HACK(1)                   User Commands                   HACK(1)



NAME
     hack - user interface to the  HACK  protocol  (automatically
     identifying and exploiting weaknesses on a remote host)


SYNOPSIS
     hack [-p] [-l] [-i] [-s minport maxport] [-P] [-h] [-w] [-q]
     [-L]


DESCRIPTION
     The hack command opens a TCP or LBP connection to  a  remote
     host  with  the  intention  of  locating and exploiting that
     system's weaknesses using the HACK protocol. Hack is partic-
     ularly  useful for users who desire the glory of hacking but
     cannot or will not learn UNIX.  If hack is  invoked  without
     the  hostname argument, it enters command mode, indicated by
     its prompt ``hack>'' is invoked with arguments, it  performs
     a ``breach'' command with those arguments.


OPTIONS
     -p    Pathetic mode.  This assumes that the target  host  is
          poorly-administered  and  contains  one or more ancient
          security holes (sendmail  DEBUG,  fingerd  hole,  valid
          /etc/passwd  in  ftp  dir,  etc.)  and  thus attempts a
          ``quick-and- dirty''  intrusion  on  the  machine.   No
          attempts at subtlety or anonymity are made when hack is
          in pathetic mode; it assumes  that  the  target  host's
          administrators  either  keep no logs or check them on a
          bi-yearly basis.


     -l    Extended hack.  This option will initiate a long- term
          attack  on  the target host, which entails not only the
          standard HACK protocol at the time the command is  exe-
          cuted,  but  also  a series of probes to be executed at
          carefully-spaced intervals in the future.  The  initial
          hack  connection  will  by  default  record  the target
          host's current users and last administrator logins, and
          future probes as a result of the -e option will attempt
          to avoid these times  to  escape  immediate  detection.
          (The  target  host's  logs  are,  of  course,  tailored
          automatically by most versions of hack.)


     -i    Interactive mode.  When hack is executed with the  - i
          option  enabled,  it will perform its initial scan fol-
          lowed by the prompt ``Hack  now?  y/n''  If  Y  is  not
          selected,  ``Hack  later''  will be displayed, and upon
          each future login the user will be prompted again until
          he sees fit to complete the hack.



SunOS 5.5.1               Last change:                          1






HACK(1)                   User Commands                   HACK(1)



     -s    Scan  ports.   Attempts  strobe - like  port  scanning
          between  the  selected ports on the target host.  Secu-
          rity  holes  on  these  ports  will  be   automatically
          exploited,   and  hack  will  display  ``Hackable  port
          detected'' for each. Hack then enters interactive  mode
          for each hackable port, prompting the user according to
          -i.


     -h    Hopeless mode.  This assumes that the  user  executing
          the  hack  command  simply  is  not  destined to become
          knowledgable  in  the  field,  successfully   penetrate
          remote  machines,  or  to  do anything practical with a
          computer, for that matter.  The -h mode  aborts  execu-
          tion  of  hack  , but sends a FAQ request via e-mail to
          alt.2600, with Reply-to: set to the  USER  variable  of
          the  ENVIRON  option.  Additionally, -h sends a member-
          ship request to America Online,  Incorporated,  for  an
          AOL  startup  package  and  15  free  hours of Internet
          strangulation.


     -P    Planetary mode.  This function hacks the planet,  pure
          and  simple. -P bombards every known host on the Inter-
          net with hack  penetration  attempts.   All  successful
          intrusions  will  be  reported real-time, although this
          option may take weeks, months,  or  years  on  anything
          short  of  a quantum computer.  Bandwidth is not a con-
          cern here; however, don't  use  this  mode  unless  you
          REALLY don't know what you're doing.


     -q    Quarantined hosts.  Setting the -q option allows  hack
          to attack non-networked hosts such as standalone works-
          tations, fast-food-chain cash  registers  and  graphing
          calculators  via LBP. (For more information on Linkless
          Bytestream Protocol see RFC 3733 section T.)


     -L    Localhost.  The -L option ignores  hostname  arguments
          and  attempts  to penetrate the localhost.  If executed
          by a non-superuser, hack attempts to gain  root  access
          via  the HACK protocol.  If executed by root or similar
          superuser, hack selects an attack method  (chosen  ran-
          domly  from /etc/hack/annoying/mediahyped/attackmthds )
          and executes it against the localhost.  (CERT note:  it
          is  conceivable that certain aspects of the -L function
          might possibly make it a threat to system security;  be
          aware of this before installing on a multiuser system.)






SunOS 5.5.1               Last change:                          2






HACK(1)                   User Commands                   HACK(1)



DISTRIBUTION
     Hack is available via anonymous ftp at the following sites:

        ftp://ftp.cert.org/pub/tools/hack.c  <hack.exe  for  DOS>
        ftp://ftp.halibut.com/pub/phish/3l33t/appz/hack.c

     or via mail order: send  mail  to  cert@cert.org  with  "GET
     HACKING  TOOL"  in  the  message body. Hack95, an icon-based
     interface for Windows 95 users, should be available by early
     October 1996.


AUTHOR
     Terrel Maxeme <terrel@sad.com>

     Information about new releases,  mailing  lists,  and  other
     related  issues  can be found from the hack WWW home page at
     http://www.ignorance.net/hack


SEE ALSO
     hackd (8), clueless (1), breach (2)

































SunOS 5.5.1               Last change:                          3