What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group

Unix Edition, May 08, 1999
See the Happy Hacker web site at http://www.happyhacker.org
URL of the day:
http://www.it.uq.edu.au/groups/csm/dcc.html - Decompile to C from binary

Editor's Comments
Nuggets of Info
Reader Questions
Reader Submissions
Piles more UNIX commands
Future Issues

      *** Editor's Comments

Submissions as a whole have slowed down considerably. Fortunately, the
quality of the posts I _do_ receive have been steadily increasing in
quality. You may notice me answering some questions only distantly
to security... Basically, I thought they were interesting, and some of
may find them interesting too. Enjoy! I received one email asking to
the author of each section in the digests. Unless I explicitly name a
person (or anonymous) before the submission, you can assume that the
was written by _me_, your caring, supportive UNIX editor. Many of the
I dig up my self, and some are contributed by readers. The Editor's
Comments section is by me, surprise surprise.

Oh, and I don't take unsubscribe requests. Look at the bottom of the
message for unsubscribe info.

      *** URLs

RFC2068 - HTTP/1.1 Specification

A search engine for RFCs

Armoring Solaris (Lance is so cool!)

comp.lang.c FAQ

Cheap Linux CDs & stuff

List of free shell accounts

Security Papers and Documents (lots!)

"A Linux Programming Call to Arms"

Kevin Mitnick Info

      *** Nuggets of Info

1) Trying to get online with Linux? Check the documentation at the site
   of your particular distribution. Maybe I'll write up a little
   one of these days.

2) Decompilers may generate very hard-to-understand code. Be sure you
   assembly before you use one seriously.

3) Linux is not a "point-and-click-instant-gratification" operating
   system. You may actually have to work to get it up and running. Then
   again, you may not.

4) Changing the source address of packets, be it TCP, UDP or ICMP will
   require you to learn how to manipulate raw sockets. Chapter 25 of
   Stevens' "UNIX Network Programming" would do you well.

5) Port 12345 open on a UNIX server may be a trap for script kiddies
   looking for a NetBus target.

6) UNIX and Linux are not languages. They are operating systems. They
   the programs that make the computer run and do things for you. C, C++
   and Java are languages.

7) You're never wasting time if you're learning something.

8) Bored, you say? Install Linux. Too much work? Go play Solitaire.

9) Windows inserts a CR and a LF when you hit <ENTER> in Notepad.
   Typically, UNIX-based text editors only use the CR. There are plenty
   utilities out there that will strip off the extra characters. This

   extra character per line would not make the file completely
   however, as one poster claimed.

      *** Reader Questions

Ristridin <ristridin@earthling.net> wrote:

Hi  all!

I got a question concerning an error msg I get when trying to use
Whenever I type something like "ipfwadm -I -p deny" it responds with the
error message "SetSockOpt failed; Protocol not available". Anyone got a
clue what's wrong? My TCP/IP Networking works btw.

Here some info on my system...

SuSE Linux 6.1 Beta, Kernel 2.2.3; Firewalling options enabled
Networking via Network card and ISDN. Works so far....

I'd greatly appreciate your sending me some information on how to solve
the problem.

[Ed- Hmm. I'm at a loss here. The only thing that comes to mind is that
your kernel is not compatible with your firewalling software. If you
a stock distribution that started with kernel 2.0.* and upgraded it
directly to 2.2.3, you may have some software conflicts. Check SuSE's
website for any compatibility issues. I know Debian 2.1 has minor
if you replace the 2.0.35 kernel with 2.2.* - Anybody care to back me


Justaworm <justaworm@earthlink.net> wrote:

I have heard that we are legally allowed to hack, crack, and disrupt
computer systems of those countries in which we are legally at war with.
can't seem to find anyone who knows if this is true or not. It sounds
reasonable to me, but the man seems to have a stick up his arse when you
talk about any hacking of any nature during any time. Do you know if
is true or not?


[Ed- Let's say we declare war on Foobarland. You would not be in your
rights to fly over there and start shooting people up with your hunting
rifle. Why would this be any different? I think someone is pulling your
leg, or there's an urban legend out there that I don't know about. In
short, "Not true." Check (URL wrapped)


for a news story on this.]


Kevin Matthews <kbmatt@biosys.net> wrote:

    I have a question about the boot process in Linux.  I hope it's not
beyond the scope of this list, because I've looked for the answer
elsewhere and can't seem to find it.  I am trying to build my own
distribution from the ground up as a learning experience.  So far I have
created a partition with an F.H.S. compliant filesystem, created all of
the necessary device files, installed lilo, init and the kernel.  I am
almost a 100% sure a have at least this much done correctly.  Then, when
try to boot the partition, the kernel boots and everything works fine
until just after / is mounted read-only.  At this point the kernel
hands off control to init.  The problem is that it's not happening.  The
boot process just hangs.  I tried re-naming sh to init, so I could at
least get a shell up, but that didn't work either.  My question is, are
there any binaries the kernel needs before it hands control to init (I
thought maybe it was hanging because it couldn't find some binary it
needed), and if not do you have any suggestions as to what the problem
might be?  Thank you.


