905 lines
33 KiB
Text
905 lines
33 KiB
Text
==Phrack Inc.==
|
||
|
||
Volume Two, Issue 22, File 5 of 12
|
||
|
||
/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|
|
||
|/ |/
|
||
/| An Indepth Guide In Hacking UNIX /|
|
||
|/ and |/
|
||
/| The Concept Of Basic Networking Utility /|
|
||
|/ |/
|
||
/| By Red Knight /|
|
||
|/ |/
|
||
/| Member of the /|
|
||
|/ Phreakers/Hackers Underground Network |/
|
||
/| /|
|
||
|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/|/
|
||
|
||
Brief History On UNIX
|
||
~~~~~~~~~~~~~~~~~~~~~
|
||
Its because of Ken Tompson that today we are able to hack Unix. He used to
|
||
work for Bell Labs in the 1960s. Tompson started out using the MULTICS OS
|
||
which was later eliminated and Tompson was left without an operating system to
|
||
work with.
|
||
|
||
Tompson had to come up with something real quick. He did some research and and
|
||
in 1969 UNIX came out, which was a single user and it did not have many
|
||
capabilities. A combined effort with others enabled him to rewrite the version
|
||
in C and add some good features. This version was released in 1973 and was
|
||
made available to the public. This was the first begining of UNIX in its
|
||
presently known form. The more refined version of UNIX, today know as UNIX
|
||
system V developed by Berkley University has unique capabilities.
|
||
|
||
Various types of UNIXes are CPIX, Berkeley Ver 4.1, Berkeley 4.2, FOS, Genix,
|
||
HP-UX, IS/I, OSx, PC-IX, PERPOS, Sys3, Ultrix, Zeus, Xenix, UNITY, VENIX, UTS,
|
||
Unisys, Unip lus+, UNOS, Idris, QNIX, Coherent, Cromix, System III, System 7,
|
||
Sixth edition.
|
||
|
||
The Article Itself
|
||
~~~~~~~~~~~~~~~~~~
|
||
I believe that hacking into any system requires knowledge of the operating
|
||
system itself. Basically what I will try to do is make you more familiar with
|
||
UNIX operation and its useful commands that will be advantageous to you as a
|
||
hacker. This article contains indepth explainations. I have used the UNIX
|
||
System V to write this article.
|
||
|
||
|
||
Error Messages: (UNIX System V)
|
||
~~~~~~~~~~~~~~
|
||
Login Incorrect - An invalid ID and/or password was entered. This means
|
||
nothing. In UNIX there is no way guessing valid user IDs.
|
||
You may come across this one when trying to get in.
|
||
|
||
No More Logins - This happens when the system will not accept anymore logins.
|
||
The system could be going down.
|
||
|
||
Unknown Id - This happens if an invalid id is entered using (su) command.
|
||
|
||
Unexpected Eof In File - The file being stripped or the file has been damaged.
|
||
|
||
Your Password Has Expired - This is quite rare although there are situations
|
||
where it can happen. Reading the etc/passwd will
|
||
show you at how many intervals it changes.
|
||
|
||
You May Not Change The Password - The password has not yet aged enough. The
|
||
administrator set the quotas for the users.
|
||
|
||
Unknown Group (Group's Name) - Occurs when chgrp is executed, group does not
|
||
exist.
|
||
Sorry - Indicated that you have typed in an invalid super user password
|
||
(execution of the su).
|
||
|
||
Permission Denied! - Indicated you must be the owner or a super user to change
|
||
password.
|
||
|
||
Sorry <( Of Weeks) Since Last Change - This will happen when password has has
|
||
not aged enough and you tried to change
|
||
it (password).
|
||
|
||
(Directory Name): No Permission - You are trying to remove a directory which
|
||
you have no permission to.
|
||
|
||
(File Name) Not Removed - Trying to delete a file owned by another user that
|
||
you do not have write permission for.
|
||
|
||
(Dirname) Not Removed - Ownership of the dir is not your that your trying to
|
||
delete.
|
||
|
||
(Dirname) Not Empty - The directory contains files so you must have to delete
|
||
the files before execcant open [file name] - defined
|
||
wrong path, file name or you have no read permission.
|
||
|
||
Cp: (File Name) And (File Name) Are Identical - Self explanatory.
|
||
|
||
Cannot Locate Parent Directory - Occurs when using mv.
|
||
|
||
(File name) Not Found - File which your trying to move does not exist.
|
||
|
||
You Have Mail - Self explanatory.
|
||
|
||
|
||
Basic Networking Utility Error Messages
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
Cu: Not found - Networking not installed.
|
||
Login Failed - Invalid id/pw or wrong number specified.
|
||
Dial Failed - The systen never answered due to a wrong number.
|
||
UUCP Completely Failed - Did not specify file after -s.
|
||
Wrong Time to Call - You called at the time at a time not specified in the
|
||
Systems file.
|
||
System not in systems - You called a remote not in the systems file.
|
||
|
||
|
||
Logon Format
|
||
~~~~~~~~~~~~
|
||
The first thing you must do is switch to lower case. To identifing a UNIX,
|
||
this is what you will see;
|
||
|
||
AT&T Unix System V 3.0 (eg of a system identifier)
|
||
|
||
login:
|
||
or
|
||
Login:
|
||
|
||
Any of these is a UNIX. Here is where you will have to guess at a user valid
|
||
id. Here are some that I have come across; glr, glt, radgo, rml, chester, cat,
|
||
lom, cora, hlto, hwill, edcasey, and also some containing numbers; smith1,
|
||
mitu6, or special characters in it; bremer$, jfox. Login names have to be 3
|
||
to 8 chracters in length, lowercase, and must start with a letter. In some
|
||
XENIX systems one may login as "guest"
|
||
|
||
User Level Accounts (Lower Case)
|
||
~~~~~~~~~~~~~~~~~~~
|
||
In Unix there are what is called. These accounts can be used at the "login:"
|
||
prompt. Here is a list:
|
||
|
||
sys bin trouble daemon uucp nuucp rje lp adm
|
||
|
||
|
||
Super-User Accounts
|
||
~~~~~~~~~~~~~~~~~~~
|
||
There is also a super-user login which make UNIX worth hacking. The accounts
|
||
are used for a specific job. In large systems these logins are assingned to
|
||
users who have a responsibilty to maintain subsystems.
|
||
|
||
They are as follows (all lower case);
|
||
|
||
root - This is a must the system comes configured with it. It has no
|
||
restriction. It has power over every other account.
|
||
unmountsys - Unmounts files
|
||
setup - System set up
|
||
makefsys - Makes a new file
|
||
sysadm - Allows useful S.A commands (doesn't need root login)
|
||
powerdown - Powering system down
|
||
mountfsys - Mounts files
|
||
checkfsys - Checks file
|
||
|
||
These accounts will definitly have passwords assigned to them. These accounts
|
||
are also commands used by the system administrator. After the login prompt you
|
||
will receive a password prompt:
|
||
|
||
password:
|
||
or
|
||
Password:
|
||
|
||
Enter the password (it will not echo). The password rule is as follows; Each
|
||
password has to contain at least 6 characters and maximum of 8 characters. Two
|
||
of which are to be alphabetic letters and at least one being a number or a
|
||
special character. The alphabetic digits could be in upper case or lower
|
||
case. Here are some of the passwords that I have seen; Ansuya1, PLAT00N6,
|
||
uFo/78, ShAsHi.., Div417co.
|
||
|
||
The passwords for the super user accounts will be difficult to hack try the
|
||
accounts interchangebly; login:sysadm password:makefsys, or rje1, sysop,
|
||
sysop1, bin4, or they might contain letters, numbers, or special chracters in
|
||
them. It could be anything. The user passwords are changed by an aging
|
||
proccess at successive intervals. The users are forced to changed it. The
|
||
super-user will pick a password that will not need changing for a long period
|
||
of time.
|
||
|
||
|
||
You Have Made It!
|
||
~~~~~~~~~~~~~~~~~
|
||
The hard part is over and hopefully you have hacked a super-user account.
|
||
Remember Control-d stops a process and also logs you off. The next thing you
|
||
will probably see is the system news. Ex;
|
||
|
||
login:john
|
||
password:hacker1
|
||
|
||
System news
|
||
|
||
There will be no networking offered to the users till
|
||
August 15, due to hardware problems.
|
||
(Just An Example)
|
||
|
||
$
|
||
|
||
$ (this is the Unix prompt) - Waiting for a command to be entered.
|
||
- Means your logged in as root (Very Good).
|
||
|
||
A Word About The XENIX System III (Run On The Tandy 6000)
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
The largest weakness in the XENIX System III occurs after the installation
|
||
of the Profile-16 or more commonly know as the Filepro-16. I have seen the
|
||
Filepro-16 installed in many systems. The installation process creates an
|
||
entry in the password file for a user named \fBprofile\fR, an account that who
|
||
owns and administors the database. The great thing about it is that when the
|
||
account is created, no password is assigned to it. The database contains
|
||
executable to maintain it. The database creation programs perform a
|
||
\fBsetuid\fR to boot up the \fBoot\fR thereby giving a person the whole C
|
||
Shell to gain Super User privilege same as root. Intresting huh!
