905 lines
34 KiB
Plaintext
905 lines
34 KiB
Plaintext
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
An Indepth Guide In Hacking UNIX
|
||
|
and
|
||
|
The Concept Of Basic Networking Utility
|
||
|
By: Evil Ernie
|
||
|
Member of:
|
||
|
-=NLA=-
|
||
|
No Lamerz Allowed
|
||
|
|
||
|
|
||
|
Brief History On UNIX
|
||
|
~~~~~~~~~~~~~~~~~~~~~
|
||
|
Its because of Ken Tompson that today we are able to hack Unix. He used to
|
||
|
work for Bell Labs in the 1960s. Tompson started out using the MULTICS OS
|
||
|
which was later eliminated and Tompson was left without an operating system to
|
||
|
work with.
|
||
|
|
||
|
Tompson had to come up with something real quick. He did some research and and
|
||
|
in 1969 UNIX came out, which was a single user and it did not have many
|
||
|
capabilities. A combined effort with others enabled him to rewrite the version
|
||
|
in C and add some good features. This version was released in 1973 and was
|
||
|
made available to the public. This was the first begining of UNIX in its
|
||
|
presently known form. The more refined version of UNIX, today know as UNIX
|
||
|
system V developed by Berkley University has unique capabilities.
|
||
|
|
||
|
Various types of UNIXes are CPIX, Berkeley Ver 4.1, Berkeley 4.2, FOS, Genix,
|
||
|
HP-UX, IS/I, OSx, PC-IX, PERPOS, Sys3, Ultrix, Zeus, Xenix, UNITY, VENIX, UTS,
|
||
|
Unisys, Unip lus+, UNOS, Idris, QNIX, Coherent, Cromix, System III, System 7,
|
||
|
Sixth edition.
|
||
|
|
||
|
The Article Itself
|
||
|
~~~~~~~~~~~~~~~~~~
|
||
|
I believe that hacking into any system requires knowledge of the operating
|
||
|
system itself. Basically what I will try to do is make you more familiar with
|
||
|
UNIX operation and its useful commands that will be advantageous to you as a
|
||
|
hacker. This article contains indepth explainations. I have used the UNIX
|
||
|
System V to write this article.
|
||
|
|
||
|
|
||
|
Error Messages: (UNIX System V)
|
||
|
~~~~~~~~~~~~~~
|
||
|
Login Incorrect - An invalid ID and/or password was entered. This means
|
||
|
nothing. In UNIX there is no way guessing valid user IDs.
|
||
|
You may come across this one when trying to get in.
|
||
|
|
||
|
No More Logins - This happens when the system will not accept anymore logins.
|
||
|
The system could be going down.
|
||
|
|
||
|
Unknown Id - This happens if an invalid id is entered using (su) command.
|
||
|
|
||
|
Unexpected Eof In File - The file being stripped or the file has been damaged.
|
||
|
|
||
|
Your Password Has Expired - This is quite rare although there are situations
|
||
|
where it can happen. Reading the etc/passwd will
|
||
|
show you at how many intervals it changes.
|
||
|
|
||
|
You May Not Change The Password - The password has not yet aged enough. The
|
||
|
administrator set the quotas for the users.
|
||
|
|
||
|
Unknown Group (Group's Name) - Occurs when chgrp is executed, group does not
|
||
|
exist.
|
||
|
Sorry - Indicated that you have typed in an invalid super user password
|
||
|
(execution of the su).
|
||
|
|
||
|
Permission Denied! - Indicated you must be the owner or a super user to change
|
||
|
password.
|
||
|
|
||
|
Sorry <( Of Weeks) Since Last Change - This will happen when password has has
|
||
|
not aged enough and you tried to change
|
||
|
it (password).
|
||
|
|
||
|
(Directory Name): No Permission - You are trying to remove a directory which
|
||
|
you have no permission to.
|
||
|
|
||
|
(File Name) Not Removed - Trying to delete a file owned by another user that
|
||
|
you do not have write permission for.
|
||
|
|
||
|
(Dirname) Not Removed - Ownership of the dir is not your that your trying to
|
||
|
delete.
|
||
|
|
||
|
(Dirname) Not Empty - The directory contains files so you must have to delete
|
||
|
the files before execcant open [file name] - defined
|
||
|
wrong path, file name or you have no read permission.
|
||
|
|
||
|
Cp: (File Name) And (File Name) Are Identical - Self explanatory.
|
||
|
|
||
|
Cannot Locate Parent Directory - Occurs when using mv.
|
||
|
|
||
|
(File name) Not Found - File which your trying to move does not exist.
|
||
|
|
||
|
You Have Mail - Self explanatory.
|
||
|
|
||
|
|
||
|
Basic Networking Utility Error Messages
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
Cu: Not found - Networking not installed.
|
||
|
Login Failed - Invalid id/pw or wrong number specified.
|
||
|
Dial Failed - The systen never answered due to a wrong number.
|
||
|
UUCP Completely Failed - Did not specify file after -s.
|
||
|
Wrong Time to Call - You called at the time at a time not specified in the
|
||
|
Systems file.
|
||
|
System not in systems - You called a remote not in the systems file.
