unix- a hacking tutorial.sir

黑客培训教程

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                        UNIX : A Hacking Tutorial                          +
+                            By: Sir Hackalot                               +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

----------------------
o Intent of this file:
----------------------

     This phile is geared as an UNIX tutorial at first, to let you get more
familiar with the operating system.  UNIX is just an operating system, as
is MS-DOS, AppleDOS, AmigaDOS, and others.  UNIX happens to be a multi-user-
multi-tasking system, thus bringing a need for security not found on MSDOS,
AppleDOS, etc.  This phile will hopefully teach the beginners who do not have
a clue about how to use UNIX a good start, and may hopefully teach old pros
something they didn't know before.  This file deals with UNIX SYSTEM V and
its variants.  When I talk about unix, its usually about SYSTEM V (rel 3.2).

Where Can I be found?  I have no Idea.  The Boards today are going Up'n'Down
so fast, 3 days after you read this file, if I put a BBS in it where you could
reach me, it may be down!  Just look for me.

I can be reached on DarkWood Castle [If it goes back up], but that board
is hard to get access on, but I decided to mention it anyway.

I *COULD* Have been reached on jolnet, but......

This file may have some bad spelling, etc, or discrepencies since it was
spread out over a long time of writing, because of school, work, Girl friend,
etc.  Please, no flames.  If you don't like this file, don't keep it.

This is distributed under PHAZE Inc.  Here are the members (and ex ones)
The Dark Pawn
The Data Wizard
Sir Hackalot (Me)
Taxi (ummm.. Busted)
Lancia (Busted)
The British Knight (Busted)
The Living Pharoah (Busted)

_____________________________________________________________________________


-------------
o Dedication:
-------------
        This phile is dedicated to the members of LOD that were raided in
Atlanta.  The members that got busted were very good hackers, especially
The Prophet. Good luck to you guys, and I hope you show up again somewhere.
_____________________________________________________________________________

------------------------
o A little History, etc:
------------------------

        UNIX, of course, was invented By AT&T in the 60's somewhere, to be
"a programmer's operating system."  While that goal was probably not reached
when they first invented UNIX, it seems that now, UNIX is a programmer's OS.
UNIX, as I have said before, is a multi-tasking/multi-user OS.  It is also
written in C, or at least large parts of it are, thus making it a portable
operating system.  We know that MSDOS corresponds to IBM/clone machines,
right?  Well, this is not the case with UNIX.  We do not associate it with
any one computer since it has been adapted for many, and there are many
UNIX variants [that is, UNIX modified by a vendor, or such].  Some AT&T
computers run it, and also some run MSDOS [AT&T 6300].  The SUN workstations
run SunOS, a UNIX variant, and some VAX computers run Ultrix, a VAX version
of UNIX.  Remember, no matter what the name of the operating system is [BSD,
UNIX,SunOS,Ultrix,Xenix, etc.], they still have a lot in common, such as the
commands the operating system uses.  Some variants may have features others
do not, but they are basically similar in that they have a lot of the same
commands/datafiles.  When someone tries to tell you that UNIX goes along with
a certain type of computer, they may be right, but remember, some computers
have more than one Operating system.  For instance, one person may tell you
that UNIX is to a VAX as MSDOS is to IBM/clones.  That is untrue, and the
only reason I stated that, was because I have seen many messages with info
/comparisons in it like that, which confuse users when they see a VAX running
VMS.
____________________________________________________________________________


-------------------------------
o Identifying a Unix/Logging in
-------------------------------

        From now on, I will be referring to all the UNIX variants/etc as
UNIX, so when I say something about UNIX, it generally means all the variants
(Unix System V variants that is: BSD, SunOS, Ultrix, Xenix, etc.), unless
I state a variant in particular.

        Okay.  Now its time for me to tell you how a unix USUALLY greets you.
First, when you call up a UNIX, or connect to one however you do, you will
usually get this prompt:

login:

Ok.  Thats all fine and dandy.  That means that this is PROBABLY a Unix,
although there are BBS's that can mimic the login procedure of an OS
(Operating System), thus making some people believe its a Unix. [Hah!].
Some Unixes will tell you what they are or give you a message before a
login:  prompt, as such:

Welcome to SHUnix.  Please log in.

login:

        Or something like that.  Public access Unixes [like Public BBSs] will
tell you how to logon if you are a new users.  Unfortunatly, this phile is
not about public access Unixes, but I will talk about them briefly later, as
a UUCP/UseNet/Bitnet address for mail.
        OK.  You've gotten to the login prompt!  Now, what you need to do
here is enter in a valid account.  An Account usually consists of 8 characters
or less.  After you enter in an account, you will probably get a password
prompt of some sort.  The prompts may vary, as the source code to the login
program is usually supplied with UNIX, or is readily available for free.
Well, The easiest thing I can say to do to login is basically this:
Get an account, or try the defaults.  The defaults are ones that came with
the operating system, in standard form.  The list of some of the Defaults
are as follows:

ACCOUNT                         PASSWORD
-------                         --------
root                            root      - Rarely open to hackers
sys                             sys / system / bin
bin                             sys / bin
mountfsys                       mountfsys
adm                             adm
uucp                            uucp
nuucp                           anon
anon                            anon
user                            user
games                           games
install                         install
reboot                            * See Below
demo                            demo
umountfsys                      umountfsys
sync                            sync
admin                           admin
guest                           guest
daemon                          daemon

The accounts root, mountfsys, umountfsys, install, and sometimes sync are
root level accounts, meaning they have sysop power, or total power.  Other
logins are just "user level" logins meaning they only have power over what
files/processes they own.  I'll get into that later, in the file permissions
section.  The REBOOT login is what as known as a command login, which just
simply doesn't let you into the operating system, but executes a program
assigned to it.  It usually does just what it says, reboot the system.  It
may not be standard on all UNIX systems, but I have seen it on  UNISYS unixes
and also HP/UX systems [Hewlett Packard Unixes].  So far, these accounts have
not been passworded [reboot], which is real stupid, if you ask me.

COMMAND LOGINS:
---------------

There are "command logins", which, like reboot, execute a command then log
you off instead of letting you use the command interpreter. BSD is notorious
for having these, and concequently, so does MIT's computers. Here are some:

rwho - show who is online
finger - same
who - same

These are the most useful, since they will give the account names that are
online, thus showing you several accounts that actually exist.


Errors:
-------

When you get an invalid Account name / invalid password, or both, you will
get some kind of error.  Usually it is the "login incorrect" message.  When
the computer tells you that, you have done something wrong by either enterring
an invalid account name, or a valid account name, but invalid password.  It
does not tell you which mistake you made, for obvious reasons.  Also,
when you login incorrectly, the error log on the system gets updated, letting
the sysops(s) know something is amiss.

        Another error is "Cannot change to home directory" or "Cannot Change
Directory."  This means that no "home directory" which is essentially the
'root' directory for an account, which is the directory you start off in.
On DOS, you start in A:\ or C:\ or whatever, but in UNIX you start in
/homedirectory.  [Note: The / is used in directories on UNIX, not a \ ].
Most systems will log you off after this, but some tell you that they will
put you in the root directory [ '/'].

        Another error is "No Shell".  This means that no "shell" was defined
for that particular account.  The "shell" will be explained later.  Some
systems will log you off after this message.  Others will tell you that they
will use the regular shell, by saying "Using the bourne shell", or "Using sh"

-----------------------------
Accounts In General        :
-----------------------------

        This section is to hopefully describe to you the user structure
in the UNIX environment.
        Ok, think of UNIX having two levels of security: absolute power,
or just a regular user.  The ones that have absolute power are those users
at the root level.  Ok, now is the time to think in numbers.  Unix associates
numbers with account names.  each account will have a number.  Some will have
the same number.  That number is the UID [user-id] of the account.  the root
user id is 0.  Any account that has a user id of 0 will have root access.
Unix does not deal with account names (logins) but rather the number
associated with them.  for instance, If my user-id is 50, and someone else's
is 50, with both have absolute power of each other, but no-one else.
_____________________________________________________________________________

---------------
Shells        :
---------------

        A shell is an executable program which loads and runs when a user
logs on, and is in the foreground.  This "shell" can be any executable prog-
ram, and it is defined in the "passwd" file which is the userfile.  Each
login can have a unique "shell".  Ok.  Now the shell that we usually will work
with is a command interpreter.  A command interpreter is simply something
like MSDOS's COMMAND.COM, which processes commands, and sends them to the
kernel [operating system].  A shell can be anything, as I said before,
but the one you want to have is a command interpreter.  Here are the
usual shells you will find:

sh - This is the bourne shell. It is your basic Unix "COMMAND.COM".  It has
     a "script" language, as do most of the command interpreters on Unix sys-
     tems.

csh - This is the "C" shell, which will allow you to enter "C" like commands.
ksh - this is the korn shell.  Just another command interpreter.
tcsh - this is one, which is used at MIT I believe.  Allows command editing.
vsh - visual shell.  It is a menu driven deal.  Sorta like.. Windows for DOS
rsh - restricted shell OR remote shell.  Both Explained later.
        There are many others, including "homemade " shells, which are
programs written by the owner of a unix, or for a specific unix, and they
are not standard.  Remember, the shell is just the program you get to use
and when it is done executing, you get logged off.  A good example of a
homemade shell is on Eskimo North, a public access Unix.  The shell
is called "Esh", and it is just something like a one-key-press BBS,
but hey, its still a shell.  The Number to eskimo north is 206-387-3637.
[206-For-Ever]. If you call there, send Glitch Lots of mail.
        Several companies use Word Processors, databases, and other things
as a user shell, to prevent abuse, and make life easier for unskilled computer
operators.  Several Medical Hospitals use this kind of shell in Georgia,
and fortunatly, these second rate programs leave major holes in Unix.
Also, a BBS can be run as a shell.  Check out Jolnet [312]-301-2100, they
give you a choice between a command interpreter, or a BBS as a shell.
WHen you have a command interpreter, the prompt is usually a:
 $
when you are a root user the prompt is usually a:
 #
The variable, PS1, can be set to hold a prompt.
For instance, if PS1 is "HI:", your prompt will be:
 HI:

_____________________________________________________________________________

------------------------
SPecial Characters, ETc:
------------------------

Control-D : End of file.  When using mail or a text editor, this will end
the message or text file.  If you are in the shell and hit control-d you get
logged off.

Control-J: On some systems, this is like the enter key.
@ : Is sometimes a "null"
? : This is a wildcard.  This can represent a letter. If you specified
   something at the command line like "b?b" Unix would look for bob,bib,bub,
   and every other letter/number between a-z, 0-9.
* : this can represent any number of characters.  If you specified a "hi*"
    it would use "hit", him, hiiii, hiya, and ANYTHING that starts with
    hi.  "H*l" could by hill, hull, hl, and anything that starts with an
    H and ends with an L.

[] - The specifies a range.  if i did b[o,u,i]b unix would think: bib,bub,bob
     if i did: b[a-d]b unix would think: bab,bbb,bcb,bdb.  Get the idea? The
     [], ?, and * are usually used with copy, deleting files, and directory
     listings.

EVERYTHING in Unix is CASE sensitive.  This means "Hill" and "hill" are not
the same thing.  This allows for many files to be able to be stored, since
"Hill" "hill" "hIll" "hiLl", etc. can be different files.  So, when using
the [] stuff, you have to specify capital letters if any files you are dealing
with has capital letters.  Most everything is lower case though.

----------------
Commands to use:
----------------

Now, I will rundown some of the useful commands of Unix.  I will act
as if I were typing in the actual command from a prompt.

ls - this is to get a directory.  With no arguments, it will just print out
     file names in either one column or multi-column output, depending on the
     ls program you have access to.

        example:
        $ ls
        hithere
        runme
        note.text
        src
        $
        the -l switch will give you extended info on the files.
        $ ls -l
        rwx--x--x sirhack     sirh    10990 runme
        and so on....

the "rwx--x--x" is the file permission. [Explained Later]
the "sirhack    sirh" is the owner of the file/group the file is in.
sirhack = owner, sirh = user-group the file is in [explained later]
the 10990 is the size of the file in bytes.
"runme" is the file name.
The format varies, but you should have the general idea.

cat - this types out a file onto the screen.  should be used on text files.
      only use it with binary files to make a user mad [explained later]
      ex:
      $ cat note.txt
      This is a sample text file!
      $