📄 unixsec.html
字号:
for this file, or change it's ownership. Root can own all files if he/she
wants to. The owner's UID is inserted into the file. Programs such as ls (ls
stands for list. It views the contents of a directory. For more info about
it and it's uses, type "man ls" without the quotes on a Unix system)
can tell you who owns a file. If they don't have access to the password file
(programs run with your priviledges, unless they are SUID, in which case they
run with the priviledges of the user who SUIDed them. People try not to use
SUID, because it poses lots of security threats), they will only be able to
present you with the UID of the owner. But if they have access to the password
file, they can find the appropriate username for this UID.</li>
<li>Find out information about people (what's their home directory, what's their
shell, what's written in their free text area etc').</li>
<li>Etc' etc' etc'... be creative!
<blockquote>
<blockquote>
<p>EOF</p>
</blockquote>
</blockquote>
</li>
</ol>
<p>In case you're wondering, EOF stands for End Of File. This means that... well,
duh! End of file! That's it, you've just finished that nice little mini-tutorial.
Now I assume you want to learn how to change file permissions.</p>
<p>So, in order to change file permissions, you need to learn how to use the chmod
command. Now, I am about to guide you on the process of finding information
about Unix commands by yourself. It's quite easy.</p>
<p>Okay, let's try man first. Man stands for manual. Man is a command that displays
a manual page for a specified command. The syntax is: max command. For example:
man ls, man cd, man more etc'. So let's try to type man chmod. AHA! No man entry
for chmod... :-/ (some systems might have a man page for chmod)</p>
<p>Let's try using info. We type info chmod. AHA! This time, we're getting something.
So let's see... it says a little about the chmod command, but it doesn't explain
how to use it! Oh, wait, look at this - there are links within this guide. Simply
position your cursor within a word, a couple of words or a sentence that link
somewhere else (they always have a * in front of them) and hit enter. Keep following
links until you learn about chmod and about file permissions.</p>
<p><b><font size="4">unlevels</font></b><br>
<br>
I have decided to quote a nice mini-tutorial from the Byte Me page at my website
instead of just writing about runlevels all over again (I don't like doing things
twice).</p>
<p>What are Linux runlevels? If you've been paying attention to what your Linux
box does during startup, you should have noticed that it says: "Entering
runlevel x" (where x is a number between 1 and 5) at one point of the bootup
stage (after it mounts your root filesystem (your "/" directory) into
read-write mode, sets up sound, finds your kernel's module dependencies (never
mind that for now) etc'). A runlevel is a bootup/shutdown sequence. It consists
of a list of commands to run on startup and a list of commands to run on shutdown
(or when switching to different runlevels). <br>
Now, first of all, let's see how you can switch runlevels. Bah, that's easy.
Simply type init x, where x is a number between 0 and 6. Runlevel 0 is for "halt"
(turning off your computer, if you have APM -Advanced Power Management, and
if you have APMD - APM Daemon, installed. All modern CPUs have APM), runlevel
6 is for reboot and the rest are various runlevels. 5 will bootup everything
- it will even automatically run X (by default, of course. You can change this).
Runlevel 1 is considered the single-mode runlevel. It does the least possible
(kinda like "safe mode" in Windows) and doesn't even require you to
enter a password (but only root can switch runlevels, so you have to be either
root or have physical access to the computer during startup (we'll get to that
later)). <br>
Editing your runlevels list is different with every different distribution.
Usually it would go like this: <br>
a) Go to /etc/rc.d/rcx.d/ (where x is the runlevel's number) and play around
within this directory. It contains symbolic links (kinda like shortcuts in Windows.
For more information about symbolic links (otherwise known as "symlinks"),
type man ln) to programs (including their parameters) that will be executed,
and symbolic links to programs that will be killed on shutdown. Play around
to find out more (but ALWAYS make backups!!). <br>
You can also try this: <br>
b) (this should work on most Linux boxes) Switch to the runlevel you want to
edit. Then type setup. Go to system services, and select/unselect the services
u want to run on startup and kill on shutdown). <br>
Or this: <br>
c) The easiest way - on some distributions, such as RedHat, you will be able
to type the command control-panel within an xterm (a "virtual terminal"
- a console window within X-Windows) and get a nice little window thingi with
lots of buttons and suchlikes. Find the button that says "runlevel editor"
when you put the mouse above it for a second or two. Then click on this button
and play around with the programs. I'm sure you'll figure out how to use it
yourself. It's quite self-explanitory, and it contains help files and documentation
if you really need help. <br>
Anyway, you can always try running the command: <br>
find / -name *rc* -print <br>
If none of the three specified methods didn't work, so you could see where your
runlevel directories are and apply method a on them. </p>
<p>And now, for a nice little runlevels-related hack. <br>
Now, if you're reading this document, you're probably a Linux newbie, so you
probably use Redhat Linux, Mandrake Linux etc'. If so, you should have a prompt
saying "boot:" or "LILO boot:" or "LILO:" when
you start your computer, and you could either type Windows or Linux (you can
change these names into, say, sucky-OS for Windows and Stable_and_secure_OS
for Linux, or anything else you want. Use the linuxconf program to edit LILO's
preferences, and use your imagination... :-) ). Now, what happens if you type
linux 5? Of course! It boots up Linux in runlevel 5!! But wait! What happens
if you type linux 1 or linux single? It runs on runlevel 1 - single user mode,
which means... automatic root access! No password needed. :-) <br>
Of course, you can change runlevel 1 by going to /etc/rc.d/rc1.d and then removing
the contents of this directory and copying everything from another runlevel
(replace the number in rc1.d to any other runlevel number). Please read cp's
manual page and make sure you're copying symbolic links as links and not as
files. <br>
Of course, anyway, if you have local access to a Unix box (or any other box
that I know of, as a matter of fact), you can boot from a floppy (unless, of
course, the first boot device is a hard drive and the bios is password-protected,
but these can be hacked too. Refer to this guide). </p>
<blockquote>
<blockquote>
<blockquote>
<p>EOF</p>
</blockquote>
</blockquote>
</blockquote>
<p>Now, imagine that some evil cracker (e.g. your grandma... :-) ) reads this
document and then locally roots your computer somehow (the verb 'to root' means
'to get root access to a computer, not necessarily one that runs Unix'). Scary,
huh? That was as easy as stealing a candy from a baby (not that I've ever done
that... /me looks away... :-) ).</p>
<p><b><font size="4">Cracking The Password File</font></b><br>
<br>
As you should already know by now, the password file has some encrypted text
within it. Let's discuss about the encryption scheme first, shall we?</p>
<p>Unix password file encryption is based on an altered version of DES encryption.
If you will try to decode an encrypted Unix password (let's call it a hash from
now on. That's the proper name for it) using standard DES decoding, you will
get a null string. Nothing. Nada. Zero. No, not even zero. You simply won't
get anything.</p>
<p>So how do you open this door? With a key. :-) Key-based encryption (e.g. PGP,
which stands for Pretty Good Privacy, and has very powerful encryption schemes)
is an encryption scheme where you need to have a key, which is a set of letters
(lowercase or uppercase), numbers, symbols etc' (it could be just numbers, symbols
and lowercase letters, all letters, etc').</p>
<p>So in Unix "crypt" (from now on, crypt means Unix password file encryption),
the key is actually the first eight characters of the user's password (you can
add extra characters to the key, which can be generated randomly, for extra
security. These are called salts. I won't explain much about them here because
I don't believe I know enough about them to do so), so you need the user's password
to decode the hash (but if you have the user's password, why would you want
to decode his hash if you already have the password? :-) ).</p>
<p>So, crypted passwords cannot be cracked, right? WRONG! You can use a password
cracker such as John the Ripper or Cracker Jack (there are both Unix versions
and Windows versions. Sorry, I don't have URLs to download them) to crack the
hashes. But how do these things work?</p>
<p>A password cracker generates random passwords and then tries to break the hash
by using this password as the key. If it fails, it simply tries another password
until it gets it right. Password crackers can try thousands of passwords per
second on modern computers.</p>
<p>there are two methods of password cracking - brute-force and dictionary attacks.
In brute-force mode, your password cracker guesses passwords systematically.
You can set a minimum amount of characters for the password, and tell your cracker
what to create the password out of (lowercase letters, uppercase letters, numbers,
symbols etc'). In dictionary attacks, your password cracker takes words out
of a simple text file called a 'dictionary file'. Each line in this file represents
a single word for the password cracker to try.</p>
<p>Dictionary files usually have an advantage over brute-force attacks, because
if you know that the target's password has something to do with dogs, you could
download a dictionary file about dogs. If you know it's the name of some philosopher,
you could download a dictionary file containing the names of all known philosophers.
You can also download all-purpose dictionaries that contain various words (these
usually have the greatest chance to succeed). The best place to download wordlists
from is theargon.com.</p>
<p>So, as you can see, if someone obtains your hashes somehow, he could decode
them and break into your computer. This is why all users on your system should
have a long password, and preferably not a dictionary word.</p>
<p>If you need help with using a password cracker or have any further questions,
try asking them on the message board at blacksun.box.sk (it's ours, btw... :-)
).</p>
<p><b><font size="4">Trojans</font></b><br>
<br>
Yes, trojans. Most people who read this might be thinking about Netbus, Back
Orifice, Sub7 and other Windows trojans. These aren't trojans. Okay, I mean,
they ARE trojans, but not this kind of trojans. They are 'remote administration
trojans'. First, let's understand what this name means, and then you'll see
what they have to do with Unix in general and with local<br>
security in particular (as well as remote security). Let's start with the word
trojan:</p>
<p>Trpjan - In the Greek mithology, There is a story about the 'trojan horse'.
The Greek were trying to capture the city of Troy for a reason which is beyond
this guide (you should really read the whole story or get the movie or something.
It is quite good). They were camping on the outsides of Troy for about ten years
and they still didn't manage to get in. Then, they came up with a brilliant
plan: the whole army pretended to be leaving the area, and they left a giant
wooden horse for the Trojans as some kind of a present (to honor the Trojans
for being so good). Within this horse sat a couple of soldiers. When the Trojans
found the giant horse, they carried it inside and then, under the cover of night,
the soldiers inside it came out, opened the city's gates and let the entire
Greek army get in, which eventually lead to the fall of the city of Troy.</p>
<p>So, as you see, a trojan program is a program that does not do what it proclaims
to be doing. It could either be a harmless joke (a joke program that pretends
to delete your entire hard drive or any other kinds of computer joke programs)
or a malicious program which could harm your system.</p>
<p>Remote administration - To remotely administer a system means to be able to
work on this system as if you had local ("physical") access to it.
Being able to remotely access your system (or "to remotely login to it")
is useful for getting files off your system, working on your system from a distant
place etc'.</p>
<p>Remote administration trojan - A trojan program that let's the author of the
program, the person who sent you the program or any other person in the world
access your computer and remotely administer it (this is why Remote Administration
Trojans, or RATs, are often called remote administration "backdoors"
- they open a "back door" for the attacker to get in). This is exactly
like depositing your entire system and evertyhing on it to the hands of the
attacker.</p>
<p>The most dangerous thing about RATs would probably be that most of them (especially
Netbus and Sub7) are extremely easy to use and understand, and come with one
or two pages of instructions (yes, they're THAT simple), so any little kid can
use them. Most of these "kids" have no idea what this program or other
programs that do most of the work for them do, which lead to the nickname "script
kiddies" - "lamers" (a lamer is a person who acts immaturely
or stupidly) with programs that do all of the work for them. Technically, a
script kiddie can crack into the Pentagon if he is given a program that does
everything for him. But does he know how this whole thing works? Will he know
what to do once he's in? I doubt it.</p>
<p>Now, malicious trojan programs can do a lot more than that. There are also
trojans that allow the attacker to have local access to any user who runs the
program (if root runs it, the whole system is doomed. This is one of the reasons
why no sensible system administrator would work as root all the time, and instead
make himself a less-priviledged account to work with). This is useful if the
attacker has an account on this system and wants to get access to some other
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -