Carolyn's most popular book, in 4th edition now!
For advanced hacker studies, read Carolyn's
|
| Subscribe to Happy Hacker |
| Visit this group |
Feb. 12, 1999 Part 1
_______________________________________________________________________
See the Happy Hacker web site at http://www.happyhacker.org
Your local firewall blocks you? Try http://happyhacker.org
Svenska:
http://w1.340.telia.com/~u34002171/hhd/gtmhh/svenska/hhdsvensk.html
URL of the day: (the DES algorithm - not for the math-challenged)
http://www.cryptosoft.com/html/fips46-2.htm
_______________________________________________________________________Part 1:
Editor's Comments
URLs
News
Reader Questions
Reader SubmissionsPart 2:
Reader Submissions
The Joys of chmod
Getting Extra Info with httpd
WinModems
Next Issue***********************************************************************
*** Editor's Comments
***********************************************************************Thanks for the great response to the first digest! Glad to see that you're
all awake! One thing that troubles me, however, is the great number of
submissions I've been getting asking how to do a particular installation of
Linux or to configure a program or PPP connection. Now, while these _are_
important issues, I'm not sure they're appropriate for a security-minded
digest. I can't possibly answer all of the questions posed to me. Carolyn
has a "setting up Linux" GTMHH in the works for those of you stuck with
installation. On that note, I'd like to make a clarification: I, the Unix
Editor, am not Carolyn Meinel. I send Carolyn the completed digest, and she
(possibly after commenting) sends it out to the rest of you. Thus, Eudora
will show up in the emails for you header-conscious people. (FYI: The
entirety of this digest is composed in Solaris, so no whining about me and
Windows) So, if you email unixeditor@cmeinel.com, you will reach me, your
forever-devoted Unix editor, while will get you
Carolyn. Also, I received a rather distressing letter, quoted below:Tim <twr@bellsouth.net> wrote:
Hi,
I have been a subscriber for quite some time and I have learned a lot from
Ms Meinel's very informative and encouraging digests and book. I am still
learning, and when I come across a situation in your guide where I can learn
something that is terribly important, I pay particular attention. Zhina
Rihana posted a really good question to which there was no answer for, it
regarded an ip-masquerading possibility (maybe). I have learned enough of
linux/unix to where I am venturing out into the net with my linux box and
would like to get on irc and hang out at some of the channels and possibly
learn some more from some of the groups out there, and she poses a really
good question about defending against a DoS attack or any other attack. How
about a follow thru on any of the questions that you post on the digest,
some of the questions being asked are not being answered...(no follow thru).
People can learn from the answers to the questions being posted. Or, don't
post the questions if you are not going to answer then.
-- Respectfully, Tim -- Miami/Florida twr@bellsouth.net
I post unanswered submissions in the digest because there are plenty of
people out there that can answer them and actually do. I don't profess to
know everything everyone asks, and chances are, you're going to get a dose
of opinion in my responses and editorials. (I am human, last time I checked)
If an opinion conflicts with the truth, then by all means, let me know. If
it conflicts with your own opinions, and feel the need to flame me for
something, by all means, don't. But please, sit and be patient for the next
digest to come out, and the question will most likely be answered. And on a
side note, any praise or criticism, even if not published, is not lost on
me. I do read and think about each email I receive. So don't get
discouraged if your letter doesn't get put in the digest right away. Sorry
for the longwindedness.-- Unix Editor
***********************************************************************
*** URLs
***********************************************************************Rootfest 99(May 21-23, Minneapolis, MN)
http://www.rootfest.orgRubiCon 1999(May 28-30, Dearborn, MI)
http://www.rubi-con.orgDefcon VII(July 9-11, Las Vegas, NV)
http://www.defcon.orgMore cons:
http://www.hackernews.com/cons/cons.htmlS.u.S.e Linux:
http://www.suse.comGood places to buy Linux and/or *BSD CDs:
Linux Systems Labs
http://www.lsl.com
CheapBytes
http://www.cheapbytes.comNeed documentation on Linux? The Linux Documentation Project:
http://metalab.unc.edu/mdw/linux.htmlMore Linux info:
http://howto.linuxberg.com/***********************************************************************
*** News
***********************************************************************LINUX KERNEL 2.2 RELEASED
After much effort and many pre-releases by Linus Torvalds and the rest of
the Linux development team, the Linux Kernel 2.2 was unveiled on January 25,
1999. The kernel now supports x86, SPARC, Alpha, Ultra, PowerPC, and m68k.
Improvements over version 2.1.x include improved device drivers, sound,
video, and support for more filesystems. More information can be found at
http://www.linux.org/dist/kernel.html and the kernel itself can be found at
http://www.us.kernel.org/pub/linux/kernel/v2.2/ for a United States mirror site.ANOTHER HACKER WARGAME ON THE NET
Interave.net has started a hacker wargame similar to the Happy Hacker
Wargame. There's no prize for this contest, unsurprisingly, except for
bragging rights and your name on a web page. Their target computer must be
accessed through a proxy to reach an intranet computer, however. Feel free
to check this one out at http://www.interave.net/hack.txt***********************************************************************
*** Reader Questions
***********************************************************************neon matrix <neonmatrix@hotmail.com> wrote:
how can i play w/ sendmail to try to find vulnerabilies with it?
also, how can i play w/ ANY program to attempt to find vulnerabilties?thanx...
neonmatrix
[Ed- Assuming you're talking about discovering NEW vulnerabilities, I'd
recommend looking at the source code and becoming very familiar with how
the program works. This is definitely not the only way of discovering new
vulnerabilities. I'm sure some of the other readers can suggest some others.]-----------------------------------------------------------------------
BaSe-2-oP <BaSe-2-oP@Post-Mortem.org> wrote:
I'm not a Unix/Linux Guru or anything, but I was wondering if it is
possible to change the Username of the root account in Linux? (The idea of a
static root username bothers me) If so, how?
Thanks for your time,
- BaSe-2-oP-----------------------------------------------------------------------
SquashMan <jpyles@seidata.com> wrote:
Hello, I have been editing my .rhosts file on my shell server (it runs
FreeBSD) and I was experimenting with something I heard about a while
back. If you enter "+ +" (without the quotes) that will allow access to
that particular account without a password. Then I tried to log in and it
did not work. Please explain why this did not work and what I CAN do to
allow access to all.[Ed- Standard warning for hacking here- you can get in trouble if you
don't have permission to mess with this computer. That aside, I'll answer
your first question. You tried to log in...with what? Use rlogin and this
trick should work fine. Beyond that, I'm not sure. As for the second
question, getting access to all as you put it is alot harder to manage. It's
different per situation.]-----------------------------------------------------------------------
Ardavan Hashemzadeh <ardy_ii@yahoo.com> wrote:
Dear Editor,
Hi, I am an unhappy member of HappyHackers.org. My unhappyness is caused by
the fact that I am clueless of the "shadowed" passwd files. I have got a lot
of texts from the web, but I couldn't understand any of them. I would be a
HappyHacker once you decide to help me out.thanx
[Ed- Anybody feel like doing a quick writeup about how password shadowing
works?]-----------------------------------------------------------------------
Laura Burt <lburt@amit.uvic.ca> wrote:
What is the relationship between Unix and hacking? I have in interest in
network security, and have a strong understanding of Dos and Windows, but I
haven't been able to figure out where Unix actually fits into the whole
scheme of things. If someone was trying to hack into my machine, or
company server, we don't use Unix (or do we....)Laura... <<...>>
[Ed- Anybody else, please feel free to offer your explanations here. The
reason that Unix is so important to the network security community is that a
large portion of the servers of the internet run a variety of Unix, while
most of the consumer desktop computers are Windows-based. That's the answer
in a nutshell.]-----------------------------------------------------------------------
David Webber <dwebber@ie-e.com> wrote:
I have a Red Hat 4.2 system that I do not know the root password to. The
problem is, there is something wrong with the file system so it won't boot
up in normal mode. When I try to boot in linux single, it gives me the same
error, but then prompts for the root password for maintenance mode. How do
I hack around this with a boot disk? I need to edit the /etc/passwd file,
but cannot because there is no text editor on the boot disk. I am not too
familiar with the UNIX/Linux environment, so I do not know how to put a text
editor such as PICO on the boot disk to run, or to even run it off a mounted
hard drive.Thank-you
-----------------------------------------------------------------------
Telepac <isanches@mail.telepac.pt> wrote:
On Unix System V there is an internal table, called The Open File Table of
The System (something like that, dont know the correct translation, I'm
portuguese). Anyway, this table as all the info on open files/devices/ pipes
on the system. You see, each process on memory as an Open File table with
file descriptors, these file descriptors point to positions on the other
table I referred to earlier. What I would like to know is: What is the
limit on the OPEN FILE TABLE OF THE SYSTEM? Would do I calculate it? And how
big is the internal (to the process) table of open files (how many entries)?
I already know that each user has a limit of 50 process running on the
machine at work, I was wondering if you could enlighten me on these other
questions.
Thanks, Francisco Sanches aka Kopa-----------------------------------------------------------------------
Redeemed <godsch1ld@hotmail.com> wrote:
First of all, great addition to the HappyHacker. Finally, a *nix piece. Very
informative, smooth, and well written to several skill levels. I am a
newbie, of sorts, and I was interested in the dbmmanage command. I have done
the "man" on it, and am still at odds with it. If it's executable, and you
can do an "addusr" with it, why won't it add the user? It asks for a new
passwd, confirms, encrypts, and then... nothing. Nada. Do I need to wait for
it to compile?Sincerely Looking for Knowledge....
Redeemed godschild@hotmail.com
-----------------------------------------------------------------------
rek2 <rek2@netnitco.net> wrote:
Hi... one short question
I run Redhat Linux and most of the times I download an exploit I have to
change the source code..what happened? They do this to keep non-C
programmers from compiling it??? Sometimes I can even fix it knowing some C.thank you
waiting for a response.[Ed- You're right on here. Some exploit writers intentionally cripple
their code to ensure that only experienced people are using it. They're
trying to stop the script kiddies from having canned programs do all the
work for them.]-----------------------------------------------------------------------
AcidPhire <jeffrey.wurtz@gte.net> wrote:
Do you suggest I get Redhat Linux or just a shell account????
[Ed- I suggest you get Linux. The distrubution isn't too important, though I
personally prefer Debian. You're going to have much more flexibility with
full access to everything on your computer, and you can try to break into
your own computer without worrying about breaking laws.]-----------------------------------------------------------------------
Robert Heffernan <lifecork@indigo.ie> wrote:
hi
I was delighted to hear of the appearance of a linux box
(smurfett.happyhacker.org) in the wargame, linux being my alternative *nix
operating system of choice, and I am bursting at the seams for a chance to
try and crack it.To the world of linux and hacking in gereral I am relatively new yet I
would place myself in the 'intermediate' class of hackers. I'm not a Unix
wizard and I can't recite sections of RFC 791 or 793 yet I am in the
constant process of improving my C/C++ and teaching myself Java and even
Assembler.My goal is to be able to understand everything I'm doing as I try to crack
this linux box, i.e. - I'm resolved not to use any scripts but to understand
what the script would do and then write my own version. I never intended to
just follow instuctions I find to get into a system without knowing why it
works and how to find it.After that rather long-winded introduction we come to the crux of this
email, I'm looking for ways in which one can find vulnerabilities on a
remote computer. I know that port-scanning is one way, looking for
mysterious ports or ports running old daemons open to attack (i'm
investigating the code to try and write my own port-scanner) yet I am
unaware of any other way to find vulnerabilities on smurfett.happyhacker.org
that I can learn about and learn how to exploit.I am, of course, presuming that there is no stupid-person-could-guess-it
passworded guest account, hopefully i'm not wrong. :) There is the
possibility that one is expected to use the guest account on koan to gain
access to smurfett.happyhacker.org (is this the case) but I am more
interested in cracking the linux box directly.So...this is my long winded plea for information, perhaps even a GTMHH, on
how to uncover security holes in a system.p.s. - are there many out there who support my, very-anti-script, old-school
view on hackingthank you very much
Robert Heffernan
[Ed- Keep in mind that EVERY open port you find is a potential doorway to
the computer. Some other things you may look for are rpc vulnerabilities
(try rpcinfo -p target.victim.com) in Unices, open shares in NT boxes, and
you can also try to ID the target machine's OS (irrelevant in this case)
using nmap or queso to give you a better view of what some possible
misconfigurations may be. And in answer to your ps, yes, there are a number
of people out there who share the anti-script view, myself included.]-----------------------------------------------------------------------
Paul Tan <paul@teenworld.com.my> wrote:
Hello!
Is it possible to have fake passwd file to mislead hackers on SunOS 4.1?
A particular system I have been targeting seems to have applied this defence
tactic, and I am wondering why I cannot logon with any of the cracked
passwords....[Ed- I guess you could fake the passwords, but I think another reason that
you can't get in with those passwords is that they may have already been
changed when they discovered that you had lifted them.]-----------------------------------------------------------------------
MadMan <madman593@yahoo.com> wrote:
I was wondering if there was a command that would do the same thing as:
find / -type d -perm -o+w -print
, or at least something that will search for different permissions?
Thank you.]v[ad]v[an
[Ed- You could just write a script to do it for you - I'm not sure of a
stock program that does this offhand.]-----------------------------------------------------------------------
IJacobs@aol.com wrote:
Hi
I have just recently installed slackware on my PC from sunsite.unc.edu.
Everything goes well until I try and boot it up. It looks like it is loading
fine and says:"Welcome to Linux 2.0.35.
darkstar login:"
and then asks for a password.
The machine I have installed it on is a P200 with 32mb of ram and a 2gig
hard drive. I also created a 60mb swap partition,so it cant be a memory
problem. I have tried installing it several times but still cant get past
the login. In all the text and faqs I find no reference to this login.I hope you can help.
Thanks
IJacobs[Ed- the place to read up on this is the installation manual. After
installing, you have to log in as root with a blank password, then create a
new user account by typing 'adduser unixeditor' without the quotes and
unixeditor replaced with whatever username you want.]***********************************************************************
*** Reader Submissions
***********************************************************************Jan Sacharuk <jan@ugrad.cs.ualberta.ca> wrote:
Argh! No! No!
I read through the latest HH, and was dismayed to see that you recommend
*Pico* as an editor! This is a terrible thing to do. Yes, pico is simple.
Yes, pico is small. But pico is a terrible thing to do *anything* in.[Nowhere did I _recommend_ pico. I mentioned it as a command. And for a
beginner, which that list was geared towards, pico is a good choice.]For editing system files and the like, people should use vi. Small, fast,
and will run on a barely functional kernel. For programming, and taking over
the world, people should run emacs, the One True Editor. Even if you never
learn elisp, emacs is probably the most powerful editor you'll ever use. If
you have Xwindows, or are running emacs in Winblows, use the graphical
menus for a while...they have the keystrokes written in. After you get used
to them, the keyboard is the only way to go. And if you're so inclined,
learn elisp, and make emacs do *anything* that you want. (I know a guy that
once considered making emacs route his mail.)There are lots of good editors out there based on emacs and vi (jed and vim
come to mind), but please, for the good of us all, don't mention pico. ;)[You forget to mention that to a novice, emacs and vi are somewhat
confusing. When I started with Unix, I tried using vi, and couldn't figure
it out. That's going to be discouraging to a newbie. No need to get into
holy wars here...this was one of the aforementioned "opinions" that may come
out here. My apologies to the Unix experts out there that I offended.]-----------------------------------------------------------------------
Juergen Dollinger <juergen@magrathea.stud-verwaltung.uni-ulm.de> wrote:
You wrote:
> X-Mailer: Windows Eudora Pro Version 2.2 (32)
> UNIX Edition!You have a nerve ;-)
[Ed- See the explanation of the Carolyn/editor distinction above]
> A CALL TO ACTION AGAINST WASSENAAR
> The following is a message posted by John Gilmore to many
> security-related sites recently about pending sanctions against
> cryptographic software:
>
> The US Wassenaar initiative is an attempt to deny the public not only
> all future strong crypto developments, but all existing ones. As
> today's message from Denmark makes clear, the freedom-hating
> bureaucrats are threatening to prosecute a citizen merely for
> publishing PGP on his web page.AFAIK the Wassenaar agreement does not set any restrictions for "public
domain" software. The Wassenaar definition of "public domain" seems to be a
bit different to what it is commonly and includes GNU GPL like licenses.
Correct me if I'm wrong.[Ed- This would be more appropriate addressed to the author of the quoted
article.]> [Ed- There's really no such thing as a "complete" system. Depending on
> what you plan on doing, you'll need different programs. For example, if
> you plan on coding in C++, you'll need the g++ compiler or something
> that can take its place. If you want Xwindows, then you'll have toThere's really no such thing as "Xwindows". From the X man page:
The X Consortium requests that the following names be used
when referring to this software:
X
X Window System
X Version 11
X Window System, Version 11
X11[Ed- Ok, a picky detail, but you still knew what I was talking about.
Thanks for the correction.]BTW: a nice way to explore the completeness of the own system is to use
a feature of the bash. If you press the <tab> key twice a message similar to
this:Display all 1170 possibilities? (y or n)
is displayed asking you if you want to see all possible commands. It makes
sense to limit the number of commands by typing the first letter of the
wanted commands p.e. a<tab><tab> shows all commands begining with the letter
"a". Then look at intresting looking commands read man page and so on.[Ed- Very good point here - I should have mentioned that in the previous
digest.]> pico - simple text editor in the style of the Pine Composer
I don't understand people using pico. There are so powerful editors like vi,
emacs or jed. They are not as userunfriendly as many people think. I know
from experience that the main problem for beginners is to understand the
concept of an editor itself. Even if the can send their E-mails using an
editor called by their MUA there is still a big step to recognize that the
same program can be used to edit any other text file.[Ed- See comments about pico above.]
I want to recommend a nice tutorial for vi here. It's just a text and as you
edit it with vi you learn interactively! It's available from
ftp://ftp.mines.colorado.edu/pub/tutorials/> pine - a Program for Internet News and Email
pine is a fine mailprogram (well I prefer mutt, but ...) but it's definitely
not recommendable for News. Good Unix Newsreaders are tin (www.tin.org),
slrn (great scoring) or emacs (of course :) ).[Ed- That definition was taken directly from the man page, and happens to be
the acronym for the command. I did explicitly state that I left alot out,
and those commands were just off the top of my head.]wurtz@gte.net> wrote:
Do you suggest I get Redhat Linux or just a shell account????
[Ed- I suggest you get Linux. The distrubution isn't too important, though I
personally prefer Debian. You're going to have much more flexibility with
full access to everything on your computer, and you can try to break into
your own computer without worrying about breaking laws.]___________________________________________________________________
This is a list devoted to *legal* hacking! If you plan to use any
information in this Digest or at our Web site to commit crime, go away!
Foo on you! Don't email us bragging about any crimes you may have committed.
We mean it.For Windows questions, email keydet89@yahoo.com or editor@cmeinel.com
For Unix questions, contact unixeditor@cmeinel.com.
For Macs, email Strider <s.corinth@iname.com>Happy Hacker staff: Unix editor, <unixeditor@cmeinel.com>;
Windows editor, Keydet89 <editor@cmeinel.com>; postmasters Jonathan D.
Zerulik and William Lewis <>; Hacker Wargame Director,
Mark Schmitz <wizard@rt66.com>; Wargame Sysadmin, Satori <Satori@rt66.com>;
Grand Pooh-bah: Carolyn Meinel <>Happy Hacker is a 501 (c) (3) tax deductible organization
in the United States operating under Shepherd's Fold Ministries. Yes!
This is all a plot to save your immortal souls!