Getting Started with HackMud

Combining the text-based excitement of classic BBS systems and the MUDs and MOOs which predated today’s globe-spanning MMO games and the betrayal-laced corporate infighting of EVE Online, HackMud has presented a very unique take on the video gaming genre, one where elaborate traps and social engineering are invaluable tools of the trade.

Though the game has a tutorial, the difficulty of which (almost) prepares players for the wide-open difficulty of the game ahead of them, after completion the game leaves you with no money, no utilities, and nowhere to begin. Best of luck!

I wanted to create this HackMud “quickstart” guide not to spoil anything, but to put my few hours of playing to good use when it comes to helping others. Instead of a highly-technical examination of what makes for a good lock-cracking script, I’m going to focus on the discovery of targets and how to find caches of credits to plunder.

When starting out, you don’t want to run scripts that are less than “FULLSEC”-rated, meaning they can’t contain malicious code. Check a script’s security level by typing scripts.get_level {script:”[SCRIPTNAME”]} , and make sure to re-check even commonly-used scripts from time to time to make sure nothing malicious has been slipped in. One of the most useful scripts for you is the one that lists potential target zones:

! scripts.fullsec

This will return a large array of relatively-safe areas to check for abandoned credit accounts. Choosing one at random, I want to investigate what hosts are available therein. To do so I have to join the corresponding chat channel and look for fullsec scripts inside:

! chats.join {channel:“K_8382”}
! scripts.fullsec {sector:“K_8382”}
! chats.leave {channel:“K_8382”}

No use hanging around in empty chat channels, so I leave after discovering a potential find. Anything that ends in “.public” is a great place to start, but other scripts and hosts can be just as, if not more, valuable. If after a few tries you can’t find a .public host, it’s okay to ask in the “0000” chat channel for help, but make sure to run get_level on any script they encourage you to run – can’t ever be too safe!

Presuming you have found a good .public host, you’ll likely be presented with something akin to the following text, with a nice ASCII logo:

! company.public
Welcome to the [CORPORATION] public information script. Please refrain from engaging in criminal activity.
happening | our_mission |

Already that’s given us some information; “happening” is likely their news feed, from which we can get project names, and the “our_mission” page likely gives us other key data required to go further. However, we still don’t have enough information to proceed, and so we need to run one more command, which should give us output similar to the following:

! company.public {}
Please specify a command with navigation:”“– access directory with navigation:”list”

Bingo! now we know the key/value pair syntax required by this host to issue commands, and what page will hold our paydata (“list”). Every good hack begins with doing recon on the company, so let’s open up their mission statement. Amid the corporate marketing speak that spits out at us we’re likely to notice a key phrase that stands out, something akin to a corporate motto or strategy title, and we’ll want to write that down:

! company.public {navigation:“our_mission”}
…[corporate blah blah]…
We are calling this strategy plantowin and we will continue to strive to deliver on this promise.

See that “plantowin” above? That’s going to be very useful. Next we open up their blog/update page and look for interesting-looking project names. The list below is heavily truncated, mainly because corporate news feeds can be many screens long, and not every line has something of interest. Again, your goal is to find project names:

! company.public {navigation:“happening”}
2058AD D108
101010 announces beta testing period starting today.
2058AD D92
The internal development team has announced the release date for dev_nul.
2057AD D272
Following critical review of Ap_calypse, the project has been cancelled.

In the above example we see three project names; though they aren’t highlighted or stand out in any way, you’ll soon get used to picking them out of the large dataset. We have “101010“, “dev_nul“, and “Ap_calypse“. Now is the time to put all of the information we’ve gathered so far to use. With the corporate motto and project lists in hand, let’s go digging:

! corporation.public {navigation:“list”,password:“plantowin”}
No password specified.

Just like each company uses different ways of browsing their files (“navigation”, “list”, “page” or similar), each has a different way of specifying the password. “No password specified” means that instead of “password” this company may instead use “pass” or “p”. Note that this error is very different from “Incorrect password,” which means you have the syntax correct but the wrong password.

In this case, the correct syntax is as follows, and prompts us to specify a project name:

! corporation.public {navigation:“list”,p:“plantowin”}
Authenticated. Please specify a project to get a member list.
! company.public {navigation:“list”,p:“plantowin”,project:“101010”}
abndnd_j7afbf.public_5guaeb
anonymous_p2grr4.pub_info_q6us3c
unidentified_c9bnbr.out_rkpmbd
-autocomplete added-

It looks like project “101010” has three accounts available for plundering! With this same technique we can investigate the other projects we found in the corporate news feed. The “autocomplete added” text shows that you won’t have to type out the whole name to attempt a connection to these accounts, and can use tab-completion to make the process much faster.

I said above that this post wasn’t going to be about picking locks or breaking into secure systems, and I’m going to hold to that, but I will show an example of a successful hack and the rewards that can be granted from it. Hacking these accounts requires you to be connected through a hardline, which has a strict time limit but gives you a cool new screen and kickin’ music. Get everything set to go and let your fingers fly!

! kernel.hardline
-hardline active-
! unidentified_c9bnbr.out_rkpmbd {}
LOCK_ERROR
Denied access by CORE EZ_21 lock.

! unidentified_c9bnbr.out_rkpmbd {EZ_21:“open”}
LOCK_UNLOCKED
Received 55k636GC from unidentified_c9bnbr

All of the hosts/agents you can find through the above method are called “Tier 1” agents and represent the easiest, and least profitable, accounts to hack. Sometimes you can find .public company pages after following a thread started elsewhere, in that digging deep enough may net you the name of a new company’s public site that isn’t mentioned anywhere else.

All of the T1 corporation accounts reset every day at 00:00 UTC, with new variables – meaning if you record a particular page, password, and project name one day, it likely won’t be valid the next. Advanced players have found ways to automate the obtaining of account names, and even the unlocking of them, and so often the basic T1 accounts are all empty after a few hours. The ones you track down and dig through a few levels to find however, those are unlikely to be so easily found by others and so can still contain riches.

I genuinely hope you’ve found this guide useful, and if so, please feel free to tip me some GC in-game with the following command: