To learn about cracking read alt.2600 and sit on various irc channels, to learn about hacking RTFM, read everything you can get your hands on, have a desire to understand the machine you are hacking.
The net is full of unix security info, but a good starting point is
Arny's UNIX hacking page (see section 5).
On other systems /etc/passwd doesn't store the password. It can be
stored in a shadow file (that is not normally readable to normal users).
To obtain the (encrypted) passwords you have to have a special program
to read it. The source for a program to do this is obtainable from the
alt.2600 faq
A third method is to use NIS (which again may or may not be shadowed).
This may be readable by using the ypcat command. Again, see the alt.2600
faq again.
If it is active, drag the window prompting you for the password around with the
mouse (making the active window). Then press ctrl-alt-del (having 3 hands would
be a help :). This should then give you the option to quit active application
If anyone has had any success with this, plaese tell us :)
[ Could some write this section for me (Stig or Otaku perhaps ?) ]
A (not too recent) list of University dial-ups can be found on ColdFires Web
Page. Many hackers uses 0800 pads / trunks / vmbs to hack from
Its also worth checking your phone book, BTs 'local' areas can be surprisingly
large.3.1 About UNIX hacking
Unix is a fully multi-tasking, multi-user operating system, written in
C, one of its strengths is its ability to network. There are versions of
Unix for most systems from DEC AXPs to 386 PCs. A very large proportion
of the hosts on the internet are running UNIX.3.1.1 How do I crack UNIX passwords ?
On some systems /etc/passwd contains and encrypted copy of your passwd
Cracking programs (Alex Muffits 'crack' for UNIX, and CrackerJack for
OS/2 and DOS are just two) try to *guess passwords by encrypting each
word in a dictionary and comparing each encrypted word against each
entry into /etc/passwd3.2 About VMS cracking
Compared to UNIX, very little has been written about VMS security
(security via obscurity ?). The password file is in
sys$system:sysuaf.dat, but isn't normally readable to users. There are a
couple of vms crack programs around if you can get you hands on sysuaf.dat3.3 About PC cracking
PCs running single users OS's aren't normally passworded, the most
common passwords are bios passwords. Sometime systems will run some
software when they booted these can sometimes be halted (Under MSDOS try
ctrl-C, also F5/F8 on DOS 6 onwards). Other things to look for are
options to run software packages that often have a 'shell' option. Also
try booting from a floppy and manually mounting remote disks.3.3.1 How do I crack bios passwords ?
The neat little proglet will tell you your password under amibios. You
will need a uudecoder to make the .com file. Remember you will need to
have already got past the password to run this :)
+-BEGIN Cut here [ami.com] ------------------+
begin fe4 ami.com
MZQ8WH`(!YG#K`/X&`@&`/@(!/W0JY''#Z.C_)/”(Q.CA_PC`=!E0,,DXX'0+
MJ.%Z`?G0T/[!=?&(R,TI6.O>,,##+R\@0G5GR`H8RDN($-R86-K06UI0FEO
6R`Q+C$@+R^._#/2`E4IXQ.+P@/#:2\@
`
end
+- END Cut here [ami.com] -------------------+
Other PCs (Dells come to mind), have a jumper that can be moved to
disable passwords3.3.2 How can I crack the windows screen saver password ?
[ I haven't had chance to check either of these
Can someone please confirm / disprove them please ]
To remove the password all together (presuming it hasn't locked already)
edit control.ini, edit the line that says PWProtected=1 to =0 and in the
[ScreeSaver] section, where it says Password=12345 (where 12345 is the
encrypted password) change it to Password=
Now when prompted for a password just press return
[ You may have to put something in control.ini to enable this ? - Info
anyone ]3.4 Where can I find out about hacking other systems ?
The alt.2600 faq is a good place to start looking. As are the comp.security
newsgroups.3.5.0 About Hacking TCP/IP
TCP/IP is the protocol used for hosts to communicate on the internet,
understanding TCP/IP is often as useful (if not more useful) than understanding
the individual operating systems.3.5.1 How do I do TCP/IP spoofing/packet sequence prediction
Learn low leve TCP/IP. Basically with IP you can pretend to be
any machine you want to be, i.e. you dont *have* to put your own IP
address as the 'source address' in the datagrams (or packets) that you
send out. Unfortunately though, any reply to your faked packets will
normally go to the real machine, which kinda makes it difficult to use
TCP since TCP envolves a two way flow of IP datagrams both to and from
your machine. However you can to some extent get round this by guessing
some of the contents (i.e. the sequence numbers) of the lost datagrams
that were sent to the real machine.)3.6 About Novell Hacking
I know next to nothing about Novell hacking, other than the passwords file is
stored in the bindaries and older versions of Novell had a system call called
VerifyBindaryObjectPassword that when given an account and password wouth say if
they matched. This was very useful for knocking up quick Novell versions of
Crack. I believe also something clever can be done when you run netware lite
over the top of normal netware.3.7 What is JANET ?
Janet is the UK academic backbone, it was once an X25 network that was only
connected to the internet via a few (over worked and oftern hacked) gateways,
but now SuperJanet is a genuine internet backbone. JANET is managed from
machines at ukerna.ac.uk. A lot of hackers use university machines for several
reasons (lack of security, no phone bills, fast links, being at Uni, etc)3.8 I don't have a POP in my local area, what can I do
Universities are often very good at giving away accounts, and simply asking
often works (especially if your unemployed, an ex student, or a student at
another Uni)