home *** CD-ROM | disk | FTP | other *** search
- _______________________________________________________
-
- GUIDE TO (mostly) HARMLESS HACKING
-
- Vol. 1 Number 3
-
- Hacking tip of the day: how finger can be used as one of the most common
- ways to crack into non-public parts of an Internet host.
- _______________________________________________________
-
- Before you get too excited over learning how finger can be used to crack an
- Internet host, will all you law enforcement folks out there please relax.
- I'm not giving step-by-step instructions. I'm certainly not handing out code
- from those publicly available canned cracking tools that any newbie could
- use to gain illegal access to some hosts.
-
- What you are about to read are some basic principles and techniques behind
- cracking with finger. In fact, some of these techniques are fun and legal as
- long as they aren't taken too far. And they might tell you a thing or two
- about how to make your Internet hosts more secure.
-
- You could also use this information to become a cracker. Your choice. Just
- keep in mind what it would be like to be the "girlfriend" of a cell mate
- named "Spike."
-
- *********************************
- Newbie note #1: Many people assume "hacking" and "cracking" are synonymous.
- But "cracking" is gaining illegal entry into a computer. "Hacking" is the
- entire universe of kewl stuff one can do with computers, often without
- breaking the law or causing harm.
- *********************************
-
- What is finger? It is a program which runs on port 79 of many Internet host
- computers. It is normally used to provide information on people who are
- users of a given computer.
-
- For review, let's consider the virtuous but boring way to give your host
- computer the finger command:
-
- finger Joe_Blow@boring.ISP.net
-
- This causes your computer to telnet to port 79 on the host boring.ISP.net.
- It gets whatever is in the .plan and .project files for Joe Blow and
- displays them on your computer screen.
-
- But the Happy Hacker way is to first telnet to boring.ISP.net port 79, from
- which we can then run its finger program:
-
- telnet boring.ISP.net 79
-
- If you are a good Internet citizen you would then give the command:
-
- Joe_Blow
-
- or maybe the command:
-
- finger Joe_Blow
-
- This should give you the same results as just staying on your own computer
- and giving the command "finger Joe_Blow@boring.ISP.net."
-
- But for a cracker, there are lots and lots of other things to try after
- gaining control of the finger program of boring.ISP.net by telnetting to
- port 79.
-
- Ah, but I don't teach how to do felonies. So we will just cover general
- principles of how finger is commonly used to crack into boring.ISP.net. You
- will also learn some perfectly legal things you can try to get finger to do.
-
- For example, some finger programs will respond to the command:
-
- finger @boring.ISP.net
-
- If you should happen to find a finger program old enough or trusting enough
- to accept this command, you might get something back like:
-
- [boring.ISP.net]
- Login Name TTY Idle When Where
- happy Prof. Foobar co 1d Wed 08:00 boring.ISP.net
-
- This tells you that only one guy is logged on, and he's doing nothing. This
- means that if someone should manage to break in, no one is likely to notice
- -- at least not right away.
-
- Another command to which a finger port might respond is simply:
-
- finger
-
- If this command works, it will give you a complete list of the users of this
- host. These user names then can be used to crack a password or two.
-
- Sometimes a system will have no restrictions on how lame a password can be.
- Common lame password habits are to use no password at all, the same password
- as user name, the user's first or last name, and "guest." If these don't
- work for the cracker, there are widely circulated programs which try out
- every word of the dictionary and every name in the typical phone book.
-
- ********************************
- Newbie Note #2: Is your password easy to crack? If you have a shell account,
- you may change it with the command:
-
- passwd
-
- Choose a password that isn't in the dictionary or phone book, is at least 6
- characters long, and includes some characters that are not letters of the
- alphabet.
-
- A password that is found in the dictionary but has one extra character is
- *not* a good password.
