if it is active and shows a comment that that particular user has rooted the host.

For the record, the user is another player. It essentially means that they own the host and that they have captured the flag, so to speak. One of your goals in the game should be to get as many root user accounts as possible. Unfortunately, we are stuck with guest user access for the time being, which is the lowest level and has very limited rights.

The command prompt helps you keep track of where you are. For example, when logged into a host, it has the name of the host, then $ for a regular user and @ for a root account.

You can spend some time exploring the guest user account using standard Linux commands such as cd and ls . When you're ready to leave, you can use exit or Control-D to disconnect from the remote host.

  mimsy $
% connection closed
@ 

Step 7: Getting user access

Guest user access doesn't get us very far, so let's change that. Now that we are familiar with navigating the network, we can start scanning for available ports and try to exploit them. Fortunately, we have a tool for that.

If you remember from our directory, we have porthack.exe. That's the tool we can use to access a user account on a host. Use run porthack.exe or just porthack in your default terminal and use y to continue.

  @run porthack.exe

///////////////////////////////////////////////
// Porthack 2.0 by FORBIN //
///////////////////////////////////////////////

Continue? (y / n) y 

If you remember the hostname of yesteryear, just use it, but if you want to see the hosts table again, can you use it now ? Use sign. Ultimately you want to scan all hosts, but for now only that is enough.

  enter host (? For list) 😕

location of the host organization
---- ------------ --------
acract American Computer Rental, Inc. Arlington, VA
adaptex Adaptec Inc. Grapevine, Texas
trash can cisco Systems Menlo Park, CA.
release O & # 39; Reilly Associates Gilford, CT
mimsy University of Maryland, College Park College Park, MD
oddjob University of Chicago Chicago, Illinois
omalos Technical University of Crete, Chani, Greece
Oracle Oracle Corporation Belmont, CA
tandem Tandem Computers, Inc. Cupertino, CA.
ucselx San Diego State University San Diego, CA
veritas VERITAS Software Santa Clara, CA

enter host (? for list): mimsy 

Now the program will run a port scan like Nmap would and return its findings. All hosts tend to have many ports open. You will probably see a lot of things that you are not familiar with, such as Tivoli Object Dispatcher.

  MIMSY studies on open sockets ...

port service desc
---- ------- ----
21 ftp file transfer [Control]
23 telnet Telnet
Finger with 79 fingers
94 objcall Tivoli Object Dispatcher
171 multiplex Network innovations Multiplex
513 login remote login a la telnet 

As soon as you choose a port, porthack will perform a buffer overflow, an attack in which the program starts writing on boundary memory after it exceeds the data capacity of a buffer. Porthack uses it to run code that you will add as a user. Machines during this period were particularly vulnerable to it because of the limited memory capacity they had, measured in kilobytes and megabytes, as opposed to the gigabytes of terabytes we are used to today.

If there is a rhyme or reason to which ports are vulnerable, I have yet to distinguish it. They can be chosen at random in the game, but at least one port is vulnerable to any host. I tend to just browse the port list.

If you ever lose access to that host, the same port will be vulnerable again, so it's worth taking notes along the way.

  gate to try? 21
attempted buffer overrun against port 21 / ftp ...
% porthack error - buffer overflow abuse failed
... try another port

gate to try? 171
buffer overflow attempt against port 171 / multiplex ...

* mimsy protection compromised *

Install TSR loopjacker ...
add user HOID to system accounts ...
upload command aliases to external shell ...

** porthack complete **

Type TELNET MIMSY to login.

Note: Use your current username and password to login.
Your credentials are installed on the external system
and gives you access.
operator: + priv HACKER. well done 

Congratulations! That's how you compromised your first system and achieved hacker performance! Now you can use a command like rlogin {hostname} to automatically log in to that host and have all the rights of a full user.

  @ rlogin mimsy
To attempt ...
Connected to MIMSY

- Linked to University of Maryland, College Park -

User name:
Password:
DEC Vax-8600 4.3BSD

Last interactive login on Tue May 15 12:36:10 CDT 2020

Note: modem lines have been changed.
New number: 301.405.2749
/ etc / motd:
Note: KABACHOK has ROOT here from Mon May 15 09:02:18 CDT 2020
mimsy $ 

Step 8: Steal some programs

We can take this hack a step further and steal sensitive documents and programs from the host. To do this, we need access to the File Transfer Protocol (FTP) server. Use ftp {host name} from your home terminal and then manually type your username and password.

  @ftp mimsy
Connected to mimsy.
220 mimsy FTP server (version 4.109 Wed November 19 9:52:18 PM CST 1986) ready.
Name (mimsy: hoids): hoids
331 Password required for hoid
Password: ************
230 User logged in
Remote system type is UNIX.
Use BIN mode to transfer files.
ftp> 

From here we can find useful programs with ls .exe showing us everything in the folder filtered for files ending in .exe.

  ftp> ls * .exe
200 PORT command successful
150 Open data connection in ASCII mode for file list
-rwxr-xr-x 1 bin bin 136651 July 13, 1981 killproc.exe
226 Transfer completed
ftp> 

The game guarantees that there will be one useful program on each host. In this case, we found killproc.exe, a program that we can use to terminate another user's process. It's helpful to get root on a host if someone else already has it. Download the file with get {file name} .

  ftp> get zcheat.exe
200 PORT command successful
Open 150 BIN mode data connection for killproc.exe (136651 bytes)
100% | =============================================== === => |
226 Transfer completed
136651 bytes received in 29 seconds (4.60 kB / s) 

While here, we can also add files to the host from our local computer. The first thing you should always add is porthack.exe, which allows you to hack hosts connected to this hacked host. Use the command put {filename} .

  ftp> put porthack.exe
200 PORT command successful
Open 150 BIN mode data connection for porthack.exe (27542 bytes)
100% | =============================================== === => |
226 Transfer completed
27542 bytes sent in 8 seconds (3.36 KB / s) 

When you are done, exit ftp.

  ftp> exit
221 Goodbye. 

Step 9: Start Your Hacker Quest

It can be entertaining in and of itself to switch between random machines from the 80's and hack them, but if you are the kind of person who needs a goal or a story , then I have exactly what you are looking for. Go to the Telehack terminal and type in the command quest and press Enter .

  @quest

SEARCH

Hacker Quest Challenge 1.14
maintained and reviewed by - = [ DarkNet / Continuity ] = -

Preparing for your challenge .......... ready

Your challenge is:

Hack your way to the host: INMET
The host contains this file: QX17471.SYS
Read this file and it will give you further instructions.

Good luck!

@ 

Now you have the exciting task of finding a particular host out of over 26,000 on the network! That host has a file that gives you further commands that lead you to yet other hosts and mysteries. As you search, you will hack hundreds of other hosts, find more executables, and discover all kinds of long-lost data.

To start your search, I recommend obtaining user accounts on all level 1 hosts available to you.

This can be accomplished by displaying the hosts with netstat and using the porthack.exe to get a user account. Netstat helps you keep track of which hosts you have hacked by putting an * next to them.

  @netstat
location of the host organization
---- ------------ --------
* acract American Computer Rental, Inc. Arlington, VA
* adaptex Adaptec Inc. Grapevine, Texas
* dustbin cisco Systems Menlo Park, CA
* release O & # 39; Reilly Associates Gilford, CT
* mimsy University of Maryland, College Park College Park, MD
* oddjob University of Chicago Chicago, Illinois
* omalos Technical University of Crete, Chani, Greece
* Oracle Oracle Corporation Belmont, CA
* tandem Tandem Computers, Inc. Cupertino, CA.
* ucselx San Diego State University San Diego, CA
* veritas VERITAS Software Santa Clara, CA 

From there you should be able to log in to any of the hosts with rlogin and run again netstat to run the available networks. to that host. If you continue like this, you should eventually be able to find your target. If you're having trouble finding your search target, universities always make great pivot points because they have the most connections to other hosts.

  mimsy $ netstat
location of the host organization
---- ------------ --------
ames NASA Ames Research Center Moffett Field, CA
anagld Analytics, Inc. Columbia, MD
aplcen Johns Hopkins University, APL Center Laurel, MD
arinc Aeronautical Radio, Inc. Annapolis, MD
black silicon Black silicon, fort of Computati McLean Virginia
Blenny Roy & # 39; s Retirement Research Silver Spring Mary
casemo CASE / Datatel, Inc. Annapolis Junction
cp1 Chesapeake & Potomac Tel. Companies, Silver Spring, MD
cvl Center for Automation Research, Univ College Park, MD
Elsie National Institutes of Health Bethesda, MD
one evax Elec. Spooky. Dept., U of Maryland, Col College Park, MD
fe2o3 Private New Jersey
fnord Inst. For Adv. Comp. Studies, Univer College Park, MD
hqda-ai US Army Artificial Intelligence Cent Washington, DC
kzin Kzinti Embassy, ​​McLean Virginia McLean Virginia
mama The Soup Kitchen Virginia
mbph Department of Biophysics, Univ. from Baltimore, MD
wet-3 White Spot (North) VA USA
nbs-amrf National Bureau of Standards, Automa Gaithersburg, MD
nmrdc1 Naval Medical Research & Development Bethesda, MD
pixcom Pix Technologies Corporation College Park, MD
prometheus Prometheus II, Ltd. College Park, MD
& ramstein-piv-1.af.mil Ramstein Air Base GERMANY
rayssd Raytheon Company Portsmouth, RI
rlgvax Computer Consoles, Inc., Office Syst Reston, Virginia
Rutgers Rutgers - Ne Piscataway, NJ State University
thinc Tomorrow & # 39; s Horizons, Inc. (THINC) Bethesda, MD
Tigger Palindrome ONLINE Richardson, Texas
umiacs Inst. For Adv. Comp. Studies, Univer College Park, MD
uunet UUNET Technologies, Inc Falls Church, VA
wb3ffv Advanced Business Solutions, Inc. Baltimore, MD
widener Widener University Computer Science Chester, PA
mimsy $ 

Go out and conquer the Telehack universe! May the command line live forever! And thank you for reading. If you have any questions, you can ask them here or on Twitter @The_Hoid .

Don't miss: The Hacks of Mr. Robot Explained

Want to make money as a white hat hacker? Start your White Hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.

Buy Now (96% Off)>

Cover Image via The Double-O-Kid / Prism Pictures; Screenshots of Hoid / Null Byte




Source link