****> UNIX Hacking Made Easy <**** Brought to you by Shadow Lord (Shadow) -Background- UNIX is one of the most commonly used systems. Many small businesses and a few corporations run a UNIX system accessible by modem. Most UNIX systems run 1200 and 2400 baud modems, but a few of the older ones still use 300. UNIX is used for programming, mail, and various programs can be run from it. UNIX has suprisingly low security for such a widely-used system. Most of the operators leave the default passwords in, even on the accounts in which the user has no restrictions. This leaves UNIX systems wide open for hacking... -Getting On- I suggest using an exchange scanner (such as Code Thief or Fuckin' Hacker) to find numbers of UNIX systems. When you call, make sure you are not using ANSI-BBS emulation, UNIX does not support it, so everything will appear as garbage. Once you connect, hit return a few times and the 'login:' prompt should come up. UNIX systems are case-sensitive, so make sure you're using lower-case. After the account name is entered, the 'Password:' prompt will appear. Passwords are not echoed to the screen. If a correct account and password are given, you will be given access and some prompt, shown as a $ or # or some character of that sort will give you the go-ahead. I attempts, others give you unlimited tries. Bad login attempts are not reported to the system operator, so you can try as often as you like. -Once You're Inside- To find out what's in the directory that you're in, type 'ls' (list files). You can change directories much like you can in MS-DOS, use 'cd' (change directory) and than the name of the directory you want to go in. The 'ls' command does not specify what names are names of files and what names are names of directories, but if you try to cd into a file it will tell you that the directory is not valid. Use the 'rmdir' and 'mkdir' commands to make and remove directories. 'rm' also removes a file. The 'passwd' commands lets you change the password on the account that you're on. To find out who else is on, use the 'who' command. This will display the account name and if they are logged on locally or they are calling by modem (it will say tty01 or something to that nature). The 'mail' command works by typing 'mail whoever' and it will bring up the mail facility. Enter as much text as you like, and hit Cntrl-D to send the message. The 'wall' (write all) command allows you to broadcast to everyone logged on at the present time. ASCII uploads of regular or text files can be used for mail or broadcasts. Try sending a very large program in a message to the system operator if you'd like to piss him/her off. The 'cat' (display file) command lets you look at the contents of any file (format: cat filename). Hit Cntrl-D or escape or Cntrl-C (try them all; it depends on the system) to abort this process. If you are on the root account, you can use the 'su' (super-user) command to become the system operator (no restrictions). The su is obviously ideal. UNIX has a very good help facility which will give you an additional list of commands, etc. -Useful Information- In order to escape detection, go into the usr\adm directory and remove the file call sulog. This is the system usage logfile, it contains the information on who has called (like the last callers file on a bbs). Also, if you can get into the directory called etc you should display the file called passwd. It contains a list of all of the accounts and their passwords. Bad new, the accounts that have passwords are encrypted. But as I said before, a lot of people leave accounts unpassworded or at the default passwords. The format is: ACCOUNT NAME:password:0:0:description of purpose:/directory The 0:0 or whatever numbers show up are just some stuff you don't need, they are restrictions. Lower numbers means higher access pretty much. But if one account skips right from the account name to the numbers, than it is unpassworded. List Of Common UNIX Accounts root super sa startup shutdown daemon sys bin adm ncrm uucp nuucp sync lp admin sysadm unix rje guest demo sysbin sysadmin PCpath asg standard suggest dosadm pcuser ackmail altos informix r00t css backup gpcnet nobody ingress sysdiag convert async ingres cron asg sysinfo network dos filepro gpc Also try first names (all in lower case), and the name of the company (if you know it). I have seen all of the above accounts on UNIX systems. root, sa, super, adm, sysadm, and sysadmin are all high-level accounts. Some of the accounts are unpassworded, others simply use the account name as the password (what security!). The general rule is that after you enter account name at the login: prompt, if the password prompt appears very quickly then the account you have entered is not valid. If it takes a few seconds, then you've probably hit a valid account. -Close- Downloaded From P-80 Systems 304-744-2253