|
||
|
||
(* Note: First the article will inform you of how the Unix is made up.)
|
||
|
||
|
||
The Unix is made if three components - The Shell, The Kernal, File System.
|
||
|
||
The Kernal
|
||
~~~~~~~~~~
|
||
You could say that the kernal is the heart of the Unix operating system. The
|
||
kernal is a low level language lower than the shell which maintains processes.
|
||
The kernal handles memory usage, maintains file system the sofware and hardware
|
||
devices.
|
||
|
||
The Shell
|
||
~~~~~~~~~
|
||
The shell a higher level language. The shell had two important uses, to act as
|
||
command interpreture for example using commands like cat or who. The shell is
|
||
at work figuring out whether you have entered a command correctly or not. The
|
||
second most important reason for the shell is its ability to be used as
|
||
programing language. Suppose your performing some tasks repeatedly over and
|
||
over again, you can program the shell to do this for you.
|
||
|
||
(Note: This article will not cover shell programming.)
|
||
( Instead B.N.N will be covered. )
|
||
|
||
|
||
The File System
|
||
~~~~~~~~~~~~~~~
|
||
The file system in Unix is divided into 3 catagories: Directories, ordinary
|
||
files and special files (d,-).
|
||
|
||
Basic Stucture:
|
||
|
||
(/)-this is abreviation for the root dirctory.
|
||
|
||
root level root
|
||
(/) system
|
||
-------------------------------------|---------------------------------- level
|
||
| | | | | | | |
|
||
/unix /etc /dev /tmp /lib /usr /usr2 /bin
|
||
| _____|_____
|
||
login passwd | | |
|
||
level /john /cathy
|
||
________________________|_______________
|
||
| | | | | |
|
||
.profile /mail /pers /games /bin /michelle
|
||
*.profile - in case you | __|______ | __|_______
|
||
wish to change your environment, but capital | | data | | |
|
||
after you log off, it sets it to othello starwars letter letter1
|
||
default.
|
||
|
||
/unix - This is the kernal.
|
||
/etc - Contains system administrators files,Most are not available to the
|
||
regular user (this dirrctory contains the /passwd file).
|
||
|
||
Here are some files under /etc directory:
|
||
/etc/passwd
|
||
/etc/utmp
|
||
/etc/adm/sulog
|
||
/etc/motd
|
||
/etc/group
|
||
/etc/conf
|
||
/etc/profile
|
||
|
||
/dev - contains files for physical devices such as printer and the disk drives
|
||
/tmp - temporary file directory
|
||
/lib - dirctory that contains programs for high level languages
|
||
/usr - this directory contains dirctories for each user on the system
|
||
/bin - contain executable programs (commands)
|
||
|
||
The root also contains:
|
||
/bck - used to mount a back up file system.
|
||
/install - Used to install and remove utilities
|
||
/lost+found - This is where all the removed files go, this dir is used by fsck
|
||
/save -A utility used to save data
|
||
/mnt - Used for temporary mounting
|
||
|
||
**Now the fun part scouting around**
|
||
|
||
Local Commands (Explained In Details)
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
At the unix prompt type the pwd command. It will show you the current working
|
||
directory you are in.
|
||
|
||
$ pwd
|
||
$ /usr/admin - assuming that you have hacked into a super user account
|
||
check fsys
|
||
$
|
||
|
||
This gives you the full login directory. The / before tell you the location of
|
||
the root directory.
|
||
|
||
Or
|
||
|
||
(REFER TO THE DIAGRAM ABOVE)
|
||
$ pwd
|
||
$ /usr/john
|
||
$
|
||
Assuming you have hacked into John's account.
|
||
|
||
Lets say you wanted to move down to the Michelle directory that contains
|
||
letters. You would type in;
|
||
|
||
$ cd michelle or cd usr/john/michelle
|
||
$ pwd
|
||
$ /usr/john/michelle
|
||
$
|
||
|
||
Going back one directory up type in:
|
||
$ cd ..
|
||
or going to your parent directory just type in "cd"
|
||
|
||
Listing file directories assuming you have just logged in:
|
||
$ ls /usr/john
|
||
mail
|
||
pers
|
||
games
|
||
bin
|
||
michelle
|
||
This wont give you the .profile file. To view it type
|
||
$ cd
|
||
$ ls -a
|
||
:
|
||
:
|
||
.profile
|
||
|
||
To list file names in Michelle's directory type in:
|
||
$ ls michelle (that if your in the johns directory)
|
||
$ ls /usr/john/michelle(parent dir)
|
||
|
||
ls -l
|
||
~~~~~
|
||
The ls -l is an an important command in unix.This command displays the whole
|
||
directory in long format :Run this in parent directory.
|
||
$ ls -l
|
||
total 60
|
||
-rwxr-x--- 5 john bluebox 10 april 9 7:04 mail
|
||
drwx------ 7 john bluebox 30 april 2 4:09 pers
|
||
: : : : : : :
|
||
: : : : : : :
|
||
-rwxr-x--- 6 cathy bluebox 13 april 1 13:00 partys
|
||
: : : : : : :
|
||
$
|
||
|
||
The total 60 tells one the ammount of disk space used in a directory. The
|
||
-rwxr-x--- is read in triples of 3. The first chracter eg (-, d, b, c) means
|
||
as follows: - is an ordinary file, d is a directory, b is block file, c is a
|
||
character file.
|
||
|
||
The r stands for read permission, w is write permission, x is execute. The
|
||
first column is read in 3 triples as stated above. The first group of 3 (in
|
||
-rwxr-x---) after the "-" specifies the permission for the owner of the file,
|
||
the second triple are for the groups (the fourth column) and the last triple
|
||
are the permissions for all other users. Therefore, the -rwxr-x--- is read as
|
||
follows.
|
||
|
||
The owner, John, has permission to read, write, and execute anything in the bin
|
||
directory but the group has no write permission to it and the rest of the users
|
||
have no permission at all. The format of one of the lines in the above output
|
||
is as follows:
|
||
|
||
file type-permissions, links, user's name, group, bytes taken, date, time when
|
||
last renued, directory, or file name.
|
||
|
||
*** You will be able to read, execute Cathy's ***
|
||
*** file named partly due to the same group. ***
|
||
|
||
Chmod
|
||
~~~~~
|
||
The chmod command changes permission of a directory or a file. Format is
|
||
chmod who+, -, =r , w, x
|
||
|
||
The who is substituted by u-user, g-group, o-other users, a-all.
|
||
The + means add permission, - means remove permission, = - assign.
|
||
Example: If you wanted all other users to read the file name mail, type:
|
||
|
||
$ chmod o+r mail
|
||
|
||
Cat
|
||
~~~
|
||
Now suppose you wanted to read the file letter. There are two ways to doing
|
||
this. First go to the michelle directory then type in:
|
||
|
||
$ cat letter
|
||
line one ...\
|
||
line two ... }the output of letter
|
||
line three../
|
||
$
|
||
or
|
||
If you are in the parent directory type in:
|
||
$ cat /usr/john/michelle/letter
|
||
and you will have the same output.
|
||
|
||
Some cat options are -s, -u, -v, -e, -t
|
||
|
||
Special Chracters in Unix
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
* - Matches any number of single characters eg. ls john* will list all
|
||
files that begin with john
|
||
[...] - Matchs any one of the chracter in the [ ]
|
||
? - Matches any single chracter
|
||
& - Runs a process in the backgroung leaving your terminal free
|
||
$ - Values used for variables also $n - null argument
|
||
> - Redirectes output
|
||
< - Redirects input to come from a file
|
||
>> - Redirects command to be added to the end of a file
|
||
| - Pipe output (eg:who|wc-l tells us how many users are online)
|
||
"..." - Turn of meaning of special chracters excluding $,`
|
||
`...` - Allows command output in to be used in a command line
|
||
'...' - Turns of special meaning of all chracters
|
||
|
||
Continuation Of Local Commands
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
man [command] or [c/r] -will give you a list of commands explainations
|
||
help - available on some UNIX systems
|
||
mkdir [dir name(s)] - makes a directory
|
||
rmdir [dir name(s)] - removes directory.You wont be able to remove the
|
||
directory if it contains files in them
|
||
rm [file name(s)] - removes files. rm * will erase all files in the current
|
||
dir. Be carefull you! Some options are:
|
||
[-f unconditional removal] [-i Prompts user for y or n]
|
||
|
||
ps [-a all processes except group leaders] [-e all processes] [-f the whole
|
||
list] - This command reports processes you are running eg:
|
||
|
||
$ps
|
||
PID TTY TIME COMMAND
|
||
200 tty09 14:20 ps
|
||
|
||
The systems reports (PID - process idenetification number which is a number
|
||
from 1-30,000 assigned to UNIX processes)
|
||
It also reports the TTY,TIME and the COMMAND being executed at the time.
|
||
To stop a process enter :
|
||
|
||
$kill [PID] (this case its 200)
|
||
200 terminated
|
||
$
|
||
|
||
grep (argument) - searches for an file that contains the argument
|
||
mv (file names(s)) ( dir name ) - renames a file or moves it to another
|
||
directory
|
||
cp [file name] [file name] - makes a copy of a file
|
||
write [login name ] - to write to other logged in users. Sort of a chat
|
||
mesg [-n] [-y] - doesn't allow others to send you messages using the write
|
||
command. Wall used by system adm overrides it.
|
||
$ [file name] - to execute any file
|
||
wc [file name] - Counts words, characters,lines in a file
|
||
stty [modes] - Set terminal I/O for the current devices
|
||
sort [filename] - Sorts and merges files many options
|
||
spell [file name] > [file name] - The second file is where the misspelt words
|
||
are entered
|
||
date [+%m%d%y*] [+%H%%M%S] - Displays date acoording to options
|
||
at [-r] [-l] [job] - Does a specified job at a specified time. The -r Removes
|
||
all previously scheduled jobs.The -l reports the job and
|
||
status of all jobs scheduled
|
||
write [login] [tty] - Sends message to the login name. Chat!
|
||
|
||
|
||
Su [login name]
|
||
~~~~~~~~~~~~~~~
|
||
The su command allows one to switch user to a super user to a user. Very
|
||
important could be used to switch to super user accounts.
|
||
Usage:
|
||
|
||
$ su sysadm
|
||
password:
|
||
|
||
This su command will be monitored in /usr/adm/sulog and this file of all files
|
||
is carefully monitered by the system administrator.Suppose you hacked in john's
|
||
account and then switched to the sysadm account (ABOVE) your /usr/adm/su log
|
||
entry would look like:
|
||
|
||
SU 04/19/88 21:00 + tty 12 john-sysadm
|
||
|
||
Therfore the S.A(system administrator) would know that john swithed to sysadm
|
||
account on 4/19/88 at 21:00 hours
|
||
|
||
|
||
Searching For Valid Login Names:
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
Type in-
|
||
$ who ( command informs the user of other users on the system)
|
||
cathy tty1 april 19 2:30
|
||
john tty2 april 19 2:19
|
||
dipal tty3 april 19 2:31
|
||
:
|
||
:
|
||
tty is the user's terminal, date, time each logged on. mary, dr.m are valid
|
||
logins.
|
||
|
||
Files worth concatenating(cat)
|
||
|
||
|
||
/etc/passwd file
|
||
~~~~~~~~~~~~~~~~
|
||
The etc/passwd is a vital file to cat. For it contains login names of all
|
||
users including super user accounts and there passwords. In the newer SVR3
|
||
releases they are tighting their security by moving the encrypted passwords
|
||
from /etc/passwd to /etc/shadow making it only readable by root.
|
||
This is optional of course.
|
||
|
||
$ cat /etc/passwd
|
||
root:D943/sys34:0:1:0000:/:
|
||
sysadm:k54doPerate:0:0:administration:usr/admin:/bin/rsh
|
||
checkfsys:Locked;:0:0:check file system:/usr/admin:/bin/rsh
|
||
:
|
||
other super user accs.
|
||
:
|
||
john:hacker1:34:3:john scezerend:/usr/john:
|
||
:
|
||
other users
|
||
:
|
||
$
|
||
|
||
If you have reached this far capture this file as soon as possible. This is a
|
||
typical output etc/passwd file. The entries are seperated by a ":". There
|
||
made be up to 7 fields in each line.
|
||
Eg.sysadm account.
|
||
|
||
The first is the login name in this case sysadm.The second field contains the
|
||
password. The third field contains the user id."0 is the root." Then comes
|
||
the group id then the account which contains the user full name etc. The sixth
|
||
field is the login directory defines the full path name of the the paticular
|
||
account and the last is the program to be executed. Now one can switch to
|
||
other super user account using su command descibed above. The password entry
|
||
in the field of the checkfsys account in the above example is "Locked;". This
|
||
doesn't mean thats its a password but the account checkfsys cannot be accessed
|
||
remotely. The ";" acts as an unused encryption character. A space is also
|
||
used for the same purpose. You will find this in many UNIX systems that are
|
||
small systems where the system administrator handles all maintaince.
|
||
|
||
If the shawdowing is active the /etc/passwd would look like this:
|
||
|
||
root:x:0:1:0000:/:
|
||
sysadm:x:0:0:administration:/usr/admin:/bin/rsh
|
||
|
||
The password filed is substituted by "x".
|
||
|
||
The /etc/shawdow file only readable by root will look similar to this:
|
||
|
||
root:D943/sys34:5288::
|
||
:
|
||
super user accounts
|
||
:
|
||
Cathy:masai1:5055:7:120
|
||
:
|
||
all other users
|
||
:
|
||
|
||
The first field contains users id: The second contains the password (The pw
|
||
will be NONE if logining in remotely is deactivated): The third contains a
|
||
code of when the password was last changed: The fourth and the fifth contains
|
||
the minimum and the maximum numbers of days for pw changes (its rare that you
|
||
will find this in the super user logins due to there hard to guess passwords)
|
||
|
||
|
||
/etc/options
|
||
~~~~~~~~~~~~
|
||
The etc/options file informs one the utilities available in the system.
