UNIX FOR DOSADDICTED WaReZ PuPPieZ AND THEIR PETS
 By Fahad Naeem

  Introduction
  ------------

  One of themost common operating systems in existance is Unix. Unix
  exists inmany different flavors, from Berkeley BSD to AT&T System V
  to SunOs. Basicworking knowledge of Unix is almost essential to a
  hacker, asit is the system a hacker is most likely to come across.
  If youintend to use the internet at all, or to do any serious
  explorationof Telenet, the ability to navigate through Unix is a
  necessity. (Unixis also the single most interesting system in
  existance: it'sjust fun to fuck with).
 
  Unix Logins
  -----------

  Most Unixlogins look essentially the same. A general Unix login
  prompt lookssomething like this:

  connected tofive.finger.com
  login:

  That firstline is the system identifier. Although it's not at all
  essential towhat you are doing, it's good to know what system you are
  attemptingto log on to.
  The secondline is what typically identifies the system you are on as
  Unix. Almostall Unix systems greet a user with the same prompt:
  login:.
  Well,there's not much to do in Unix from the outside, and Unix
  systems aretypically fairly secure at this point. You may be able to
  obtain alist of users, or current users, by logging in as 'who', but
  other thanthat there are few functions available here.
  Unless youare on the internet, or have accounts specifically for the
  specificmachine you are on, the only way on to the system is to try
  the defaultpasswords. What are the default passwords?
  Unix systemscome installed with certain passwords automatically. In
  addition,some accounts must exist on a system. One such account is
  'root'. Thisuser is the divine Kami of the Unix system... in short,
  an allaccess pass. Unfortunately, few systems allow root logins
  remotely,and even fewer leave 'root' unpassworded. Nevertheless, it's
  always wortha shot... try this:

  connected toren.stimpy.net
  login: root
  password: root
  invalidlogin
  login:

  well, nicetry anyways... other possible passwords for root include
  'sysadmin','sys', 'admin'... you get the idea. You may also want to
  try thesepasswords with a single digit appended (added, idiot) to
  them... meaningthe password 'root' could be 'root1' or 'root2'.
  Aninteresting tip about passwords in general... many people that use
  passwordsunder 8 characters tend to add a digit or a non-alphanumeric
  character tothe password. This is done in order to hinder guessing,
  and to stoppassword breakers (more on this later). In this case, you
  may want totry adding a space before root... or even an ascii 255 to
  the end.
  Fortunately,there is more than one default password in a unix
  system... aquick list:

  sys        sys
  bin        bin
  daemon     daemon
  rje        rje
  setup      setup
  uucp       uucp/nuucp/anonymous
  nuucp      uucp/nuucp/anonymous
  mountfsys  mountfsys

  In theSystem
 -------------

  Ok, at thispoint, I'm going to assume you've gotten past the login...
  as painfulas that may sound. Although Unix may be secure from the
  outside,without effort from the system administrators, the inside of
  the systemis not.
  First off,you'll likely by asked for a terminal. vt100 serves your
  purposessufficently, and it's typically the default, so hit enter.
  Now,hopefully, you have a prompt. There are many different types of
  unixprompts, some of which contain current directory information,
  some ofwhich are just a single character. Just don't panic when my
  examplesdon't look exactly like what you've got on your screen.
  The firstthing you *need* to do on the system is establish your tty
  paramters. Aseldritch and arcane sounding as this term may seem, it's
  actuallyquite simple... you need to tell the system what keys are
  going to dowhat.
  The commandto set these parameters is 'stty'. Watch:

  squinkyB ] sttyerase ^h
  squinkyB ]

  There... thatwasn't so bad, was it? Well, it's also pretty
  meaninglessto you, unless you have the ascii table memorized and are
  pretty goodat on-the-spot deduction.
  The ttyerase parameters determines which key is to be used as a
  backspace. Attimes, this may already be set when you log in, or it
  may be setto a suitable alternate (such as delete). Most of the time
  the systemwill tell you when you log on if this is so. In this case,
  we'veentered ^h in order to make the backspace key, appropriately
  enough,backspace.
  Anotherextremely important parameter is 'intr'. The 'intr' paramter
  tells theUnix system what you intend to use as a break character...
  you shouldhave this set to ^c.

  GettingAround
 --------------

  A good thingto remember about Unix is that it's alot like DOS. Files
  are laid outin directories just as in DOS... in fact, the only
  immediatedifference in the directory structures is that Unix uses a
  forwardslash ("/", moron!) instead of a backwards one.
  Also, thebasic Unix directory navigation command is identical to DOS.
  In order tochange directories, you use the command 'chdir', or 'cd'.
  A quickexample:

  1 /usr1/astoria] cd ..
  2 /usr ]

  Wala. Thatsimple. Quick notes:

  ю cd / willtake you to root.
  ю cd /*pathname*will take you to *pathname*
  ю cd homewill take you to your home directory.

