What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Shell Programming: an Exploit Explained, continued...


        What else can we do that is fun?

        You can do a thorough exploration of everything that you are allowed to access from your account with just four commands: "pwd", "cd", "ls" and "cat".  Sound too good to be true?  I'll prove to you it's really this easy, now!

        Special bonus: if you just got root with that shell script above, you now can totally explore your victim computer!



        How about a nerdy Unix way to read your incoming email?  (If you are root you can read everyone's email this way.  In the US, your ISP has the legal right to read your email -- another reason to be friends, and not enemies, of the tech support staff!) This is a real blast from the past, an example of what life was like before email, when us old folks used to have to send each other messages by simply transferring files.

        First, let's find out where we are right now.  For that you use the "pwd" command.  Your results may vary with this command, but if you give this command right after logging in you will see your user name as part of the current directory.

        Now it's time to start moving around.  Let's try out these commands to get into the email directory.  On most Unix systems you can do this with the command:

->cd /var/spool/mail

        If that doesn't work, try:

->cd /var/mail


        Now -- can you resist?  Since you are in /var/spool/mail, with the command "ls" you can find out the user names of everyone who gets email here.  If you really wish to snoop, give the command ls -alF (or on some systems "ls -alK") and you can even find out if anyone has world-readable email.  


Newbie note: How do you figure out if someone's email is world readable? "ls -alF /var/spool/mail/myusername" (substituting your user name for "myusername") will give something that looks like this:

-rw-------  1 cpm   31217 May  3 16:14 /var/spool/mail/cpm

        That's my mail.  But if you see something like this:

-rw----r--  1 cpm   31217 May  3 16:14 /var/spool/mail/cpm

        That means anyone can read it.  And if you see this:

-rw----rw-  1 cpm   31217 May  3 16:14 /var/spool/mail/cpm

        That means anyone could alter my incoming email!


        Here's an obnoxious trick.  If someone were to put the wrong stuff in someone's mail spool, it would disable their email reading programs so they couldn't get their email until it got fixed.  For example, my email programs can be disabled by bringing the file /var/spool/mail/cpm up in an editor program, putting the words "This is a test" at the top of the file, and saving it.


        If your mail spool should get messed up someday so that your email program can't read it, you can straighten it out easily.  Just give the command "pico /var/spool/mail/myusername" (or whatever the path turns out to be for your mail spool).  Then use the editor to first read and save any email you want, then delete everything in that file!  Leave it empty!  That will get rid of whatever the messed up stuff was.

        If you can handle a problem like this by yourself, tech support will be thankful that you don't call them crying about every little thing.

        So let's suppose you use the "ls -alF" (or "ls -alK") command on the entire mail spool at your ISP.  If you do find that someone's email can be read by anyone in the world, you need to make a decision.  Do you want to make friends and increase the likelihood that you will be able to get a great job someday at your ISP?  Then don't snoop!  You can win points with tech support if you point out the problem politely. 

Make friends way: Email tech support with the message, "I was checking file permissions on my email and noticed that user name JoeBlow has world-readable mail." 

Make enemies and get kicked off your ISP way: Email the victim user with the message "You are owned!!! Muhahaha!!!"

More shell programming --->>

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group


Return to the index of Guides to (mostly) Harmless Hacking!

 © 2013 Happy Hacker All rights reserved.