More How to Explore
the Insides of Internet Computers -- from your Browser!
You are probably dying to see what's in passwd. I'm
going to be cruel and first force you to learn about group.
OK, OK, I know you can just skip ahead to passwd, but pretty
please calm down and look over group first.
Figure 11. The file /etc/group, viewed with Internet Explorer
Newbie note: What does root::0:root
mean? Root is the name of a Unix group. Each file
and directory in a Unix computer has two owners, one a user and
the other a group. One's power to use, write and read a
file or directory is dependent on under what user name you login,
and on what group you are. In this case the number zero
is the numerical identification (ID) of group root. Normally
group ID 0 is reserved for group root or group wheel. (I
prefer to set up a group wheel for the uberpowerful users on
my boxen.) On this computer there is only one user -- root --
in group root. Group sys looks like another group, adm,
is a member. However, only user names are members of groups.
In this case adm is both a user name and a group name.
The groups and user names sys, adm, uucp and so on are all used
not by people, but by programs which need rights to use other
Evil genius tip: The only user name
that looks like it is used by a human on this box is root.
This tells us that the sysadmin is careless. You should
always set up an account with lower privileges than root on any
Unix computer and do most of your work from that account. The
worst problem with having root as your only user account is that
then you are forced to login as root. This makes the root
account vulnerable to password guessing.
What else is /etc/group good for?
Let's take a look at another group file:
Figure 12: Another /etc/group
In this case we see a group named bsdi. This tells us
the operating system this computer uses is BSDI. You can
learn more about it at http://www.bsdi.com.
Evil genius tip: If you know
the operating system of a webserver computer, you can use that
information to find ways you might be able to break into it.
See http://happyhacker.org/links.shtml for searchable vulnerability databases.
More hacking with your web browser--->>