A Basic UNIX Overview Asriel UNIX FOR DOS ADDICTED WaReZ PuPPieZ AND THEIR PETS Introduction -----------One

of the most common operating systems in existance is Unix. Unix exists in many different flavors, from Berkeley BSD to AT&T System V to SunOs. Basic working knowledge of Unix is almost essential to a hacker, as it is the system a hacker is most likely to come across. If you intend to use the internet at all, or to do any serious exploration of Telenet, the ability to navigate through Unix is a necessity. (Unix is also the single most interesting system in existance: it's just fun to fuck with). Unix Logins ----------Most Unix logins look essentially the same. A general Unix login prompt looks something like this: connected to five.finger.com login: That first line is the system identifier. Although it's not at all essential to what you are doing, it's good to know what system you are attempting to log on to. The second line is what typically identifies the system you are on as Unix. Almost all Unix systems greet a user with the same prompt: login:. Well, there's not much to do in Unix from the outside, and Unix systems are typically fairly secure at this point. You may be able to obtain a list of users, or current users, by logging in as 'who', but other than that there are few functions available here. Unless you are on the internet, or have accounts specifically for the specific machine you are on, the only way on to the system is to try the default passwords. What are the default passwords? Unix systems come installed with certain passwords automatically. In addition, some accounts must exist on a system. One such account is 'root'. This user is the divine Kami of the Unix system... in short, an all access pass. Unfortunately, few systems allow root logins remotely, and even fewer leave 'root' unpassworded. Nevertheless, it's always worth a shot... try this: connected to ren.stimpy.net login: root password: root invalid login login: well, nice try anyways... other possible passwords for root include 'sysadmin', 'sys', 'admin'... you get the idea. You may also want to

. or it may be set to a suitable alternate (such as delete). hopefully... you should have this set to ^c. The 'intr' paramter tells the Unix system what you intend to use as a break character.. there is more than one default password in a unix system. In this case. At times. you'll likely by asked for a terminal. it's actually quite simple. The first thing you *need* to do on the system is establish your tty paramters.. you may want to try adding a space before root. Getting Around -------------- . this may already be set when you log in. it's also pretty meaningless to you. In this case. so hit enter. vt100 serves your purposes sufficently. at this point... This is done in order to hinder guessing. without effort from the system administrators. or even an ascii 255 to the end. appropriately enough. and it's typically the default. meaning the password 'root' could be 'root1' or 'root2'.. Most of the time the system will tell you when you log on if this is so. Now. The command to set these parameters is 'stty'. you have a prompt.. Just don't panic when my examples don't look exactly like what you've got on your screen. idiot) to them. Another extremely important parameter is 'intr'. The tty erase parameters determines which key is to be used as a backspace. some of which are just a single character. Watch: squinkyB ] stty erase ^h squinkyB ] There. backspace... Fortunately. that wasn't so bad. as painful as that may sound. unless you have the ascii table memorized and are pretty good at on-the-spot deduction. and to stop password breakers (more on this later).. First off..try these passwords with a single digit appended (added. a quick list: sys bin daemon rje setup uucp nuucp mountfsys sys bin daemon rje setup uucp/nuucp/anonymous uucp/nuucp/anonymous mountfsys In the System ------------Ok. An interesting tip about passwords in general.. the inside of the system is not. some of which contain current directory information. you need to tell the system what keys are going to do what.. we've entered ^h in order to make the backspace key. I'm going to assume you've gotten past the login. was it? Well. Although Unix may be secure from the outside. There are many different types of unix prompts. many people that use passwords under 8 characters tend to add a digit or a non-alphanumeric character to the password.. As eldritch and arcane sounding as this term may seem.

ю cd /*pathname* will take you to *pathname* ю cd home will take you to your home directory. A quick example: 1 /usr1/astoria ] cd . and once again. An important note about Unix directories. Simply put. you can have vast filenames. The command line for cp is identical to that of COPY. Files are laid out in directories just as in DOS. Good to know if you plan to do a lot of file transfers. cp is the basic Unix equivalent of the DOS COPY command. Stupid pet trick: You can use your cat to copy files. To copy a file from here to there using cat. Type "pg x filename". or 'cd'. You can make and delete your own directories with the mkdir/rmdir commands.A good thing to remember about Unix is that it's alot like DOS. Quick notes: ю cd / will take you to root. mkdir makes a subdirectory off of the current directory. In order to change directories. for simple file displaying. the only immediate difference in the directory structures is that Unix uses a forward slash ("/". Some other important commands ----------------------------First and foremost. where x is a number of lines to display before pausing and filename is the file you wish to display. as well as most other Unix ideas. you should know cp. Thus. moron!) instead of a backwards one. Also.. Thus. files.. Next on the scale of cosmic import is cat. simply by using the directional operators. Variations on the theme: pg: displayes a file page by page. That simple. such as "this_file_ate_my_biscuit". simply type: % cat here this is the file here % cat there . the command line is identical. more: displays a file screen by screen. in fact. 2 /usr ] Wala. Another nice thing to know about Unix: Unix files are not subject to the normal DOS 8 character limit.. the files ю ю ю ю Spleen spleen SPLEEN SpLeEn are all different. the basic Unix directory navigation command is identical to DOS. cat is the Unix equivalent of the DOS TYPE command. and rmdir removes a subdirectory from the current subdirectory. This rule applies to directories and command line paramters. and concepts: Unix is a case-sensitive operating system. you use the command 'chdir'.

then. Unix = case sensitive. much the same as DIR /W would merit a double column report of all existing files. In fact. foremost is l. *presto*. neat list of files in the directory.0 <gasp>. quick tip for files on the lam: if you want to rename a file (to protect the innocent).. instant transmogrification. and valuable information about each file. ls -l gets you a list of files.. in the same way DEL would on a DOS system. mv will move a file from directory to directory. If you <god forbid> need to know who you are at this point. For those of you without DOS 6. rm deletes a file from the system. simply type in 'man command'. A quick demo: # ls myfile # cat myfile this is my file # mv myfile my_other_file # ls my_other_file # cat my_other_file this is my file Another vastly important command is 'man'. DIR on controlled substances: There are a few command line parameters that you should know.this is the file there % cat here > there % cat there this is the file here The operator ">" simply takes the output from the cat command and places is in the location specified after it. If you want to change your identity on the system. It'll ask you for the account password. it calls up the system's help files. Not to much else to say. Another good command to know. ls is DOS DIR on heroin.. A Caveat for smart alec hackers: Unix typically logs usage of the su command. including permissions (more on that later). where command is a Unix command you seek to gain enlightenment regarding. type 'who'. type 'su name' where name is an account on the system. Simply type ls and you get a nice. type 'whoami'... and linked files.. A quick reminder: ls -C is NOT the same as ls -c. mv simply copies a file to another directory and deletes the original. While su may seem like a great opportunity to try to hack out passwords manually without worrying about the system hanging up after 3 attempts. as it may alert the administrators to . To use man. Another vital command to know is 'rm'. It's a great way to gain an understanding of Unix commandline parameters. If you are interested in seeing who's been on of late. You get a quick list of users that have accessed the system lately. you need to mv a file to a different file name. ls -C gets you a list of files in multiple columns. it's typically not a good idea to do this. or just want a few names to try to hack. size. Critical in your navigation of a Unix system is the ls command. man is probably one of the most important commands extant for a beginning user. Another useful command for long file lists is C.

. eh? Uh-uh. What is in the passwd file? ю ю ю ю ю a a a a a list list list list list of of of of of all accounts on the system the passwords for these accounts access levels for these accounts the home directories for these accounts information pertaining to these accounts. If your account is active. Seems innocous enough.. draconian system administrators mutilate . Although you can get a list of accounts without passwords this way (just look for accounts with no entry in the password field). System Spelunking ----------------The first place you want to check out in the wild uncharted directory tree of your friendly neighborhood Unix system is the "/etc" directory. You can't decrypt them. Sucks. First off. Be content to know that your standard everyday run-of-the-mill-lacking-in-certified-cosmic-power 'cat' command WILL display this file. DONT-FUCK-WITH-IT. you can't get much else. if you need to copy the file to your own directory (for whatever reason). In addition.. As will pg and more. the user is more likely than not going to know if you read his mail. type in your message and end it with a ^d on it's own line). <ominous soundtrack please> Some horrible.your presence. What's in it? The single most intensely important file on the system (besides a world writable root owned SUID file. they are encrypted. there is no better way to lose the account than to change the password. the passwd file.. Why the hell the Unix designers decided this file should be world readable is beyond me. you could simply mail the sysadmin and tell him you are trying to hack his grandmother's life support machine through your account). However. don't it? Notice I said 'if' the passwords are there. only to have the legitimate user alert the sysadmins when he/she can't gain access to his/her normal account (well. because most users don't have write permissions (more on that later) to the /etc directory. and a list of accounts that can't be logged onto remotely/at all (NO LOGIN). the response from your message will likewise alert the user to your presence.. However. if you send mail out of the system (type 'mail'. regardless of system security. and a username/address. I've seen this single. The catch: Well. there are two catches here. 'cat' is pretty much the only applicable command here. paranoid. quick command turn a extremely lax system into an ironclad security compound in less than a day. *Numero Dos on that same list: The 'mail' command reads and sends mail. and there's a very strong chance that it either is or will be. there are better ways. unless your account is stable (and it isn't unless you either paid for it or killed the original owner in such a way that his body cannot claw it's way out of it's grave to it's keyboard). if the passwords are in the file. just cat it there with the directional operator (>).. So what? Well. *Numero Uno on the list of commands NEVER to use on a Unix system: The 'passwd' command changes your password on a Unix system. but don't worry about that).

so to speak) and CrackerJack (faster than Killer Cracker). although this takes longer. and execute. mocking you as you pull your hair out in frustration (sorry.. Well. So what's the use? The Unix method of encrypting files is available to the public. irreversable. the owner of the file can Read the file. as long as the letter is there. it only compares it to a different encrypted string. There are programs that have been written to do the same thing on a personal computer.. in fact. Essentially. you can typically get 10 more accounts just by adding a 1 to every entry. and can eXecute . If the letter is not there. Essentially. you can usually get 10-20 accounts. it is.. icy X staring at you from the bowels of Unix Shell Siberia.. CANNOT Write to the file.their passwd files in such a way that (*gasp*) the passwords don't show up. By running a dictionary through a passwd file. what good are they? By themselves. Permissions are a standard system of who gets access to a specific function of that file or directory.. Even the unix system itself doesn't decrypt the password when you log on. A account with a Unix encrypted password will get you no further than an account with no listed password at all. you need only grab a program that processes the dictionary file to add that digit to each entry in the dictionary. and matches it to the entry in the passwd file. Write to the file.. An example: rwxr-x--x In this case. While this may not sound too particularly useful at first. The kidnapped passwords reside in the shadow file in the /etc directory. In order to get around this. but this is a sore spot with me).. grouped as follows: owner group world -------------------rwx rwx rwx (Not drawn to scale... you'll see a dash. nothing. You can't even deduce the amount of characters in the password if it's encrypted. the Unix system never decrypts the password. and you'll need to do it multiple times. on a typical system. the Unix system takes whatever you enter at the password prompt. When you log on. Standard permissions include read. meaning you don't have access to that function. encrypts it. it doesn't look anything like that). It is also. this means you can encrypt a string of characters. Good personal computer examples of this program idea include Killer Cracker (the industry standard.. Files and directories in Unix are characterized further by their permissions. You can get a list of permissions by typing 'ls -l'. to most mortals.. if the passwords are encrypted. Thus. available with your standard everyday run-of-the-mill-but-distinct-in-the-factthat-only-root-level-accounts-can-use-it-to-this-extent 'cat' command. you supply it a list of passwords and a list of words to attempt to use as passwords (called dictionaries). members of his group (a bunch of linked accounts) can Read the file.. All you get is one cold. you have access to that facet of the file. write. The first field in the listing contains the permissions. and eXecute the file. but not decrypt it. and it spends the night encrypting dictionaries and matching them to password entries. Quick tips for CrackerJunkies with leech access at an H/P BBS: A standard dictionary will not uncover passwords protected with an appended digit or non-alphanumeric character.

rwx---rwx is a WORLD-READABLE. You now have an instant gateway to the account of the owner of that file. I'm going to ignore the rest of the output of the ls command. copy it to your own directory and cat /bin/sh into it.. More likely than not.. anyone can execute the file. WORLD-EXECUTABLE file. write.diablo #cat /bin/sh > diablo #diablo $ Oh. #ls -l rwsrwxrwx. the $ prompt denotes root access. and a world writable program can be any program on the system you have read access to... and the rest of the user population CANNOT Read or Write to the file. just so you know. Good deal... However. if you have right privs to an SUID file. say. huh? In general. /bin/sh. your user ID becomes that of the owner of the file. just 'man find'.. In essence. Another permission sometimes set to a file is the SUID bit. 'diablo' is a root owned. the Unix shell.. but when you do. become the owner of the file for the duration of the time that file is operating. If you want to find files that you can do this with. and in doing so... . it's calculating how many pencils it needs to order for school tomorrow or some other such drivel. An SUID file contains a smallcase s in the user executable section of the permissions list..the file. Like. look out. If you want more info on the 'find' command. .. this doesn't get you much. Quick command line example. This simply means that anyone can read. or execute the file. world writable SUID file.. rws--x--x When you execute an SUID file. The real power of the SUID file comes into play in this situation: rwsrwxrwx You won't see a lot of these. by now you should know that no really important super elite hacker concept does. try this out: #find / -user root -perm -4000 -exec /bin/ls -al {} ". because you typically can't do anything while the programis running. WORLD-WRITABLE. but CAN eXecute the file. Take a look at this: rwsr-x--x Synopsis? It's a world executable SUID file. What you have here is a world writable SUID file. While this may not look to important at first." This will give you a list of all root owned SUID files..

Inc. . But if the spirit moves you.. PTA. S00P3R GR00P-3SQU3 GR33TZ / +HANX Greets go out to Nowhere Man. THG.. or call any of the members voice and dictate it to them. ________________________ your ad here Current DWE Akshul M3mbre Boards: Nitro Burnin' Funny Cars The Prodigal Sun <ASRIEL> Dark Waters PyroTechnics II DWE M3/\/\B3R LiST President and Dictator for Life: Xanax Head Courier/Warez Cracker: Asriel Head Fisherman/Trout Expert: Changeling Head Person That Gets Asriel Free CDs: Monk Head Person That Gets DWE Members Free WaReZ: Pyro Head Person That Knows More Than Asriel (Honorary Title): LVX Head Person That Actually Wrote for DWE without Coercion: Cosmos Head Know-It-All Stoner that runs 386bsd: Goldstein Want to write for DWE? Neither do we. WHQ/DWEnet HOST CHQ/MECCA HQ/Infosite Infosite (312)582-1115 (312)238-3585 (312)667-0222 (708)991-9403 <XANAX> <MONK> <PYRO> . and post it somewhere in DWEnet or at any of the member boards.. SOB Thanks to. INC. write up an article about anything we haven't discussed already. . W H A T F O L L O W S M U S T N O T B E D E L E T E D -------------------------------------------------------------------------(c) 2003 Hackers-Network Asriel(tm) appears courtesy of Hasbro. I'm overdo for an appointment on the IRC in #warez. SoD. or tack it on a bulletin board in the Third Coast Cafe in Century Mall. so I'll cut off here. Please feel free to save an extra 1k of file space and invoke the DOS EDIT CUT command at the dotted line. SaD. and chances are it'll be released as a s00per c00l DWE article. UNT. I hope I've been of assistance to you. --------------------------------------------------------------------------A C T U A L A R T I C L E E N D S H E R E .Well. or submit it to them school newspaper of any of the members.. Do not remove the rest of this article on penalty of law.

Sign up to vote on this title
UsefulNot useful