Wednesday, February 27, 2008

XP Hacking With Windows XP

XP Hacking With Windows XP

So you have the newest, glitziest, "Fisher Price" version of Windows: XP. How
can you use XP in a way that sets you apart from the boring millions of ordinary
users?

The key to doing amazing things with XP is as simple as D O S. Yes, that's
right, DOS as in MS-DOS, as in MicroSoft Disk Operating System. Windows XP (as
well as NT and 2000) comes with two versions of DOS. Command.com is an old DOS
version. Various versions of command.com come with Windows 95, 98, SE, ME,
Window 3, and DOS only operating systems.

The other DOS, which comes only with XP, 2000 and NT, is cmd.exe. Usually
cmd.exe is better than command.com because it is easier to use, has more
commands, and in some ways resembles the bash shell in Linux and other Unix-type
operating systems. For example, you can repeat a command by using the up arrow
until you back up to the desired command. Unlike bash, however, your DOS command
history is erased whenever you shut down cmd.exe. The reason XP has both
versions of DOS is that sometimes a program that won?t run right in cmd.exe will
work in command.com

note : m not comparing bash to dos


DOS is your number one Windows gateway to the Internet, and the open sesame to
local area networks. From DOS, without needing to download a single hacker
program, you can do amazingly sophisticated explorations and even break into
poorly defended computers.


****************
You can go to jail warning: Breaking into computers is against the law if you do
not have permission to do so from the owner of that computer. For example, if
your friend gives you permission to break into her Hotmail account, that won't
protect you because Microsoft owns Hotmail and they will never give you
permission.
****************
****************
You can get expelled warning: Some kids have been kicked out of school just for bringing up a DOS prompt on a computer. Be sure to get a teacher's WRITTEN
permission before demonstrating that you can hack on a school computer.
****************

So how do you turn on DOS?
Click All Programs -> Accessories -> Command Prompt
That runs cmd.exe. You should see a black screen with white text on it, saying
something like this:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>

Your first step is to find out what commands you can run in DOS. If you type
"help" at the DOS prompt, it gives you a long list of commands. However, this
list leaves out all the commands hackers love to use. Here are some of those
left out hacker commands.

TCP/IP commands:
telnet
netstat
nslookup
tracert
ping
ftp

NetBIOS commands (just some examples):
nbtstat
net use
net view
net localgroup

TCP/IP stands for transmission control protocol/Internet protocol. As you can
guess by the name, TCP/IP is the protocol under which the Internet runs. along
with user datagram protocol (UDP). So when you are connected to the Internet,
you can try these commands against other Internet computers. Most local area
networks also use TCP/IP.

NetBIOS (Net Basic Input/Output System) protocol is another way to communicate
between computers. This is often used by Windows computers, and by Unix/Linux
type computers running Samba. You can often use NetBIOS commands over the
Internet (being carried inside of, so to speak, TCP/IP). In many cases, however,
NetBIOS commands will be blocked by firewalls. Also, not many Internet computers
run NetBIOS because it is so easy to break in using them. I will cover NetBIOS
commands in the next article to XP Hacking.

The queen of hacker commands is telnet. To get Windows help for telnet, in the
cmd.exe window give the command:

C:\>telnet /?

Here's what you will get:

telnet [-a][-e escape char][-f log file][-l user][-t term][host
[port]]

-a Attempt automatic logon. Same as --l option except uses the currently logged
on user's name.
-e Escape character to enter telnet cclient prompt.
-f File name for client side logging
-l Specifies the user name to log in with on the remote system. Requires that
the remote system support the TELNET ENVIRON option.
-t Specifies terminal type. Supportedd term types are vt100, vt52, ansi and vtnt
only.
host Specifies the hostname or IP address of the remote computer to connect to.
port Specifies a port number or service name.


****************
Newbie note: what is a port on a computer? A computer port is sort of like a
seaport. It's where things can go in and/or out of a computer. Some ports are
easy to understand, like keyboard, monitor, printer and modem. Other ports are
virtual, meaning that they are created by software. When that modem port of
yours (or LAN or ISDN or DSL) is connected to the Internet, your computer has
the ability to open or close any of over 65,000 different virtual ports, and has
the ability to connect to any of these on another computer - if it is running
that port, and if a firewall doesn?t block it.
****************
****************
Newbie note: How do you address a computer over the Internet? There are two
ways: by number or by name.
****************

The simplest use of telnet is to log into a remote computer. Give the command:

C:/>telnet targetcomputer.com (substituting the name of the computer you want to
telnet into for targetcomputer.com)

If this computer is set up to let people log into accounts, you may get the
message:

login:
Type your user name here, making sure to be exact. You can't swap between lower
case and capital letters. For example, user name Guest is not the same as guest.

