That was the voice of a high school freshman. He had me on the phone because his father had just taken
away his computer. His offense? Cracking into my Internet account. The boy had hoped to impress me with
how "kewl" he was. But before I realized he had gotten in, a sysadmin at my ISP had spotted the kid's
harmless explorations and had alerted the parents. Now the boy wanted my help in getting back on line.
I told the kid that I sympathized with his father. What if the sysadmin and I had been major grouches? This
kid could have wound up in juvenile detention. Now I don't agree with putting harmless hackers in jail, and
I would never have testi fied against him. But that's what some people do to folks who go snooping in other
people's computer accounts --even when the culprit does no harm. This boy needs to learn how to keep out
of trouble!
Hacking is the most exhilarating game on the planet. But it stops being fun when you end up in a cell with a
roommate named "Spike." But hacking doesn't have to mean breaking laws. In this series of Guides we teach
safe hacking so that you don't have to keep looking back over your shoulders for narcs and cop s.
What we're talking about is hacking as a healthy recreation, and as a free education that can qualify you to
get a high paying job. In fact, many network systems administrators, computer scientists and computer
security experts first learned their pro fessions, not in some college program, but from the hacker culture.
And you may be surprised to discover that ultimately the Internet is safeguarded not by law enforcement
agencies, not by giant corporations, but by a worldwide network of, yes, hackers.
222 trang |
Chia sẻ: banmai | Lượt xem: 2528 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Hacking into computer systems: A beginners guide, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
***********************************
Sniffing
Sniffing is observing the activity of one’s victim on a network (usually the Internet). This can include
grabbing passwords, reading email, and observing telnet sessions.
Sniffer programs can only be installed if one is root on that computer. But it isn’t enough to make sure that
your Internet host computers are free of sniffers. Your email, telnet, ftp, Web surfing -- and any passwords
you may use -- may go through 20 or more computers on their way to a final destination. That’s a lot of
places where a sniffer might be installed. If you really, seriously don’t want some cybernazi watching
everything you do online, there are several solutions.
The Eudora Pro program will allow you to use the APOP protocol to protect your password when you
download email. However, this will not protect the email itself from snoopers.
If you have a shell account, Secure Shell (ssh) from Datafellows will encrypt everything that passes
between your home and shell account computers. You can also set up an encrypted tunnel from one
computer on which you have a shell account to a second shell account on another computer -- if both are
running Secure Shell.
You may download a free ssh server program for Unix at
ftp://sunsite.unc.edu/pub/packages/security/ssh/ssh-1.2.20.tar.gz, or check out
If you are a sysadmin or owner of an ISP, get ssh now! Within a few years, all ISPs that have a clue will
require ssh logins to shell accounts.
For a client version that will run on your Windows, Mac or any version of Unix computer, see the
DataFellows site at But remember, your shell account must be running the ssh
server program in order for your Windows ssh client to work.
To get on the ssh discussion list, email majordomo@clinet.fi with message "subscribe ssh."
But ssh, like APOP will not protect your email. The solution? Encryption. PGP is popular and can be
purchased at I recommend using the RSA option. It is a stronger algorithm than the default
Diffie-Hellman offered by PGP.
************************************************************
Newbie note: Encryption is scrambling up a message so that it is very hard for anyone to unscramble it
unless they have the right key, in which case it becomes easy to unscramble.
************************************************************
************************************************************
Evil genius tip: While the RSA algorithm is the best one known, an encryption program may implement it in
an insecure manner. Worst of all, RSA depends upon the unprovable mathematical hypothesis that there is
no polynomial time bounded algorithm for factoring numbers. That’s a good reason to keep up on math
news!
The key plot element of the movie “Sneakers” was a fictional discovery of a fast algorithm to factor
numbers. Way to go, Sneakers writer/producer Larry Lasker!
************************************************************
************************************************************
You can go to jail warning: In many countries there are legal restrictions on encryption. In the US, the
International Traffic in Arms Regulations forbids export of any encryption software good enough to be
worth using. If we are serious about freedom of speech, we must find ways to keep our communications
private. So fighting controls on encryption is a key part of winning the battle against repression on the
Internet.
************************************************************
Social Engineering
As we saw in the GTMHH on how to break into computers, social engineering usually consists of telling
lies that are poorly thought through. But a skilled social engineer can convince you that he or she is doing
you a big favor while getting you to give away the store. A really skilled social engineer can get almost any
information out of you without even telling a lie.
For example, one hacker posted his home phone number on the bulletin board of a large company, telling
the employees to call him for technical support. He provided great tech support. In exchange, he got lots of
passwords. If he had been smart, he would have gotten a real tech support job, but then I can never figure
out some of these haxor types.
ISP Hostage Taking
A favorite ploy of the aggressor in a hacker war is to attack the victim’s Internet account. Then they
trumpet around about how this proves the victim is a lamer.
But none of us is responsible for managing the security at the ISPs we use. Of course, you may get a
domain name, set up a computer with lots of security and hook it directly to an Internet backbone provider
with a 24 hr phone connection. Then, checking account depleted, you could take responsibility for your
own Internet host. But as we learned from the AGIS attacks, even Internet backbones can get taken down.
If you point this out, that you are not the guy running security on the ISP you use, bad guy hackers will
insult you by claiming that if you really knew something, you would get a “secure” ISP. Yeah, right. Here’s
why it is always easy to break into your account on an ISP, and almost impossible for your ISP to keep
hackers out.
