[Full-Disclosure] ron1n phone home, episode 6
Bugtraq Security Systems
research at bugtraq.org
Fri Apr 9 11:09:43 BST 2004
We'd like to thank our ever growing fanbase of Mostly Harmless Hackers
for their support and feedback. Together we can make Mostly Harmless Hacking
a force to be reckoned with. Do not forget, these are the very same texts
that inspired several, nay, dozens of whitehats before you to climb
the information security ladder. Many of whom are CISSP's this very day.
We at Bugtraq Security Systems fully support the notion of having a
website world readable as being a grave security issue. When we objectively
consider the kinds of websites out there most of you would have to agree
that 80% of them contain information that is lethal to *world writable*
impressionable young minds. Please, think of the children. Cybernazis
are everywhere and they are on the prey. By making your website accessible
to the general public, you are in fact aiding in the corruption of America's
youth, thus supporting terrorism.
Team Bugtraq Security
-------------- next part --------------
GUIDE TO (mostly) HARMLESS HACKING
Beginners? Series #3 Part 2
How to Get a *Good* Shell Account
In this section you will learn:
? how to explore your shell account
? Ten Meinel Hall of Fame Shell Account Exploration Tools
? how to decide whether your shell account is any good for hacking
? Ten Meinel Hall of Fame LAN and Internet Exploration Tools
? Meinel Hall of Infamy Top Five Ways to Get Kicked out of Your Shell Account
How to Explore Your Shell Account
So you?re in your shell account. You?ve tried the ?ls -alF? command and are
pretty sure this really, truly is a shell account. What do you do next?
A good place to start is to find out what kind of shell you have. There are
many shells, each of which has slightly different ways of working. To do
this, at your prompt give the command ?echo $SHELL.? Be sure to type in the
same lower case and upper case letters. If you were to give the command
?ECHO $shell,? for example, this command won?t work.
If you get the response:
That means you have the Bourne shell.
If you get:
Then you are in the Bourne Again (bash) shell.
If you get:
You have the Korn shell.
If the ?echo $SHELL? command doesn?t work, try the command ?echo $shell,?
remembering to use lower case for ?shell.? This will likely get you the answer:
This means you have the C shell.
Why is it important to know which shell you have? For right now, you?ll want
a shell that is easy to use. For example, when you make a mistake in typing,
it?s nice to hit the backspace key and not see ^H^H^H on your screen. Later,
though, for running those super hacker exploits, the C shell may be better
Fortunately, you may not be stuck with whatever shell you have when you log
in. If your shell account is any good, you will have a choice of shells.
Trust me, if you are a beginner, you will find bash to be the easiest shell
to use. You may be able to get the bash shell by simply typing the word
?bash? at the prompt. If this doesn?t work, ask tech support at your ISP for
a shell account set up to use bash. A great book on using the bash shell is
_Learning the Bash Shell_, by Cameron Newham and Bill Rosenblatt, published
If you want to find out what other shells you have the right to use, try
?csh? to get the C shell; ?ksh? to get the Korn shell, ?sh? for Bourne
shell, ?tcsh? for the Tcsh shell, and ?zsh? for the Zsh shell. If you don?t
have one of them, when you give the command to get into that shell you will
get back the answer ?command not found.?
Now that you have chosen your shell, the next thing is to explore. See what
riches your ISP has allowed you to use. For that you will want to learn, and
I mean *really learn* your most important Unix commands and auxiliary
programs. Because I am supreme arbiter of what goes into these Guides, I get
to decide what the most important commands are. Hmm, ?ten? sounds like a
famous number. So you?re going to get the:
Ten Meinel Hall of Fame Shell Account Exploration Tools
1) man <command name>
This magic command brings up the online Unix manual. Use it on each of the
commands below, today! Wonder what all the man command options are? Try the
"man -k" option.
Lists files. Jericho suggests ?Get people in the habit of using "ls -alF".
This will come into play down
the road for security-conscious users.? You?ll see a huge list of files that
you can?t see with the ?ls? command alone, and lots of details. If you see
such a long list of files that they scroll off the terminal screen, one way
to solve the problem is to use ?ls -alF|more.?
Shows what directory you are in.
4) cd <directory>
Changes directories. Kewl directories to check out include /usr, /bin and
/etc. For laughs, jericho suggests exploring in /tmp.
5) more <filename>
This shows the contents of text files. Also you might be able to find ?less?
and ?cat? which are similar commands.
6) whereis <program name>
Think there might be a nifty program hidden somewhere? Maybe a game you
love? This will find it for you. Similar commands are ?find? and ?locate.?
Try them all for extra fun.
An editing program. You?ll need it to make your own files and when you start
programming while in your shell account. You can use it to write a really
lurid file for people to read when they finger you. Or try ?emacs.? It?s
another editing program and IMHO more fun than vi. Other editing programs
you may find include ?ed? (an ancient editing program which I have used to
write thousands of lines of Fortran 77 code), ?ex,? ?fmt,? ?gmacs,?
?gnuemacs,? and ?pico.?
Extracts information from files, especially useful for seeing what?s in
syslog and shell log files. Similar commands are ?egrep,? ?fgrep,? and ?look.?
9) chmod <filename>
Change file permissions.
10) rm <filename>
Delete file. If you have this command you should also find ?cp? for copy
file, and ?mv? for move file.
How to Tell Whether Your Shell Account Is any Good for Hacking
Alas, not all shell accounts are created equal. Your ISP may have decided
to cripple your budding hacker career by forbidding your access to
important tools. But you absolutely must have access to the top ten tools
listed above. In addition, you will need tools to explore both your ISP?s
local area network (LAN) and the Internet. So in the spirit of being Supreme
Arbiter of Haxor Kewl, here are my:
Ten Meinel Hall of Fame LAN and Internet Exploration Tools
1) telnet <hostname> <port number or name>
If your shell account won?t let you telnet into any port you want either on
its LAN or the Internet, you are totally crippled as a hacker. Dump your ISP
Shows you who else is currently logged in on your ISP?s LAN. Other good
commands to explore the other users on your LAN are ?w,? ?rwho, ? ?users.?
All sorts of statistics on your LAN, including all Internet connections. For
real fun, try ?netstat -r? to see the kernel routing table. However, jericho
warns ?Be careful. I was teaching a friend the basics of summing up a Unix
system and I told her to do that and ?ifconfig?. She was booted off the system
the next day for ?hacker suspicion? even though both are legitimate commands
4) whois <hostname>
Get lots of information on Internet hosts outside you LAN.
Get a whole bunch more information on other Internet hosts.
Even more info on other Internet hosts. Nslookup and dig are not redundant.
Try to get a shell account that lets you use both.
Not only can you use finger inside your LAN. It will sometimes get you
valuable information about users on other Internet hosts.
Find out if a distant computer is alive and run diagnostic tests -- or just
plain be a meanie and clobber people with pings. (I strongly advise
*against* using ping to annoy or harm others.)
Kind of like ping with attitude. Maps Internet connections, reveals routers
and boxes running firewalls.
Use it to upload and download files to and from other computers.
If you have all these tools, you?re in great shape to begin your hacking
career. Stay with your ISP. Treat it well.
Once you get your shell account, you will probably want to supplement the
?man? command with a good Unix book . Jericho recommends _Unix in a
Nutshell_ published by O'Reilly. "It is the ultimate Unix command reference,
and only costs 10 bucks. O'Reilly r00lz."
How to Keep from Losing Your Shell Account
So now you have a hacker?s dream, an account on a powerful computer running
Unix. How do you keep this dream account? If you are a hacker, that is not
so easy. The problem is that you have no right to keep that account. You can
be kicked off for suspicion of being a bad guy, or even if you become
inconvenient, at the whim of the owners.
Meinel Hall ?O Infamy
Top Five Ways to Get Kicked out of Your Shell Account
1) Abusing Your ISP
Let?s say you are reading Bugtraq and you see some code for a new way to
break into a computer. Panting with excitement, you run emacs and paste in
the code. You fix up the purposely crippled stuff someone put in to keep
total idiots from running it. You tweak it until it runs under your flavor
of Unix. You compile and run the program against your own ISP. It works! You
are looking at that ?#? prompt and jumping up and down yelling ?I got root!
I got root!? You have lost your hacker virginity, you brilliant dude, you!
Only, next time you go to log in, your password doesn?t work. You have been
booted off your ISP. NEVER, NEVER ABUSE YOUR OWN ISP!
You can go to jail warning: Of course, if you want to break into another
computer, you must have the permission of the owner. Otherwise you are
breaking the law.
2) Ping Abuse.
Another temptation is to use the powerful Internet connection of your shell
account (usually a T1 or T3) to ping the crap out of the people you don?t
like. This is especially common on Internet Relay Chat. Thinking of ICBMing
or nuking that dork? Resist the temptation to abuse ping or any other
Internet Control Message Protocol attacks. Use ping only as a diagnostic
tool, OK? Please? Or else!
3) Excessive Port Surfing
Port surfing is telnetting to a specific port on another computer. Usually
you are OK if you just briefly visit another computer via telnet, and don?t
go any further than what that port offers to the casual visitor. But if you
keep on probing and playing with another computer, the sysadmin at the
target computer will probably email your sysadmin records of your little
visits. (These records of port visits are stored in ?messages,? and
sometimes in ?syslog? depending on the configuration of your target computer
-- and assuming it is a Unix system.)
Even if no one complains about you, some sysadmins habitually check the
shell log files that keep a record of everything you or any other user on
the system has been doing in their shells. If your sysadmin sees a pattern
of excessive attention to one or a few computers, he or she may assume you
are plotting a break-in. Boom, your password is dead.
4) Running Suspicious Programs
If you run a program whose primary use is as a tool to commit computer
crime, you are likely to get kicked off your ISP. For example, many ISPs
have a monitoring system that detects the use of the program SATAN. Run
SATAN from your shell account and you are history.
Newbie note: SATAN stands for Security Administration Tool for Analyzing
Networks. It basically works by telnetting to one port after another of the
victim computer. It determines what program (daemon) is running on each
port, and figures out whether that daemon has a vulnerability that can be
used to break into that computer. SATAN can be used by a sysadmin to figure
out how to make his or her computer safe. Or it may be just as easily used
by a computer criminal to break into someone else?s computer.
5) Storing Suspicious Programs
It?s nice to think that the owners of your ISP mind their own business. But
they don?t. They snoop in the directories of their users. They laugh at your
email. OK, maybe they are really high-minded and resist the temptation to
snoop in your email. But chances are high that they will snoop in your shell
log files that record every keystroke you make while in your shell account.
If they don?t like what they see, next they will be prowling your program files.
One solution to this problem is to give your evil hacker tools innocuous
names. For example, you could rename SATAN to ANGEL. But your sysdamin may
try running your programs to see what they do. If any of your programs turn
out to be commonly used to commit computer crimes, you are history.
Wait, wait, you are saying. Why get a shell account if I can get kicked out
even for legal, innocuous hacking? After all, SATAN is legal to use. In
fact, you can learn lots of neat stuff with SATAN. Most hacker tools, even
if they are primarily used to commit crimes, are also educational. Certainly
if you want to become a sysadmin someday you will need to learn how these
Sigh, you may as well learn the truth. Shell accounts are kind of like
hacker training wheels. They are OK for beginner stuff. But to become a
serious hacker, you either need to find an ISP run by hackers who will
accept you and let you do all sorts of suspicious things right under their
nose. Yeah, sure. Or you can install some form of Unix on your home
computer. But that?s another Guide to (mostly) Harmless Hacking (Vol. 2
Number 2: Linux!).
If you have Unix on your home computer and use a PPP connection to get into
the Internet, your ISP is much less likely to snoop on you. Or try making
friends with your sysadmin and explaining what you are doing. Who knows, you
may end up working for your ISP!
In the meantime, you can use your shell account to practice just about
anything Unixy that won?t make your sysadmin go ballistic.
Would you like a shell account that runs industrial strength Linux -- with
no commands censored? Want to be able to look at the router tables, port
surf all.net, and keep SATAN in your home directory without getting kicked
out for suspicion of hacking? Do you want to be able to telnet in on ssh
(secure shell)so no one can sniff your password? Are you willing to pay $30
per month for unlimited access to this hacker playground? How about a seven
day free trial account? Email haxorshell at techbroker.com for details.
In case you were wondering about all the input from jericho in this Guide,
yes, he was quite helpful in reviewing this and making suggestions. Jericho
is a security consultant and also runs his own Internet host,
obscure.sekurity.org. Thank you, jericho at dimensional.com, and happy hacking!
Want to see back issues of Guide to (mostly) Harmless Hacking? See either
http://www.cs.utexas.edu/users/matt/hh.html (the official Happy Hacker
Subscribe to our discussion list by emailing to hacker at techbroker.com with
Want to share some kewl stuph with the Happy Hacker list? Correct mistakes?
Send your messages to hacker at techbroker.com. To send me confidential email
(please, no discussions of illegal activities) use cmeinel at techbroker.com
and be sure to state in your message that you want me to keep this
confidential. If you wish your message posted anonymously, please say so!
Direct flames to dev/null at techbroker.com. Happy hacking!
Copyright 1997 Carolyn P. Meinel. You may forward or post this GUIDE TO
(mostly) HARMLESS HACKING on your Web site as long as you leave this notice
at the end.
M/B Research -- The Technology Brokers
Full-Disclosure is hosted and sponsored by Secunia.