home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
texts
/
anarchy_text_a-l
/
anarchy3.txt
< prev
next >
Wrap
Text File
|
1991-03-04
|
77KB
|
1,681 lines
3333333333333333333333333333333333333333333333333333333333333333
33 Chapter Three - "Hacking" 33
3333333333333333333333333333333333333333333333333333333333333333
< Part I - From Phrack Magazine >
The following two files are from Phrack Magazine. I just want to let them
know that I didn't touch 'em in the slightest. Thanks guys, for letting me
put them in here.
Hacking is one of the greatest of computer arts. Real hackers are for the
free distribution of all information. They hack, not to cause damage, but
to enlighten themselves and others. They even have their own "hacker's
ethic" that proclaims the rules of computer hacking.
There are SO many text files on hacking that I couldn't possibly put them
all in here. So I just put in a couple with the pure basics to highten
the beginner's curiosity and refresh the expert's memory.
Author: Mentor
~~~~~~~~~~~~~~
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
==Phrack Inc.==
Volume Two, Issue 22, File 4 of 12
+++++++++++++++++++++++++++++++++++++++++++++++++
| The LOD/H Presents |
++++++++++++++++ ++++++++++++++++
A Novice's Guide to Hacking- 1989 edition /
========================================= /
by /
The Mentor /
Legion of Doom/Legion of Hackers /
/
December, 1988 /
Merry Christmas Everyone! /
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/
The author hereby grants permission to reproduce, redistribute, or include this
file in your g-file section, electronic or print newletter, or any other form
of transmission that you choose, as long as it is kept intact and whole, with
no ommissions, deletions, or changes.
(C) The Mentor- Phoenix Project Productions 1988,1989 512/441-3088
Introduction: The State of the Hack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After surveying a rather large g-file collection, my attention was drawn to the
fact that there hasn't been a good introductory file written for absolute
beginners since back when Mark Tabas was cranking them out (and almost
*everyone* was a beginner!) The Arts of Hacking and Phreaking have changed
radically since that time, and as the 90's approach, the hack/phreak community
has recovered from the Summer '87 busts (just like it recovered from the Fall
'85 busts, and like it will always recover from attempts to shut it down), and
the progressive media (from Reality Hackers magazine to William Gibson and
Bruce Sterling's cyberpunk fables of hackerdom) is starting to take notice
of us for the first time in recent years in a positive light.
Unfortunately, it has also gotten more dangerous since the early 80's. Phone
cops have more resources, more awareness, and more intelligence than they
exhibited in the past. It is becoming more and more difficult to survive as a
hacker long enough to become skilled in the art. To this end this file is
dedicated. If it can help someone get started, and help them survive to
discover new systems and new information, it will have served it's purpose, and
served as a partial repayment to all the people who helped me out when was a
beginner.
Contents
~~~~~~~~
This file will be divided into four parts:
Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety
Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it,
Outdials, Network Servers, Private PADs
Part 3: Identifying a Computer, How to Hack In, Operating System Defaults
Part 4: Conclusion; Final Thoughts, Books to Read, Boards to Call,
Acknowledgements
Part One: The Basics
~~~~~~~~~~~~~~~~~~~~~
As long as there have been computers, there have been hackers. In the 50's at
the Massachusets Institute of Technology (MIT), students devoted much time and
energy to ingenious exploration of the computers. Rules and the law were
disregarded in their pursuit for the 'hack.' Just as they were enthralled with
their pursuit of information, so are we. The thrill of the hack is not in
breaking the law, it's in the pursuit and capture of knowledge.
To this end, let me contribute my suggestions for guidelines to follow to
ensure that not only you stay out of trouble, but you pursue your craft without
damaging the computers you hack into or the companies who own them.
I. Do not intentionally damage *any* system.
II. Do not alter any system files other than ones needed to ensure your
escape from detection and your future access (Trojan Horses, Altering
Logs, and the like are all necessary to your survival for as long as
possible).
III. Do not leave your (or anyone else's) real name, real handle, or real
phone number on any system that you access illegally. They *can* and
will track you down from your handle!
IV. Be careful who you share information with. Feds are getting trickier
Generally, if you don't know their voice phone number, name, and
occupation or haven't spoken with them voice on non-info trading
conversations, be wary.
V. Do not leave your real phone number to anyone you don't know. This
includes logging on boards, no matter how k-rad they seem. If you don't
know the sysop, leave a note telling some trustworthy people that will
validate you.
VI. Do not hack government computers. Yes, there are government systems that
are safe to hack, but they are few and far between. And the government
has inifitely more time and resources to track you down than a company
who has to make a profit and justify expenses.
VII. Don't use codes unless there is *NO* way around it (you don't have a
local telenet or tymnet outdial and can't connect to anything 800). You
use codes long enough, you will get caught. Period.
VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law.
It doesn't hurt to store everything encrypted on your hard disk, or
keep your notes buried in the backyard or in the trunk of your car. You
may feel a little funny, but you'll feel a lot funnier when you when you
meet Bruno, your transvestite cellmate who axed his family to death.
IX. Watch what you post on boards. Most of the really great hackers in the
country post *nothing* about the system they're currently working except
in the broadest sense (I'm working on a UNIX, or a COSMOS, or something
generic. Not "I'm hacking into General Electric's Voice Mail
System" or something inane and revealing like that).
X. Don't be afraid to ask questions. That's what more experienced hackers
are for. Don't expect *everything* you ask to be answered, though.
There are some things (LMOS, for instance) that a begining hacker
shouldn't mess with. You'll either get caught, or screw it up for
others, or both.
XI. Finally, you have to actually hack. You can hang out on boards all you
want, and you can read all the text files in the world, but until you
actually start doing it, you'll never know what it's all about. There's
no thrill quite the same as getting into your first system (well, ok, I
can think of a couple of bigger thrills, but you get the picture).
One of the safest places to start your hacking career is on a computer system
belonging to a college. University computers have notoriously lax security,
and are more used to hackers, as every college computer department ment has one
or two, so are less likely to press charges if you should be detected. But the
odds of them detecting you and having the personel to committ to tracking you
down are slim as long as you aren't destructive.
If you are already a college student, this is ideal, as you can legally explore
your computer system to your heart's desire, then go out and look for similar
systems that you can penetrate with confidence, as you're already
familar with them.
So if you just want to get your feet wet, call your local college. Many of
them will provide accounts for local residents at a nominal (under $20) charge.
Finally, if you get caught, stay quiet until you get a lawyer. Don't volunteer
any information, no matter what kind of 'deals' they offer you. Nothing is
binding unless you make the deal through your lawyer, so you might as well shut
up and wait.
Part Two: Networks
~~~~~~~~~~~~~~~~~~~
The best place to begin hacking (other than a college) is on one of the
bigger networks such as Telenet. Why? First, there is a wide variety of
computers to choose from, from small Micro-Vaxen to huge Crays. Second, the
networks are fairly well documented. It's easier to find someone who can help
you with a problem off of Telenet than it is to find assistance concerning your
local college computer or high school machine. Third, the networks are safer.
Because of the enormous number of calls that are fielded every day by the big
networks, it is not financially practical to keep track of where every call and
connection are made from. It is also very easy to disguise your location using
the network, which makes your hobby much more secure.
Telenet has more computers hooked to it than any other system in the world once
you consider that from Telenet you have access to Tymnet, ItaPAC, JANET,
DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of
which you can connect to from your terminal.