|
||
|
|
||
|
|
||
|
Logon Format
|
||
|
~~~~~~~~~~~~
|
||
|
The first thing you must do is switch to lower case. To identifing a UNIX,
|
||
|
this is what you will see;
|
||
|
|
||
|
AT&T Unix System V 3.0 (eg of a system identifier)
|
||
|
|
||
|
login:
|
||
|
or
|
||
|
Login:
|
||
|
|
||
|
Any of these is a UNIX. Here is where you will have to guess at a user valid
|
||
|
id. Here are some that I have come across; glr, glt, radgo, rml, chester, cat,
|
||
|
lom, cora, hlto, hwill, edcasey, and also some containing numbers; smith1,
|
||
|
mitu6, or special characters in it; bremer$, jfox. Login names have to be 3
|
||
|
to 8 chracters in length, lowercase, and must start with a letter. In some
|
||
|
XENIX systems one may login as "guest"
|
||
|
|
||
|
User Level Accounts (Lower Case)
|
||
|
~~~~~~~~~~~~~~~~~~~
|
||
|
In Unix there are what is called. These accounts can be used at the "login:"
|
||
|
prompt. Here is a list:
|
||
|
|
||
|
sys bin trouble daemon uucp nuucp rje lp adm
|
||
|
|
||
|
|
||
|
Super-User Accounts
|
||
|
~~~~~~~~~~~~~~~~~~~
|
||
|
There is also a super-user login which make UNIX worth hacking. The accounts
|
||
|
are used for a specific job. In large systems these logins are assingned to
|
||
|
users who have a responsibilty to maintain subsystems.
|
||
|
|
||
|
They are as follows (all lower case);
|
||
|
|
||
|
root - This is a must the system comes configured with it. It has no
|
||
|
restriction. It has power over every other account.
|
||
|
unmountsys - Unmounts files
|
||
|
setup - System set up
|
||
|
makefsys - Makes a new file
|
||
|
sysadm - Allows useful S.A commands (doesn't need root login)
|
||
|
powerdown - Powering system down
|
||
|
mountfsys - Mounts files
|
||
|
checkfsys - Checks file
|
||
|
|
||
|
These accounts will definitly have passwords assigned to them. These accounts
|
||
|
are also commands used by the system administrator. After the login prompt you
|
||
|
will receive a password prompt:
|
||
|
|
||
|
password:
|
||
|
or
|
||
|
Password:
|
||
|
|
||
|
Enter the password (it will not echo). The password rule is as follows; Each
|
||
|
password has to contain at least 6 characters and maximum of 8 characters. Two
|
||
|
of which are to be alphabetic letters and at least one being a number or a
|
||
|
special character. The alphabetic digits could be in upper case or lower
|
||
|
case. Here are some of the passwords that I have seen; Ansuya1, PLAT00N6,
|
||
|
uFo/78, ShAsHi.., Div417co.
|
||
|
|
||
|
The passwords for the super user accounts will be difficult to hack try the
|
||
|
accounts interchangebly; login:sysadm password:makefsys, or rje1, sysop,
|
||
|
sysop1, bin4, or they might contain letters, numbers, or special chracters in
|
||
|
them. It could be anything. The user passwords are changed by an aging
|
||
|
proccess at successive intervals. The users are forced to changed it. The
|
||
|
super-user will pick a password that will not need changing for a long period
|
||
|
of time.
|
||
|
|
||
|
|
||
|
You Have Made It!
|
||
|
~~~~~~~~~~~~~~~~~
|
||
|
The hard part is over and hopefully you have hacked a super-user account.
|
||
|
Remember Control-d stops a process and also logs you off. The next thing you
|
||
|
will probably see is the system news. Ex;
|
||
|
|
||
|
login:john
|
||
|
password:hacker1
|
||
|
|
||
|
System news
|
||
|
|
||
|
There will be no networking offered to the users till
|
||
|
August 15, due to hardware problems.
|
||
|
(Just An Example)
|
||
|
|
||
|
$
|
||
|
|
||
|
$ (this is the Unix prompt) - Waiting for a command to be entered.
|
||
|
- Means your logged in as root (Very Good).
|
||
|
|
||
|
A Word About The XENIX System III (Run On The Tandy 6000)
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
The largest weakness in the XENIX System III occurs after the installation
|
||
|
of the Profile-16 or more commonly know as the Filepro-16. I have seen the
|
||
|
Filepro-16 installed in many systems. The installation process creates an
|
||
|
entry in the password file for a user named \fBprofile\fR, an account that who
|
||
|
owns and administors the database. The great thing about it is that when the
|
||
|
account is created, no password is assigned to it. The database contains
|
||
|
executable to maintain it. The database creation programs perform a
|
||
|
\fBsetuid\fR to boot up the \fBoot\fR thereby giving a person the whole C
|
||
|
Shell to gain Super User privilege same as root. Intresting huh!
|
||
|
|
||
|
(* Note: First the article will inform you of how the Unix is made up.)
|
||
|
|
||
|
|
||
|
The Unix is made if three components - The Shell, The Kernal, File System.
