FTP

Another way to login will be FTP. You can use a windows client, or just login from a shell.

ftp ftp.domain.com

This will allow you to download or upload files to the site you are hacking. Just make sure to edit the xferlog to wipe your tracks on the system. Remember NEVER to ftp or telnet out of the hacked system, only log into it! If you are coming from your own system, or from another hacked account you might just be giving your login and password to the system admin or another hacker on their system. There could be a telnetd or ftpd trojan loaded on the system, or even a sniffer. Now you would have just gave someone your login id and password. And if this was the system admin, he might have the idea that revenge is sweet ;)

Using ftp from the shell, I would suggest using a few commands:

After you login, and have your prompt, type these commands pressing enter after each one.

prompt
hash
bin

prompt will allow you to type a command like (mget *) or (mput*) and transfer an entire directory without having it prompt you for each file yes or no.

hash will put ############ on the screen so you can see the transfer is still moving and at what speed.

bin will make sure you get the files in the right mode, and if transferring binary files, you will be sure they will uncompresses.

The transfer commands are easy, get filename, or, put filename, or for many files you can use regular wild cards with mput or mget.

Rlogin

There is another command you might use and we will get into this elsewhere as we get into using rlogin to login to a system without a password.

For now read the man pages on rlogin by using the man rlogin from your shell account.

The basic command would be :

rlogin -l username hostname
connecting....
password:

bash$

Rlogin requires the user to have a file in their home directory that tells what system they can receive the rlogin from. In this file .rhosts it would look like this:

username hostname (or) hostname

if you were to add to this file + + it would let any user from any host login without a password.

The file would look like this:

----- cut here ------
+ +
_____ cut here ------

if they already had entry's you could add the + + under their host names, but remember now they would notice seeing they would now be able to rlogin without the password. You would be targeting people that did not already have a .rhosts file.

Linux file permission

bash$ cd /tmp
bash$ ls -l
total 783
-rwx------ 1 wood users 1 Jan 25 18:28 190067haa
-rw-r--r-- 1 berry mail 1 Jan 16 12:38 fillter.14428
-rw------- 1 rhey19 root 395447 Jan 24 02:59 popp3a13598
-rw------- 1 rhey19 root 395447 Jan 24 03:00 popp3a13600
drwxr-xr-x 4 root root 1024 Jan 12 13:18 screens

First notice that we used a / and not \ to change to the tmp directory! linux uses the / as the root so it is backwards from DOS here.

Notice we did ls -l for the long directory. If we did 'ls' we would have what you see below.

bash$ ls
19067haa filter.14428 pop3a13598 pop3a13600 screens

With what we see here can not tell much, so most of the time we will be using ls -al with the -al we will see the hidden files also, hidden files and directories will always start with a '.'. Now watch:

bash$ ls -al
total 794
drwxrwxrwt 4 root root 8192 Jan 25 23:05 .
drwxr-xr-x 22 root root 1024 Dec 28 18:07 ..
-rw-r--r-- 1 berry users 6 Jan 25 23:05 .piinetemp.000
drwxr-xr-x 2 berry users 1024 Jan 25 23:05 .test
-rwx------ 1 wood users 1 Jan 25 18:28 190067haa
-rw-r--r-- 1 berry mail 1 Jan 16 12:38 fillter.14428
-rw------- 1 rhey19 root 395447 Jan 24 02:59 popp3a13598
-rw------- 1 rhey19 root 395447 Jan 24 03:00 popp3a13600
drwxr-xr-x 4 root root 1024 Jan 12 13:18 screens

.pinetemp.000 is a hidden file, and .test is a hidden directory.

-rw-r--r-- 1 berry mail 1 Jan 16 12:38 fillter.14428

row 1 row2 row3
----------------------------

Now here we need to learn about permissions, users, and groups.

Row #1 is the file permissions
Row #2 is who owns the file
Row #3 is the group owner of the file

File permissions are grouped together into three different groups.

If the line starts with a d, it is a directory, if there is no d, it is a file.

- --- --- ---
| | | |--------> Other = anyone on the machine can access
| | |------------> Group = certain groups can access
| |----------------> User = only the owner can access
|------------------> Directory Mark



- rw- r-- r--
| | | |--------> Other can only read the file
| | |------------> Group can only read the file
| |----------------> User can read or write to the file
|------------------> It is not a directory


- rwx rwx r-x
| | | |--------> Other can read and execute the file
| | |------------> Group can read write and execute the file
| |----------------> User can read write and execute the file
|------------------> It is not a directory


The owner is the user name in row #2 and the group owner is the name in row #3. In DOS the file has to have a .exe, .com, or .bat extension to execute, but in unix all you need is the --x in your group of user, other, group.

You can change these permissions if you own the file or have root access:

----------------------------------------------------------------------------
chmod oug+r filename will make all three groups of permissions be able to read the file.

chmod og-r filename would make the file readable only to the user that owns the file. (notice the - or + to set the file yes or no)

chmod +x filename would make the file execute by all.

chown username filename would make the file owned by another user.
chgrp groupname filename would make the file owned by another group.
----------------------------------------------------------------------------

Make sure to keep file perm's and groups the same or you will be sniffed out and booted from the system. Changing configs on the system might only break other functions, so keep your paws off or you are just asking to get cought. Only do what you are *SURE* of. Only use commands that you know, you might find yourself spending hours fixing just one typo like chown -R username /* could keep you busy for a year ;)

Just be careful!

We will get into this stuff more as we go into the needs for this.

Telnet

Telnet is a command that you can use from a shell account, or from an exe file (telnet.exe) from Windows, OS/2, Windows 95 and other operating systems that will let you connect to another machine on the net. There are other programs you will learn about here like FTP, and rlogin that you can use as well but now we will use telnet.

You can use telnet if you know the IP address or the host name you want to connect or login to. To use the command you would just use the telnet program to connect to the IP or host like this:

Telnet netcom.com or telnet 206.146.43.56

Ok, now lets login:

telnet machine.com

trying .....

Connected to machine.com

Linux 2.0.28 (machine.com) (ttyp0)

machine login:username
password:#######

bash$

Your prompt might look different, but we will use this one.

Notice above that it will tell you the O/S when you get the login prompt. You can use this if you get a large collection of passwd files. Even before going on to crack them sort them by O/S types by just telnet-ing to them to see what they are running. There are other ways, but lets keep this telnet topic going for a sec... telnet domain.name.com, after you see what they are running make a note of this and ctrl ] to break out of the connection.

Put all of your linux passwd files into a pile to be cracked first. All we need is one account that works for the system, and we can be almost sure we will have root on that machine! There are way to many holes in linux to think we will not be able to own one of those machines, so lets get to work so we can start this wonderful world of hacking.

Linux Commands you need to know

There are just a few basic commands you need to learn, and then some linux programs that will aid you in logging in logging into or keeping access to the machine.

Basic commands

I hope you have a basic knowledge of DOS, that would help a bit, and I will assume that you already do in writing this manual.

DOS Commands you are used to first:

REMEMBER: unix is case sensitive, so if I here use lower case you must also, if I use a space you must also. DOS will let you get away with allot of things but unix will not!

DIR/W = ls
DIR = ls -l
DIR/AH = ls -al AH=(hidden) -al=(include hidden files as well as regular)
RENAME = mv
ATTRIB = chmod
MD = mkdir
RD = rmdir
DEL = rm
COPY = cp

These are the basic commands, i suggest that you lookup the man pages on each one of these commands from your unix shell. You would do this by typing 'man command' without the ''. e.g. 'man ls' for detailing of commnad 'ls'

each one of these commands will have switches for them, like cp -R to copy files and directories. So you would type man cp to get all of the switches you can use with the copy command.

cd {then press enter} will always take you to your home directory
cp filename $HOME will copy the file to your home directory
cd ~username will take you to that users home dir if you have access to bethere
pwd {press enter} will show you what directory you are in.

Preface

This blog is not about shortcut techniques to crack some passwords. I'm not claiming to be a hacker. I indeed am not. I'm a learner and I respect learners.

Some of my friends think that hacking is to crack some password or getting into someone's computer. Few years earlier, I used to think the same. Time changed my way of thinking. Now, I think hacking is all about learning more and more concept. Hacking is about the hunger of knowledge.

There are no shortcuts. If you want to be a hacker, you need to learn the basics. And you need to continue learning always.

I'm not here to lecture about what you should do and what you should not. I'll also not preach about the hacking ethics. After all, everyone is responsible for his/her own deeds.

This blog will contain posts from other websites, books and tutorials. It is possible that all the posts are reproduced from some place. So, please don't enlighten me about where I copied it from; coz I already know if I copied. I can't promise originality (I'm a learner after all). But, this blog is going to be a good source of basic information.

I'm using this blog as a personal container of information. So, please don't sue me if I copied you. Most of the time I'll try to cite the source though.