****************
Newbie note: Lots of people email me asking how to learn what their user name
and password are. Stop laughing, darn it, they really do. If you don't know your
user name and password, that means whoever runs that computer didn't give you an
account and doesn't want you to log on.
****************

Then comes the message:

Password:

Again, be exact in typing in your password.

What if this doesn't work?

Every day people write to me complaining they can't telnet. That is usually
because they try to telnet into a computer, or a port on a computer that is set
up to refuse telnet connections. Here's what it might look like when a computer
refuses a telnet connection:

C:\ >telnet 10.0.0.3
Connecting To 10.0.0.3...Could not open connection to the host, on port 23. A
connection attempt failed because the connected party did not properly respond
after a period of time, or established connection failed because connected host
has failed to respond.

Or you might see:

C:\ >telnet hotmail.com
Connecting To hotmail.com...Could not open connection to the host, on port
23. No connection could be made because the target machine actively refused it.

If you just give the telnet command without giving a port number, it will
automatically try to connect on port 23, which sometimes runs a telnet server.

**************
Newbie note: your Windows computer has a telnet client program, meaning it will
let you telnet out of it. However you have to install a telnet server before
anyone can telnet into port 23 on your computer.
*************

If telnet failed to connect, possibly the computer you were trying to telnet
into was down or just plain no longer in existence. Maybe the people who run
that computer don't want you to telnet into it.
Even though you can't telnet into an account inside some computer, often you can
get some information back or get that computer to do something interesting for
you. Yes, you can get a telnet connection to succeed -without doing anything
illegal --against almost any computer, even if you don't have permission to log
in. There are many legal things you can do to many randomly chosen computers
with telnet. For example:

C:/telnet freeshell.org 22

SSH-1.99-OpenSSH_3.4p1

That tells us the target computer is running an SSH server, which enables
encrypted connections between computers. If you want to SSH into an account
there, you can get a shell account for free at http://freeshell.org . You can
get a free SSH client program from http://winfiles.com .

***************
You can get punched in the nose warning: Your online provider might kick you off
for making telnet probes of other computers. The solution is to get a local
online provider and make friends with the people who run it, and convince them
you are just doing harmless, legal explorations.
*************

Sometimes a port is running an interesting program, but a firewall won't let you
in. For example, 10.0.0.3, a computer on my local area network, runs an email
sending program, (sendmail working together with Postfix, and using Kmail to
compose emails). I can use it from an account inside 10.0.0.3 to send emails
with headers that hide from where I send things.

If I try to telnet to this email program from outside this computer, here's what
happens:

C:\>telnet 10.0.0.3 25
Connecting To 10.0.0.3...Could not open connection to the host, on port 25. No
connection could be made because the target machine actively refused it.

However, if I log into an account on 10.0.0.3 and then telnet from inside to
port 25, here's what I get:

Last login: Fri Oct 18 13:56:58 2002 from 10.0.0.1
Have a lot of fun...
cmeinel@test-box:~> telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1... [Carolyn's note: 127.0.0.1 is the numerical address meaning
localhost, the same computer you are logged into]
Connected to localhost.
Escape character is '^]'.
220 test-box.local ESMTP Postfix

The reason I keep this port 25 hidden behind a firewall is to keep people from
using it to try to break in or to forge email. Now the ubergeniuses reading this
will start to make fun of me because no Internet address that begins with 10. is
reachable from the Internet. However, sometimes I place this "test-box" computer
online with a static Internet address, meaning whenever it is on the Internet,
it always has the same numerical address. I'm not going to tell you what its
Internet address is because I don't want anyone messing with it. I just want to
mess with other people's computers with it, muhahaha. That's also why I always
keep my Internet address from showing up in the headers of my emails.

***************
Newbie note: What is all this about headers? It's stuff at the beginning of an
email that may - or may not - tell you a lot about where it came from and when.
To see full headers, in Outlook click view -> full headers. In Eudora, click the
"Blah blah blah" icon.
****************

Want a computer you can telnet into and mess around with, and not get into
trouble no matter what you do to it? I've set up my techbroker.com
(206.61.52.33) with user xyz, password guest for you to play with. Here's how to
forge email to xyz@techbroker.com using telnet. Start with the command:

C:\>telnet techbroker.com 25
Connecting To Techbroker.com

220 Service ready

Now you type in who you want the message to appear to come from:

helo santa@techbroker.com
Techbroker.com will answer:

250 host ready

Next type in your mail from address:

mail from:santa@techbroker.com

250 Requested mail action okay, completed

Your next command:

rcpt to:xyz@techbroker.com
250 Requested mail action okay, completed

Your next command:
data
354 Start main input; end with .


just means hit return. In case you can't see that little
period between the s, what you do to end composing your email is to hit
enter, type a period, then hit enter again. Anyhow, try typing:

This is a test.
.
250 Requested mail action okay, completed
quit
221 Service closing transmission channel

Connection to host lost.

Using techbroker's mail server, even if you enable full headers, the message we
just composed looks like:

Status: R
X-status: N

This is a test.

That's a pretty pathetic forged email, huh? No "from", no date. However, you can
make your headers better by using a trick with the data command. After you give
it, you can insert as many headers as you choose. The trick is easier to show
than explain:

220 Service ready
helo santa@northpole.org
250 host ready
mail from:santa@northpole.com
250 Requested mail action okay, completed
rcpt to:cmeinel@techbroker.com
250 Requested mail action okay, completed
data
354 Start main input; end with .
from:santa@deer.northpole.org
Date: Mon, 21 Oct 2002 10:09:16 -0500
Subject: Rudolf
This is a Santa test.
.
250 Requested mail action okay, completed
quit
221 Service closing transmission channel

Connection to host lost.

The message then looks like:

from:santa@deer.northpole.org
Date: Mon, 21 Oct 2002 10:09:16 -0500
Subject: Rudolf
This is a Santa test.

The trick is to start each line you want in the headers with one word followed
by a colon, and the a line followed by "return". As soon as you write a line
that doesn't begin this way, the rest of what you type goes into the body of the
email.

Notice that the santa@northpole.com from the "mail from:" command didn't show up
in the header. Some mail servers would show both "from" addresses.

You can forge email on techbroker.com within one strict limitation. Your email
has to go to someone at techbroker.com. If you can find any way to send email to
someone outside techbroker, let us know, because you will have broken our
security, muhahaha! Don't worry, you have my permission.

Next, you can read the email you forge on techbroker.com via telnet:

C:\>telnet techbroker.com 110

+OK <30961.5910984301@techbroker.com> service ready

Give this command:
user xyz
+OK user is known

Then type in this:
pass test
+OK mail drop has 2 message(s)

retr 1
+OK message follows
This is a test.

If you want to know all possible commands, give this command:

help
+OK help list follows
USER user
PASS password
STAT
LIST [message]
RETR message
DELE message
NOOP
RSET
QUIT
APOP user md5
TOP message lines
UIDL [message]
HELP

Unless you use a weird online provider like AOL, you can use these same tricks
to send and receive your own email. Or you can forge email to a friend by
telnetting to his or her online provider's email sending computer(s).

With most online providers you need to get the exact name of their email
computer(s). Often it is simply mail.targetcomputer.com (substitute the name of
the online provider for targetcomputer). If this doesn't work, you can find out
the name of their email server with the DOS nslookup program, which only runs
from cmd.exe. Here's an example:


C:\ >nslookup
Default Server: DNS1.wurld.net
Address: 206.61.52.11

> set q=mx
> dimensional.com
Server: DNS1.wurld.net
Address: 206.61.52.11

dimensional.com MX preference = 5, mail exchanger =
mail.dimensional.com
dimensional.com MX preference = 10, mail exchanger =
mx2.dimensional.com
dimensional.com MX preference = 20, mail exchanger =
mx3.dimensional.com
dimensional.com nameserver = ns.dimensional.com
dimensional.com nameserver = ns-1.dimensional.com
dimensional.com nameserver = ns-2.dimensional.com
dimensional.com nameserver = ns-3.dimensional.com
dimensional.com nameserver = ns-4.dimensional.com
mail.dimensional.com internet address = 206.124.0.11
mx2.dimensional.com internet address = 206.124.0.30
mx3.dimensional.com internet address = 209.98.32.54
ns.dimensional.com internet address = 206.124.0.10
ns.dimensional.com internet address = 206.124.26.254
ns.dimensional.com internet address = 206.124.0.254
ns.dimensional.com internet address = 206.124.1.254
ns.dimensional.com internet address = 209.98.32.54
ns.dimensional.com internet address = 206.124.0.32
ns.dimensional.com internet address = 206.124.0.30
ns.dimensional.com internet address = 206.124.0.25
ns.dimensional.com internet address = 206.124.0.15
ns.dimensional.com internet address = 206.124.0.21
ns.dimensional.com internet address = 206.124.0.9
ns-1.dimensional.com internet address = 206.124.26.254
ns-2.dimensional.com internet address = 209.98.32.54
ns-3.dimensional.com internet address = 206.124.1.254
ns-4.dimensional.com internet address = 206.124.0.254
>

