############################################################################# # # # dw0rd proudly presents.... # # # # Yet Another Guide to Hacking # # # # Typed up and pondered by yours truly, disc0rd # # # # # ############################################################################# _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ TABLE OF CONTENTS ----------------- THERE ARE NONE!!!! HAHAHA! You'll just have to read and see I guess..... _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Introduction & Disclaimer Alright, to start off, this hacking manual is for the novice hacker. It also assumes that you know what most of the things talked about, you know what they are. If you don't, then I think you need to read another manual, and get to know what you're using. Also, you know the drill, this is for educational uses only, so, I cannot be held responsible for how this file is used. I do not condone illegal actions, so, if you are caught, I would suggest you get a good lawyer, and I hope you also remember, that I cannot be held responsible for your actions, nor anyone else, you did what you did, and got caught. Keeping all this in mind, I hope you enjoy this manual. -discord _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Welcome to the wonderful world of hacking. If you're a newbie hacker or a system administrator hoping that this will help you defend against attacks, this file is for you. To you system administrators out there, I hope you don't think that this will make your system invulnerable, because most of these tricks I will show, are old school tricks. Either way, you're welcome to try and stop us. You may stop one, but you can never stop us all. To start off with, it is recommended, that you have a UNIX. If you don't that is okay, because, I'm going to put two types of manuals in this file, one for Windows, and one for UNIX. So everybody can enjoy this file. But, to those using Windows, GET UNIX!!! GET IT NOW!!!!! WINDOWS- The most commonly asked question asked by newbies is, "How do I connect to a system?" People think it is so advanced, and so techy, but actually, and simply, all you need is a terminal, or a telnet program. THAT'S ALL! Now, that is pretty easy, I know, but the real trick, well, really, there is no trick to this trade. Just common knowledge, first, you must guess the password, then you do your work. So, lets say you wanted to hack into your school, and they were connected to a network on the internet, lets just put up a scenario address: schoolsucks.com There you go, that's your scenario address, lets get to work. So, you type in TELNET under your run command on the start button. Then, you type in "schoolsucks.com" at your hostname, the port is going to be default, so it will be left as telnet. Everything just leave as default. Click connect and boom!! You might see something like this- ----------------------------------------------------------------------------- Welcome to SchoolSUCKS.com ----------------------------------------------------------------------------- login: password: You might be thinking, OH YES! I'm in! But that's what you think.... You see that "login" and "password"? Those are you keys. That's the bridge that separates you from the castle, and the treasure inside. Ready? You type root as the login, and root for the password, and it gives you "login invalid" and gives you another login and password prompt. You try root as the login, and you type sysadmin as the password.....What's this? Welcome to SchoolSUCKS.com root! Last login on tty2 3/21/98 $ You've crossed the bridge. Now lets review on what just happened here. Notice, we kept saying "root" for login. Now, "root" is the SUPER-USER and most valued account on a UNIX system. root controls everything, you might say that root is the king, and all the other accounts are root's subjects. You see, UNIX has an order of command, you might think of it as this: root || ------ ------ || || Admin Daemon || || -------------- Users -------------- Demo That's the chain of command in a UNIX system. root is the king, the Admin and Daemon accounts are the moderators and controllers of the system, kind of like the Baron and Duke. Users are the subjects ruled by the chain of command, and thus have limited access. Demo accounts, are as in the name, visitor and browsing accounts. Which, really have no control at all. The password is no coincidence at all, and is anyone's guess, you have to guess the password. Which is a guessing game, and a game of chance and luck. It takes a lot of time. Although, a UNIX system system does log the number of bad logins that you enter. So, BEWARE, you must make sure if you're going to guess the accounts, that you use moderatation. Try 5 in an hour, 5 the next. Let the system alone for 3 days. Then try again. HOWEVER, there is a much easier method, but it also takes a lot of time. Get a password cracker. But, that requires the passwords to the system. See, all the passwords on a UNIX system are 8 bit encrypted, which means they all have up to 8 characters. You get a wordlist for your password cracker, and it tries to crack the algorithm used for the password file. Don't look for me to say how to crack, because that is an entirely different manual, I'm just here to tell you the basics. Alright, well, getting passed that, you guessed the password, and it gave you its ceremonial welcome, and said, where you last logged in, errrr... where root last logged in, remember, this is NOT your account, you're just, ummmmm...Borrowing it...Yeah, that's it! And it gave you "tty2" and then the date, lets take a look at the "tty2". Now, being an owner of a UNIX system, but not being fluent in being root, I can only tell you, that, its like, you live in the United States of America, which, lets say, is the UNIX system. tty2 is the state in which you live in. So, UNIX assigns you a location. Now, if you are looking for a more advanced term or explanation, go ask a UNIX guru, or another hacker. I'm not the only one that can guide you in the hacking world, there are many other hackers out there, greater than I, that have more experience and knowledge than I. (And to you that may be one of the greats and reading my humble file.... I solute you!) Now that we've covered that, lets look at the common commands used in at least exploring a UNIX system. As in DOS, you have directory calling commands, programming environment, copying and formatting ability, lets take a look at these. cat - displays a file on-screen. ls - prints the names of files in a directory. cp - copies files to somewhere if you specify a trajectory. bash - switches to the BASH shell. cd - changes your directory location. chmod - changes file permissions of a file. chown - changes ownership of a file. csh - switches to the C Shell. echo - repeats anything you put on the screen. ed - a SUCKY text editor. elm - to read and send e-mail. emacs - a pretty good text editor. exit - logs out of a terminal. finger - lists people using the computer you're on. *VERY USEFUL* ftp - file transfer protocal, transfers files over a network. gunzip - unzip gzipped files, files with a .gz extension. gzip - compresses a file with a .gz extension. kill - kills YEAH YEAH YEAH!!! KILL! a specified job. ksh - switches to the KORN shell....KoRn RULEZ!!!! heheh, no relation. ln - creates a link betweens files. mail - reads and sends email. mkdir - makes a directory with the name you specify. mv - moves a file from one directory to another. passwd - changes a password to an account. pico - a very delightful text editor. pine - the best email program on a unix terminal. rlogin - makes you able to move to another UNIX system. rm - deletes a specified file. rmdir - removes a specified directory. sh - to run the Bourne shell. shutdown - shuts down the system. talk - to talk to another user on the system. tar - un-archives, or archives a file with a .tar extension. telnet - connect to another computer, any OS at all. who - tells you who else is on the computer you're on. write - to give a message to another user on the system. Now, don't worry about learing and memorizing all of these commands right now, granted, they are important, and you should know them, and also take in mind, that there are extensions and tags you can put on them, which I didn't show, but, probably will later. I say probably, because I do sleep, and come back to this manual day by day, and might change my mind as to how to write this thing. The command, that I view most important is the "finger" command, huhuh yeah, I said FINGER all you fucking perverts, heheh, hostility. But, seriously, finger will tell you who is on the system at the time, so lets take a look as to how its used, and what results you will get from it. The scenario, you're in Schoolsucks.com, you're root, and you're just about to take a look as to who is on: sucks$ finger schoolsucks.com Login Name tty Idle Login Time daemon Mr. Gullible tty7 ld 4/6/98 Lets take a look at the information we've gathered from this information, which, is quite a lot. Right now, we know that there is one other user on schoolsucks.com, his name is Mr. Gullible, and is located on tty7, and logged in on 4/6/98. We also know the sucker is idle, which means, he's not doing anything, a single idle user is the dream of every hacker, that way, you have less chance of getting caught. You're basically invisible if you're careful. You're root now, its time to get to work. I can't tell you what to do once you get into a system, but I can give you possibilities, and heck, you may want to hit a specific part of the system. Before you can do this however, you need to know the file system of UNIX. Now, like I said before, UNIX has a chain of command, but it also has several "chambers". UNIX is a very orderly and thorough system. That's why most people like it, at least, the computer literate like it, Windows allows file systems to get out of place, UNIX does not allow that to happen. It relies less on addons, and more on just plain old know-how. However, UNIX is only as smart as its operator. Enough talk though, lets move into the file systems. To know where to look, you must know where to find things, however orderly as UNIX is, it sometimes is very hard to find a specific part of the system. That's why I'm taking the time to put this in. I will rank these in order of popularity: /bin - contains the system commands /usr/bin - more system commands /usr/local/bin - installed by the system administrator, not conventional. /dev - contains the devices used by the UNIX system, like floppy drives, CD drives, modems, and such. Funny, UNIX treats the hardware like files, how nice :) /etc - some cool system files, you may find some VERY interesting stuff to look at here. /home - contains all the files and directories owned by the various users of the UNIX system. /lib - program libraries, some programs refer back to this as reference material. /tmp - temporary files /usr/src - System source code heheheh...very interesting if you're the programming type. Those are just a few of the interesting parts on the system. Keep in mind, however unconventional, you can really fuck up the system by tampering with these file systems. Lets put in another scenario, there is this network housing child pornography. You could either report this to the police, and let justice take its course, or, you can just plain fuck em up and let those bastards know we won't take that shit on OUR internet. There are many ways to do this. I don't condone these tactics, but I'm just putting these in for your useful educational knowledge. Lets see here, what shall we fuck up? and how? Lets put in this scenario. You're at the login prompt as root..... Kiddy Porn Inc. login: root pass: ***** Welcome to Kiddy Porn Inc. porn$ ls bin usr dev etc home lib tmp var porn$ cd bin porn$ ls arch date gunzip nets stty ash dd gzip netstat su ash.static df hostname nisdomainname sync awk dmesg kill ping tar basename dnsdomainname ln ps tcsh bash doexec login pwd touch bru domainname ls red true bsh echo mail rm umount cat ed mkdir rmdir uname chgrp egrep mknod rpm usleep chmod ex mktemp sed vi chown false more setserial view cp fgrep mount sh vim cpio gawk mt sleep ypdomainname csh grep mv sort zcat porn$ cd / porn$ cd etc porn$ ls X11 ftpgroups mail redhat-release adjtime ftphosts mail.rc resolv.conf aliases ftpusers mailcap rpc aliases.db gettydefs mailcap.vga securetty at.deny gpm-root.conf man.config security bashrc group mime.types sendmail.cf bruhelp group- minicom.users sendmail.cw brusmartrest host.conf motd services brutab hosts mtab shells conf.modules hosts.allow mtools.conf skel cron.daily hosts.deny named.boot smrsh cron.hourly httpd nsswitch.conf snmpd.agentinfo cron.monthly inetd.conf nwserv.conf snmpd.conf cron.weekly info-dir nwserv.stations std.o3 crontab initrunlvl pam.conf std.sb csh.cshrc inittab pam.d sysconfig default ioctl.save passwd syslog.conf dosemu.conf issue passwd- termcap dosemu.users issue.net pcmcia uucp drums.o3 ld.so.cache ppp vga drums.sb ls.so.conf printcap wtmplock exports lilo.conf profile fdprm localtime profile.d fstab login.defs protocols porn$ pico passwd UW PICO(tm) 2.9 File:passwd root:fFFh3xHSReWjM:0:0:/root:/bin/bash bin:*:1:1:bin:/bin: daemon:*:2:2:daemon:/sbin: Ctrl-X porn$ passwd New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully porn$ cd /bin porn$ rm mount rm: remove 'mount'? y porn$ shutdown -r now There you have it. A few ways to screw over a system administrator, and trust me, those will piss him off majorly. Now, lets take a look at what we did. First we logged in. Then we got a directory of what all the major directories were. Then we took a look at /bin. Where all the system commands are. We got out of there, and took a look at /etc. And what did we find?? The password file "passwd". So, we went into pico and looked at the file. the root password was left decrypted, but since we already have root, no need to crack it. We took a look at "bin" and you see those *'s? Those spell out F-U-C-K to a hacker. Means the password is shadowed, and its hopeless to try and unshadow it. I do believe there are a few C scripts out there that will try and do it, but I'm not sure if they are reliable. I never tried em. THEN look what we did, we did a bastardly thing to root. We typed in passwd, and CHANGED his password oh man, root's gonna be pissed at you in the morning, when he can't log into his UNIX. Major piss off there, then, to boot, we went back to the /bin directory, and removed the command "mount" from the directory. Oh man, you know what we did? Now he can't access his floppy, CD, tape drive, or anything else. DAMN, we fucked him up good, but, we were nice, we shutdown the UNIX properly, so it won't have to do a system's check the next day.... How nice of us eh? :) None the less, we sure made kiddy pornographers think twice about showin that shit on the internet. And I doubt they'll be back for awhile, since, they'll have to rebuild their archive if its not backed up but, since we removed the mount command, they can't access any of their tape backups or disk backups. I guess its back to the drawing board for them. Time to reinstall UNIX :( Poor System Administrator. Did you enjoy that section? I thought so, but, lets keep in mind, that's not hacking at all, I just put it in there for entertainment, and to help people try and think about what possibly could happen at a system penetration. What we did was purely malicious, and I would never do it. Neither should you, but, lets move on k? Lets see, we covered UNIX pretty thoroughly I think. YES! Ethics... Ethics are guidlines that hackers follow when doing their hobby. Here are my ethics: 1. Never give out real name to anyone that I don't trust with my life. 2. Never intentionally damage a system. 3. Never hack government sites, especially you're own government. 4. If someone asks a legitimate and intelligent question. Answer it. 5. You're never the perfect hacker, always strive for more. 6. Knowledge is not a crime, so spread it around. 7. Malicious hacking sucks unless justified. 8. Virus sending is not hacking. 9. Revenge is irrelevant. 10.You have nothing to prove if you believe in your abilities. These are my ethics, I'm sure you'll come up with some along the way. As for this file. It was fun to write it, I hope this guided some newbies on the right course, because that's what I tried to do. Look for more manuals written by me, as my knowledge expands, I shall spread it, as for now, Adieu! disc0rd Some of my favorite websites, that helped me along the way: http://www.hackers.com http://www.hideaway.net http://www.antionline.com http://www.showdown.org http://www.hacked.net http://www.jabukie.com Thank you all you guys and gals for reading this file, and to all you hackers that helped me to get to where I am. A big SALUTE to you! Thanks for all you've done. Questions? Comments? Send them to: scp@theproud.net Spammers and Bombers not permitted.