Hacking Servers

Hacking Servers:

I am asked at least 5 or more times a day by young, beginning"hackers", "How can I hack?" or "Is there a way to hack a web site?"Well there is. There are, in fact, literally hundreds of ways to do this. Iwill discuss a few in this text to get you started. Every hacker has to startsomehow and hacking web servers and ftp servers is one of the easiest ways.If you are reading this I am assuming that you already have a basic knowledgeof how web servers work and how to use some form of UNIX. But I am going toexplain that stuff anyway for those of you who don't know.

Part 1: Simple UNIX Commands
Most DOS commands have UNIX and Linux equivalents. Listed below aresome of the main commands you will need to know to use a shell account.
HELP = HELPCOPY = CPMOVE = MVDIR = LSDEL = RMCD = CD
To see who else is on the system you can type WHO. To get informationabout a specific user on the system type FINGER . Using those basicUNIX commands you can learn all you need to know about the system you areusing.
Part 2: Cracking Passwords
On UNIX systems the file that contains the passwords for all the userson the system is located in the /etc directory. The filename is passwd. I betyour thinking...."Great. All I have to do is get the file called /etc/passwdand I'll be a hacker." If that is what you are thinking then you are deadwrong. All the accounts in the passwd file have encrypted passwords. Thesepasswords are one-way encrypted which means that there is no way to decryptthem. However, there are programs that can be used to obtain passwords fromthe file. The name of the program that I have found to be the best passwordcracker is called "Cracker Jack." This program uses a dictionary file composedof thousands of words. It compares the encrypted forms of the words in thelist to the encrypted passwords in the passwd file and it notifies you whenit finds a match. Cracker Jack can be found at my web site which is athttp://www.geocities.com/SiliconValley/9185 Some wordlists can be found at the following ftp site: sable.ox.ac.uk/pub/wordlists. To get to the wordlist that I usually use goto that ftp sitethen goto the American directory. Once you are there download the file calleddic-0294.tar.Z which is about 4 MB. To use that file it must be uncompressedusing a program like Gzip for DOS or Winzip for Windows. After uncompressingthe file it should be a text file around 8 MB and it is best to put it in thesame directory as your cracking program. To find out how to use Cracker Jackjust read the documentation that is included with it.
Part 3: The Hard Part (Finding Password Files)
Up till now I have been telling you the easy parts of hacking aserver. Now we get to the more difficult part. It's common sense. If thesystem administrator has a file that has passwords for everyone on his or hersystem they are not going to just give it to you. You have to have a way toretrieve the /etc/passwd file without logging into the system. There are 2simple ways that this can sometimes be accomplished. Often the /etc directoryis not blocked from FTP. To get the passwd file this way try using an FTPclient to access the site anonymously then check the /etc directory to see ifaccess to the passwd file is restricted. If it is not restricted then downloadthe file and run Cracker Jack on it. If it is restricted then try plan B. Onsome systems there is a file called PHF in the /cgi-bin directory. If thereis then you are in luck. PHF allows users to gain remote access to files(including the /etc/passwd file) over the world wide web. To try this methodgoto your web browser and type in this URL:http://xxx.xxx.xxx/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwdThen substitute the site you are trying to hack for the xxx.xxx.xxx.For example, if I wanted to hack St. Louis University (and I have already) Iwould type in http://www.slu.edu/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
Don't bother trying www.slu.edu because I have already done it and told themabout their security flaw.Here's a hint: try www.spawn.com and www.garply.com
If the preceding to methods fail then try any way you can think of to get thatfile. If you do get the file and all the items in the second field are X or !or * then the password file is shadowed. Shadowing is just a method of addingextra security to prevent hackers and other unwanted people from using thepassword file. Unfortunately there is no way to "unshadow" a password filebut sometimes there are backup password files that aren't shadowed. Trylooking for files such as /etc/shadow and other stuff like that.
Part 4: Logging In To "Your" New Shell
OK....This is where you use what you found using Cracker Jack.Usernames and passwords. Run your telnet client and telent to the server thatyou cracked the passwords for, such as www.slu.edu. When you are connected itwill give a login screen that asks for a login names and password and usuallyinformation on the operating system that the server is using (usually UNIX,linux, aix, irix, ultrix, bsd, or sometimes even DOS or Vax / Vms). Just typein the information you got after cracking the passwd file and whatever youknow about UNIX to do whatever you feel like doing. But remember that hackingisn't spreading viruses or causing damage to other computer systems. It isusing your knowledge to increase your knowledge.
Part 5: Newbie Info
If you feel that you have what it takes to be a serious hacker thenyou must first know a clear definition of hacking and how to be an ethicalhacker. Become familiar with unix environments and if you are only juststarting to learn to hack, visit a local library and find some books onvarious operating systems on the internet and how they work. Or you could goto a book store and buy a couple internet security books. They often explainhow hackers penetrate systems and that is something a beginner could use asan advantage.