textfiles/hacking/INTERNET/hi.txt

             |+=================================+|
             ||*********************************||
             ||*    Introduction to Hacking    *||
             ||*     by KwAnTAM_PoZeEtroN      *||
             ||*********************************||
             |+=================================+|

The first part of any hacking expidition is getting into the system
that you plan to 'explore.'  This can be achieved in any number of 
ways.  The main two are:

1) Cracking passwd (brute force)
2) Using an exploit

Cracking passwd is fairly simple.  You get a 'cracking' program which 
is designed to take each word in a word list file and encrypt it 
using the same one-way hash that UNIX uses to encrypt its password 
file.  Then it compares the hashed value to each password in the 
encrypted list, which is found on UNIX and other *IX systems in the 
file /etc/passwd  Word lists and cracking programs are available at
http://kwantam.home.ml.org

The list of words used is called a dictionary file.  It contains a 
series of words, one per line, in a standard ASCII text file.  An 
excerpt from a dictionary file could be

helix
hell
hellacious
hello
hellbender
hellbent
hell-bent
hellbox
hellcat
hellebore
heller
hell-for-leather
hellgrammite

etc.

The one-way hash function is a small series of mathematical steps 
that makes a series of characters which is saved in the passwd file.
The one-way hash function UNIX uses is a variant of Crypt(3).  The reason 
that a dictionary file is needed is the fact that the Crypt(3) function 
cannot be reversed, hence the name one-way hash.  It is mathematically
infeasible to find in any amount of time the string of characters from 
which the hash value came.

The passwd file is a series of lines, each with user info on it.  An
example is:

joeschmoe:naVwowMManasMMo:10:200:Joe Schmoe:/users/joeschmoe:/bin/bash
    ^           ^         ^   ^       ^            ^            ^
    |           |         |   |       |            |            +- User's
    |           |         |   |       |            |            shell program
    |           |         |   |       |            +---- User's home directory
    |           |         |   |       +----------------- User's real name
    |           |         |   +------------------------- User number
    |           |         +----------------------------- User's group number
    |           +--------------------------------------- Hash of user's password
    +--------------------------------------------------- Username

I will explain each of these:

-  Username is the name under which the user logs in.  Usually this is
   accomplished by typing in the username at the username prompt and then
   the password at the password prompt.

-  Hash of user's password is the target of the cracking method.  This is
   what the hash of each word in the dictionary file is compared to.

-  User's group number determines things such as access to certain files,
   etc.  Used more in the exploit technique

-  User's number is basically identification for the system.

-  User's real name is the name the user entered.  Not used by the system,
   but it provides a handy human-readable id of each user.

-  User's home directory is the directory that they go to when they log
   into the system.  

-  User's shell is the user interface that the user uses.  Shells include
   /bin/bash /bin/ash /bin/tcsh /bin/csh and /bin/sh 

It is not necessary to modify the passwd file to contain only the passwords
because most cracking programs look for the second field, which is indicated
by the colon (:) seperating it from the username.

As you can see, it is also possible that, if the user's password is not
in the dictionary file, the cracker won't find the password to that
username.  However, on a system of 200 users, at least 70 of them will
usually have passwords that are in dictionaries, depending on if the
system administrator checks the passwords or not and the type of user
that accesses the system most.  A server used by computer security experts
will not be nearly as susceptible to this kind of an attack (or any, for
that matter) as one which is used by average people for e-mail and internet 
access.

The second kind of attack, the exploit, is a more difficult one, but it
usually has greater rewards, including the possiblity of getting total
control of the system.  Exploits work by using a piece of software in 
such a way as to compromise the security of the system.  One of the most
popular programs to use in this way is sendmail.  Sendmail is most 
susceptible because it must be open to public access to allow mail to be 
transferred into and out of the system.  Usually a buffer, an area in 
memory where the system stores program information, is overwritten using 
sendmail.  The experienced hacker can transfer his own program code into 
the buffer so that while the system thinks it is simply running the mail 
retriever it is actually copying a shell program into a public access 
directory and giving it superuser privlidges.  Another type of exploit 
involves causing a program which has superuser prividges to change your 
group ID to 1, root, which effectively makes you the administrator of 
the system.

Most of the time, these two types of attacks are used together.  The hacker 
will first get a login with brute force to gain access to the outer level of 
the system, and then from there use an exploit of some kind to gain root 
priviledges.  After attaining root access, the hacker will install one or more 
'back doors' to allow himself access to the system again.  A very common one
is taking the source code of the login program and modifying it to accept 
a certain password for any user, as well as the user's own password.

An example of a function in C that could do this would be:

check_backdoor(entry,access)
{
/* the variable entry is the password that the user entered
 * the variable access determines whether or not to allow the 
 */  user into the system.  If access = 1 then the user is let in.

if (entry == "mybackdoor")
{
access = 1;
return;
}

cryptcheck(entry,access);

return;
}

In this example, mybackdoor would be the password that could be used on
any user account.  If mybackdoor was not the entry, then the password
is hashed and checked against the password in /etc/passwd which allows
the back door to function without being noticed by anyone, including the
administrator.

I hope this information hhas been helpful in teaching you about the basis
of hacking.  For more information, visit my home page or drop me an e-mail.

KwAnTAM_PoZeEtroN
Leader of the Black Angels
Ringmaster of the Ruiners Webring
Head of Psychotic security
http://kwantam.home.ml.org
kwantam@mailhost.net
Initial commit 2021-04-15 11:31:59 -07:00			`\|+=================================+\|`
			`\|\|*********************************\|\|`
			`\|\|* Introduction to Hacking *\|\|`
			`\|\|* by KwAnTAM_PoZeEtroN *\|\|`
			`\|\|*********************************\|\|`
			`\|+=================================+\|`

			`The first part of any hacking expidition is getting into the system`
			`that you plan to 'explore.' This can be achieved in any number of`
			`ways. The main two are:`

			`1) Cracking passwd (brute force)`
			`2) Using an exploit`

			`Cracking passwd is fairly simple. You get a 'cracking' program which`
			`is designed to take each word in a word list file and encrypt it`
			`using the same one-way hash that UNIX uses to encrypt its password`
			`file. Then it compares the hashed value to each password in the`
			`encrypted list, which is found on UNIX and other *IX systems in the`
			`file /etc/passwd Word lists and cracking programs are available at`
			`http://kwantam.home.ml.org`

			`The list of words used is called a dictionary file. It contains a`
			`series of words, one per line, in a standard ASCII text file. An`
			`excerpt from a dictionary file could be`

			`helix`
			`hell`
			`hellacious`
			`hello`
			`hellbender`
			`hellbent`
			`hell-bent`
			`hellbox`
			`hellcat`
			`hellebore`
			`heller`
			`hell-for-leather`
			`hellgrammite`

			`etc.`

			`The one-way hash function is a small series of mathematical steps`
			`that makes a series of characters which is saved in the passwd file.`
			`The one-way hash function UNIX uses is a variant of Crypt(3). The reason`
			`that a dictionary file is needed is the fact that the Crypt(3) function`
			`cannot be reversed, hence the name one-way hash. It is mathematically`
			`infeasible to find in any amount of time the string of characters from`
			`which the hash value came.`

			`The passwd file is a series of lines, each with user info on it. An`
			`example is:`

			`joeschmoe:naVwowMManasMMo:10:200:Joe Schmoe:/users/joeschmoe:/bin/bash`
			`^ ^ ^ ^ ^ ^ ^`
			`\| \| \| \| \| \| +- User's`
			`\| \| \| \| \| \| shell program`
			`\| \| \| \| \| +---- User's home directory`
			`\| \| \| \| +----------------- User's real name`
			`\| \| \| +------------------------- User number`
			`\| \| +----------------------------- User's group number`
			`\| +--------------------------------------- Hash of user's password`
			`+--------------------------------------------------- Username`