The first step that you need to take is to identify your local dialup port.
This is done by dialing 1-800-424-9494 (1200 7E1) and connecting. It will
spout some garbage at you and then you'll get a prompt saying 'TERMINAL= '.
This is your terminal type. If you have vt100 emulation, type it in now. Or
just hit return and it will default to dumb terminal mode.
You'll now get a prompt that looks like a @. From here, type @c mail <cr> and
then it will ask for a Username. Enter 'phones' for the username. When it
asks for a password, enter 'phones' again. From this point, it is menu driven.
Use this to locate your local dialup, and call it back locally. If you don't
have a local dialup, then use whatever means you wish to connect to one long
distance (more on this later).
When you call your local dialup, you will once again go through the TERMINAL=
stuff, and once again you'll be presented with a @. This prompt lets you know
you are connected to a Telenet PAD. PAD stands for either Packet
Assembler/Disassembler (if you talk to an engineer), or Public Access Device
(if you talk to Telenet's marketing people.) The first description is more
correct.
Telenet works by taking the data you enter in on the PAD you dialed into,
bundling it into a 128 byte chunk (normally... this can be changed), and then
transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who
then takes the data and hands it down to whatever computer or system it's
connected to. Basically, the PAD allows two computers that have different baud
rates or communication protocols to communicate with each other over a long
distance. Sometimes you'll notice a time lag in the remote machines response.
This is called PAD Delay, and is to be expected when you're sending data
through several different links.
What do you do with this PAD? You use it to connect to remote computer
systems by typing 'C' for connect and then the Network User Address (NUA) of
the system you want to go to.
An NUA takes the form of 031103130002520
\___/\___/\___/
| | |
| | |____ network address
| |_________ area prefix
|______________ DNIC
This is a summary of DNIC's (taken from Blade Runner's file on ItaPAC)
according to their country and network name.
DNIC Network Name Country DNIC Network Name Country
_______________________________________________________________________________
|
02041 Datanet 1 Netherlands | 03110 Telenet USA
02062 DCS Belgium | 03340 Telepac Mexico
02080 Transpac France | 03400 UDTS-Curacau Curacau
02284 Telepac Switzerland | 04251 Isranet Israel
02322 Datex-P Austria | 04401 DDX-P Japan
02329 Radaus Austria | 04408 Venus-P Japan
02342 PSS UK | 04501 Dacom-Net South Korea
02382 Datapak Denmark | 04542 Intelpak Singapore
02402 Datapak Sweden | 05052 Austpac Australia
02405 Telepak Sweden | 05053 Midas Australia
02442 Finpak Finland | 05252 Telepac Hong Kong
02624 Datex-P West Germany | 05301 Pacnet New Zealand
02704 Luxpac Luxembourg | 06550 Saponet South Africa
02724 Eirpak Ireland | 07240 Interdata Brazil
03020 Datapac Canada | 07241 Renpac Brazil
03028 Infogram Canada | 09000 Dialnet USA
03103 ITT/UDTS USA | 07421 Dompac French Guiana
03106 Tymnet USA |
There are two ways to find interesting addresses to connect to. The first and
easiest way is to obtain a copy of the LOD/H Telenet Directory from the LOD/H
Technical Journal 4 or 2600 Magazine. Jester Sluggo also put out a good list
of non-US addresses in Phrack Inc. Newsletter Issue 21. These files will tell
you the NUA, whether it will accept collect calls or not, what type of computer
system it is (if known) and who it belongs to (also if known.)
The second method of locating interesting addresses is to scan for them
manually. On Telenet, you do not have to enter the 03110 DNIC to connect to a
Telenet host. So if you saw that 031104120006140 had a VAX on it you wanted to
look at, you could type @c 412 614 (0's can be ignored most of the time).
If this node allows collect billed connections, it will say 412 614 CONNECTED
and then you'll possibly get an identifying header or just a Username: prompt.
If it doesn't allow collect connections, it will give you a message such as 412
614 REFUSED COLLECT CONNECTION with some error codes out to the right, and
return you to the @ prompt.
There are two primary ways to get around the REFUSED COLLECT message. The
first is to use a Network User Id (NUI) to connect. An NUI is a username/pw
combination that acts like a charge account on Telenet. To collect to node
412 614 with NUI junk4248, password 525332, I'd type the following:
@c 412 614,junk4248,525332 <---- the 525332 will *not* be echoed to the
screen. The problem with NUI's is that they're hard to come by unless you're a
good social engineer with a thorough knowledge of Telenet (in which case you
probably aren't reading this section), or you have someone who can provide you
with them.
The second way to connect is to use a private PAD, either through an X.25 PAD
or through something like Netlink off of a Prime computer (more on these two
below).
The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area
Code that the computer is located in (i.e. 713 xxx would be a computer in
Houston, Texas). If there's a particular area you're interested in, (say, New
York City 914), you could begin by typing @c 914 001 <cr>. If it connects, you
make a note of it and go on to 914 002. You do this until you've found some
interesting systems to play with.
Not all systems are on a simple xxx yyy address. Some go out to four or five
digits (914 2354), and some have decimal or numeric extensions (422 121A = 422
121.01). You have to play with them, and you never know what you're going to
find. To fully scan out a prefix would take ten million attempts per prefix.
For example, if I want to scan 512 completely, I'd have to start with 512
00000.00 and go through 512 00000.99, then increment the address by 1 and try
512 00001.00 through 512 00001.99. A lot of scanning. There are plenty of
neat computers to play with in a 3-digit scan, however, so don't go berserk
with the extensions.
Sometimes you'll attempt to connect and it will just be sitting there after one
or two minutes. In this case, you want to abort the connect attempt by sending
a hard break (this varies with different term programs, on Procomm, it's
ALT-B), and then when you get the @ prompt back, type 'D' for disconnect.
If you connect to a computer and wish to disconnect, you can type <cr> @ <cr>
and you it should say TELENET and then give you the @ prompt. From there, type
D to disconnect or CONT to re-connect and continue your session uninterrupted.
Outdials, Network Servers, and PADs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to computers, an NUA may connect you to several other things. One
of the most useful is the outdial. An outdial is nothing more than a modem
you can get to over telenet -- similar to the PC Pursuit concept, except that
these don't have passwords on them most of the time.
When you connect, you will get a message like 'Hayes 1200 baud outdial,
Detroit, MI', or 'VEN-TEL 212 Modem', or possibly 'Session 1234 established on
Modem 5588.' The best way to figure out the commands on these is to type ? or
H or HELP -- this will get you all the information that you need to use one.
Safety tip here -- when you are hacking *any* system through a phone dialup,
always use an outdial or a diverter, especially if it is a local phone number
to you. More people get popped hacking on local computers than you can
imagine, Intra-LATA calls are the easiest things in the world to trace
inexpensively.
Another nice trick you can do with an outdial is use the redial or macro
function that many of them have. First thing you do when you connect is to
invoke the 'Redial Last Number' facility. This will dial the last number used,
which will be the one the person using it before you typed. Write down the
number, as no one would be calling a number without a computer on it. This is
a good way to find new systems to hack. Also, on a VENTEL modem, type 'D' for
Display and it will display the five numbers stored as macros in the modem's
memory.
There are also different types of servers for remote Local Area Networks (LAN)
that have many machine all over the office or the nation connected to them.
I'll discuss identifying these later in the computer ID section.
And finally, you may connect to something that says 'X.25 Communication PAD'
and then some more stuff, followed by a new @ prompt. This is a PAD just like
the one you are on, except that all attempted connections are billed to the
PAD, allowing you to connect to those nodes who earlier refused collect
connections.
This also has the added bonus of confusing where you are connecting from. When
a packet is transmitted from PAD to PAD, it contains a header that has the
location you're calling from. For instance, when you first connected to
Telenet, it might have said 212 44A CONNECTED if you called from the 212 area
code. This means you were calling PAD number 44A in the 212 area. That 21244A
will be sent out in the header of all packets leaving the PAD.
Once you connect to a private PAD, however, all the packets going out from *it*
will have it's address on them, not yours. This can be a valuable buffer
between yourself and detection.
Phone Scanning
~~~~~~~~~~~~~~
Finally, there's the time-honored method of computer hunting that was made
famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie
Wargames. You pick a three digit phone prefix in your area and dial every
number from 0000 --> 9999 in that prefix, making a note of all the carriers you
find. There is software available to do this for nearly every computer in the
world, so you don't have to do it by hand.
Part Three: I've Found a Computer, Now What?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This next section is applicable universally. It doesn't matter how you found
this computer, it could be through a network, or it could be from carrier
scanning your High School's phone prefix, you've got this prompt this prompt,
what the hell is it?
I'm *NOT* going to attempt to tell you what to do once you're inside of any of
these operating systems. Each one is worth several G-files in its own right.
I'm going to tell you how to identify and recognize certain OpSystems, how to
approach hacking into them, and how to deal with something that you've never
seen before and have know idea what it is.
VMS - The VAX computer is made by Digital Equipment Corporation (DEC), and
runs the VMS (Virtual Memory System) operating system. VMS is
characterized by the 'Username:' prompt. It will not tell you if
you've entered a valid username or not, and will disconnect you
after three bad login attempts. It also keeps track of all failed
login attempts and informs the owner of the account next time s/he
logs in how many bad login attempts were made on the account. It is
one of the most secure operating systems around from the outside,
but once you're in there are many things that you can do to
circumvent system security. The VAX also has the best set of help
files in the world. Just type HELP and read to your heart's
content.
Common Accounts/Defaults: [username: password [[,password]]]
SYSTEM: OPERATOR or MANAGER or SYSTEM or SYSLIB
OPERATOR: OPERATOR
SYSTEST: UETP
SYSMAINT: SYSMAINT or SERVICE or DIGITAL
FIELD: FIELD or SERVICE
GUEST: GUEST or unpassworded
DEMO: DEMO or unpassworded
DECNET: DECNET
DEC-10 - An earlier line of DEC computer equipment, running the TOPS-10
operating system. These machines are recognized by their '.'
prompt. The DEC-10/20 series are remarkably hacker-friendly,
allowing you to enter several important commands without ever
logging into the system. Accounts are in the format [xxx,yyy]
where xxx and yyy are integers. You can get a listing of the
accounts and the process names of everyone on the system before
logging in with the command .systat (for SYstem STATus). If you
seen an account that reads [234,1001] BOB JONES, it might be wise
to try BOB or JONES or both for a password on this account. To
login, you type .login xxx,yyy and then type the password when
prompted for it.
The system will allow you unlimited tries at an account, and does
not keep records of bad login attempts. It will also inform you if
the UIC you're trying (UIC = User Identification Code, 1,2 for
example) is bad.
Common Accounts/Defaults:
1,2: SYSLIB or OPERATOR or MANAGER
2,7: MAINTAIN
5,30: GAMES
UNIX - There are dozens of different machines out there that run UNIX.
While some might argue it isn't the best operating system in the
world, it is certainly the most widely used. A UNIX system will
usually have a prompt like 'login:' in lower case. UNIX also will
give you unlimited shots at logging in (in most cases), and there is
usually no log kept of bad attempts.
Common Accounts/Defaults: (note that some systems are case
sensitive, so use lower case as a general rule. Also, many times
the accounts will be unpassworded, you'll just drop right in!)
root: root
admin: admin
sysadmin: sysadmin or admin
unix: unix
uucp: uucp
rje: rje
guest: guest
demo: demo
daemon: daemon
sysbin: sysbin
Prime - Prime computer company's mainframe running the Primos operating
system. The are easy to spot, as the greet you with 'Primecon
18.23.05' or the like, depending on the version of the operating
system you run into. There will usually be no prompt offered, it
will just look like it's sitting there. At this point, type 'login
<username>'. If it is a pre-18.00.00 version of Primos, you can hit
a bunch of ^C's for the password and you'll drop in. Unfortunately,
most people are running versions 19+. Primos also comes with a good
set of help files. One of the most useful features of a Prime on
Telenet is a facility called NETLINK. Once you're inside, type
NETLINK and follow the help files. This allows you to connect to
NUA's all over the world using the 'nc' command.
For example, to connect to NUA 026245890040004, you would type
@nc :26245890040004 at the netlink prompt.
Common Accounts/Defaults:
PRIME PRIME or PRIMOS
PRIMOS_CS PRIME or PRIMOS
PRIMENET PRIMENET
SYSTEM SYSTEM or PRIME
NETLINK NETLINK
TEST TEST
GUEST GUEST
GUEST1 GUEST
HP-x000 - This system is made by Hewlett-Packard. It is characterized by the
':' prompt. The HP has one of the more complicated login sequneces
around -- you type 'HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP'.
Fortunately, some of these fields can be left blank in many cases.
Since any and all of these fields can be passworded, this is not the
easiest system to get into, except for the fact that there are
usually some unpassworded accounts around. In general, if the
defaults don't work, you'll have to brute force it using the common
password list (see below.) The HP-x000 runs the MPE operating
system, the prompt for it will be a ':', just like the logon prompt.
Common Accounts/Defaults:
MGR.TELESUP,PUB User: MGR Acct: HPONLYG rp: PUB
MGR.HPOFFICE,PUB unpassworded
MANAGER.ITF3000,PUB unpassworded
FIELD.SUPPORT,PUB user: FLD, others unpassworded
MAIL.TELESUP,PUB user: MAIL, others unpassworded
MGR.RJE unpassworded
FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96 unpassworded
MGR.TELESUP,PUB,HPONLY,HP3 unpassworded
IRIS - IRIS stands for Interactive Real Time Information System. It
originally ran on PDP-11's, but now runs on many other minis. You
can spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing'
banner, and the ACCOUNT ID? prompt. IRIS allows unlimited tries at
hacking in, and keeps no logs of bad attempts. I don't know any
default passwords, so just try the common ones from the password
database below.
Common Accounts:
MANAGER
BOSS
SOFTWARE
DEMO
PDP8
PDP11
ACCOUNTING
VM/CMS - The VM/CMS operating system runs in International Business Machines
(IBM) mainframes. When you connect to one of these, you will get
message similar to 'VM/370 ONLINE', and then give you a '.' prompt,
just like TOPS-10 does. To login, you type 'LOGON <username>'.
Common Accounts/Defaults are:
AUTOLOG1: AUTOLOG or AUTOLOG1
CMS: CMS
CMSBATCH: CMS or CMSBATCH
EREP: EREP
MAINT: MAINT or MAINTAIN
OPERATNS: OPERATNS or OPERATOR
OPERATOR: OPERATOR
RSCS: RSCS
SMART: SMART
SNA: SNA
VMTEST: VMTEST
VMUTIL: VMUTIL
VTAM: VTAM
NOS - NOS stands for Networking Operating System, and runs on the Cyber
computer made by Control Data Corporation. NOS identifies itself
quite readily, with a banner of 'WELCOME TO THE NOS SOFTWARE SYSTEM.
COPYRIGHT CONTROL DATA 1978,1987.' The first prompt you will get
will be FAMILY:. Just hit return here. Then you'll get a USER
NAME: prompt. Usernames are typically 7 alpha-numerics characters
long, and are *extremely* site dependent. Operator accounts begin
with a digit, such as 7ETPDOC.
Common Accounts/Defaults:
$SYSTEM unknown
SYSTEMV unknown
Decserver- This is not truly a computer system, but is a network server that
has many different machines available from it. A Decserver will say
'Enter Username>' when you first connect. This can be anything, it
doesn't matter, it's just an identifier. Type 'c', as this is the
least conspicuous thing to enter. It will then present you with a
'Local>' prompt. From here, you type 'c <systemname>' to connect to
a system. To get a list of system names, type 'sh services' or 'sh
nodes'. If you have any problems, online help is available with the
'help' command. Be sure and look for services named 'MODEM' or
'DIAL' or something similar, these are often outdial modems and can
be useful!
GS/1 - Another type of network server. Unlike a Decserver, you can't
predict what prompt a GS/1 gateway is going to give you. The
default prompt it 'GS/1>', but this is redifinable by the system
administrator. To test for a GS/1, do a 'sh d'. If that prints out
a large list of defaults (terminal speed, prompt, parity, etc...),
you are on a GS/1. You connect in the same manner as a Decserver,
typing 'c <systemname>'. To find out what systems are available, do
a 'sh n' or a 'sh c'. Another trick is to do a 'sh m', which will
sometimes show you a list of macros for logging onto a system. If
there is a macro named VAX, for instance, type 'do VAX'.
The above are the main system types in use today. There are
hundreds of minor variants on the above, but this should be enough
to get you started.
Unresponsive Systems
~~~~~~~~~~~~~~~~~~~~
Occasionally you will connect to a system that will do nothing, but sit there.
This is a frustrating feeling, but a methodical approach to the system will
yield a response if you take your time. The following list will usually make
*something* happen.
1) Change your parity, data length, and stop bits. A system that won't
respond at 8N1 may react at 7E1 or 8E2 or 7S2. If you don't have a term
program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,
with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.
While having a good term program isn't absolutely necessary, it sure is
helpful.
2) Change baud rates. Again, if your term program will let you choose odd
baud rates such as 600 or 1100, you will occasionally be able to penetrate
some very interesting systems, as most systems that depend on a strange
baud rate seem to think that this is all the security they need...
3) Send a series of <cr>'s.
4) Send a hard break followed by a <cr>.
5) Type a series of .'s (periods). The Canadian network Datapac responds to
this.
6) If you're getting garbage, hit an 'i'. Tymnet responds to this, as does a
MultiLink II.
7) Begin sending control characters, starting with ^A --> ^Z.
8) Change terminal emulations. What your vt100 emulation thinks is garbage
may all of a sudden become crystal clear using ADM-5 emulation. This also
relates to how good your term program is.
9) Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,
JOIN, HELP, and anything else you can think of.
10) If it's a dialin, call the numbers around it and see if a company answers.
If they do, try some social engineering.
Brute Force Hacking
~~~~~~~~~~~~~~~~~~~
There will also be many occasions when the default passwords will not work on
an account. At this point, you can either go onto the next system on your
list, or you can try to 'brute-force' your way in by trying a large database of
passwords on that one account. Be careful, though! This works fine on systems
that don't keep track of invalid logins, but on a system like a VMS, someone is
going to have a heart attack if they come back and see '600 Bad Login Attempts
Since Last Session' on their account. There are also some operating systems
that disconnect after 'x' number of invalid login attempts and refuse to allow
any more attempts for one hour, or ten minutes, or sometimes until the next
day.
The following list is taken from my own password database plus the database of
passwords that was used in the Internet UNIX Worm that was running around in
November of 1988. For a shorter group, try first names, computer terms, and
obvious things like 'secret', 'password', 'open', and the name of the account.
Also try the name of the company that owns the computer system (if known), the
company initials, and things relating to the products the company makes or
deals with.
Password List
=============
aaa daniel jester rascal
academia danny johnny really
ada dave joseph rebecca
adrian deb joshua remote
aesir debbie judith rick
airplane deborah juggle reagan
albany december julia robot
albatross desperate kathleen robotics
albert develop kermit rolex
alex diet kernel ronald
alexander digital knight rosebud
algebra discovery lambda rosemary
alias disney larry roses
alpha dog lazarus ruben
alphabet drought lee rules
ama duncan leroy ruth
amy easy lewis sal
analog eatme light saxon
anchor edges lisa scheme
andy erenity
arrow elizabeth maggot sex
arthur ellen magic shark
asshole emerald malcolm sharon
athena engine mark shit
atmosphere engineer markus shiva
bacchus enterprise marty shuttle
badass enzyme marvin simon
bailey euclid master simple
banana evelyn maurice singer
bandit extension merlin single
banks fairway mets smile
bass felicia michael smiles
batman fender michelle smooch
beauty fermat mike smother
beaver finite minimum snatch
beethoven flower minsky snoopy
beloved foolproof mogul soap
benz football moose socrates
beowulf format mozart spit
berkeley forsythe nancy spring
berlin fourier napoleon subway
beta fred network success
beverly friend newton summer
bumbling george osiris tape
cardinal gertrude outlaw target
carmen gibson oxford taylor
carolina ginger pacific telephone
caroline gnu painless temptation
castle golf pam tiger
cat golfer paper toggle
celtics gorgeous password tomato
change graham pat toyota
charles gryphon patricia trivial
charming guest penguin unhappy
charon guitar pete unicorn
chester hacker peter unknown
cigar harmony philip urchin
classic harold phoenix utility
coffee harvey pierre vicky
coke heinlein pizza virginia
collins hello plover warren
comrade help polynomial water
computer herbert praise weenie
condo honey prelude whatnot
condom horse prince whitney
cookie imperial protect will
cooper include pumpkin william
create ingres puppet willie
creation innocuous rabbit winston
I hope this file has been of some help in getting started. If you're asking
yourself the question 'Why hack?', then you've probably wasted a lot of time
reading this, as you'll never understand. For those of you who have read this
and found it useful, please send a tax-deductible donation
of $5.00 (or more!) in the name of the Legion of Doom to:
The American Cancer Society
90 Park Avenue
New York, NY 10016
*******************************************************************************
References:
1) Introduction to ItaPAC by Blade Runner
Telecom Security Bulletin 1
2) The IBM VM/CMS Operating System by Lex Luthor
The LOD/H Technical Journal 2
3) Hacking the IRIS Operating System by The Leftist
The LOD/H Technical Journal 3
4) Hacking CDC's Cyber by Phrozen Ghost
Phrack Inc. Newsletter 18
5) USENET comp.risks digest (various authors, various issues)
6) USENET unix.wizards forum (various authors)
7) USENET info-vax forum (various authors)
Recommended Reading:
1) Hackers by Steven Levy
2) Out of the Inner Circle by Bill Landreth
3) Turing's Man by J. David Bolter
4) Soul of a New Machine by Tracy Kidder
5) Neuromancer, Count Zero, Mona Lisa Overdrive, and Burning Chrome, all by
William Gibson
6) Reality Hackers Magazine c/o High Frontiers, P.O. Box 40271, Berkeley,
California, 94704, 415-995-2606
7) Any of the Phrack Inc. Newsletters & LOD/H Technical Journals you can
find.
Acknowledgements:
Thanks to my wife for putting up with me.
Thanks to Lone Wolf for the RSTS & TOPS assistance.
Thanks to Android Pope for proofreading, suggestions, and beer.
Thanks to The Urvile/Necron 99 for proofreading & Cyber info.
Thanks to Eric Bloodaxe for wading through all the trash.
Thanks to the users of Phoenix Project for their contributions.
Thanks to Altos Computer Systems, Munich, for the chat system.
Thanks to the various security personel who were willing to talk to me about
how they operate.
__________________________________________________________________________
<[ Above all the most widely used operating system is UNIX. The following
file describes how it works and the best ways of gaining access to UNIX
systems. ]>
__________________________________________________________________________
Author: Red Knight
~~~~~~~~~~~~~~~~~~
==Phrack Inc.==
Volume Two, Issue 22, File 5 of 12
/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\
\|/ \|/
/|\ An Indepth Guide In Hacking UNIX /|\
\|/ and \|/
/|\ The Concept Of Basic Networking Utility /|\
\|/ \|/
/|\ By Red Knight /|\
\|/ \|/
/|\ Member of the /|\
\|/ Phreakers/Hackers Underground Network \|/
/|\ /|\
\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/
Brief History On UNIX
~~~~~~~~~~~~~~~~~~~~~
Its because of Ken Tompson that today we are able to hack Unix. He used to
work for Bell Labs in the 1960s. Tompson started out using the MULTICS OS
which was later eliminated and Tompson was left without an operating system to
work with.
Tompson had to come up with something real quick. He did some research and and
in 1969 UNIX came out, which was a single user and it did not have many
capabilities. A combined effort with others enabled him to rewrite the version
in C and add some good features. This version was released in 1973 and was
made available to the public. This was the first begining of UNIX in its
presently known form. The more refined version of UNIX, today know as UNIX
system V developed by Berkley University has unique capabilities.
Various types of UNIXes are CPIX, Berkeley Ver 4.1, Berkeley 4.2, FOS, Genix,
HP-UX, IS/I, OSx, PC-IX, PERPOS, Sys3, Ultrix, Zeus, Xenix, UNITY, VENIX, UTS,
Unisys, Unip lus+, UNOS, Idris, QNIX, Coherent, Cromix, System III, System 7,
Sixth edition.
The Article Itself
~~~~~~~~~~~~~~~~~~
I believe that hacking into any system requires knowledge of the operating
system itself. Basically what I will try to do is make you more familiar with
UNIX operation and its useful commands that will be advantageous to you as a
hacker. This article contains in depth explainations. I have used the UNIX
System V to write this article.
Error Messages: [ UNIX System V ]
~~~~~~~~~~~~~~
Login Incorrect - An invalid ID and/or password was entered. This means
nothing. In UNIX there is no way guessing valid user IDs.
You may come across this one when trying to get in.
No More Logins - This happens when the system will not accept anymore logins.
The system could be going down.
Unknown Id - This happens if an invalid id is entered using (su) command.
Unexpected Eof In File - The file being stripped or the file has been damaged.
Your Password Has Expired - This is quite rare although there are situations
where it can happen. Reading the etc/passwd will
show you at how many intervals it changes.
You May Not Change The Password - The password has not yet aged enough. The
administrator set the quotas for the users.
Unknown Group [Group's Name] - Occurs when chgrp is executed, group does not
exist.
Sorry - Indicated that you have typed in an invalid super user password
(execution of the su).
Permission Denied! - Indicated you must be the owner or a super user to change
password.
Sorry " # Weeks" Since Last Change - This will happen when password ha s has
not aged enough and you tried to change
it (password).
[Directory Name]: No Permission - You are trying to remove a directory which
you have no permission to.
[File Name] Not Removed - Trying to delete a file owned by another user that
you do not have write permission for.
[Dirname] Not Removed - Ownership of the dir is not your that your trying to
delete.
[Dirname] Not Empty - The directory contains files so you must have to delete
the files before execcant open [file name] - defined
wrong path, file name or you have no read permission.
Cp: [File Name] And [File Name] Are Identical - Self explanatory.
Cannot Locate Parent Directory - Occurs when using mv.
[File name] Not Found - File which your trying to move does not exist.
You Have Mail - Self explanatory.
Basic Networking Utility Error Messages
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cu: Not found - Networking not installed.
Login Failed - Invalid id/pw or wrong number specified.
Dial Failed - The systen never answered due to a wrong number.
UUCP Completely Failed - Did not specify file after -s.
Wrong Time to Call - You called at the time at a time not specified in the
Systems file.
System not in systems - You called a remote not in the systems file.
Logon Format
~~~~~~~~~~~~
The first thing you must do is switch to lower case. To identifing a UNIX,
this is what you will see;
AT&T Unix System V 3.0 (eg of a system identifier)
login:
or
Login:
Any of these is a UNIX. Here is where you will have to guess at a user valid
id. Here are some that I have come across; glr, glt, radgo, rml, chester, cat,
lom, cora, hlto, hwill, edcasey, and also some containing numbers; smith1,
mitu6, or special characters in it; bremer$, jfox. Login names have to be 3
to 8 chracters in length, lowercase, and must start with a letter. In some
XENIX systems one may login as "guest"
User Level Accounts (Lower Case)
~~~~~~~~~~~~~~~~~~~
In Unix there are what is called. These accounts can be used at the "login:"
prompt. Here is a list:
sys bin trouble daemon uucp nuucp rje lp adm
Super-User Accounts
~~~~~~~~~~~~~~~~~~~
There is also a super-user login which make UNIX worth hacking. The accounts
are used for a specific job. In large systems these logins are assingned to
users who have a responsibilty to maintain subsystems.
They are as follows (all lower case);
root - This is a must the system comes configured with it. It has no
restriction. It has power over every other account.
unmountsys - Unmounts files
setup - System set up
makefsys - Makes a new file
sysadm - Allows useful S.A commands (doesn't need root login)
powerdown - Powering system down
mountfsys - Mounts files
checkfsys - Checks file
These accounts will definitly have passwords assigned to them. These accounts
are also commands used by the system administrator. After the login prompt you
will receive a password prompt:
password:
or
Password:
Enter the password (it will not echo). The password rule is as follows; Each
password has to contain at least 6 characters and maximum of 8 characters. Two
of which are to be alphabetic letters and at least one being a number or a
special character. The alphabetic digits could be in upper case or lower
case. Here are some of the passwords that I have seen; Ansuya1, PLAT00N6,
uFo/78, ShAsHi.., Div417co.
The passwords for the super user accounts will be difficult to hack try the
accounts interchangebly; login:sysadm password:makefsys, or rje1, sysop,
sysop1, bin4, or they might contain letters, numbers, or special chracters in
them. It could be anything. The user passwords are changed by an aging
proccess at successive intervals. The users are forced to changed it. The
super-user will pick a password that will not need changing for a long period
of time.
