Hacking Servers

Part 1: Simple UNIX Commands

Most DOS commands have UNIX and Linux equivalents. Listed below are

some of the main commands you will need to know to use a shell account.

HELP = HELP

COPY = CP

MOVE = MV

DIR = LS

DEL = RM

CD = CD

To see who else is on the system you can type WHO. To get information

about a specific user on the system type FINGER . Using those basic

UNIX commands you can learn all you need to know about the system you are

using.

Part 2: Cracking Passwords

On UNIX systems the file that contains the passwords for all the users

on the system is located in the /etc directory. The filename is passwd. I bet

your thinking...."Great. All I have to do is get the file called /etc/passwd

and I'll be a hacker." If that is what you are thinking then you are dead

wrong. All the accounts in the passwd file have encrypted passwords. These

passwords are one-way encrypted which means that there is no way to decrypt

them. However, there are programs that can be used to obtain passwords from

the file. The name of the program that I have found to be the best password

cracker is called "Cracker Jack." This program uses a dictionary file composed

of thousands of words. It compares the encrypted forms of the words in the

list to the encrypted passwords in the passwd file and it notifies you when

it finds a match. Cracker Jack can be found at my web site which is at

http://www.geocities.com/SiliconValley/9185

Some wordlists can be found at the following ftp site: sable.ox.ac.uk/

pub/wordlists. To get to the wordlist that I usually use goto that ftp site

then goto the American directory. Once you are there download the file called

dic-0294.tar.Z which is about 4 MB. To use that file it must be uncompressed

using a program like Gzip for DOS or Winzip for Windows. After uncompressing

the file it should be a text file around 8 MB and it is best to put it in the

same directory as your cracking program. To find out how to use Cracker Jack

just read the documentation that is included with it.

Part 3: The Hard Part (Finding Password Files)

Up till now I have been telling you the easy parts of hacking a

server. Now we get to the more difficult part. It's common sense. If the

system administrator has a file that has passwords for everyone on his or her

system they are not going to just give it to you. You have to have a way to

retrieve the /etc/passwd file without logging into the system. There are 2

simple ways that this can sometimes be accomplished. Often the /etc directory

is not blocked from FTP. To get the passwd file this way try using an FTP

client to access the site anonymously then check the /etc directory to see if

access to the passwd file is restricted. If it is not restricted then download

the file and run Cracker Jack on it. If it is restricted then try plan B. On

some systems there is a file called PHF in the /cgi-bin directory. If there

is then you are in luck. PHF allows users to gain remote access to files

(including the /etc/passwd file) over the world wide web. To try this method

goto your