  You can makeand delete your own directories with the mkdir/rmdir
  commands. Simplyput, mkdir makes a subdirectory off of the current
  directory,and rmdir removes a subdirectory from the current
  subdirectory.Good to know if you plan to do a lot of file transfers.
  An importantnote about Unix directories, files, and concepts:
  Unix is acase-sensitive operating system. Thus, the files

  ю Spleen
  ю spleen
  ю SPLEEN
  ю SpLeEn

  are alldifferent. This rule applies to directories and command line
  paramters,as well as most other Unix ideas.
  Another nicething to know about Unix: Unix files are not subject to
  the normalDOS 8 character limit. Thus, you can have vast filenames,
  such as "this_file_ate_my_biscuit".

  Some otherimportant commands
 -----------------------------

  First andforemost, you should know cp. cp is the basic Unix
  equivalentof the DOS COPY command. The command line for cp is
  identical tothat of COPY.
  Next on thescale of cosmic import is cat. cat is the Unix equivalent
  of the DOSTYPE command, and once again, for simple file displaying,
  the commandline is identical.
   Variationson the theme:
   pg: displayesa file page by page. Type "pg x filename", where x is a
       numberof lines to display before pausing and filename is the
       fileyou wish to display.
   more: displaysa file screen by screen.
   Stupid pettrick:
   You can useyour cat to copy files, simply by using the directional
   operators. Tocopy a file from here to there using cat, simply type:

   % cat here
   this is thefile here
   % cat there
   this is thefile there
   % cat here> there
   % cat there
   this is thefile here

   Theoperator ">" simply takes the output from the cat command and
   places isin the location specified after it.
  Anothervital command to know is 'rm'. rm deletes a file from the
  system, inthe same way DEL would on a DOS system. Not to much else to
  say.
  Critical inyour navigation of a Unix system is the ls command. ls is
  DOS DIR onheroin. Simply type ls and you get a nice, neat list of
  files in thedirectory.
   DIR oncontrolled substances:
   There are afew command line parameters that you should know...
   foremost isl. ls -l gets you a list of files, and valuable
   informationabout each file, including permissions (more on that
   later),size, and linked files.
   Anotheruseful command for long file lists is C. ls -C gets you a
   list offiles in multiple columns, much the same as DIR /W would
   merit adouble column report of all existing files. A quick reminder:
   ls -C isNOT the same as ls -c. Unix = case sensitive.
  Another goodcommand to know, mv will move a file from directory to
  directory. Forthose of you without DOS 6.0 <gasp>, mv simply copies a
  file toanother directory and deletes the original.
   quick tipfor files on the lam:
   if you wantto rename a file (to protect the innocent), you need to
   mv a fileto a different file name. A quick demo:

   # ls
   myfile
   # catmyfile
   this is myfile
   # mv myfilemy_other_file
   # ls
  my_other_file
   # catmy_other_file
   this is myfile

  Anothervastly important command is 'man'. In fact, man is probably
  one of themost important commands extant for a beginning user... it
  calls up thesystem's help files. To use man, simply type in 'man
  command',where command is a Unix command you seek to gain
 enlightenment regarding. It's a great way to gain an understanding of
  Unixcommandline parameters.
  If you areinterested in seeing who's been on of late, or just want a
  few names totry to hack, type 'who'. You get a quick list of users
  that haveaccessed the system lately. If you <god forbid> need to know
  who you areat this point, type 'whoami'.
  If you wantto change your identity on the system, type 'su name'
  where nameis an account on the system. It'll ask you for the account
  password,then, *presto*... instant transmogrification.
   A Caveatfor smart alec hackers:
   Unixtypically logs usage of the su command. While su may seem like a
   greatopportunity to try to hack out passwords manually without
   worryingabout the system hanging up after 3 attempts, it's typically
   not a goodidea to do this, as it may alert the administrators to
   yourpresence.
  *Numero Unoon the list of commands NEVER to use on a Unix system:
  The 'passwd'command changes your password on a Unix system. Seems
  innocousenough, eh? Uh-uh. If your account is active, and there's a
  very strongchance that it either is or will be, there is no better
  way to losethe account than to change the password, only to have the
  legitimateuser alert the sysadmins when he/she can't gain access to
  his/hernormal account (well, there are better ways... you could
  simply mailthe sysadmin and tell him you are trying to hack his
 grandmother's life support machine through your account).
  I've seenthis single, quick command turn a extremely lax system
  into anironclad security compound in less than a day.
  DONT-FUCK-WITH-IT.
  *Numero Doson that same list:
  The 'mail'command reads and sends mail. So what? Well, unless your
  account isstable (and it isn't unless you either paid for it or
  killed theoriginal owner in such a way that his body cannot claw it's
  way out ofit's grave to it's keyboard), the user is more likely than
  not going toknow if you read his mail. In addition, if you send mail
  out of thesystem (type 'mail', and a username/address; type in your
  message andend it with a ^d on it's own line), the response from your
  message willlikewise alert the user to your presence.