[Ed- Umm. I have no clue...never tried to do this. Not exactly
security-related, but I let this one slip in because it seemed like a
hackerish thing to do (building your own distribution). Anybody have
for Kevin?]


Dave Andrews <dave31_5@hotmail.com> wrote:


I was very interested on the article about buffer overflows but am not
any good at assembler.

[Ed- a good reason to learn, no?]

I have however been told that using gcc C++ progs can be compiled into

assembler code. Is this true and if so can this code be used in buffer
overflows as the assembler section?

Thanks very much

[Ed- Yes, this is true. With the -S flags, both gcc and g++ will
assembler code from a C/C++ file. You still need to know what the
assembly code does, though. Have you read "Smashing the Stack for Fun
Profit" yet?]

      *** Reader Submissions

Sniper <n8yul@stratos.net> wrote:

I work for a School system as an Network Admin and we have alot of
potential Hackers that try and break into some of our systems and try to
bypass the proxy server and one of the tricks they try is first to
there TCP/IP address (and they think that this would elude us), and then
start hacking but some of them don't realize that I don't need the IP
address, the Sniffers we use gives us both IP and MAC Address. They just
started this and we caught 2 student this month trying this. I hope this
helps out....

LKWDSCHOOLS Network Admin/Technician.


Nils van den Heuvel <n.heuvel@wxs.nl> wrote:

> Horrorshow wrote:
> Hey.  If programs like su, passwd, and login can read (as well as
> in the case of passwd) the shadow file, why couldn't programs like
> leet0unixCracker can't?  What makes those programs special?  Can that
> specialosity be harnessed by leet0 hax0r progs?

They are SUID (Set User ID) programs... SUID is a special bit (like r, w
and x, see "man chmod" to find out how to set them) that can be set on a

OK, let's assume we have two users on a system... One is the root user
called "root" and the other is a normal user called "inferior" :-)
Normally, when a program is started by a "inferior" it will get
"inferior"'s privileges... So, when "inferior" runs texteditor on
/etc/passwd, he can't change it, because the texteditor has gotten his
privileges and /etc/passwd can (usually) only be changed by users with
root privileges...

When this SUID bit is set on an executable file, it will get the
privileges of the owner of the file (and not of the person who executed
it)... So if  "inferior" executes a texteditor with the SUID bit set on
it, and it's "owned" by root, he will be able to edit every file on the

Usually only specially written programs get SUID root privileges,
setting it on a wrong file can open HUGE security holes... Passwd is
a program, it needs to be executed by all users (for changing their
passwords) and it needs root access to write the new password to the
password file (and perhaps reading the old one fom /etc/shadow)... So
passwd is owned by root and it has the SUID bit set on it...

And sure, your "leet0 hax0r progs" can be SUID root too... But only if
they are installed on the system by root... Sure, you (the user with
normal privileges) can install it too, and you can even set the SUID bit
on it, but the program will be owned by you (because you installed it),
so if it gets executed it will get your privileges instead of root
privileges, and it isn't possible to "chown" (man chown: change the
owner of a file) it to root.... If it would be possible, it would be
easy to hack a system once you have an account on it: just write a
shellscript that executes bash, sh, or another shell... set the SUID bit
on it and then chown it to root... this would give you a root shell...
but it just isn't possible...


ps. Read up on UNIX file-permissions

[Ed- Good, bad, I'm the guy with the gun. Sorry. Just felt like saying
that. Good article, Nils!]


Ben Jackson <ben@bensheila.demon.co.uk> wrote:


Thanks for the column, I've been reading for about a year now and always
find something interesting. Many ideas I've picked up from the Unix

are now full scripts running on production systems where I work.

Anyway, I was on a *nix course recently which involved thirty or so
students each with a Sparc workstation networked in a classroom

As you can probably imagine an enjoyable part of this course was gaining
root access to one of the other students workstations remotely  and
ejecting their CD ROM trays / Floppys etc to surprise them.

Their responses ranged from "You b*&??rd" to "I think we may have a
ghost in here".

Anyway whilst on this course I wrote the following script to prevent
others doing unto me what I had done to them.

It loops exec's itself until a specified user (root) logs in and will
then kill and log any root users from logging on remotely from any
other that your own.

This of course stops rlogin, telnet etc. attacks by anyone who may have
gained your root password, but is not sitting at a terminal connected to
your host.

