The following was originally compiled in June 1998 and updated January 2003. It answers some basic questions about this FAQ.
If we said "to teach hacking", we would be lying.
First off, no documentation will teach you how to hack. This FAQ simply attempts to answers common questions regarding some of the underlying mechanics.
Second, we will not be drawn into a debate regarding usage of terms (hacker vs. cracker, etc.) and will certainly not be drawn into a discussion on the moral or legal issues involved. The material is what it is - no more, no less, and we use terms the way we see fit to answer a question from the intruder perspective.
The goal here is simply information disemination.
For a large part of the material, testing was completed in the NMRC lab and at various field locations. Some of the tools used during testing are available from the NMRC web site in the projects section (alternate locations are listed in the resources section).
For NT, the lab was used, but due to a recent "moment of clarity", NT is no longer operational in the labs. Field locations will be used from now on. Web-related hacking information has been tested in the field, but now we also have resources for this type of testing in the lab. Unix testing is also done in the lab, but primarily limited to the free ones such as Linux and FreeBSD, OpenBSD, NetBSD.
Technical info has been discovered (read "quoted without permission because it was out in a public forum so we leeched it") and collected. Often, the technical detail is complete and self-explanatory in its original source, so we feel no reason to test it in a lab environment. We try to quote original material when we can. If we have left you out, email us at faq at nmrc dot org.
The actual FAQ was assembled from various text files and has been turned into XHTML source. This gives us a single starting place during revisions and the opportunity for a multitude of output formats.
Send comments about information in this FAQ to hackfaq at nmrc dot org. Simple flames about typos and "that's not right" one-liners will be ignored. If you wish to contribute corrections, please include your research and source of facts. Also, if you wish to add your information, we will include it if we can include your email address, unless we can verify the info independently. This way, if someone has questions, they can bug you and not us.
It is prefered that you include OS flavor and versions, and other conditions used in testing. Theoretical discussion is fine, just try to back up your findings. Also note that we may often rewrite your submissions to match the "elite" nature of our FAQ ;-)
Anonymous submissions are okay. Encrypt them if you like. Here's Simple Nomad's GPG key (also available from MIT's key server):
Here are a few of our many contributors (the list of sources borrowed from is a bit too lengthy to include here, and are typically referenced within the FAQ itself):
Documentation and Compilation:
Music Heard During Revising/Editing/Testing:
This FAQ is available online (and possibly in other formats) from the following locations:
Currently, due to the new processing of the information, mirrors will not be supported. Once we've implemented the process, we hope to provide updates to this FAQ once a month.
There is no disclaimer. Disclaimers are lame and idiotic LawyerSpeak. We don't care how you use this information. If you use it to break the law, fine. If you get caught, fine. If you use it to secure a system, fine. We are responsible for ourselves, therefore we need no "disclaimer". Instead, here is our exclaimer -- PISS OFF.
The only thing more lame than a disclaimer on a web page is a disclaimer in a sig file (we all know how many millions of dollars in attorney's fees are saved by sig files every year).
Here are the changes that have been made to this FAQ.
Top | Next: Attack Basics | Previous: Table of Contents | Table of Contents