Below are just little topics that involve hacking with unix to help you out.
Top 30 Unix Commands
cd
grep
mv
cp
rm
who
whoami
logon
ftp
telnet
w
cat
chwon
env
dd
chmod
find
kill
logout
hostname
gzip
ls
lpr
man
mkdir
passwd
netstat
pwd
rmdir
talk
Hackers Dictionary ( a little more shorter and less words, more important words that it)
.c file - File that was programmed in C (language). If its in .c format it has to be compiled
Root - Administrator Rights. If your root, you have total control of the system your "root" on
Exploit - Program that opens a backdoor maybe causing a root shell or buffer overflow <<
Hacker - Computer Genius who abides to ethics while "hacking".
Cracker - Another type of "hacker". Someone who "hacks" for the hell of it and fucks shit up that hack. Which a "hacker" doesn't
Trojan - Program that opens a backdoor in a system allowing someone to become root right away.
Telnet - Program used to connect two computers via "telnet". telnet host.com
Compile - When a program is writen, it is writen in code, then once saved and checked for bugs, it is compiled from that code into Computer "Junk" so that it can then be executed.
Unix - Dos like operating system created by Bell Labs in the 1970's
Linux - Clone of unix with more stuff :P
WarDialer - Program that scans a specified number(s) of prefix's for a modem / modem number. Other known as a carrier.
Virus - Program or "file" that once executed will run itself, maybe spread and delete each clone and will mess up a system very badly.
FTP - File Transfer Protocol. Used to send / recieve files from a server
Sniifers - Programs that "sniff" internet packets once installed and can give hackers good clues to security vulnerabilitys or passwords. A hacker would install a sniffer and the sniffer would then catch any incoming / outgoing packets. For example, when someone logs on to a server the sniffer would log the username and password for that person.
WinGate - Like proxy, complicated to explain but a everything goes through a proxy, and same with a wingate. But wingate(s) and proxy(s), you can spoof off of them.
Spoofing - When someone uses a program to hide their real IP or Host behind a fake one
Riding - Instead of "Spoofing" a hacker would ride from one server to another.
Scanner - Any type of program that would scan a server or server's for something. such as the SATAN scanner...the satan scanner would scan a host for security vulnerbilitys.
Now adays most hackers would most likely use Linux. As I said before it's a clone of Unix, but is has more features and fixes, etc.. Some of those features are X-Windows. A GUI kind of like Windows. More commands, better performance, etc.. If you don't have unix/linux and you want to become a hacker I suggest you get it or unless your in for a lonnngggg run. Below I will introduce linux and how to use it.
What is a shell?
The shell is a program started after you log on to Linux; it provides a command-line interface, or shell, between you and the Linux kernel. Typed commands are interpreted by the shell and sent to the kernel, which in turn opens, closes, reads, or writes files. There are a number of shell for Linux, but the default shell for most systems, is found under the /bin directory. The shell's internal commands and functions can also be used to write programs.
Logging on
When you "logon" or start-up a **nix system you will be confronted with a Login: and Password:. Login means username. So type your username on that system or root acount. Then follows your password, type in the password for that specific acount. To connect to a system TCP/IP type at your command line telnet or ftp
Changing your password
As the root operator, you can change the password for any user on your system. After creating a new user acount, create a password by using the passwd command by specifying the users name on the command line, as in the following:
#passwd fred
New Unix Password:
Retype new Unix Password:
passwd: all authentication tokens updated successfully
The passwd command, found under the /usr/bin directory, prompts you for a new password, and then asks you to type it again to verify the change. After you make the change, the /etc/passwd entry reflects the password as an encrypted string like so:
fred:Qzq/xNwYpr230O:437:437::/home/fred:/bin/bash
Logging out of a system
# exit
# logout
Either of the two will log you out of the current server.
Spoofing your address
To "spoof" your ip/host you would need a program that would actualy spoof your ident. But to "ride" which means is you connect to one server, connect to another server, and so on. There for the second server would log a connection from the first server instead of your real IP# or Hostname. But if you do not want your real ip/host logged into the first servers logfile you would connect, or telnet to a wingate, then telnet to server1, telnet to server2, telnet to server3 and then finaly hit your target. That way you would not be spoofed. Below are a few reliable wingates you could use (use the wisely)
207.170.104.54:23
24.1.24.86:23
207.183.54.53
165.64.211.539
150.234.14.132
Exploiting a system
An exploit is program that once executed will preform a number of things to then spawn a root shell or cause a buffer overflow which then would spawn a root shell. Root: Administrator. Exploits are coded specificly on a certain server. You cannot use an exploit intended for SunOS on a FreeBSD system. It wouldn't work. Basicly you have to find an exploit that would do whatever your looking for on that particular server and then ftp the victim, upload the exploit, telnet to the victim, login, compile the exploit, and run the exploit. Hopefully if all goes as planed then you would be root in no time. Use the following commands to do the above. (207.170.104.54 is a wingate, victim.research.net is our target and the "23" is the port we're connecting to)
# ftp 207.170.104.54 23
********When the login prompt comes up type username@victim.research.net. For password, type in the usernames password. It would then logon to the ftp server and then logon to the target.
207.170.104.54 > put exploit.c
207.170.104.54 > logout
# telnet 207.170.104.54
Trying 207.170.104.54....
Connected to 207.170.104.54
WinGate> victim.research.net
Connecting to victim.research.net....... Connected
Welcome to Victim Research Lab
kernel on an i586
Escape key is "["
Login: prsmith
Password: **********
********It's always good to have a l/p to the server your trying to hack
Welcome prsmith
last login from 207.170.104.54 06/28/96 3:53:64
You have mail
$ <------- Not root
$ whoami
prsmith
********So we're not root. Lets compile and run our exploit
$ gcc -o exploit exploit.c
$ exec /home/prsmith/exploit
# <------- Yes! We're root.
So we are now root. Remember try not to damage the system your root on or there's a chance you might get busted. Just look around. -maybe leave a message or something....
Using text editors
Text editors are ofcourse programs that display a file and its contents. Diffrent people have favorite text editors. Mine happens to be emacs. Because it can compile, runs smooth, and isn't that huge in space.
Editing Text with the pico Editor
The pico editor, part of the pine e-mail program software package, is an easy-to-use editor. This no-no-nonsence program is compact, reliable, and efficient (you don't have to use pine in order to edit files with pico).
# pico -m myfile.txt
pico opens your file and your display is lit up with the contents of "myfile.txt".
Navigating the Linux FileSystem
Use the pwd (print working directory) command to print the current, or present, working directory (that is, the directory where you are at the moment):
# pwd
/home/prsmith
A binary version of the pwd command can be found in the /bin directory, but nearly all shells have a built-in pwd command.
Use the cd (change directory) command to navigate through the Linux file system's directories. Use this command with a direct specification or pathname to move to a specified directory.
# pwd
/home/prsmith
# cd /usr/bin
# pwd
/usr/bin
# cd
/home/prsmith
If you enter the cd command by itself you will return to your home directory. Move up to the next directory by entering two periods (..) with the cd command, like so:
# pwd
/home/prsmith
# cd ..
# pwd
/home
Listing Directories
Listing the contents of directories, like the cd command is an easy learned command and one of the most important.
Use the ls (list directory) command to list the contents of one or several directories. This command has more then 40 line options other known as WildCards that can be combined to format listings. To list whats in the /usr/local directory you would type the following command:
# ls /usr/local
bin etc info lib qt src
doc games lesstif man sbin
By default the ls command list the contents of directories in columns, sorted verticlly. You can use diffrent command-line options and wildcards to view directory contents in diffrent formats. For exmple, the -F (classify) option identifies directories and executible files by appending a foward slash (/) and asterisk (*) to file or directory names:
# ls - F /usr/local/lib/*
/usr/local/lib/cdbd:
eb104910
/usr/local/lib/saytime:
saytime.sh* sounds/
Below is a simple table to help you out understand diffrent wildcards after the LS command...
Flag Description
-d List directories, not files
-l Long format listing
-m List filenames seperated by commas
-x Sort filenames in columns horizontally
-A List all files, but not . and ..
-C Sort files in columns vertically
-F Identify directories, links, and executibles
-R List directory contents recursively
-S Sort files by size
-color Use color to identify files
Viewing Text Files
Use the cat (concatenate) command to print the contents of a file to your console display or teminal window.
# cat -n /etc/issue
1. Red Hat Linux release 5.1 (Manhattan)
Kernel 1.0.31 on an i586
Use the -n (line-numbering) flag to number the lines in numerial form:
# cat -n /etc/issue
1. Red Hat Linux release 5.1 (Manhattan)
Kernel 1.0.31 on an i586
You do cat /dir/dir/file and then it will display the contents of the file apon your screen.
Deleting Files with the rm Command
The rm (remove) command is used to delete files and directories. You delete files by including a single filename or several filenames on the command line, like so:
# rm file1 file2 file3
Use wildcards to delete multiple files:
# rm file*
The rm command can also be used to delete files within a specicified directory:
# rm -r temp
rm: descend directory `temp'? y
rm: remove `temp/file1'? y
rm: remove `temp/file2'? y
rm: remove `temp/file3'? y
rm: remove `temp/file4.txt'? y
rm: remove directory `temp'? y
Use the -r (recursive) option along with the name of a directory to delete files within a directory. If you attempy to delete a directory without this option, the rm command complains and quits.
The -i (interactive) command-line option is the safest way to use the rm command. In this mode, rm interactively queries for a y or n before it deletes a file:
# rm -i file*.txt
rm: remove `file1.txt'? y
rm: remove `file2.txt'? y
rm: remove `file3.txt'? n
Deleting Directories with the rmdir Command
You can remove directories by using the rmdir command.
# rmdir temp/randomdir/passwords/work
# rmdir temp/randomdir
rmdir: temp/randomdir: Directory not empty
However, if any files or directories exist below the specified directory, you must move or delete those first.
Deleting Directories with the rm Command
The rm command can be used like the rmdir command to remove directories, but you must use the -r (recursive) option in conjunction with the -f (force) option to do so. This combination of options removes files and directories without asking for confirmation. Here is an example:
# rm -fr temp
Finding files with the find Command
The find command is used to search all mounted file systems for the name or partial name of a file or directory. This powerful command can be used to do much more than simply find files. To search for files or directories, specify a search path and search pattern on a command line, like so:
# find /usr -name pico* -print -xdev
As shown in the following, this search of the /usr directory for the pico editor and other files locates the pico program and its manual page. But be warned! Searching a file system, especially in a network enviornment with remotely mounted filesystems, can take a long time.
Using the grep Command
The grep command is part of a family of commands: greap, fgrep, and egrep. There commands are closely related, but have diffrent capibilities in the type of expressions or wildcards the can be used on the command line. For example, to look for any reference to the tee command in the file info-dir under the /etc directory, use the greap command like this:
#grep -n tee /etc/info-dir
92:* tee: (sh-utils)tee invocation. Redirect to multiple files.
The grep command returns matchs for simple words as patterns on the command line. The -n (number) command-line option prints the line number of the matching line in which the pattern is found. The grep command, by default, recognizes and uses only regular expressions, and reports an error if you try to use an extended regular expression:
# grep '\(gp' /etc/info-dir
grep: Unmatched ( or \)
Each grep command reads the standard input and writes to the standard output. However; search patterns can also be placed in a text file (as I've done here with the cat command) and used with the -f (file) option:
# car > search.txt
gpm
[EOT]
# grep -f search.txt /etc/info-dir
* gpm: (gpm). Text-mode mouse library.
The grep command has more then 20 diffrent command-line options, and can be used to emulate the fgrep or egrep commands with the -F and -E options.
Basic Networking utility(BNU)
The BNU is a unique feature in UNIX.Some systems may not have this installed.
What BNU does is allow other remote UNIXes communicate with yours without
logging off the present one.BNU also allowes file transfer between computers.
Most UNIX systems V will have this feature installed.
The user program like cu,uux etc are located in the /usr/bin directory
Basic Networking Files:
-----------------------
/usr/lib/uucp/[file name]
[file name]
systems - cu command to establishes link.Contains info on remote computers
name,time it can be reached,login Id,password,telephone numbers
devices - inter connected with systems files(Automatic call unit same in two
entries)also cantains baud rate,port tty1 etc.
dialers - where asscii converation must be made before file tranfers etc.
dialcodes - contains abreiviations for phone numbers that can be used in
systems file
other files are sysfiles,permissions,poll,devconfig
B.N.U Aministrative files:
--------------------------
There are 5 admnistrative files present.These are files are created in the
/usr/spool directory .These A.Files are responsible for various BNU procceses
like kepping records data ,files tranfers bettwenn remote and local and also
usefull to lock devices.
