TUCoPS :: Unix :: General :: unixhck.txt

Unix Hacking Made Easy


                       ****> UNIX Hacking Made Easy <****
                     Brought to you by Shadow Lord (Shadow)



-Background-

     UNIX is one of the most commonly used systems.  Many small businesses and 
a few corporations run a UNIX system accessible by modem.  Most UNIX systems 
run 1200 and 2400 baud modems, but a few of the older ones still use 300.  UNIX 
is used for programming, mail, and various programs can be run from it.  UNIX 
has suprisingly low security for such a widely-used system.  Most of the 
operators leave the default passwords in, even on the accounts in which the 
user has no restrictions.  This leaves UNIX systems wide open for hacking...


-Getting On-

     I suggest using an exchange scanner (such as Code Thief or Fuckin' Hacker) 
to find numbers of UNIX systems.  When you call, make sure you are not using 
ANSI-BBS emulation, UNIX does not support it, so everything will appear as 
garbage.  Once you connect, hit return a few times and the 'login:' prompt 
should come up.  UNIX systems are case-sensitive, so make sure you're using 
lower-case.  After the account name is entered, the 'Password:' prompt will 
appear.  Passwords are not echoed to the screen.  If a correct account and 
password are given, you will be given access and some prompt, shown as a $ or # 
or some character of that sort will give you the go-ahead.  I attempts, others give you unlimited tries.  
Bad login attempts are not reported to the system operator, so you can try as 
often as you like.  

-Once You're Inside-

    To find out what's in the directory that you're in, type 'ls' (list 
files).  You can change directories much like you can in MS-DOS, use 'cd' 
(change directory) and than the name of the directory you want to go in.  The 
'ls' command does not specify what names are names of files and what names are 
names of directories, but if you try to cd into a file it will tell you that 
the directory is not valid.  Use the 'rmdir' and 'mkdir' commands to make and 
remove directories.  'rm' also removes a file.  The 'passwd' commands lets you 
change the password on the account that you're on.  To find out who else is on, 
use the 'who' command.  This will display the account name and if they are 
logged on locally or they are calling by modem (it will say tty01 or something 
to that nature).  The 'mail' command works by typing 'mail whoever' and it will 
bring up the mail facility.  Enter as much text as you like, and hit Cntrl-D to 
send the message.  The 'wall' (write all) command allows you to broadcast to 
everyone logged on at the present time.  ASCII uploads of regular or text files 
can be used for mail or broadcasts.  Try sending a very large program in a 
message to the system operator if you'd like to piss him/her off.
     The 'cat' (display file) command lets you look at the contents of any file 
(format: cat filename).  Hit Cntrl-D or escape or Cntrl-C (try them all; it 
depends on the system) to abort this process.  If you are on the root account, 
you can use the 'su' (super-user) command to become the system operator (no 
restrictions).  The su is obviously ideal.  UNIX has a very good help facility 
which will give you an additional list of commands, etc.


-Useful Information-

     In order to escape detection, go into the usr\adm directory and remove the 
file call sulog.  This is the system usage logfile, it contains the information 
on who has called (like the last callers file on a bbs).  Also, if you can get 
into the directory called etc you should display the file called passwd.  It 
contains a list of all of the accounts and their passwords.  Bad new, the 
accounts that have passwords are encrypted.  But as I said before, a lot of 
people leave accounts unpassworded or at the default passwords.  The format is:
ACCOUNT NAME:password:0:0:description of purpose:/directory
The 0:0 or whatever numbers show up are just some stuff you don't need, they 
are restrictions.  Lower numbers means higher access pretty much.  But if one 
account skips right from the account name to the numbers, than it is 
unpassworded.  

                          List Of Common UNIX Accounts


 root   super  sa  startup  shutdown  daemon  sys  bin    adm  ncrm  uucp 
 nuucp  sync   lp  admin    sysadm    unix    rje  guest  demo sysbin 
 sysadmin  PCpath  asg  standard  suggest  dosadm  pcuser  ackmail 
 altos  informix  r00t  css  backup  gpcnet  nobody  ingress  sysdiag 
 convert  async  ingres  cron  asg  sysinfo  network  dos  filepro  gpc

Also try first names (all in lower case), and the name of the company (if you 
know it).  I have seen all of the above accounts on UNIX systems.  root, sa, 
super, adm, sysadm, and sysadmin are all high-level accounts.  Some of the 
accounts are unpassworded, others simply use the account name as the password 
(what security!).  The general rule is that after you enter account name at the 
login: prompt, if the password prompt appears very quickly then the account you 
have entered is not valid.  If it takes a few seconds, then you've probably hit 
a valid account.


-Close-


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH