#############################################################################
# #
# dw0rd proudly presents.... #
# #
# Yet Another Guide to Hacking #
# #
# Typed up and pondered by yours truly, disc0rd #
# #
# #
#############################################################################
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
TABLE OF CONTENTS
-----------------
THERE ARE NONE!!!! HAHAHA! You'll just have to read and see I guess.....
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Introduction & Disclaimer
Alright, to start off, this hacking manual is for the novice hacker.
It also assumes that you know what most of the things talked about, you
know what they are. If you don't, then I think you need to read another
manual, and get to know what you're using.
Also, you know the drill, this is for educational uses only, so,
I cannot be held responsible for how this file is used. I do not condone
illegal actions, so, if you are caught, I would suggest you get a good
lawyer, and I hope you also remember, that I cannot be held responsible
for your actions, nor anyone else, you did what you did, and got caught.
Keeping all this in mind, I hope you enjoy this manual.
-discord
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Welcome to the wonderful world of hacking. If you're a newbie hacker
or a system administrator hoping that this will help you defend against
attacks, this file is for you. To you system administrators out there,
I hope you don't think that this will make your system invulnerable, because
most of these tricks I will show, are old school tricks. Either way, you're
welcome to try and stop us. You may stop one, but you can never stop us all.
To start off with, it is recommended, that you have a UNIX. If you
don't that is okay, because, I'm going to put two types of manuals in this
file, one for Windows, and one for UNIX. So everybody can enjoy this file.
But, to those using Windows, GET UNIX!!! GET IT NOW!!!!!
WINDOWS-
The most commonly asked question asked by newbies is, "How do I connect
to a system?" People think it is so advanced, and so techy, but actually,
and simply, all you need is a terminal, or a telnet program. THAT'S ALL!
Now, that is pretty easy, I know, but the real trick, well, really,
there is no trick to this trade. Just common knowledge, first, you must
guess the password, then you do your work.
So, lets say you wanted to hack into your school, and they were
connected to a network on the internet, lets just put up a scenario address:
schoolsucks.com
There you go, that's your scenario address, lets get to work. So, you type
in TELNET under your run command on the start button. Then, you type in
"schoolsucks.com" at your hostname, the port is going to be default, so
it will be left as telnet. Everything just leave as default. Click connect
and boom!! You might see something like this-
-----------------------------------------------------------------------------
Welcome to SchoolSUCKS.com
-----------------------------------------------------------------------------
login:
password:
You might be thinking, OH YES! I'm in! But that's what you think....
You see that "login" and "password"? Those are you keys. That's the
bridge that separates you from the castle, and the treasure inside. Ready?
You type root as the login, and root for the password, and it gives you
"login invalid" and gives you another login and password prompt. You try
root as the login, and you type sysadmin as the password.....What's this?
Welcome to SchoolSUCKS.com root!
Last login on tty2 3/21/98
$
You've crossed the bridge. Now lets review on what just happened here.
Notice, we kept saying "root" for login. Now, "root" is the SUPER-USER and
most valued account on a UNIX system. root controls everything, you might
say that root is the king, and all the other accounts are root's subjects.
You see, UNIX has an order of command, you might think of it as this:
root
||
------ ------
|| ||
Admin Daemon
|| ||
--------------
Users
--------------
Demo
That's the chain of command in a UNIX system. root is the king,
the Admin and Daemon accounts are the moderators and controllers of the
system, kind of like the Baron and Duke. Users are the subjects ruled
by the chain of command, and thus have limited access. Demo accounts, are
as in the name, visitor and browsing accounts. Which, really have no
control at all.
The password is no coincidence at all, and is anyone's guess, you
have to guess the password. Which is a guessing game, and a game of chance
and luck. It takes a lot of time. Although, a UNIX system system does
log the number of bad logins that you enter. So, BEWARE, you must make sure
if you're going to guess the accounts, that you use moderatation. Try
5 in an hour, 5 the next. Let the system alone for 3 days. Then try again.
HOWEVER, there is a much easier method, but it also takes a lot of time.
Get a password cracker. But, that requires the passwords to the system.
See, all the passwords on a UNIX system are 8 bit encrypted, which means
they all have up to 8 characters. You get a wordlist for your password
cracker, and it tries to crack the algorithm used for the password file.
Don't look for me to say how to crack, because that is an entirely different
manual, I'm just here to tell you the basics.
Alright, well, getting passed that, you guessed the password, and it
gave you its ceremonial welcome, and said, where you last logged in, errrr...
where root last logged in, remember, this is NOT your account, you're just,
ummmmm...Borrowing it...Yeah, that's it! And it gave you "tty2" and then
the date, lets take a look at the "tty2". Now, being an owner of a UNIX
system, but not being fluent in being root, I can only tell you, that,
its like, you live in the United States of America, which, lets say, is
the UNIX system. tty2 is the state in which you live in. So, UNIX
assigns you a location. Now, if you are looking for a more advanced term
or explanation, go ask a UNIX guru, or another hacker. I'm not the only
one that can guide you in the hacking world, there are many other hackers
out there, greater than I, that have more experience and knowledge than I.
(And to you that may be one of the greats and reading my humble file....
I solute you!)
Now that we've covered that, lets look at the common commands used in
at least exploring a UNIX system. As in DOS, you have directory calling
commands, programming environment, copying and formatting ability, lets
take a look at these.
cat - displays a file on-screen.
ls - prints the names of files in a directory.
cp - copies files to somewhere if you specify a trajectory.
bash - switches to the BASH shell.
cd - changes your directory location.
chmod - changes file permissions of a file.
chown - changes ownership of a file.
csh - switches to the C Shell.
echo - repeats anything you put on the screen.
ed - a SUCKY text editor.
elm - to read and send e-mail.
emacs - a pretty good text editor.
exit - logs out of a terminal.
finger - lists people using the computer you're on. *VERY USEFUL*
ftp - file transfer protocal, transfers files over a network.
gunzip - unzip gzipped files, files with a .gz extension.
gzip - compresses a file with a .gz extension.
kill - kills YEAH YEAH YEAH!!! KILL! a specified job.
ksh - switches to the KORN shell....KoRn RULEZ!!!! heheh, no relation.
ln - creates a link betweens files.
mail - reads and sends email.
mkdir - makes a directory with the name you specify.
mv - moves a file from one directory to another.
passwd - changes a password to an account.
pico - a very delightful text editor.
pine - the best email program on a unix terminal.
rlogin - makes you able to move to another UNIX system.
rm - deletes a specified file.
rmdir - removes a specified directory.
sh - to run the Bourne shell.
shutdown - shuts down the system.
talk - to talk to another user on the system.
tar - un-archives, or archives a file with a .tar extension.
telnet - connect to another computer, any OS at all.
who - tells you who else is on the computer you're on.
write - to give a message to another user on the system.
Now, don't worry about learing and memorizing all of these commands
right now, granted, they are important, and you should know them, and
also take in mind, that there are extensions and tags you can put on them,
which I didn't show, but, probably will later. I say probably, because
I do sleep, and come back to this manual day by day, and might change my
mind as to how to write this thing.
The command, that I view most important is the "finger" command, huhuh
yeah, I said FINGER all you fucking perverts, heheh, hostility. But,
seriously, finger will tell you who is on the system at the time, so lets
take a look as to how its used, and what results you will get from it.
The scenario, you're in Schoolsucks.com, you're root, and you're just about
to take a look as to who is on:
sucks$ finger schoolsucks.com
Login Name tty Idle Login Time
daemon Mr. Gullible tty7 ld 4/6/98
Lets take a look at the information we've gathered from this
information, which, is quite a lot. Right now, we know that there is
one other user on schoolsucks.com, his name is Mr. Gullible, and is located
on tty7, and logged in on 4/6/98. We also know the sucker is idle, which
means, he's not doing anything, a single idle user is the dream of every
hacker, that way, you have less chance of getting caught. You're basically
invisible if you're careful. You're root now, its time to get to work.
I can't tell you what to do once you get into a system, but I can
give you possibilities, and heck, you may want to hit a specific part
of the system. Before you can do this however, you need to know the file
system of UNIX. Now, like I said before, UNIX has a chain of command, but
it also has several "chambers". UNIX is a very orderly and thorough system.
That's why most people like it, at least, the computer literate like it,
Windows allows file systems to get out of place, UNIX does not allow that
to happen. It relies less on addons, and more on just plain old know-how.
However, UNIX is only as smart as its operator. Enough talk though, lets
move into the file systems.
To know where to look, you must know where to find things, however
orderly as UNIX is, it sometimes is very hard to find a specific part of
the system. That's why I'm taking the time to put this in. I will rank
these in order of popularity:
/bin - contains the system commands
/usr/bin - more system commands
/usr/local/bin - installed by the system administrator, not conventional.
/dev - contains the devices used by the UNIX system, like floppy drives,
CD drives, modems, and such. Funny, UNIX treats the hardware like files,
how nice :)
/etc - some cool system files, you may find some VERY interesting stuff
to look at here.
/home - contains all the files and directories owned by the various users
of the UNIX system.
/lib - program libraries, some programs refer back to this as reference
material.
/tmp - temporary files
/usr/src - System source code heheheh...very interesting if you're the
programming type.
Those are just a few of the interesting parts on the system. Keep in
mind, however unconventional, you can really fuck up the system by tampering
with these file systems. Lets put in another scenario, there is this network
housing child pornography. You could either report this to the police, and
let justice take its course, or, you can just plain fuck em up and let those
bastards know we won't take that shit on OUR internet. There are many ways
to do this. I don't condone these tactics, but I'm just putting these
in for your useful educational knowledge.
Lets see here, what shall we fuck up? and how? Lets put in this
scenario. You're at the login prompt as root.....
Kiddy Porn Inc.
login: root
pass: *****
Welcome to Kiddy Porn Inc.
porn$ ls
bin usr dev etc
home lib tmp var
porn$ cd bin
porn$ ls
arch date gunzip nets stty
ash dd gzip netstat su
ash.static df hostname nisdomainname sync
awk dmesg kill ping tar
basename dnsdomainname ln ps tcsh
bash doexec login pwd touch
bru domainname ls red true
bsh echo mail rm umount
cat ed mkdir rmdir uname
chgrp egrep mknod rpm usleep
chmod ex mktemp sed vi
chown false more setserial view
cp fgrep mount sh vim
cpio gawk mt sleep ypdomainname
csh grep mv sort zcat
porn$ cd /
porn$ cd etc
porn$ ls
X11 ftpgroups mail redhat-release
adjtime ftphosts mail.rc resolv.conf
aliases ftpusers mailcap rpc
aliases.db gettydefs mailcap.vga securetty
at.deny gpm-root.conf man.config security
bashrc group mime.types sendmail.cf
bruhelp group- minicom.users sendmail.cw
brusmartrest host.conf motd services
brutab hosts mtab shells
conf.modules hosts.allow mtools.conf skel
cron.daily hosts.deny named.boot smrsh
cron.hourly httpd nsswitch.conf snmpd.agentinfo
cron.monthly inetd.conf nwserv.conf snmpd.conf
cron.weekly info-dir nwserv.stations std.o3
crontab initrunlvl pam.conf std.sb
csh.cshrc inittab pam.d sysconfig
default ioctl.save passwd syslog.conf
dosemu.conf issue passwd- termcap
dosemu.users issue.net pcmcia uucp
drums.o3 ld.so.cache ppp vga
drums.sb ls.so.conf printcap wtmplock
exports lilo.conf profile
fdprm localtime profile.d
fstab login.defs protocols
porn$ pico passwd
UW PICO(tm) 2.9 File:passwd
root:fFFh3xHSReWjM:0:0:/root:/bin/bash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
Ctrl-X
porn$ passwd
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
porn$ cd /bin
porn$ rm mount
rm: remove 'mount'? y
porn$ shutdown -r now
There you have it. A few ways to screw over a system administrator,
and trust me, those will piss him off majorly. Now, lets take a look at
what we did. First we logged in. Then we got a directory of what all
the major directories were. Then we took a look at /bin. Where all the
system commands are. We got out of there, and took a look at /etc. And
what did we find?? The password file "passwd". So, we went into pico
and looked at the file. the root password was left decrypted, but since
we already have root, no need to crack it. We took a look at "bin" and
you see those *'s? Those spell out F-U-C-K to a hacker. Means the password
is shadowed, and its hopeless to try and unshadow it. I do believe there
are a few C scripts out there that will try and do it, but I'm not sure
if they are reliable. I never tried em. THEN look what we did, we did
a bastardly thing to root. We typed in passwd, and CHANGED his password
oh man, root's gonna be pissed at you in the morning, when he can't log into
his UNIX. Major piss off there, then, to boot, we went back to the /bin
directory, and removed the command "mount" from the directory. Oh man,
you know what we did? Now he can't access his floppy, CD, tape drive, or
anything else. DAMN, we fucked him up good, but, we were nice, we shutdown
the UNIX properly, so it won't have to do a system's check the next day....
How nice of us eh? :) None the less, we sure made kiddy pornographers think
twice about showin that shit on the internet. And I doubt they'll be back
for awhile, since, they'll have to rebuild their archive if its not backed up
but, since we removed the mount command, they can't access any of their tape
backups or disk backups. I guess its back to the drawing board for them.
Time to reinstall UNIX :( Poor System Administrator.
Did you enjoy that section? I thought so, but, lets keep in mind,
that's not hacking at all, I just put it in there for entertainment, and
to help people try and think about what possibly could happen at a system
penetration. What we did was purely malicious, and I would never do it.
Neither should you, but, lets move on k? Lets see, we covered UNIX pretty
thoroughly I think. YES! Ethics...
Ethics are guidlines that hackers follow when doing their hobby. Here
are my ethics:
1. Never give out real name to anyone that I don't trust with my life.
2. Never intentionally damage a system.
3. Never hack government sites, especially you're own government.
4. If someone asks a legitimate and intelligent question. Answer it.
5. You're never the perfect hacker, always strive for more.
6. Knowledge is not a crime, so spread it around.
7. Malicious hacking sucks unless justified.
8. Virus sending is not hacking.
9. Revenge is irrelevant.
10.You have nothing to prove if you believe in your abilities.
These are my ethics, I'm sure you'll come up with some along the way.
As for this file. It was fun to write it, I hope this guided some newbies
on the right course, because that's what I tried to do. Look for more
manuals written by me, as my knowledge expands, I shall spread it, as for
now, Adieu!
disc0rd
Some of my favorite websites, that helped me along the way:
http://www.hackers.com
http://www.hideaway.net
http://www.antionline.com
http://www.showdown.org
http://www.hacked.net
http://www.jabukie.com
Thank you all you guys and gals for reading this file, and to all you hackers
that helped me to get to where I am. A big SALUTE to you! Thanks for all
you've done.
Questions? Comments? Send them to:
scp@theproud.net
Spammers and Bombers not permitted.