|
||
|
|
||
|
The Kernal
|
||
|
~~~~~~~~~~
|
||
|
You could say that the kernal is the heart of the Unix operating system. The
|
||
|
kernal is a low level language lower than the shell which maintains processes.
|
||
|
The kernal handles memory usage, maintains file system the sofware and hardware
|
||
|
devices.
|
||
|
|
||
|
The Shell
|
||
|
~~~~~~~~~
|
||
|
The shell a higher level language. The shell had two important uses, to act as
|
||
|
command interpreture for example using commands like cat or who. The shell is
|
||
|
at work figuring out whether you have entered a command correctly or not. The
|
||
|
second most important reason for the shell is its ability to be used as
|
||
|
programing language. Suppose your performing some tasks repeatedly over and
|
||
|
over again, you can program the shell to do this for you.
|
||
|
|
||
|
(Note: This article will not cover shell programming.)
|
||
|
( Instead B.N.N will be covered. )
|
||
|
|
||
|
|
||
|
The File System
|
||
|
~~~~~~~~~~~~~~~
|
||
|
The file system in Unix is divided into 3 catagories: Directories, ordinary
|
||
|
files and special files (d,-).
|
||
|
|
||
|
Basic Stucture:
|
||
|
|
||
|
(/)-this is abreviation for the root dirctory.
|
||
|
|
||
|
root level root
|
||
|
(/) system
|
||
|
-------------------------------------|---------------------------------- level
|
||
|
| | | | | | | |
|
||
|
/unix /etc /dev /tmp /lib /usr /usr2 /bin
|
||
|
| _____|_____
|
||
|
login passwd | | |
|
||
|
level /john /cathy
|
||
|
________________________|_______________
|
||
|
| | | | | |
|
||
|
.profile /mail /pers /games /bin /michelle
|
||
|
*.profile - in case you | __|______ | __|_______
|
||
|
wish to change your environment, but capital | | data | | |
|
||
|
after you log off, it sets it to othello starwars letter letter1
|
||
|
default.
|
||
|
|
||
|
/unix - This is the kernal.
|
||
|
/etc - Contains system administrators files,Most are not available to the
|
||
|
regular user (this dirrctory contains the /passwd file).
|
||
|
|
||
|
Here are some files under /etc directory:
|
||
|
/etc/passwd
|
||
|
/etc/utmp
|
||
|
/etc/adm/sulog
|
||
|
/etc/motd
|
||
|
/etc/group
|
||
|
/etc/conf
|
||
|
/etc/profile
|
||
|
|
||
|
/dev - contains files for physical devices such as printer and the disk drives
|
||
|
/tmp - temporary file directory
|
||
|
/lib - dirctory that contains programs for high level languages
|
||
|
/usr - this directory contains dirctories for each user on the system
|
||
|
/bin - contain executable programs (commands)
|
||
|
|
||
|
The root also contains:
|
||
|
/bck - used to mount a back up file system.
|
||
|
/install - Used to install and remove utilities
|
||
|
/lost+found - This is where all the removed files go, this dir is used by fsck
|
||
|
/save -A utility used to save data
|
||
|
/mnt - Used for temporary mounting
|
||
|
|
||
|
**Now the fun part scouting around**
|
||
|
|
||
|
Local Commands (Explained In Details)
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
At the unix prompt type the pwd command. It will show you the current working
|
||
|
directory you are in.
|
||
|
|
||
|
$ pwd
|
||
|
$ /usr/admin - assuming that you have hacked into a super user account
|
||
|
check fsys
|
||
|
$
|
||
|
|
||
|
This gives you the full login directory. The / before tell you the location of
|
||
|
the root directory.
|
||
|
|
||
|
Or
|
||
|
|
||
|
(REFER TO THE DIAGRAM ABOVE)
|
||
|
$ pwd
|
||
|
$ /usr/john
|
||
|
$
|
||
|
Assuming you have hacked into John's account.
|
||
|
|
||
|
Lets say you wanted to move down to the Michelle directory that contains
|
||
|
letters. You would type in;
|
||
|
|
||
|
$ cd michelle or cd usr/john/michelle
|
||
|
$ pwd
|
||
|
$ /usr/john/michelle
|
||
|
$
|
||
|
|
||
|
Going back one directory up type in:
|
||
|
$ cd ..
|
||
|
or going to your parent directory just type in "cd"
|
||
|
|
||
|
Listing file directories assuming you have just logged in:
|
||
|
$ ls /usr/john
|
||
|
mail
|
||
|
pers
|
||
|
games
|
||
|
bin
|
||
|
michelle
|
||
|
This wont give you the .profile file. To view it type
|
||
|
$ cd
|
||
|
$ ls -a
|
||
|
:
|
||
|
:
|
||
|
.profile
|
||
|
|
||
|
To list file names in Michelle's directory type in:
|
||
|
$ ls michelle (that if your in the johns directory)
|
||
|
$ ls /usr/john/michelle(parent dir)
|
||
|
|
||
|
ls -l
|
||
|
~~~~~
|
||
|
The ls -l is an an important command in unix.This command displays the whole
|
||
|
directory in long format :Run this in parent directory.
|
||
|
$ ls -l
|
||
|
total 60
|
||
|
-rwxr-x--- 5 john bluebox 10 april 9 7:04 mail
|
||
|
drwx------ 7 john bluebox 30 april 2 4:09 pers
|
||
|
: : : : : : :
|
||
|
: : : : : : :
|
||
|
-rwxr-x--- 6 cathy bluebox 13 april 1 13:00 partys
|
||
|
: : : : : : :
|
||
|
$
|
||
|
|
||
|
The total 60 tells one the ammount of disk space used in a directory. The
|
||
|
-rwxr-x--- is read in triples of 3. The first chracter eg (-, d, b, c) means
|
||
|
as follows: - is an ordinary file, d is a directory, b is block file, c is a
|
||
|
character file.
|
||
|
|
||
|
The r stands for read permission, w is write permission, x is execute. The
|
||
|
first column is read in 3 triples as stated above. The first group of 3 (in
|
||
|
-rwxr-x---) after the "-" specifies the permission for the owner of the file,
|
||
|
the second triple are for the groups (the fourth column) and the last triple
|
||
|
are the permissions for all other users. Therefore, the -rwxr-x--- is read as
|
||
|
follows.
|
||
|
|
||
|
The owner, John, has permission to read, write, and execute anything in the bin
|
||
|
directory but the group has no write permission to it and the rest of the users
|
||
|
have no permission at all. The format of one of the lines in the above output
|
||
|
is as follows:
|
||
|
|
||
|
file type-permissions, links, user's name, group, bytes taken, date, time when
|
||
|
last renued, directory, or file name.
|
||
|
|
||
|
*** You will be able to read, execute Cathy's ***
|
||
|
*** file named partly due to the same group. ***
|
||
|
|
||
|
Chmod
|
||
|
~~~~~
|
||
|
The chmod command changes permission of a directory or a file. Format is
|
||
|
chmod who+, -, =r , w, x
|
||
|
|
||
|
The who is substituted by u-user, g-group, o-other users, a-all.
|
||
|
The + means add permission, - means remove permission, = - assign.
|
||
|
Example: If you wanted all other users to read the file name mail, type:
|
||
|
|
||
|
$ chmod o+r mail
|
||
|
|
||
|
Cat
|
||
|
~~~
|
||
|
Now suppose you wanted to read the file letter. There are two ways to doing
|
||
|
this. First go to the michelle directory then type in:
|
||
|
|
||
|
$ cat letter
|
||
|
line one ...\
|
||
|
line two ... }the output of letter
|
||
|
line three../
|
||
|
$
|
||
|
or
|
||
|
If you are in the parent directory type in:
|
||
|
$ cat /usr/john/michelle/letter
|
||
|
and you will have the same output.
|
||
|
|
||
|
Some cat options are -s, -u, -v, -e, -t
|
||
|
|
||
|
Special Chracters in Unix
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
* - Matches any number of single characters eg. ls john* will list all
|
||
|
files that begin with john
|
||
|
[...] - Matchs any one of the chracter in the [ ]
|
||
|
? - Matches any single chracter
|
||
|
& - Runs a process in the backgroung leaving your terminal free
|
||
|
$ - Values used for variables also $n - null argument
|
||
|
> - Redirectes output
|
||
|
< - Redirects input to come from a file
|
||
|
>> - Redirects command to be added to the end of a file
|
||
|
| - Pipe output (eg:who|wc-l tells us how many users are online)
|
||
|
"..." - Turn of meaning of special chracters excluding $,`
|
||
|
`...` - Allows command output in to be used in a command line
|
||
|
'...' - Turns of special meaning of all chracters
|
||
|
|
||
|
Continuation Of Local Commands
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
man [command] or [c/r] -will give you a list of commands explainations
|
||
|
help - available on some UNIX systems
|
||
|
mkdir [dir name(s)] - makes a directory
|
||
|
rmdir [dir name(s)] - removes directory.You wont be able to remove the
|
||
|
directory if it contains files in them
|
||
|
rm [file name(s)] - removes files. rm * will erase all files in the current
|
||
|
dir. Be carefull you! Some options are:
|
||
|
[-f unconditional removal] [-i Prompts user for y or n]
|
||
|
|
||
|
ps [-a all processes except group leaders] [-e all processes] [-f the whole
|
||
|
list] - This command reports processes you are running eg:
|
||
|
|
||
|
$ps
|
||
|
PID TTY TIME COMMAND
|
||
|
200 tty09 14:20 ps
|
||
|
|
||
|
The systems reports (PID - process idenetification number which is a number
|
||
|
from 1-30,000 assigned to UNIX processes)
|
||
|
It also reports the TTY,TIME and the COMMAND being executed at the time.
|
||
|
To stop a process enter :
|
||
|
|
||
|
$kill [PID] (this case its 200)
|
||
|
200 terminated
|
||
|
$
|
||
|
|
||
|
grep (argument) - searches for an file that contains the argument
|
||
|
mv (file names(s)) ( dir name ) - renames a file or moves it to another
|
||
|
directory
|
||
|
cp [file name] [file name] - makes a copy of a file
|
||
|
write [login name ] - to write to other logged in users. Sort of a chat
|
||
|
mesg [-n] [-y] - doesn't allow others to send you messages using the write
|
||
|
command. Wall used by system adm overrides it.
|
||
|
$ [file name] - to execute any file
|
||
|
wc [file name] - Counts words, characters,lines in a file
|
||
|
stty [modes] - Set terminal I/O for the current devices
|
||
|
sort [filename] - Sorts and merges files many options
|
||
|
spell [file name] > [file name] - The second file is where the misspelt words
|
||
|
are entered
|
||
|
date [+%m%d%y*] [+%H%%M%S] - Displays date acoording to options
|
||
|
at [-r] [-l] [job] - Does a specified job at a specified time. The -r Removes
|
||
|
all previously scheduled jobs.The -l reports the job and
|
||
|
status of all jobs scheduled
|
||
|
write [login] [tty] - Sends message to the login name. Chat!
|
||
|
|
||
|
|
||
|
Su [login name]
|
||
|
~~~~~~~~~~~~~~~
|
||
|
The su command allows one to switch user to a super user to a user. Very
|
||
|
important could be used to switch to super user accounts.
|
||
|
Usage:
|
||
|
|
||
|
$ su sysadm
|
||
|
password:
|
||
|
|
||
|
This su command will be monitored in /usr/adm/sulog and this file of all files
|
||
|
is carefully monitered by the system administrator.Suppose you hacked in john's
|
||
|
account and then switched to the sysadm account (ABOVE) your /usr/adm/su log
|
||
|
entry would look like:
|
||
|
|
||
|
SU 04/19/88 21:00 + tty 12 john-sysadm
|
||
|
|
||
|
Therfore the S.A(system administrator) would know that john swithed to sysadm
|
||
|
account on 4/19/88 at 21:00 hours
|
||
|
|
||
|
|
||
|
Searching For Valid Login Names:
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
Type in-
|
||
|
$ who ( command informs the user of other users on the system)
|
||
|
cathy tty1 april 19 2:30
|
||
|
john tty2 april 19 2:19
|
||
|
dipal tty3 april 19 2:31
|
||
|
:
|
||
|
:
|
||
|
tty is the user's terminal, date, time each logged on. mary, dr.m are valid
|
||
|
logins.
|
||
|
|
||
|
Files worth concatenating(cat)
|
||
|
|
||
|
|
||
|
/etc/passwd file
|
||
|
~~~~~~~~~~~~~~~~
|
||
|
The etc/passwd is a vital file to cat. For it contains login names of all
|
||
|
users including super user accounts and there passwords. In the newer SVR3
|
||
|
releases they are tighting their security by moving the encrypted passwords
|
||
|
from /etc/passwd to /etc/shadow making it only readable by root.
|
||
|
This is optional of course.
|
||
|
|
||
|
$ cat /etc/passwd
|
||
|
root:D943/sys34:0:1:0000:/:
|
||
|
sysadm:k54doPerate:0:0:administration:usr/admin:/bin/rsh
|
||
|
checkfsys:Locked;:0:0:check file system:/usr/admin:/bin/rsh
|
||
|
:
|
||
|
other super user accs.
|
||
|
:
|
||
|
john:hacker1:34:3:john scezerend:/usr/john:
|
||
|
:
|
||
|
other users
|
||
|
:
|
||
|
$
|
||
|
|
||
|
If you have reached this far capture this file as soon as possible. This is a
|
||
|
typical output etc/passwd file. The entries are seperated by a ":". There
|
||
|
made be up to 7 fields in each line.
|
||
|
Eg.sysadm account.
|
||
|
|
||
|
The first is the login name in this case sysadm.The second field contains the
|
||
|
password. The third field contains the user id."0 is the root." Then comes
|
||
|
the group id then the account which contains the user full name etc. The sixth
|
||
|
field is the login directory defines the full path name of the the paticular
|
||
|
account and the last is the program to be executed. Now one can switch to
|
||
|
other super user account using su command descibed above. The password entry
|
||
|
in the field of the checkfsys account in the above example is "Locked;". This
|
||
|
doesn't mean thats its a password but the account checkfsys cannot be accessed
|
||
|
remotely. The ";" acts as an unused encryption character. A space is also
|
||
|
used for the same purpose. You will find this in many UNIX systems that are
|
||
|
small systems where the system administrator handles all maintaince.
|
||
|
|
||
|
If the shawdowing is active the /etc/passwd would look like this:
|
||
|
|
||
|
root:x:0:1:0000:/:
|
||
|
sysadm:x:0:0:administration:/usr/admin:/bin/rsh
|
||
|
|
||
|
The password filed is substituted by "x".
|
||
|
|
||
|
The /etc/shawdow file only readable by root will look similar to this:
|
||
|
|
||
|
root:D943/sys34:5288::
|
||
|
:
|
||
|
super user accounts
|
||
|
:
|
||
|
Cathy:masai1:5055:7:120
|
||
|
:
|
||
|
all other users
|
||
|
:
|
||
|
|
||
|
The first field contains users id: The second contains the password (The pw
|
||
|
will be NONE if logining in remotely is deactivated): The third contains a
|
||
|
code of when the password was last changed: The fourth and the fifth contains
|
||
|
the minimum and the maximum numbers of days for pw changes (its rare that you
|
||
|
will find this in the super user logins due to there hard to guess passwords)
|
||
|
|
||
|
|
||
|
/etc/options
|
||
|
~~~~~~~~~~~~
|
||
|
The etc/options file informs one the utilities available in the system.
|
||
|
-rwxr-xr-x 1 root sys 40 april 1:00 Basic Networking utility
|
||
|
|
||
|
|
||
|
/etc/group
|
||
|
~~~~~~~~~~
|
||
|
The file has each group on the system. Each line will have 4 entries separated
|
||
|
by a ":". Example of concatenated /etc/group:
|
||
|
|
||
|
root::0:root
|
||
|
adm::2:adm,root
|
||
|
bluebox::70:
|
||
|
|
||
|
Group name:password:group id:login names
|
||
|
** It very unlikely that groups will have passwords assigned to them **
|
||
|
The id "0" is assigned to /
|
||
|
|
||
|
|
||
|
Sending And Recieving Messages
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
Two programs are used to manage this. They are mail & mailx. The difference
|
||
|
between them is that mailx is more fancier thereby giving you many choices like
|
||
|
replying message, using editors, etc.
|
||
|
|
||
|
|
||
|
Sending
|
||
|
~~~~~~~
|
||
|
The basic format for using this command is:
|
||
|
|
||
|
$mail [login(s)]
|
||
|
(now one would enter the text after finishing enter "." a period on the next
|
||
|
blank line)
|
||
|
$
|
||
|
|
||
|
This command is also used to send mail to remote systems. Suppose you wanted
|
||
|
to send mail to john on a remote called ATT01 you would type in:
|
||
|
|
||
|
$mail ATT01!john
|
||
|
|
||
|
Mail can be sent to several users, just by entering more login name after
|
||
|
issuing the mail command
|
||
|
|
||
|
Using mailx is the same format:(This I'll describe very briefly) $mailx john
|
||
|
subject:(this lets you enter the subject)
|
||
|
(line 1)
|
||
|
(line 2)
|
||
|
(After you finish enter (~.) not the brackets of course, more commands are
|
||
|
available like ~p, ~r, ~v, ~m, ~h, ~b, etc.).
|
||
|
|
||
|
|
||
|
Receiving
|
||
|
~~~~~~~~~
|
||
|
After you log on to the system you will the account may have mail waiting.
|
||
|
You will be notified "you have mail."
|
||
|
To read this enter:
|
||
|
$mail
|
||
|
(line 1)
|
||
|
(line 2)
|
||
|
(line 3)
|
||
|
?
|
||
|
$
|
||
|
|
||
|
After the message you will be prompted with a question mark. Here you have a
|
||
|
choice to delete it by entering d, saving it to view it later s, or just press
|
||
|
enter to view the next message.
|
||
|
|
||
|
(DON'T BE A SAVANT AND DELETE THE POOR GUY'S MAIL)
|
||
|
|
||
|
|
||
|
Super User Commands
|
||
|
~~~~~~~~~~~~~~~~~~~
|
||
|
$sysadm adduser - will take you through a routine to add a user (may not last
|
||
|
long)
|
||
|
|
||
|
Enter this:
|
||
|
|
||
|
$ sysadm adduser
|
||
|
password:
|
||
|
(this is what you will see)
|
||
|
/--------------------------------------------------------------------------\
|
||
|
Process running succommmand `adduser`
|
||
|
USER MANAGMENT
|
||
|
|
||
|
Anytime you want to quit, type "q".
|
||
|
If you are not sure how to answer any prompt, type "?" for help
|
||
|
|
||
|
If a default appears in the question, press <RETURN> for the default.
|
||
|
|
||
|
Enter users full name [?,q]: (enter the name you want)
|
||
|
Enter users login ID [?,q]:(the id you want to use)
|
||
|
Enter users ID number (default 50000) [?,q) [?,q]:( press return )
|
||
|
Enter group ID number or group name:(any name from /etc/group)
|
||
|
Enter users login home directory:(enter /usr/name)
|
||
|
|
||
|
This is the information for the new login:
|
||
|
Users name: (name)
|
||
|
login ID:(id)
|
||
|
users ID:50000
|
||
|
group ID or name:
|
||
|
home directory:/usr/name
|
||
|
Do you want to install, edit, skip [i, e, s, q]? (enter your choice if "i"
|
||
|
then)
|
||
|
Login installed
|
||
|
Do you want to give the user a password?[y,n] (its better to enter one)
|
||
|
New password:
|
||
|
Re-enter password:
|
||
|
|
||
|
Do you want to add another login?
|
||
|
\----------------------------------------------------------------------------/
|
||
|
|
||
|
This is the proccess to add a user. Since you hacked into a super user account
|
||
|
you can make a super user account by doing the following by entering 0 as an
|
||
|
user and a group ID and enter the home directory as /usr/admin. This will give
|
||
|
you as much access as the account sysadm.
|
||
|
|
||
|
**Caution** - Do not use login names like Hacker, Cracker,Phreak etc. This is
|
||
|
a total give away.
|
||
|
|
||
|
The process of adding a user wont last very long the S.A will know when he
|
||
|
checks out the /etc/passwd file
|
||
|
|
||
|
$sysadm moduser - This utility allows one to modify users. DO NOT ABUSE!!
|
||
|
!
|
||
|
|
||
|
Password:
|
||
|
|
||
|
This is what you'll see:
|
||
|
|
||
|
/----------------------------------------------------------------------------\
|
||
|
MODIFYING USER'S LOGIN
|
||
|
|
||
|
1)chgloginid (This is to change the login ID)
|
||
|
2)chgpassword (Changing password)
|
||
|
3)chgshell (Changing directory DEFAULT = /bin/sh)
|
||
|
|
||
|
ENTER A NUMBER,NAME,INITIAL PART OF OF NAME,OR ? OR <NUMBER>? FOR HELP, Q TO
|
||
|
QUIT ?
|
||
|
\----------------------------------------------------------------------------/
|
||
|
|
||
|
Try every one of them out.Do not change someones password.It creates a havoc.
|
||
|
If you do decide to change it.Please write the original one down somewhere
|
||
|
and change back.Try not to leave to many traces after you had your fun. In
|
||
|
choice number 1 you will be asked for the login and then the new one. In
|
||
|
choice number 2 you will asked for the login and then supplied by it correct
|
||
|
password and enter a new one. In choice 3 this is used to a pchange the login
|
||
|
shell ** Use full ** The above utilites can be used separatly for eg (To
|
||
|
change a password one could enter: $sysadm chgpasswd not chapassword, The rest
|
||
|
are same)
|
||
|
|
||
|
$sysadm deluser - This is an obviously to delete a user password:
|
||
|
|
||
|
This will be the screen output:
|
||
|
/---------------------------------------------------------------------------\
|
||
|
Running subcommand 'deluser' from menu 'usermgmt'
|
||
|
USER MANAGEMENT
|
||
|
|
||
|
This fuction completely removes the user,their mail file,home directory and all
|
||
|
files below their home directory from the machine.
|
||
|
|
||
|
Enter login ID you wish to remove[q]: (eg.cathy)
|
||
|
'cathy' belongs to 'Cathy Franklin'
|
||
|
whose home directory is /usr/cathy
|
||
|
Do you want to remove this login ID 'cathy' ? [y,n,?,q] :
|
||
|
|
||
|
/usr/cathy and all files under it have been deleted.
|
||
|
|
||
|
Enter login ID you wish to remove [q]:
|
||
|
\--------------------------------------------------------------------------/
|
||
|
This command deletes everthing owned by the user.Again this would be stupid to
|
||
|
use.
|
||
|
|
||
|
|
||
|
Other Super User Commands
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
wall [text] control-d - to send an anouncement to users logged in (will
|
||
|
override mesg -n command). Execute only from /
|
||
|
/etc/newgrp - is used to become a member of a group
|
||
|
|
||
|
sysadm [program name]
|
||
|
delgroup - delets groups
|
||
|
diskuse - Shows free space etc.
|
||
|
whoson - self explanatory
|
||
|
lsgroup - Lists group
|
||
|
mklineset -hunts various sequences
|
||
|
|
||
|
|
||
|
Basic Networking Unility (BNU)
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
|
||
|
The BNU is a unique feature in UNIX.Some systems may not have this installed.
|
||
|
What BNU does is allow other remote UNIXes communicate with yours without
|
||
|
logging off the present one.BNU also allowes file transfer between computers.
|
||
|
Most UNIX systems V will have this feature installed.
|
||
|
|
||
|
The user program like cu,uux etc are located in the /usr/bin directory
|
||
|
|
||
|
Basic Networking Files
|
||
|
~~~~~~~~~~~~~~~~~~~~~~
|
||
|
/usr/lib/uucp/[file name]
|
||
|
[file name]
|
||
|
systems - cu command to establishes link.Contains info on remote computers
|
||
|
name, time it can be reached, login Id, password, telephone numbers
|
||
|
devices - inter connected with systems files (Automatic call unit same in two
|
||
|
entries) also contains baud rate, port tty1, etc.
|
||
|
|
||
|
dialers - where asscii converation must be made before file tranfers etc.
|
||
|
dialcodes - contains abreiviations for phone numbers that can be used in
|
||
|
systems file
|
||
|
|
||
|
other files are sysfiles, permissions, poll, devconfig
|
||
|
|
||
|
Logining On To Remote And Sending+Receiving Files
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
cu - This command allows one to log on to the local as well as the remote Unix
|
||
|
(or a non unix)without haveing to hang up so you can transfer files.
|
||
|
Usage:[options]
|
||
|
|
||
|
$ cu [-s baud rate][-o odd parity][-e even parity][-l name of comm line]
|
||
|
telephone number | systemname
|
||
|
|
||
|
To view system names that you can communicate with use the 'unname' command:
|
||
|
Eg. of output of names:
|
||
|
|
||
|
ATT01
|
||
|
ATT02
|
||
|
ATT03
|
||
|
ATT04
|
||
|
|
||
|
|
||
|
$ cu -s300 3=9872344 (9872344 is the tel)
|
||
|
connected
|
||
|
login:
|
||
|
password:
|
||
|
|
||
|
Local Strings
|
||
|
~~~~~~~~~~~~~
|
||
|
<~.> - will log you off the remote terminal, but not the local
|
||
|
<control-d> - puts you back on the remote unix local (the directory which you
|
||
|
are in)
|
||
|
"%put [file name] - reverse of above
|
||
|
|
||
|
Ct
|
||
|
~~
|
||
|
ct allows local to connect to remote.Initiates a getty on a remote terminal.