  SystemSpelunking
 -----------------

  The firstplace you want to check out in the wild uncharted directory
  tree of yourfriendly neighborhood Unix system is the "/etc"
  directory. What'sin it? The single most intensely important file on
  the system (besidesa world writable root owned SUID file... but don't
  worry aboutthat)... the passwd file.
  What is inthe passwd file?

  ю  a list of all accounts on the system
  ю  a list of the passwords for these accounts
  ю  a list of access levels for these accounts
  ю  a list of the home directories for theseaccounts
  ю  a list of information pertaining to theseaccounts.

  Why the hellthe Unix designers decided this file should be world
  readable isbeyond me. Be content to know that your standard everyday
  run-of-the-mill-lacking-in-certified-cosmic-power'cat' command WILL
  display thisfile. As will pg and more. However, because most users
  don't havewrite permissions (more on that later) to the /etc
  directory,'cat' is pretty much the only applicable command here.
  However, ifyou need to copy the file to your own directory (for
  whateverreason), just cat it there with the directional operator (>).
  The catch:
  Well, thereare two catches here. First off, regardless of system
  security, ifthe passwords are in the file, they are encrypted. You
  can't decryptthem. Although you can get a list of accounts without
  passwordsthis way (just look for accounts with no entry in the
  passwordfield), and a list of accounts that can't be logged onto
  remotely/atall (NO LOGIN), you can't get much else. Sucks, don't it?
  Notice Isaid 'if' the passwords are there.
  <ominoussoundtrack please>
  Somehorrible, paranoid, draconian system administrators mutilate
  their passwdfiles in such a way that (*gasp*) the passwords don't
  show up. Allyou get is one cold, icy X staring at you from the bowels
  of UnixShell Siberia, mocking you as you pull your hair out in
  frustration (sorry,but this is a sore spot with me). The kidnapped
  passwordsreside in the shadow file in the /etc directory, available
  with yourstandard everyday run-of-the-mill-but-distinct-in-the-fact-
  that-only-root-level-accounts-can-use-it-to-this-extent'cat' command.
  Well, if thepasswords are encrypted, what good are they?
  Bythemselves, nothing. A account with a Unix encrypted password will
  get you nofurther than an account with no listed password at all. You
  can't evendeduce the amount of characters in the password if it's
  encrypted. Sowhat's the use?
  The Unixmethod of encrypting files is available to the public. It is
  also, tomost mortals, irreversable. Essentially, this means you can
  encrypt astring of characters, but not decrypt it. Even the unix
  systemitself doesn't decrypt the password when you log on...
  When you logon, the Unix system takes whatever you enter at the
  passwordprompt, encrypts it, and matches it to the entry in the
  passwd file.Thus, the Unix system never decrypts the password... it
  onlycompares it to a different encrypted string.
  While thismay not sound too particularly useful at first, it is.
  There areprograms that have been written to do the same thing on a
  personalcomputer... you supply it a list of passwords and a list of
  words toattempt to use as passwords (called dictionaries), and it
  spends thenight encrypting dictionaries and matching them to password
  entries. Byrunning a dictionary through a passwd file, on a typical
  system, youcan usually get 10-20 accounts. Good personal computer
  examples ofthis program idea include Killer Cracker (the industry
  standard, soto speak) and CrackerJack (faster than Killer Cracker).
   Quick tipsfor CrackerJunkies with leech access at an H/P BBS:
   A standarddictionary will not uncover passwords protected with an
   appendeddigit or non-alphanumeric character. In order to get around
   this, youneed only grab a program that processes the dictionary file
   to add thatdigit to each entry in the dictionary... although this
   takeslonger, and you'll need to do it multiple times, you can
   typicallyget 10 more accounts just by adding a 1 to every entry.
  Files anddirectories in Unix are characterized further by their
  permissions.Permissions are a standard system of who gets access to a
  specificfunction of that file or directory. Standard permissions
  includeread, write, and execute. You can get a list of permissions by
  typing 'ls -l'.The first field in the listing contains the
  permissions,grouped as follows:

  owner  group  world
 --------------------
  rwx    rwx    rwx

  (Not drawnto scale... in fact, it doesn't look anything like that).
  Essentially,as long as the letter is there, you have access to that
  facet of thefile. If the letter is not there, you'll see a dash...
  meaning youdon't have access to that function. An example:

  rwxr-x--x

  In thiscase, the owner of the file can Read the file, Write to the
  file, andeXecute the file; members of his group (a bunch of linked
  accounts) canRead the file, CANNOT Write to the file, and can eXecute
  the file;and the rest of the user population CANNOT Read or Write to
  the file,but CAN eXecute the file.

  rwx---rwx

  is a WORLD-READABLE,WORLD-WRITABLE, WORLD-EXECUTABLE file. This
  simply meansthat anyone can read, write, or execute the file.

  Anotherpermission sometimes set to a file is the SUID bit. An SUID
  filecontains a smallcase s in the user executable section of the
  permissionslist...

  rws--x--x

  When youexecute an SUID file, your user ID becomes that of the owner
  of the file.While this may not look to important at first, by now you
  should knowthat no really important super elite hacker concept does.
  Take a lookat this:

  rwsr-x--x

  Synopsis?It's a world executable SUID file. In essence, anyone can
  execute thefile, and in doing so, become the owner of the file for
  the durationof the time that file is operating. However, this doesn't
  get youmuch, because you typically can't do anything while the
  programisrunning. More likely than not, it's calculating how many
  pencils itneeds to order for school tomorrow or some other such
  drivel.
  The realpower of the SUID file comes into play in this situation:

  rwsrwxrwx

  You won'tsee a lot of these, but when you do, look out. What you have
  here is aworld writable SUID file... and a world writable program can
  be anyprogram on the system you have read access to. Like, say,
  /bin/sh... theUnix shell...
  Quickcommand line example... 'diablo' is a root owned, world writable
  SUID file. I'mgoing to ignore the rest of the output of the ls
  command.

  #ls -l
  rwsrwxrwx......diablo
  #cat /bin/sh> diablo
  #diablo
  $

  Oh, just soyou know, the $ prompt denotes root access.
  Good deal,huh? In general, if you have right privs to an SUID file,
  copy it toyour own directory and cat /bin/sh into it. You now have an
  instantgateway to the account of the owner of that file.
  If you wantto find files that you can do this with, try this out:

  #find / -userroot -perm -4000 -exec /bin/ls -al {} ";"

  This willgive you a list of all root owned SUID files. If you want
  more info onthe 'find' command, just 'man find'.

  Well, I'moverdo for an appointment on the IRC in #warez... so I'll
  cut off here.I hope I've been of assistance to you.

----------------------------------------------------------------------------
  A C T U AL  A R T I C L E  E N D S H E R E . . .

  Please feelfree to save an extra 1k of file space and invoke the DOS
  EDIT CUTcommand at the dotted line. Do not remove the rest of this
  article onpenalty of law.

  S00P3R GR00P-3SQU3GR33TZ / +HANX

  Greets goout to Nowhere Man, INC, THG, UNT, SaD, SoD, PTA, SOB
  Thanks to...________________________
                    your ad here

  Current DWEAkshul M3mbre Boards:

  NitroBurnin' Funny Cars    WHQ/DWEnetHOST     (312)582-1115  <XANAX>
  The ProdigalSun            CHQ/MECCA           (312)238-3585  <ASRIEL>
  DarkWaters                 HQ/Infosite         (312)667-0222  <MONK>
  PyroTechnicsII             Infosite            (708)991-9403  <PYRO>

  DWE M3/\/\B3RLiST

  Presidentand Dictator for Life: Xanax
  Head Courier/WarezCracker: Asriel
  HeadFisherman/Trout Expert: Changeling
  Head PersonThat Gets Asriel Free CDs: Monk
  Head PersonThat Gets DWE Members Free WaReZ: Pyro
  Head PersonThat Knows More Than Asriel (Honorary Title): LVX
  Head PersonThat Actually Wrote for DWE without Coercion: Cosmos
  Head Know-It-AllStoner that runs 386bsd: Goldstein

  Want towrite for DWE? Neither do we. But if the spirit moves you,
  write up anarticle about anything we haven't discussed already, and
  post itsomewhere in DWEnet or at any of the member boards, or call
  any of themembers voice and dictate it to them, or submit it to them
  schoolnewspaper of any of the members, or tack it on a bulletin board
  in the ThirdCoast Cafe in Century Mall, and chances are it'll be
  UNIX FOR DOSADDICTED WaReZ PuPPieZ AND THEIR PETS


  Introduction
  ------------

  One of themost common operating systems in existance is Unix. Unix
  exists inmany different flavors, from Berkeley BSD to AT&T System V
  to SunOs. Basicworking knowledge of Unix is almost essential to a
  hacker, asit is the system a hacker is most likely to come across.
  If youintend to use the internet at all, or to do any serious
  explorationof Telenet, the ability to navigate through Unix is a
  necessity. (Unixis also the single most interesting system in
  existance: it'sjust fun to fuck with).
 
  Unix Logins
  -----------

  Most Unixlogins look essentially the same. A general Unix login
  prompt lookssomething like this:

  connected tofive.finger.com
  login:

  That firstline is the system identifier. Although it's not at all
  essential towhat you are doing, it's good to know what system you are
  attemptingto log on to.
  The secondline is what typically identifies the system you are on as
  Unix. Almostall Unix systems greet a user with the same prompt:
  login:.
  Well,there's not much to do in Unix from the outside, and Unix
  systems aretypically fairly secure at this point. You may be able to
  obtain alist of users, or current users, by logging in as 'who', but
  other thanthat there are few functions available here.
  Unless youare on the internet, or have accounts specifically for the
  specificmachine you are on, the only way on to the system is to try
  the defaultpasswords. What are the default passwords?
  Unix systemscome installed with certain passwords automatically. In
  addition,some accounts must exist on a system. One such account is
  'root'. Thisuser is the divine Kami of the Unix system... in short,
  an allaccess pass. Unfortunately, few systems allow root logins
  remotely,and even fewer leave 'root' unpassworded. Nevertheless, it's
  always wortha shot... try this:

  connected toren.stimpy.net
  login: root
  password: root
  invalidlogin
  login:

  well, nicetry anyways... other possible passwords for root include
  'sysadmin','sys', 'admin'... you get the idea. You may also want to
  try thesepasswords with a single digit appended (added, idiot) to
  them... meaningthe password 'root' could be 'root1' or 'root2'.
  Aninteresting tip about passwords in general... many people that use
  passwordsunder 8 characters tend to add a digit or a non-alphanumeric
  character tothe password. This is done in order to hinder guessing,
  and to stoppassword breakers (more on this later). In this case, you
  may want totry adding a space before root... or even an ascii 255 to
  the end.
  Fortunately,there is more than one default password in a unix
  system... aquick list:

  sys        sys
  bin        bin
  daemon     daemon
  rje        rje
  setup      setup
  uucp       uucp/nuucp/anonymous
  nuucp      uucp/nuucp/anonymous
  mountfsys  mountfsys

  In theSystem
 -------------

  Ok, at thispoint, I'm going to assume you've gotten past the login...
  as painfulas that may sound. Although Unix may be secure from the
  outside,without effort from the system administrators, the inside of
  the systemis not.
  First off,you'll likely by asked for a terminal. vt100 serves your
  purposessufficently, and it's typically the default, so hit enter.
  Now,hopefully, you have a prompt. There are many different types of
  unixprompts, some of which contain current directory information,
  some ofwhich are just a single character. Just don't panic when my
  examplesdon't look exactly like what you've got on your screen.
  The firstthing you *need* to do on the system is establish your tty
  paramters. Aseldritch and arcane sounding as this term may seem, it's
  actuallyquite simple... you need to tell the system what keys are
  going to dowhat.
  The commandto set these parameters is 'stty'. Watch:

  squinkyB ] sttyerase ^h
  squinkyB ]

  There... thatwasn't so bad, was it? Well, it's also pretty
  meaninglessto you, unless you have the ascii table memorized and are
  pretty goodat on-the-spot deduction.
  The ttyerase parameters determines which key is to be used as a
  backspace. Attimes, this may already be set when you log in, or it
  may be setto a suitable alternate (such as delete). Most of the time
  the systemwill tell you when you log on if this is so. In this case,
  we'veentered ^h in order to make the backspace key, appropriately
  enough,backspace.
  Anotherextremely important parameter is 'intr'. The 'intr' paramter
  tells theUnix system what you intend to use as a break character...
  you shouldhave this set to ^c.

  GettingAround
 --------------

  A good thingto remember about Unix is that it's alot like DOS. Files
  are laid outin directories just as in DOS... in fact, the only
  immediatedifference in the directory structures is that Unix uses a
  forwardslash ("/", moron!) instead of a backwards one.
  Also, thebasic Unix directory navigation command is identical to DOS.
  In order tochange directories, you use the command 'chdir', or 'cd'.
  A quickexample:

  1 /usr1/astoria] cd ..
  2 /usr ]

  Wala. Thatsimple. Quick notes:

  ю cd / willtake you to root.
  ю cd /*pathname*will take you to *pathname*
  ю cd homewill take you to your home directory.

  You can makeand delete your own directories with the mkdir/rmdir
  commands. Simplyput, mkdir makes a subdirectory off of the current
  directory,and rmdir removes a subdirectory from the current
  subdirectory.Good to know if you plan to do a lot of file transfers.
  An importantnote about Unix directories, files, and concepts:
  Unix is acase-sensitive operating system. Thus, the files

  ю Spleen
  ю spleen
  ю SPLEEN
  ю SpLeEn

  are alldifferent. This rule applies to directories and command line
  paramters,as well as most other Unix ideas.
  Another nicething to know about Unix: Unix files are not subject to
  the normalDOS 8 character limit. Thus, you can have vast filenames,
  such as "this_file_ate_my_biscuit".

  Some otherimportant commands
 -----------------------------

  First andforemost, you should know cp. cp is the basic Unix
  equivalentof the DOS COPY command. The command line for cp is
  identical tothat of COPY.
  Next on thescale of cosmic import is cat. cat is the Unix equivalent
  of the DOSTYPE command, and once again, for simple file displaying,
  the commandline is identical.
   Variationson the theme:
   pg: displayesa file page by page. Type "pg x filename", where x is a
       numberof lines to display before pausing and filename is the
       fileyou wish to display.
   more: displaysa file screen by screen.
   Stupid pettrick:
   You can useyour cat to copy files, simply by using the directional
   operators. Tocopy a file from here to there using cat, simply type:

   % cat here
   this is thefile here
   % cat there
   this is thefile there
   % cat here> there
   % cat there
   this is thefile here

   Theoperator ">" simply takes the output from the cat command and
   places isin the location specified after it.
  Anothervital command to know is 'rm'. rm deletes a file from the
  system, inthe same way DEL would on a DOS system. Not to much else to
  say.
  Critical inyour navigation of a Unix system is the ls command. ls is
  DOS DIR onheroin. Simply type ls and you get a nice, neat list of
  files in thedirectory.
   DIR oncontrolled substances:
   There are afew command line parameters that you should know...
   foremost isl. ls -l gets you a list of files, and valuable
   informationabout each file, including permissions (more on that
   later),size, and linked files.
   Anotheruseful command for long file lists is C. ls -C gets you a
   list offiles in multiple columns, much the same as DIR /W would
   merit adouble column report of all existing files. A quick reminder:
   ls -C isNOT the same as ls -c. Unix = case sensitive.
  Another goodcommand to know, mv will move a file from directory to
  directory. Forthose of you without DOS 6.0 <gasp>, mv simply copies a
  file toanother directory and deletes the original.
   quick tipfor files on the lam:
   if you wantto rename a file (to protect the innocent), you need to
   mv a fileto a different file name. A quick demo:

   # ls
   myfile
   # catmyfile
   this is myfile
   # mv myfilemy_other_file
   # ls
  my_other_file
   # catmy_other_file
   this is myfile

  Anothervastly important command is 'man'. In fact, man is probably
  one of themost important commands extant for a beginning user... it
  calls up thesystem's help files. To use man, simply type in 'man
  command',where command is a Unix command you seek to gain
 enlightenment regarding. It's a great way to gain an understanding of
  Unixcommandline parameters.
  If you areinterested in seeing who's been on of late, or just want a
  few names totry to hack, type 'who'. You get a quick list of users
  that haveaccessed the system lately. If you <god forbid> need to know
  who you areat this point, type 'whoami'.
  If you wantto change your identity on the system, type 'su name'
  where nameis an account on the system. It'll ask you for the account
  password,then, *presto*... instant transmogrification.
   A Caveatfor smart alec hackers:
   Unixtypically logs usage of the su command. While su may seem like a
   greatopportunity to try to hack out passwords manually without
   worryingabout the system hanging up after 3 attempts, it's typically
   not a goodidea to do this, as it may alert the administrators to
   yourpresence.
  *Numero Unoon the list of commands NEVER to use on a Unix system:
  The 'passwd'command changes your password on a Unix system. Seems
  innocousenough, eh? Uh-uh. If your account is active, and there's a
  very strongchance that it either is or will be, there is no better
  way to losethe account than to change the password, only to have the
  legitimateuser alert the sysadmins when he/she can't gain access to
  his/hernormal account (well, there are better ways... you could
  simply mailthe sysadmin and tell him you are trying to hack his
 grandmother's life support machine through your account).
  I've seenthis single, quick command turn a extremely lax system
  into anironclad security compound in less than a day.
  DONT-FUCK-WITH-IT.
  *Numero Doson that same list:
  The 'mail'command reads and sends mail. So what? Well, unless your
  account isstable (and it isn't unless you either paid for it or
  killed theoriginal owner in such a way that his body cannot claw it's
  way out ofit's grave to it's keyboard), the user is more likely than
  not going toknow if you read his mail. In addition, if you send mail
  out of thesystem (type 'mail', and a username/address; type in your
  message andend it with a ^d on it's own line), the response from your
  message willlikewise alert the user to your presence.

  SystemSpelunking
 -----------------

  The firstplace you want to check out in the wild uncharted directory
  tree of yourfriendly neighborhood Unix system is the "/etc"
  directory. What'sin it? The single most intensely important file on
  the system (besidesa world writable root owned SUID file... but don't
  worry aboutthat)... the passwd file.
  What is inthe passwd file?

  ю  a list of all accounts on the system
  ю  a list of the passwords for these accounts
  ю  a list of access levels for these accounts
  ю  a list of the home directories for theseaccounts
  ю  a list of information pertaining to theseaccounts.

  Why the hellthe Unix designers decided this file should be world
  readable isbeyond me. Be content to know that your standard everyday
  run-of-the-mill-lacking-in-certified-cosmic-power'cat' command WILL
  display thisfile. As will pg and more. However, because most users
  don't havewrite permissions (more on that later) to the /etc
  directory,'cat' is pretty much the only applicable command here.
  However, ifyou need to copy the file to your own directory (for
  whateverreason), just cat it there with the directional operator (>).
  The catch:
  Well, thereare two catches here. First off, regardless of system
  security, ifthe passwords are in the file, they are encrypted. You
  can't decryptthem. Although you can get a list of accounts without
  passwordsthis way (just look for accounts with no entry in the
  passwordfield), and a list of accounts that can't be logged onto
  remotely/atall (NO LOGIN), you can't get much else. Sucks, don't it?
  Notice Isaid 'if' the passwords are there.
  <ominoussoundtrack please>
  Somehorrible, paranoid, draconian system administrators mutilate
  their passwdfiles in such a way that (*gasp*) the passwords don't
  show up. Allyou get is one cold, icy X staring at you from the bowels
  of UnixShell Siberia, mocking you as you pull your hair out in
  frustration (sorry,but this is a sore spot with me). The kidnapped
  passwordsreside in the shadow file in the /etc directory, available
  with yourstandard everyday run-of-the-mill-but-distinct-in-the-fact-
  that-only-root-level-accounts-can-use-it-to-this-extent'cat' command.
  Well, if thepasswords are encrypted, what good are they?
  Bythemselves, nothing. A account with a Unix encrypted password will
  get you nofurther than an account with no listed password at all. You
  can't evendeduce the amount of characters in the password if it's
  encrypted. Sowhat's the use?
  The Unixmethod of encrypting files is available to the public. It is
  also, tomost mortals, irreversable. Essentially, this means you can
  encrypt astring of characters, but not decrypt it. Even the unix
  systemitself doesn't decrypt the password when you log on...
  When you logon, the Unix system takes whatever you enter at the
  passwordprompt, encrypts it, and matches it to the entry in the
  passwd file.Thus, the Unix system never decrypts the password... it
  onlycompares it to a different encrypted string.
  While thismay not sound too particularly useful at first, it is.
  There areprograms that have been written to do the same thing on a
  personalcomputer... you supply it a list of passwords and a list of
  words toattempt to use as passwords (called dictionaries), and it
  spends thenight encrypting dictionaries and matching them to password
  entries. Byrunning a dictionary through a passwd file, on a typical
  system, youcan usually get 10-20 accounts. Good personal computer
  examples ofthis program idea include Killer Cracker (the industry
  standard, soto speak) and CrackerJack (faster than Killer Cracker).
   Quick tipsfor CrackerJunkies with leech access at an H/P BBS:
   A standarddictionary will not uncover passwords protected with an
   appendeddigit or non-alphanumeric character. In order to get around
   this, youneed only grab a program that processes the dictionary file
   to add thatdigit to each entry in the dictionary... although this
   takeslonger, and you'll need to do it multiple times, you can
   typicallyget 10 more accounts just by adding a 1 to every entry.
  Files anddirectories in Unix are characterized further by their
  permissions.Permissions are a standard system of who gets access to a
  specificfunction of that file or directory. Standard permissions
  includeread, write, and execute. You can get a list of permissions by
  typing 'ls -l'.The first field in the listing contains the
  permissions,grouped as follows:

  owner  group  world
 --------------------
  rwx    rwx    rwx

  (Not drawnto scale... in fact, it doesn't look anything like that).
  Essentially,as long as the letter is there, you have access to that
  facet of thefile. If the letter is not there, you'll see a dash...
  meaning youdon't have access to that function. An example:

  rwxr-x--x

  In thiscase, the owner of the file can Read the file, Write to the
  file, andeXecute the file; members of his group (a bunch of linked
  accounts) canRead the file, CANNOT Write to the file, and can eXecute
  the file;and the rest of the user population CANNOT Read or Write to
  the file,but CAN eXecute the file.

