IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Basic Unix Hacking
 
By.
 
ÅçìÐMêì§TéR.
 
Visit Him @...
 
http://www.vol.com/~ameister
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 
 

Hopefully you have read my guide on hacking WebPages, if you have, and still find yourself with problems, or even without a cracked password file, it's mainly because the techniques I wrote about were extremely old, however it is still possible to find some servers with encrypted password files instead of shadowed ones.  This guide is mainly written to introduce you to the Unix enviroment, however if you want to learn Unix inside out it is recommended that you buy a book such as Learn Unix in 24 hours.  I strongly recommend getting this book as it gives you Unix from the bottom up, it is also full of examples which might help you point out exploits etc.
 Now for a start I will introduce you to some real basic commands.

Unix Command                  Description/dos command

ls   dir
cd   cd
w             find out who is no the system
rm   remove file
rmdir                                 remove directory
mkdir    make directory
ls -l   dir (with file permissions)
gcc    c compiler
 

The above commands are just some of the most used Unix commands, be aware however that there are over 250 Unix commands including the fact that if you become a good programmer you can make your own.  The gcc command above is a compiler it may also be cc depending on what type of system you are on.  I will include a section on compiling sniffers, root kits, and exploits etc. later on.  Another helpful command to know in Unix is the man command, this command is a short for manual, to use it type in man command.  Say you wanted to look up the command gcc asbove, all you would do is type in  man gcc.  This will give you all the manual pages for the command gcc.
 Ok so find a system on which you wish to poke your nose in peoples business, once found there are many ways of actually getting an account.  Note, gettign an account on the system is the hardest.  If it's an ISP like www.netcom.net, it shouldn't be a problem for you to get an account, here are some of the things I would suggest doing.  Call up the ISP and ask for a trial account, they will normally give you one for like a seven day period, don't forget to give them false information when they ask for your name and address and shit like that.  If however they wont give you a trial account, you could always get one of those crappy credit card generators, this should work if the ISP admin doesn't have a clue of what the hell he is doing, and doesn't have a credit card checker where you sign up, or else just like borrow someone's  credit card #, if you know what I mean.  Just remember to always give them false information.
 If neither of the above techniques work for you try to telnet to the site you are trying to hack, if you don't have a clue what telnet is then try it, just goto dos and type in telnet www.victim.com    if the site you are trying to hack has a port 23 then you're in luck and you will be given a login prompt, it's now you will have to try the default passwords listed below.

Default passwords on various operating systems, these lists are laid out in the format: login / password. Logins are case sensitive and should be typed as they appear here.

Unix password's.
 

root / root
sys / sys
sys / system
daemon / daemon
tty / tty
test / test
unix / unix
bin / bin
adm / admin
sysman / sysman
sysman / sys
sysadmin / sysadmin
sysadmin / sys
sysadmin / system
sysadmin / admin
sysadmin / adm
who / who
learn / learn
uuhost / uuhost
guest / guest
host / host
nuucp / nuucp
rje / rje
games / games
games / player
sysop / sysop
root / sysop
demo / demo
sysbin / sysbin
 

VAX/VMS Password's

SYSTEM / OPERATOR
SYSTEM / MANAGER
SYSTEM / SYSTEM
SYSTEM / SYSLIB
OPERATOR / OPERATOR
SYSTEST / UETP
SYSTEST / SYSTEST
SYSTEST / TEST
SYSMAINT / SYSMAINT
SYSMAINT / SERVICE
SYSMAINT / DIGITAL
FIELD / FIELD
FIELD / SERVICE
GUEST / GUEST
GUEST /
DEMO / DEMO
DEMO /
TEST / TEST
DECNET / DECNET
 

DEC Password's

1,2 / SYSLIB
1,2 / OPERATOR
1,2 / MANAGER
2,7 / MAINTAIN
5,30 / GAMES
 

PRIME Password's

PRIME / PRIME
PRIME / PRIMEOS
PRIMEOS / PRIMEOS
PRIMEOS / PRIME
PRIMEOS_CS / PRIME
PRIMEOS_CS / PRIMEOS
PRIMENET / PRIMENET
SYSTEM / SYSTEM
SYSTEM / PRIME
SYSTEM / PRIMEOS
NETLINK / NETLINK
TEST / TEST
GUEST / GUEST
GUEST1 / GUEST1
 

IRIS Password's

MANAGER
BOSS
SOFTWARE
DEMO
PDP8
PDP11
ACCOUNTING

VC/CMS Password's

AUTOLOG / AUTOLOG
AUTOLOG / AUTOLOG1
CMS / CMS
CMSBATCH / CMS
CMSBATCH / CMSBATCH
EREP / EREP
MAINT / MAINT
MAINT / MAINTAIN
OPERATNS / OPERATNS
OPERATNS / OPERATOR
OPERATOR / OPERATOR
RSCS / RSCS
SMART / SMART
SNA / SNA
VMTEST / VMTEST
VMUTIL / VMUTIL
VTAM / VTAM
 
 
 
 
 

 Ok once you have an account you can start to exploit the system, you may ask yourself, what does he mean by this, well go to http://www.rootshell.com there you will find a list of exploits just find the one specified for the system you are trying to hack.  Ok so you found an exploit for your system now copy all the c code from your browser over to notepad and save it as filename.c (remember the c ending) ok now ftp to your site that you already have an account on, by the way if you donmt know how to use ftp ask some technical support person or read a damn book.  Anywayz simply ftp to your account using your login and passwordand transfer the file.c to the remote computer.  When this is done telnet to the shell.  Once you have logged into your shell try typing in ls, you should now see the files in your home directory, notice the filename.c the file you just put in there via ftp.  Well inorder for the program to work you must compile it using the following command.
 

Gcc filename.c -o filename

As you can see the second the second filename should not have an ending.

Now you should have a compiled file in your hoem directory, using the example above it will create a file called filename.  You then need to.

Chmod u+x filename

This makes the file executable to you.

 Once this is done simply type in the filename.  This should inturn run the program. (On some machines you will need to put a  ./ in front of the filename, in fact this is correct on most systems).
 You may receive an error when compiling, this may be because the fiel you are trying to compuile is not made for the system you are compiling on, or the c code has been edited so only a person with experience can find the mistakes, correct them and compile the program.
 Well so now you finally have an account on the system, maybe a few others from using some exploits, now to get root this is what you really want and then you will have full system access.  This once again can be reached through exploiting the system, using the above methods.  However many exploits will not work because the sysadmin has had a bit of sense and patched his system, but for the most these patches will vbe pretty far behind, so if you like subscribed to the mailing list at www.rootshell.com  then you would automatiacly get the newest exploits and then you could just try to get into your victims system.  Well if you get root, then good job, but if you got a bin account, then just find another exploit and try again.
 When you have root there are a lot of different things to do, my best advice to you would be to figure something out yourself, anywayz I will tell you of some things I have done.  One interesting thing to do is to collect credit card #, this however will only work if you hack such a thing as an ISP which has online signups.  Another thing to do is to get in good with all these dumb asses who just want shell accounts at school or somewhere, just make them some accounts using commands such as adduser or mkuser  that's pretty fun.  But the best of all is packet sniffing you would be surprised how fun it is just watching what other people do on the system, basically what a sniffer does is intercept TCP/IP packets, this sometimes works if you are not root, and it's a fairly good way to collect accounts on the system.  Or offcourse there's the old classic that seems to be the most popular, just change their WebPages to something you like, offcourse the next time their system gets back online, their security will be even harder to get past.
 I know that there's probably a shit load of incorrect grammar in this guide, and I don't really give a damn.  The reason for writing this guide was to just do something with my time and besides I am tired of receiving like 58 e-mails a day and giving people the same answers over and over and over again.  I hope that at least this guide can help some people.  My next text file will probably be around 100 pages and will cover everything on hacking I have ever used, I just don't have the time but I figure it will be out about through the middle of summer vacation.   Visit my homepage and sign the guest book if you haven't already at http://www.vol.com/~ameister  and also consider purchasing one of my CD's. Also if there are any newbies that desperately need a shell account on a Unix system then let e know I am currently giving away accounts for $8.00 U.S currency a month.  This includes access to my hacking toolz and exploits and stuff like that. Basically anything you want that is within reason I will be willing to do for you, I just want a bit of experience of running a Unix system with users and shit like that.  Also if any newbie is interested in buying linux cd's for $25 a piece that's with all boot disks, this cd is the official one from redhat, and also I will help you out with installation, if any help is requested.  Please mail any questions, comments, death threats (hope not) to ameister@vol.com ..  Laterz.
 

And also thanx to all the kewl hackerz out there  just to mention a few.  Blindfire, Outkast, Planitman, Demize, HIGHTECHNO, and Havoc.  There are a shitload more but I'm just like not in the mood to list 150 different ppls.
 
 
 

Disclaimer:

Sad but true I have to include this dumbass disclamimer because of the little mother fucking pigs out there.  So here goes.  The information provided in this /article is in any way not to be used for illegal purposes.  It's not for little kid's to break into systems but more for system administrators to like test their own system (fat chance), alright and anything else that would make this ellegal consider it included, so don't get busted and blame it on this text.
 
 

Back To Index