Better living... through (mostly)
Jan. 4, 2000
See the Happy Hacker web site at http://www.happyhacker.org
*** Editor's Comments
Hi again. Sorry this digest was a little late... I've been
with finals. I'm afraid I don't have time to write the Perl 101
week, but I promise, it will be back next week. A reader was
kind enough to
point out a mistake I'd made-- I will correct that. Oh, how could
Welcome to our windows editor... great to have both digests back!
*** Readers' Submissions
enigma 3 <firstname.lastname@example.org> wrote:
in response to Edwin...
The 1024 cylinder problem is for lilo not for Linux. Lilo cannot
data past the 1024th cylinder. So I guess what your question
is how do I
make the lilo boot partition under the 1024th cylinder.
Oh by the way, I use SuSE 6.2 and I am referencing from the wonderful
reference manual that it comes with.
create the Linux partition first and install lilo in that partition,
make sure that partition is under the 1024 limit.
A more advanced and efficient way to help this is to make one
partition, the root partition, first and make it a few hundred
make another partition and assign it to /usr, give /usr a lot,
of stuff is put there, if you program or need quick access to
and log files assign some space to /var, and if you have a network,
/home. and remember when you want to find something you have
to specify what
partition you want to search in ex:
find / -name something would find in /
find /var -name something would find in the /var partition
Could you make a practical c++ section, because I am trying
to find books on
c++, I already know the basics from the typical learn c++ in
x amount of
days and a few others, but what I want to learn is how do I make
a dial up
program, or a directory listing, just a book of examples, the
I found was Linux multimedia guide, which has a lot of examples
about how to
access various multimedia devices, which I could then build upon
and do my
own stuff. And I haven't yet looked at the pearl corner, which
I know is the
quick programming language for c++ people, so should I learn
pearl. I have
the SuSE disks, would the source code for like wvdial be on there?
anyway, any help/advice would be appreciated
[Editor: Thanks for the LILO write-up. As far as C++ goes,
I could try,
although I'm not sure if this is the best place to get into long
detailed source code... I think a dial up program might be a
long for this newsletter. I haven't looked lately-- is there
a C++ analog to
the "Perl Cookbook" or a similar title? I'd suggest
you try examining some
source code, to see what you can get from that. On the topic,
I'd like to
recommend an excellent book for C programmers who want to learn
C++: "On to
C++" by P. H. Winston from MIT. It's short, concise, with
information. It teaches C++ to serious programmers and hackers
(not the "For
Dummies" crowd) very well. I used it, and it's a great book.
(And it was
actually written, by the author, in TeX, which is pretty cool).
As far as
source code goes-- I don't use SuSE (when I can get my hands
on another 486
or so I plan to install it (anyone in NYC have one they want
but I'd imagine the source should be on one of the CD's. If not,
always d/l it.]
Chris freeman <email@example.com> sent in:
regarding this question
>Coming to the topic, I want to know about the passwords
in Cisco and
>Digital Unix. I got a Cisco router config file, from which
I could get some
info about the >router and all. I found a line like "enable
234E2123". Is this the password for >the router ? If
not, else what ? I
think it is encrypted too... How do I decrypt it.
would need to see the full configuration file to know, but
enable password dragon
would set the password to dragon. looking at the config would
password in plain text. This password can be encrypted with
service password encryption
which will show the password in encrypted form in the config.
this is a
weak encryption, however.
using the line
enable secret cattleprod
would set the password to cattleprod encrypt it using a strong
this will override our previously entered enable password dragon,
if we had
both lines in the same file. Obvious question, why not just always
enable secret. fine in most cases, but how about if your OS version
Flash becomes corrupt, and your router reboots using an older
version of the
Cisco operating system from ROM, which doesn't support the strong
(strong encryption uses 'MD5' encryption algorithm memory, but
me on that). If you didn't also have an 'enable password ....'
line in your
config to fall back on, you would be stuffed -- locked out of
therefore best option
enable password pass1
service password encryption
enable secret pass2
provided everything goes fine pass one will never need to
now you will get into your router with pass2, but if your OS
on flash or
tftp or whatever becomes corrupt, and an older version of OS
loads from ROM
which doesn't support enable secret command, you can get into
with pass one. Pass1 and pass2 should be different, for obvious
the best site for router info. www.cisco.com is a good site.
I'm doing a
CCNA, which is a good option to learn if you don't have access
to a router
to practice on, which most of us don't.
oh ps, as far as decrypting weakly encrypted password, easy
to find on net.
use a search engine....
[Editor: Ok, I'll take your word on that. Thanks!]
Thanks for including my question in the mailing list....
I found myself some answers to my question. Cisco passwds
can be decrypted
(even from the web!), there are lot of utils for that. Even I
website, which would crack you the passwd (not manually, but
I don't remember the link... some co.uk).
Reg DGUX passwd file, the passwords which are shadowed could
decrypted in most other OS'es
*I have worked*. But in DGUX, I found it difficult, coz the shadowed
file were nowhere to be found. But I knew of a util for v4.x
(dushad.c), which can actually create a shadow file, which could
with john and all.. But the author of the program says that it
is for v4.x.
These doubts were asked in order to my systems secure, because
whether my server was being hacked and the passwd were being
changed. So wanted to try cracking the passwd file myself and
to make it
With Best Regardz,
[Editor: For those who don't pay attention to email addr's,
this was the
original poster. And you don't have to justify yourself to me...
you do sound a little bit defensive :) ]
Brian 'Astrolox' Wojtczak <firstname.lastname@example.org> wrote:
Normally I do not post to lists, just read them but I would
like to make
some comments to the list about the following digest.
>Maurice E Johnson (email@example.com) wrote:
>For running windows and Linux together on the same machine,
>read, read. Running the two together is a good thing. For
one , my Linux side
>has saved my windows side more than...you get the idea. Time
>Install windows first then install Linux. If you want to
run NT and Linux
>you will have to use the NT boot loader since NT will own
You do not ** have ** to use the NT boot loader. It is very
easy to set up
LILO to pop up before the NT boot loader does, that is it will
there but you don't have to go through it to Linux. The reason
this is because LILO gives you more options than the NT boot
It's easy enough to figure out how to do it and there are
tutorials so I wont go in to it. However be careful if you are
load Windows 95, NT and Linux on the same machine. I did this
and ended up
with LILO giving me the option of Linux or Windows and then the
loader giving me the option of NT or 95. It worked but wasn't
wanted. The LILO Man page gives enough information on how to
set it up
>Alex Harrington (firstname.lastname@example.org) explained:
>:Eric (email@example.com) desires to know:
>:Hello, I have been having some trouble with the Apache web
:running on Linux Mandrake 6.0. I can't seem to make it an intranet
:server, it always broadcasts to the whole web. I know Apache
:access.conf file that supposedly allows you to change who can
but I haven't gotten it to work yet. Any advice?
>:[Editor: Are you asking how to only have apache respond
>:from certain machines/certain subnets? I'm not sure offhand
as to the
>:exact syntax of the conf files for apache, and my Linux
box is having
>:some problems today, so I'll leave this one open ended.
>:editors... here's a chance...]
>Here are some thoughts - not necessarily solutions to the
>The access.conf file was obsoleted with the release of Apache
>by default is distributed empty. You should be able to make
the changes you
>need in the main httpd.conf file. If you do decide to use
>file, be sure to enable parsing of that file in httpd.conf.
>To make apache only listen to 192.168.1.* , the following
may work - I did
>The * is the unknown. From Apache Docs:
>BindAddress - Makes server listen to just the specified address.
>argument is *, the server listens to all addresses. Maybe
you could try
>the allow from directive for / (root of the webserver) and
>to your home domain.
>How about setting up a Virtual Server to be the Intranet
Server and then
>deny access to the standard server from all?
>Hope this may be of some use
This is actually incorrect.
BindAddress is a directive for where to server is. That is
winsock connection there is a listening server and a connecting
This directive is only good for computers which have more than
address and you want all incoming Apache traffic to go through
>z (firstname.lastname@example.org) asks:
>Hi man, thanks for the time and effort you're putting in
>Is there a way to impose CPU quotas on users, using Linux
>[Editor: I hear there are several ways to accomplish this,
>haven't tried any of them out. It seemed from my last Internet
>it's a feature in Linux, at least, that everyone want's,
but no one's coded
>yet. Reportedly, you can set a default value for nice,
which will give
>luser's programs a lower priority. I hear you can also set
>but I don't know how. Supposedly on the BSD's (FreeBSD in
>an easier task.]
I have seen this on FreeBSD, however I have never heard of
it for Linux.
>Adam Nolan (email@example.com) writes:
>I've been using windows all my life and I've been reading
the guides to
>mostly harmless hacking . You said in one of the articles
that you can get
>Linux with as little as 20 megs . Is that with an X-window
. Where could I
>find it , I've looked all over the net and they're all upwards
of 300 megs .
>I Just don't have that much room on my computer . Also can
you tell me
>where I can get some good guides on Installing Linux . What's
>difference between Linux and Unix ...
>Thanks a lot for you time .
>[Editor: I'll answer your questions in reverse order. Linux
is a GPL
>(limited free) kernel that works like Unix. So it's a type
of Unix. There
>are several different distributions of Linux, each that packages
>software differently. Next week I'll write about some of
them. The 300 meg
>is probably for a realistic set of tools, you don't need
to install it
>all. However, to run X, you will need 300 (realistically...
>probably run X on 100 meg, just without any programs :) ).
For guides to
>installing Linux... most distro's come with very good documentation,
>particular, red hat. The 20 meg figure is for the bare bones
>wouldn't be a lot of fun to play with.]
There is a version of Linux called Mini Linux, a friend sent
me a copy in a
zip file. The idea of it is that you unzip the file in to a directory
your dos computer and then run the batch file ( which calls loadlin
uses a UMSDOS file system ( alpha version ), has a few programs
and has an
X terminal that is pre-configured to work on most computers.
thing about it is it's under 10 mb.
>Joe Capka (firstname.lastname@example.org) emailed:
>I have a question someone on the mailing list might be able
to answer. I
>have a Logitech "mouseman wheel" mouse, and I got
the wheel to work in some
>applications, but it doesn't work in Netscape. I can't use
it to scroll
>I've looked on the web but found very little on how to set
up this mouse
>in Linux, except a page in French which I'm not that good
>If anyone uses this mouse's wheel to scroll in Netscape,
I would like to
ask them a few things.
>[Editor: I still haven't bought one... don't know. I know
how to set up
GPM to use a wheel, but as for X...?]
There is a web page at altavista ( is that spelt right?) the
which allows to you automatically translate French to English
pages on the
fly - if that is any help?
-- Astrolox, Brian Wojtczak. http://i.am/astrolox/
[Editor: Whoa... I think you might've written more than me
this issue. Just
two comments: a. Based on this last post, we'd welcome more input
and b., thanks for pointing out altavista... I'd forgotten about
Having used it, I can say it works pretty well, assuming it's
given an input
that conforms to standard grammatical rules. On slang and dialects,
chokes, but for a well written page, the result is usually quite
Ed Padin <email@example.com> wrote (to the AntiOnline
In response to the article entry below I offer the following
This is the best article I've ever read about securing Cisco
the geniuses at Phrack:
In the article are the following links that show what you're
Apparently, it's trivial. There's a simple shell script to do
it and the
author claims you can do the necessary steps on a napkin.
 Decoding type 7 passwords
 Password Recovery Techniques
BTW: The writer sounds like some kid trying to break into
[Editor: I haven't had a chance to read Phrack 55 yet. For
with Phrack, it's a pretty technical 'zine about hacking, phreaking,
general "trouble-making". Their info is very accurate
(except for a few
deliberate errors, but those were intentional), written to a
less-then-licit tone. But beggars can't be choosers.]
Matthew <firstname.lastname@example.org> writes:
Hi, firstly I'd like to say thanks - the guide to happy hacking
to getting Linux (a 10 hr download!) and a fistful of books -
me and my
PC have a new lease of life. I've sent my first anon email and
found a few interesting ports.....
Problem is this (I'm running X windows - version ? - quite
modern) - my
/etc/resolv.conf file gets rewritten every time I boot into Linux
have written a script to sort this out but it's bugging me (I'm
to know' type of person). A guy down the pub suggested .rhost
I've grep'd my whole system and am still none the wiser.
Any info greatly appreciated.
[Editor: First, you're welcome. When you say resolv.conf gets
what does it get rewritten with? I can't imagine why that would
can you help us out with some more detail?]
*** Perl 101, Lesson 2.1
Gonzalo Merayo <Merayo@movi.com.ar> wrote:
> Reading the Pearl sample program of the planets I had some
> understanding this lines:
>if ($planetname eq $planetarray[$index])
> In any language this would return true only if the planet
> typed is Mercury.
> But instead in the program is used as if eq did a search
> string and returned true if found a match and false if didn't
> any. If it wasn't strange enough index returns the position
> string where the matching element is.
> If the correct is the second option and eq does all that,
how can I
> compare a variable with a particular element of the string.
> what if I was searching for Mercury and I want it to return
> all other possibilities?
> I would have to do this:
>if ($planetname eq $planetarray[$index])
> if ($temp eq $index)
> Too complicated for my taste.
I can't believe I did that. His solution is, I don't think,
effective way-- the normal way is just by simply putting an increment
statement somewhere inside the loop. Argh. I guess that's what
2:00am... hopefully I won't do anything quite as dumb in the
thanks a lot, Gonzalo, for pointing it out :).
This is a list devoted to *legal* hacking! If anyone plans
to use any
information in this Digest or at our Web site to commit crime,
go away! We
like to put computer criminals behind bars where they belong!