  rwx---rwx

  is a WORLD-READABLE,WORLD-WRITABLE, WORLD-EXECUTABLE file. This
  simply meansthat anyone can read, write, or execute the file.

  Anotherpermission sometimes set to a file is the SUID bit. An SUID
  filecontains a smallcase s in the user executable section of the
  permissionslist...

  rws--x--x

  When youexecute an SUID file, your user ID becomes that of the owner
  of the file.While this may not look to important at first, by now you
  should knowthat no really important super elite hacker concept does.
  Take a lookat this:

  rwsr-x--x

  Synopsis?It's a world executable SUID file. In essence, anyone can
  execute thefile, and in doing so, become the owner of the file for
  the durationof the time that file is operating. However, this doesn't
  get youmuch, because you typically can't do anything while the
  programisrunning. More likely than not, it's calculating how many
  pencils itneeds to order for school tomorrow or some other such
  drivel.
  The realpower of the SUID file comes into play in this situation:

  rwsrwxrwx

  You won'tsee a lot of these, but when you do, look out. What you have
  here is aworld writable SUID file... and a world writable program can
  be anyprogram on the system you have read access to. Like, say,
  /bin/sh... theUnix shell...
  Quickcommand line example... 'diablo' is a root owned, world writable
  SUID file. I'mgoing to ignore the rest of the output of the ls
  command.

  #ls -l
  rwsrwxrwx......diablo
  #cat /bin/sh> diablo
  #diablo
  $

  Oh, just soyou know, the $ prompt denotes root access.
  Good deal,huh? In general, if you have right privs to an SUID file,
  copy it toyour own directory and cat /bin/sh into it. You now have an
  instantgateway to the account of the owner of that file.
  If you wantto find files that you can do this with, try this out:

  #find / -userroot -perm -4000 -exec /bin/ls -al {} ";"

  This willgive you a list of all root owned SUID files. If you want
  more info onthe 'find' command, just 'man find'.

  Well, I'moverdo for an appointment on the IRC in #warez... so I'll
  cut off here.I hope I've been of assistance to you.

----------------------------------------------------------------------------
  A C T U AL  A R T I C L E  E N D S H E R E . . .

  Please feelfree to save an extra 1k of file space and invoke the DOS
  EDIT CUTcommand at the dotted line. Do not remove the rest of this
  article onpenalty of law.

  S00P3R GR00P-3SQU3GR33TZ / +HANX

  Greets goout to Nowhere Man, INC, THG, UNT, SaD, SoD, PTA, SOB
  Thanks to...________________________
                    your ad here

  Current DWEAkshul M3mbre Boards:

  NitroBurnin' Funny Cars    WHQ/DWEnetHOST     (312)582-1115  <XANAX>
  The ProdigalSun            CHQ/MECCA           (312)238-3585  <ASRIEL>
  DarkWaters                 HQ/Infosite         (312)667-0222  <MONK>
  PyroTechnicsII             Infosite            (708)991-9403  <PYRO>

  DWE M3/\/\B3RLiST

  Presidentand Dictator for Life: Xanax
  Head Courier/WarezCracker: Asriel
  HeadFisherman/Trout Expert: Changeling
  Head PersonThat Gets Asriel Free CDs: Monk
  Head PersonThat Gets DWE Members Free WaReZ: Pyro
  Head PersonThat Knows More Than Asriel (Honorary Title): LVX
  Head PersonThat Actually Wrote for DWE without Coercion: Cosmos
  Head Know-It-AllStoner that runs 386bsd: Goldstein

  Want towrite for DWE? Neither do we. But if the spirit moves you,
  write up anarticle about anything we haven't discussed already, and
  post itsomewhere in DWEnet or at any of the member boards, or call
  any of themembers voice and dictate it to them, or submit it to them
  schoolnewspaper of any of the members, or tack it on a bulletin board
  in the ThirdCoast Cafe in Century Mall, and chances are it'll be
  released asa s00per c00l DWE article.

0 comments:

Post a Comment

WELLCOME MY WEB

 
Top