unix use and security from the ground up.htm

黑客培训教程

        ? d
        Message deleted.
        ?q
        $

crypt   -This is the Unix file encryption utility. Type "crypt". You will then
        be prompted to enter the password. You then enter the text. Each line
        is encrypted when you press return, and the encrypted form is displayed
        on the screen. So, to encrypt a file, you must use I/O redirection.
        Type "crypt [password] < [file1] > [file2]". This will encrypt the con-
        tents of file1 and place the encrypted output in file2. If file 2 does
        not exist, it will be created.

passwd  -This is the command used to change the password of an account. The
        format is "passwd <account>". You must have superuser capabilities to
        change the password for any account other than the one you are logged
        in under. To change the password of the account you are currently
        using, simply type "passwd". You will then be prompted to enter the
        current password. Next, you will be asked to enter the new password.
        Then you will be asked to verify the new password. If you verify the
        old password correctly, the password change will be complete. (Note:
        some systems use a security feature which forces you to use at least
        2 non-alphanumeric characters in the password. If this is the case with
        the system you are on, you will be informed so if you try to enter a
        new password that does not contain at least 2 non-alphanumeric char-
        acters.)

su      -This command is used to temporarily assume the id of another account.
        the format is "su <account>". If you don't specify an account, the
        default root is assumed. If the account has no password, you will then
        assume that account's identity. If it does have a password, you will
        be prompted to enter it. Beware of hacking passwords like this, as the
        system keeps a log of all attempted uses, both successful and un-
        successful, and which account you attempted to access.

mkdir   -This command creates a directory. the format is "mkdir <dirname>".

rmdir   -This command deletes a directory. The directory must be empty first.
        The format is "rmdir <dirname>".

mv      -Renames a file. The syntax is "mv [oldname] [newname]". You can use
        full pathnames, but the new name must have the same pathname as the
        old name, except for the filename itself.

-------------------------------------------------------------------------------
        Further help can usually be gained from the system itself. Most systems 
feature on-line entries from the Unix System User's Manual. You can read these 
entries using the man command. The format is "man <command>". Some Unix System 
V systems also feature a menu-driven help facility. Simply type "help" to 
access it. This one will provide you with a list of commands, as well as with 
the manual entries for the commands.
-------------------------------------------------------------------------------

UNIX FILE AND DIRECTORY PROTECTIONS
-----------------------------------
        Every Unix account is assigned a specific user number, and a group 
number. This is how the system identifies the user. Therefore, 2 accounts with 
different usernames but the same user number would be considered by the system 
to be the same id. These user and group numbers are what Unix uses to determine 
file and directory access privileges.
        Unix has three different file/directory permissions: read, write, and 
execute. This how these permissions affect access to files:

read    -Allows a user to view the contents of the file.
write   -Allows a user to change the contents of a file.
execute -Allows a user to execute a file (if it is an executable type of file;
        if it isn't, the user will get an error when trying to execute it).

This is how these permissions affect access to directories:

read    -Allows a user to list out the files in a directory (ls).
write   -Allows a user to save and delete files in this directory.
execute -If a user has execute access to a directory, he can go to that dir-
        ectory with the cd command. If he also has read permission to that dir-
        ectory, he can also copy files from it and gain information on the 
        permissions for that directory and the files it contains, with the "l"
        option to the ls command, which will be explained soon.

        Unix divides users into 3 classes: user (the owner of the file or dir-
ectory), group (members of the owner's group), and other (anyone who doesn't 
fit into the first two classes). You can specify what permissions to give to a 
file for each class of user.
        To show the permissions of the files in a directory, use "ls -l". This 
will list the contents of the directory (as in ls), and will show each's 
permissions. For example:
        $ls
        bin     startrek
        $ ls -l
        drwxrwxrwx   1   bin      sys 12345   Mar 10  01:30   bin
        -rwxr-xr--   1   guest  users   256   Mar 20  02:25   startrek

        In the above example, the directory we are in contains a subdirectory 
called bin and a file called "startrek". Here is an explantion of the fields:
The first field contains the file's type and permissions. Look at the first 
field of the first line, "drwxrwxrwx". Note the "d" at the begginning. Then see 
the "-" at the begginging of the first field for the file startrek. This shows 
the file type. "D" is a directory. "-" is a file. "c" is a device file. Now, 
back to the first field of the first line again. Notice the "rwxrwxrwx". These 
are the permissions. The permissions are divided into three groups:
[user][group][other]. R stands for read, w stands for write, and x stand for 
execute. "rwxrwxrwx" means that all three classes of users, owner, group, and 
other, have read, write, and execute permissions to the directory bin. Now look 
at the second line. It reads "rwxr-xr--". Notice the "-"'s in the place of some 
of the permissions. This means that the file was not given that permission. 
Line 2 shows that the owner has read, write, and execute permissions for the 
file startrek, members of the owner's group have read and execute permissions 
but not write (notice the "-" in the place of the group part's w), and all 
others have only read privileges ("r--"...there are hyphens in the place of the 
others part's w and x). 
        Now, let's look at the other fields. The second field is a number (in 
this case, the number is one for each line). This shows the number of copies of 
this file on the system. The third field shows the name of the owner of file 
(or directory). The fourth field shows the username of the owner of the file. 
The fifth field, which is not shown on some systems, shows the name of the 
owner's group.The sixth field shows the size of the file. the seventh field 
shows the time and date the file was last modified. the last field shows the 
name of the file or directory.
        The command used to change file/directory permissions is chmod. There 
are 2 ways to change permissions: symbolically and absolutely. This will 
explain both.
        When you change permissions symbolically, only the permissions you 
specify to be added or deleted will be changed. The other permissions will 
remain as they are. The format is:
chown [u, g, or o] [+ or -] [rwx] [file/directory name]
The following abbreviations are used:
u       -User (the file or directory's owner)
g       -Group (members of the owner's group)
o       -Others (all others)
r       -Read permission
w       -Write permission
x       -Execute permission

You use u, g, and o to specify which group you wish to change the privileges 
for. To add a permission, type "chown [class]+[permissions] [filename]". For 
instance, to add group write permissions to the file startrek, type "chown g+w 
startrek". To delete permissions, use the "-". For instance, to remove the 
owner's write access to the file "startrek", type "chown u-w startrek".

        When you set file permissions absolutely, any permissions that you do 
not give the file or directory are automatically deleted. The format for 
setting permissions absolutely is "chown [mode number] filename". You determine 
the mode number by adding together the code numbers for the permissions you 
wish to give the file. Here are the permissions and their numbers:

Others execute permission       1
Others write permission         2
Others read permission          4

Group execute permission        10
Group write permission          20
Group read permission           40

User (owner) execute permission 100
User (owner) write permission   200
User (owner) read permission    400

        There are also two special file modes that can be set only absolutely. 
These are the UID and GID modes. The UID mode, when applied to an executable 
file, means that when another user executes the file, he executes it under the 
user number of the owner (in other words, he runs the program as if he were the 
owner of the file). If the file has its GID mode bit set, then when someone 
executes the file, his group will temporarily be changed to that of the file's 
owner. The permission number for the GID mode is 2000, and the number for the 
UID mode is 4000. If the uid bit is set, there will be an "S" in the place of 
the x in the owner permissions section when you check a file's permissions:
-rwSr-xr-x
If the uid bit is set, and the owner of the file has execute permissions, the S 
will not be capitalized:
-rwsr-xr-x
If the gid bit is set, the same applies to the x in the section on group 
permissions.
        A short note here is in order on how these permissions affect superuser 
accounts. They don't-unless the owner of the file is root. All superuser 
accounts have the same user number, which means that the system considers them 
all to be the same-that is, they are considered to be the root account. Thus, 
superuser accounts are only bound by the protections of files and directories 
that they own, and they can easily change the permissions of any files and 
directories that they do not have the access to that they wish.

SPECIAL UNIX FILES
------------------
        This section will detail the purposes of some files that are found on 
all systems. There are quite a few of these, and knowing their uses and what 
format their entries are in is very useful to the hacker.

THE FILES
---------

/etc/passwd     -This is the password file, and is THE single most important 
                file on the system. This file is where information on the
                system's accounts are stored. Each entry has 7 fields:
                
                username:password:user#:group#:description:home dir:shell

                The first field, naturally, is the account's username. The
                second field is the account's password (in an encrypted form).
                If this field is blank, the account doesn't have a password. 
                The next field is the account's user number. The fourth field
                is the account's group number. The fifth field is for a
                description of the account. This field is used only in the
                password file, and is often just left blank, as it has no
                significance. The sixth field is the pathname of the account's
                home directory, and the last field is the pathname of the 
                account's shell program. Sometimes you may see an account with
                a program besides the standard shell programs (sh, csh, etc.)
                as its shell program. These are "command logins". These 
                accounts execute these programs when logging in. For example,
                the "who" command login would have the /bin/who program as its
                shell.
                Here is a typical-looking entry:

                root:hGBfdJYhdhflK:0:1:Superuser:/:/bin/sh

                This entry is for the root account. Notice that the encrypted 
                form of the password is 13 characters, yet the Unix passwords
                are only 11 characters maximum. The last 2 characters are what
                is called a "salt string", and are used in the encryption
                process, which will be explained in more detail later. Now,
                notice the user number, which is zero. Any account with a user
                number of 0 has superuser capabilities. The group number is 1.
                The account description is "superuser". The account's home dir-
                ectory is the root directory, or "/". The account's shell is
                the bourne shell (sh), which is kept in the directory /bin.
                Sometimes you may see an entry in the password field like this:
                :NHFfnldyNjh,21AB:
                Notice the period after the 13th character, followed by 2
                digits and 2 letters. If an account has an entry like this, the
                account has a fixed expiration date on its password. The first
                digit, in this case 2, shows the maximum number of weeks that
                the account can keep the same password. The second digit shows
                how many weeks must pass before the account can change its 
                password. (This is to prevent users from using the same old
                password constantly by changing the password when forced to and
                then changing it back immediately.) The last 2 characters are
                an encrypted form of when the password was last changed.
                Other unusual password field entries you might encounter are:
                ::
                :,21:
                The first entry means that the account has no password. The
                second entry means that the account has no password yet, but
                has a fixed expiration date that wil begin as soon as a pass-
                word is given to it.