A Basic UNIX Overview

A Basic UNIX Overview

Asriel

UNIX FOR DOS ADDICTED WaReZ PuPPieZ AND THEIR PETS

Introduction

------------

One of the most common operating systems in existance is Unix. Unix

exists in many different flavors, from Berkeley BSD to AT&T System V

to SunOs. Basic working knowledge of Unix is almost essential to a

hacker, as it is the system a hacker is most likely to come across.

If you intend to use the internet at all, or to do any serious

exploration of Telenet, the ability to navigate through Unix is a

necessity. (Unix is also the single most interesting system in

existance: it's just fun to fuck with).

Unix Logins

-----------

Most Unix logins look essentially the same. A general Unix login

prompt looks something like this:

connected to five.finger.com

login:

That first line is the system identifier. Although it's not at all

essential to what you are doing, it's good to know what system you are

attempting to log on to.

The second line is what typically identifies the system you are on as

Unix. Almost all Unix systems greet a user with the same prompt:

login:.

Well, there's not much to do in Unix from the outside, and Unix

systems are typically fairly secure at this point. You may be able to

obtain a list of users, or current users, by logging in as 'who', but

other than that there are few functions available here.

Unless you are on the internet, or have accounts specifically for the

specific machine you are on, the only way on to the system is to try

the default passwords. What are the default passwords?

Unix systems come installed with certain passwords automatically. In

addition, some accounts must exist on a system. One such account is

'root'. This user is the divine Kami of the Unix system... in short,

an all access pass. Unfortunately, few systems allow root logins

remotely, and even fewer leave 'root' unpassworded. Nevertheless, it's

always worth a shot... try this:

connected to ren.stimpy.net

login: root

password: root

invalid login

login:

well, nice try anyways... other possible passwords for root include

'sysadmin', 'sys', 'admin'... you get the idea. You may also want to

try these passwords with a single digit appended (added, idiot) to

them... meaning the password 'root' could be 'root1' or 'root2'.

An interesting tip about passwords in general... many people that use

passwords under 8 characters tend to add a digit or a non-alphanumeric

character to the password. This is done in order to hinder guessing,

and to stop password breakers (more on this later). In this case, you

may want to try adding a space before root... or even an ascii 255 to

the end.

Fortunately, there is more than one default password in a unix

system... a quick list:

sys sys

bin bin

daemon daemon

rje rje

setup setup

uucp uucp/nuucp/anonymous

nuucp uucp/nuucp/anonymous

mountfsys mountfsys

In the System

-------------

Ok, at this point, I'm going to assume you've gotten past the login...

as painful as that may sound. Although Unix may be secure from the

outside, without effort from the system administrators, the inside of

the system is not.

First off, you'll likely by asked for a terminal. vt100 serves your

purposes sufficently, and it's typically the default, so hit enter.

Now, hopefully, you have a prompt. There are many different types of

unix prompts, some of which contain current directory information,

some of which are just a single character. Just don't panic when my

examples don't look exactly like what you've got on your screen.

The first thing you *need* to do on the system is establish your tty

paramters. As eldritch and arcane sounding as this term may seem, it's

actually quite simple... you need to tell the system what keys are

going to do what.

The command to set these parameters is 'stty'. Watch:

squinkyB ] stty erase ^h

squinkyB ]

There... that wasn't so bad, was it? Well, it's also pretty

meaningless to you, unless you have the ascii table memorized and are

pretty good at on-the-spot deduction.

The tty erase parameters determines which key is to be used as a

backspace. At times, this may already be set when you log in, or it

may be set to a suitable alternate (such as delete). Most of the time

the system will tell you when you log on if this is so. In this case,

we've entered ^h in order to make the backspace key, appropriately

enough, backspace.

Another extremely important parameter is 'intr'. The 'intr' paramter

tells the Unix system what you intend to use as a break character...

you should have this set to ^c.

Getting Around

--------------

A good thing to remember about Unix is that it's alot like DOS. Files

are laid out in directories just as in DOS... in fact, the only

immediate difference in the directory structures is that Unix uses a

forward slash ("/", moron!) instead of a backwards one.

Also, the basic Unix directory navigation command is identical to DOS.

In order to change directories, you use the command 'chdir', or 'cd'.