- ********************************
-
- Other commands which may sometimes get a response out of finger include:
-
- finger @
- finger 0
- finger root
- finger bin
- finger ftp
- finger system
- finger guest
- finger demo
- finger manager
-
- Or, even just hitting <enter> once you are into port 79 may give you
- something interesting.
-
- There are plenty of other commands that may or may not work. But most
- commands on most finger programs will give you nothing, because most system
- administrators don't want to ladle out lots of information to the casual
- visitor. In fact, a really cautious sysadmin will disable finger entirely.
- So you'll never even manage to get into port 79 of some computers
-
- However, none of these commands I have shown you will give you root access.
- They provide information only.
-
- ************************
- Newbie note #3: Root! It is the Valhalla of the hard-core cracker. "Root" is
- the account on a multi-user computer which allows you to play god. It is the
- account from which you can enter and use any other account, read and modify
- any file, run any program. With root access, you can completely destroy all
- data on boring.ISP.net. (I am *not* suggesting that you do so!)
- *************************
-
- It is legal to ask the finger program of boring.ISP.net just about anything
- you want. The worst that can happen is that the program will crash.
-
- Crash...what happens if finger crashes?
-
- Let's think about what finger actually does. It's the first program you meet
- when you telnet to boring.ISP.net's port 79. And once there, you can give it
- a command that directs it to read files from any user's account you may choose.
-
- That means finger can look in any account.
-
- That means if it crashes, you may end up in root.
-
- Please, if you should happen to gain root access to someone else's host,
- leave that computer immediately! You'd better also have a good excuse for
- your systems administrator and the cops if you should get caught!
-
- If you were to make finger crash by giving it some command like ///*^S, you
- might have a hard time claiming that you were innocently seeking publicly
- available information.
-
- *****************
- YOU CAN GO TO JAIL TIP #1: Getting into a part of a computer that is not
- open to the public is illegal. In addition, if you use the phone lines or
- Internet across a US state line to break into a non-public part of a
- computer, you have committed a Federal felony. You don't have to cause any
- harm at all -- it's still illegal. Even if you just gain root access and
- immediately break off your connection -- it's still illegal.
- ***************
-
- Truly elite types will crack into a root account from finger and just leave
- immediately. They say the real rush of cracking comes from being *able* to
- do anything to boring.ISP.net -- but refusing the temptation.
-
- The elite of the elite do more than just refrain from taking advantage of
- the systems they penetrate. They inform the systems administrator that they
- have cracked his or her computer, and leave an explanation of how to fix the
- security hole.
-
- ************************************
- YOU CAN GO TO JAIL TIP #2: When you break into a computer, the headers on
- the packets that carry your commands tell the sysadmin of your target who
- you are. If you are reading this column you don't know enough to cover your
- tracks. Tell temptation to take a hike!
- ************************************
-
- Ah, but what are your chances of gaining root through finger? Haven't
- zillions of hackers found all the crashable stuph? Doesn't that suggest that
- finger programs running on the Internet today are all fixed so you can't get
- root access through them any more?
-
- No.
-
- The bottom line is that any systems adminstrator that leaves the finger
- service running on his/her system is taking a major risk. If you are the
- user of an ISP that allows finger, ask yourself this question: is using it
- to advertise your existence across the Internet worth the risk?
-
- OK, I'm signing off for this column. I look forward to your contributions to
- this list. Happy hacking -- and don't get busted!
-
- __________________________________________________________________
-
- Want to share some kewl stuph? Tell me I'm terrific? Flame me? For the first
- two, I'm at cmeinel@techbroker.com. Please direct flames to
- dev/null@techbroker.com. Happy hacking!
- _______________________________________________________
- Copyright 1996 Carolyn P. Meinel. You may forward the GUIDE TO (mostly)
- HARMLESS HACKING as long as you leave this notice at the end. To subscribe,
- email cmeinel@techbroker.com with message "subscribe hacker
- <joe.blow@boring.ISP.net>" substituting your real email address for Joe Blow's.
- ___________________________________________________________________
-
-