You Have Made It!
~~~~~~~~~~~~~~~~~
The hard part is over and hopefully you have hacked a super-user account.
Remember Control-d stops a process and also logs you off. The next thing you
will probably see is the system news. Ex;
login:john
password:hacker1
System news
There will be no networking offered to the users till
August 15, due to hardware problems.
[Just An Example]
$
$ (this is the Unix prompt) - Waiting for a command to be entered.
- Means your logged in as root (Very Good).
A Word About The XENIX System III (Run On The Tandy 6000)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The largest weakness in the XENIX System III occurs after the installation
of the Profile-16 or more commonly know as the Filepro-16. I have seen the
Filepro-16 installed in many systems. The installation process creates an
entry in the password file for a user named \fBprofile\fR, an account that who
owns and administors the database. The great thing about it is that when the
account is created, no password is assigned to it. The database contains
executable to maintain it. The database creation programs perform a
\fBsetuid\fR to boot up the \fBoot\fR thereby giving a person the whole C
Shell to gain Super User privilege same as root. Intresting huh!
[* Note: First the article will inform you of how the Unix is made up.]
The Unix is made if three components - The Shell, The Kernal, File System.
The Kernal
~~~~~~~~~~
You could say that the kernal is the heart of the Unix operating system. The
kernal is a low level language lower than the shell which maintains processes.
The kernal handles memory usage, maintains file system the sofware and hardware
devices.
The Shell
~~~~~~~~~
The shell a higher level language. The shell had two important uses, to act as
command interpreture for example using commands like cat or who. The shell is
at work figuring out whether you have entered a command correctly or not. The
second most important reason for the shell is its ability to be used as
programing language. Suppose your performing some tasks repeatedly over and
over again, you can program the shell to do this for you.
(Note: This article will not cover shell programming.)
( Instead B.N.N will be covered. )
The File System
~~~~~~~~~~~~~~~
The file system in Unix is divided into 3 catagories: Directories, ordinary
files and special files (d,-).
Basic Stucture:
(/)-this is abreviation for the root dirctory.
root level root
(/) system
-------------------------------------|---------------------------------- level
| | | | | | | |
/unix /etc /dev /tmp /lib /usr /usr2 /bin
| _____|_____
login passwd | | |
level /john /cathy
________________________|_______________
| | | | | |
.profile /mail /pers /games /bin /michelle
*.profile - in case you | __|______ | __|_______
wish to change your environment, but capital | | data | | |
after you log off, it sets it to othello starwars letter letter1
default.
/unix - This is the kernal.
/etc - Contains system administrators files,Most are not available to the
regular user (this dirrctory contains the /passwd file).
Here are some files under /etc directory:
/etc/passwd
/etc/utmp
/etc/adm/sulog
/etc/motd
/etc/group
/etc/conf
/etc/profile
/dev - contains files for physical devices such as printer and the disk drives
/tmp - temporary file directory
/lib - dirctory that contains programs for high level languages
/usr - this directory contains dirctories for each user on the system
/bin - contain executable programs (commands)
The root also contains:
/bck - used to mount a back up file system.
/install - Used to install and remove utilities
/lost+found - This is where all the removed files go, this dir is used by fsck
/save -A utility used to save data
/mnt - Used for temporary mounting
**Now the fun part scouting around**
Local Commands (Explained In Details)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At the unix prompt type the pwd command. It will show you the current working
directory you are in.
$ pwd
$ /usr/admin - assuming that you have hacked into a super user account
check fsys
$
This gives you the full login directory. The / before tell you the location of
the root directory.
Or
(REFER TO THE DIAGRAM ABOVE)
$ pwd
$ /usr/john
$
Assuming you have hacked into John's account.
Lets say you wanted to move down to the Michelle directory that contains
letters. You would type in;
$ cd michelle or cd usr/john/michelle
$ pwd
$ /usr/john/michelle
$
Going back one directory up type in:
$ cd ..
or going to your parent directory just type in "cd"
Listing file directories assuming you have just logged in:
$ ls /usr/john
mail
pers
games
bin
michelle
This wont give you the .profile file. To view it type
$ cd
$ ls -a
:
:
.profile
To list file names in Michelle's directory type in:
$ ls michelle (that if your in the johns directory)
$ ls /usr/john/michelle(parent dir)
ls -l
~~~~~
The ls -l is an an important command in unix.This command displays the whole
directory in long format :Run this in parent directory.
$ ls -l
total 60
-rwxr-x--- 5 john bluebox 10 april 9 7:04 mail
drwx------ 7 john bluebox 30 april 2 4:09 pers
: : : : : : :
: : : : : : :
-rwxr-x--- 6 cathy bluebox 13 april 1 13:00 partys
: : : : : : :
$
The total 60 tells one the ammount of disk space used in a directory. The
-rwxr-x--- is read in triples of 3. The first chracter eg (-, d, b, c) means
as follows: - is an ordinary file, d is a directory, b is block file, c is a
character file.
The r stands for read permission, w is write permission, x is execute. The
first column is read in 3 triples as stated above. The first group of 3 (in
-rwxr-x---) after the "-" specifies the permission for the owner of the file,
the second triple are for the groups (the fourth column) and the last triple
are the permissions for all other users. Therefore, the -rwxr-x--- is read as
follows.
The owner, John, has permission to read, write, and execute anything in the bin
directory but the group has no write permission to it and the rest of the users
have no permission at all. The format of one of the lines in the above output
is as follows:
file type-permissions, links, user's name, group, bytes taken, date, time when
last renued, directory, or file name.
*** You will be able to read, execute Cathy's ***
*** file named partly due to the same group. ***
Chmod
~~~~~
The chmod command changes permission of a directory or a file. Format is
chmod who+, -, =r , w, x
The who is substituted by u-user, g-group, o-other users, a-all.
The + means add permission, - means remove permission, = - assign.
Example: If you wanted all other users to read the file name mail, type:
$ chmod o+r mail
Cat
~~~
Now suppose you wanted to read the file letter. There are two ways to doing
this. First go to the michelle directory then type in:
$ cat letter
line one ...\
line two ... }the output of letter
line three../
$
or
If you are in the parent directory type in:
$ cat /usr/john/michelle/letter
and you will have the same output.
Some cat options are -s, -u, -v, -e, -t
Special Chracters in Unix
~~~~~~~~~~~~~~~~~~~~~~~~~
* - Matches any number of single characters eg. ls john* will list all
files that begin with john
[...] - Matchs any one of the chracter in the [ ]
? - Matches any single chracter
& - Runs a process in the backgroung leaving your terminal free
$ - Values used for variables also $n - null argument
> - Redirectes output
< - Redirects input to come from a file
>> - Redirects command to be added to the end of a file
| - Pipe output (eg:who|wc-l tells us how many users are online)
"..." - Turn of meaning of special chracters excluding $,`
`...` - Allows command output in to be used in a command line
'...' - Turns of special meaning of all chracters
Continuation Of Local Commands
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
man [command] or [c/r] -will give you a list of commands explainations
help - available on some UNIX systems
mkdir [dir name(s)] - makes a directory
rmdir [dir name(s)] - removes directory.You wont be able to remove the
directory if it contains files in them
rm [file name(s)] - removes files. rm * will erase all files in the current
dir. Be carefull you! Some options are:
[-f unconditional removal] [-i Prompts user for y or n]
ps [-a all processes except group leaders] [-e all processes] [-f the whole
list] - This command reports processes you are running eg:
$ps
PID TTY TIME COMMAND
200 tty09 14:20 ps
The systems reports (PID - process idenetification number which is a number
from 1-30,000 assigned to UNIX processes)
It also reports the TTY,TIME and the COMMAND being executed at the time.
To stop a process enter :
$kill [PID] (this case its 200)
200 terminated
$
grep [argument] - searches for an file that contains the argument
mv [file names(s)] [ dir name ] - renames a file or moves it to another
directory
cp [file name] [file name] - makes a copy of a file
write [login name ] - to write to other logged in users. Sort of a chat
mesg [-n] [-y] - doesn't allow others to send you messages using the write
command. Wall used by system adm overrides it.
$ [file name] - to execute any file
wc [file name] - Counts words, characters,lines in a file
stty [modes] - Set terminal I/O for the current devices
sort [filename] - Sorts and merges files many options
spell [file name] > [file name] - The second file is where the misspelt words
are entered
date [+%m%d%y*] [+%H%%M%S] - Displays date acoording to options
at [-r] [-l] [job] - Does a specified job at a specified time. The -r Removes
all previously scheduled jobs.The -l reports the job and
status of all jobs scheduled
write [login] [tty] - Sends message to the login name. Chat!
Su [login name]
~~~~~~~~~~~~~~~
The su command allows one to switch user to a super user to a user. Very
important could be used to switch to super user accounts.
Usage:
$ su sysadm
password:
This su command will be monitored in /usr/adm/sulog and this file of all files
is carefully monitered by the system administrator.Suppose you hacked in john's
account and then switched to the sysadm account (ABOVE) your /usr/adm/su log
entry would look like:
SU 04/19/88 21:00 + tty 12 john-sysadm
Therfore the S.A(system administrator) would know that john swithed to sysadm
account on 4/19/88 at 21:00 hours
Searching For Valid Login Names:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Type in-
$ who ( command informs the user of other users on the system)
cathy tty1 april 19 2:30
john tty2 april 19 2:19
dipal tty3 april 19 2:31
:
:
tty is the user's terminal, date, time each logged on. mary, dr.m are valid
logins.
Files worth concatenating(cat)
/etc/passwd file
~~~~~~~~~~~~~~~~
The etc/passwd is a vital file to cat. For it contains login names of all
users including super user accounts and there passwords. In the newer SVR3
releases they are tighting their security by moving the encrypted passwords
from /etc/passwd to /etc/shadow making it only readable by root.
This is optional of course.
$ cat /etc/passwd
root:D943/sys34:0:1:0000:/:
sysadm:k54doPerate:0:0:administration:usr/admin:/bin/rsh
checkfsys:Locked;:0:0:check file system:/usr/admin:/bin/rsh
:
other super user accs.
:
john:hacker1:34:3:john scezerend:/usr/john:
:
other users
:
$
If you have reached this far capture this file as soon as possible. This is a
typical output etc/passwd file. The entries are seperated by a ":". There
made be up to 7 fields in each line.
Eg.sysadm account.
The first is the login name in this case sysadm.The second field contains the
password. The third field contains the user id."0 is the root." Then comes
the group id then the account which contains the user full name etc. The sixth
field is the login directory defines the full path name of the the paticular
account and the last is the program to be executed. Now one can switch to
other super user account using su command descibed above. The password entry
in the field of the checkfsys account in the above example is "Locked;". This
doesn't mean thats its a password but the account checkfsys cannot be accessed
remotely. The ";" acts as an unused encryption character. A space is also
used for the same purpose. You will find this in many UNIX systems that are
small systems where the system administrator handles all maintaince.
If the shawdowing is active the /etc/passwd would look like this:
root:x:0:1:0000:/:
sysadm:x:0:0:administration:/usr/admin:/bin/rsh
The password filed is substituted by "x".
The /etc/shawdow file only readable by root will look similar to this:
root:D943/sys34:5288::
:
super user accounts
:
Cathy:masai1:5055:7:120
:
all other users
:
The first field contains users id: The second contains the password (The pw
will be NONE if logining in remotely is deactivated): The third contains a
code of when the password was last changed: The fourth and the fifth contains
the minimum and the maximum numbers of days for pw changes (its rare that you
will find this in the super user logins due to there hard to guess passwords)
/etc/options
~~~~~~~~~~~~
The etc/options file informs one the utilities available in the system.
-rwxr-xr-x 1 root sys 40 april 1:00 Basic Networking utility
/etc/group
~~~~~~~~~~
The file has each group on the system. Each line will have 4 entries separated
by a ":". Example of concatenated /etc/group:
root::0:root
adm::2:adm,root
bluebox::70:
Group name:password:group id:login names
** It very unlikely that groups will have passwords assigned to them **
The id "0" is assigned to /
Sending And Recieving Messages
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Two programs are used to manage this. They are mail & mailx. The difference
between them is that mailx is more fancier thereby giving you many choices like
replying message, using editors, etc.
Sending
~~~~~~~
The basic format for using this command is:
$mail [login(s)]
(now one would enter the text after finishing enter "." a period on the next
blank line)
$
This command is also used to send mail to remote systems. Suppose you wanted
to send mail to john on a remote called ATT01 you would type in:
$mail ATT01!john
Mail can be sent to several users, just by entering more login name after
issuing the mail command
Using mailx is the same format:(This I'll describe very briefly) $mailx john
subject:(this lets you enter the subject)
(line 1)
(line 2)
(After you finish enter (~.) not the brackets of course, more commands are
available like ~p, ~r, ~v, ~m, ~h, ~b, etc.).
Receiving
~~~~~~~~~
After you log on to the system you will the account may have mail waiting.
You will be notified "you have mail."
To read this enter:
$mail
(line 1)
(line 2)
(line 3)
?
$
After the message you will be prompted with a question mark. Here you have a
choice to delete it by entering d, saving it to view it later s, or just press
enter to view the next message.
(DON'T BE A SAVANT AND DELETE THE POOR GUY'S MAIL)
Super User Commands
~~~~~~~~~~~~~~~~~~~
$sysadm adduser - will take you through a routine to add a user (may not last
long)
Enter this:
$ sysadm adduser
password:
(this is what you will see)
/--------------------------------------------------------------------------\
Process running succommmand `adduser`
USER MANAGMENT
Anytime you want to quit, type "q".
If you are not sure how to answer any prompt, type "?" for help
If a default appears in the question, press <RETURN> for the default.
Enter users full name [?,q]: (enter the name you want)
Enter users login ID [?,q]:(the id you want to use)
Enter users ID number (default 50000) [?,q) [?,q]:( press return )
Enter group ID number or group name:(any name from /etc/group)
Enter users login home directory:(enter /usr/name)
This is the information for the new login:
Users name: (name)
login ID:(id)
users ID:50000
group ID or name:
home directory:/usr/name
Do you want to install, edit, skip [i, e, s, q]? (enter your choice if "i"
then)
Login installed
Do you want to give the user a password?[y,n] (its better to enter one)
New password:
Re-enter password:
Do you want to add another login?
\----------------------------------------------------------------------------/
This is the proccess to add a user. Since you hacked into a super user account
you can make a super user account by doing the following by entering 0 as an
user and a group ID and enter the home directory as /usr/admin. This will give
you as much access as the account sysadm.
