The following relates to the last released version of AOHell, version 3.0 beta 5 (September, 1995). This program spawned a countless number of phishing and hacking tools and contains the first known reference to “phishing.” The Fisher/Phisher was introduced in an early 2.0 beta release around January-February 1995. Read more here.
AOHell was about more than phishing. The program could create free, fake accounts back when it cost several dollars per hour of online time. If the user wasn’t comfortable making a fake account, they could still use most AOL functions for free via another exploit that AOHell took advantage of. Aside from this, AOHell provided many utilities and other fun hacks. It was built for and targeted to the teenager community on AOL.
readmoi.zip – link
Contains the installed readme file. The Fisher section is towards the bottom. (language warning)
aohelp.zip – link
Contains the installed Windows help file. See these instructions for viewing on a modern Windows system.
aohell.zip – link (password: 1234)
Contains the installed program executable. The stored strings in the raw file data can be searched (eg. “Phishing”). This is a 16-bit Windows executable and it cannot be run independently.
The file aohell.exe has SHA-256 (f55710d64e46b48ce874e87397ab1e8dee376ac0a2fc3c62860565a1e6548bba)
aoh30b5.zip – link
Contains the program’s installer. This installs the full program. Most functions require the America Online client to be running and signed-in. Requires Windows 3.1/95/98. You can use a Virtualbox image like this or like this one to install and run the program.
The file install.exe has SHA-256 (450a6a8c595e1d946763821a49993d9a75c9bd518f215afa6b6fe2108f72887f)
When the user clicks Help on the Fisher window, they are given these instructions.
Based off the banks and prefixes listed in the DOS program CMaster, the hacker/programmer Rizzer wrote a credit card generator following the Luhn algorithm. Rizzer’s code was a major contribution to AOHell. I added the info generator and graphics to make Credit Wizard. The info generator could randomly create hundreds of unique first/last name pairs, along with randomly generated addresses with matching zip, area codes and states. I took the street names from the Greensboro, NC phone book. These functions were the basis for the Fake Account Creator, which was released in a later version of AOHell.
From April to August of 1995, this was used to create tens of thousands of fake accounts. A user simply had to click a couple of buttons and AOHell would automatically create a fake account using generated credit card and fake-person information. The whole process took less than 30 seconds. AOL was aware of their weak security but was reluctant to fix issues as it helped their growth numbers on paper.
AOHell included Karl Albrecht’s KTEncrypt, making it one of the earliest graphical programs to offer easy encryption of text and emails.
AOHell may have contained the first Windows remote exploit/backdoor. It monitored the chat windows for an encrypted command string that only I could send. At some point, AOL started stripping 8-bit characters to 7-bit, which totally corrupted these strings. I only remember trying to use it once, and it failed because of this. I later released this (broken) tool to the public, bragging that I had used it the whole time.
Some of the most popular features of AOHell were very simple, like these macros which would scroll huge ASCII art in the chat rooms. One paints a giant middle finger graphic, and another one hurls random “Yo Mamma” insults, which were popular in the 1990s USA.
Hacker/programmer Zoop created the Elite Talker, which transforms what you type into leetspeak to send to the AOL chatroom. This inspired the popular “faders” that came later.
You’ve got to admire the hacker ethic in a certain way, because it’s how things get done…how holes get patched.
Producer of AOL’s MacWorld
If a Visual Basic program can automate hitting this key and hitting that key, the blame should be on AOL for allowing a certain keystroke to be hit… They should think of AOHell as a blessing. Since they know about it, they know that they have a fault in their system.
Chris Flores, Microsoft Developer Division, 1996