|
||
-rwxr-xr-x 1 root sys 40 april 1:00 Basic Networking utility
|
||
|
||
|
||
/etc/group
|
||
~~~~~~~~~~
|
||
The file has each group on the system. Each line will have 4 entries separated
|
||
by a ":". Example of concatenated /etc/group:
|
||
|
||
root::0:root
|
||
adm::2:adm,root
|
||
bluebox::70:
|
||
|
||
Group name:password:group id:login names
|
||
** It very unlikely that groups will have passwords assigned to them **
|
||
The id "0" is assigned to /
|
||
|
||
|
||
Sending And Recieving Messages
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
Two programs are used to manage this. They are mail & mailx. The difference
|
||
between them is that mailx is more fancier thereby giving you many choices like
|
||
replying message, using editors, etc.
|
||
|
||
|
||
Sending
|
||
~~~~~~~
|
||
The basic format for using this command is:
|
||
|
||
$mail [login(s)]
|
||
(now one would enter the text after finishing enter "." a period on the next
|
||
blank line)
|
||
$
|
||
|
||
This command is also used to send mail to remote systems. Suppose you wanted
|
||
to send mail to john on a remote called ATT01 you would type in:
|
||
|
||
$mail ATT01!john
|
||
|
||
Mail can be sent to several users, just by entering more login name after
|
||
issuing the mail command
|
||
|
||
Using mailx is the same format:(This I'll describe very briefly) $mailx john
|
||
subject:(this lets you enter the subject)
|
||
(line 1)
|
||
(line 2)
|
||
(After you finish enter (~.) not the brackets of course, more commands are
|
||
available like ~p, ~r, ~v, ~m, ~h, ~b, etc.).
|
||
|
||
|
||
Receiving
|
||
~~~~~~~~~
|
||
After you log on to the system you will the account may have mail waiting.
|
||
You will be notified "you have mail."
|
||
To read this enter:
|
||
$mail
|
||
(line 1)
|
||
(line 2)
|
||
(line 3)
|
||
?
|
||
$
|
||
|
||
After the message you will be prompted with a question mark. Here you have a
|
||
choice to delete it by entering d, saving it to view it later s, or just press
|
||
enter to view the next message.
|
||
|
||
(DON'T BE A SAVANT AND DELETE THE POOR GUY'S MAIL)
|
||
|
||
|
||
Super User Commands
|
||
~~~~~~~~~~~~~~~~~~~
|
||
$sysadm adduser - will take you through a routine to add a user (may not last
|
||
long)
|
||
|
||
Enter this:
|
||
|
||
$ sysadm adduser
|
||
password:
|
||
(this is what you will see)
|
||
/--------------------------------------------------------------------------\
|
||
Process running succommmand `adduser`
|
||
USER MANAGMENT
|
||
|
||
Anytime you want to quit, type "q".
|
||
If you are not sure how to answer any prompt, type "?" for help
|
||
|
||
If a default appears in the question, press <RETURN> for the default.
|
||
|
||
Enter users full name [?,q]: (enter the name you want)
|
||
Enter users login ID [?,q]:(the id you want to use)
|
||
Enter users ID number (default 50000) [?,q) [?,q]:( press return )
|
||
Enter group ID number or group name:(any name from /etc/group)
|
||
Enter users login home directory:(enter /usr/name)
|
||
|
||
This is the information for the new login:
|
||
Users name: (name)
|
||
login ID:(id)
|
||
users ID:50000
|
||
group ID or name:
|
||
home directory:/usr/name
|
||
Do you want to install, edit, skip [i, e, s, q]? (enter your choice if "i"
|
||
then)
|
||
Login installed
|
||
Do you want to give the user a password?[y,n] (its better to enter one)
|
||
New password:
|
||
Re-enter password:
|
||
|
||
Do you want to add another login?
|
||
\----------------------------------------------------------------------------/
|
||
|
||
This is the proccess to add a user. Since you hacked into a super user account
|
||
you can make a super user account by doing the following by entering 0 as an
|
||
user and a group ID and enter the home directory as /usr/admin. This will give
|
||
you as much access as the account sysadm.
|
||
|
||
**Caution** - Do not use login names like Hacker, Cracker,Phreak etc. This is
|
||
a total give away.
