TUCoPS :: General Information :: lazyadmn.txt

Lazy Admins and Free Accounts

   88  lazy admins and free accounts                                    8888

   okay.. ever wonder how many users that isp has?  and what are their names?
   if the isp is running netscape enterprise server you may be in luck..
   heres the deal.. in trying to keep a server secure the isp or server admin
   will limit access to certain directories.. one of which contains the
   passwd file. now if the admin is in a hurry and he just takes the default
   settings then this will work. and just so you know
   usually these are shadowed so dont think you hit the big
   one if you get the passwd but it will usually have a list of all the
   users real names.. home directories .. and user names.. pick your
   target.. scan that bastard.. ( yaps, haktek, 7th sphere port scan ) look
   for anything with the server name.. hopefully youll see an enterprise
   somewhere.. if not hey try it anyway you never know.. obtain an account
   use your brain.. one account how hard can it be?  open up your favorite
   browser.. ( i did it with i e 3.02 ) and type this..


   with any luck youll be at the root directory on the server.. now dont
   get cocky.. all you can do is read.. but take a good look around youll
   find the log files.. which will be around 20 or 30 megs but hey if your
   pretty nosy download them.. maybe youll find some new friends.. the
   passwd file will be in the etc directory.. and since this will be logged
   i strongly reccomend using an account that cannot be traced back to you
   in any way.. and as long as the isp is damn busy then just dial-in
   anonymously.. too many users and calls for them to track that shit
   down they dont have the time or the resources.. besides its not like
   your transferring 3million into a swiss bank account. and if you have
   a laptop i reccomend visiting the phonelines of your favorite local
   restaurant after hours.. lets see those bastards track that down..
   the passwd file is gonna look somthing like this..

   dhegstad:x:2930:20:don hegstad:/usr/home/dhegstad:/dev/null

   first word is the user name.. x is the shadowed password.. ignore the
   next few numbers .. then the users real name.. and thier home directory.
   use your imagination from there.. good luck and just coincidentally
   if you have a little extra time on your hands edit the passwd file
   changing the users names to email address user@victim.com and you now
   have a list to mail every user on the system with faked mail saying
   your the admin.. really good for wreaking havoc.. like mail everyone
   saying that the isp is going to be down for a week.. instant chaos..
   or hey send everybody your favorite trojan.. or if you really want to
   get those bitches riled up send a java bomb (open up shitloads of
   browsers) so many ideas so little time.. alright im outta here..
   good luck and remember .. a good isp is an isp worth fucking with..
   have a suckass day and thank you for flying trans continental blizzard.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH