________________________ // Creating Unix Accounts \ \\ by the Kryptic Night / // and the \ \\ Servants of the / // Mushroom Cloud \ \\________________________/ \ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ So, you've hacked the *ROOT* account on some unix system? You have the full power of the unix system at your hands, and you want to keep it that way for a long time? Using the root account is not the way to do this! This short little file will describe a way that will allow you to keep your access for as long as possible. --------------------------------------------------------------------------- - - - Creating Unix Accounts - - - First, you need to logon to the Unix system as the root account. You should be confronted with a '#' or a '&', depending on which software the system is run on, and which shell it is under. Don't worry if it isn't one of these, many sysops like to create their own prompts. I've seen some as stupid as 'Hi! Steve! >' to 'Don't forget to backup! >'. Set up your settings and check your security, you don't want to be interrupted by some moronic buffoon who is logged on at the same time as you...especially if it's the root's other account. To see if someone else is online, type 'who'. You will be assaulted by a list of users who are currently on the system at the same time as you. You should do a 'finger' to everyone of the users on their, looking for anything suspicious. If it tells you that he is the root, or sysop, you will want to call back later. Also, if it is convenient, change your settings to allow for backspaces, aliasing, etc. Next, you should create your home directory. A home directory is the location of all your login scripts, your files, and the directory that is loaded upon login. This should be located in the same directory as all the legitimate users. If you see a directory with a multitude of names in it, odds are it's the user directory. Most often, it is the /usr or /user directory. From that directory type. . . #mkdir XXXXX ; Don't type the '#', the XXXX is the name ; of the user's home directory. This can ; be anything you like, however, try for ; something unsuspicious...a directory like ; /usr/flaming_fag will catch attention Ok, we got that over with painlessly. Your next step is to go to the /etc directory.... A simple 'cd /etc' will do. If you do a ls -l, you will see a file called 'passwd' this is the password file, it is the only one on the system that is used. If you 'cat passwd' the file, you will see all the users able to log on. Here is an example of what a user may look like... Bendover:iaKJhHkjahfuH:0:0:Asshole:/user/bend:/bin/csh \______/ \___________/\/\/\_______/\________/ \______/ 1 2 3 4 5 6 7 1 - This is the name of the account used to logon. 2 - This is the encrypted password. If you see something like.... Bendover::0:0: it means that this is an account that doesn't require a password to logon. Most systems have one or two of these for things like netting, maintenance, and guest accounts. 3 - This is the users level. A level of 0 is a superuser. 4 - This is the number of the group the user is in. 5 - This is a short description of the account. This is usually a full name or a position. 6 - This tells where the home directory is located. 7 - This is the default shell to use upon logon. csh - C Shell; sh - Bourne Shell; ksh - Korn Shell rsh - Restricted Bourne Shell To add a user to the password file, providing you have write access, you can do several things. The one I will explore is called redirection. With this method, you can add a new line to the file from the prompt. To do this you will need to type . . . #echo XXXXXX::0:0:XXXXX:/XXXX/XXXX:/bin/XXX >>passwd You will need to fill in the X's with appropriate information, an example I've used in the past is.... #echo mikeb::0:0:michael boyd:/usr1/mikeb:/bin/csh >>passwd You may choose to use a different group number, it may catch the sysops attention more if he sees two 0's, versus just one. I've never done this, but it really shouldn't make a tremendous difference. By now you should, if all went well, you should have another user! Just to verify your work, 'cat' the password file and look for your name at the bottom of the list. If it isn't their, try again. Make SURE you use TWO '>'s, or else you will destroy the passwd file...This is NOT good. If everything worked out, logout. Try not to hang up, as this sometimes hangs the terminal you were logged on as. This may be a bit dangerous if the terminal connects to the next person who calls, dropping them into the root accounts shell. Call back in about a minute or so, and logon as the user you just created. It shouldn't ask for a 'password:' as you specified none. If it does, then you probably typed in the name in different caps than you typed it into the password file. Remember, caps DO matter. Assuming that you were able to log on, you will now be using your NEW account. That's about all that is really necessary. You will want to create your .login, and your .cshrc files eventually. But for now, you can just copy them from another user. Use a 'ls -al' in another users home directory to see if he has a copy of these files. If he does, copy them by 'cp .login /XXX/XXXX/.login ' The X's specify your home directory. - - - Conclusion - - - This file is obviously slated for the person who is just beginning to learn Unix, although it is unlikely that a person who can attain a root account is ignorant of unix, it is easier for EVERYONE to understand like it is. If this file insults your intelligence, that's your problem. I've seen several people who have root accounts, know unix fairly well, and still cannot create users. I've tried to include as much information as I can, but I may have overlooked something that I think is simple, but may confound you. If I do, tell me, and I'll try to keep away from it in future releases. I'll also consider updating this file and re-releasing it. ----------------------------------------------------------------------------- - - - Bibliography and Suggested Reading - - - Unix Use and Security From the Ground Up: by the Prophet in 1986 This is probably the BEST file I've ever seen on the subject of Unix. It is written for the beginner, and contains valuable information for the advanced user. The Prophet became a member of Lod/H and is currently serving a sentence of 20 months in relation to the big Lod/H bust of '90. Articles on unix trojans and mischief: by Shooting Shark Shooting Shark presents some interesting information on various ways to commit havoc on Unix systems. You can find most of his essays in both Phrack and Lod magazines. Lod/H Tech Journals The Legion of Doom/Hackers are perhaps the most skilled and knowledgable hackers in the underground society. Their 'Tech Journals' describe almost anything you'd ever want to know about illegal activities. Phrack Magazines Phrack is also one of the best sources for information on a multitude of subjects, ranging from social engineering, to carding, to making explosives. For those with free time, download all of the 32 articles released to date. ---------------------------------------------------------------------------- Thanx go out to Emerikol the Chaotic for the idea of making this file, SiD for their quality releases, every SMC member, and all else who contribute to the free exchange of information in fascist Amerikkka. | | \ | /\/\ / ³\ ÄÂÄ | / \ / ³ \ A ³ A | / |/| / / \ ³ / ³ / |/ | < \ ³/ ³/ U L T |\ RYPTIC / | \ \ / ³\ | \ / | \ ³ \ |\ | | \ | \ | | \|IGHT / ` - Kryptic Night, Data Kult, Lord Logics, Shadow Walker, The Scorpian - Nacht Habicht X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X Another file downloaded from: NIRVANAnet(tm) & the Temple of the Screaming Electron Jeff Hunter 510-935-5845 Salted Slug Systems Strange 408-454-9368 Burn This Flag Zardoz 408-363-9766 realitycheck Poindexter Fortran 415-567-7043 Lies Unlimited Mick Freen 415-583-4102 Tomorrow's 0rder of Magnitude Finger_Man 408-961-9315 My Dog Bit Jesus Suzanne D'Fault 510-658-8078 Specializing in conversations, obscure information, high explosives, arcane knowledge, political extremism, diversive sexuality, insane speculation, and wild rumours. ALL-TEXT BBS SYSTEMS. Full access for first-time callers. We don't want to know who you are, where you live, or what your phone number is. We are not Big Brother. "Raw Data for Raw Nerves" X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X