217 lines
8.9 KiB
Plaintext
217 lines
8.9 KiB
Plaintext
_______________________________________________________
|
|
|
|
GUIDE TO (mostly) HARMLESS HACKING
|
|
|
|
Vol. 1 Number 3
|
|
|
|
Hacking tip of the day: how finger can be used as one of the most common
|
|
ways to crack into non-public parts of an Internet host.
|
|
_______________________________________________________
|
|
|
|
Before you get too excited over learning how finger can be used to crack an
|
|
Internet host, will all you law enforcement folks out there please relax.
|
|
I'm not giving step-by-step instructions. I'm certainly not handing out code
|
|
from those publicly available canned cracking tools that any newbie could
|
|
use to gain illegal access to some hosts.
|
|
|
|
What you are about to read are some basic principles and techniques behind
|
|
cracking with finger. In fact, some of these techniques are fun and legal as
|
|
long as they aren't taken too far. And they might tell you a thing or two
|
|
about how to make your Internet hosts more secure.
|
|
|
|
You could also use this information to become a cracker. Your choice. Just
|
|
keep in mind what it would be like to be the "girlfriend" of a cell mate
|
|
named "Spike."
|
|
|
|
*********************************
|
|
Newbie note #1: Many people assume "hacking" and "cracking" are synonymous.
|
|
But "cracking" is gaining illegal entry into a computer. "Hacking" is the
|
|
entire universe of kewl stuff one can do with computers, often without
|
|
breaking the law or causing harm.
|
|
*********************************
|
|
|
|
What is finger? It is a program which runs on port 79 of many Internet host
|
|
computers. It is normally used to provide information on people who are
|
|
users of a given computer.
|
|
|
|
For review, let's consider the virtuous but boring way to give your host
|
|
computer the finger command:
|
|
|
|
finger Joe_Blow@boring.ISP.net
|
|
|
|
This causes your computer to telnet to port 79 on the host boring.ISP.net.
|
|
It gets whatever is in the .plan and .project files for Joe Blow and
|
|
displays them on your computer screen.
|
|
|
|
But the Happy Hacker way is to first telnet to boring.ISP.net port 79, from
|
|
which we can then run its finger program:
|
|
|
|
telnet boring.ISP.net 79
|
|
|
|
If you are a good Internet citizen you would then give the command:
|
|
|
|
Joe_Blow
|
|
|
|
or maybe the command:
|
|
|
|
finger Joe_Blow
|
|
|
|
This should give you the same results as just staying on your own computer
|
|
and giving the command "finger Joe_Blow@boring.ISP.net."
|
|
|
|
But for a cracker, there are lots and lots of other things to try after
|
|
gaining control of the finger program of boring.ISP.net by telnetting to
|
|
port 79.
|
|
|
|
Ah, but I don't teach how to do felonies. So we will just cover general
|
|
principles of how finger is commonly used to crack into boring.ISP.net. You
|
|
will also learn some perfectly legal things you can try to get finger to do.
|
|
|
|
For example, some finger programs will respond to the command:
|
|
|
|
finger @boring.ISP.net
|
|
|
|
If you should happen to find a finger program old enough or trusting enough
|
|
to accept this command, you might get something back like:
|
|
|
|
[boring.ISP.net]
|
|
Login Name TTY Idle When Where
|
|
happy Prof. Foobar co 1d Wed 08:00 boring.ISP.net
|
|
|
|
This tells you that only one guy is logged on, and he's doing nothing. This
|
|
means that if someone should manage to break in, no one is likely to notice
|
|
-- at least not right away.
|
|
|
|
Another command to which a finger port might respond is simply:
|
|
|
|
finger
|
|
|
|
If this command works, it will give you a complete list of the users of this
|
|
host. These user names then can be used to crack a password or two.
|
|
|
|
Sometimes a system will have no restrictions on how lame a password can be.
|
|
Common lame password habits are to use no password at all, the same password
|
|
as user name, the user's first or last name, and "guest." If these don't
|
|
work for the cracker, there are widely circulated programs which try out
|
|
every word of the dictionary and every name in the typical phone book.
|
|
|
|
********************************
|
|
Newbie Note #2: Is your password easy to crack? If you have a shell account,
|
|
you may change it with the command:
|
|
|
|
passwd
|
|
|
|
Choose a password that isn't in the dictionary or phone book, is at least 6
|
|
characters long, and includes some characters that are not letters of the
|
|
alphabet.
|
|
|
|
A password that is found in the dictionary but has one extra character is
|
|
*not* a good password.
|
|
********************************
|
|
|
|
Other commands which may sometimes get a response out of finger include:
|
|
|
|
finger @
|
|
finger 0
|
|
finger root
|
|
finger bin
|
|
finger ftp
|
|
finger system
|
|
finger guest
|
|
finger demo
|
|
finger manager
|
|
|
|
Or, even just hitting <enter> once you are into port 79 may give you
|
|
something interesting.
|
|
|
|
There are plenty of other commands that may or may not work. But most
|
|
commands on most finger programs will give you nothing, because most system
|
|
administrators don't want to ladle out lots of information to the casual
|
|
visitor. In fact, a really cautious sysadmin will disable finger entirely.
|
|
So you'll never even manage to get into port 79 of some computers
|
|
|
|
However, none of these commands I have shown you will give you root access.
|
|
They provide information only.
|
|
|
|
************************
|
|
Newbie note #3: Root! It is the Valhalla of the hard-core cracker. "Root" is
|
|
the account on a multi-user computer which allows you to play god. It is the
|
|
account from which you can enter and use any other account, read and modify
|
|
any file, run any program. With root access, you can completely destroy all
|
|
data on boring.ISP.net. (I am *not* suggesting that you do so!)
|
|
*************************
|
|
|
|
It is legal to ask the finger program of boring.ISP.net just about anything
|
|
you want. The worst that can happen is that the program will crash.
|
|
|
|
Crash...what happens if finger crashes?
|
|
|
|
Let's think about what finger actually does. It's the first program you meet
|
|
when you telnet to boring.ISP.net's port 79. And once there, you can give it
|
|
a command that directs it to read files from any user's account you may choose.
|
|
|
|
That means finger can look in any account.
|
|
|
|
That means if it crashes, you may end up in root.
|
|
|
|
Please, if you should happen to gain root access to someone else's host,
|
|
leave that computer immediately! You'd better also have a good excuse for
|
|
your systems administrator and the cops if you should get caught!
|
|
|
|
If you were to make finger crash by giving it some command like ///*^S, you
|
|
might have a hard time claiming that you were innocently seeking publicly
|
|
available information.
|
|
|
|
*****************
|
|
YOU CAN GO TO JAIL TIP #1: Getting into a part of a computer that is not
|
|
open to the public is illegal. In addition, if you use the phone lines or
|
|
Internet across a US state line to break into a non-public part of a
|
|
computer, you have committed a Federal felony. You don't have to cause any
|
|
harm at all -- it's still illegal. Even if you just gain root access and
|
|
immediately break off your connection -- it's still illegal.
|
|
***************
|
|
|
|
Truly elite types will crack into a root account from finger and just leave
|
|
immediately. They say the real rush of cracking comes from being *able* to
|
|
do anything to boring.ISP.net -- but refusing the temptation.
|
|
|
|
The elite of the elite do more than just refrain from taking advantage of
|
|
the systems they penetrate. They inform the systems administrator that they
|
|
have cracked his or her computer, and leave an explanation of how to fix the
|
|
security hole.
|
|
|
|
************************************
|
|
YOU CAN GO TO JAIL TIP #2: When you break into a computer, the headers on
|
|
the packets that carry your commands tell the sysadmin of your target who
|
|
you are. If you are reading this column you don't know enough to cover your
|
|
tracks. Tell temptation to take a hike!
|
|
************************************
|
|
|
|
Ah, but what are your chances of gaining root through finger? Haven't
|
|
zillions of hackers found all the crashable stuph? Doesn't that suggest that
|
|
finger programs running on the Internet today are all fixed so you can't get
|
|
root access through them any more?
|
|
|
|
No.
|
|
|
|
The bottom line is that any systems adminstrator that leaves the finger
|
|
service running on his/her system is taking a major risk. If you are the
|
|
user of an ISP that allows finger, ask yourself this question: is using it
|
|
to advertise your existence across the Internet worth the risk?
|
|
|
|
OK, I'm signing off for this column. I look forward to your contributions to
|
|
this list. Happy hacking -- and don't get busted!
|
|
|
|
__________________________________________________________________
|
|
|
|
Want to share some kewl stuph? Tell me I'm terrific? Flame me? For the first
|
|
two, I'm at cmeinel@techbroker.com. Please direct flames to
|
|
dev/null@techbroker.com. Happy hacking!
|
|
_______________________________________________________
|
|
Copyright 1996 Carolyn P. Meinel. You may forward the GUIDE TO (mostly)
|
|
HARMLESS HACKING as long as you leave this notice at the end. To subscribe,
|
|
email cmeinel@techbroker.com with message "subscribe hacker
|
|
<joe.blow@boring.ISP.net>" substituting your real email address for Joe Blow's.
|
|
___________________________________________________________________
|
|
|