] *> Press [X] to Abort / [CR] to Continue: [] *> Title: Hacking UNIX *> Date: 6/10/89 *> Time: 12:20 pm /|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\ \|/ \|/ /|\ /|\ \|/ An Indepth Guide in Hacking UNIX and the \|/ /|\ concept of Basic Networking Utility /|\ \|/ ---------------------------------------- \|/ /|\ By:Red Knight /|\ \|/ Phreakers/Hackers Underground Network \|/ /|\ /|\ \|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/ Brief history on UNIX ---------------------- Its because of Ken Tompson that today were able to Hack Unix.He used to work for Bell Labs in the 60s.Tompson started out using the MULTICS OS which was later eliminated and Tompson was left without an operating system to work with. Tompson had to come up with something real quick.He did some research and and in 1969 UNIX came out,which was a single user and it didn't have many capabilities.A combined effort with others he rewrote the version in C and added some good features.This version was out in 1973 and was available to the public.This was the first begining of UNIX as its known presently.The more refined version of UNIX,today know as UNIX system V developed by Berkley University has unique capabilities. Various types of UNIXes are CPIX,Berkeley Ver 4.1,Berkeley 4.2,FOS,Genix,HP-UX, IS/I,OSx,PC-IX,PERPOS,Sys3,Ultrix,Zeus,Xenix,UNITY,VENIX,UTS,Unisys,Uniplus+, UNOS,Idris,QNIX,Coherent,Cromix,System III,System 7,Sixth edition. The article it self: -------------------- I believe that hacking into any system requires knowledge of the Operating system itself.Basically what I will try to do is make you more familiar with UNIX operation ,its usefull commands that will be advantageous to you as a hacker.This article contains in depth explainations. Error Messages that one may came across:[UNIX system V] ---------------------------------------- Login incorrect - An ivalid ID and/or pw was entered.This means nothing. In UNIX there is no way guessing valid user IDs.You may come across this one when trying to get in. No more logins - will happens when the system wont accept anymore logins could be going down Unknown Id - will happen if an ivalid id is entered using (su) command Unexpected eof in file - The file being stripped file has been damaged Your password has expired - This is quiet rare although there have been cases where it happened.Reading the etc/passwd will show you at how many intervals it changes. You may not change the password - The password has not yet aged enough.The Administrator set the quotas for the users Unknown group [groups name] - occurs when chgrp is executed ,group doesn't exist Sorry - Indicated that you have typed in an invalid super user password(execu- tion of the su) Permission denied!- Indicated you must be the owner or a super user to change password. Sorry <[# of weeks] since last change - This will happen when password has has not aged enough and you tried to change it(passwd) [directory name]:no permission - You are trying to remove a directory which you have no permission to. [file name] not removed - trying to delete a file owned by another user that you dont have write pemision for. [dirname] not removed - ownership of the dir is not your that your trying to delete. [dirname] not empty - the directory contains files so you must have to delete the files before executing the rmdir [command] not found - you have entered an ivalid command not know to UNIX cant execute pwd - some thing wrong with the system cant execute pwd command cannot chdir to .. - (.. one level up) permision is required to execute pwd above the current directory cant open [file name] - defined wrong path,file name or you have no read permission cp:[file name] and [file name] are identical - self explanatory cannot locate parent directory - occurs when using mv [file name] not found - file which your trying to move doesn't exsist You have mail - Self explanatory Basic Networking Utility error messages --------------------------------------- cu:not found - networking not installed login failed - invalid id/pw or wrong # specified dial failed - the systen never answered due to a wrong # uucp completely failed - did not specify file after -s wrong time to call - you called at the time at a time not specified in the Systems file system not in systems - you called a remote not in the systems file Logon format : first thing one must do is switch to lower case -------------- Identifing a UNIX.Here is what you'll see: Some times there will be no system identifer AT&T UNIX SysVR3.0 (eg of a system identifier) login: or Login: Any of these is a UNIX.Here is where you will have to guess at a user valid id.Here are some that I have come across eg( glr,glt,radgo,rml,chester,cat, lom,cora,hlto,hwill,edcasey and also some containing numbers smith1,mitu6 or special characters in it like bremer$,j#fox.Login names have to be 3 to 8 chracters in lenght lowercase and must start with a letter.In some XENIX systems one may login as "guest" User level accounts:(lower case) -------------------- In Unix they have whats called accounts .These accounts can be used at the "login:" prompt. Here is a list: sys bin trouble daemon uucp nuucp rje lp adm listen - if starlan is installed Super-user accounts: -------------------- And then there are super-user login which make UNIX worth hacking. The accounts are used for a specific job. In large systems these logins are assingned to users who have a responsibilty to maintain subsystems. They are as follows :(all lower case) root - this is a must the system comes configured with it.It has no restriction.Has power over every other account. unmountsys - unmounts files setup - system set up makefsys - makes a new file sysadm - allows useful S.A commands(doesn't need root login) powerdown - powering system down mountfsys - mounts files checkfsys - checks file These accounts will definitly have passwords assigned to them.These accounts are also commands used by the system administrator. Here are some examples of accounts I have seen: cron uuhelp usenet anonuccp news network bellboy lp vector guest games ninja vote warble sysinfo After the login prompt you will receive a password prompt: password: or Password: Enter the password (it wont echo).The password rule is as follows:Each pw has to contain at least 6 characters and maximum has to be 8 .Two of which are to be alphabetic letters and at least one being a number or a special character The alphabetic digits could be in upper case or lower case.Here are some of the passwords that I have seen (eg.Ansuya1,PLAT00N6,uFo/78,ShAsHi..,Div417co) The passwords for the super user accounts will be difficult to hack try the accounts interchangebly eg.login:sysadm password:makefsys or rje1, sysop,sysop1,bin4 or they might contain letter,numbers,special chracters in them.It could be anything.The user passwords are changed by an aging proccess at successive intervals.The users are forced to changed it.The super-user will pick a password that wont need changing for a long period of time. You have made it! ----------------- The hard part is over and hopefully you have hacked a super-user account. Remember Control-d stops a process and also logs you off. The next thing you'll probably see is the system news eg. login:john password:hacker1 System news There will be no networking offered to the users till august 15,due to hardware problems. (just an example) $ $ is the Unix prompt -waiting for a command to be entered.I will use this throught the article to show outouts etc..(Its not part of the command) # - means your logged in as root(very good) A word about the XENIX System III:(run on the tandy 6000) --------------------------------- The largest weakness in the XENIX System III occurs after the installation of the Profile-16 or more commonly know as the filepro-16.I have seen the filepro-16 installed in many systems. The installation process creates an entry in the password file for a user named \fBprofile\fR ,an account that who owns and administors the database. The great thing about it is that when the account is created ,no password is assigned to it.The database contains executable to maintain it.The database creation programs perform a \fBsetuid\fR to boot up the \fBoot\fR there by giving a person the whole C Shell to gain Super User privilege same as root. Intresting huh! * Note: First the article will inform you of how the Unix is made up The Unix is made if three components-The shell,the kernal,file system. The kernal: ----------- You could say that the kernal is the heart of the Unix operating system. The kernal is a low level language lower than the shell which maintains processes .The kernal handles memory usage ,maintains file system the sofware and hardware devices. The shell: ---------...
kopia23