Criminal Posted July 14, 2006 Report Share Posted July 14, 2006 -------------------The C compiler------------------- This Will be BRIEF. Why? Becuase if you want to learn C, go buy a book. I don't have time to write another text file on C, for it would be huge. Basically, most executables are programmed in C. Source code files on unix are found as filename.c . To compile one, type in "cc filename.c". Not all C programs will compile, since they may depend on other files not there, or are just modules. If you see a think called "makefile" you can usually type in just "make" at the command prompt, and something will be compiled, or be attempted to compile. When using make or CC, it would be wise to use the background operand since compiling sometimes takes for ever. IE: $ cc login.c& [1234] $ (The 1234 was the process # it got identified as)._____________________________________________________________________________--------------Hacking:-------------- The first step in hacking a UNIX is to get into the operating systemby finding a valid account/password. The object of hacking is usually toget root (full privileges), so if you're lucky enough to get in as root,you need not read anymore of this hacking phile , and get into the"Having Fun" Section. Hacking can also be just to get other's accounts also.Getting IN---------- The first thing to do is to GET IN to the Unix. I mean, get pastthe login prompt. That is the very first thing. When you come across a UNIX,sometimes it will identify itself by saying something like,"Young INC. Company UNIX"or Just"Young Inc. Please login" Here is where you try the defaults I listed. If you get in with thoseyou can get into the more advanced hacking (getting root). If you do somethingwrong at login, you'll get the message"login incorrect"This was meant to confuse hackers, or keep the wondering. Why?Well, you don't know if you've enterred an account that does not exist, or onethat does exist, and got the wrong password. If you login as root and it says"Not on Console", you have a problem. You have to login as someone else,and use SU to become root. Now, this is where you have to think. If you cannot get in with adefault, you are obviously going to have to find something else tologin as. Some systems provide a good way to do this by allowing the useof command logins. These are ones which simply execute a command, thenlogoff. However, the commands they execute are usually useful. For instancethere are three common command logins that tell you who is online at thepresent time. They are: who rwho finger If you ever successfully get one of these to work, you can write downthe usernames of those online, and try to logon as them. Lots of unsuspectingusers use there login name as their password. For instance, the user"bob" may have a password named "bob" or "bob1". This, as you know, isnot smart, but they don't expect a hacking spree to be carried out onthem. They merely want to be able to login fast. If a command login does not exist, or is not useful at all, you willhave to brainstorm. A good thing to try is to use the name of the unixthat it is identified as. For instance, Young INC's Unix may have an accountnamed "young" Young, INC. Please Login. login: young UNIX SYSTEM V REL 3.2 ©1984 AT&T.. .. .. .. Some unixes have an account open named "test". This is also a default,but surprisingly enough, it is sometimes left open. It is good to try touse it. Remember, brainstorming is the key to a unix that has no apparentdefaults open. Think of things that may go along with the Unix. typein stuff like "info", "password", "dial", "bbs" and other things thatmay pertain to the system. "att" is present on some machines also.ONCE INSIDE -- SPECIAL FILES---------------------------- There are several files that are very important to the UNIXenvironment. They are as follows:/etc/passwd - This is probably the most important file on a Unix. Why? well, basically, it holds the valid usernames/passwords. This is important since only those listed in the passwd file can login, and even then some can't (will explain). The format for the passwordfile is this:username:password:UserID:GroupID:Description(or real name):homedir:shell Here are two sample entries:sirhack:89fGc%^7&a,Ty:100:100:Sir Hackalot:/usr/sirhack:/bin/shdemo::101:100:Test Account:/usr/demo:/usr/sh In the first line, sirhack is a valid user. The second field, however, is supposed to be a password, right? Well, it is, but it's encrypted with the DES encryption standard. the part that says "&a,Ty" may include a date after the comma (Ty) that tells unix when the password expires. Yes, the date is encrypted into two alphanumeric characters (Ty). In the Second example, the demo account has no password. so at Login, you could type in:login: demoUNIX system V©1984 AT&T.... But with sirhack, you'd have to enter a password. Now, the password file is great, since a lot of times, you;ll be able to browse through it to look for unpassworded accounts. Remember that some accounts can be restricted from logging in, as such:bin:*:2:2:binaccount:/bin:/bin/sh The '*' means you won't be able to login with it. Your only hope would be to run an SUID shell (explained later).A NOTE ABOUT THE 'DES" ENCRYPTION: each unix makes its own unique"keyword" to base encryption off of./etc/group - This file contains The valid groups. The group file is usually defined as this: groupname:password:groupid:users in group Once again, passwords are encrypted here too. If you see a blank in the password entry you can become part of that group by using the utility "newgrp". Now, there are some cases in which even groups with no password will allow only certain users to be assigned to the group via the newgrp command. Usually, if the last field is left blank, that means any user can use newgrp to get that group's access. Otherwise, only the users specified in the last field can enter the group via newgrp. Newgrp is just a program that will change your group current group id you are logged on under to the one you specify. The syntax for it is: newgrp groupname Now, if you find a group un passworded, and use newgrp to enter it, and it asks for a password, you are not allowed to use the group. I will explain this further in The "SU & Newgrp" section./etc/hosts - this file contains a list of hosts it is connected to thru a hardware network (like an x.25 link or something), or sometimes just thru UUCP. This is a good file when you are hacking a large network, since it tells you systems you can use with rsh (Remote Shell, not restricted shell), rlogin, and telnet, as well as other ethernet/x.25 link programs./usr/adm/sulog (or su_log) - the file sulog (or su_log) may be found in Several directories, but it is usually in /usr/adm. This file is what it sounds like. Its a log file, for the program SU. What it is for is to keep a record of who uses SU and when. whenever you use SU, your best bet would be to edit this file if possible, and I'll tell you how and why in the section about using "su"./usr/adm/loginlogor /usr/adm/acct/loginlog - This is a log file, keeping track of the logins. Its purpose is merely for accounting and "security review". Really, sometimes this file is never found, since a lot of systems keep the logging off./usr/adm/errlogor errlog - This is the error log. It could be located anywhere. It keeps track of all serious and even not so serious errors. Usually, it will contain an error code, then a situation. the error code can be from 1-10, the higher the number, the worse the error. Error code 6 is usually used when you try to hack. "login" logs your attempt in errlog with error code 6. Error code 10 means, in a nutshell, "SYSTEM CRASH"./usr/adm/culog - This file contains entries that tell when you used cu, where you called and so forth. Another security thing./usr/mail/<userLogin> - this is where the program "mail" stores its mail. to read a particular mailbox, so they are called, you must be that user, in the user group "mail" or root. each mailbox is just a name. for instance, if my login was "sirhack" my mail file would usually be: /usr/mail/sirhack/usr/lib/cron/crontabs - This contains the instructions for cron, usually. Will get into this later./etc/shadow - A "shadowed" password file. Will talk about this later.-- The BIN account -- Well, right now, I'd like to take a moment to talk about the account"bin". While it is only a user level account, it is very powerful. It isthe owner of most of the files, and on most systems, it owns /etc/passwd,THE most important file on a unix. See, the bin account owns most of the"bin" (binary) files, as well as others used by the binary files, suchas login. Now, knowing what you know about file permissions, if bin ownsthe passwd file, you can edit passwd and add a root entry for yourself.You could do this via the edit command:$ ed passwd10999 [The size of passwd varies]* asirhak::0:0:Mr. Hackalot:/:/bin/sh{control-d}* w* q$Then, you could say: exec login, then you could login as sirhack, andyou'd be root.Some tips: 1. Don't give it out. If the sysadm sees that joeuser logged in 500 times in one night....then.... 2. Don't stay on for hours at a time. They can trace you then. Also they will know it is irregular to have joeuser on for 4 hours after work. 3. Don't trash the system. Don't erase important files, and don't hog inodes, or anything like that. Use the machine for a specific purpose (to leech source code, develop programs, an Email site). Dont be an asshole, and don't try to erase everything you can. 4. Don't screw with users constantly. Watch their processes and run what they run. It may get you good info (snoop!) 5. If you add an account, first look at the accounts already in there If you see a bunch of accounts that are just 3 letter abbrv.'s, then make yours so. If a bunch are "cln, dok, wed" or something, don't add one that is "joeuser", add one that is someone's full initials. 6. When you add an account, put a woman's name in for the description, if it fits (Meaning, if only companies log on to the unix, put a company name there). People do not suspect hackers to use women's names. They look for men's names. 7. Don't cost the Unix machine too much money. Ie.. don't abuse an outdial, or if it controls trunks, do not set up a bunch of dial outs. If there is a pad, don't use it unless you NEED it. 8. Don't use x.25 pads. Their usage is heavily logged. 9. Turn off acct logging (acct off) if you have the access to. Turn it on when you are done. 10. Remove any trojan horses you set up to give you access when you get access. 11. Do NOT change the MOTD file to say "I hacked this system" Just thought I'd tell you. Many MANY people do that, and lose access within 2 hours, if the unix is worth a spit. 12. Use good judgement. Cover your tracks. If you use su, clean up the sulog. 13. If you use cu, clean up the cu_log. 14. If you use the smtp bug (wizard/debug), set up a uid shell. 15. Hide all suid shells. Here's how: goto /usr (or any dir) do: # mkdir ".. " # cd ".. " # cp /bin/sh ".whatever" # chmod a+s ".whatever" The "" are NEEDED to get to the directory .. ! It will not show up in a listing, and it is hard as hell to get to by sysadms if you make 4 or 5 spaces in there (".. "), because all they will see in a directory FULL list will be .. and they won't be able to get there unless they use "" and know the spacing. "" is used when you want to do literals, or use a wildcard as part of a file name. 16. Don't hog cpu time with password hackers. They really don't work well. 17. Don't use too much disk space. If you archieve something to dl, dl it, then kill the archieve. 18. Basically -- COVER YOUR TRACKS. Quote Link to comment Share on other sites More sharing options...