			`I will explain each of these:`

			`- Username is the name under which the user logs in. Usually this is`
			`accomplished by typing in the username at the username prompt and then`
			`the password at the password prompt.`

			`- Hash of user's password is the target of the cracking method. This is`
			`what the hash of each word in the dictionary file is compared to.`

			`- User's group number determines things such as access to certain files,`
			`etc. Used more in the exploit technique`

			`- User's number is basically identification for the system.`

			`- User's real name is the name the user entered. Not used by the system,`
			`but it provides a handy human-readable id of each user.`

			`- User's home directory is the directory that they go to when they log`
			`into the system.`

			`- User's shell is the user interface that the user uses. Shells include`
			`/bin/bash /bin/ash /bin/tcsh /bin/csh and /bin/sh`

			`It is not necessary to modify the passwd file to contain only the passwords`
			`because most cracking programs look for the second field, which is indicated`
			`by the colon (:) seperating it from the username.`

			`As you can see, it is also possible that, if the user's password is not`
			`in the dictionary file, the cracker won't find the password to that`
			`username. However, on a system of 200 users, at least 70 of them will`
			`usually have passwords that are in dictionaries, depending on if the`
			`system administrator checks the passwords or not and the type of user`
			`that accesses the system most. A server used by computer security experts`
			`will not be nearly as susceptible to this kind of an attack (or any, for`
			`that matter) as one which is used by average people for e-mail and internet`
			`access.`

			`The second kind of attack, the exploit, is a more difficult one, but it`
			`usually has greater rewards, including the possiblity of getting total`
			`control of the system. Exploits work by using a piece of software in`
			`such a way as to compromise the security of the system. One of the most`
			`popular programs to use in this way is sendmail. Sendmail is most`
			`susceptible because it must be open to public access to allow mail to be`
			`transferred into and out of the system. Usually a buffer, an area in`
			`memory where the system stores program information, is overwritten using`
			`sendmail. The experienced hacker can transfer his own program code into`
			`the buffer so that while the system thinks it is simply running the mail`
			`retriever it is actually copying a shell program into a public access`
			`directory and giving it superuser privlidges. Another type of exploit`
			`involves causing a program which has superuser prividges to change your`
			`group ID to 1, root, which effectively makes you the administrator of`
			`the system.`

			`Most of the time, these two types of attacks are used together. The hacker`
			`will first get a login with brute force to gain access to the outer level of`
			`the system, and then from there use an exploit of some kind to gain root`
			`priviledges. After attaining root access, the hacker will install one or more`
			`'back doors' to allow himself access to the system again. A very common one`
			`is taking the source code of the login program and modifying it to accept`
			`a certain password for any user, as well as the user's own password.`

			`An example of a function in C that could do this would be:`

			`check_backdoor(entry,access)`
			`{`
			`/* the variable entry is the password that the user entered`
			`* the variable access determines whether or not to allow the`
			`*/ user into the system. If access = 1 then the user is let in.`

			`if (entry == "mybackdoor")`
			`{`
			`access = 1;`
			`return;`
			`}`

			`cryptcheck(entry,access);`

			`return;`
			`}`

			`In this example, mybackdoor would be the password that could be used on`
			`any user account. If mybackdoor was not the entry, then the password`
			`is hashed and checked against the password in /etc/passwd which allows`
			`the back door to function without being noticed by anyone, including the`
			`administrator.`

			`I hope this information hhas been helpful in teaching you about the basis`
			`of hacking. For more information, visit my home page or drop me an e-mail.`

			`KwAnTAM_PoZeEtroN`
			`Leader of the Black Angels`
			`Ringmaster of the Ruiners Webring`
			`Head of Psychotic security`
			`http://kwantam.home.ml.org`
			`kwantam@mailhost.net`