UnderGround Information
****> UNIX Hacking Made Easy <****
Brought to you by Shadow Lord (Shadow)
-Background-
UNIX is one of the most commonly used systems. Many small businesses and
a few corporations run a UNIX system accessible by modem. Most UNIX systems
run 1200 and 2400 baud modems, but a few of the older ones still use 300. UNIX
is used for programming, mail, and various programs can be run from it. UNIX
has suprisingly low security for such a widely-used system. Most of the
operators leave the default passwords in, even on the accounts in which the
user has no restrictions. This leaves UNIX systems wide open for hacking...
-Getting On-
I suggest using an exchange scanner (such as Code Thief or Fuckin' Hacker)
to find numbers of UNIX systems. When you call, make sure you are not using
ANSI-BBS emulation, UNIX does not support it, so everything will appear as
garbage. Once you connect, hit return a few times and the 'login:' prompt
should come up. UNIX systems are case-sensitive, so make sure you're using
lower-case. After the account name is entered, the 'Password:' prompt will
appear. Passwords are not echoed to the screen. If a correct account and
password are given, you will be given access and some prompt, shown as a $ or #
or some character of that sort will give you the go-ahead. I attempts, others give you unlimited tries.
Bad login attempts are not reported to the system operator, so you can try as
often as you like.
-Once You're Inside-
To find out what's in the directory that you're in, type 'ls' (list
files). You can change directories much like you can in MS-DOS, use 'cd'
(change directory) and than the name of the directory you want to go in. The
'ls' command does not specify what names are names of files and what names are
names of directories, but if you try to cd into a file it will tell you that
the directory is not valid. Use the 'rmdir' and 'mkdir' commands to make and
remove directories. 'rm' also removes a file. The 'passwd' commands lets you
change the password on the account that you're on. To find out who else is on,
use the 'who' command. This will display the account name and if they are
logged on locally or they are calling by modem (it will say tty01 or something
to that nature). The 'mail' command works by typing 'mail whoever' and it will
bring up the mail facility. Enter as much text as you like, and hit Cntrl-D to
send the message. The 'wall' (write all) command allows you to broadcast to
everyone logged on at the present time. ASCII uploads of regular or text files
can be used for mail or broadcasts. Try sending a very large program in a
message to the system operator if you'd like to piss him/her off.
The 'cat' (display file) command lets you look at the contents of any file
(format: cat filename). Hit Cntrl-D or escape or Cntrl-C (try them all; it
depends on the system) to abort this process. If you are on the root account,
you can use the 'su' (super-user) command to become the system operator (no
restrictions). The su is obviously ideal. UNIX has a very good help facility
which will give you an additional list of commands, etc.
-Useful Information-
In order to escape detection, go into the usr\adm directory and remove the
file call sulog. This is the system usage logfile, it contains the information
on who has called (like the last callers file on a bbs). Also, if you can get
into the directory called etc you should display the file called passwd. It
contains a list of all of the accounts and their passwords. Bad new, the
accounts that have passwords are encrypted. But as I said before, a lot of
people leave accounts unpassworded or at the default passwords. The format is:
ACCOUNT NAME:password:0:0:description of purpose:/directory
The 0:0 or whatever numbers show up are just some stuff you don't need, they
are restrictions. Lower numbers means higher access pretty much. But if one
account skips right from the account name to the numbers, than it is
unpassworded.
List Of Common UNIX Accounts
root super sa startup shutdown daemon sys bin adm ncrm uucp
nuucp sync lp admin sysadm unix rje guest demo sysbin
sysadmin PCpath asg standard suggest dosadm pcuser ackmail
altos informix r00t css backup gpcnet nobody ingress sysdiag
convert async ingres cron asg sysinfo network dos filepro gpc
Also try first names (all in lower case), and the name of the company (if you
know it). I have seen all of the above accounts on UNIX systems. root, sa,
super, adm, sysadm, and sysadmin are all high-level accounts. Some of the
accounts are unpassworded, others simply use the account name as the password
(what security!). The general rule is that after you enter account name at the
login: prompt, if the password prompt appears very quickly then the account you
have entered is not valid. If it takes a few seconds, then you've probably hit
a valid account.
-Close-
Downloaded From P-80 Systems 304-744-2253