home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker's Arsenal - The Cutting Edge of Hacking
/
Hacker's Arsenal - The Cutting Edge of Hacking.iso
/
texts
/
hackingFAQ.txt
< prev
next >
Wrap
Text File
|
2001-07-11
|
9KB
|
225 lines
VI. NEWBIES READ THIS
(Basic Hacking)
WHAT MAKES A SYSTEM SECURE?
(from alt.security FAQ)
"The only system which is truly secure is one which is switched off
and unplugged, locked in a titanium lined safe, buried in a concrete
bunker, and is surrounded by nerve gas and very highly paid armed
guards. Even then I wouldn't stake my life on it."
- originally from Gene Spafford
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
WHAT WOULD BE IDEAL PROTECTION OF A SYSTEM?
Password Access- Get rid of simple passwords; routinely change all
passwords; regular review/monitoring of password
files
Physical Access- Lock up terminals, personal computers, disks when
not in use; eliminate unnecessary access lines;
disconnect modems when not in use
Other measures- Know who you are talking to; shred all documents;
avoid public domain software; report suspicious
activity (especially non-working hours access)
What this all means is that hackers must now rely on the ineptitude
and laziness of the users of the system rather than the ignorance
of SysOps. The SysOps and SecMans (Security Managers) are getting
smarter and keeping up to date. Not only that, but they are
monitoring the hack/phreak BBSes and publications. So the bottom
line is reveal nothing to overinquisitive newbies...they may be
working for the wrong side.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
WHAT IS A FIREWALL?
(from the comp.security.misc FAQ)
A (Internet) firewall is a machine which is attached (usually)
between your site and a Wide Area Network (WAN). It provides
controllable filtering of network traffic, allowing restricted
access to certain Internet port numbers and blocks access to
pretty well everything else.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
HOW TO HACK WITHOUT GETTING INTO TROUBLE AND DAMAGING COMPUTERS?
1. Don't do damage intentionally.
2. Don't alter files other than than to hide your presence or to
remove traces of your intrusion.
3. Don't leave any real name, handle, or phone number on any
system.
4. Be careful who you share info with.
5. Don't leave your phone number with anyone you don't know.
6. Do NOT hack government computers.
7. Don't use codes unless you HAVE too.
8. Be paranoid!
9. Watch what you post on boards, be as general as possible.
10. Ask questions...but do it politely and don't expect to have
everything handed to you.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
WHAT DO I DO IF I AM GETTING NOWHERE?
1. Change parity, data length, and stop bits. The system may not
respond to 8N1 (most common setting) but may respond to 7E1,8E2,
7S2, etc.
2. Change baud rates.
3. Send a series of carriage returns.
4. Send a hard break followed by a carriage return.
5. Send control characters. Work from ^a to ^z.
6. Change terminal emulation.
7. Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, GO,
LOGON, JOIN, HELP, or anything else you can think off.
=====================================================================
VII. Screwing with the most widespread operating system on the net
(UNIX / AIX Hacking)
WHAT ARE COMMON DEFAULT ACCOUNTS ON UNIX?
(from Belisarius)
Common default accounts are root, admin, sysadmin, unix, uucp, rje,
guest, demo, daemon, sysbin. These accounts may be unpassworded
or the password may possibly be the same (i.e. username uucp has
uucp as the passwd).
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
HOW IS THE UNIX PASSWORD FILE SETUP?
(from Belisarius)
The password file is usually called /etc/passwd
Each line of the passwd file of a UNIX system follows the following
format:
userid:password:userid#:groupid#:GECOS field:home dir:shell
What each of these fields mean/do---
userid -=> the userid name, entered at login and is what the
login searches the file for. Can be a name or a
number.
password -=> the password is written here in encrypted form.
The encryption is one way only. When a login
occurs the password entered is run through the
encryption algorithm (along with a salt) and then
contrasted to the version in the passwd file that
exists for the login name entered. If they match,
then the login is allowed. If not, the password is
declared invalid.
userid# -=> a unique number assigned to each user, used for
permissions
groupid# -=> similar to userid#, but controls the group the user
belongs to. To see the names of various groups
check /etc/group
GECOS FIELD -=> this field is where information about the user is
stored. Usually in the format full name, office
number, phone number, home phone. Also a good
source of info to try and crack a password.
home dir -=> is the directory where the user goes into
the system at (and usually should be brought
to when a cd is done)
shell -=> this is the name of the shell which is
automatically started for the login
Note that all the fields are separated by colons in the passwd file.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
WHAT DO THOSE *s, !s, AND OTHER SYMBOLS MEAN IN THE PASSWD FILE?
(from Belisarius)
Those mean that the password is shadowed in another file. You have
to find out what file, where it is and so on. Ask somebody on your
system about the specifics of the Yellow Pages system, but
discretely!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
WHAT IS A UNIX TRIPWIRE?
(from Belisarius)
Tripwire is a tool for Unix admins to use to detect password cracker
activity, by checking for changed files, permissions, etc. Good for
looking for trojan horses like password stealing versions of
telnet/rlogin/ypcat/uucp/etc, hidden setuid files, and the like.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
USING SUID/GUID PROGS TO FULL ADVANTAGE.
(from Abort)
A SUID program is a program that when executed has the privs of the
owner.
A GUID has the privs of the group when executed.
Now imagine a few things (which happen often in reality):
1. Someone has a SUID program on their account, it happens to allow
a shell to, like @ or jump to a shell. If it does that, after you
execute said file and then spawn a shell off of it, all you do
in that shell has the privs of that owner.
2. If there is no way to get a shell, BUT they leave the file
writable, just write over it a script that spawns a shell, and you
got their privs again.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
HOW CAN I HACK INTO AN AIX MACHINE?
(from Prometheus)
If you can get access to the 'console' AIX machines have a security
hole where you can kill the X server and get a shell with
ctrl-alt-bkspce. Also by starting an xterm up from one you are not
logged in the utmp for that session because the xterms don't do utmp
logging as a default in AIX. Or try the usual UNIX tricks:
ftping /etc/passwd, tftping /etc/passwd, doing a finger and then
trying each of the usernames with that username as a password.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
HOW CAN I INCREASE MY DISK QUOTA ON UNIX?
(from Prometheus)
A UNIX disk quota may be increased by finding a directory on another
partition and using that. Find another user who wants more quota and
create a directory for the other to use, one that is world writable.
Once they've put their subdirectory in it, change the perms on the
directory to only read-execute. The reason this works is that
usually accounts are distributed across a couple of filesystems, and
admins are usually too lazy to give users the same quotas on each
filesystem. If the users are all on one filesystem, you may be able
to snag some space from one of the /usr/spool directories by creating
a 'hidden' subdirectory like .debug there, and using that.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
HOW CAN I FOOL AROUND ON XTERM / XWINDOWS?
(from Wildgoose)
Most x commands have a -display option which allows you to pick a
terminal to send to. So if you use bitmap to create a bitmap, or
download one, etc then:
xsetroot -bitmap bitmapname
[display the bitmap on your screen]
xsetroot -bitmap bitmapname -display xt2500:0
[display the bitmap on another xterm]
Other uses, try xterm -display xt??:0 will give someone else one of
your login windows to play with. They are then logged in as you
though, and can erase your filespace, etc. Beware!
Slightly irritating:
xclock -geom 1200x1200 -display xt??:0
[fills the entire screen with a clock]
Slightly more irritating:
Use a shell script with xsetroot to flash people's screens different
colors.
On the nastier side:
Use a shell script with xsetroot to kill a per