**Caution** - Do not use login names like Hacker, Cracker,Phreak etc. This is
a total give away.
The process of adding a user wont last very long the S.A will know when he
checks out the /etc/passwd file
$sysadm moduser - This utility allows one to modify users. DO NOT ABUSE!!
!
Password:
This is what you'll see:
/----------------------------------------------------------------------------\
MODIFYING USER'S LOGIN
1)chgloginid (This is to change the login ID)
2)chgpassword (Changing password)
3)chgshell (Changing directory DEFAULT = /bin/sh)
ENTER A NUMBER,NAME,INITIAL PART OF OF NAME,OR ? OR <NUMBER>? FOR HELP, Q TO
QUIT ?
\----------------------------------------------------------------------------/
Try every one of them out.Do not change someones password.It creates a havoc.
If you do decide to change it.Please write the original one down somewhere
and change back.Try not to leave to many traces after you had your fun. In
choice number 1 you will be asked for the login and then the new one. In
choice number 2 you will asked for the login and then supplied by it correct
password and enter a new one. In choice 3 this is used to a pchange the login
shell ** Use full ** The above utilites can be used separatly for eg (To
change a password one could enter: $sysadm chgpasswd not chapassword, The rest
are same)
$sysadm deluser - This is an obviously to delete a user password:
This will be the screen output:
/---------------------------------------------------------------------------\
Running subcommand 'deluser' from menu 'usermgmt'
USER MANAGEMENT
This fuction completely removes the user,their mail file,home directory and all
files below their home directory from the machine.
Enter login ID you wish to remove[q]: (eg.cathy)
'cathy' belongs to 'Cathy Franklin'
whose home directory is /usr/cathy
Do you want to remove this login ID 'cathy' ? [y,n,?,q] :
/usr/cathy and all files under it have been deleted.
Enter login ID you wish to remove [q]:
\--------------------------------------------------------------------------/
This command deletes everthing owned by the user.Again this would be stupid to
use.
Other Super User Commands
~~~~~~~~~~~~~~~~~~~~~~~~~
wall [text] control-d - to send an anouncement to users logged in (will
override mesg -n command). Execute only from /
/etc/newgrp - is used to become a member of a group
sysadm [program name]
delgroup - delets groups
diskuse - Shows free space etc.
whoson - self explanatory
lsgroup - Lists group
mklineset -hunts various sequences
Basic Networking Unility (BNU)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The BNU is a unique feature in UNIX.Some systems may not have this installed.
What BNU does is allow other remote UNIXes communicate with yours without
logging off the present one.BNU also allowes file transfer between computers.
Most UNIX systems V will have this feature installed.
The user program like cu,uux etc are located in the /usr/bin directory
Basic Networking Files
~~~~~~~~~~~~~~~~~~~~~~
/usr/lib/uucp/[file name]
[file name]
systems - cu command to establishes link.Contains info on remote computers
name, time it can be reached, login Id, password, telephone numbers
devices - inter connected with systems files (Automatic call unit same in two
entries) also contains baud rate, port tty1, etc.
dialers - where asscii converation must be made before file tranfers etc.
dialcodes - contains abreiviations for phone numbers that can be used in
systems file
other files are sysfiles, permissions, poll, devconfig
Logining On To Remote And Sending+Receiving Files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cu - This command allows one to log on to the local as well as the remote Unix
(or a non unix)without haveing to hang up so you can transfer files.
Usage:[options]
$ cu [-s baud rate][-o odd parity][-e even parity][-l name of comm line]
telephone number | systemname
To view system names that you can communicate with use the 'unname' command:
Eg. of output of names:
ATT01
ATT02
ATT03
ATT04
$ cu -s300 3=9872344 (9872344 is the tel)
connected
login:
password:
Local Strings
~~~~~~~~~~~~~
<~.> - will log you off the remote terminal, but not the local
<control-d> - puts you back on the remote unix local (the directory which you
are in)
"%put [file name] - reverse of above
Ct
~~
ct allows local to connect to remote.Initiates a getty on a remote terminal.
Usefull when using a remote terminal.BNU has call back feature that allows the
user on the remote who can execute a call back meaning the local can call the
remote.[ ] are options
$ ct [-h prevent automatic hang up][-s bps rate][-wt set a time to call back
abbrieviated t mins] telephone number
Uux
~~~
To execute commands on a remote (unix to unix)
usage:[ ] are options
$ uux [- use standard output][-n prevent mail notification][-p also use
standard output] command-string
UUCP
~~~~
UUCP copies files from ones computer to the home directory of a user in remote
system. This also works when copying files from one directory to another in
the remote. The remote user will be notified by mail. This command becomes
use full when copying files from a remote to your local system. The UUCP
requires the uucico daemon will call up the remote and will perform file login
sequence, file transfer, and notify the user by mail. Daemons are programs
runining in the background. The 3 daemons in a Unix are uucico, uusched,
uuxqt.
Daemons Explained: [nows a good time to explain the 3 daemons]
~~~~~~~~~~~~~~~~~
Uuxqt - Remote execution. This daemon is executed by uudemon.hour started by
cron.UUXQT searchs in the spool directory for executable file named
X.file sent from the remote system. When it finds a file X .file where
it obtains process which are to be executed. The next step is to find
weather the processes are available at the time.The if available it
checks permission and if everthing is o.k it proceeds the background
proccess.
Uucico - This Daemon is very immportant for it is responsible in establishing
a connection to the remote also checks permission, performs login
procedures,transfers + executes files and also notifies the user by
mail. This daemon is called upon by uucp,uuto,uux commands.
Uusched - This is executed by the shell script called uudemon.hour. This
daemons acts as a randomizer before the UUCICO daemon is called.
Usage:
$ uucp [options] [first full path name!] file [destination path!] file example:
$ uucp -m -s bbss hackers unix2!/usr/todd/hackers
What this would do is send the file hackers from your computer to the remotes
/usr/todd/hackers making hackers of course as file. Todd would mail that a
file has been sent to him. The Unix2 is the name of the remote. Options for
UUCP: (Don't forget to type in remotes name Unix2 in case)
-c dont copy files to spool directory
-C copy to spool
-s[file name] - this file will contain the file status(above is bbss)
-r Dont start the comm program(uucico) yet
-j print job number(for above eg.unix2e9o3)
-m send mail when file file is complete
Now suppose you wanted to receive file called kenya which is in the
usr/ dan/usa to your home directory /usr/john assuming that the local systems
name is ATT01 and you are currently working in /usr/dan/usa,you would type in:
$uucp kenya ATT01!/usr/john/kenya
Uuto
~~~~
The uuto command allows one to send file to remote user and can also be used to
send files locally.
Usage:
$ uuto [file name] [system!login name]( omit systen name if local)
Conclusion
~~~~~~~~~~
Theres always more one can say about the UNIX, but its time to stop. I hope
you have enjoyed the article. I apologize for the length. I hope I made the
UNIX operating system more familiar. The contents of the article are all
accurate to my knowledge. Hacking into any system is illegal so try to use
remote dial-ups to the job. Remember do not abuse any systems you hack into
for a true hacker doesn't like to wreck, but to learn.
Watch for my new article on using PANAMAC airline computers coming soon.
Red Knight
P/HUN!
<<T.S.A.N>>