|
||
|
||
The process of adding a user wont last very long the S.A will know when he
|
||
checks out the /etc/passwd file
|
||
|
||
$sysadm moduser - This utility allows one to modify users. DO NOT ABUSE!!
|
||
!
|
||
|
||
Password:
|
||
|
||
This is what you'll see:
|
||
|
||
/----------------------------------------------------------------------------\
|
||
MODIFYING USER'S LOGIN
|
||
|
||
1)chgloginid (This is to change the login ID)
|
||
2)chgpassword (Changing password)
|
||
3)chgshell (Changing directory DEFAULT = /bin/sh)
|
||
|
||
ENTER A NUMBER,NAME,INITIAL PART OF OF NAME,OR ? OR <NUMBER>? FOR HELP, Q TO
|
||
QUIT ?
|
||
\----------------------------------------------------------------------------/
|
||
|
||
Try every one of them out.Do not change someones password.It creates a havoc.
|
||
If you do decide to change it.Please write the original one down somewhere
|
||
and change back.Try not to leave to many traces after you had your fun. In
|
||
choice number 1 you will be asked for the login and then the new one. In
|
||
choice number 2 you will asked for the login and then supplied by it correct
|
||
password and enter a new one. In choice 3 this is used to a pchange the login
|
||
shell ** Use full ** The above utilites can be used separatly for eg (To
|
||
change a password one could enter: $sysadm chgpasswd not chapassword, The rest
|
||
are same)
|
||
|
||
$sysadm deluser - This is an obviously to delete a user password:
|
||
|
||
This will be the screen output:
|
||
/---------------------------------------------------------------------------\
|
||
Running subcommand 'deluser' from menu 'usermgmt'
|
||
USER MANAGEMENT
|
||
|
||
This fuction completely removes the user,their mail file,home directory and all
|
||
files below their home directory from the machine.
|
||
|
||
Enter login ID you wish to remove[q]: (eg.cathy)
|
||
'cathy' belongs to 'Cathy Franklin'
|
||
whose home directory is /usr/cathy
|
||
Do you want to remove this login ID 'cathy' ? [y,n,?,q] :
|
||
|
||
/usr/cathy and all files under it have been deleted.
|
||
|
||
Enter login ID you wish to remove [q]:
|
||
\--------------------------------------------------------------------------/
|
||
This command deletes everthing owned by the user.Again this would be stupid to
|
||
use.
|
||
|
||
|
||
Other Super User Commands
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
wall [text] control-d - to send an anouncement to users logged in (will
|
||
override mesg -n command). Execute only from /
|
||
/etc/newgrp - is used to become a member of a group
|
||
|
||
sysadm [program name]
|
||
delgroup - delets groups
|
||
diskuse - Shows free space etc.
|
||
whoson - self explanatory
|
||
lsgroup - Lists group
|
||
mklineset -hunts various sequences
|
||
|
||
|
||
Basic Networking Unility (BNU)
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
||
The BNU is a unique feature in UNIX.Some systems may not have this installed.
|
||
What BNU does is allow other remote UNIXes communicate with yours without
|
||
logging off the present one.BNU also allowes file transfer between computers.
|
||
Most UNIX systems V will have this feature installed.
|
||
|
||
The user program like cu,uux etc are located in the /usr/bin directory
|
||
|
||
Basic Networking Files
|
||
~~~~~~~~~~~~~~~~~~~~~~
|
||
/usr/lib/uucp/[file name]
|
||
[file name]
|
||
systems - cu command to establishes link.Contains info on remote computers
|
||
name, time it can be reached, login Id, password, telephone numbers
|
||
devices - inter connected with systems files (Automatic call unit same in two
|
||
entries) also contains baud rate, port tty1, etc.
|
||
|
||
dialers - where asscii converation must be made before file tranfers etc.
|
||
dialcodes - contains abreiviations for phone numbers that can be used in
|
||
systems file
|
||
|
||
other files are sysfiles, permissions, poll, devconfig
|
||
|
||
Logining On To Remote And Sending+Receiving Files
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
cu - This command allows one to log on to the local as well as the remote Unix
|
||
(or a non unix)without haveing to hang up so you can transfer files.
|
||
Usage:[options]
|
||
|
||
$ cu [-s baud rate][-o odd parity][-e even parity][-l name of comm line]
|
||
telephone number | systemname
|
||
|
||
To view system names that you can communicate with use the 'unname' command:
|
||
Eg. of output of names:
|
||
|
||
ATT01
|
||
ATT02
|
||
ATT03
|
||
ATT04
|
||
|
||
|
||
$ cu -s300 3=9872344 (9872344 is the tel)
|
||
connected
|
||
login:
|
||
password:
|
||
|
||
Local Strings
|
||
~~~~~~~~~~~~~
|
||
<~.> - will log you off the remote terminal, but not the local
|
||
<control-d> - puts you back on the remote unix local (the directory which you
|
||
are in)
|
||
"%put [file name] - reverse of above
|
||
|
||
Ct
|
||
~~
|
||
ct allows local to connect to remote.Initiates a getty on a remote terminal.
