I am asked at least 5 or more times a day by young, beginning "hackers", "How can I hack?" or "Is there a way to hack a web site?" Well there is. There are, in fact, literally hundreds of ways to do this. I will discuss a few in this text to get you started. Every hacker has to start somehow and hacking web servers and ftp servers is one of the easiest ways. If you are reading this I am assuming that you already have a basic knowledge of how web servers work and how to use some form of UNIX. But I am going to explain that stuff anyway for those of you who don't know.
Part 1: Simple UNIX Commands
Most DOS commands have UNIX and
Linux equivalents. Listed below are some of the main commands you will need to
know to use a shell account.
HELP = HELP
COPY = CP
MOVE = MV
DIR = LS
DEL = RM
CD = CD
To see who else is on the system you can type
WHO. To get information about a specific user on the system type FINGER
<username>. Using those basic UNIX commands you can learn all you need to
know about the system you are using.COPY = CP
MOVE = MV
DIR = LS
DEL = RM
CD = CD
Part 2: Cracking Passwords
However, there are programs that can
be used to obtain passwords from the file. The name of the program that I have
found to be the best password cracker is called "Cracker Jack." This
program uses a dictionary file composed of thousands of words. It compares the
encrypted forms of the words in the list to the encrypted passwords in the
passwd file and it notifies you when it finds a match. Cracker Jack can be
found at my web site which is at http://www.geocities.com/SiliconValley/9185 Some wordlists can be found at the following ftp site:
sable.ox.ac.uk/ pub/wordlists. To get to the wordlist that I usually use goto
that ftp site then goto the American directory. Once you are there download the
file called dic-0294.tar.Z which is about 4 MB. To use that file it must be
uncompressed
using a program like Gzip for DOS or Winzip for Windows. After uncompressing the file it should be a text file around 8 MB and it is best to put it in the same directory as your cracking program. To find out how to use Cracker Jack just read the documentation that is included with it.
using a program like Gzip for DOS or Winzip for Windows. After uncompressing the file it should be a text file around 8 MB and it is best to put it in the same directory as your cracking program. To find out how to use Cracker Jack just read the documentation that is included with it.
Part 3: The Hard Part (Finding
Password Files)
Up till now I have been telling you
the easy parts of hacking a server. Now we get to the more difficult part. It's
common sense. If the system administrator has a file that has passwords for
everyone on his or her system they are not going to just give it to you. You
have to have a way to retrieve the /etc/passwd file without logging into the
system. There are 2 simple ways that this can sometimes be accomplished. Often
the /etc directory is not blocked from FTP. To get the passwd file this way try
using an FTP client to access the site anonymously then check the /etc
directory to see if access to the passwd file is restricted. If it is not
restricted then download the file and run Cracker Jack on it. If it is
restricted then try plan B. On some systems there is a file called PHF in the
/cgi-bin directory. If there is then you are in luck. PHF allows users to gain
remote access to files (including the /etc/passwd file) over the world wide
web. To try this method goto your web browser and type in this URL:
http://xxx.xxx.xxx/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
Then substitute the site you are trying to hack for the xxx.xxx.xxx.
For example, if I wanted to hack St. Louis University (and I have already) I
would type in http://www.slu.edu/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
Don't bother trying www.slu.edu because I have already done it and told them about their security flaw.
Here's a hint: try www.spawn.com and www.garply.com If the preceding to methods fail then try any way you can think of to get that file. If you do get the file and all the items in the second field are X or ! or * then the password file is shadowed. Shadowing is just a method of adding extra security to prevent hackers and other unwanted people from using the password file. Unfortunately there is no way to "unshadow" a password file but sometimes there are backup password files that aren't shadowed. Try looking for files such as /etc/shadow and other stuff like that.
Then substitute the site you are trying to hack for the xxx.xxx.xxx.
For example, if I wanted to hack St. Louis University (and I have already) I
would type in http://www.slu.edu/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
Don't bother trying www.slu.edu because I have already done it and told them about their security flaw.
Here's a hint: try www.spawn.com and www.garply.com If the preceding to methods fail then try any way you can think of to get that file. If you do get the file and all the items in the second field are X or ! or * then the password file is shadowed. Shadowing is just a method of adding extra security to prevent hackers and other unwanted people from using the password file. Unfortunately there is no way to "unshadow" a password file but sometimes there are backup password files that aren't shadowed. Try looking for files such as /etc/shadow and other stuff like that.
Part 4: Logging In To
"Your" New Shell
OK....This is where you use what you
found using Cracker Jack. Usernames and passwords. Run your telnet client and
telent to the server that you cracked the passwords for, such as www.slu.edu.
When you are connected it will give a login screen that asks for a login names
and password and usually information on the operating system that the server is
using (usually UNIX,
linux, aix, irix, ultrix, bsd, or sometimes even DOS or Vax / Vms). Just type in the information you got after cracking the passwd file and whatever you know about UNIX to do whatever you feel like doing. But remember that hacking isn't spreading viruses or causing damage to other computer systems. It is using your knowledge to increase your knowledge.
linux, aix, irix, ultrix, bsd, or sometimes even DOS or Vax / Vms). Just type in the information you got after cracking the passwd file and whatever you know about UNIX to do whatever you feel like doing. But remember that hacking isn't spreading viruses or causing damage to other computer systems. It is using your knowledge to increase your knowledge.
Part 5: Newbie Info
No comments:
Post a Comment