More how to get a good
shell account...
4) Running Suspicious Programs
If you run a program whose primary use is as a tool to commit
computer crime, you are likely to get kicked off your ISP. For
example, many ISPs have a monitoring system that detects the
use of the program SATAN. Run SATAN from your shell account
and you are history. (Note -- you have
to be root to install SATAN, so that tells your ISP right away
that you have been doing no-nos. But even hacker programs tha
you can install as an ordinary user can get you into trouble,
too.)
**********************************************************
Newbie note: SATAN stands for Security Administration Tool for
Analyzing Networks. It basically works by telnetting to one port
after another of the victim computer. It determines what program
(daemon) is running on each port, and figures out whether that
daemon has a vulnerability that can be used to break into that
computer. SATAN can be used by a sysadmin to figure out how to
make his or her computer safe. Or it may be just as easily used
by a computer criminal to break into someone else's computer.
(And SATAN is now out of date. Run SAINT
instead -- from your own computer, on your own network, or you
may get kicked off your ISP. SAINT comes with SuSE
Linux)
***********************************************************
5) Storing Suspicious Programs
It's nice to think that the owners of your ISP mind their own
business. But they don't. They snoop in the directories of their
users. They laugh at your email. OK, maybe they are really high-minded
and resist the temptation to snoop in your email. But chances
are high that they will snoop in your shell log files that record
every keystroke you make while in your shell account. If they
don't like what they see, next they will be prowling your program
files.
One solution to this problem is to give your evil hacker tools
innocuous names. For example, you could rename SATAN to ANGEL.
But your sysdamin may try running your programs to see what they
do. If any of your programs turn out to be commonly used to commit
computer crimes, you are history.
Wait, wait, you are saying. Why get a shell account if I can
get kicked out even for legal, innocuous hacking? After all,
SATAN is legal to use. In fact, you can learn lots of neat stuff
with SATAN. Most hacker tools, even if they are primarily used
to commit crimes, are also educational. Certainly if you want
to become a sysadmin someday you will need to learn how these
programs work.
Sigh, you may as well learn the truth. Shell accounts are
kind of like hacker training wheels. They are OK for beginner
stuff. But to become a serious hacker, you either need to find
an ISP run by hackers who will accept you and let you do all
sorts of suspicious things right under their nose. Yeah, sure.
Or you can install some form of Unix on your home computer. But
that's another Guide to (mostly) Harmless Hacking (Vol.
2 Number 2: Linux!).
If you have Unix on your home computer and use a PPP connection
to get into the Internet, your ISP is much less likely to snoop
on you. Or try making friends with your sysadmin and explaining
what you are doing. Who knows, you may end up working for your
ISP!
In the meantime, you can use your shell account to practice
just about anything Unixy that won't make your sysadmin go ballistic.
************************************************************
Would you like a shell account that runs industrial strength
Linux -- with no commands censored? Want to be able to look at
the router tables, port surf all.net, and keep SATAN in your
home directory without getting kicked out for suspicion of hacking?
Do you want to be able to telnet in on ssh (secure shell)so no
one can sniff your password? Are you willing to pay $30 per month
for unlimited access to this hacker playground? How about a seven
day free trial account? Email haxorshell@cmeinel.com for details.
************************************************************
In case you were wondering about all the input from jericho
in this Guide, yes, he was quite helpful in reviewing this and
making suggestions. Jericho is a security consultant and also
runs his own Internet host, obscure.sekurity.org. Thank you,
jericho@dimensional.com, and happy hacking!
_________________________________________________________
Want to share some kewl stuph with the Happy Hacker list? Correct
mistakes? To
send me confidential email (please, no discussions of illegal
activities) use and be sure to state in
your message that you want me to keep this confidential. If you
wish your message posted anonymously, please say so! Direct flames
to dev/null@cmeinel.com. Happy hacking!
© 1997 Carolyn P. Meinel. You may forward or post this
GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as
you leave this notice at the end.
