Skip to content

Newfag Guide

Tenshi Hinanawi edited this page Apr 28, 2012 · 1 revision
                    -hmdddmmmmddmNd.                      ...`                 
                   -NmdmNhsoosyNmdmN:.-::////::-.`    :shmmmmmmh+`             
             `oNdddddddddddddddddmm+///////sdmmdo/////+Mhyyyyyyydh   -Dont get v&!
         `mmddddddddmMdddddddhyyyyyyyyyyyyyyyyyyyyyyyyymo `/ymNmdhyyyyN+       
         /MdddddddddmMmddmmmmmmddhyyyyyyyyyyyyyyyyyyyyyM/ `/hdhyyyyyydm.       
         oNdddddddddddddddddddddddNNyyyyyyyyyyyyyyyyyyms +Mhhhhhhdmd/`         
         /MddddddddddddddddddddddmNdyyyyyyyyyyyyyyyyydm` .mmddmddy/`           
          yNdddddddddddddddddddmNmhyyyyyyyyyyyyyyyyydN-   .://:.`              
              `mmdddddddddddmm:  `smddddddhhyyyyhN`                            
              +Mmddddddddddmo`     smddddddhyyyyyN+                            
              yNdddddddddmd-        +mmdddddhyyyydd                            
             -Nddddddddmd+`          .ymmddddhhyyhM-                           
             hmdddddddms`              :yNddddddddN/                           
            .MdddddddN/                 +NddddddddM-                           
            /Nddddddmo                 /NddddddddNy                            
            :MdddddmN`                .Nmdddddddmh`                            
            .MdddddNo                `dmdddddddmd`                             
            `MdNdmdM.                sNdddddddmh`                              
             hmmdNdN                `Mmddddddhddo-`                            
             `-`:-:-                 yNdddddhyyyhddy/`                         

Anonymous guide on how to be a /h4ck/er on Steriods

  • Legion of /h4ck/ers

    • Read this file top-to-bottom •••Preliminary••••••••••••••••• [>] [>] ••••What•this•guide•is••••••••• [>] [>] ••••What•this•guide•isn't•••••• [>] [>] ••••Target•Auidence•••••••••••• [>] [>] •••Programming••••••••••••••••• [>] [>] •••Rules•and•Protips••••••••••• [>] [>] ••••/i/nsurgent•protips•••••••• [>] [>] ••••/h4ck/er•protips••••••••••• [>] [>] •••Professions••••••••••••••••• [>] [>] •••Basics•••••••••••••••••••••• [>] [>] ••••How•Computers•Work••••••••• [>] [>] •••••Languages•Control•All••••• [>] [>] ••••Networking•Basics•••••••••• [>] [>] •••••IP•Addresses•••••••••••••• [>] [>] •••••TCP/IP•••••••••••••••••••• [>] [>] •••Raiding•9001•••••••••••••••• [>] [>] ••••Websites••••••••••••••••••• [>] [>] •••••HTTP•Botting•••••••••••••• [>] [>] •••••Session•Hijacking••••••••• [>] [>] •••••XSS••••••••••••••••••••••• [>] [>] •••••Breaking•Captcha•••••••••• [>] [>] •••••Phishing•••••••••••••••••• [>] [>] •••••DoS••••••••••••••••••••••• [>] [>] ••••••Weak•Spots••••••••••••••• [>] [>] •••••R00ting••••••••••••••••••• [>] [>] •••••Stealing•Information•••••• [>] [>] •••Resources••••••••••••••••••• [>] [>] ••••Tools•••••••••••••••••••••• [>] [>] ••••Links•••••••••••••••••••••• [>] [>] ••••Reference•••••••••••••••••• [>] [>] •••Closure••••••••••••••••••••• [>] [>] ••••••••••••••••••••••••••••••• [>] [>] %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% [>] [>] [>] [>] Do it for teh lulz [>] [>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>][>]


  • Create a long list of keywords to learn

  • add how to cover tracks

  • Raiding 9001

    • -cover exploits regarding php/.net/j2ee/old CGI (c/perl)
  • j2ee developed applications are pretty secure, but definetly cover this

  • note to newfags: the extension doesn't garauntee what the platform it was developed on. j2ee rarely ends in .jsp because the servlet usually forwards to its context root "domain-url/Example" instead of "domain-url/example.jsp".


Anyone can pick up and write to this file, don't drop names into it otherwise it'll just get sage bombed. Any edits you put into there, submit to a new thread and let ppl in /h4ck/ go over it to make sure it isn't wrong/or just stupid.

What this guide is

  • How to help an /i/nsurgency using techincal expertise
  • Again, how to help an /i/nsurgency as opposed to personal vendettas
  • Again, HOW TO FUCKING RAID teh internet, so its focused on websites
  • if the terms like "lurk moar" for example confuse you, then this guide won't help you, try: PROTIP: If any links are broken, learn to waybackmachine/google.

What this guide isn't

  • hOW tO bE a HaCkEr
  • rooting. This is not another how to root guide but it will cover that for newfags. Rooting != win. rooting will last for 2-8 hours. A well thought out attack causes days worth of damage in data lost, and weeks of labor lost.
  • any words like script kiddies or any other retarded shit you will hear people on blogs/digg/fag dominion talking about. Funny how the biggest namefags who love to talk about hacking the most 1) rarely hack or 2) never hack. Its also funny how the latter of the two write 90% more than the prior of the 2
  • linux based. linux != hacking. knowing linux is helpful if u want to hack into linux boxes. You have probably read other guides and noticed how they keep reiterating that you must somehow use only or be a linux guru in order to hack. That is just incorrect, however you will need to know some how to use linux and be rather profecient in it as it would be pretty fail to not know linux, then hack into a linux box using some script and then not know what the fuck to do.

Target Audience

  • if gb2/gaia, gb2/bed, or yiff in hell offends you, kill yourself. Anyone who is a weaboo fag or jerks off to furry shit clearly doesn't have the capacity to hold a non-remedial job let alone utilize technical expertise.
  • you need to be able to program, if you can't, then refer to the paragraph below.
  • we are a legion of h4ckers, many of us are IT professionals/comp sci students (in b4 CS III). You'll probably end up on that path anyway, why learn to program and then not make good money at an ez job am i rite? YOU THERE. WHAT IS YOUR PROFESSION?
  • If you want to know the answer to "I have an IP what can I do with it" this means that you don't understand computers very well and _ we don't need you._ There are enough newfags trying to sway Anonymous towards a cause other than pure chaos (see: Ron Paul, anarchy, atheism, "hacktivism", personal vendettas) You need to learn some more before you attempt to help, much less give out any expertise...(so lurk moar) Read the next paragraph and after you do some learnin come back. You'll need to keep reading shit and never stop... How about you try to spend as much time on your learnins as you have put into your faggot MMOs? Also skip to the Basic section and read that before you program.


 if (!notProgrammer || (pLangauges.size == 1 && == "php")
   || shitpilenewb) {

If you can't program you will never know shit. You won't understand how any exploit which you prolly /r/ but don't even fucking know why. l2/program and LEARN IT GOOD + you will never stop coding once you do. When you see exploits being mentioned, in the back of your mind you will understand exactly what it is doing and how it works. Understanding and after that, knowing, IS THE EPITOMY OF HACKING. You will never know shit unless you learn how computers work. ^ Learn a non interpreted language first. Rather, just learn C or C++, Java. These languages are turned directly into machine code, which is then fed to the CPU as opposed to a script, which is interpreted by a program. You will need to learn about the stack, and other common programming topics so get a good book. If you really want to be good, learn ASSEMBLY and learn how C/C++ is converted to assembly. Remember this: High level language -> Intermediate language -> Machine code an example: C -> Assembly -> 01001010 <-instruction i++ -> INC [i] -> 01001010 10001010 <- EXAMPLE,was too lazy to refer to correct opcode so don't be a wise ass if you did refer and found the 0's and 1's were completely wrong, because they just an example and I'm lazy. Java works differently, yet you will prolly learn it in college. VB is not helpful, it isn't like other high level languages. Do not learn it. protip: c#, Ruby on Rails, J2EE and php will not help you learn computers/how to program anything good. They are highly detailed in helping developers create web applications. If the idea of creating a web game or forum interests you then learn these as they will automize and make a lot of the programming required for web development easy. Learn these afterwards though they are needed to understand how web applications work. ^ WHAT THE BOOKS WONT TELL YOU YET WHAT IS MORE IMPORTANT:

  • It is all about source code. You learn from source code. After you get the basics down just google '"source code"+language'. Look at any programs that interest you. basically, Read a little, write a little, REPEAT. This is what we all do, no matter skill level.