A quick example:

1 /usr1/astoria ] cd ..

2 /usr ]

Wala. That simple. Quick notes:

ю cd / will take you to root.

ю cd /*pathname* will take you to *pathname*

ю cd home will take you to your home directory.

You can make and delete your own directories with the mkdir/rmdir

commands. Simply put, mkdir makes a subdirectory off of the current

directory, and rmdir removes a subdirectory from the current

subdirectory. Good to know if you plan to do a lot of file transfers.

An important note about Unix directories, files, and concepts:

Unix is a case-sensitive operating system. Thus, the files

ю Spleen

ю spleen

ю SPLEEN

ю SpLeEn

are all different. This rule applies to directories and command line

paramters, as well as most other Unix ideas.

Another nice thing to know about Unix: Unix files are not subject to

the normal DOS 8 character limit. Thus, you can have vast filenames,

such as "this_file_ate_my_biscuit".

Some other important commands

-----------------------------

First and foremost, you should know cp. cp is the basic Unix

equivalent of the DOS COPY command. The command line for cp is

identical to that of COPY.

Next on the scale of cosmic import is cat. cat is the Unix equivalent

of the DOS TYPE command, and once again, for simple file displaying,

the command line is identical.

Variations on the theme:

pg: displayes a file page by page. Type "pg x filename", where x is a

number of lines to display before pausing and filename is the

file you wish to display.

more: displays a file screen by screen.

Stupid pet trick:

You can use your cat to copy files, simply by using the directional

operators. To copy a file from here to there using cat, simply type:

% cat here

this is the file here

% cat there

this is the file there

% cat here > there

% cat there

this is the file here

The operator ">" simply takes the output from the cat command and

places is in the location specified after it.

Another vital command to know is 'rm'. rm deletes a file from the

system, in the same way DEL would on a DOS system. Not to much else to

say.

Critical in your navigation of a Unix system is the ls command. ls is

DOS DIR on heroin. Simply type ls and you get a nice, neat list of

files in the directory.

DIR on controlled substances:

There are a few command line parameters that you should know...

foremost is l. ls -l gets you a list of files, and valuable

information about each file, including permissions (more on that

later), size, and linked files.

Another useful command for long file lists is C. ls -C gets you a

list of files in multiple columns, much the same as DIR /W would

merit a double column report of all existing files. A quick reminder:

ls -C is NOT the same as ls -c. Unix = case sensitive.

Another good command to know, mv will move a file from directory to

directory. For those of you without DOS 6.0 <gasp>, mv simply copies a

file to another directory and deletes the original.

quick tip for files on the lam:

if you want to rename a file (to protect the innocent), you need to

mv a file to a different file name. A quick demo:

# ls

myfile

# cat myfile

this is my file

# mv myfile my_other_file

# ls

my_other_file

# cat my_other_file

this is my file

Another vastly important command is 'man'. In fact, man is probably

one of the most important commands extant for a beginning user... it

calls up the system's help files. To use man, simply type in 'man

command', where command is a Unix command you seek to gain

enlightenment regarding. It's a great way to gain an understanding of

Unix commandline parameters.

If you are interested in seeing who's been on of late, or just want a

few names to try to hack, type 'who'. You get a quick list of users

that have accessed the system lately. If you <god forbid> need to know

who you are at this point, type 'whoami'.

If you want to change your identity on the system, type 'su name'

where name is an account on the system. It'll ask you for the account

password, then, *presto*... instant transmogrification.

A Caveat for smart alec hackers:

Unix typically logs usage of the su command. While su may seem like a

great opportunity to try to hack out passwords manually without

worrying about the system hanging up after 3 attempts, it's typically

not a good idea to do this, as it may alert the administrators to

your presence.

*Numero Uno on the list of commands NEVER to use on a Unix system:

The 'passwd' command changes your password on a Unix system. Seems

innocous enough, eh? Uh-uh. If your account is active, and there's a

very strong chance that it either is or will be, there is no better

way to lose the account than to change the password, only to have the

legitimate user alert the sysadmins when he/she can't gain access to

his/her normal account (well, there are better ways... you could

simply mail the sysadmin and tell him you are trying to hack his

grandmother's life support machine through your account).

I've seen this single, quick command turn a extremely lax system

into an ironclad security compound in less than a day.

DONT-FUCK-WITH-IT.

*Numero Dos on that same list:

The 'mail' command reads and sends mail. So what? Well, unless your

account is stable (and it isn't unless you either paid for it or

killed the original owner in such a way that his body cannot claw it's

way out of it's grave to it's keyboard), the user is more likely than

not going to know if you read his mail. In addition, if you send mail

out of the system (type 'mail', and a username/address; type in your

message and end it with a ^d on it's own line), the response from your

message will likewise alert the user to your presence.

System Spelunking

-----------------

The first place you want to check out in the wild uncharted directory

tree of your friendly neighborhood Unix system is the "/etc"

directory. What's in it? The single most intensely important file on

the system (besides a world writable root owned SUID file... but don't

worry about that)... the passwd file.

What is in the passwd file?

ю a list of all accounts on the system

ю a list of the passwords for these accounts

ю a list of access levels for these accounts

ю a list of the home directories for these accounts

ю a list of information pertaining to these accounts.

Why the hell the Unix designers decided this file should be world

readable is beyond me. Be content to know that your standard everyday

run-of-the-mill-lacking-in-certified-cosmic-power 'cat' command WILL

display this file. As will pg and more. However, because most users

don't have write permissions (more on that later) to the /etc

directory, 'cat' is pretty much the only applicable command here.

However, if you need to copy the file to your own directory (for

whatever reason), just cat it there with the directional operator (>).

The catch:

Well, there are two catches here. First off, regardless of system

security, if the passwords are in the file, they are encrypted. You

can't decrypt them. Although you can get a list of accounts without

passwords this way (just look for accounts with no entry in the

password field), and a list of accounts that can't be logged onto

remotely/at all (NO LOGIN), you can't get much else. Sucks, don't it?

Notice I said 'if' the passwords are there.

<ominous soundtrack please>

Some horrible, paranoid, draconian system administrators mutilate

their passwd files in such a way that (*gasp*) the passwords don't

show up. All you get is one cold, icy X staring at you from the bowels

of Unix Shell Siberia, mocking you as you pull your hair out in

frustration (sorry, but this is a sore spot with me). The kidnapped

passwords reside in the shadow file in the /etc directory, available

with your standard everyday run-of-the-mill-but-distinct-in-the-fact-

that-only-root-level-accounts-can-use-it-to-this-extent 'cat' command.

Well, if the passwords are encrypted, what good are they?

By themselves, nothing. A account with a Unix encrypted password will

get you no further than an account with no listed password at all. You

can't even deduce the amount of characters in the password if it's

encrypted. So what's the use?

The Unix method of encrypting files is available to the public. It is

also, to most mortals, irreversable. Essentially, this means you can

encrypt a string of characters, but not decrypt it. Even the unix

system itself doesn't decrypt the password when you log on...

When you log on, the Unix system takes whatever you enter at the

password prompt, encrypts it, and matches it to the entry in the

passwd file. Thus, the Unix system never decrypts the password... it

only compares it to a different encrypted string.

While this may not sound too particularly useful at first, it is.

There are programs that have been written to do the same thing on a

personal computer... you supply it a list of passwords and a list of

words to attempt to use as passwords (called dictionaries), and it

spends the night encrypting dictionaries and matching them to password

entries. By running a dictionary through a passwd file, on a typical

system, you can usually get 10-20 accounts. Good personal computer

examples of this program idea include Killer Cracker (the industry

standard, so to speak) and CrackerJack (faster than Killer Cracker).

Quick tips for CrackerJunkies with leech access at an H/P BBS:

A standard dictionary will not uncover passwords protected with an

appended digit or non-alphanumeric character. In order to get around

this, you need only grab a program that processes the dictionary file

to add that digit to each entry in the dictionary... although this

takes longer, and you'll need to do it multiple times, you can

typically get 10 more accounts just by adding a 1 to every entry.

Files and directories in Unix are characterized further by their

permissions. Permissions are a standard system of who gets access to a

specific function of that file or directory. Standard permissions

include read, write, and execute. You can get a list of permissions by

typing 'ls -l'. The first field in the listing contains the

permissions, grouped as follows:

owner group world

--------------------

rwx rwx rwx

(Not drawn to scale... in fact, it doesn't look anything like that).

