informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/UNIX/hack.txt

201 lines
10 KiB
Plaintext
Raw Permalink Blame History

__________ _______________ _________
/ /\ / ______ /\ / ____ \
/ ______/ / / /\____/ / / / /\___\ \
/ /\_____\/ / / / / / / / / / \ \
/ /_/___ / / / / / / / / / \ \
/ /\ / / / / / / / / / / /\
/ _____/ / / / / / / / / / / / / /
/ /\____\/ / / / / / / / / / / / /
/ /_/___ / / / / / / / / / / / /
/ /\ / /_/___/ / / / /_/_______/ / /
/__________/ / /______________/ / /________________/ /
\__________\/ \______________\/ \________________\/
Essence Of Darkness
-'Hacking Servers 101'
was written by ChronicK of THE E0D-
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ DiSCLAiMER: ++
++ CHRONiCK NOR ANY PARTiES AFFiLIATED WiTH HiM TAKE ++
++ SPONSABiLiTY, WiTH THE CONTENTS CONTAiNED iN THiS ++
++ TEXT FILE. THiS CONTENT iS FOR EDUCATiONAL PURPOSES ++
++ ONLY, AND WHERE NOT PERSONALLY USED BY CHRONiCK, OR ANY ++
++ OTHER PARTiES AFFiLiATED WiTH HiM... ++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ALL MiSPELLED WORDS, PUNCUATiON, AND OTHER MiSTAKES, ++
++ ARE CONSiDERED AS'ARTiSTiC EXPRESSiNGS'. ++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I'm very tired of people (so called 'hackers) asking me to teach them to
hack, or how to hack web sites...Well there is. There are, in fact, literally
hundreds of ways to do this. I'll discuss a few in this text to get you started.
Everyone must start somewhere and somehow, and hacking web servers and ftp servers
is yet one of the easiest ways. I really hope that you have _*SOME*_ basic knowledge,
of how web servers work and how to use some form of UNiX...
I'll explain that stuff anyway for those of you who _*don't*_ know. If you do, then
skip this lame part =c)
Part 1: The _*simple*_ UNiX commands 101
The majority of MS DOS commands, have a UNiX, or Linux equivalents.
Bellow, I have listen the _*MAiN*_ commands you'll need to know to operate a shell account.
CD = CD
COPY = CP
DEL = RM
DIR = LS
HELP = HELP
MOVE = MV
**
NOTE: These next commands where taken from the
Linebreaker (unix-use.txt), and are inculded in
<UNiX-USE> braces...
**
<UNiX-USE>
awk *=* Search for a pattern within a file
bdiff *=* Compares two large file
bfs *=* Scans a large file
cal *=* Displays a calendar
cat *=* Documents and prints file
cc *=* C compiler
cd *=* Change directory
chgrp *=* Changes a file's group ownership
chmod *=* Changes a file's access permissions
cmp *=* Compares two files
comm *=* Compares two files so as to determine which lines
*=* are common to both
cp *=* Copies a file to another location
cu *=* Calls another Unix system
date *=* Returns the date and time
fr *=* Displays free space in the file system
diff *=* Displays the differences between two files or dir's
diff3 *=* " " three files or dir's
du *=* Reports on file system usage
echo *=* Displays its argument
ed *=* Text editor
ex *=* Text editor
f77 *=* Fortran compiler
find *=* Locates the files with specified characteristics
format *=* Initializes a floppy disk
grep *=* Searches for a pattern within a file
help *=* Provides help
kill *=* Ends a process
in *=* Used to link files
ipr *=* Copies the file to the line printer
is *=* Displays information about one or more files
mail *=* Used to receive or deliver messages
mkdir *=* Creates a new directory
more *=* Displays a long file so that the user can scroll
mv *=* Used to move or rename files
nroff *=* Used to format text
passwd *=* Allows you to change your current password
ps *=* Display a process's status
pwd *=* Display the name of the working directory
rm *=* Removes one or more files
rmdir *=* Deletes one or more directories
sleep *=* Causes a process to become inactive for a specified
*=* amount of time
sort *=* Sort and merge one or more files
spell *=* Finds spelling errors in a file
split *=* Divides a file
stty *=* Displays or set terminal parameters
tail *=* Displays the end of a file
troff *=* Outputs formatted output to a typesetter
tset *=* Sets other terminal type
unmask *=* Allows the user to specify a new creation mass
uucp *=* Unix-to-Unix execute
vi *=* Full screen editor
wc *=* Displays details in the file size
who *=* Displays information on the system users
write *=* Used to send a message to another user
bin *=* Used to store Unix utilities
lib *=* Contains libraries used by Unix
tmp *=* Contains temporary files
etc *=* Contains administrative programs such as passwd
dev *=* Contains files which represent devices
usr *=* Contains user files
</UNiX-USE>-NOTE: that cuncluded unix-use.txt's commands...
*****
If you have _*NO*_ clue whatsoever of what any of what that chart 'represents', here's yet more
help for you...
On the right (in the above chart, CD, COPY DEL, DiR, HELP, and MOVE, are ALL MicroSoft, DOS commands.
What are MicroSoft DOS commands? Doh, commands you enter in a MicroSoft DOS Prompt! Just try one, shell to DOS
(open a MicroSoft DOS prompt), if you don't know how just restart in DOS (Win95 users). Win3.x users, just exit
windows. Once you are in DOS, type some of the above commands, in the chart, on the right =c). On the left are
UNiX/LiNUX commands, that do they equivalent, of, the commands on the right...I hope this explains it enough...
To find out who is in a system, simply type: WHO. To get information
about a specific user on the system type FINGER username (username = the name you
fingering). By taking advantage of those basic UNiX commands, you can learn all you
need to know about the system you are currently 'in' (using).
Part 2: Cracking the passwords 101
On UNiX systems the file that contains the passwords for all the users
on the system is located in the /etc dir (directory). The filename is passwd.
So alltogether you need to access ~/etc/passwd. All of the accounts in the
passwd file have _*ENCRYPTED*_ passwords. These passwords cannot be, in any way,
'decrypted'. However, there are programs that can be used to obtain passwords from
the file. I reccomed using 'Cracker Jack', or my favorite, John The Ripper...These
prgramms use wordlists (a BiG LiST of words), then compares the encrypted forms
of the words in the list to the encrypted passwords in the passwd file and it
notifies you when it finds a match (NOT allways 100% of the time...). John The Ripper,
or Cracker Jack, can be found at: www.hack3rs.com.
Part 3: Finding Password Files 101
Obviously, a systim adimin isn't just going to give out a passwd file to you.
You have to have a way to retrieve the /etc/passwd file without logging into the
system. There are two ways that this can sometimes be accomplished. Most of the time
the etc/passwd file isn't hidden from the public, in there ftp. To get the passwd
file this way try using an FTP client to access the site _*ANONiMOUSLY*_ then check
the /etc directory to see if access to the passwd file is non accessable. If it is
not restricted then download the file and run John The Ripper, or Cracker Jack, or any
other cracking programms on it. In some systems there is a file called PHF, located in
the /cgi-bin directory. If there is then you are in luck. PHF allows users to gain
_*REMOTE-ACCESS*_ to files, even etc/passwd via the 'net. To try this method
goto your web browser and type in the following addy (URL (Address)):
http://the.site.url/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
Make sure you change http://the.site.url to http://whatever the address of the page
you're trying to hack...
If all else fails, _*FiND*_ a way to get that file! If you are stuck with a 'x'
or '*' (in most cases you _*ARE*_), that means the file is shadowed. There is
_*NO*_ way to actually 'Unshadow', although, I've seen programms, that claim to
do it...You may want to visit www.lorsomer.com, www.r0ot.org, or www.hack3rs.com... You have
to have some C programming knowledge, because you have to compile the programm using a compiler.
There are allways backups of passwd though! Experiment a little, try etc/shadow
or something.
Part 4: Loggin on to _*YOUR*_ new personnal shell!
If you succeded in the password getting proccess, run your telnet client and
telent (Windows95's default telnet client can be ran by: clicking the start button,
then run, and then type telnet, hit enter.) to the server that you cracked the passwords for, such
as www.hack3rs.com (in Windows95's telnet client click conect, then remote server, or go to
MicroSoft DOS, and type: telnet address.goes.here). When you connect, you will be prompted,
for both a username, then password. Just type in the information you got after cracking
the passwd file. Once in you can do whatever you want...I strongly do not recommend spreading
virii, or causing havoc...
-Knowledge is _*POWER*_, and Information is _*STRENGTH*_-
Part 5: Newbies...
Cracking is not hacking, so just remember that...If you are seriously into
becoming a hacker, check out your local library, or bookstoor, and pick up programming
books...HTML, C, JAVA, anything...Don't buy 'hacking books' they don't help much,
they just tell you about hacks, and social engineering...Check out www.hack3rs.com
for newbie texts, and other rescources for the H/P Underground Comunity...
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ ************************************************** +
+ *ChronicK can be contaced at: eod@mailexcite.com * +
+ ************************************************** +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
read all
Reference in New Issue View Git Blame Copy Permalink