__________ _______________ _________ / /\ / ______ /\ / ____ \ / ______/ / / /\____/ / / / /\___\ \ / /\_____\/ / / / / / / / / / \ \ / /_/___ / / / / / / / / / \ \ / /\ / / / / / / / / / / /\ / _____/ / / / / / / / / / / / / / / /\____\/ / / / / / / / / / / / / / /_/___ / / / / / / / / / / / / / /\ / /_/___/ / / / /_/_______/ / / /__________/ / /______________/ / /________________/ / \__________\/ \______________\/ \________________\/ Essence Of Darkness -'Hacking Servers 101' was written by ChronicK of THE E0D- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ DiSCLAiMER: ++ ++ CHRONiCK NOR ANY PARTiES AFFiLIATED WiTH HiM TAKE ++ ++ SPONSABiLiTY, WiTH THE CONTENTS CONTAiNED iN THiS ++ ++ TEXT FILE. THiS CONTENT iS FOR EDUCATiONAL PURPOSES ++ ++ ONLY, AND WHERE NOT PERSONALLY USED BY CHRONiCK, OR ANY ++ ++ OTHER PARTiES AFFiLiATED WiTH HiM... ++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ALL MiSPELLED WORDS, PUNCUATiON, AND OTHER MiSTAKES, ++ ++ ARE CONSiDERED AS'ARTiSTiC EXPRESSiNGS'. ++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ I'm very tired of people (so called 'hackers) asking me to teach them to hack, or how to hack web sites...Well there is. There are, in fact, literally hundreds of ways to do this. I'll discuss a few in this text to get you started. Everyone must start somewhere and somehow, and hacking web servers and ftp servers is yet one of the easiest ways. I really hope that you have _*SOME*_ basic knowledge, of how web servers work and how to use some form of UNiX... I'll explain that stuff anyway for those of you who _*don't*_ know. If you do, then skip this lame part =c) Part 1: The _*simple*_ UNiX commands 101 The majority of MS DOS commands, have a UNiX, or Linux equivalents. Bellow, I have listen the _*MAiN*_ commands you'll need to know to operate a shell account. CD = CD COPY = CP DEL = RM DIR = LS HELP = HELP MOVE = MV ** NOTE: These next commands where taken from the Linebreaker (unix-use.txt), and are inculded in braces... ** awk *=* Search for a pattern within a file bdiff *=* Compares two large file bfs *=* Scans a large file cal *=* Displays a calendar cat *=* Documents and prints file cc *=* C compiler cd *=* Change directory chgrp *=* Changes a file's group ownership chmod *=* Changes a file's access permissions cmp *=* Compares two files comm *=* Compares two files so as to determine which lines *=* are common to both cp *=* Copies a file to another location cu *=* Calls another Unix system date *=* Returns the date and time fr *=* Displays free space in the file system diff *=* Displays the differences between two files or dir's diff3 *=* " " three files or dir's du *=* Reports on file system usage echo *=* Displays its argument ed *=* Text editor ex *=* Text editor f77 *=* Fortran compiler find *=* Locates the files with specified characteristics format *=* Initializes a floppy disk grep *=* Searches for a pattern within a file help *=* Provides help kill *=* Ends a process in *=* Used to link files ipr *=* Copies the file to the line printer is *=* Displays information about one or more files mail *=* Used to receive or deliver messages mkdir *=* Creates a new directory more *=* Displays a long file so that the user can scroll mv *=* Used to move or rename files nroff *=* Used to format text passwd *=* Allows you to change your current password ps *=* Display a process's status pwd *=* Display the name of the working directory rm *=* Removes one or more files rmdir *=* Deletes one or more directories sleep *=* Causes a process to become inactive for a specified *=* amount of time sort *=* Sort and merge one or more files spell *=* Finds spelling errors in a file split *=* Divides a file stty *=* Displays or set terminal parameters tail *=* Displays the end of a file troff *=* Outputs formatted output to a typesetter tset *=* Sets other terminal type unmask *=* Allows the user to specify a new creation mass uucp *=* Unix-to-Unix execute vi *=* Full screen editor wc *=* Displays details in the file size who *=* Displays information on the system users write *=* Used to send a message to another user bin *=* Used to store Unix utilities lib *=* Contains libraries used by Unix tmp *=* Contains temporary files etc *=* Contains administrative programs such as passwd dev *=* Contains files which represent devices usr *=* Contains user files -NOTE: that cuncluded unix-use.txt's commands... ***** If you have _*NO*_ clue whatsoever of what any of what that chart 'represents', here's yet more help for you... On the right (in the above chart, CD, COPY DEL, DiR, HELP, and MOVE, are ALL MicroSoft, DOS commands. What are MicroSoft DOS commands? Doh, commands you enter in a MicroSoft DOS Prompt! Just try one, shell to DOS (open a MicroSoft DOS prompt), if you don't know how just restart in DOS (Win95 users). Win3.x users, just exit windows. Once you are in DOS, type some of the above commands, in the chart, on the right =c). On the left are UNiX/LiNUX commands, that do they equivalent, of, the commands on the right...I hope this explains it enough... To find out who is in a system, simply type: WHO. To get information about a specific user on the system type FINGER username (username = the name you fingering). By taking advantage of those basic UNiX commands, you can learn all you need to know about the system you are currently 'in' (using). Part 2: Cracking the passwords 101 On UNiX systems the file that contains the passwords for all the users on the system is located in the /etc dir (directory). The filename is passwd. So alltogether you need to access ~/etc/passwd. All of the accounts in the passwd file have _*ENCRYPTED*_ passwords. These passwords cannot be, in any way, 'decrypted'. However, there are programs that can be used to obtain passwords from the file. I reccomed using 'Cracker Jack', or my favorite, John The Ripper...These prgramms use wordlists (a BiG LiST of words), then compares the encrypted forms of the words in the list to the encrypted passwords in the passwd file and it notifies you when it finds a match (NOT allways 100% of the time...). John The Ripper, or Cracker Jack, can be found at: www.hack3rs.com. Part 3: Finding Password Files 101 Obviously, a systim adimin isn't just going to give out a passwd file to you. You have to have a way to retrieve the /etc/passwd file without logging into the system. There are two ways that this can sometimes be accomplished. Most of the time the etc/passwd file isn't hidden from the public, in there ftp. To get the passwd file this way try using an FTP client to access the site _*ANONiMOUSLY*_ then check the /etc directory to see if access to the passwd file is non accessable. If it is not restricted then download the file and run John The Ripper, or Cracker Jack, or any other cracking programms on it. In some systems there is a file called PHF, located in the /cgi-bin directory. If there is then you are in luck. PHF allows users to gain _*REMOTE-ACCESS*_ to files, even etc/passwd via the 'net. To try this method goto your web browser and type in the following addy (URL (Address)): http://the.site.url/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd Make sure you change http://the.site.url to http://whatever the address of the page you're trying to hack... If all else fails, _*FiND*_ a way to get that file! If you are stuck with a 'x' or '*' (in most cases you _*ARE*_), that means the file is shadowed. There is _*NO*_ way to actually 'Unshadow', although, I've seen programms, that claim to do it...You may want to visit www.lorsomer.com, www.r0ot.org, or www.hack3rs.com... You have to have some C programming knowledge, because you have to compile the programm using a compiler. There are allways backups of passwd though! Experiment a little, try etc/shadow or something. Part 4: Loggin on to _*YOUR*_ new personnal shell! If you succeded in the password getting proccess, run your telnet client and telent (Windows95's default telnet client can be ran by: clicking the start button, then run, and then type telnet, hit enter.) to the server that you cracked the passwords for, such as www.hack3rs.com (in Windows95's telnet client click conect, then remote server, or go to MicroSoft DOS, and type: telnet address.goes.here). When you connect, you will be prompted, for both a username, then password. Just type in the information you got after cracking the passwd file. Once in you can do whatever you want...I strongly do not recommend spreading virii, or causing havoc... -Knowledge is _*POWER*_, and Information is _*STRENGTH*_- Part 5: Newbies... Cracking is not hacking, so just remember that...If you are seriously into becoming a hacker, check out your local library, or bookstoor, and pick up programming books...HTML, C, JAVA, anything...Don't buy 'hacking books' they don't help much, they just tell you about hacks, and social engineering...Check out www.hack3rs.com for newbie texts, and other rescources for the H/P Underground Comunity... +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + ************************************************** + + *ChronicK can be contaced at: eod@mailexcite.com * + + ************************************************** + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ read all