Hacking into computer systems: A beginners guide

That was the voice of a high school freshman. He had me on the phone because his father had just taken away his computer. His offense? Cracking into my Internet account. The boy had hoped to impress me with how "kewl" he was. But before I realized he had gotten in, a sysadmin at my ISP had spotted the kid's harmless explorations and had alerted the parents. Now the boy wanted my help in getting back on line. I told the kid that I sympathized with his father. What if the sysadmin and I had been major grouches? This kid could have wound up in juvenile detention. Now I don't agree with putting harmless hackers in jail, and I would never have testi fied against him. But that's what some people do to folks who go snooping in other people's computer accounts --even when the culprit does no harm. This boy needs to learn how to keep out of trouble! Hacking is the most exhilarating game on the planet. But it stops being fun when you end up in a cell with a roommate named "Spike." But hacking doesn't have to mean breaking laws. In this series of Guides we teach safe hacking so that you don't have to keep looking back over your shoulders for narcs and cop s. What we're talking about is hacking as a healthy recreation, and as a free education that can qualify you to get a high paying job. In fact, many network systems administrators, computer scientists and computer security experts first learned their pro fessions, not in some college program, but from the hacker culture. And you may be surprised to discover that ultimately the Internet is safeguarded not by law enforcement agencies, not by giant corporations, but by a worldwide network of, yes, hackers.

pdf222 trang | Chia sẻ: banmai | Lượt xem: 2528 | Lượt tải: 0download
Bạn đang xem trước 20 trang tài liệu Hacking into computer systems: A beginners guide, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
*********************************** Sniffing Sniffing is observing the activity of one’s victim on a network (usually the Internet). This can include grabbing passwords, reading email, and observing telnet sessions. Sniffer programs can only be installed if one is root on that computer. But it isn’t enough to make sure that your Internet host computers are free of sniffers. Your email, telnet, ftp, Web surfing -- and any passwords you may use -- may go through 20 or more computers on their way to a final destination. That’s a lot of places where a sniffer might be installed. If you really, seriously don’t want some cybernazi watching everything you do online, there are several solutions. The Eudora Pro program will allow you to use the APOP protocol to protect your password when you download email. However, this will not protect the email itself from snoopers. If you have a shell account, Secure Shell (ssh) from Datafellows will encrypt everything that passes between your home and shell account computers. You can also set up an encrypted tunnel from one computer on which you have a shell account to a second shell account on another computer -- if both are running Secure Shell. You may download a free ssh server program for Unix at ftp://sunsite.unc.edu/pub/packages/security/ssh/ssh-1.2.20.tar.gz, or check out If you are a sysadmin or owner of an ISP, get ssh now! Within a few years, all ISPs that have a clue will require ssh logins to shell accounts. For a client version that will run on your Windows, Mac or any version of Unix computer, see the DataFellows site at But remember, your shell account must be running the ssh server program in order for your Windows ssh client to work. To get on the ssh discussion list, email majordomo@clinet.fi with message "subscribe ssh." But ssh, like APOP will not protect your email. The solution? Encryption. PGP is popular and can be purchased at I recommend using the RSA option. It is a stronger algorithm than the default Diffie-Hellman offered by PGP. ************************************************************ Newbie note: Encryption is scrambling up a message so that it is very hard for anyone to unscramble it unless they have the right key, in which case it becomes easy to unscramble. ************************************************************ ************************************************************ Evil genius tip: While the RSA algorithm is the best one known, an encryption program may implement it in an insecure manner. Worst of all, RSA depends upon the unprovable mathematical hypothesis that there is no polynomial time bounded algorithm for factoring numbers. That’s a good reason to keep up on math news! The key plot element of the movie “Sneakers” was a fictional discovery of a fast algorithm to factor numbers. Way to go, Sneakers writer/producer Larry Lasker! ************************************************************ ************************************************************ You can go to jail warning: In many countries there are legal restrictions on encryption. In the US, the International Traffic in Arms Regulations forbids export of any encryption software good enough to be worth using. If we are serious about freedom of speech, we must find ways to keep our communications private. So fighting controls on encryption is a key part of winning the battle against repression on the Internet. ************************************************************ Social Engineering As we saw in the GTMHH on how to break into computers, social engineering usually consists of telling lies that are poorly thought through. But a skilled social engineer can convince you that he or she is doing you a big favor while getting you to give away the store. A really skilled social engineer can get almost any information out of you without even telling a lie. For example, one hacker posted his home phone number on the bulletin board of a large company, telling the employees to call him for technical support. He provided great tech support. In exchange, he got lots of passwords. If he had been smart, he would have gotten a real tech support job, but then I can never figure out some of these haxor types. ISP Hostage Taking A favorite ploy of the aggressor in a hacker war is to attack the victim’s Internet account. Then they trumpet around about how this proves the victim is a lamer. But none of us is responsible for managing the security at the ISPs we use. Of course, you may get a domain name, set up a computer with lots of security and hook it directly to an Internet backbone provider with a 24 hr phone connection. Then, checking account depleted, you could take responsibility for your own Internet host. But as we learned from the AGIS attacks, even Internet backbones can get taken down. If you point this out, that you are not the guy running security on the ISP you use, bad guy hackers will insult you by claiming that if you really knew something, you would get a “secure” ISP. Yeah, right. Here’s why it is always easy to break into your account on an ISP, and almost impossible for your ISP to keep hackers out. While it is hard to break into almost any computer system from the outside, there are vastly more exploits that will get you superuser (root) control from inside a shell account. So all your attacker needs to do is buy an account, or even use the limited time trial account many ISPs offer, and the bad guy is ready to run rampant. You can increase your security by using an ISP that only offers PPP (point to point) accounts. This is one reason that it is getting difficult to get a shell account. Thanks, cybernazis, for ruining the Internet for the rest of us. But even an ISP that just offers PPP accounts is more vulnerable than the typical computer system you will find in a large corporation, for the simple reason that your ISP needs to make it easy to use. ******************************************************** Newbie note: A shell account lets you give Unix commands to the computer you are on. A PPP account is used to see pretty pictures while you surf the Web but in itself will not let you give Unix commands to the computer you are logged into. ******************************************************** Because it is easy to break into almost any ISP, haxor d00d cybernazis think it is kewl to take an ISP hostage by repeatedly breaking in and vandalizing it until the owner surrenders by kicking the victim of the attacks off. This was the objective in the assaults on Succeed.net in Oct. 1997. ******************************************************* You can go to jail warning: I usually fubar the names of ISPs in these guides because so many haxor types attack any computer system I write about. Succeed.net is a real name. If you want to attack it, fine. Just remember that we have boobytrapped the heck out of it. So if you attack, men in suits bearing Miranda cards will pay you a visit. ******************************************************* Why Should I Give a Darn? -- Ways Bystanders Get Hurt To most people, hacker wars are Legion of Doom vs. Masters of Deception stuff. Interesting, but like reading science fiction. But what does it have to do with your life? You may figure that if you never do anything that gets some computer dweeb who thinks he’s a haxor mad, you won’t have a problem. Yet chances are that you may already have been brushed by hacker war. Have you ever tried to login to your online provider and couldn’t make a connection? Did you call tech support and they told you they were “down for maintenance”? Tried to send email and gotten a message “cannot send mail now. Please try again later”? Sent email that disappeared into cyberspace without a trace? Gotten email back with a “User unknown” or worse yet, “host unknown” message? Been unable to surf to your favorite Web site? It could have been technical error (cough, cough). But it may have been more. A cardinal rule of online services is to never, ever admit in public to being hacked. Only if a reporter “outs” them first will they reluctantly admit to the attack. This is because there are cybernazi gangs that, when they hear of an online service under attack, join in the attack. Why cybernazis do this is not clear. However, what they accomplish is to make it hard for small companies to compete with giants such as America Online. The giant online services can afford a large staff of computer security experts. So with the cybernazis rampaging against the little Internet service providers, it is not surprising that so many of them are selling out to the giants. I don’t have any evidence that the cybernazis are in the pay of giants such as AOL. In fact, I suspect cybernazis are trying to drive the small competitors out of business solely on the general principle that they hate freedom of anything. It is common for hacker wars that start as a private disagreement to spill over and affect thousands or even millions of bystanders. For example, in Sept. 1996, syn flood attackers shut down the Panix ISP for several days. In Oct. 1997 the ISP Succeed.net was shut down by a team of hackers that deleted not just Bronc's but also over 800 user accounts. Many other ISPs have suffered shutdowns from hacker wars, often because the attackers object to political views expressed on their Web pages. On June 4, 1997, hacker wars made yet another quantum leap, shutting down the Internet backbone service provider AGIS in retaliation for it allowing Cyberpromo and several other spam empires to be customers. Tomorrow these skirmishes could pit nation against nation: power grids that serve hundreds of millions failing in the dead of winter; air traffic control systems going awry with planes crashing; hundreds of billions, trillions of dollars in banking systems disappearing without a trace. Pearl Harbor. Digital Pearl Harbor. Famine. Years before we could climb out of an economic collapse as bad as the Great Depression. You think this is a ridiculous exaggeration? Those of use who have been in the bullseye of the cybernazis find this future easy to believe. Winn Schwartau has been warning the world of this coming disaster since June of 1991. Someone must be listening, because in September 1997 an industry group, formed in the wake of hearings by the US Senate’s Permanent Subcommittee on Investigations, appointed Schwartau team leader, Manhattan Cyber Project Information Warfare/Electronic Civil Defense (see and Schwartau, in his book Information Warfare, tells us about some of the attacks the cybernazis have made on his family. These attacks have included massive credit card fraud, tampering with his credit rating, turning off his home power and phone, and even tampering with the local emergency services dispatch system so that all ambulance, fire and police calls were directed to his home instead of to those who called 911 for emergency help. Those of us on the front lines of cyberwar have seen these attacks first hand. The cybernazis, as Schwartau discovered, were willing to even risk the lives of people who had nothing to do with him. Yes, we know hacker wars do to us, and we know what it does to you bystanders. Why You May Get Hit Hacker war happens to other people, right? Spammers get hacked. Hacker gangs pick fights with each other. But if you behave politely around computer criminals, you are safe, right? OK, as long as you don’t live in the neighborhood of one of us Internet freedom fighters like Schwartau or me you are safe. Wrong. Dead wrong. Let’s look at an example of a hacker war, one that doesn’t seem to have any motivation at all. We’re talking the Internet Chess Club. Not exactly controversial. In mid Sept. 1996 it was shut down by a syn flood attack in the aftermath of daemon9 publishing a program to implement the attack in the ezine Phrack. There have bene many bystanders hit with the wars against this Happy Hacker list. It all started with cybernazis who wanted stop you from getting email from me. For example, on Dec. 6, 1996, someone had written to the dc-stuff hackers email list (subscribe by emailing majordomo@dis.org with message "subscribe dc-stuff) saying “I think they (or maybe 'we') will survive, Carolyn's book.” Rogue Agent replied: I'm just doing my part to make sure that it doesn't happen. Ask not what the network can do for you, ask what you can do for the network. We shall fight them in the routers, we shall fight them in the fiber, we shall fight them in the vaxen... I'm an activist, and I won't stop my activ ism just because I know others will take it too far. On Dec 20 Rogue Agent wrote to me: Ask Netta Gilboa; her magazine's in shambles and her boyfriend's in prison, while she lives in fear. Ask Josh Quittner (author of Masters of Deception); for a while there, he had to change his (unlisted) phone number literally every two weeks because of the nightly anonymous calls he was getting. Somehow they always got the new number. Ask John Markoff (coauthor of the hacker best-seller Takedown); he can't even let people know what his email account is or he gets spammed the next day. This is not a threat... All I'm doing is telling you what's coming... you're playing with fire. There is a darker element in my culture, and you're going to meet it if you keep going. “This is not a threat.” Yeah, right. That’s what most of the guys who threaten us say. Five days later, while it was still dark on Christmas morning, the owner of the Southwest Cyberport ISP where I had an account was woken by an alarm. His mail server was down. No one using that ISP could get email any more. They had been hit by a massive mailbombing by someone styling himself johnny xchaotic. jericho surfaced as the public spokesman for the attacker, claiming intimate knowledge of his techniques and motivations. The evening of Dec. 28, someone cracked the dedicated box that Cibola Communications had been providing us at no cost to run the Happy Hacker majordomo. The intruder erased the system files and sent email to the owners threatening worse mayhem if they didn’t cave in and boot us off. The attackers also wiped the system files from a computer at the University of Texas at El Paso that I was using for research, and sent threats to all email addresses on that box. The attacker called hims elf GALF. It was not the first or last time that GALF has struck Happy Hacker. Damaged computers, threats, extortion, blackmail. That's life around here. After awhile it gets kinda boring, yawn -- just kidding. ********************************************************* Newbie note: In case you are wondering whether you can get killed in one of these battles, I have found no reports, not even rumors, of any hacker war murders. These guys only kill people by accident as a side effect of their digital mayhem. Like sending an ambulance that could save a dying child to the home of an Internet freedom fighter instead. However, if someone should threaten to kill you, you should report it and any associated computer attacks. Despite what you may hear, those of us hackers who are not computer criminals cooperate enthusiastically with law enforcement. ********************************************************* How to Get into a Hacker War “I want to fight in a hacker war. How do I get in?” I get email like this all the time. Many newbie hackers long for my frequent experiences of being attacked by a talented gang of computer criminals. The excitement! The opportunity to go mano a mano with bad dudes and prove you are better than them! There is some truth to this view. To be honest, I get a thrill fighting those criminals -- using legal tactics, of course. Believe me, if we catch the Succeed.net attackers, you will hear about it. But before you make the decision to join us freedom fighters, count up the cost. It isn't always fun. But I’ve stood up to them. And, shoot, I’m just an old lady. So if you want to attract a hacker war, and believe you are as tough or tougher than me, be my guest. But before you start provoking attacks, please wait for me to get out the next two parts of this Information Warfare series, so you can learn how to repair your credit rating and recover from other digital disasters. You’ll find plenty of things in the next Guides in this series that will help you survive even the most determined hacker war. Even the kind of war that attempts to steal all you own, wipe out your identity, and threaten the lives of your family. So just how do you get into a hacker war? The easiest way is to attend a hacker convention. There are all sorts of twisted people at these things, kind of like the bar scene in Star Wars. “He said, he doesn’t like the way you look.” If you fail to grovel and suck up to those d00dz, or, worse yet, tell them firmly that you favor freedom of speech, or even worse yet, make fun of them for being cybernazis, you can be in for lots of excitement. How to Keep from Getting Caught -- NOT! So you want to be the attacker in a hacker war? So you think you can keep from getting caught? According to jericho, writing in his “F***ed Up College Kids” ezine, “You have media whores like Carolyn Meinel trying to teach people to hack, writing guides to hacking full of f***ups. Telling these people what to do, but not giving them enough information to adequately protect themselves.” I agree with jericho, if you decide to become a computer criminal in a hacker war, I’m not talented enough to teach you how to keep from getting caught. In fact, no one can teach you how to keep from getting caught. I’ll tell you exactly why, too. At a Def Con V panel I hosted (Las Vegas, July 1997), jericho boasted “When I break in, I close the doors behind me.” He makes a big deal about how hackers can keep from getting busted by deleting or modifying log files. Yeah. Right. Not! Let me tell you the REAL story about what happens when hackers think they are covering their tracks. Sure, an ordinary sysadmin can’t restore a deleted file on a Unix system. But there are people out there with the technology to restore deleted files -- even files that have been overwritten hundred of times. They can restore them regardless of operating system. There are people out there who can extract everything that has been on a hard disk for the last several months -- or years. I know those people. I arrange for them to read those hard disks. Guess who’s toast:):):) Then there is surveillance. Some 31337 haxor is sitting at his box raising hell and “closing doors after him.” What he doesn’t know is that thanks to a court order inspired by his boasts, someone is s itting in a van a hundred yards away -- picking up every keystroke. Van Eck radiation, luser. Or picking up the signals that run down the power cord of your computer. Ever heard of Tempest? Even if the cybercrime detective doesn’t have all this high-tech hardware on hand, the history of hacker crime shows that criminals will talk in exchange for lenient sentencing. Commit one easy-to-prove federal felony, let’s say posting someone’s stolen email on one’s public ftp server (who do we know who has done this?), and the Feds have lots of bargaining power against him. So even if I wanted to help people become ubercriminals, I can’t. Not because I don’t know how. Because there is no way. The 31337 d00dz who tell you otherwise are seriously ignorant. I predict the Succeed.net attackers are will wind up in jail. Soon. Perhaps not for that crime. But their days of freedom are numbered. It is only a matter of picking which of their many crimes will hold up best in court, and who will give evidence against whom. Time to study game theory -- can you say “prisoners’ dilemma,” wannabe ubercriminals? Who’s the narc? “But, but,” I can hear the Super Duper computer criminals sputtering. “My buddies and I break the law all the time and we’ve never been busted. OK, OK, my other buddy got busted, but he was lame.” It’s just a matter of time. They need to go straight before their number is up. Or make the decision to obtain their “get out of jail free” cards by informing on their gang before their day of doom comes up. They have much better bargaining power if they make a deal before arrest. ******************************************************** If you happen to be a cybernazi who is having second thoughts, and would like help making a deal with the authorities, please contact me anonymously using my pgp key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP for Personal Privacy 5.0 mQENAzRWYacAAAEIALYjWhzd8qO/MteFrb2p9SsY5GHdFAxT7R1M4X/jt5Nd/VKR qCJoS4F/kQ6NwsM/mopjd4yVunxvs4QUK7eZ5A2rZuEps4EadXwwBPI63RfHci5o BiXs9fGYtpTx7bv9dJE/Z9tved8s24asib06vLDqzyCFDXrRoYLO8PwEmifwWVWW OL+5Th45m6cirXuwi1Idjy66AZwt8ARFnns5FA5OCb82NW54RsFKbKR2u2wUfT72 rRJg0ICt/WtZdr2dBccXEgp1232s5rgwiRvqmGjMOruUDfU2nNHH3pOk8JrefIXl dwV0yjErb7wcecCFIrHfQKcxVoNXHlgJ6afePjcABRG0J0Nhcm9seW4gTWVpbmVs IDxjbWVpbmVsQHRlY2hicm9rZXIuY29tPokBFQMFEDRWYaceWAnpp94+NwEB9bsH /ilWgT2ix3B79UFfrjSE9EYCjKh1CWiIGMohdjjmV8Q3lSJIoikPtUZNak4lBTh/ wuD5ea0DZuoDe6i4EagBmRgTCvATXQqD74XtNSZSPhIQMOytJUJLlmuAnDEm96XS 30xguSFrXNjHYS19prE1yi2vQe/PJ7/K1QQwy725hjI5fnq4TnldxloaESNvurKh Mc3GwQWF1JmpaFup3+hrEwUxcQ2PJn3xkgcjKkj1x7emDIGLCgF1RIJDLM63Q5Ju bCqodumjX0pe8kHL3tRaDux+eAZ4ZD73HvF4lYi7QLKGDwX1Vv9fmbJH4tCqo3pq RBhG32XmkTuDe0EExdSET+w= =09hD -----END PGP PUBLIC KEY BLOCK----- ************************************************************ How to Protect yourself in a Hacker War What, you don’t find getting caught up in a hacker war immensely entertaining? You don’t want to be the innocent bystander caught in the crossfire of an rm command? Here are a few rules that can help you. But remember, these are only the most basic of protections. We’ll cover the industrial-strength techniques in later Guides in this series, as well as how to catch the culprits. Top Ten Beginner Defenses in Hacker Wars 10) Backup, backup, backup. 9) Assume anything is being sniffed, unless protected by strong encryption. 8) Assume your phone is tapped. 7) Never, never, ever telnet into your shell account. Use Secure Shell instead. 6) Pick a good password. It should be long, not a name or a word from a dictionary, and should include numbers and/or characters such as !@#$%^&*. If you use a computer where others have physical access to it, don’t write your password on anything. 5) This applies to shell accounts: assume your attacker will get root control anyhow, so your password won’t do you any good. That means you should encrypt any files you don’t want to have passed around, and send your shell history files to /dev/null each time you log out. 4) Do you use the Pine or Elm email programs? Don’t keep email addresses in your shell account. Your saved mail files are a good place for cybernazis to find email addresses and send out threatening and obscene messages to them. GALF specializes in this tactic. 3) Regularly patrol your Web site. You never know when it may sprout rude body parts or naughty words. Preferably use a Web server hosted on a computer system dedicated to nothing but Web sites. Best of all, use a MacOS web server. 2)Disable Java on your Web browser. Don’t even *think* of using ActiveX or Internet Explorer. And, the number one defense: 1) Join us Internet freedom fighters. It will take many of us to win the battle against those who want to pick and choose whose voices will be heard on the Internet. Contents of Volume 5: Shell Programming _________________________________________________________ Guide to (mostly) Harmless Hacking Vol. 5 Programmers' Series No. 1: Shell Programming _________________________________________________________ Honest to gosh -- programming is easy. If you have never programmed in your life, today, within minutes, you will become a programmer. I promise. And even if you are already a programmer, in this Guide you just might discover some new tricks that are lots of fun. Amazingly enough, many people who call themselves hackers don't know how to program. In fact, many el1te haxor types claim they don't need to know how to program, since computer programs that do kewl stuph like break into or crash computers are available for download at those HacK3r Web sites with the animated flames and skulls and doom-laden organ music. But just running other people's programs is not hacking. Breaking into and crashing other people's computers is not hacking. Real hacking is exploring and discovering -- and writing your own programs! ******************************************************** In this Guide you will learn: * Why should hackers learn how to program? * What is shell programming? * How to create and run scripts * Shell scripts on the fly * Slightly stealthy scripts * Examples of fun hacker scripts Plus, in the evil genius tips, you will learn how to: * Talk about the Turning Machine Halting Problem Theorem as if you are some sort of forking genius * Find instructions on how to create deadly viruses * Set your favorite editor as default in Pine * Link your bash history file to dev/null * Keep simple Trojans from executing in your account * Save yourself from totally messing up your . tcshrc, .bashrc etc. files. ******************************************************* Why Should Hackers Learn How to Program? Back in 1971, when I was 24, I was as nontechnical as they come. But my husband at the time, H. Keith Henson, was always talking about "buffer in," "buffer out" and assembly language stuff. Keith was one of the earliest of hackers, and a hacker in the pure sense, someone who wasn't afraid to try unusual things to save memory (a scarce resource on even the biggest computers of the 1970s) or cut CPU cycles. So one June morning, tired of me looking dazed when he came home babbling excitedly about his latest feat, he announced, "You're going to learn how to program." He insisted that I sign up for a course in Fortran at the University of Arizona. The first class assignment was to sit at a punch card machine and bang out a program for the CDC 6400 that would sort a list of words alphabetically. It was so fun that I added code to detect input of characters that weren't in the alphabet, and to give an error message when it found them. The instructor praised me in front of the class, saying I was the only one who had coded an extra feature. I was hooked. I went on to write programs with enough length and complexity that debugging and verifying them gave me a feel for the reality of the Turing Machine Halting Problem theorem. I discovered you don't have to be a genius to become a professional programmer. You just have to enjoy it enough to work hard at it, enjoy it enough to dream about it and fantasize and play with programming in your mind even when you aren't in front of a keyboard. ****************************************************** Evil Genius tip: The Turing Machine Halting Problem theorem says that it is impossible to thoroughly debug -- or even explore -- an arbitrary computer program. In practical terms, this means that it super hard to make a computer network totally secure, and that it will never be possible to write an antivirus program that can protect against all conceivable viruses. For a more rigorous treatment of the Turing Machine Halting Problem theorem -- yet written in language a non-mathematician can understand -- read the "Giant Black Book of Computer Viruses" by Dr. Mark Ludwig, American Eagle Publications. This book will also teach you how to write the most deadly viruses on the planet -- or programs to fight them! You can order it from Warning-- in order to fully appreciate this book, you have to know assembly language for 80x86 CPUs. But it is the most electrifying computer manual I have ever read!!!! ******************************************************** That is the heart of the hacker spirit. If you are driven to do more and greater things than your job or school asks of you, you are a real hacker. Kode kiddies who think breaking into computers and typing f*** every third word while on IRC are not hackers. They are small-time punks and vandals. But if you aspire to become a true hacker, you will become a programmer, and reach for the stars with your code. What Is Shell Programming? If you have been following the earlier Guides to (mostly) Harmless Hacking (GTMHH), you are already familiar with many fun Unix commands. Shell programming is writing a file that holds a sequence of Unix commands, which you can run in your shell account by typing in only one line. **************************************************** Newbie note: Don't know what a shell account is? Unix leaves you scra tching your head? You *must* have a shell account to learn shell programming. You can get one for free at Just set up a PPP connection and telnet into Lonestar for your Unix fun! However, Lonestar doesn't allow you to telnet out. For a full service shell account, check out Yes! They have ssh logins! For details on how to use a shell account and instructions on lots of fun Unix commands, see the GTMHHs on shell accounts at ************************************************** If you are familiar with DOS, you may have already done something similar to shell programming: DOS batch files. The basic idea is that you write a series of DOS commands and save them with a file that ends with the extension "bat." For example, you might name your batch file "myfile.bat." Then any time you want to run it, you just type "myfile" and it runs all the commands inside that file. (Note: if you are in a different directory from my file.bat, you either have to tell your computer where to look for it with a "path" command, or by typing in the entire path, for example "c:\myprograms\myfile.") Unix -- an operating system that was created long before DOS -- can do something very similar to a DOS batch file. Instead of typing Unix commands one by one every time you need them, you can write a shell script that automatically executes that sequence. Then you save it as a file with permissions that make it executable. *************************************************** Newbie note: "Executable" doesn't mean the computer goes out and murders your poor file. It means that when you type the name of that file, the computer looks inside and does what your file tells it to do. "Permissions" mean what can be done by who with a file. For example, you could set the permissions on your shell account file so that only someone in your account could execute it. Or you could make it so anyone in the world could run (execute) it -- something you usually do with the files in your Web site, so that anyone who surfs in may read them. *************************************************** But there is one huge difference between DOS and Unix commands. In DOS, the commands "mkdir" and "MKDIR" do exactly the same thing. In Unix, they would be two totally different commands. Be absolutely careful in this lesson to type all commands in lower case (small) letters, or this stuff will not work. How to Create and Run a Script Why are we starting with shell script programming? The reason is that they are easy. Honest, they *are* easy. So easy, there are several ways to make them. First, let's walk though the Pico way to create a simple script. 1) Open an editor program. We'll use the easiest one: Pico. At the prompt in your shell account, simply type in "pico hackphile." ("Hackfile" will be the name of the script you will create. If you don't like that name, open Pico with the name you like, for example "pico myfilename.") This brings up a screen that looks a lot like the Pine email program's "compose mail" screen. ******************************************************** Evil genius tip: If your shell account is half-way decent, you will have Pine and it will allow you to choose whatever editor you want for composing email. Default is Pico. But you may configure it to use other editors such as the far more powerful vi or emacs. Just go to the main menu on Pine, then to Setup, then to Configure, then scroll down almost to the end o f all the options. There will be a line "editor = pico." Put in your favorite editor! If you regularly use Pine to compose email, you will keep in practice by using its editor, making it much easier to write programs. ******************************************************** Here's what your Pico screen should look like: UW PICO(tm) 2.9 File: hackphile [ New file ] ^G Get Help ^O WriteOut ^R Read File ^Y Prev Pg ^K Cut Text ^C Cur Pos ^X Exit ^J Justify ^W Where is ^V Next Pg ^ U UnCut Text^T To Spell At the bottom is some fast help, a list of commonly used Pico commands. That "^" thingy means to hold down the control key while hitting the letter of the alphabet that follows. Besides these commands, some others that it helps to know for Pico are: ^e moves the cursor to the end of a line ^a moves the cursor to the beginning of a line ^d deletes a character ^f moves the cursor forward (or use the -> arrow key if it wo rks) ^b moves the cursor backward (or use the <- arrow key if it works) ^p moves the cursor up (or use the up arrow key if it works) ^n moves the cursor down (or use the down arrow key if it works) ^t checks spelling 2) Write in some Unix commands. Here are some fun ones: echo I am a programmer and one heck of a hacker! echo Today I am going to echo $1 $2 $3 $4 $5 $6 $7 $8 $9 3) Now exit Pico. Hold down the control key while pressing "x." Pico will ask you if you want to save the file. Hit the "y" key to save. It will ask you whether you want to save it with the name "hackphile." Unless your change your mind, just hit the "enter" key and you are done. 4) Next make it executable. On most systems, you can do this by typing "chmod 700 hackphile." On some computers the command "chmod +x hackphile" will work. On other computers you might have to write a line in your shell script "#!/bin/bash" (or "#!/bin/tcsh" or "#!/bin/csh" etc. depending on the path to whatever shell you are using) to make it work. Sorry to be so complicated on this instruction, but there are a lot of different kinds of Unix and Unix shells out there. Groan. ****************************************************** Newbie note: That "chmod" command sets permissions. Making a file executable is only one of the many things that magical command does. It also controls who can execute it, who can read it, and who can write it. Damian Bates of Rt66 Internet points out that you could set the permissions so only you could execute that shell script by typing "chmod u+rx filename" (u=you). If you are in a Unix "group," you could allow your group to execute it by typing "chmod g+rx filename" (g=group) or you could give everyone else execute permissions by typing "chmod o+rx filename" (o=other). Any of these can be done in combination such as "chmod ug+rx filename (user and group can read and execute but not write) or "chmod g-rwx filename" If you hate typing all that stuff, you can use numbers as in "chmod 700," which gives you, and only you read, write and execute permission. To add permission to read and execute, but not write, to everyone else, use "chmod 755." To learn more on how to use the number chmod commands, use the command "man chmod." ******************************************************* 5) Now type in: "hackphile forge email from Santa Claus." Press "enter" and you will see on your screen: "I am a programmer and one heck of a hacker! Today I am going to forge email from Santa Claus." Pretty cool, huh? What that last echo command does is find the first word you typed after the "hackphile" command, which is held in the memory location $1, the second word in $2, and so on. Unlike more sophisticated programming languages, you don't need to set up those dollar sign variables in advance -- the stuff you type on the command line after the name of the script automatically goes into those memory locations! Now suppose you want a script to actually forge email from Santa Claus. Unfortunately, this is where you learn the limitations of shell scripts. You can put in the command "telnet foobar.com 25" and be ready to forge email. But if the next command in your shell script is "mail from: santa@north.pole.com," it just won't happen. The problem is that you are no longer in your Unix shell. You now are running a mail program on foobar.com, which does not bring up the rest in your sequence of shell commands. But help is on the way. The programming languages of Perl and C will do the job for you much more easily than a shell script. More on these in later Guides, I promise! How about more fun ways to make shell scripts? Shell Scripts on the Fly In a rush? Do you always do things perfectly? If so, try the "cat" command to create shell scripts. Here's an example of a useful one. Type in: cat > list ls -alK|more w|more Then hold down the control key while hitting the letter "d." This will automatically end the "cat" command while saving the commands "ls -alK|more" and "w|more" in the file "list." Then make it executable with the command: "chmod 700 list." (If chmod 700 doesn't work on your system, try the alternative ways to make it executable in 4) above.) Now, whenever you want to see everything you could ever want to see about your files, followed by a list of info on whoever else is also logged into shell accounts at the Unix box you use, just type in the command "list." This will give you something like: total 127 drwx-----x 8 cpm 1536 Dec 28 14:37 . drwxr-xr-x985 root 17920 Dec 26 17:56 .. -rw------- 1 cpm 0 Aug 27 08:07 .addressbook -rw------- 1 cpm 2285 Aug 27 08:07 .addressbook.lu lrwxrwxrwx 1 cpm 9 Oct 27 15:35 .bash_history -> /dev/null -rw-r--r-- 1 cpm 1856 Oct 8 09:47 .cshrc (snip) 3:01pm up 5 days, 6:48, 9 users, load average: 1.87, 1.30, 1.08 User tty login@ idle JCPU PCPU what phill ttyp0 2:39pm 1 11 -csh flattman ttyp1 2:27pm 4 4 tf kjherman ttyp2 1:13pm 1:43 telnet ftp.fubar.com cpm ttyp4 1:08pm 13 w johnp ttyp5 Sat 6pm 1 1:29 7 -tcsh kjherman ttyp6 1:15pm 1:43 telnet fubar.com kjherman t typ8 1:16pm 1:43 /bin/csh /usr/local/bin/cmenu momshop ttyp9 2:50pm 10 /usr/local/bin/pine swit ttypa 9:56am 4:20 41 -csh joy ttypc 3:00pm 2 1 -csh *************************************************** Newbie note: What does all that stuff mean? Sorry, this is an advanced GTMHH, so all I'm going to tell you is to give the commands "man ls" and "man who" to find out all this stuff. OK, OK, I'm sorry, here's a little more help. The "|" means "pipe." When you have two commands on either side of a pipe command, this makes the output of the command on the left hand side of the "|" pipe into the command on the right hand side. So "w|more" tells your computer to d o the command "w" and pipe its output to the command "more." Then "more" displays the output on your monitor one screen at a time, waiting for you to hit the space bar before displaying the next screen. What does "lrwxrwxrwx 1 cpm 9 Oct 27 15:35 .bash_history -> /dev/null" mean? "l" means it is a linked file. The first set of rwx's mean I (the owner of the account) may read, write, and execute this file. The second rwx means my group may also read, write and execute. The last set means anyone in the world may read, write and execute this file. But since it's empty, and will always stay empty, too bad, kode kiddies. *************************************************** *************************************************** Evil genius tip: In case you saw that supposed bash history file of mine some haxors were making phun of on some email lists, here's two ways you can tell it was faked and they were seriously deficient in Unix knowledge. a) See that funny notation above, "bash_history -> dev/null? My .bash_history has been linked to dev/null (dev/null means "device null" which is a fancy way of saying everything goes to bit heaven never to be seen again) since Oct. 9, 1997 -- long before some sooper genius emailed around that fake file! Here's how you can make your bash history disappear. Simply give the command "ln -s /dev/null ~/.bash_history." b) If you have the bash shell, and haven't linked it yet to dev/null, get into it and use the "talk" command to chat with someone for awhile. Then give the command "more .bash_history." You will see that unlike that supposed bash history file of mine, the stuff you type in during a "talk" session does not appear in the .bash_history file. The guy who faked it didn't know this! Either that, or he did know, and put that in to trick the people who would read it and flame me into revealing their ignorance. The guys who got caught by this trick tried to get out of their embarrassing spot by claiming that a buffer overflow could make the contents of a talk session turn up in a bash history file. Yeah, and yesterday they saw Elvis Presley at a grocery story, too. *************************************************** Slightly Stealthy Scripts Now suppose you are worried about really clueless kode kiddies getting into your shell account. Believe it or not, many people who break into computers are almost totally ignorant of Unix. For example, at Def Con V a friend, Daniel, conducted an informal poll. He asked dozens of attendees if they knew the "cat" command. He found that over half the people there had never even heard of it! Well, *you* know at least one way to use "cat" now! Another example of haxor Unix cluelessness was a fellow who broke into my shell account and planted a Trojan named "ls." His idea was that next time I looked at my files using the Unix ls command, his ls would execute instead and trash my account. But he forgot to give the command "chmod 700 ls." So it never ran, poor baby. ****************************************************** Evil genius tip: Damian advises "NEVER put '.' (the current working directory or cwd) in your path! If you really want "." in your path, make sure it is the last one. Then, if a Trojan like ls is in your current directory, the _real_ ls will be used first. Set your umask (umask is the command that automatically set permissions on all files you create, unless you specify otherwise) to something more secure than 022, I personally use 077. Never give group or other write access to your directory and be leery of what others can read." For your reading enjoyment, use the commands "man chmod" and "man umask" to get all the gory details. ****************************************************** Here are ways to make shell scripts that the average clueless person who breaks into a computer won't be able to run. First, when you name your script, put a period in front of the name. For example, call it ".secretscript". What that period does is make it a hidden file. Some kode kiddies don't know how to look for hidden files with the command "ls -a." After you make your script, don't give the "chmod 700" command. Just leave it alone. Then when you want to execute it, give the command "sh hackphile" (substituting for "hackphile" the name of whatever script you wish to execute). It will execute even though you never gave that chmod 700 command! What you have done with the "sh" command is launch a temporary new Unix shell, and then send into that shell the commands of your script. Here's a cool example. Make this script: cat > .lookeehere! who|more netstat|more Remember to save this script by holding down the control key while hitting the letter "d". Now try the command: ".lookeehere!" You should get back something that looks like: bash: ./.lookeehere!: Permission denied That's what will stump the average kode kiddie, presuming he can even find that script in the first place. Now try the command "sh .lookeehere!" All of a sudden you get screen after screen of really interesting stuff! Your Internet Service provider may have disabled some of the commands of this Guide. Or it may have just hidden them in directories that you can get to if you know how to look for them. For example, if the "netstat" command doesn't work, give the command "whereis netstat." or else "locate netstat." If, for example, you were to find it in /usr/bin, you can make that command work with "/usr/bin/netstat" in your script. If neither the whereis or locate commands find it for you, if you are a newbie, you have two choices. Either get a better shell account, or talk your sysadmin into changing permissions on that file so you can execute it. Many sysadmins will help you out this way -- that is, they will help if when they check their syslog files they don't find evidence of you trying to break into or trash computers. Neat trick: take your sysadmin to a fancy restaurant and wait to ask him for access to EVERY Unix command until after you have paid for his meal. ***************************************************** Evil genius tip: Your sysadmin won't let you run your favorite Unix commands? Don't grovel! Compile your own! Most ISPs don't mind if you keep and use your favorite Unix stuff in your own account. Says Damian, "I tend to keep my own binaries in ~/bin/ (My home directory slash bin) and put that in my path. (With the directory being 700 or drwx------ of course)." Where can you get your own? Try ***************************************************** Now it's time to really think about what you can do with scripts. Yes, a shell script can take a complex task such as impressing the heck out of your friends, and make it possible for you to do by giving just one command per cool stunt. If you are a bit of a prankster, you could create a bunch of scripts and use them to make your friends think you have a special, super duper operating system. And in fact you really will, honestly, be in control of the most special, wonderful operating system on the planet. The beauty and power of Unix is that it is so easy to customize it to do anything and everything! Windows no! Unix yes! **************************************************** Evil Genius tip: Bring up the file .login in Pico. It controls lots of what happens in your shell account. Want to edit it? You could totally screw up your account by changing .login. But you are a hacker, so you aren't afraid, right? Besides, if you mess up your shell account, you will force yourself to either learn Unix real fast so you can fix it again, or else make friends with tech support at your ISP as your try to explain why you accidentally mapped the letter "e" to mean "erase." (I did that once. Hey, no one's perfect!) For example, do you have to put up with some babysitter menu every time you log in? Do you see something that looks like "/usr/local/bin/menu" in .login? Put a "#" in front of that command (and any other ones you want to put to sleep) and it won't execute when you login. Then if you decide you are sorry you turned it off, just remove the "#" and that command will work again. Damian adds "Of great importance to newbies and a sign of great intelligence in advanced Unix gurus is backing up before you screw it up, i.e., in your pico of .cshrc. Their command lines should contain: mkdir .trash;chmod 700 .trash;cp .cshrc .trash; pico .cshrc. "Or, make the following alias in your .cshrc after creating your '.trash'directory: alias backup 'cp \!$ ~/.trash' "When you next source the .cshrc, you just type 'backup filename' and it will be copied into the .trash directory in case you need it later. "Modify the startup script, save the changes and then telnet in a second time to see if it works. If it doesn't, fix it or 'cp ~/.trash/.cshrc ~'. I don't recommend you 'source' the newly modified file because if it's screwed, so are you. It's always best to keep one session untarnished, just in case. If it works OK on your 2nd login, then you can 'source .cshrc;rehash;' in your first window to take advantage of the changes made." ******************************************************* OK, now how about just cutting loose and playing with scripts? See what wonderful things you can do with them. That's what being a hacker is all about, right? And thanks to Damian Bates, great fan of the Bastard Operator from Hell, for reviewing and contributing to this Guide. Check out his Web site at Parental discretion advised:) "There is no way you're describing our system, she could never have gotten past our security. But I'm going to find her and see that she's prosecuted ... she broke the law, and she's going to pay!" President of "Blah Blah Bank" -->>> Does anybody ELSE see a small discrepancy here ???????

Các file đính kèm theo tài liệu này:

  • pdfHacking into computer systems a beginners guide.pdf
Tài liệu liên quan