|
||
Usefull when using a remote terminal.BNU has call back feature that allows the
|
||
user on the remote who can execute a call back meaning the local can call the
|
||
remote.[ ] are options
|
||
|
||
$ ct [-h prevent automatic hang up][-s bps rate][-wt set a time to call back
|
||
abbrieviated t mins] telephone number
|
||
|
||
Uux
|
||
~~~
|
||
To execute commands on a remote (unix to unix)
|
||
usage:[ ] are options
|
||
|
||
$ uux [- use standard output][-n prevent mail notification][-p also use
|
||
standard output] command-string
|
||
|
||
UUCP
|
||
~~~~
|
||
UUCP copies files from ones computer to the home directory of a user in remote
|
||
system. This also works when copying files from one directory to another in
|
||
the remote. The remote user will be notified by mail. This command becomes
|
||
use full when copying files from a remote to your local system. The UUCP
|
||
requires the uucico daemon will call up the remote and will perform file login
|
||
sequence, file transfer, and notify the user by mail. Daemons are programs
|
||
runining in the background. The 3 daemons in a Unix are uucico, uusched,
|
||
uuxqt.
|
||
|
||
Daemons Explained: [nows a good time to explain the 3 daemons]
|
||
~~~~~~~~~~~~~~~~~
|
||
Uuxqt - Remote execution. This daemon is executed by uudemon.hour started by
|
||
cron.UUXQT searchs in the spool directory for executable file named
|
||
X.file sent from the remote system. When it finds a file X .file where
|
||
it obtains process which are to be executed. The next step is to find
|
||
weather the processes are available at the time.The if available it
|
||
checks permission and if everthing is o.k it proceeds the background
|
||
proccess.
|
||
|
||
Uucico - This Daemon is very immportant for it is responsible in establishing
|
||
a connection to the remote also checks permission, performs login
|
||
procedures,transfers + executes files and also notifies the user by
|
||
mail. This daemon is called upon by uucp,uuto,uux commands.
|
||
|
||
Uusched - This is executed by the shell script called uudemon.hour. This
|
||
daemons acts as a randomizer before the UUCICO daemon is called.
|
||
|
||
|
||
Usage:
|
||
|
||
$ uucp [options] [first full path name!] file [destination path!] file example:
|
||
|
||
$ uucp -m -s bbss hackers unix2!/usr/todd/hackers
|
||
|
||
What this would do is send the file hackers from your computer to the remotes
|
||
/usr/todd/hackers making hackers of course as file. Todd would mail that a
|
||
file has been sent to him. The Unix2 is the name of the remote. Options for
|
||
UUCP: (Don't forget to type in remotes name Unix2 in case)
|
||
-c dont copy files to spool directory
|
||
-C copy to spool
|
||
-s[file name] - this file will contain the file status(above is bbss)
|
||
-r Dont start the comm program(uucico) yet
|
||
-j print job number(for above eg.unix2e9o3)
|
||
-m send mail when file file is complete
|
||
|
||
Now suppose you wanted to receive file called kenya which is in the
|
||
usr/ dan/usa to your home directory /usr/john assuming that the local systems
|
||
name is ATT01 and you are currently working in /usr/dan/usa,you would type in:
|
||
|
||
$uucp kenya ATT01!/usr/john/kenya
|
||
|
||
Uuto
|
||
~~~~
|
||
The uuto command allows one to send file to remote user and can also be used to
|
||
send files locally.
|
||
|
||
Usage:
|
||
|
||
$ uuto [file name] [system!login name]( omit systen name if local)
|
||
|
||
|
||
Conclusion
|
||
~~~~~~~~~~
|
||
Theres always more one can say about the UNIX, but its time to stop. I hope
|
||
you have enjoyed the article. I apologize for the length. I hope I made the
|
||
UNIX operating system more familiar. The contents of the article are all
|
||
accurate to my knowledge. Hacking into any system is illegal so try to use
|
||
remote dial-ups to the job. Remember do not abuse any systems you hack into
|
||
for a true hacker doesn't like to wreck, but to learn.
|
||
|
||
Watch for my new article on using PANAMAC airline computers coming soon.
|
||
|
||
Red Knight
|
||
P/HUN!
|
||
<<T.S.A.N>>
|
||
=========================================================================
|