  • Every language has a common library for handling Strings, threads, etc. Some pretty common code. You WILL need to know this just as good as the syntax so quickly find the API reference for these. Fuck it here they are lulz:

  • LEARN TO FUCKING GOOGLE! This isn't because you annoy others, if anything ppl enjoy strobing their e-peen to help you. But, listen. As paid software dev, I, and everyone of us google shit at work. Why? Because when you are a programmer you REUSE code, and you want to find other libraries which already work well and are very extensive. Whenever you get an error, type it into google and you will get information pertaining to it.

  • Only reason I recommend books is because they SHOULD tell you about the stack and how computers work in general. After you have read all of that, can you write a program that visits a webpage, grabs all of the links there, and visits one of the pages in there? Then steal all the emails in the page (as it looks for links). Then code it so that it scans for forms and logs whether or not it found one and what the url was. If you didn't write good functions (modular code) you still need to learn that or else you won't be a good coder. Once you have this project up and running, and can easily make changes (ie: easily add new functionality) to it then you can move on. Oh, and one more challenge: learn what the stack is, and then read this and attempt to understand what a buffer overflow exploit is. These are very common:

  • hint on what stack you want to read about:

  • ^as not to confuse you with the abstract data structure. Of course, if you choose java you still need to learn pointers. So, finish both challenges before you can move on. DO IT FAGGOT! tl;dr: learn java or c, then assembly and then stick to those for a while } else { so you can program? doesn't mean jack. You need be able to think creatively. You need to know the "time of day", (hint: its always RAPE). Knowing what to program is what you need to focus on no matter your skill level. Other languages and stuff to learn: Because we hit websites so much, you need to learn HTML and some javascript, and css. Any other programming languages will be very similar and learning them should only take 2-4 days. You should also understand TCP/IP basics, proxies, socks, and HTTP is very important. Also learn binary (its a number system, just like decimal... also learn hex, again an number system, not something that you edit with a hex editor). }

Rules and Protips


  1. Do not namefag. Do not trust namefags. You need 7 proxies, but you'll need 9001 handles. Use a new handle AND proxy often. An internet handle is as good as your FULL NAME and DOB once they do find your indentity. Going around putting your handle in sploits or coding a bot then posting the link in the channel with the SAME name over and over means you're a fucking retard. WE ARE FUCKING CALLED ANONYMOUS FOR A REASON.
  2. MODS = FAGS. This applies to ircops and channel ops. Do not "work your way up" the hiearchy (hence don't namefag). I don't have anything against these people other than their general name faggotry. We found out the owner of partyvan IS A G-A-I-A FAG during a raid. Don't trust mods and nevar trust a namefag.
  3. Contribute solutions with the goal of "Getting the job done". Raids need coders. Some of it it common shit like a bot that spams shit on forums or w/e messaging. The idea is to take the best strategical course of action. Find or start a project which will either result in absolute lulz or rape (hence "whatever works, whatever gets it done"). The idea is to maximize rape, not grow an e-peen. If you don't be a namefag then growing an e-peen won't factor in, and you'll understand how important contributing is.

/i/nsurgent protips

  1. Switch your name often, you are anonymous. If you want attention or have some other pyschological needs you can join g00ns. Nothing against them but they will offer you what you want so that you don't douse decent lulz worthy raids with your general faggotry.

  2. Proxy now instead of later. Even though no shit will happen to you by just entering a channel if you later decide to do something illegal, then keep the same fucking name you logged in with that links to your ip, which your ISP will be able to link to your SUBSCRIBER ACCOUNT/BILLING ADDRESS then yeah, you're a faggot and deserve jail raep.

  3. Contribute and post screen shots on teh chans + talk some. If anyone kicks you, show them your screen shots of lulz.

  4. You do not need to be an ircfag. Ideally you wouldn't be lurking there at all and all of your work should be posted to boards but the irc is effecient. Would be very hard to talk, collaborate and have good intel on a chan.