TM - This file used to hold temporary data .When tranfering the files from a
remote to local the /usr/spool/uucp/[name of the remote computer ] creates
this in the format of as of below:
TM[Process Identification Number].[ddd]
The ddd is the a 3 digit number (sequential) starting with "0"
Here a typical eg: TM322.012
Then this file is moved into the path defined by the C.sysnxxx file
X.[Execute files] - Created in the /usr/spool before you execute the commands
in remote.
The format used to name this file is X.sysnxxx
where sys stand for the remote name and n is the priority
level the xxxx is a sequence assingned by the uucp.These
files always contain the Name of the file ,Comuter & file
name to recieve,Persons login & computer name and the
command string.
LCK - The lock file created in the /usr/spool/locks directory.The is used when
devices are being used.Prevent usage of the same calling device.
Format used: LCK.str wher the str is a device name.The Lock file contains
the PID needed to lock
C.sysnxxx - created in the usr/spool directory.These are the work files.Used
when work is in line,remote execeutions.Format is same as the
X.sysnxxxx.The works files contain the full path name of the file
to be sent,path name of the destination (TM Transfers),Remote login
name to be notified after the file transmision is complete,Users
login name and the name of the programs used eg.uucp,uupick etc.
D - The data files.Format used is D.systmxxxxyyy.These files are created when
specified in a command to copy to the spool directory.Eg. By the usage of
uucp -C this will be true.
The systm is the remote name,xxxx is the the 4 digits seq assingned by
the uucp.The yyy is a sub sequence number.
Logining on to remote and sending+receiving files
-------------------------------------------------
cu - This command allows one to log on to the local as well as the remote
Unix (or a non unix)without haveing to hang up so you can transfer files.
Usage:[options]
$ cu [-s baud rate][-o odd parity][-e even parity][-l name of comm line]
telephone number | systemname
To view system names that you can communicate with use the 'unname' command:
Eg. of output of names:
ATT01
ATT02
ATT03
ATT04
$ cu -s300 3=9872344 (9872344 is the tel#)
connected
login:
password:
local strings:
--------------
<~.> - will log you off the remote terminal but not the local
~! - out you on the local withiout disconnecting the line from remote
~%take [file name] - takes a copy of the file name and copies it to the
local(the directory which you are in)
"%put [file name] - reverse of above
~$[command] - allows the execution of a command to the local from remote
ct
--
ct allows local to connect to remote.Initiates a getty on a remote terminal.
Usefull when using a remote terminal.BNU has call back feature that allows
the user on the remote who can execute a call back meaning the local can call
the remote.[ ] are options
$ ct [-h prevent automatic hang up][-s bps rate][-wt set a time to call back
abbrieviated t mins] telephone number
uux
---
To execute commands on a remote (unix to unix)
usage:[ ] are options
$ uux [- use standard output][-n prevent mail notification][-p also use
standard output] command-string
uucp
----
uucp copies files from ones computer to the home directory
of a user in remote system.This also works when copying files from one
directory to another in the remote.The remote user will be notified by mail.
This command becomes use full when copying files from a remote to your local
system.
The uucp requires the uucico daemon will call up the remote and will perform
file login sequence,file transfer and notify the user by mail.
Daemons are programs runining in the background.The 3 daemons in a Unix are
uucico,uusched,uuxqt.
Daemons Explained:[nows a good time to explain the 3 daemons]
------------------
uuxqt - Remote execution.This daemon is executed by uudemon.hour started by
cron.UUXQT searchs in the spool directory for executable file
named X.file sent from the remote system.When it finds a file X.file
where it obtains process which are to be executed.The next step is
to find weather the processes are available at the time.The if
available it checks permission and if everthing is o.k it proceeds
the background proccess.
uucico - This Daemon is very immportant for it is responsible in establishing
a connection to the remote also checks permission,performs login
procedures,transfers + executes files and also notifies the user
by mail.This daemon is called upon by uucp,uuto,uux commands.
uusched - This is executed by the shell script called uudemon.hour
This daemons acts as a randomizer before the UUCICO daemon is
called.
Usage of uucp command:
$ uucp [options] [first full path name!] file [destination path!] file
example:
$ uucp -m -s bbss hackers unix2!/usr/todd/hackers
What this would do is send the file hackers from your computer to the remotes
/usr/todd/hackers making hackers offcourse as file.todd would mail that
a file has been sent to him.The unix2 is the name of the remote.
Options for uucp:(Dont forget to type in remotes name unix2 in case)
-c dont copy files to spool directory
-C copy to spool
-s[file name] - this file will contain the file status(above is bbss)
-r Dont start the comm program(uucico) yet
-j print job number(for above eg.unix2e9o3)
-m send mail when file file is complete
Now suppose you wanted to receive file called kenya which is in the usr/dan/usa
to your home directory /usr/john assuming that the local systems name is
ATT01 and you are currently working in /usr/dan/usa,you would type in:
$uucp kenya ATT01!/usr/john/kenya
uuto
----
The uuto command allows one to send file to remote user and can also be used
to send files locally.
Usage:
$ uuto [file name] [system!login name]( omit systen name if local)
Hacking any type of system and what to do...
If your hacking a bank, or some type of server that has some what of value, then you must follow these instructions percisley...
First, find the server type and O/S the target is running on. Then either write your own exploit, or go scrounge up one to 1-Cause a buffer overflow to then spawn a root shell and 2-To clean the log files. Once you have the exploit(s) then your ready to go. Go to your command line and type the following:
# finger [victim.com]
[victim.com]
Good. No one logged on. Lets proceed.
#satan -o|p|openBSB*linux -2m [victim.com]
Scanning [victim.com] for vulnerbilities on OpenBSB......
Found 1: Log file Exploit
Found 2: Buffer OverFlow in /tmp/var to cause a root shell to be spawned
Found 3: Sendmail v5.3.1 Bug (root)
This is Satan. A security scanner that scans a host for vulnerbilities. Ok we found 3 so far. That's just an example but you might and you might not find any vulnerbilities on the targets computer. Ok so say we have an exploit for the system and we're ready to root the bitch... So no ones logged on, and we know for "sure" we can root it. Ok, lets login (thats assuming you have a l/p)
# telnet wingate.com
Trying 255.255.255.255.....
Connected to 255.255.255.255
WinGate> 252.252.252.252
Connecting to 252.252.252.252.......... Connected
WinGate> 232.232.232.232
Connecting to 232.232.232.232.......... Connected
WinGate> your.target.host.or.ip.here.com
Connecting to target.host.or.ip.here.com......... Connected
Welcome to United States Defence Server
Restrictions may apply
Kernel on a i486
Escape key "]"
login: di-g
password: *******
Welcome di-g
Last login from yourhost.com 45:3:52 12/2/96
No Mail
$ <--- ok we're not root
lets root it
*******assuming we already uploaded the exploit (with ftp as shown above) to rootexploit.c and logexploit.c
Now that your root you can do anything you want. I suggest if your hacking something as big as the US Defence Server don't fuck anything up. If I had root on the United States Defence Server, I would install a sniffer, some rootkits, and upload a few trojans for future hacks. Then once I have alot of root acounts or regular acounts I would contact the Iraqy Government or some other shit like that and I would sell all the shit. That's what I'd do. But if your, for example, hacking a university or a school, install a rootkit or two, sniffers to get passwords and then make you move. Maybe deface the servers welcome message, as in when someone turns on their computer it is welcomed by your welcome message :)). Thats what I did at my college. If you school or buisness your at has a network, try hacking it. If you can get in the "inside" gather a little information about the server and then do you stuff. I don't really suggest fucking it up because there might be something usefull that could pose as black male or something else in the future.
To sum it up, get root by exploiting it, or cracking the unshadowed password file in /etc/passwd.Then once root upload a rootkit and a few trojans, then do whatever you wish. Look for the "Hacking Networks" tutorial soon! Keep it cool and stay out'a trouble
No comments:
Post a Comment