dslogo1.gif
Home
Tutorials
Password Crackers
Dictionary/Word Lists
Unix
Encryption
Port Scanners
Privacy/Anonymity
Trojans
Contact/About Me
The Lighter Side
Proxy Servers
Password Managers
Anti-Trojan/Virus
Personal Firewalls
Anti-Spyware
Secure File Deletion
Internet Cleanup Tools
PC Access Control
System Utilities
Email Security
Instant Messengers
Virus Creation Software
IRC
Web Development
Digital Soldier M.A.M.E
Digital Soldier Wallpaper
Digital Soldier Emulation
Digital Soldier Javascripts
Digital Soldier Games Spot

Introduction to Hacking, Part IV
Unix
by euDaemon
euDaemon@email.ro
The Liberation of Information Specialist Team
L_I_S_T@email.ro

Disclaimer (I have to do this so that I don't get into trouble): "We, whoever we are at the current time, are not responsible for your actions as the result of anything, especially such things that pertain to this site. If your ignorance of local, state, and/or federal laws pertaining to anything mentioned to or hinted at by us lands you in a position you don't like (i.e prison, jail, or the liable end of a lawsuit), remember that it is not L.I.S.T., it's members, God's, Jesus's, Allah's, Jehovah's, or anybody else's responsibility but your own. We didn't make you do anything, nor would we. It is also the intention of this disclaimer that we hold to, not it's exact wording: if you think there's a legal loophole that you've found that holds us liable for you're actions, you're most likely right. However it is the spirit of this disclaimer that should be followed.


Okay, this time around we're going to learn some more about port surfing. I'll also tell you the most common passwords for root access in Unix, and what to do once you have access.

You remember what ports are from last time we met, right? If not, then you're out of luck, because I'm starting where I left off. As I was saying last time, you can either port surf by hand, which can become a long and arduous task, or you can use a program to do it for you, as most people like to do. The program favored by my associates is Port Surf. For reference (and because I'm just an all-around nice guy), I have listed here some ports that are often open, and what their function usually is (not always):

    Port:             Function:

    7             Echo (Sends everything back to you)
    9             Discard
    13             Daytime (Tells you the date and time)
    15             Netstat (Network info)
    17             [Random quote(?)]
    19             [Character generator]
    21             Ftp (File Transfer Protocol)
    23             Telnetd (The Telnet port)
    25             Smtp (Email)
    37             Time (Tells you the time)
    39             Rlp
    42             [Nameserver]
    43             Whois (you should remember what whois is)
    53             DNS
    67             Bootp
    70             Gopher (ancient search utility)
    79             Fingerk
    80 / 8080        Http (Web pages)
    80 / 8080 / 5580    Military http
    87             Link
    110             POP 3 (mail)
    113             Identd
    119             Nntp
    139             Netbios
    144             Newsk
    512             Execk
    513             Login
    514             [Remote login]
    515             Pkill
    517             Ktalk
    518             Ntalk
    533             Netwall
    560             Rmonitor
    561             Monitor
    750             Kerberos
    6667             [IRC servers]


The function in each port is actually a daemon. What the hell is a daemon, you ask? A daemon is a small program that runs in the background in Unix. Most of these are exploitable. Many port-surfing programs will tell you when it comes across a daemon with a known exploit.

Once you have found an open port (usually not too hard), you will either see a prompt or "login:". If you see "login:" then you are going to need a username and password to get in. If you guess a username, but don't enter a password, then you are in what is called a non-gifted account. If you guess a username and password, then you have a user account. If you guess the root password, then you have a super-user account. Obviously, the root password is the most desirable. All Unix systems have users root, sys, daemon, uucp, and adm. Usernames are 1-8 characters in length, and usually based on the person's name (jsmith, john, j.smith, johns). Passwords are 6-8 characters in length, and often have restrictions on them (such as at least one capital letter and 2 numbers). The easiest way to get a password is to get a password cracking program (CrackerJack is the most popular), and set it to work. If you can't find it, or don't want to use it, then here are some common usernames and passwords:

    login:        Password:

    root        root,system,etc..
    sys        sys,system
    daemon        daemon
    uucp        uucp
    tty        tty
    test        test
    unix        unix
    bin        bin
    adm        adm
    who        who
    learn        learn
    uuhost        uuhost
    nuucp        nuucp

And if this fails, you could always resort to running a "whois" on the server, call up one of the phone numbers, and try to SE (social engineer) a password out of them (For you who don't know what social engineering is, see Bit Maestro's "Newbies Guide to Social Engineering").

Once you have found a username and password, you should be presented with a prompt. Unix prompts can look however the system administrator feels like, so don't be shocked when the prompt isn't what you expect it to be. Some common ones are: "%", "#", and "$".

Okay, the first thing you will want to do is secure the usernames and passwords. These are located in the passwd file, usually in the /etc directory, although it can be changed (look around a bit). Try typing in "cat /etc/passwd", and if you see a bunch of stuff on the screen, then you're in luck. It should look something like this:

    root:efbipsj:0:0:root dir:/:
    jsmith:tycngtsf:2:3:John Smith:/bin:/bin/jsmith

and a bunch more like it. The second line tells us that there's a username "jsmith". His password (encrypted) is tycngtsf, he is in user group 2, and is user 3. His name is John Smith, and his home directory (/jsmith) is located in /bin. If there are two colons following a username (as in jsmith::2:3:...), then you don't need to enter a password.

The next part of this series is a glossary of terms, so you might or might not want to read it. I don't know what Part VI will be yet...you'll just have to wait and see.

The only crime of a true hacker is that of outsmarting others.

-eD