Hacking
Linux Basics for Hackers
1 st edition
By Alexander Aronowitz
FUCK! to all those who use their computer skills to create
casino in our community, those who destroy sites for the pleasure of
to do it.
FUCK! to those who use the internet to engage in child trafficking and who
supports pedophiles !!! We invite, as SD colleagues did, a
destroy pedophile sites with mailbombs or notify the authorities .....
Finally, we greet you and wish you a good read ...
Note :
THIS DOCUMENT CONTAINS CODE IN C - MAKE SURE NOT TO SAVE ANYONE
MODIFICATION.
If you have any other Exploits, bugs, sniffers or utilities that are not present in this one
text, please send an E-Mail to: lordkasko@freeweb.essenet.it
In this way we can keep you constantly updated on the latest versions
of this toolkit!
-------------------------------------------------- ----------------------------
Content List:
notice
Preface
Chapter I - Unix commands you absolutely must know.
1A. Basic commands
How to return to your home directory
How to easily reach a user's home directory
How to see which directory you are in
How to get a complete manual of each command
1B. Telnet
Unix file permissions
Unix groups
How to change permissions and groups
1C. Rlogin
.rhosts
How to prepare a .rhost file for login without password
1D. FTP
Connect to the site, but never outside of it.
Using prompts, hashes and bins
Using get, put, mget and mput
1E. GCC (unix compiler)
How to insert a file into a system without having to upload it
How to copy files to your home directory in an easy way
How to compile C programs
How to rename programs in C
How to load programs in the background while you are disconnecting
Check processes using ps
Chapter II - Getting started (your first account)
2A. How to crack password files
How to get hundreds of accounts with your first 'hacked account'
Because you really need a cracked password on a system
How to get the root password in an unassailable system
Using a fake SU program
Fake program documentation on
How to get the Sysadm password
How to read .bash_history
Cracker jack - a good password cracker
How to use Cracker jack
Vocabulary file
What you need to get started
Edit the vocabulary file
Hash file for use with Cracker Jack and your vocabulary file
Hash file for use with Cracker jack and your Password file
2B. Speaking with some Novellini
How to find newbies
How to get their passwords
2C. The most complicated road.
Using finger @
Where could the password be?
Get more information from finger.
A small .c file to use if you have made progress.
Write a little Perl script that does the job for you.
How to get a domain list of all domains from rs.internic.net
A Perl script to break down domains and put them in order in a list
readable
How to run the script in Perl
2D. Use mount to gain access to Unix systems
What is nfs mount
What you need to get started
How to verify that drives can be mounted on a system
A script to look for systems on which nfs mount is possible
How to mount the system
How to unmount the system
A live demonstration
Mounting the drive
See user directories
Edit the local machine password file
How to put a .rhosts file in user directories
How to rlogin into user accounts
Chapter III - How to get the Password file.
3A. PHF
What is phf
Use lynx or Netscape to access phf
Find the user id via WWW
How to see if you are rooted via phf
How to find the password file with phf
Make a backup copy of the victims' password file
Change a user's password with phf
Reset old passwords.
A .c file to send commands to phf from your shell
How to use the phf shell file
Another way to use phf - Quantum Text
BindWarez file by Quantum
A perl script that tests EVERY domain on the Internet and logs access
root and recovers the password files for you all day by staying in
background.
Documentation for the script just mentioned
Get accounts from / var /? / Messages
A script to get passwords if you have access to / var /? / Messages
3B. Novellini
3C. Get the shadow passwd files
What is a shadow passwd
Get the shadow file without the root account
A .c file to recover any file without the root account
3D. Go to / etc / hosts
why go to / etc / hosts
Chapter IV - Earning the Root Account
What to do if you are unable to gain root access on the system
4A. Bugs
Introduction
4B. Exploits
The exploit via mount / unmount
What are SUID perm's
The .c file for unmount
How to compile unomunt.c
Linux exploit via lpr
.C file for Linux exploit via lpr
The .c file for the exploit with lpr (version for BSD)
How to use lpr
Watch group owners with lpr
Use lpr for the first root, then do a SUID shell
How to get a SUID root shell for future root logins
The Exploit with splitvt
.C program for the exploit with splitvt
How to use the splitvt program for the exploit
The shell script for the root exploit with Sendmail 8.73 - 8.83
How to use the sendmail exploit to get root access
Chapter V - Make yourself invisible
Maintain access
5A. Zap2 (for wtmp / lastlog / utmp)
Finger the host before login
Log in and stay safe
How to configure Zap2
Find the location of the log file
The zap.c
5B. Other scripts
wted editor for wtmp
How to chmod the wtmp.tmp file
How to copy wtmp.tmp file to wtmp
Set the path for the wtmp file in wted
the wted.c file
Clean the lastlog with lled
Command line for lled
How to use lled
How to chmod the lastlog.tmp file
How to copy the lastlog.tmp file to lastlog
Set the path for the lastlog file in lled
The lled.c
A good perl script for editing wtmp, utmp files and controlling processes
Chapter VI - Deleting Log Files
6A. A ride in a hacked system
Let's log into the system
We are looking for the admin
Nested directories
Prepare the Root file
Becoming invisible
Grep the log directory
Snort the net
Edit the linsniffer.c file
Take a look at the running processes
Compile and call the sniffing program
Start a sniff session
Change access to files in the group
Make a suid root shell trojan to get uid = 0 gid = 0 every time
Call the Trojan
Change the date of the files
Check the sniffer log file
Empty the contents of the history files
Use unset for history files.
6B. Messages and syslog
How to find logs using /etc/syslog.conf
How to see if there are logs in hidden directories