While it is hard to break into almost any computer system from the outside, there are vastly more exploits
that will get you superuser (root) control from inside a shell account. So all your attacker needs to do is buy
an account, or even use the limited time trial account many ISPs offer, and the bad guy is ready to run
rampant.
You can increase your security by using an ISP that only offers PPP (point to point) accounts. This is one
reason that it is getting difficult to get a shell account. Thanks, cybernazis, for ruining the Internet for the
rest of us.
But even an ISP that just offers PPP accounts is more vulnerable than the typical computer system you will
find in a large corporation, for the simple reason that your ISP needs to make it easy to use.
********************************************************
Newbie note: A shell account lets you give Unix commands to the computer you are on. A PPP account is
used to see pretty pictures while you surf the Web but in itself will not let you give Unix commands to the
computer you are logged into.
********************************************************
Because it is easy to break into almost any ISP, haxor d00d cybernazis think it is kewl to take an ISP hostage
by repeatedly breaking in and vandalizing it until the owner surrenders by kicking the victim of the attacks
off. This was the objective in the assaults on Succeed.net in Oct. 1997.
*******************************************************
You can go to jail warning: I usually fubar the names of ISPs in these guides because so many haxor types
attack any computer system I write about. Succeed.net is a real name. If you want to attack it, fine. Just
remember that we have boobytrapped the heck out of it. So if you attack, men in suits bearing Miranda cards
will pay you a visit.
*******************************************************
Why Should I Give a Darn? -- Ways Bystanders Get Hurt
To most people, hacker wars are Legion of Doom vs. Masters of Deception stuff. Interesting, but like
reading science fiction. But what does it have to do with your life? You may figure that if you never do
anything that gets some computer dweeb who thinks he’s a haxor mad, you won’t have a problem.
Yet chances are that you may already have been brushed by hacker war. Have you ever tried to login to
your online provider and couldn’t make a connection? Did you call tech support and they told you they
were “down for maintenance”? Tried to send email and gotten a message “cannot send mail now. Please try
again later”? Sent email that disappeared into cyberspace without a trace? Gotten email back with a “User
unknown” or worse yet, “host unknown” message? Been unable to surf to your favorite Web site?
It could have been technical error (cough, cough). But it may have been more. A cardinal rule of online
services is to never, ever admit in public to being hacked. Only if a reporter “outs” them first will they
reluctantly admit to the attack. This is because there are cybernazi gangs that, when they hear of an online
service under attack, join in the attack.
Why cybernazis do this is not clear. However, what they accomplish is to make it hard for small companies
to compete with giants such as America Online. The giant online services can afford a large staff of
computer security experts. So with the cybernazis rampaging against the little Internet service providers, it is
not surprising that so many of them are selling out to the giants.
I don’t have any evidence that the cybernazis are in the pay of giants such as AOL. In fact, I suspect
cybernazis are trying to drive the small competitors out of business solely on the general principle that they
hate freedom of anything.
It is common for hacker wars that start as a private disagreement to spill over and affect thousands or even
millions of bystanders.
For example, in Sept. 1996, syn flood attackers shut down the Panix ISP for several days. In Oct. 1997 the
ISP Succeed.net was shut down by a team of hackers that deleted not just Bronc's but also over 800 user
accounts. Many other ISPs have suffered shutdowns from hacker wars, often because the attackers object
to political views expressed on their Web pages.
On June 4, 1997, hacker wars made yet another quantum leap, shutting down the Internet backbone service
provider AGIS in retaliation for it allowing Cyberpromo and several other spam empires to be customers.
Tomorrow these skirmishes could pit nation against nation: power grids that serve hundreds of millions
failing in the dead of winter; air traffic control systems going awry with planes crashing; hundreds of
billions, trillions of dollars in banking systems disappearing without a trace. Pearl Harbor. Digital Pearl
Harbor. Famine. Years before we could climb out of an economic collapse as bad as the Great Depression.
You think this is a ridiculous exaggeration? Those of use who have been in the bullseye of the
cybernazis find this future easy to believe.
Winn Schwartau has been warning the world of this coming disaster since June of 1991. Someone must be
listening, because in September 1997 an industry group, formed in the wake of hearings by the US Senate’s
Permanent Subcommittee on Investigations, appointed Schwartau team leader, Manhattan Cyber Project
Information Warfare/Electronic Civil Defense (see and
Schwartau, in his book Information Warfare, tells us about some of the attacks the cybernazis have made on
his family. These attacks have included massive credit card fraud, tampering with his credit rating, turning
off his home power and phone, and even tampering with the local emergency services dispatch system so
that all ambulance, fire and police calls were directed to his home instead of to those who called 911 for
emergency help.
Those of us on the front lines of cyberwar have seen these attacks first hand. The cybernazis, as Schwartau
discovered, were willing to even risk the lives of people who had nothing to do with him.
Yes, we know hacker wars do to us, and we know what it does to you bystanders.
Why You May Get Hit
Hacker war happens to other people, right? Spammers get hacked. Hacker gangs pick fights with each other.
But if you behave politely around computer criminals, you are safe, right? OK, as long as you don’t live in
the neighborhood of one of us Internet freedom fighters like Schwartau or me you are safe.
Wrong. Dead wrong.
Let’s look at an example of a hacker war, one that doesn’t seem to have any motivation at all. We’re talking
the Internet Chess Club. Not exactly controversial.
In mid Sept. 1996 it was shut down by a syn flood attack in the aftermath of daemon9 publishing a program
to implement the attack in the ezine Phrack.
There have bene many bystanders hit with the wars against this Happy Hacker list. It all started with
cybernazis who wanted stop you from getting email from me. For example, on Dec. 6, 1996, someone had
written to the dc-stuff hackers email list (subscribe by emailing majordomo@dis.org with message
"subscribe dc-stuff) saying “I think they (or maybe 'we') will survive, Carolyn's book.” Rogue Agent replied:
I'm just doing my part to make sure that it doesn't happen. Ask not what the network can do for you, ask
what you can do for the network. We shall fight them in the routers, we shall fight them in the fiber, we shall
fight them in the vaxen... I'm an activist, and I won't stop my activ ism just because I know others will take it
too far.
On Dec 20 Rogue Agent wrote to me:
Ask Netta Gilboa; her magazine's in shambles and her boyfriend's in prison, while she lives in fear. Ask Josh
Quittner (author of Masters of Deception); for a while there, he had to change his (unlisted) phone number
literally every two weeks because of the nightly anonymous calls he was getting. Somehow they always got
the new number. Ask John Markoff (coauthor of the hacker best-seller Takedown); he can't even let people
know what his email account is or he gets spammed the next day.
This is not a threat... All I'm doing is telling you what's coming... you're playing with fire. There is a darker
element in my culture, and you're going to meet it if you keep going.
“This is not a threat.” Yeah, right. That’s what most of the guys who threaten us say.
Five days later, while it was still dark on Christmas morning, the owner of the Southwest Cyberport ISP
where I had an account was woken by an alarm. His mail server was down. No one using that ISP could get
email any more. They had been hit by a massive mailbombing by someone styling himself johnny xchaotic.
jericho surfaced as the public spokesman for the attacker, claiming intimate knowledge of his techniques and
motivations.
The evening of Dec. 28, someone cracked the dedicated box that Cibola Communications had been
providing us at no cost to run the Happy Hacker majordomo. The intruder erased the system files and sent
email to the owners threatening worse mayhem if they didn’t cave in and boot us off. The attackers also
wiped the system files from a computer at the University of Texas at El Paso that I was using for research,
and sent threats to all email addresses on that box. The attacker called hims elf GALF. It was not the first or
last time that GALF has struck Happy Hacker.
Damaged computers, threats, extortion, blackmail. That's life around here. After awhile it gets kinda boring,
yawn -- just kidding.
*********************************************************
Newbie note: In case you are wondering whether you can get killed in one of these battles, I have found no
reports, not even rumors, of any hacker war murders. These guys only kill people by accident as a side
effect of their digital mayhem. Like sending an ambulance that could save a dying child to the home of an
Internet freedom fighter instead. However, if someone should threaten to kill you, you should report it and
any associated computer attacks. Despite what you may hear, those of us hackers who are not computer
criminals cooperate enthusiastically with law enforcement.
*********************************************************
How to Get into a Hacker War
“I want to fight in a hacker war. How do I get in?”
I get email like this all the time. Many newbie hackers long for my frequent experiences of being attacked by
a talented gang of computer criminals. The excitement! The opportunity to go mano a mano with bad dudes
and prove you are better than them!
There is some truth to this view. To be honest, I get a thrill fighting those criminals -- using legal tactics, of
course. Believe me, if we catch the Succeed.net attackers, you will hear about it. But before you make the
decision to join us freedom fighters, count up the cost. It isn't always fun.
But I’ve stood up to them. And, shoot, I’m just an old lady. So if you want to attract a hacker war, and
believe you are as tough or tougher than me, be my guest. But before you start provoking attacks, please
wait for me to get out the next two parts of this Information Warfare series, so you can learn how to repair
your credit rating and recover from other digital disasters. You’ll find plenty of things in the next Guides in
this series that will help you survive even the most determined hacker war. Even the kind of war that
attempts to steal all you own, wipe out your identity, and threaten the lives of your family.
So just how do you get into a hacker war? The easiest way is to attend a hacker convention. There are all
sorts of twisted people at these things, kind of like the bar scene in Star Wars. “He said, he doesn’t like the
way you look.” If you fail to grovel and suck up to those d00dz, or, worse yet, tell them firmly that you favor
freedom of speech, or even worse yet, make fun of them for being cybernazis, you can be in for lots of
excitement.
How to Keep from Getting Caught -- NOT!
So you want to be the attacker in a hacker war? So you think you can keep from getting caught? According
to jericho, writing in his “F***ed Up College Kids” ezine, “You have media whores like Carolyn Meinel
trying to teach people to hack, writing guides to hacking full of f***ups. Telling these people what to do,
but not giving them enough information to adequately protect themselves.”
I agree with jericho, if you decide to become a computer criminal in a hacker war, I’m not talented enough to
teach you how to keep from getting caught.
In fact, no one can teach you how to keep from getting caught. I’ll tell you exactly why, too.
At a Def Con V panel I hosted (Las Vegas, July 1997), jericho boasted “When I break in, I close the doors
behind me.” He makes a big deal about how hackers can keep from getting busted by deleting or modifying
log files. Yeah. Right. Not!
