[ Pobierz całość w formacie PDF ]

A Basic UNIX Overview

 

Asriel

 

 

  UNIX FOR DOS ADDICTED WaReZ PuPPieZ AND THEIR PETS

 

 

  Introduction

  ------------

 

  One of the most common operating systems in existance is Unix. Unix

  exists in many different flavors, from Berkeley BSD to AT&T System V

  to SunOs. Basic working knowledge of Unix is almost essential to a

  hacker, as it is the system a hacker is most likely to come across.

  If you intend to use the internet at all, or to do any serious

  exploration of Telenet, the ability to navigate through Unix is a

  necessity. (Unix is also the single most interesting system in

  existance: it's just fun to fuck with).

 

  Unix Logins

  -----------

 

  Most Unix logins look essentially the same. A general Unix login

  prompt looks something like this:

 

  connected to five.finger.com

  login:

 

  That first line is the system identifier. Although it's not at all

  essential to what you are doing, it's good to know what system you are

  attempting to log on to.

  The second line is what typically identifies the system you are on as

  Unix. Almost all Unix systems greet a user with the same prompt:

  login:.

  Well, there's not much to do in Unix from the outside, and Unix

  systems are typically fairly secure at this point. You may be able to

  obtain a list of users, or current users, by logging in as 'who', but

  other than that there are few functions available here.

  Unless you are on the internet, or have accounts specifically for the

  specific machine you are on, the only way on to the system is to try

  the default passwords. What are the default passwords?

  Unix systems come installed with certain passwords automatically. In

  addition, some accounts must exist on a system. One such account is

  'root'. This user is the divine Kami of the Unix system... in short,

  an all access pass. Unfortunately, few systems allow root logins

  remotely, and even fewer leave 'root' unpassworded. Nevertheless, it's

  always worth a shot... try this:

 

  connected to ren.stimpy.net

  login: root

  password: root

  invalid login

  login:

 

  well, nice try anyways... other possible passwords for root include

  'sysadmin', 'sys', 'admin'... you get the idea. You may also want to

  try these passwords with a single digit appended (added, idiot) to

  them... meaning the password 'root' could be 'root1' or 'root2'.

  An interesting tip about passwords in general... many people that use

  passwords under 8 characters tend to add a digit or a non-alphanumeric

  character to the password. This is done in order to hinder guessing,

  and to stop password breakers (more on this later). In this case, you

  may want to try adding a space before root... or even an ascii 255 to

  the end.

  Fortunately, there is more than one default password in a unix

  system... a quick list:

 

  sys        sys

  bin        bin

  daemon     daemon

  rje        rje

  setup      setup

  uucp       uucp/nuucp/anonymous

  nuucp      uucp/nuucp/anonymous

  mountfsys  mountfsys

 

  In the System

  -------------

 

  Ok, at this point, I'm going to assume you've gotten past the login...

  as painful as that may sound. Although Unix may be secure from the

  outside, without effort from the system administrators, the inside of

  the system is not.

  First off, you'll likely by asked for a terminal. vt100 serves your

  purposes sufficently, and it's typically the default, so hit enter.

  Now, hopefully, you have a prompt. There are many different types of

  unix prompts, some of which contain current directory information,

  some of which are just a single character. Just don't panic when my

  examples don't look exactly like what you've got on your screen.

  The first thing you *need* to do on the system is establish your tty

  paramters. As eldritch and arcane sounding as this term may seem, it's

  actually quite simple... you need to tell the system what keys are

  going to do what.

  The command to set these parameters is 'stty'. Watch:

 

  squinkyB ] stty erase ^h

  squinkyB ]

 

  There... that wasn't so bad, was it? Well, it's also pretty

  meaningless to you, unless you have the ascii table memorized and are

  pretty good at on-the-spot deduction.

  The tty erase parameters determines which key is to be used as a

  backspace. At times, this may already be set when you log in, or it

  may be set to a suitable alternate (such as delete). Most of the time

  the system will tell you when you log on if this is so. In this case,

  we've entered ^h in order to make the backspace key, appropriately

  enough, backspace.

  Another extremely important parameter is 'intr'. The 'intr' paramter

  tells the Unix system what you intend to use as a break character...

  you should have this set to ^c.

 

  Getting Around

  --------------

 

  A good thing to remember about Unix is that it's alot like DOS. Files

  are laid out in directories just as in DOS... in fact, the only

  immediate difference in the directory structures is that Unix uses a

  forward slash ("/", moron!) instead of a backwards one.

  Also, the basic Unix directory navigation command is identical to DOS.

  In order to change directories, you use the command 'chdir', or 'cd'.

  A quick example:

 

  1 /usr1/astoria ] cd ..

  2 /usr ]

 

  Wala. That simple. Quick notes:

 

  ю cd / will take you to root.

  ю cd /*pathname* will take you to *pathname*

  ю cd home will take you to your home directory.

 

  You can make and delete your own directories with the mkdir/rmdir

  commands. Simply put, mkdir makes a subdirectory off of the current

  directory, and rmdir removes a subdirectory from the current

  subdirectory. Good to know if you plan to do a lot of file transfers.

  An important note about Unix directories, files, and concepts:

  Unix is a case-sensitive operating system. Thus, the files

 

  ю Spleen

  ю spleen

  ю SPLEEN

  ю SpLeEn

 

  are all different. This rule applies to directories and command line

  paramters, as well as most other Unix ideas.

  Another nice thing to know about Unix: Unix files are not subject to

  the normal DOS 8 character limit. Thus, you can have vast filenames,

  such as "this_file_ate_my_biscuit".

 

  Some other important commands

  -----------------------------

 

  First and foremost, you should know cp. cp is the basic Unix

  equivalent of the DOS COPY command. The command line for cp is

  identical to that of COPY.

  Next on the scale of cosmic import is cat. cat is the Unix equivalent

  of the DOS TYPE command, and once again, for simple file displaying,

  the command line is identical.

   Variations on the theme:

   pg: displayes a file page by page. Type "pg x filename", where x is a

       number of lines to display before pausing and filename is the

       file you wish to display.

   more: displays a file screen by screen.

   Stupid pet trick:

   You can use your cat to copy files, simply by using the directional

   operators. To copy a file from here to there using cat, simply type:

 

   % cat here

   this is the file here

   % cat there

   this is the file there

   % cat here > there

   % cat there

   this is the file here

 

   The operator ">" simply takes the output from the cat command and

   places is in the location specified after it.

  Another vital command to know is 'rm'. rm deletes a file from the

  system, in the same way DEL would on a DOS system. Not to much else to

  say.

  Critical in your navigation of a Unix system is the ls command. ls is

  DOS DIR on heroin. Simply type ls and you get a nice, neat list of

  files in the directory.

   DIR on controlled substances:

   There are a few command line parameters that you should know...

   foremost is l. ls -l gets you a list of files, and valuable

   information about each file, including permissions (more on that

   later), size, and linked files.

   Another useful command for long file lists is C. ls -C gets you a

   list of files in multiple columns, much the same as DIR /W would

   merit a double column report of all existing files. A quick reminder:

   ls -C is NOT the same as ls -c. Unix = case sensitive.

  Another good command to know, mv will move a file from directory to

  directory. For those of you without DOS 6.0 <gasp>, mv simply copies a

  file to another directory and deletes the original.

   quick tip for files on the lam:

   if you want to rename a file (to protect the innocent), you need to

   mv a file to a different file name. A quick demo:

 

   # ls

   myfile

   # cat myfile

   this is my file

   # mv myfile my_other_file

   # ls

   my_other_file

   # cat my_other_file

   this is my file

 

  Another vastly important command is 'man'. In fact, man is probably

  one of the most important commands extant for a beginning user... it

  calls up the system's help files. To use man, simply type in 'man

  command', where command is a Unix command you seek to gain

  enlightenment regarding. It's a great way to gain an understanding of

  Unix commandline parameters.

  If you are interested in seeing who's been on of late, or just want a

  few names to try to hack, type 'who'. You get a quick list of users

  that have accessed the system lately. If you <god forbid> need to know

  who you are at this point, type 'whoami'.

  If you want to change your identity on the system, type 'su name'

  where name is an account on the system. It'll ask you for the account

  password, then, *presto*... instant transmogrification.

   A Caveat for smart alec hackers:

   Unix typically logs usage of the su command. While su may seem like a

   great opportunity to try to hack out passwords manually without

   worrying about the system hanging up after 3 attempts, it's typically

   not a good idea to do this, as it may alert the administrators to

   your presence.

  *Numero Uno on the list of commands NEVER to use on a Unix system:

  The 'passwd' command changes your password on a Unix system. Seems

  innocous enough, eh? Uh-uh. If your account is active, and there's a

  very strong chance that it either is or will be, there is no better

  way to lose the account than to change the password, only to have the

  legitimate user alert the sysadmins when he/she can't gain access to

  his/her normal account (well, there are better ways... you could

  simply mail the sysadmin and tell him you are trying to hack his

  grandmother's life support machine through your account).

  I've seen this single, quick command turn a extremely lax system

  into an ironclad security compound in less than a day.

  DONT-FUCK-WITH-IT.

  *Numero Dos on that same list:

  The 'mail' command reads and sends mail. So what? Well, unless your

  account is stable (and it isn't unless you either paid for it or

  killed the original owner in such a way that his body cannot claw it's

  way out of it's grave to it's keyboard), the user is more likely than

  not going to know if you read his mail. In addition, if you send mail

  out of the system (type 'mail', and a username/address; type in your

  message and end it with a ^d on it's own line), the response from your

  message will likewise alert the user to your presence.

 

  System Spelunking

  -----------------

 

  The first place you want to check out in the wild uncharted directory

  tree of your friendly neighborhood Unix system is the "/etc"

  directory. What's in it? The single most intensely important file on

  the system (besides a world writable root owned SUID file... but don't

  worry about that)... the passwd file.

  What is in the passwd file?

 

  ю  a list of all accounts on the system

  ю  a list of the passwords for these accounts

  ю  a list of access levels for these accounts

  ю  a list of the home directories for these accounts

  ю  a list of information pertaining to these accounts.

 

  Why the hell the Unix designers decided this file should be world

  readable is beyond me. Be content to know that your standard everyday

  run-of-the-mill-lacking-in-certified-cosmic-power 'cat' command WILL

  display this file. As will pg and more. However, because most users

  don't have write permissions (more on that later) to the /etc

  directory, 'cat' is pretty much the only applicable command here.

  However, if you need to copy the file to your own directory (for

  whatever reason), just cat it there with the directional operator (>).

  The catch:

  Well, there are two catches here. First off, regardless of system

  security, if the passwords are in the file, they are encrypted. You

  can't decrypt them. Although you can get a list of accounts without

  passwords this way (just look for accounts with no entry in the

  password field), and a list of accounts that can't be logged onto

  remotely/at all (NO LOGIN), you can't get much else. Sucks, don't it?

  Notice I said 'if' the passwords are there.

  <ominous soundtrack please>

  Some horrible, paranoid, draconian system administrators mutilate

  their passwd files in such a way that (*gasp*) the passwords don't

  show up. All you get is one cold, icy X staring at you from the bowels

  of Unix Shell Siberia, mocking you as you pull your hair out in

  frustration (sorry, but this is a sore spot with me). The kidnapped

  passwords reside in the shadow file in the /etc directory, available

  with your standard everyday run-of-the-mill-but-distinct-in-the-fact-

  that-only-root-level-accounts-can-use-it-to-this-extent 'cat' command.

  Well, if the passwords are encrypted, what good are they?

  By themselves, nothing. A account with a Unix encrypted password will

  get you no further than an account with no listed password at all. You

  can't even deduce the amount of characters in the password if it's

  encrypted. So what's the use?

  The Unix method of encrypting files is available to the public. It is

  also, to most mortals, irreversable. Essentially, this means you can

  encrypt a string of characters, but not decrypt it. Even the unix

  system itself doesn't decrypt the password when you log on...

  When you log on, the Unix system takes whatever you enter at the

  password prompt, encrypts it, and matches it to the entry in the

  passwd file. Thus, the Unix system never decrypts the password... it

  only compares it to a different encrypted string.

  While this may not sound too particularly useful at first, it is.

  There are programs that have been written to do the same thing on a

  personal computer... you supply it a list of passwords and a list of

  words to attempt to use as passwords (called dictionaries), and it

  spends the night encrypting dictionaries and matching them to password

  entries. By running a dictionary through a passwd file, on a typical

  system, you can usually get 10-20 accounts. Good personal computer

  examples of this program idea include Killer Cracker (the industry

  standard, so to speak) and CrackerJack (faster than Killer Cracker).

   Quick tips for CrackerJunkies with leech access at an H/P BBS:

   A standard dictionary will not uncover passwords protected with an

   appended digit or non-alphanumeric character. In order to get around

   this, you need only grab a program that processes the dictionary file

   to add that digit to each entry in the dictionary... although this

   takes longer, and you'll need to do it multiple times, you can

   typically get 10 more accounts just by adding a 1 to every entry.

  Files and directories in Unix are characterized further by their

  permissions. Permissions are a standard system of who gets access to a

  specific function of that file or directory. Standard permissions

  include read, write, and execute. You can get a list of permissions by

  typing 'ls -l'. The first field in the listing contains the

  permissions, grouped as follows:

 

  owner  group   world

  --------------------

  rwx    rwx     rwx

 

  (Not drawn to scale... in fact, it doesn't look anything like that).

  Essentially, as long as the letter is there, you have access to that

  facet of the file. If the letter is not there, you'll see a dash...

  meaning you don't have access to that function. An example:

 

  rwxr-x--x

 

  In this case, the owner of the file can Read the file, Write to the

  file, and eXecute the file; members of his group (a bunch of linked

  accounts) can Read the file, CANNOT Write to the file, and can eXecute

  the file; and the rest of the user population CANNOT Read or Write to

  the file, but CAN eXecute the file.

 

  rwx---rwx

 

  is a WORLD-READABLE, WORLD-WRITABLE, WORLD-EXECUTABLE file. This

  simply means that anyone can read, write, or execute the file.

 

  Another permission sometimes set to a file is the SUID bit. An SUID

  file contains a smallcase s in the user executable section of the

  permissions list...

 

  rws--x--x

 

  When you execute an SUID file, your user ID becomes that of the owner

  of the file. While this may not look to important at first, by now you

  should know that no really important super elite hacker concept does.

  Take a look at this:

 

  rwsr-x--x

 

  Synopsis? It's a world executable SUID file. In essence, anyone can

  execute the file, and in doing so, become the owner of the file for

  the duration of the time that file is operating. However, this doesn't

...

[ Pobierz całość w formacie PDF ]
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • diakoniaslowa.pev.pl