# Script       :    rootout.ksh
# Author  :    Ben Jackson
# Date         :    04/04/1999
# Comments     :    Searches for root users logging in from other hosts.

# Set up our allowed localhost variable.
# Remote user to keep out.
# The name of this script.
# Keep a log of unauthorised users here.
# Store the current date in a variable for use in the logfile.
DATE=`date +%a" "%b" "%e`
# Store the current time in another variable.
TIME=`date +%H:%M:%S`

# Wait until user logs in.
while who -u | grep ${OUT} | grep -v ${LOCAL}

# Start "for" loop to look at information every root user currently
# logged in.
for USER in "`who -u`"
  # Users login name stored in NAME variable.
  NAME=`echo ${USER} | awk '{print $1}'`
  # Users process id in this variable.
  PID=`echo ${USER} | awk '{print $7}'`
  # The name of users computer here.
  HOST=`echo ${USER} | awk '{print $8}'`

  # "If" loop to check if user is allowed to be here.
  # If not they are killed and their info written to the logfile.
  if [[ ${NAME} == ${NAME} && ${HOST} != ${LOCAL} ]]
    # Take down the users particulars and write into the logfile.
    echo "Someone from ${HOST} logged in as ${NAME} on ${DATE} at
{TIME}">> ${LOG}
    # Kill of the offending user send additional info to logfile.
    kill -9 ${PID} >> ${LOG} 2>&1


exec ${0}

Ben Jackson

[Ed- This will work, albeit in a somewhat roundabout way. An attacker
could login and just su to root. Also, this method gives them a slpit
second as root, if they try to login as such, they may be able to do
deeds before you can kill the session. My Debian Linux box at home has
remote root logins disabled by default, so this isn't a problem. To
prevent root from telnetting into a Solaris box, make sure CONSOLE is
to something...probably /dev/console in /etc/default/login]


A. Kock <askaruba@setarnew.aw> wrote:

Nils van den Heuvel sent you a reply to someone's submission in the
unix digest, sent on april 3rd. He called the counter measure stupid,
saying that it would be easy to send a packet with a spoofed ip address
and thus causing a mixup. I do agree with the fact that this COULD  be
accomlpished, and also with the fact that boasting about "things you
have done" is childish. But it makes me wonder how in the hell the
Hacker" would know about the counter measure in the first place?? Would
he not have to send a packet with his real ip address first, or
something?? What I'm trying to say is that, the theory behind the
port scanner" still stands. Unless of course the counter scanner goes
around boasting and playing "Big Bad Hacker", hence revealing that he
a counterscanner.  =)
BTW, Nils, I hope you don't feel offended or anything.


Ben Jackson <ben@bensheila.demon.co.uk> wrote:

Hello again.

One of the HH readers FuzzyFlup <flup@telekabel.nl> wrote the following:

>I was wondering is there is a little program or script out there, which
>does the following:
>- Check a file content for several certain words or numbers, to specify
>  by the user
>- Gives a beep or another alert when it finds it
>- Deletes and remakes the file when it reaches a certain size, also to
>  specify by the user
>I'd like to use it with tcpdump > outputfile, because I don't always
>watch my tcpdump, and the connects scroll by very fast too. Thanks!

Which set me thinking being as I had a day off work.

For the first problem, ie check a file and alarm when a string is found,
here is a Korn shell script which does the job.

It requires two command line arguments, the first being the string to
find and the second being the file to check.

The ALARM message output can be modified to suit the user and then maybe
put on cron ie. * * * * * search.ksh

# Script        : search.ksh
# Author        : Ben Jackson
# Date          : 06/04/1999
# Comments      : Searches text files for a certain string and bleeps
#                 when it finds it.

USAGE="${0}: <String to find> <File to check>"

# Check user has supplied a file to check as the first argument
if [[ ${1} == "" ]]
        print ${USAGE}
        exit 1;

# Check user has supplied a string to check
if [[ ${2} == "" ]]
        print ${USAGE}
        exit 1;

# Check file specified, line by line
cat ${FILETOCHECK} | while read LINE
        if echo ${LINE} | grep "${STRINGTOFIND}" > /dev/null 2>&1
        # ALARM Beep and print line if specified string is found in it
                print -n "\007"
                print ${LINE}

Hope this is of use to some readers.

Ben Jackson

[Ed- More shell script coolness from Ben!]

      *** Piles more UNIX commands

Thanks to CXref32@aol.com for compiling and sending this list of UNIX
commands. I have mentioned some of these before, and not all of them may
be available on your particular computer. As usual, type man <command>
more information on any of these.

cu -- Connect to UNIX system
ftp -- file transfer protocol
login -- Sign on to UNIX
mailx  -- Read or send mail
rlogin -- Sign on to remote UNIX
talk -- Write to other terminals
telnet -- Connect to another system
vacation -- Respond to mail automatically
write -- Write to other terminals

cmp -- Compare two files
comm  -- Compare items in files
diff  -- Compare two files
diff3 -- Compare three files
dircmp -- Compare directories
sdiff -- Compare two files, side-by-side

File Management
cat -- Join files or dipaly them
cd -- Change directory
chmod -- Change access modes on files
cp -- Copy files
csplit -- Break files at specific locations
file -- Determines a file's type
head -- Show the first few lines of a file
install -- Set up system files
ln  -- Create filename aliases
ls -- List files or directories
mkdir -- Create a directory
more  -- Display files by screenful
mv -- Move or rename files or directories
pwd -- Print your working directory
rcp -- Copy files to remote system
rm -- Remove files
rmdir -- Remove directories
split -- Split files evenly.
tail -- Show the last few lines of a file
wc -- Count lines, words, and characters

banner  -- Make posters from words
bc -- precision calculator
cal -- display calendar
calendar -- check for reminders
clear -- clear the screen
kill -- terminate a running process
man -- get information on a command

nice -- Reduce a job's priority
nohup -- Preserve a job after logging out
passwd -- Set password
script -- Produce a transcript of your login session
spell -- Report misspelled words
su -- become a superuser

cancel -- Cancel a printer request
lp -- Send to the printer
lpstat -- Get printer status
pr -- Format and paginate for printing

cb -- C source code "beautifier"
cc -- C compiler
cflow -- C function flowchart
ctags -- C function references
ctrace -- C debugger
ld -- link editor
lex -- Lexical analyzer
make -- Execute commands in a specified order
od -- dump input in various formats
sdb  -- Symbolic debugger
strip -- Remove data from an object file
truss -- Trace signals and system calls
yacc -- Compiler used with lex

egrep -- Entended version of grep
fgrep -- Search files for literal words
find -- Search the system for filenames
grep -- Search files for text patterns
strings -- Search binary files for text patterns

Shell Programming
echo -- Repeat input on the output
expr -- Perform arithmetic and comparisions
line -- Read a line of input
sleep -- Pause during processing
test -- test a condition

compress -- compress files to free up space
cpio -- copy archives in or out
pack -- pack files to free up space
pcat -- Display contents of packed files
tar -- tape archives
uncompress -- Expand compressed (.Z) files
unpack -- Expand packed (.z) files
zcat -- Display contents of compressed files

System Status
at -- Execute commands later
chgrp -- Change file group
chown -- Change file owner
crontab -- Automate commands
date -- Date or set date
df -- Show free disk space
du -- Show disk usage
env -- Show enviroment variables
finger -- Point out information about users
ps -- Show processes
ruptimes -- Show loads on working systems
shutdown -- Revert to single-user mode
stty -- Set or display terminal settings
who -- Show who is logged on

Text Processing
cut -- Select columns for display
ex -- Line-Editor underlying VI
fmt -- Produce roughly uniform line lengths
fold -- Produce exactly uniform line lengths
join -- Merge different columns into a database
nawk -- New version of awk (pattern-matching language for database
paste -- Merge columns or switch order
sed -- Noninteractive text editor
sort -- Sort or Merge files
tr -- Translate (redefine) characters
uniq -- Find repeated or unique lines in a file
vi -- Visual text editor
xargs -- Process many arguments in manageable portions

deroff -- Remove troff codes
eqn -- Preprocesser for equations
nroff -- Formatter for terminal display
pic -- Preprocesser for line graphics
tbl -- Preprocesser for tables
troff -- Formatter for typesetting

      *** Future Issues

Setting up your own Wargame
Onion Routing
How Private is it?

To subscribe to the Happy Hacker Digest, email mailman@antionline.com
with the message "subscribe happyhacker."  Unsubscribe with message
unsubscribe happyhacker.

This is a list devoted to *legal* hacking! If you plan to use any
information in this Digest or at our Web site to commit crime, go away!
Foo on you! Don't email us bragging about any crimes you may have
committed.  We mean it.

For Windows questions, email keydet89@yahoo.com.
For Unix questions, contact unixeditor@cmeinel.com.
For Macs, email Strider <s.corinth@iname.com>

Happy Hacker staff: Unix editor, <unixeditor@cmeinel.com>;
Windows editor, Keydet89 <editor@cmeinel.com>; Hacker Wargame
Director, Vincent Larsen <vincent@sage-inc.com>;
Clown Princess: Carolyn Meinel <>

Happy Hacker is a 501 (c) (3) tax deductible organization
in the United States operating under Shepherd's Fold Ministries.

 © 2013 Happy Hacker All rights reserved.