The lines that tell you what computers will let you forge email to people with
@dimensional.com addresses are:

dimensional.com MX preference = 5, mail exchanger =
mail.dimensional.com
dimensional.com MX preference = 10, mail exchanger =
mx2.dimensional.com
dimensional.com MX preference = 20, mail exchanger =
mx3.dimensional.com

MX stands for mail exchange. The lower the preference number, the more they
would like you to use that address for email.If that lowest number server is too
busy, then try another server.

Sometimes when you ask about a mail server, nslookup will give you this kind of
error message:

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to [207.217.120.202] timed-out

To get around this problem, you need to find out what are the domain servers for
your target online provider. A good place to start looking is
http://netsol.com/cgi-bin/whois/whois . If this doesn't work, see
http://happyhacker.org/HHA/fightback.shtml for how to find the domain servers
for any Internet address.
****************
Newbie note: A domain name server provides information on the names and numbers
assigned to computers on the Internet. For example, dns1.wurld.net and
dns2.wurld.net contain information on happyhacker.org, techbroker.com,
securitynewsportal.com, thirdpig.com and sage-inc.com. When you query
dns1.wurld.net about other computers, it might have to go hunting for that
information from other name servers. That's why you might get a timed out
failure.
***************

Once you know the domain servers for an online service, set one of them for the
server for your nslookup program. Here's how you do it:

C:\ >nslookup
Default Server: DNS1.wurld.net
Address: 206.61.52.11

Now give the command:

> server 207.217.126.41
Default Server: ns1.earthlink.net
Address: 207.217.126.41

Next command should be:
> set q=mx
> earthlink.net
Server: ns1.earthlink.net
Address: 207.217.126.41

earthlink.net MX preference = 5, mail exchanger = mx04.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx05.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx06.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx00.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx01.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx02.earthlink.net
earthlink.net MX preference = 5, mail exchanger = mx03.earthlink.net
earthlink.net nameserver = ns3.earthlink.net
earthlink.net nameserver = ns1.earthlink.net
earthlink.net nameserver = ns2.earthlink.net
mx00.earthlink.net internet address = 207.217.120.28
mx01.earthlink.net internet address = 207.217.120.29
mx02.earthlink.net internet address = 207.217.120.79
mx03.earthlink.net internet address = 207.217.120.78
mx04.earthlink.net internet address = 207.217.120.249
mx05.earthlink.net internet address = 207.217.120.31
mx06.earthlink.net internet address = 207.217.120.23
ns1.earthlink.net internet address = 207.217.126.41
ns2.earthlink.net internet address = 207.217.77.42
ns3.earthlink.net internet address = 207.217.120.43
>

Your own online service will usually not mind and may even be glad if you use
telnet to read your email. Sometimes a malicious person or faulty email program
will send you a message that is so screwed up that your email program can't
download it. With telnet you can manually delete the bad email. Otherwise tech
support has to do it for you.

If you think about it, this ability to forge email is a huge temptation to
spammers. How can your online provider keep the bad guys from filling up a
victim's email box with garbage? The first time a bad guy tries this, probably
nothing will stop him or her. The second time the online provider might block
the bad guy at the firewall, maybe call the bad guy's online provider and kick
him or her and maybe get the bad guy busted or sued.

**************
You can go to jail warning: Sending hundreds or thousands of junk emails to bomb
someone's email account is a felony in the US.
***************

***************
You can get sued warning: Spamming, where you send only one email to each
person, but send thousands or millions of emails, is borderline legal. However,
spammers have been successfully sued when they forge the email addresses of
innocent people as senders of their spam.
****************

Now that you know how to read and write email with telnet, you definitely have
something you can use to show off with. Happy hacking!