  5. Do not worry about "working your way up the irc channels/mods." Infact, you shouldn't be doing that at all. If you are looking for social interaction/importance then gb2/gaia. Also, if you are from gaia or are just a fag in general and are looking into this because you think it's "trendy", you will be doxed in matter of time, could be as soon as a week, or later in a month, 3 months, eventually, if you don't gb2/gaia and stay there.

/h4ck/er protips

If you think rooting = the ultimate hack then you're a shitpile n00b. If you want to make an impact, and lulz over what a group, community (fags) and company had to put up with from what you did with your keyboard then this guide is for you. Also, this isn't a pissing contest. Nobody gives a shit about how good you may or may not be. Also if you are anonymous, this wouldn't apply because in effect, you don't exist, but your work does.

  1. Blame it on a namefag. Anything you write, claim credit for it, using someone elses name. Party van tracks us the same way we dox faggots:
  • tracing aliases is step #1. Afraid that your exploit will cause enough
  • monetary damage to warrant an FBI investigation? Hop onto the partyvan irc
  • find a random namefag there and blame it him for teh lulz.
  1. Do collaborate with other h4ckers and learn from them. Share source code at your own discretion. Also you can offer help if you know a lot about a particular field (ie: if its your irl job or something you happen to know the ins-and-outs of).

  2. Learn how to hide your tracks and the internet fucking works before you start talking, let alone doing anything illegal. Learn how proxies do give you security, yet can be compromised. Learn how Tor works.

  3. Don't read from white hat websites. These are shitpile havens for idiots. The problem with most people is that they want to appear smart, but only for the sake for impressing others. Most of their shit is later proven wrong (as it eventually has to be since they go around informing too many shitpile noobs who believe everything at face value and can't fucking learn how to filter out noise-to-content). Most of the websites are making money off of adsense, if that helps you at all. DO ORIGINAL FUCKING RESEARCH AND TEST YOUR OWN WORK AND IF YOU CANT LEARN HOW TO FILTER OUT SHIT FROM GOOD THEN YOU WILL NOT GET ANYWHERE.


People are only good at what interests them so pick one or several you like. Someone else can flesh out moar professions here. Again, profession != skill. Skill is up to you and your creativity. A simple programmer can beat out a software engineer if he is more creative. Programmer

Software Engineer | | Vxer


-Understands a programming language, hopefully C or Java -Can help with writing some tools, but fails to understand how to code some things or needs help. -Can read source code of tools and understand them -Should be reading a lot of source code to become better

Software Engineer

-Able to create tools for raids. Very helpful, somewhat common -Able to find simpler exploits, such as XSS -Able to exploit the already discovered


-Highest level of Coder, a virus writer/GOD -Knows Assembly very well. Works from the lowest level, most difficult. -Able to reverse engineer software and discover trade secrets and exploits -Can discover software exploits well/buffer overflows/good ones -rare to non-existent. Needed, but most difficult. This is just to give you an idea of whats out there. This is in no way some kind of theory or application.


At this point everyone knows how to program. Don't be concerned if you are new and you still have more questions. This part of the guide will be the last to teach and cover basics. Often times the problem in /h4ck/ is that there are questions from noobs who just don't know computers or networks work in general. Knowing how to program is the only way to understand how computers AND networks actually work. There are some basics that are needed to be covered.

How Computers Work

If you are really new, just google it and read a simpler guide b4 reading this. Everything occurs at the CPU, essentially. And it is sequential; one at a time. NOTHING on your computer runs simultaneously, even on dual processing because one of those CPU's has to wait for the other to finish :P. It's simply breaking up what one CPU would have done anyway, ONLY IF the programmer designed it for duo core (threading according to that architecture). Often times you can hit ctrl + alt + del and see a process like a game consuming 50% of your CPU because that game, like most every other program to date isn't designed for duo core. ANYWAY, back on subject: Everything in the computer occurs in steps of finite time, ONE by ONE. This time is known as the system clock, which runs at a certain Mhz. Let's say its 133Mhz. However the CPU runs faster, yet on the same clock speed. How? It runs, as set in the BIOS (check yourself), at a multiplication factor of the system clock. So say it runs at 9x (system clock), or 9 x 133Mhz = 1297 or 1.3 Ghz. So the CPU can do 9 operations before System bus (which runs at the speed of the system clock) will be accessed (if needed) to get something from RAM, an HDD, or a device. As a computer user, the only thing you ever do on a computer is play around with the CPU, using an application to do this for you. THE CPU then reads/writes to every thing else in the computer... the CPU controls the rest of the computer. As a programmer you control the CPU much more closer. Obviously you can't do shit on a computer if you don't understand it, and you can see where programming comes in as a need to know. Also, multiple programs ONLY seem to run on a computer simultaneously, but they are, in reality, being given a small fraction of time to run, in a priority queue, then kicked off the CPU by he OS's CPU scheduler, given to the next process in line. For the noob, process = program. Program = simple user level talk. The goal of any hack is to get access to the CPU essentially. Obviously root or and admin account would be prime access to run the best applications BUT if you can inject your own code in there during a user session (often called shell code) to give you such an account or higher level system privilege then you are in.

Languages Control All

A non-interpreted language is compiled directly into executable objects. These are files, often in a particular OS format (Like PE Format for windows). Within this format will be the .text session which contains all of the CPU instructions. This object file, like a .exe on windows, is loaded and given its own id and the CPU scheduler determines when it will be loaded in. System processes are given higher priority, but they pretty much take turn. Windows uses a 32 priority queues. The top 16 belong to system processes. The scheduler starts with the highest number queue and works its way down until it finds a process that needs to run (its status will be set to waiting, as in its waiting to be ran on the CPU.) Otherwise its status will be blocked and it won't run on the CPU because it doesn't need to. Also it could be waiting for I/O, which is relatively VERY slow compared to the CPU. This is where multi-threading comes in. One thread will do I/O so that the entire process isn't blocked. This is how a good DoS tool works too, so that it doesn't do 1 crappy request at a time, but uses many threads for each I/O. The only way you will do anything on a computer is through a process. If you can't write processes, or engineer your own code into one (buffer overflow), then how you can ever claim to be a hacker? There is no flashy program that "hacks", or even a command line tool. And linux has nothing to do with hacking other than the fact you need to know what the fuck to do on a linux box provided you get into one. Would be pretty fail if you get in but have no clue as to what to do. And an OS is all code just the very same way a process is, save for the fact that it is the process which is originally loaded, and takes complete control over all of the computer and only allows other processes to run on time-shares. As a hacker you will always need to do something tailored to your needs, there is no already precompiled solution for everything. And why wouldn't you prefer your own control over the computer instead of an application? Users are forced to use applications in order to get the computer to do what they need. A hacker forces the computer to do what he/she wants it do do based on his/her wants. Of course you are never to re-invent the wheel if what you are doing is sufficient to something else already done, however often times the task at hand holds intricate requirements. For example if you're installing a virus on a machine that you want to it to initiate a DoS at a certain time (maybe :S), you should definitely use a module somewhere already written for that, provided it doesn't trip any AV. No point to re-write something so simple and obviously something incredibly modular like that.

Networking Basics

Protip: A server is a process running on a PORT. The service running on that port is a server. Colloquially a server is a machine, technically it is a service that a client connects to. Basically, it is just: computers running routing software (aka: A ROUTER!) + DNS lol. The internet is a network of networks, interconnected at certain high volume areas. If you and your neighbor are on the same ISP then when you connect to his pc for a game or w/e then you only hop to routers located within that network. Subsequently your traffic will never leave that town. However if the same neighbor was using a different ISP your traffic would prolly be routed to DC, New York, LA, Atlanta, etc some major city where the two ISPs can be traversed there.


Again, the internet is a network of networks. These networks are inter-connected (hence internet!) via routers. Networks like universities and ISPs, which then are routed to much larger networks like level3 for example. The way an IP address works is yes it is like the "virtual address" of your computer. But here's whats worth noting... An IP address is routed (obviously by routers) to its destination based on the IP number itself, and of course the router's following of TCP/IP (using routing tables). Certain organizations are granted blocks of IP addresses, for example Havard was granted the entire (class A) block awhile ago. This obviously isn't done anymore. Routers will forward packets based on the destination IP address until it gets closer and closer. Examining the class A.B.C.D needed. Technically you can setup your own home network and give your machines whatever IP you want, packets will be forwarded based on your routers tables. Obviously this network and its current configuration will never be asked by any other admin from another network if they want to connect the two. A LAN, still running on the same TCP/IP protocol that the internet uses will be use internal IP addresses to route its traffic. These IP addresses are in the format of 192.168.x.x. These do not and are not routable on the internet, they are reserve to route to local area networks. So yes, behind a network when you want to connect to something like you might connect to a printer setup on your home network (if your printer is configured to be accessible over the network, and obviously it will be physically connected to a router...). Most people are given a router/modem combo from their ISP, thus this paragraph explains why your IP address appears to be 192.168.x.x instead of will tell you (which is the external IP address of your router). It's internal IP address will be in the format of 192.168.x.x. Learn more about ARP to get the full picture.


TCP/IP is a suite of protocols. Keep that in mind. It encompasses ones you have most likely heard of: TCP, UDP and IP. Also, IP Address = part of the IP protocol; they follow it and pertain to the rules. Routers do the same so that they can read IP Addresses and forward them correctly. Read a book on TCP/IP. You can sorta skip the ISO network stack and focus on TCP/IP part. Basically, the tl;dr version: [Physical layer][Link Layer][Network Layer][Transport Layer][Application Layer] This describes how data is sent in packets. Each packet has the following layers. Each layer is built in order for each part of the network to forward it to its destination. These layers break up the packet, since it is just data, hence why its called a datagram. Each layer is added by the appropriate software. Now to explain the layers in the order that they are READ: Physical Layer - This layer is read by equipment that telecom companies operate. Like switches, trunks and other boxes in CO stations. We don't really delve into this here :S Link Layer - Typically This is used for how data is transmitted over an ethernet cable. Router can read this, use the MAC address (every device connected to a network has a MAC address, not just NIC cards). This layer contains the MAC address. Network Layer - This is THE IP layer. It contains the destination IP address and source IP address (your IP address). This is what routers will read in order to forward your packet over the internet). They will read and replace each Link Layer inorder to forward them to a the next router, but while any packet is on the internet, this packet is not replace, but it is definitely read at each router. Again, IP Address = THE TCP/IP protocol. Rather, one of the Transport Layer - Typically either TCP or UDP. This layer contains information relevant to the connection. This layer contains the port number, and is only needed to be read at the destination's machine TCP/IP software. However "deep packet inspection" can read this, as well as NAT-routers which have to read it. Anyway, TCP is the connection based protocol, UDP is completely connectionless alone, unless the application simulates a connection using its own rules. Just read over these two in a book, you'll get the complete understanding + PICTURES. Application Layer - The application layer is JUST data for the program that uses the said connection. This data is the content of the connection. The application writes whatever it wants to to this stream and reads all content from it just as though the two weren't connected to the internet. This is how the Layer approach strictly divides and SEPARATES data so that things run smoothly and simply.


Internet Hate Machine + technical expertise = ??? Most likely a website raid. This is not a PA how to hack your ex-gf/stalked victim's PC. You prolly don't even have the capacity to do such anyway :S But that doesn't mean PC hacking is off limits. If you can hack a website's webmasters, developers or mods PC and produce MUCH lulz. The sky's the limit, after all... so nothing is off limits, ever. As an /i/nsurgency we focus on websites, so keep that in mind.


The target is not a web server. The target is the target and anything related to said target. This includes the web server, the staff, the community. Also, rooting != the end all win, not by a long shot. It will last for a couple of hours and be patched up, but none the less its pretty win psychologically. The goal is to cause as much damage as possible, rooting can be done, but it is guaranteed that there are other more actions that will cause much more damage, and lulz than an attack lasting only for a couple of hours. You will really need to know some basic TCP/IP, completely know HTTP and know HTML, and some basic javascript. The js is to help your emulate incase the js is redirecting or modifying something that will end up in a POST request AND for XSS obviously.

HTTP Botting

Highly effective against online communities. These drive the owners, members and devs fucking crazy, costs them a lot of money, and is a constant annoyance. From viewing Moderator forums that a fellow anon hacked in, it was seen that the devs and mods f-u-c-k-i-n-g hate bots. So, when raiding, BOT every thing you can. Always bot the content reporting systems to fuck their ability to report shit up! They will respond with adding a captcha = also win. Then move onto other things, such as their forum, and whatever else can be spammed. Be sure to write RE-USABLE code so that when you from one system to the next, you can write each spammer (which is an HTTP Bot) quickly and easily. Hint: Use object oriented programming, and have an HTTP Bot class which can be extended easily. The steps to botting are fun and simple. Also, provided there is not a very complex CAPTCHA, YOU CAN BOT ANYTHING. As long as your browser can do it, you can bot it. Because botting is just emulating your browser. If you ever run into a problem its because you are not emulating the web browser closely enough. Also allow all of your bots to use tor or some other user specified proxy. 0) Learn HTTP. Read up on this protocol, you'll learn a lot of need-to-know shit

  1. Emulating the target service. Run IE, clear cookies (because your bot prolly won't save cookies once it closes (it will save them and use them of course), and of course, your bot will not initially have any cookies the first run anyway. Now run Fiddler2. Examine the request and responder headers. Ignore any SSL (port 445), images, css. But take note of HTML and JS. Don't read the HTML lol, just copy and paste it into a new .html file on your computer to quickly view it or use Fiddler2's integrated browser. SAVE this for later use.
  2. Now that you have mapped out the details, begin coding. You'll want emulate any POST requests, find the post parameters and anything in the query string. This is how u emulate your requests. Also try to copy certain HTTP request headers, like referer, user agent, and the one that says "Form encoded" is important. However, you should be using something like Mechanize (for perl), or Apache Common's HTTP Client (for java). Something which takes care of handling cookies and emulating a lot of the browser. You won't need to set a lot of those headers because you need to use something like the prior mention to do that for you.
  3. Run your bot, but set your program to use an HTTP Proxy, running on port
  1. This is fiddler2, you'll want it to connect thru that so it can read your bot. Than compare this with your saved copy and see where you are not emulating correctly.
  1. Maintenance - If the target website changes something to break your bot, you will want to use fiddler to see where you bot doesn't correctly mimic IE, by comparing the two Fiddler sessions (1 from IE, and 1 from your bot). Otherwise if they added a CAPTCHA you win. Next would be breaking the captcha OR writing a tool which automates captchas so a fellow /b/tard can solve them to produce lulz Ideally if you can write this as a web app so ppl can just visit the web site instead of d/l something that would be pretty win. But CAPTCHAs are becoming broken more and more every day so look into that.
  2. This isn't the fifth step but, rather a note. You will want your bots to be multithreaded. If they aren't they will only be able to spam one at a time. If they are multi-threaded, you can load several accounts in at a time. Finally you will want to create an auto captcha program. This will bot targets user registration system and allow you to only enter 1 captcha to create a program. Eventually the target might start to check that client isn't running a proxy on port 80, or port 8080. As well as begin ip b& automatically after a certain number of registrations. In this event, you will need to have a LARGE list of GOOD proxies that you can server up on a web server so that your spammer programs can call this list and get a fresh proxy server. You can use a combination of web spiders and wget to build your own proxy list. Also at the time of this writing, there is a current anon project related to just this. Hopefully it will be up indefinetly.

Session Hijacking

-grab cookies -simple take all cookies (just a string), and use Modify Header firefox extension to login as victim


-XSS basics -make sure to hide xss from devs

  • Do not ever submit xss in the form of Alert("whatever"). any user/dev will find this and fix it. Use a combination of grease monkey/FIrebug to set arbitrary DOM objects to arbitrary values that you can test are set. Refer to tools at bottom of this file. -XSS worms

  • an xss worm is one that uses JS to redploy itself. EX: Take a social networking website that has an xss exploit: The exploit allows the attacker to run whatever javascript they want to. so, if they use JS to direct their browser to send a message to someone, or they implant the js into their profile it will spread like a virus. Then give it a timed or triggered payload and BAM, CP on everyone's profile page!

Breaking Captcha

-Some captchas = shit -others are good, like google (yet all are breakable) -Use erosion to filter noise (eats away pixels with little density) -convert to binary image (black and white only) -segment (pull each letter out) -if the words are complete words, use (open an http socket obviously...) to improve accuracy.


-use previously written spammers on target website to profiferate links.


Really need GOOD information on DoS. A lot of retarded shit out there.

Weak Spots

Weak spots to focus on besides just Bandwidth and network software. ex: searches can tap the CPU harder. weaklest link theory: The is a bottleneck somewhere. Find it and exploit that area. If attacking hit the weakest area, thats fundamental to every attack, so it goes with DoS too. There are people whose job it is to tie up these weak areas. This part of text file needs to go over how to find them. Like with teh subeta raid, and how they used the forgot email service.


Tutorial in progress. Expect it to be done in a few days at most.


Using wget to steal thousands of yahoo emails and any other infromation to spider-bot out of them.


For the shitpile noob: NO THERE ARE NO FLASHING PROGRAMS THAT HACK SHIT. THERE ARE NO COMMAND LINE PROGRAMS THAT WILL HACK SHIT LIKE FROM WHAT YOU HAVE SEEN IN A MOVIE. YOU HAVE TO ENGINEER SHIT, THESE TOOLS ARE FOR ENGINEERING.**** Also, the /h4ck/ board should be a good resource if you can initiate a good and, thought provoking conversation about something you have questions on but just don't get from what google tells. Sometimes the answers are out there but they are too good to be simply found on google + too many idiots have websites that can really create a high noise to content ratio, making any good infomration very well hidden. Plus anything you ask which is good can be seen for others who hopefully had the same question, even someone more expereince may brush up on a certain topic posted. But, do not ask stupid shit pile questions like "what can I do with an IP," or ANY windows support questions. Support type questions like "how do i configure [hacking related tool] to do ______" are fine.


Fiddler2: Great HTTP Debugger (the best + free too). It runs as a local HTTP Proxy in so that it can read your http connection. This is completely transparent and your connection is no different, other than the fact that you can read it as well as decrypt HTTPS connections that you normally wouldn't be able to. Your browser will give you a certificate warning. To use this HTTP Proxy with FF and more importantly any http Bots that you write you will need to configure them to connect to an HTTP proxy running on port 8888. Firefox Addons: Modify Headers: You can use this to modifiy the "Cookie" header if you steal someone's cookies from a login based website and you want to login to that session. Firebug: Find the DOM inspector. Also, lots of helpful tools that are needed. A personal trick of mine for finding XSS is to have the JS set some random object you see in DOM to something like 555, then use Grease Monkey to check if that value is equal to 555 and have your greasemonkey script do an alert("XSS found"). BECAUSE YOU DO NOT WANT THE ENEMY DEVS TO FIND YOUR XSS. Proxy Checker


The following links have been checked and cleared for not containing stupid shit. That is, you will not become more of a retard by visiting these websites, unlike certain websites. Whats worse than not knowing is thinking that you know something, having spent time learning it, and just being a fucking retard for having believed it at face value and been spoon fed utter crap, then sharing it and passing it on as "real inforomation" to others. So, here be good links, don't edit in links from crap websites with utter shit: Great website for VX scene. rather, the only one lulz. mostly old zines, but some good reads again old, but might as well go over some history

Reference Very useful reference.


Last tips to reiterate:

  • you must know how computers/networking work. You must learn how to program for that to happen since OS = software. What you want to hack = software.
  • stop reading white hat websites for any information. Do your own research.
  • do not work your way up the irc. MODS = FAGS
  • stay the fuck anonymous. In the end, Anonymous is for hackers, other than solo. The two just fucking go together. Don't ruin it with namefagging and don't ruin your life in jail because you made a mistake. Party van dox people just like we do... start with a screen name. But they have access to much better infos than we do. As for the party van... and all other namefags who write disclaimers regarding their text file as being for educational purposes only: Fuck em. We are Anonymous. We are Legion. We do not Forgive. We do not Forget.

Bibliotheca Anonoma

Note: This wiki has moved to a new website. Please update your links.


Check the Workroom for content we're still reviewing.





Website Archives


Clone this wiki locally
You can’t perform that action at this time.