|
||
|
Usefull when using a remote terminal.BNU has call back feature that allows the
|
||
|
user on the remote who can execute a call back meaning the local can call the
|
||
|
remote.[ ] are options
|
||
|
|
||
|
$ ct [-h prevent automatic hang up][-s bps rate][-wt set a time to call back
|
||
|
abbrieviated t mins] telephone number
|
||
|
|
||
|
Uux
|
||
|
~~~
|
||
|
To execute commands on a remote (unix to unix)
|
||
|
usage:[ ] are options
|
||
|
|
||
|
$ uux [- use standard output][-n prevent mail notification][-p also use
|
||
|
standard output] command-string
|
||
|
|
||
|
UUCP
|
||
|
~~~~
|
||
|
UUCP copies files from ones computer to the home directory of a user in remote
|
||
|
system. This also works when copying files from one directory to another in
|
||
|
the remote. The remote user will be notified by mail. This command becomes
|
||
|
use full when copying files from a remote to your local system. The UUCP
|
||
|
requires the uucico daemon will call up the remote and will perform file login
|
||
|
sequence, file transfer, and notify the user by mail. Daemons are programs
|
||
|
runining in the background. The 3 daemons in a Unix are uucico, uusched,
|
||
|
uuxqt.
|
||
|
|
||
|
Daemons Explained: [nows a good time to explain the 3 daemons]
|
||
|
~~~~~~~~~~~~~~~~~
|
||
|
Uuxqt - Remote execution. This daemon is executed by uudemon.hour started by
|
||
|
cron.UUXQT searchs in the spool directory for executable file named
|
||
|
X.file sent from the remote system. When it finds a file X .file where
|
||
|
it obtains process which are to be executed. The next step is to find
|
||
|
weather the processes are available at the time.The if available it
|
||
|
checks permission and if everthing is o.k it proceeds the background
|
||
|
proccess.
|
||
|
|
||
|
Uucico - This Daemon is very immportant for it is responsible in establishing
|
||
|
a connection to the remote also checks permission, performs login
|
||
|
procedures,transfers + executes files and also notifies the user by
|
||
|
mail. This daemon is called upon by uucp,uuto,uux commands.
|
||
|
|
||
|
Uusched - This is executed by the shell script called uudemon.hour. This
|
||
|
daemons acts as a randomizer before the UUCICO daemon is called.
|
||
|
|
||
|
|
||
|
Usage:
|
||
|
|
||
|
$ uucp [options] [first full path name!] file [destination path!] file example:
|
||
|
|
||
|
$ uucp -m -s bbss hackers unix2!/usr/todd/hackers
|
||
|
|
||
|
What this would do is send the file hackers from your computer to the remotes
|
||
|
/usr/todd/hackers making hackers of course as file. Todd would mail that a
|
||
|
file has been sent to him. The Unix2 is the name of the remote. Options for
|
||
|
UUCP: (Don't forget to type in remotes name Unix2 in case)
|
||
|
-c dont copy files to spool directory
|
||
|
-C copy to spool
|
||
|
-s[file name] - this file will contain the file status(above is bbss)
|
||
|
-r Dont start the comm program(uucico) yet
|
||
|
-j print job number(for above eg.unix2e9o3)
|
||
|
-m send mail when file file is complete
|
||
|
|
||
|
Now suppose you wanted to receive file called kenya which is in the
|
||
|
usr/ dan/usa to your home directory /usr/john assuming that the local systems
|
||
|
name is ATT01 and you are currently working in /usr/dan/usa,you would type in:
|
||
|
|
||
|
$uucp kenya ATT01!/usr/john/kenya
|
||
|
|
||
|
Uuto
|
||
|
~~~~
|
||
|
The uuto command allows one to send file to remote user and can also be used to
|
||
|
send files locally.
|
||
|
|
||
|
Usage:
|
||
|
|
||
|
$ uuto [file name] [system!login name]( omit systen name if local)
|
||
|
|
||
|
|
||
|
Conclusion
|
||
|
~~~~~~~~~~
|
||
|
Theres always more one can say about the UNIX, but its time to stop. I hope
|
||
|
you have enjoyed the article. I apologize for the length. I hope I made the
|
||
|
UNIX operating system more familiar. The contents of the article are all
|
||
|
accurate to my knowledge. Hacking into any system is illegal so try to use
|
||
|
remote dial-ups to the job. Remember do not abuse any systems you hack into
|
||
|
for a true hacker doesn't like to wreck, but to learn.
|
||
|
|
||
|
|
||
|
|
||
|
Evil Ernie
|
||
|
-=NLA=-
|
||
|
No Lamerz Allowed
|
||
|
==============================================================================
|
||
|
|
||
|
|