Oh, here's one last goodie for advanced users. Get netcat for Windows. It's a
free program written by Weld Pond and Hobbit, and available from many sites, for
example
http://www.atstake.com/research/tools/#network_utilities . It is basically
telnet on steroids. For example, using netcat, you can set up a port on your
Windows computer to allow people to telnet into a DOS shell by using this
command:

C:\>nc -L -p 5000 -t -e cmd.exe

You can specify a different port number than 5000. Just make sure it doesn't
conflict with another port by checking with the netstat command. Then you and
your friends, enemies and random losers can either telnet in or netcat in with
the command:

C:\>nc -v [ipaddress of target] [port]

Of course you will probably get hacked for setting up this port. However, if you
set up a sniffer to keep track of the action, you can turn this scary back door
into a fascinating honeypot. For example, you could run it on port 23 and watch
all the hackers who attack with telnet hoping to log in. With some programming
you could even fake a unix-like login sequence and play some tricks on your
attackers.

Saturday, February 23, 2008

Change Start logo in Xp

Change Start logo in Xp :

I’ve read a number of articles on the internet about changing the text on the
Start button in XP. On more than one occasion I’ve seen references to a five (5)
letter limitation when the button is renamed. I always wondered if this
was true or just an assumption someone made because the default ‘start’
just happened to fit the button size. So, I decided to run a test and see if
there really was a five character limit.

First of all just u need to do is download Resource hacker.

Resource HackerTM is a freeware utility to view, modify, rename,
add, delete and extract resources in 32bit Windows executables and
resource files (*.res). It incorporates an internal resource script compiler
and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and
WinXP operating systems.

Its just 541Kb in the size.. click here to go to the download Page


Download Resource Hacker


display the stringtable as shown in Fig. 02. We’re going to modify item 578,
currently showing the word “start” just as it displays on the current Start button.
First Step

The first step is to make a backup copy of the file explorer.exe located at
C:\Windows\explorer. Place it in a folder somewhere on your hard drive
where it will be safe. Start Resource Hacker and open explorer.exe located at C:\Windows\explorer.exe
The category we are going to be using is String Table In Resource Hacker.
Expand it by clicking the plus sign then navigate down to and expand string 37
followed by highlighting 1033. If you are using the Classic Layout rather than
the XP Layout, use number 38. The right hand pane will
There is no magic here. Just double click on the word “start” so that it’s
highlighted, making sure the quotation marks are not part of the highlight.
They need to remain in place, surrounding the new text that you’ll type.
Go ahead and type your new entry

Second Step – Modify the Registry

Now that the modified explorer.exe has been created it’s necessary to
modify the registry so the file will be recognized when the user logs on
to the system. If you don’t know how to access the registry I’m not sure
this article is for you, but just in case it’s a temporary memory lapse, go
to Start (soon to be something else)
Run and type regedit in the Open: field. Navigate to:

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\
CurrentVersion\ Winlogon


double click the Shell entry to open the Edit String dialog box .
In Value data: line, enter the name that was used to save the
modified explorer.exe file. Click OK.

Close Registry Editor and either log off the system and log back in,
or reboot the entire system if that’s your preference. If all went as
planned you should see your new Start button with the revised text.

u can ofcource change the text of other Baloon Items , My Computer Name,
Favourites and so on many more..

Monday, February 11, 2008

What is hacker?

The Jargon File contains a bunch of definitions of the term Hacker, most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.

There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music — actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them ‘hackers’ too — and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term ‘hacker’.

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them.

Wednesday, January 9, 2008

The Hacker Attitude

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.

But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you — for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters — not just intellectually but emotionally as well.

Or, as the following modern Zen poem has it:


To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master.

So, if you want to be a hacker, repeat the following things until you believe them:

1. The world is full of fascinating problems waiting to be solved.

Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.

If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.

(You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece — and so on, until you're done.)

2. No problem should ever have to be solved twice.

Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

To behave like a hacker, you have to believe that the thinking time of other hackers is precious — so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.

Note, however, that "No problem should ever have to be solved twice." does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn't know before by studying the first cut at a solution. It's OK, and often necessary, to decide that we can do better. What's not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels.

(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.)

3. Boredom and drudgery are evil.

Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do — solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.

To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).

(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice — nobody who can think should ever be forced into a situation that bores them.)

4. Freedom is good.

Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.

(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)

Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing — they only like ‘cooperation’ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.

5. Attitude is no substitute for competence.

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.

Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.

If you revere competence, you'll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.