Well, so you wanna hack a server? Wanna get the hot girl? Wanna defeat the badguys?
This guide will help you with hacking a server, if you want the other stuff, this isn't the
guide for you. Heres a little test. If you get caught, you're gonna get in trouble with
a) the Department of Justice
b) the company whos server you hacked
c) your parents OR
d) all of the above
The answer is D. Still interested in hacking that server? Ok, but I warned you . . . .
Part I. (How to get in)
In order to hack a server, you need the most obvious thing of all - a password. In a Unix system,
all the passwords are kept in one file. The name of that file is the password file (complicated, huh?)
That file is kept in the /etc/ directory. So the full path name of the file is /etc/passwd. Now you need
that file, so I'm gonna tell you a few ways to get it. But lets backtrack a little here. Your thinking, "i wanna hack a webpage, not some server. what the hell is this guy babbling about?" A webpage
isn't kept in midair. Its stored on a server. In order to hack a webpage, you need access to the
server that holds the page. Lets get back to getting the password file. This first technique is not
elite. Its old. It doesnt work a lot of the time. So why learn it? Its the easiest. Its the PHF
technique. What you do is in your browser, type the name of the webpage, then type the following
" /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd " So if you wanted to hack
http://www.hackme.com, you would type this in the browser
http://www.hackme.com/cgi-bin/phf?Qa...%20/etc/passwd. Then you would get
password file. This technique was used by a few hackers to hack the NASA webpage in the fall
of 96. So about 95% of all servers know about this and have protected themselves. If you
hit a server which has taken the precautionary measures against this (and believe me, you will),
you will get an error message or, if they have a sense of humor, a message like "smile your on
candid camera" or "the fbi will be at your house in 10 minutes". But dont worry,
nothing will happen because they are trying to run a company not play vigilante hacker police
games. From my own experience, the most vulnerable servers are the Japanese educational,
Australian, .net, and .gov *evil grin* sites. So go to Altavista or Infoseek, and type this in the
search box " url:.net" or " url:.gov" you get the idea. What you're doing is telling the search
engine to look for urls with .gov or .net or whatever in them. If you do get a password file,
dont jump in joy yet; because it needs to be encrypted, not shadowed. But I'll get to that later.
Ok, so the above mentioned technique didn't work, or you wanna learn more. Another way to
get the password file is by anonymous ftp. What you do is get an ftp client. Then run it and
there should be a bunch of empty spaces. For the host, type in the server address. Leave all the
other stuff empty. Then try connecting. If the server allows anonymous ftp, then go to the /etc/
directory, and get the file named passwd.
Now, earlier I said something about encrypted passwords. Well think about it his way, if
you were the system administrator, would you leave the file that contains every single users
password readable by anyone who got past preschool? I didnt think so. So what it means is that
all the passwords are there, just in encrypted form. Here is part of an encrypted passwd file
root:RqX6dqOZsf4BI:0:1:System PRIVILEGED Account,,,:/:/bin/csh
fieldASSWORD HERE:0:1:Field Service PRIVILEGED Account:/usr/field:/bin/csh
operatorASSWORD HERE:0:28perator PRIVILEGED Account:/opr:/opr/opser
ris:Nologin:11:11:Remote Installation Services Account:/usr/adm/ris:/bin/sh
daemon:*:1:1:Mr Background:/:
sysASSWORD HERE:2:3:Mr Kernel:/usr/sys:
binASSWORD HERE:3:4:Mr Binary:/bin:
uucp:Nologin:4:1:UNIX-to-UNIX Copy:/usr/spool/uucppublic:/usr/lib/uucp/uucico
uucpa:Nologin:4:1:uucp adminstrative account:/usr/lib/uucp:
sso:Nologin:6:7:System Security Officer:/etc/security:
news:Nologin:8:8:USENET News System:/usr/spool/netnews:
sccsASSWORD HERE:9:10:Source Code Control:/:
ingresASSWORD HERE:267:74:ULTRIX/SQL Administrator:/usr/kits/sql:/bin/csh
rlembke:n25SO.YgDxqhs:273:15:Roger Lembke,,,:/usr/email/users/rlembke:/bin/csh
rhuston:ju.FWWOh0cUSM:274:15:Robert Huston,st 304c,386,:/usr/email/users/rhuston:/bin/csh
jgordon:w4735loqb8F5I:275:15:James."Tiger" Gordon:/usr/email/users/jgordon:/bin/csh
lpeery:YIJkAzKSxkz4M:276:15:Larry Peery:/usr/email/users/lpeery:/bin/csh
nsymes:lSzkVgKhuOWRM:277:15:Nancy Symes:/usr/email/users/nsymes:/bin/csh
So if you get that, its good. But if you get a shadowed passwd file, its not. Here a shadowed file
root:x:0:1:0000-Admin(0000):/:/usr/bin/csh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
lp:x:71:8:0000-lp(0000):/usr/spool/lp:
smtp:x:0:0:mail daemon user:/:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:9:9:0000-uucp(0000):/var/spool/
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:uid no body:/:
noaccess:x:60002:60002:uid no access:/:
webmastr:x:53:53:WWW Admin:/export/home
pin4geo:x:55:55inPaper Admin:/export/
ftp:x:54:54:Anonymous FTP:/export/home/
The shadowed file is kinda like the encrypted one but instead has an x in place of the password.
Sometimes it will have a *. Ok well, Im sorry to say that there is no way to decrypt an encrypted
passsword file. But there is a way to crack it. There isnt a way to crack a shadowed file. In order
to crack the encrypted file, you need a password cracker and a wordlist. A wordlist is a list of words.
(extremely complicated to understand) The bigger the list the better. What a cracker will do is take
each word from the list, encrypt it, and compare that with the encrypted password file. If all goes
well, you've successfully cracked the file. Now, if you managed to crack the password for root,
go and jump around the room like a guy on acid. Because in the case of the poor server, you
are now god. You can do ANYTHING you damn well please. But if you didnt, its still pretty
cool that you got at least a few or one password(s). And there still something you might try if you
are just plain desperate and/or you couldnt crack the file. Try some of the default logins which are
LOGIN PASSWORD
root root
sys sys
daemon daemon
uucp uucp
tty tty
test test
guest guest
unix unix
bin bin
nuucp nuucp
adm adm
ftp ftp
admin admin
or take each login and try the list of most common passwords which each one. That is for the
extremely patient/super desperate hacker. I dont have the list with me right now, but you can
find it in the Legion of Doom's guide or the Legion of Apocalypse's guide.
Part II. (What to do)
Now if you still wanna mess with the webpage, use your ftp client and this time enter the login
and password that you've aquired in it and connect. If you have root access, you can do whatever
you want with any page. If you dont, you'll have to make do with what you can. Use the client to
add a page or delete the previous version of the page and add your own in its place.
But if you wan to do more ( which you can), you need a telnet program. Windows 95 has one,
but you can get others. Open the program, and in the host field type the server. If the server
runs Unix which it does if you got the file by the methods in part one, you will get a screen like this
Login:
Or something similar. Now you enter the login, and it will ask you for a password. Enter the
password. You are now in. Oh, by the way, they log your ip so read up on ip spoofing or
use a friends computer You could do a bunch of stuff. I recommend getting a book on Unix
and learning about this ever popular system. I'll tell you some stuff to do. One fun little
trick to do is sending fake mail. Heres how you do it. After you've successfully entered the system,
theres gonna be a prompt waiting for you to type. By the way, what I'm about to describe can be
done by simply using telnet on your own system, which means you dont have to be connected to
a Unix to do this, but that wouldn't be much fun.
Ok, so at the prompt you type telnet. Then there should be a new prompt that looks like
telnet>
now type open localhost 25 (replacing the localhost part with any isp)
now type mail from: xxx (replace the xxx with any name you want)
now type rcpt to: yyy (replace the yyy with the person to recieve mail)
now type data
Now just sit back and type your letter. Be sure to end your letter with a "." Im not
being a grammar teacher, that actually is needed in order for this to work. Once you're
done type quit.
Here are some helpfull Unix commands and what they do.
cd - this means change directory. So you would type cd directoryname
passwd - this is for changing the password of the account you're using.
mkdir - this will make a directory. So you would type mkdir directoryname
rmdir - this will remove a directory. So you would type rmdir directory name
ls - this will list all the files in a directory.
clear - this will clear the screen.
rm - this will remove a file. So you would type rm filename
who - this will tell you who is on the system right now
Well, that about wraps it up. I hope that this file will be used for educational purposes only . . .
yeah right. C'mon, if you're reading this file of course you're reading it to learn how to
hack a server, which as harmless as it may be (providing you arent a loser who spread virri)
is still illegal. So hacking means taking risks. If you are that driven to learn about computers
even if it means breaking into a system, risk and responsibility comes with the territory. Even
if there werent people who like to destroy computers by putting a virus in the system, hacking
would still have a bad rep or be considered a crime. Why? Because it is a crime. Most people
hack because they want to learn about something they dont have access to for whatever reason.
If they had access, they wouldn't need to hack. They could learn and it would be perfectly legal.
But its not like that and it probably never will be. Im not your mom, so you dont have to listen
to me. But heres some advice, if you have an alternate way of using a system instead of breaking
in, be smart. Dont break in. Because if your not in it to learn, than I'm sorry, but you are not
a hacker.