Essentially, as long as the letter is there, you have access to that

facet of the file. If the letter is not there, you'll see a dash...

meaning you don't have access to that function. An example:

rwxr-x--x

In this case, the owner of the file can Read the file, Write to the

file, and eXecute the file; members of his group (a bunch of linked

accounts) can Read the file, CANNOT Write to the file, and can eXecute

the file; and the rest of the user population CANNOT Read or Write to

the file, but CAN eXecute the file.

rwx---rwx

is a WORLD-READABLE, WORLD-WRITABLE, WORLD-EXECUTABLE file. This

simply means that anyone can read, write, or execute the file.

Another permission sometimes set to a file is the SUID bit. An SUID

file contains a smallcase s in the user executable section of the

permissions list...

rws--x--x

When you execute an SUID file, your user ID becomes that of the owner

of the file. While this may not look to important at first, by now you

should know that no really important super elite hacker concept does.

Take a look at this:

rwsr-x--x

Synopsis? It's a world executable SUID file. In essence, anyone can

execute the file, and in doing so, become the owner of the file for

the duration of the time that file is operating. However, this doesn't

get you much, because you typically can't do anything while the

programis running. More likely than not, it's calculating how many

pencils it needs to order for school tomorrow or some other such

drivel.

The real power of the SUID file comes into play in this situation:

rwsrwxrwx

You won't see a lot of these, but when you do, look out. What you have

here is a world writable SUID file... and a world writable program can

be any program on the system you have read access to. Like, say,

/bin/sh... the Unix shell...

Quick command line example... 'diablo' is a root owned, world writable

SUID file. I'm going to ignore the rest of the output of the ls

command.

#ls -l

rwsrwxrwx... ...diablo

#cat /bin/sh > diablo

#diablo

$

Oh, just so you know, the $ prompt denotes root access.

Good deal, huh? In general, if you have right privs to an SUID file,

copy it to your own directory and cat /bin/sh into it. You now have an

instant gateway to the account of the owner of that file.

If you want to find files that you can do this with, try this out:

#find / -user root -perm -4000 -exec /bin/ls -al {} ";"

This will give you a list of all root owned SUID files. If you want

more info on the 'find' command, just 'man find'.

Well, I'm overdo for an appointment on the IRC in #warez... so I'll

cut off here. I hope I've been of assistance to you.

----------------------------------------------------------------------------

A C T U A L A R T I C L E E N D S H E R E . . .

Please feel free to save an extra 1k of file space and invoke the DOS

EDIT CUT command at the dotted line. Do not remove the rest of this

article on penalty of law.

S00P3R GR00P-3SQU3 GR33TZ / +HANX

Greets go out to Nowhere Man, INC, THG, UNT, SaD, SoD, PTA, SOB

Thanks to... ________________________

your ad here

Current DWE Akshul M3mbre Boards:

Nitro Burnin' Funny Cars WHQ/DWEnet HOST (312)582-1115 <XANAX>

The Prodigal Sun CHQ/MECCA (312)238-3585 <ASRIEL>

Dark Waters HQ/Infosite (312)667-0222 <MONK>

PyroTechnics II Infosite (708)991-9403 <PYRO>

DWE M3/\/\B3R LiST

President and Dictator for Life: Xanax

Head Courier/Warez Cracker: Asriel

Head Fisherman/Trout Expert: Changeling

Head Person That Gets Asriel Free CDs: Monk

Head Person That Gets DWE Members Free WaReZ: Pyro

Head Person That Knows More Than Asriel (Honorary Title): LVX

Head Person That Actually Wrote for DWE without Coercion: Cosmos

Head Know-It-All Stoner that runs 386bsd: Goldstein

Want to write for DWE? Neither do we. But if the spirit moves you,

write up an article about anything we haven't discussed already, and

post it somewhere in DWEnet or at any of the member boards, or call

any of the members voice and dictate it to them, or submit it to them

school newspaper of any of the members, or tack it on a bulletin board

in the Third Coast Cafe in Century Mall, and chances are it'll be

released as a s00per c00l DWE article.

W H A T F O L L O W S M U S T N O T B E D E L E T E D

---------------------------------------------------------------------------

(c) 2003 Hackers-Network

Asriel(tm) appears courtesy of Hasbro, Inc.