Let me tell you the REAL story about what happens when hackers think they are covering their tracks. Sure,
an ordinary sysadmin can’t restore a deleted file on a Unix system. But there are people out there with the
technology to restore deleted files -- even files that have been overwritten hundred of times. They can
restore them regardless of operating system. There are people out there who can extract everything that has
been on a hard disk for the last several months -- or years. I know those people. I arrange for them to read
those hard disks. Guess who’s toast:):):)
Then there is surveillance. Some 31337 haxor is sitting at his box raising hell and “closing doors after him.”
What he doesn’t know is that thanks to a court order inspired by his boasts, someone is s itting in a van a
hundred yards away -- picking up every keystroke. Van Eck radiation, luser. Or picking up the signals that
run down the power cord of your computer. Ever heard of Tempest?
Even if the cybercrime detective doesn’t have all this high-tech hardware on hand, the history of hacker
crime shows that criminals will talk in exchange for lenient sentencing. Commit one easy-to-prove federal
felony, let’s say posting someone’s stolen email on one’s public ftp server (who do we know who has done
this?), and the Feds have lots of bargaining power against him.
So even if I wanted to help people become ubercriminals, I can’t. Not because I don’t know how. Because
there is no way. The 31337 d00dz who tell you otherwise are seriously ignorant.
I predict the Succeed.net attackers are will wind up in jail. Soon. Perhaps not for that crime. But their days of
freedom are numbered. It is only a matter of picking which of their many crimes will hold up best in court,
and who will give evidence against whom. Time to study game theory -- can you say “prisoners’ dilemma,”
wannabe ubercriminals? Who’s the narc?
“But, but,” I can hear the Super Duper computer criminals sputtering. “My buddies and I break the law all
the time and we’ve never been busted. OK, OK, my other buddy got busted, but he was lame.”
It’s just a matter of time. They need to go straight before their number is up. Or make the decision to obtain
their “get out of jail free” cards by informing on their gang before their day of doom comes up. They have
much better bargaining power if they make a deal before arrest.
********************************************************
If you happen to be a cybernazi who is having second thoughts, and would like help making a deal with the
authorities, please contact me anonymously using my pgp key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP for Personal Privacy 5.0
mQENAzRWYacAAAEIALYjWhzd8qO/MteFrb2p9SsY5GHdFAxT7R1M4X/jt5Nd/VKR
qCJoS4F/kQ6NwsM/mopjd4yVunxvs4QUK7eZ5A2rZuEps4EadXwwBPI63RfHci5o
BiXs9fGYtpTx7bv9dJE/Z9tved8s24asib06vLDqzyCFDXrRoYLO8PwEmifwWVWW
OL+5Th45m6cirXuwi1Idjy66AZwt8ARFnns5FA5OCb82NW54RsFKbKR2u2wUfT72
rRJg0ICt/WtZdr2dBccXEgp1232s5rgwiRvqmGjMOruUDfU2nNHH3pOk8JrefIXl
dwV0yjErb7wcecCFIrHfQKcxVoNXHlgJ6afePjcABRG0J0Nhcm9seW4gTWVpbmVs
IDxjbWVpbmVsQHRlY2hicm9rZXIuY29tPokBFQMFEDRWYaceWAnpp94+NwEB9bsH
/ilWgT2ix3B79UFfrjSE9EYCjKh1CWiIGMohdjjmV8Q3lSJIoikPtUZNak4lBTh/
wuD5ea0DZuoDe6i4EagBmRgTCvATXQqD74XtNSZSPhIQMOytJUJLlmuAnDEm96XS
30xguSFrXNjHYS19prE1yi2vQe/PJ7/K1QQwy725hjI5fnq4TnldxloaESNvurKh
Mc3GwQWF1JmpaFup3+hrEwUxcQ2PJn3xkgcjKkj1x7emDIGLCgF1RIJDLM63Q5Ju
bCqodumjX0pe8kHL3tRaDux+eAZ4ZD73HvF4lYi7QLKGDwX1Vv9fmbJH4tCqo3pq
RBhG32XmkTuDe0EExdSET+w=
=09hD
-----END PGP PUBLIC KEY BLOCK-----
************************************************************
How to Protect yourself in a Hacker War
What, you don’t find getting caught up in a hacker war immensely entertaining? You don’t want to be the
innocent bystander caught in the crossfire of an rm command? Here are a few rules that can help you. But
remember, these are only the most basic of protections. We’ll cover the industrial-strength techniques in
later Guides in this series, as well as how to catch the culprits.
Top Ten Beginner Defenses in Hacker Wars
10) Backup, backup, backup.
9) Assume anything is being sniffed, unless protected by strong encryption.
8) Assume your phone is tapped.
7) Never, never, ever telnet into your shell account. Use Secure Shell instead.
6) Pick a good password. It should be long, not a name or a word from a dictionary, and should include
numbers and/or characters such as !@#$%^&*. If you use a computer where others have physical access to
it, don’t write your password on anything.
5) This applies to shell accounts: assume your attacker will get root control anyhow, so your password
won’t do you any good. That means you should encrypt any files you don’t want to have passed around,
and send your shell history files to /dev/null each time you log out.
4) Do you use the Pine or Elm email programs? Don’t keep email addresses in your shell account. Your
saved mail files are a good place for cybernazis to find email addresses and send out threatening and
obscene messages to them. GALF specializes in this tactic.
3) Regularly patrol your Web site. You never know when it may sprout rude body parts or naughty words.
Preferably use a Web server hosted on a computer system dedicated to nothing but Web sites. Best of all,
use a MacOS web server.
2)Disable Java on your Web browser. Don’t even *think* of using ActiveX or Internet Explorer.
And, the number one defense:
1) Join us Internet freedom fighters. It will take many of us to win the battle against those who want to pick
and choose whose voices will be heard on the Internet.
Contents of Volume 5:
Shell Programming
_________________________________________________________
Guide to (mostly) Harmless Hacking
Vol. 5 Programmers' Series
No. 1: Shell Programming
_________________________________________________________
Honest to gosh -- programming is easy. If you have never programmed in your
life, today, within minutes, you will become a programmer. I promise. And
even if you are already a programmer, in this Guide you just might discover
some new tricks that are lots of fun.
Amazingly enough, many people who call themselves hackers don't know how to
program. In fact, many el1te haxor types claim they don't need to know how
to program, since computer programs that do kewl stuph like break into or
crash computers are available for download at those HacK3r Web sites with
the animated flames and skulls and doom-laden organ music.
But just running other people's programs is not hacking. Breaking into and
crashing other people's computers is not hacking. Real hacking is exploring
and discovering -- and writing your own programs!
********************************************************
In this Guide you will learn:
* Why should hackers learn how to program?
* What is shell programming?
* How to create and run scripts
* Shell scripts on the fly
* Slightly stealthy scripts
* Examples of fun hacker scripts
Plus, in the evil genius tips, you will learn how to:
* Talk about the Turning Machine Halting Problem Theorem as if you are some
sort of forking genius
* Find instructions on how to create deadly viruses
* Set your favorite editor as default in Pine
* Link your bash history file to dev/null
* Keep simple Trojans from executing in your account
* Save yourself from totally messing up your . tcshrc, .bashrc etc. files.
*******************************************************
Why Should Hackers Learn How to Program?
Back in 1971, when I was 24, I was as nontechnical as they come. But my
husband at the time, H. Keith Henson, was always talking about "buffer in,"
"buffer out" and assembly language stuff.
Keith was one of the earliest of hackers, and a hacker in the pure sense,
someone who wasn't afraid to try unusual things to save memory (a scarce
resource on even the biggest computers of the 1970s) or cut CPU cycles. So
one June morning, tired of me looking dazed when he came home babbling
excitedly about his latest feat, he announced, "You're going to learn how to
program." He insisted that I sign up for a course in Fortran at the
University of Arizona.
The first class assignment was to sit at a punch card machine and bang out
a program for the CDC 6400 that would sort a list of words alphabetically.
It was so fun that I added code to detect input of characters that weren't
in the alphabet, and to give an error message when it found them.
The instructor praised me in front of the class, saying I was the only one
who had coded an extra feature. I was hooked. I went on to write programs
with enough length and complexity that debugging and verifying them gave me
a feel for the reality of the Turing Machine Halting Problem theorem.
I discovered you don't have to be a genius to become a professional
programmer. You just have to enjoy it enough to work hard at it, enjoy it
enough to dream about it and fantasize and play with programming in your
mind even when you aren't in front of a keyboard.
******************************************************
Evil Genius tip: The Turing Machine Halting Problem theorem says that it is
impossible to thoroughly debug -- or even explore -- an arbitrary computer
program. In practical terms, this means that it super hard to make a
computer network totally secure, and that it will never be possible to write
an antivirus program that can protect against all conceivable viruses.
For a more rigorous treatment of the Turing Machine Halting Problem theorem
-- yet written in language a non-mathematician can understand -- read the
"Giant Black Book of Computer Viruses" by Dr. Mark Ludwig, American Eagle
Publications. This book will also teach you how to write the most deadly
viruses on the planet -- or programs to fight them! You can order it from
Warning-- in order to fully appreciate this book, you
have to know assembly language for 80x86 CPUs. But it is the most
electrifying computer manual I have ever read!!!!
********************************************************
That is the heart of the hacker spirit. If you are driven to do more and
greater things than your job or school asks of you, you are a real hacker.
Kode kiddies who think breaking into computers and typing f*** every third
word while on IRC are not hackers. They are small-time punks and vandals.
But if you aspire to become a true hacker, you will become a programmer, and
reach for the stars with your code.
What Is Shell Programming?
If you have been following the earlier Guides to (mostly) Harmless Hacking
(GTMHH), you are already familiar with many fun Unix commands. Shell
programming is writing a file that holds a sequence of Unix commands, which
you can run in your shell account by typing in only one line.
****************************************************
Newbie note: Don't know what a shell account is? Unix leaves you scra tching
your head? You *must* have a shell account to learn shell programming. You
can get one for free at Just set up a PPP
connection and telnet into Lonestar for your Unix fun! However, Lonestar
doesn't allow you to telnet out. For a full service shell account, check out
Yes! They have ssh logins!
For details on how to use a shell account and instructions on lots of fun
Unix commands, see the GTMHHs on shell accounts at
**************************************************
If you are familiar with DOS, you may have already done something similar
to shell programming: DOS batch files. The basic idea is that you write a
series of DOS commands and save them with a file that ends with the
extension "bat."
For example, you might name your batch file "myfile.bat." Then any time you
want to run it, you just type "myfile" and it runs all the commands inside
that file. (Note: if you are in a different directory from my file.bat, you
either have to tell your computer where to look for it with a "path"
command, or by typing in the entire path, for example "c:\myprograms\myfile.")
Unix -- an operating system that was created long before DOS -- can do
something very similar to a DOS batch file. Instead of typing Unix commands
one by one every time you need them, you can write a shell script that
automatically executes that sequence. Then you save it as a file with
permissions that make it executable.
***************************************************
Newbie note: "Executable" doesn't mean the computer goes out and murders
your poor file. It means that when you type the name of that file, the
computer looks inside and does what your file tells it to do.
"Permissions" mean what can be done by who with a file. For example, you
could set the permissions on your shell account file so that only someone in
your account could execute it. Or you could make it so anyone in the world
could run (execute) it -- something you usually do with the files in your
Web site, so that anyone who surfs in may read them.
***************************************************
But there is one huge difference between DOS and Unix commands. In DOS, the
commands "mkdir" and "MKDIR" do exactly the same thing. In Unix, they would
be two totally different commands. Be absolutely careful in this lesson to
type all commands in lower case (small) letters, or this stuff will not work.
How to Create and Run a Script
Why are we starting with shell script programming? The reason is that they
are easy. Honest, they *are* easy. So easy, there are several ways to make
them.
First, let's walk though the Pico way to create a simple script.
1) Open an editor program. We'll use the easiest one: Pico. At the prompt in
your shell account, simply type in "pico hackphile." ("Hackfile" will be the
name of the script you will create. If you don't like that name, open Pico
with the name you like, for example "pico myfilename.")
This brings up a screen that looks a lot like the Pine email program's
"compose mail" screen.
********************************************************
Evil genius tip: If your shell account is half-way decent, you will have
Pine and it will allow you to choose whatever editor you want for composing
email. Default is Pico. But you may configure it to use other editors such
as the far more powerful vi or emacs. Just go to the main menu on Pine, then
to Setup, then to Configure, then scroll down almost to the end o f all the
options. There will be a line "editor = pico." Put in your favorite editor!
If you regularly use Pine to compose email, you will keep in practice by
using its editor, making it much easier to write programs.
********************************************************
Here's what your Pico screen should look like:
UW PICO(tm) 2.9 File: hackphile
[ New file ]
^G Get Help ^O WriteOut ^R Read File ^Y Prev Pg ^K Cut Text ^C Cur Pos
^X Exit ^J Justify ^W Where is ^V Next Pg ^ U UnCut Text^T To Spell
At the bottom is some fast help, a list of commonly used Pico commands.
That "^" thingy means to hold down the control key while hitting the letter
of the alphabet that follows. Besides these commands, some others that it
helps to know for Pico are:
^e moves the cursor to the end of a line
^a moves the cursor to the beginning of a line
^d deletes a character
^f moves the cursor forward (or use the -> arrow key if it wo rks)
^b moves the cursor backward (or use the <- arrow key if it works)
^p moves the cursor up (or use the up arrow key if it works)
^n moves the cursor down (or use the down arrow key if it works)
^t checks spelling
2) Write in some Unix commands. Here are some fun ones:
echo I am a programmer and one heck of a hacker!
echo Today I am going to
echo $1 $2 $3 $4 $5 $6 $7 $8 $9
3) Now exit Pico. Hold down the control key while pressing "x." Pico will
ask you if you want to save the file. Hit the "y" key to save. It will ask
you whether you want to save it with the name "hackphile." Unless your
change your mind, just hit the "enter" key and you are done.
4) Next make it executable. On most systems, you can do this by typing
"chmod 700 hackphile." On some computers the command "chmod +x hackphile"
will work. On other computers you might have to write a line in your shell
script "#!/bin/bash" (or "#!/bin/tcsh" or "#!/bin/csh" etc. depending on the
path to whatever shell you are using) to make it work. Sorry to be so
complicated on this instruction, but there are a lot of different kinds of
Unix and Unix shells out there. Groan.
******************************************************
Newbie note: That "chmod" command sets permissions. Making a file executable
is only one of the many things that magical command does. It also controls
who can execute it, who can read it, and who can write it.
Damian Bates of Rt66 Internet points out that you could set the permissions
so only you could execute that shell script by typing "chmod u+rx filename"
(u=you). If you are in a Unix "group," you could allow your group to execute
it by typing "chmod g+rx filename" (g=group) or you could give everyone else
execute permissions by typing "chmod o+rx filename" (o=other). Any of these
can be done in combination such as "chmod ug+rx filename (user and group can
read and execute but not write) or "chmod g-rwx filename"
If you hate typing all that stuff, you can use numbers as in "chmod 700,"
which gives you, and only you read, write and execute permission. To add
permission to read and execute, but not write, to everyone else, use "chmod
755." To learn more on how to use the number chmod commands, use the command
"man chmod."
*******************************************************
5) Now type in: "hackphile forge email from Santa Claus." Press "enter" and
you will see on your screen: "I am a programmer and one heck of a hacker!
Today I am going to forge email from Santa Claus."
Pretty cool, huh? What that last echo command does is find the first word
you typed after the "hackphile" command, which is held in the memory
location $1, the second word in $2, and so on. Unlike more sophisticated
programming languages, you don't need to set up those dollar sign variables
in advance -- the stuff you type on the command line after the name of the
script automatically goes into those memory locations!
Now suppose you want a script to actually forge email from Santa Claus.
Unfortunately, this is where you learn the limitations of shell scripts. You
can put in the command "telnet foobar.com 25" and be ready to forge email.
But if the next command in your shell script is "mail from:
santa@north.pole.com," it just won't happen. The problem is that you are no
longer in your Unix shell. You now are running a mail program on foobar.com,
which does not bring up the rest in your sequence of shell commands.
But help is on the way. The programming languages of Perl and C will do the
job for you much more easily than a shell script. More on these in later
Guides, I promise!
How about more fun ways to make shell scripts?
Shell Scripts on the Fly
In a rush? Do you always do things perfectly? If so, try the "cat" command
to create shell scripts.
Here's an example of a useful one. Type in:
cat > list
ls -alK|more
w|more
Then hold down the control key while hitting the letter "d." This will
automatically end the "cat" command while saving the commands "ls -alK|more"
and "w|more" in the file "list." Then make it executable with the command:
"chmod 700 list." (If chmod 700 doesn't work on your system, try the
alternative ways to make it executable in 4) above.)
Now, whenever you want to see everything you could ever want to see about
your files, followed by a list of info on whoever else is also logged into
shell accounts at the Unix box you use, just type in the command "list."
This will give you something like:
total 127
drwx-----x 8 cpm 1536 Dec 28 14:37 .
drwxr-xr-x985 root 17920 Dec 26 17:56 ..
-rw------- 1 cpm 0 Aug 27 08:07 .addressbook
-rw------- 1 cpm 2285 Aug 27 08:07 .addressbook.lu
lrwxrwxrwx 1 cpm 9 Oct 27 15:35 .bash_history -> /dev/null
-rw-r--r-- 1 cpm 1856 Oct 8 09:47 .cshrc
(snip)
3:01pm up 5 days, 6:48, 9 users, load average: 1.87, 1.30, 1.08
User tty login@ idle JCPU PCPU what
phill ttyp0 2:39pm 1 11 -csh
flattman ttyp1 2:27pm 4 4 tf
kjherman ttyp2 1:13pm 1:43 telnet ftp.fubar.com
cpm ttyp4 1:08pm 13 w
johnp ttyp5 Sat 6pm 1 1:29 7 -tcsh
kjherman ttyp6 1:15pm 1:43 telnet fubar.com
kjherman t typ8 1:16pm 1:43 /bin/csh /usr/local/bin/cmenu
momshop ttyp9 2:50pm 10 /usr/local/bin/pine
swit ttypa 9:56am 4:20 41 -csh
joy ttypc 3:00pm 2 1 -csh
***************************************************
Newbie note: What does all that stuff mean? Sorry, this is an advanced
GTMHH, so all I'm going to tell you is to give the commands "man ls" and
"man who" to find out all this stuff.
OK, OK, I'm sorry, here's a little more help. The "|" means "pipe." When you
have two commands on either side of a pipe command, this makes the output of
the command on the left hand side of the "|" pipe into the command on the
right hand side. So "w|more" tells your computer to d o the command "w" and
pipe its output to the command "more." Then "more" displays the output on
your monitor one screen at a time, waiting for you to hit the space bar
before displaying the next screen.
What does "lrwxrwxrwx 1 cpm 9 Oct 27 15:35 .bash_history ->
/dev/null" mean? "l" means it is a linked file. The first set of rwx's mean
I (the owner of the account) may read, write, and execute this file. The
second rwx means my group may also read, write and execute. The last set
means anyone in the world may read, write and execute this file. But since
it's empty, and will always stay empty, too bad, kode kiddies.
***************************************************
***************************************************
Evil genius tip: In case you saw that supposed bash history file of mine
some haxors were making phun of on some email lists, here's two ways you can
tell it was faked and they were seriously deficient in Unix knowledge.
a) See that funny notation above, "bash_history -> dev/null? My
.bash_history has been linked to dev/null (dev/null means "device null"
which is a fancy way of saying everything goes to bit heaven never to be
seen again) since Oct. 9, 1997 -- long before some sooper genius emailed
around that fake file!
Here's how you can make your bash history disappear. Simply give the
command "ln -s /dev/null ~/.bash_history."
b) If you have the bash shell, and haven't linked it yet to dev/null, get
into it and use the "talk" command to chat with someone for awhile. Then
give the command "more .bash_history." You will see that unlike that
supposed bash history file of mine, the stuff you type in during a "talk"
session does not appear in the .bash_history file. The guy who faked it
didn't know this! Either that, or he did know, and put that in to trick the
people who would read it and flame me into revealing their ignorance.
The guys who got caught by this trick tried to get out of their embarrassing
spot by claiming that a buffer overflow could make the contents of a talk
session turn up in a bash history file. Yeah, and yesterday they saw Elvis
Presley at a grocery story, too.
***************************************************
Slightly Stealthy Scripts
Now suppose you are worried about really clueless kode kiddies getting into
your shell account. Believe it or not, many people who break into computers
are almost totally ignorant of Unix. For example, at Def Con V a friend,
Daniel, conducted an informal poll. He asked dozens of attendees if they
knew the "cat" command. He found that over half the people there had never
even heard of it! Well, *you* know at least one way to use "cat" now!
Another example of haxor Unix cluelessness was a fellow who broke into my
shell account and planted a Trojan named "ls." His idea was that next time I
looked at my files using the Unix ls command, his ls would execute instead
and trash my account. But he forgot to give the command "chmod 700 ls." So
it never ran, poor baby.
******************************************************
Evil genius tip: Damian advises "NEVER put '.' (the current working
directory or cwd) in your path! If you really want "." in your path, make
sure it is the last one. Then, if a Trojan like ls is in your current
directory, the _real_ ls will be used first. Set your umask (umask is the
command that automatically set permissions on all files you create, unless
you specify otherwise) to something more secure than 022, I personally use
077. Never give group or other write access to your directory and be leery
of what others can read."
For your reading enjoyment, use the commands "man chmod" and "man umask" to
get all the gory details.
******************************************************
Here are ways to make shell scripts that the average clueless person who
breaks into a computer won't be able to run.
First, when you name your script, put a period in front of the name. For
example, call it ".secretscript". What that period does is make it a hidden
file. Some kode kiddies don't know how to look for hidden files with the
command "ls -a."
After you make your script, don't give the "chmod 700" command. Just leave
it alone. Then when you want to execute it, give the command "sh hackphile"
(substituting for "hackphile" the name of whatever script you wish to
execute). It will execute even though you never gave that chmod 700 command!
What you have done with the "sh" command is launch a temporary new Unix
shell, and then send into that shell the commands of your script.
Here's a cool example. Make this script:
cat > .lookeehere!
who|more
netstat|more
Remember to save this script by holding down the control key while hitting
the letter "d". Now try the command: ".lookeehere!" You should get back
something that looks like:
bash: ./.lookeehere!: Permission denied
That's what will stump the average kode kiddie, presuming he can even find
that script in the first place.
Now try the command "sh .lookeehere!" All of a sudden you get screen after
screen of really interesting stuff!
Your Internet Service provider may have disabled some of the commands of
this Guide. Or it may have just hidden them in directories that you can get
to if you know how to look for them. For example, if the "netstat" command
doesn't work, give the command "whereis netstat." or else "locate netstat."
If, for example, you were to find it in /usr/bin, you can make that command
work with "/usr/bin/netstat" in your script.
If neither the whereis or locate commands find it for you, if you are a
newbie, you have two choices. Either get a better shell account, or talk
your sysadmin into changing permissions on that file so you can execute it.
Many sysadmins will help you out this way -- that is, they will help if when
they check their syslog files they don't find evidence of you trying to
break into or trash computers. Neat trick: take your sysadmin to a fancy
restaurant and wait to ask him for access to EVERY Unix command until after
you have paid for his meal.
*****************************************************
Evil genius tip: Your sysadmin won't let you run your favorite Unix
commands? Don't grovel! Compile your own! Most ISPs don't mind if you keep
and use your favorite Unix stuff in your own account. Says Damian, "I tend
to keep my own binaries in ~/bin/ (My home directory slash bin) and put that
in my path. (With the directory being 700 or drwx------ of course)."
Where can you get your own? Try
*****************************************************
Now it's time to really think about what you can do with scripts. Yes, a
shell script can take a complex task such as impressing the heck out of your
friends, and make it possible for you to do by giving just one command per
cool stunt.
If you are a bit of a prankster, you could create a bunch of scripts and
use them to make your friends think you have a special, super duper
operating system. And in fact you really will, honestly, be in control of
the most special, wonderful operating system on the planet. The beauty and
power of Unix is that it is so easy to customize it to do anything and
everything! Windows no! Unix yes!
****************************************************
Evil Genius tip: Bring up the file .login in Pico. It controls lots of what
happens in your shell account. Want to edit it? You could totally screw up
your account by changing .login. But you are a hacker, so you aren't afraid,
right? Besides, if you mess up your shell account, you will force yourself
to either learn Unix real fast so you can fix it again, or else make friends
with tech support at your ISP as your try to explain why you accidentally
mapped the letter "e" to mean "erase." (I did that once. Hey, no one's
perfect!)
For example, do you have to put up with some babysitter menu every time you
log in? Do you see something that looks like "/usr/local/bin/menu" in
.login? Put a "#" in front of that command (and any other ones you want to
put to sleep) and it won't execute when you login. Then if you decide you
are sorry you turned it off, just remove the "#" and that command will work
again.
Damian adds "Of great importance to newbies and a sign of great
intelligence in advanced Unix gurus is backing up before you screw it up,
i.e., in your pico of .cshrc. Their command lines should contain: mkdir
.trash;chmod 700 .trash;cp .cshrc .trash; pico .cshrc.
"Or, make the following alias in your .cshrc after creating your
'.trash'directory: alias backup 'cp \!$ ~/.trash'
"When you next source the .cshrc, you just type 'backup filename' and it
will be copied into the .trash directory in case you need it later.
"Modify the startup script, save the changes and then telnet in a second
time to see if it works. If it doesn't, fix it or 'cp ~/.trash/.cshrc ~'. I
don't recommend you 'source' the newly modified file because if it's
screwed, so are you. It's always best to keep one session untarnished, just
in case. If it works OK on your 2nd login, then you can 'source
.cshrc;rehash;' in your first window to take advantage of the changes made."
*******************************************************
OK, now how about just cutting loose and playing with scripts? See what
wonderful things you can do with them. That's what being a hacker is all
about, right? And thanks to Damian Bates, great fan of the Bastard Operator
from Hell, for reviewing and contributing to this Guide. Check out his Web
site at Parental discretion advised:)
"There is no way you're describing our system,
she could never have gotten past our security.
But I'm going to find her and see that she's prosecuted ...
she broke the law, and she's going to pay!"
President of "Blah Blah Bank"
-->>> Does anybody ELSE see a small discrepancy here ???????
Các file đính kèm theo tài liệu này:
- Hacking into computer systems a beginners guide.pdf