*** A List Of Some OF The Most Useful UNIX **
     *** Hacking Commands, and Some Hints On Their Usage ***
       
---------------------------------------------------------------

     It is fun and often usefull to create a file that is owned 
by someone else.  On most systems with slack security ie 99% of 
all UNIX systems, this is quite easily done.  The chown command 
will change any of your files to make someone else the owner. 
Format is as follows:

chown ownername filelist

 Where ownername is the new owner, and filelist is the list of 
files to change.  You must own the file which your are goin to 
change, unless you are a superuser....then u can change ANYTHING!
     chgrp is a similar command which will change the group 
ownership on a file.  If you are going to do both a chown and a 
chgrp on a file, then make sure you do the chgrp first!  Once the 
file is owned by someone else, you cant change nything about it!

---------------------------------------------------------------

     Sometimes just seeing who is on the system is a challenge in 
itself.  The best way is to write your own version of who in C, 
but if you can't do that then this may be of some help to you:

     who   followed by on or more of the following flags:

          -b Displays time sys as last booted.
          -H Precedes output with header.
          -l Lists lines waiting for users to logon.
          -q displays number of users logged on.
          -t displays time sys clock was last changed.
          -T displays the state field (a + indicates it is 
possible to send to terminal, a - means u cannot)
          -u Give a complete listing of those logged on.

   **who -HTu is about the best choice for the average user**

##by the way, the list of users logged on is kept in the file 
/etc/utmp.  If you want to write your own personalised version of 
who in C, you now know where to look!###

--------------------------------------------------------------- 

     When a users state field (see -T flag option for who 
command) says that a user has their message function on, this 
actually means that it is possible to get stuff onto their 
screen.
     Basically, every terminal on the system has a file 
corresponding to it.  These files can be found in the /dev 
directory.  You can to anything to these files, so long as you 
have access -eg you can read them, and write to them, but you 
will notice that they never change in size.  They are called 
character specific files, and are really the link between the 
system and the terminals.  Whatever you put in these files will 
go staright to the terminal it corresponds to.
     Unfortunately, on most systems, when the user logs in, the 
"mesg n" command is issued which turns off write access to that 
terminal, BUT- if you can start cating to that terminal before 
system issues the mesg n command, then you will continue to be 
able to get stuff up on that terminal! This has many varied uses.

     Check out the terminal, or terminal software being used.  
Often you will be able to remotely program another users 
terminal, simply by 'cating' a string to a users screen.  You 
might be able to set up a buffer, capturing all that is typed, or 
you may be able to send the terminal into a frenzy- (sometimes a 
user will walk away without realizing that they are sill 
effectively logged on, leaving you with access to their 
account!).  Some terminal types also have this great command 
called transmit screen. It transmits everything on the screen, 
just as if the user had typed it !
     So just say I wanted to log off a user, then I would send a 
clear screen command (usually ctrl l), followed by "exit" 
followed by a carriage return, followed by the transmit screen 
code.  Using ths technique you can wipe peoples directories or 
anything.  My favourite is to set open access on all their files 
and directories so I can peruse them for deletion etc at my own 
leisure).            

---------------------------------------------------------------

     If you ever briefly get access to another persons account 
eg. they leave the room to go to toilet or whatever, then simply 
type the following:

chmod 777 $HOME
chmod 777 $MAIL

     Then clear the screen so they dont see what you just typed.

     Now you can go look at their directory, and their mail, and 
you can even put mail in their mail file. (just use the same 
format as any mail that is already there!). Next time they log in 
the system will automatically inform them they have new mail!

---------------------------------------------------------------

     Another way to send fake mail to people is to use the mail 
server.  This method produces mail that is slightly different to 
normal, so anyone who uses UNIX a bit may be suspiscious when 
they receive it, but it will fool the average  user!

type telnet

the following prompt will appear:

telnet>

now type :

open localhost 25

some crap will come up about the mail server..now type:

mail from: xxxxxx     Put any name you want.

some more bullshit will come up. Now type:

rcpt to: xxxxxx  Put the name of the person to receive mail here.

now type:

data

now you can type the letter...end it with a "."
type quit to exit once you are done.

-------------------------------------------------------------

     Heres one for any experimenters out there...
It is possible to create files which simply cannot be deleted 
from the standard shell.  To do this you will have to physically 
CREATE THE FILE USING A C PROGRAM or SCRIPT FILE, and you will 
have to use a sequence of control characters which cannot be 
typed from the shell.  Try things like Ctrl-h (this is the 
code for the delete key).  Just a file with the name Ctrl-h would 
not be deleteable from the shell, unless you used wildcards. So, 
make it a nice long series of characters, so that to delete the 
file, the user has no choice but to individually copy all his 
files elsewhere, then delete everything in his directory, and 
then copy all his files back.....this is one of my 
favourites..gets em every time!
     
     The following script file is an example which will create a 
file with the name Ctrl-h.  You MUST tyoe this file in using the 
vi editor or similar.
*****If you are not very good with vi, type "man vi" and print the 
help file...it even contains stuff that I find useful now and 
then.*****

type the following in vi...

echo'' > 'a^h'

  ***NOTE...to get the ^h (this really means ctrl-h) from vi type:

Ctrl v
Ctrl h 

  The Ctrl v instrcts vi to take the next character as a ascii 
character, and not to interpret it.
     change the access on the file you just created and now 
execute it.  It will create a file which looks like it is called 
a, but try to delete it !..use wildcards if you really want to 
delete it. 

*> Title:   Tutorial on hacking through a UNIX system


** 
 
In the following file, all references made to the name Unix, may also be 
substituted to the Xenix operating system. 
 
Brief history:  Back in the early sixties, during the development of 
third generation computers at MIT, a group of programmers studying the 
potential of computers, discovered their ability of performing two or 
more tasks simultaneously.  Bell Labs, taking notice of this discovery, 
provided funds for their developmental scientists to investigate into this 
new frontier.  After about 2 years of developmental research, they produced 
an operating system they called "Unix".  
Sixties to Current:  During this time Bell Systems installed the Unix system 
to provide their computer operators with the ability to multitask so that 
they could become more productive, and efficient.  One of the systems they
put on the Unix system was called "Elmos". Through Elmos many tasks (i.e.
billing,and installation records) could be done by many people using the same 
mainframe. 
 
Note: Cosmos is accessed through the Elmos system. 
 
Current:  Today, with the development of micro computers, such multitasking 
can be achieved by a scaled down version of Unix (but just as 
powerful).  Microsoft,seeing this development, opted to develop their own 
Unix like system for the IBM line of PC/XT's.  Their result they called 
Xenix (pronounced zee-nicks).  Both Unix and Xenix can be easily installed 
on IBM PC's and offer the same function (just 2 different vendors). 
 
Note: Due to the many different versions of Unix (Berkley Unix, 
Bell System III, and System V the most popular) many commands 
following may/may not work. I have written them in System V routines. 
Unix/Xenix operating systems will be considered identical systems below. 
 
How to tell if/if not you are on a Unix system:  Unix systems are quite 
common systems across the country. Their security appears as such: 
 
Login;     (or login;) 
password: 
 
When hacking on a Unix system it is best to use lowercase because the Unix 
system commands are all done in lower- case. Login; is a 1-8 character field. It is 
usually the name (i.e. joe or fred) of the user, or initials (i.e. j.jones 
or f.wilson).  Hints for login names can be found trashing the location of 
the dial-up (use your CN/A to find where the computer is). Password: is a 1-8 character password assigned by the sysop or chosen by the user. 
   
   Common default logins 
   -------------------------- 
   login;       Password: 
   root         root,system,etc.. 
   sys          sys,system 
   daemon       daemon 
   uucp         uucp 
   tty          tty 
   test         test 
   unix         unix 
   bin          bin 
   adm          adm 
   who          who 
   learn        learn 
   uuhost       uuhost 
   nuucp        nuucp 
 
If you guess a login name and you are not asked for a password, and have 
accessed to the system, then you have what is known as a non-gifted account. 
If you guess a correct login and pass- word, then you have a user account. 
And, if you get the root p/w you have a "super-user" account. 
All Unix systems have the following installed to their system: 
root, sys, bin, daemon, uucp, adm Once you are in the system, you will 
get a prompt. Common prompts are: 
 
$ 
% 
# 
 
But can be just about anything the sysop or user wants it to be. 
 
Things to do when you are in: Some of the commands that you may want to 
try follow below: 
 
who is on  (shows who is currently logged on the system.) 
write name (name is the person you wish to chat with) 
To exit chat mode try ctrl-D. 
EOT=End of Transfer. 
ls -a      (list all files in current   directory.) 
du -a      (checks amount of memory  your files use;disk usage) 
cd\name    (name is the name of the sub-directory you choose) 
cd\        (brings your home directory  to current use) 
cat name   (name is a filename either  a program or documentation  your username has written) 
 Most Unix programs are written  in the C language or Pascal 
 since Unix is a programmers'  environment. One of the first things done on the 
system is print up or capture (in a buffer) the file containing all user names and accounts. This can be done by doing the following command: 
 
cat /etc/passwd 
 
If you are successful you will see a list of all accounts on the system.  It 
should look like this:  
root:hvnsdcf:0:0:root dir:/: joe:majdnfd:1:1:Joe Cool:/bin:/bin/joe hal::1:2:Hal Smith:/bin:/bin/hal 
 
The "root" line tells the following info : 
login name=root 
hvnsdcf   = encrypted password 
0         = user group number 
0         = user number 
root dir  = name of user 
/         = root directory 
 
In the Joe login, the last part "/bin/joe " tells us which directory 
is his home directory (joe) is. In the "hal" example the login name is 
followed by 2 colons, that means that there is no password needed to get in 
using his name. 
 
Conclusion:  I hope that this file will help other novice Unix hackers 
obtain access to the Unix/Xenix systems that they may find.



		      On the Security of UNIX

		      =-=-=-=-=-=-=-=-=-=-=-=

Recently there has been much interest in the security aspects of operating

systems and software.At issue is the ability to prevent undesired disclosure of

information, destruction of information,and harm to the functioning of the

system.This paper discusses the degree of security which can be provided under

the system and offers a number of hints on how to improve security.The first

fact to face is that UNIX was not developed with security,in any realistic

sense,in mind;this fact alone guarantees a vast number of holes.(Actually the

same statement can be made with respect to most systems.)



The area of security in which is theoretically weakest is in protecting against

crashing or at least crippling the operation of the system.The problem here is

not mainly in uncritical acceptance of bad parameters to system calls (there

may be bugs in this area, but none are known)but rather in lack of checks for

excessive consumption of resources.



Most notably, there is no limit on the amount of disk storage used, either in

total space allocated or in the number of files or directories.Here is a

particularly ghastly shell sequence guaranteed to stop the system: