*************************************************                *************************************************                **                                             **                **         Unix Use and Security From          **                **              The Ground Up                  **                **                                             **                **                   by                        **                **                                             **                **              The Prophet                    **                **                                             **                **                                             **                *************************************************                *************************************************December 5, 1986.INTRODUCTION------------        The Unix operating system is one of the most heavily used mainframe operating systems today. It runs on many different computers (Dec VAX's, AT&T's 3bx series, PDP-11's, and just about any other you can think of- including PC's), and there are many different, but pretty much similar, versions of it. These Unix clones go by many different names- here are the most common: Xenix, Ultrix, Ros, IX/370 (for the IBM 370), PCIX (for the IBM PC), and Berkely (BSD) Unix. This file will concentrate on AT&T System V Unix, probably the most heavily used version. (The next most heavily used is Berkely Unix.) This file will cover just about everything all but THE most advanced hacker will need to know about the Unix system, from the most rodent information to advanced hacking techniques. This is the second version of this file, and as I discover any errors or new tricks, I will update it. This file is, to the best of my knowledge, totally accurate, however, and the techniques in it will work just as described herein. Note, that these techniques will work on System V Unix. Not necessarily all, but most, should work on most other versions of Unix as well. Later, if this file is received well, and there is demand for another, I will release a file on yet more advanced techniques. If you wish to contact me, I can be reached several ways. First, on these boards:Shadow Spawn   219-659-1503Private Sector 201-366-4431 (As prophet, not The Prophet...some rodent stole                             my name.)Ripco          312-528-5020Stalag 13      215-657-8523Phreak Klass 2600 806-799-0016Or at this voice message system:800-556-7001Box 7023I welcome any suggestions, corrections, or feedback of any kind. And lastly, thanks for taking the time to read this:THE USUAL DISCLAIMER:---------------------        This file is for [of course] informational purposes only. <Snicker> I don't take responsibility for anything anyone does after reading this file._______________________________________________________________________________IDENTIFYING UNIX SYSTEMS AND LOGGING IN---------------------------------------        A Unix system can easily be identified by its prompts. When you first connect to a Unix system, you should receive the login prompt, which is usually "Login:" (Note, that the first character may or may not be capitalized.) On some systems, this prompt may be ";Login:" or "User:" (Again, the first letter may or may not be capitalized.) This may be preceded by a short message, (usually something like "WARNING!!! This system is for authorized users only!"), the name of the company that owns the system, or the uucp network name of the system. (The uucp facilities will be explained in detail later.) At this point, you should enter the user name and press return. (You should be in lowercase if your terminal supports it.) You should then receive the password prompt, "Password:" (And yet again, the "P" may or may not be capitalized.) At this point, you should enter your password and press return. If you have specified the correct username/password pair, you will then be admitted into the system. If you have entered a non-existant username or an incorrect password, you will receive the message "Login incorrect" and will be returned to the login prompt. There is little information given before login, and there is no way to find valid usernames from pre-login information.        There are no "default" passwords in Unix. When the system is initially set up, none of the default accounts or any of the accounts created by the system operators has a password, until the system operator or the account owner set one for the account. Often, lazy system operators and unwary users do not bother to password many (and in some cases, all) of these accounts. To log in under an account that doesn't have a password, you have only to enter the username at the login prompt.         You may encounter some occasional error messages when attempting to log in under certain accounts. Here are some of the more common messages, and their causes:        1. "Unable to change directory to /usr/whatever"-This means that the                 account's home directory, the directory which it is placed in                upon logon, does not exist. On some systems, this may prevent                you from logging under that account, and you will be returned                to the login prompt. On other systems, you will simply be                placed in the root directory. If this is the case, you will                see the message "Changing directory to '/'".        2. "No shell"-this means that the account's shell, or command                 interpreter does not exist. On some systems, the account will                not be allowed to log in, and you will be returned to the login                prompt. On other systems, the account will be admitted into the                system using a default shell, usually the Bourne shell. (The                 shell will be explained later.) If this is the case, you will                see the message "Using /bin/sh".UNIX ACCOUNTS-------------        There are two types of Unix accounts-user and superuser accounts. User accounts are the normal user accounts. These accounts have no privileges. Superuser accounts are the system operator accounts. These accounts have full privileges, and are not bound by the file and directory protections of other users. In Unix, there is no hierarchy of privileges-either an account has full privileges, or it has none.        Unix usernames are up to 14 characters long, but usually are within the range of 1-8. The usernames can contain almost any characters, including control and special characters. (The accounts will usually not contain the characters @, control-d, control-j, or control-x, as these characters have special meanings to the Unix operating system.) The Unix system comes initially configured with quite a few default accounts, some of which are superuser and some of which are only user-level accounts. Here is a list of the default accounts which usually have superuser privileges:root (Always!)makefsysmountfsysumountfsyscheckfsysThe root account is always present on the system, and always has superuser capabilities. (Note: most Unix System V systems come initially set up with a security feature that prevents superuser accounts from logging in remotely. If you attempt to log in under a superuser account remotely on a system with this feature, you will receive the message "Not on console", and will be refused admission to the operating system. This will NOT prevent you from using superuser accounts remotely-you simply have to log in under a user account and then switch over to a superuser account using the su utility, which will be described later.)Here is a list of the user-level default accounts:lpdaemontroublenuucpuucpbinrjeadmsysadmsyncThe bin account, although it is only a user account, is particularly powerful, as it has ownership of many of the system's important directories and files. Although these are the only default accounts on System V Unix, there are many other accounts which I have found to be common to many Unix systems. Here is a list of some of the accounts I have found on many Unix systems:batch           admin           user            demo            testfield           unix            guest           pub             publicstandard        games           general         student         helpgsa             tty             lpadminAlso try variations on the account names, such as rje1, rje2, user1, user2, etc. Also, try variations on people's names and initials, such as doej, doe,john, johnd, jjd, etc.        No matter what the format for the usernames, one thing is common to all systems-almost all of the usernames will begin with a lowercase letter. There is a good reason for this-when logging into the system, if the first character of the username you type in is in uppr-case, the system automatically assumes that your terminal does not support lower-case. It will then send all output to you in upper-case, with characters that are supposed to be upper-case preceded by a backslash ("\", the Unix escape character), to differentiate them from the characters which are meant to be in lower-case. Unix *always* differentiates between the cases, so it is best to stay in lower-case while on the system.        As mentioned before, there are no "default" passwords on Unix. When an account is created, it has no password, until the superuser or the account's owner sets one for it. Unix passwords are a maximum of 11 characters. The password may contain any character, and the system distinguishes between upper and lower case characters. Many Unix systems implement a special security feature under which passwords must contain at least 2 non-alphanumeric characters (similar to Compuserve's password protection). Yet another password security feature of Unix allows the superuser to set an expiration date on users' passwords.COMMAND LOGINS--------------        Many systems have accounts known as "command logins". These are accounts that log in, execute a single command, and are then logged out. These accounts rarely have passwords. Here is a list of common command logins:who     -This is a particularly useful command login. When you enter this at        the username of a system with this particular account, the system will        display a list of the users currently on the system. A good way to get        valid usernames to hack.time    -Not very useful. Just displays the time.date    -Ditto the above, but displays the current date. Great if you don't         have a calendar.sync    -This default account is sometimes set up as a command login. It merely        executes the sync command, which causes any data which is meant to be        stored to be written to disk.UNIX SPECIAL CHARACTERS-----------------------        The Unix operating system interprets certain characters in special ways. Provided here is a list of those special characters, and their meanings to the Unix operating system:Control-D       -This is the Unix end-of-file character.Control-J       -Some systems interpret this, rather than Control-M, as the                 return character, while others may use both. The vast majority,                 however, will only use Control-M.Control-Delete  -This is the Unix kill character. It will automatically end                 your current process.@               -Some systems use this as the kill character.\               -This is the Unix escape character. Its main use it to                 differentiate between upper- and lower-case characters when                 logged in on a terminal that only supports upper-case. For                 instance, if you wanted to send the command "cd /Mrs/data",                (never mind what it does right now), you would type this:                (this is how it would look on your upper-case only terminal)                CD /\MRS/DATA                The backslash before the M would let the system know that the M                 supposed to be upper-case, while the others would simply be                 interpreted as lower-case.        The characters will rarely be used in usernames and passwords because of the way they are interpreted. Note, however, that these values may usually be changed once inside the system using the stty command, which will be explained later. for instance, the end of file character could be changed to control-A if you wished.THE UNIX SHELL--------------        The Unix shell is the command interpreter program that accepts your input and carries out your commands. It is NOT the operating system itself, it is the interface between the user and the operating system. The shell is a program that is executed when you are logged in, and when you end the shell program, you are logged out of the system. There is nothing special about the shell program-it is just a regular program, like any other on the Unix system. In fact, once you are logged on, you can execute another shell just as you would execute a program. This ability, to run multiple shell levels, can be used to perform some interesting tricks that will be detailed later in this file. There is also more than one kind of shell. All the shells perform the same basic function of interpreting the user's commands, but there are a few differences. Here is a list of the different shells, their unique characteristics, and how to tell which shell you are using: