This paper contains. C code make sure to turn word wrap off! In your editor!!

НазваниеThis paper contains. C code make sure to turn word wrap off! In your editor!!
Размер2.87 Mb.
  1   2   3   4   5   6   7   8   9   ...   34


Unix Utils


Hacking Kit v1.0.c Jan/97

Hacking Kit v2.0.b March/97 (this is an update)

By: Invisible Evil

IRC: #unixhacking #virus #hackers #virii #hacking #hacker

#hack is just to busy for me ;)

NICK: i-e

If you have any other exploits, bugs, sniffers or utils that are not in here

please mail them to And I will be sure to keep you

updated with the latest version of this toolkit.

Comments are welcome. Sys admin's that want to keep their system clean are

welcome to request the latest version.

If you are looking for perfect grammar or spelling please put this file in

your circular file. I put enough time into this and just put it through

a cheap spell check.

Whats new? Look for more info on tricks of the trade, and nfs mounting

drives to gain access to shells. I am sure you will like the additions.

I have added a login trojan, in.telnetd trojan, and some more scripts for

scanning machines for mountable drives. Have pun!

I will add a (*) to u p d a t e d s e c t i o n s.




Chapter I - Unix commands you need to know

1A. Basic commands

Getting back to your home directory

getting into a user home directory easy

how to see what directory you are in now

How to get a complete manual for each command

1B. Telnet

Unix file permissions

Unix groups

How to change permissions and groups

1C. Rlogin


How to setup a .rhost file to login without a password


Logging in to the site, but never out of the site.

Using prompt, hash, and, bin

Using get, put, mget, and, mput

1E. GCC (unix compiler)

How to get the file to the hack box without uploading it

How to copy files to your home directory easy

How to compile .c programs

How to name them what you want

How to load programs in the background while you log off

Looking at your process with ps

Chapter II - Getting started (your first account)

2A. Cracking password files

How to get hundreds of accounts with your first hacked account

Why you only really need one password cracked on a system

How to get the root password from the admin, on an non-exploit system

Using A fake su program

Doc's for the fake su program

How to find the admin's

How to read .bash_history

Cracker Jack - A good password cracker

How to use crackerjack

Word Files

What you will need to get started

Hashing the word files

* Hash file for use with cracker jack and your word list

* Hash file for use with cracker jack and your passwd file

2B. Talking to newbe's

How to find the newbe's

How to get the newbe's passwords

2C. The hard way

Using finger @

What could the password be?

Getting more info from finger

a small .c file to use if you get on

Writing a small perl script to do the work for you.

How to get a domain list of all domains from

A perl script to rip the domains & put them in a sorted readable list

How to execute the perl script

* 2D. Using mount to gain access to unix systems

* What is nfs mount

* What you need to get started

* How to check a system to see if you can mount their drives

* A script to scan for systems that are nfs mountable

* How to mount the system

* How to unmount the system

* A Live Demo

* Mounting the drive

* Viewing the user directories

* Editing the local machine's passwd file

* How to put a .rhosts file in one on thier users directories

* How to rlogin to the users account

Chapter III - Getting password files


What is phf

Using lynx or netscape to access phf

Finding the user id the victims httpd (www) is running under

How to see if you are root using phf

How to cat the password file using phf

Backing up the victims password file

Changing a users password using phf

Restoring the old passwords

A .c file that will let you pipe commands to phf from your shell

How to use the phf shell file

Another way to use phf - text by quantum

Quantum's bindwarez file

A perl script that will try EVERY domain on the internet and log

root access and snatch passwd files for you all day in the background.

Doc's for the pearl script above

Getting accounts from /var/?/messages

A script to get the passwords for you if you can access /var/?/messages

3B. Newbe's


3C. Getting shadow passwd files

What is a shadow passwd

Getting the shadow file without root access

A .c file to cat any file without root access

3D. Getting /etc/hosts

Why get /etc/hosts

Chapter IV - Getting the root account

What to do if you can't get root on the system

4A. Bugs


4B. Exploits

The umount/mount exploit

What are SUID perm's

The umount .c file

How to compile umount.c

The lpr Linux exploit

The lpr Linux .c exploit file

The lpr BSD .c exploit file

How to use lpr

Watch the group owners with lpr

Just use lpr for first root, then make a SUID shell

How to make the SUID root shell for future root access (root root)

The splitvt exploit

The splitvt exploit .c program

How to use the splitvt exploit program

The sendmail 8.73 - 8.83 root exploit shell script

How to use the sendmail exploit to get root access

Chapter V - Making yourself invisible

Keeping access

5A. Zap2 (for wtmp/lastlog/utmp)

Fingering the host before login

How to login and stay safe

How to configure Zap2

Finding the log file locations

The zap.c file

5B. Other scripts

The wted wtmp editor

Command line usage for wted

How to chmod the wtmp.tmp file

How to copy the wtmp.tmp to the wtmp file

Setting the path for the wtmp file in wted

The wted.c file

Cleaning the lastlog file using lled

Command line options for lled

How to use lled

How to chmod the lastlog.tmp file

How to copy the lastlog.tmp file to lastlog

Setting the path for the lastlog file in lled

The lled.c file

* A good perl script for editing wtmp, utmp, and, checking processes

Chapter VI - Cleaning the log files

6A. A walk around in a hacked system - let's login

Logging on the system

Watching for admin's

Nested directories

Having your root file ready

Becoming invisible

Greping the log directory

Cleaning the logs

Lets sniff the network

Editing your linsniffer.c

Looking at the processes running

Compiling and naming your sniffer program

Starting a sniff session

Changing group file access

Making a suid root shell trojan for uid=0 gid=0 every time

Naming your trojan

Touching the files date

Checking the sniffer log file

Setting the history files to null

* Using unset for the history files

6B. messages and the syslog

How to find the logs are by reading /etc/syslog.conf

How to see if there are logs in hidden directories

How to see if logs are being mailed to user accounts

How to see if logs are going to another machine

* How to edit syslog.conf to hide logins

* Restarting syslogd

How to see if there is a secret su log by reading /etc/login.defs

6C. The xferlog

How to edit the xferlog

How to grep and edit the www logs

How to look for ftp logs

* Other ways to edit text logs

* Using grep -v

* A script to rip text lines from these logs

* Restarting syslogd

6D. The crontabs

How to find and read the root or admin's cron

How to see if MD5 is setup on the machine

What is MD5

Chapter VII - Keeping access to the machine

7A. Tricks of the trade

When the system admin has found you out

What to expect from the admin

History files

Nested directories

Placing trojans

Hidden directories

Making new commands (trojans)

Adding or changing passwd file entry's

Setting some admin accounts with null passwords

The best way to add an account

Editing a null account so you can login

Installing more games or exploitable programs

How to know your admin's

Reading system mail (with out updating pointers)

What to look for in the mail directories

A program to read mail without updating pointers

7B. Root kits and trojans

What are root kits

What are Demon kits

What do trojans do


* Appendix I - Things to do after access *


The a-z checklist


* Appendix II - Hacking / Security WWW / ftp sites *



* Appendix III - More exploits for root or other access *


A3-01. Vixie crontab buffer overflow for RedHat Linux

A3-02. Root dip exploit

A3-03. ldt - text by quantumg

A3-04. suid perl - text by quantumg

A3-05. Abuse Sendmail 8.6.9

A3-06. ttysurf - grab someone's tty

A3-07. shadow.c - Get shadow passwd files

A3-08. Abuse Root Exploit (linux game program)

A3-09. Doom (game) root exploit - makes suid root shell

A3-10. dosmenu suid root exploit

A3-11. Doom root killmouse exploit

A3-12. Root exploit for resize icons

A3-13. Root console exploit for restorefont

A3-14. Root rxvt X server exploit

A3-15. Root wuftpd exploit

A3-16. A shell script called gimme, used to read any system file


* Appendix IV - Other UNIX system utilities *


A4-01. Cloak v1.0 Wipes your presence on SCO, BSD, Ultrix, and HP/UX UNIX

A4-02. invisible.c Makes you invisible, and works on some SunOS without root

A4-03. SySV Program that makes you invisible

A4-04. UNIX Port scanner

A4-05. Remove wtmp entries by tty number or username

A4-06. SunOS wtmp editor

A4-07. SunOS 4+ Zap your self from wtmp, utmp and lastlog


* Appendix V - Other Unix Exploits *


A5-01. HP-UX Root vhe_u_mnt exploit

A5-02. IRIX Root mail exploit

A5-03. Root cron grabber - Crontab exploit for OSF/1, AIX 3.2.5, Digital UNIX

A5-04. IRIX mail exploit to make you any user on the machine - BUT NOT root

A5-05. BSD - crontab root exploit




1. Quantum's Bindwarez binary file for PHF

2. Demon Root Kit - Includes: Banish, DemonPing, DemonSu, DemonTelnet

3. Linux Root Kit - Includes: Login, Netstat, and, PS

4. The Fake SU Program




True this manual will aid hackers into breaking into systems but it is also

provided to guide system admin's on different security problems and help

with things to watch for on their system to keep hackers off.

If you use this manual to gain access to any system where you do not belong,

and do any type of damage, you alone will suffer for your stupid actions!

I am not telling you to break into any system, I am just showing some of

my experience, and things that I would do if I was to break into my own system.

This is for information only.....

ISP's Secure Your Systems!




Ok, lets get started. If you are going to hack, you must be doing this for a

reason. All hackers have their reasons for doing what they do. Most are just

hungry to learn. Most of what I have learned about unix, i have learned on

some service providers or someone else's machine. I am one for the 'hands on'

experience. There is much to learn and you would have to read 20,000 books

just to get what you would learn out of a few config files, a few admin email

messages, some .bash_history files, and some poking around a few systems.

Here in this manual you should learn how to be the 'complete hacker' and come

up with a style of your own. It will not take to long, but it will take some

practice and experience before you will be able to call yourself a hacker.

Not just anyone that can crack a password file, and log into a unix machine

can call themselves a hacker. Ok, you can get root access to a box! You still

are not a hacker! You need to know why you are a hacker first, and then have

your 'code' and 'style'. You need a purpose and a reason for hacking into any

box. The true hacker knows why he is doing what he does, and is doing it for

reasons like knowledge, free information, and ACCESS. The true hacker will

turn one hack into access to many different systems and providers and keep this

access for future learning and more FREE information.

The wan-a-be hacker will not be invisible, and will do many stupid things like:
  1   2   3   4   5   6   7   8   9   ...   34


This paper contains. C code make sure to turn word wrap off! In your editor!! iconCode: it601 Paper : Information Technology 3 1 4

This paper contains. C code make sure to turn word wrap off! In your editor!! iconFirst semester examination course Code Paper L t/p credits

This paper contains. C code make sure to turn word wrap off! In your editor!! iconPaper – II: estuarine and marine biology (Code No. Fs 02)

This paper contains. C code make sure to turn word wrap off! In your editor!! iconHi Danielle, good job. I used the Tools: Track Changes option in msword to make comments; I focused on the technical aspects of the paper rather than style I

This paper contains. C code make sure to turn word wrap off! In your editor!! iconType the Title of This Paper, Capitalize First Letter of Each Content Word

This paper contains. C code make sure to turn word wrap off! In your editor!! iconЛабораторная работа №2 Вставка и редактирование формул
Вызов формульного редактора Equation Editor из Word можно осуществить следующей последовательностью действий
This paper contains. C code make sure to turn word wrap off! In your editor!! iconWy, it's just ez clear ez Aggers, Clear ez one an' one make two, Chaps thet make black slaves o' niggers, Want to make wite slaves o' you

This paper contains. C code make sure to turn word wrap off! In your editor!! iconEditorial board editor-in-Chief: Asfaw Desta Associate Editor-in-Chief: Derege Kebede

This paper contains. C code make sure to turn word wrap off! In your editor!! iconEditor-in-Chief: Joseph Terry Associate Editor: Liza Rudneva Marketing Manager: Melanie Goulet Production Manager: Denise Phillip

This paper contains. C code make sure to turn word wrap off! In your editor!! iconСтруктура проекта и компоненты Word
Из всего набора приложений Office Word предлагает наиболее богатый набор средств программирования. Объектная модель Word содержит...
Разместите кнопку на своём сайте:

База данных защищена авторским правом © 2014
обратиться к администрации
Главная страница