Hopefully you have read my guide on hacking WebPages, if you have, and
still find yourself with problems, or even without a cracked password file,
it's mainly because the techniques I wrote about were extremely old, however
it is still possible to find some servers with encrypted password files
instead of shadowed ones. This guide is mainly written to introduce
you to the Unix enviroment, however if you want to learn Unix inside out
it is recommended that you buy a book such as Learn Unix in 24 hours.
I strongly recommend getting this book as it gives you Unix from the bottom
up, it is also full of examples which might help you point out exploits
etc
Now for a start I will introduce you to some real basic commands
Unix Command Description/dos command
ls dir
cd cd
w
find out who is no the system
rm remove file
rmdir
remove directory
mkdir make directory
ls -l dir (with file permissions)
gcc c compiler
The above commands are just some of the most used Unix commands, be
aware however that there are over 250 Unix commands including the fact
that if you become a good programmer you can make your own. The gcc
command above is a compiler it may also be cc depending on what type of
system you are on. I will include a section on compiling sniffers,
root kits, and exploits etc
later on. Another helpful command to
know in Unix is the man command, this command is a short for manual, to
use it type in man command. Say you wanted to look up the command
gcc asbove, all you would do is type in man gcc. This will
give you all the manual pages for the command gcc.
Ok so find a system on which you wish to poke your nose in peoples
business, once found there are many ways of actually getting an account.
Note, gettign an account on the system is the hardest. If it's an
ISP like www.netcom.net, it shouldn't be a problem for you to get an account,
here are some of the things I would suggest doing. Call up the ISP
and ask for a trial account, they will normally give you one for like a
seven day period, don't forget to give them false information when they
ask for your name and address and shit like that. If however they
wont give you a trial account, you could always get one of those crappy
credit card generators, this should work if the ISP admin doesn't have
a clue of what the hell he is doing, and doesn't have a credit card checker
where you sign up, or else just like borrow someone's credit card
#, if you know what I mean. Just remember to always give them false
information.
If neither of the above techniques work for you try to telnet
to the site you are trying to hack, if you don't have a clue what telnet
is then try it, just goto dos and type in telnet www.victim.com
if the site you are trying to hack has a port 23 then you're in luck and
you will be given a login prompt, it's now you will have to try the default
passwords listed below.
Default passwords on various operating systems, these lists are laid out in the format: login / password. Logins are case sensitive and should be typed as they appear here.
Unix password's.
root / root
sys / sys
sys / system
daemon / daemon
tty / tty
test / test
unix / unix
bin / bin
adm / admin
sysman / sysman
sysman / sys
sysadmin / sysadmin
sysadmin / sys
sysadmin / system
sysadmin / admin
sysadmin / adm
who / who
learn / learn
uuhost / uuhost
guest / guest
host / host
nuucp / nuucp
rje / rje
games / games
games / player
sysop / sysop
root / sysop
demo / demo
sysbin / sysbin
VAX/VMS Password's
SYSTEM / OPERATOR
SYSTEM / MANAGER
SYSTEM / SYSTEM
SYSTEM / SYSLIB
OPERATOR / OPERATOR
SYSTEST / UETP
SYSTEST / SYSTEST
SYSTEST / TEST
SYSMAINT / SYSMAINT
SYSMAINT / SERVICE
SYSMAINT / DIGITAL
FIELD / FIELD
FIELD / SERVICE
GUEST / GUEST
GUEST /
DEMO / DEMO
DEMO /
TEST / TEST
DECNET / DECNET
DEC Password's
1,2 / SYSLIB
1,2 / OPERATOR
1,2 / MANAGER
2,7 / MAINTAIN
5,30 / GAMES
PRIME Password's
PRIME / PRIME
PRIME / PRIMEOS
PRIMEOS / PRIMEOS
PRIMEOS / PRIME
PRIMEOS_CS / PRIME
PRIMEOS_CS / PRIMEOS
PRIMENET / PRIMENET
SYSTEM / SYSTEM
SYSTEM / PRIME
SYSTEM / PRIMEOS
NETLINK / NETLINK
TEST / TEST
GUEST / GUEST
GUEST1 / GUEST1
IRIS Password's
MANAGER
BOSS
SOFTWARE
DEMO
PDP8
PDP11
ACCOUNTING
VC/CMS Password's
AUTOLOG / AUTOLOG
AUTOLOG / AUTOLOG1
CMS / CMS
CMSBATCH / CMS
CMSBATCH / CMSBATCH
EREP / EREP
MAINT / MAINT
MAINT / MAINTAIN
OPERATNS / OPERATNS
OPERATNS / OPERATOR
OPERATOR / OPERATOR
RSCS / RSCS
SMART / SMART
SNA / SNA
VMTEST / VMTEST
VMUTIL / VMUTIL
VTAM / VTAM
Ok once you have an account you can start to exploit the system,
you may ask yourself, what does he mean by this, well go to http://www.rootshell.com
there you will find a list of exploits just find the one specified for
the system you are trying to hack. Ok so you found an exploit for
your system now copy all the c code from your browser over to notepad and
save it as filename.c (remember the c ending) ok now ftp to your site that
you already have an account on, by the way if you donmt know how to use
ftp ask some technical support person or read a damn book. Anywayz
simply ftp to your account using your login and passwordand transfer the
file.c to the remote computer. When this is done telnet to the shell.
Once you have logged into your shell try typing in ls, you should now see
the files in your home directory, notice the filename.c the file you just
put in there via ftp. Well inorder for the program to work you must
compile it using the following command.
Gcc filename.c -o filename
As you can see the second the second filename should not have an ending.
Now you should have a compiled file in your hoem directory, using the example above it will create a file called filename. You then need to.
Chmod u+x filename
This makes the file executable to you.
Once this is done simply type in the filename. This should
inturn run the program. (On some machines you will need to put a
./ in front of the filename, in fact this is correct on most systems).
You may receive an error when compiling, this may be because
the fiel you are trying to compuile is not made for the system you are
compiling on, or the c code has been edited so only a person with experience
can find the mistakes, correct them and compile the program.
Well so now you finally have an account on the system, maybe
a few others from using some exploits, now to get root this is what you
really want and then you will have full system access. This once
again can be reached through exploiting the system, using the above methods.
However many exploits will not work because the sysadmin has had a bit
of sense and patched his system, but for the most these patches will vbe
pretty far behind, so if you like subscribed to the mailing list at www.rootshell.com
then you would automatiacly get the newest exploits and then you could
just try to get into your victims system. Well if you get root, then
good job, but if you got a bin account, then just find another exploit
and try again.
When you have root there are a lot of different things to do,
my best advice to you would be to figure something out yourself, anywayz
I will tell you of some things I have done. One interesting thing
to do is to collect credit card #, this however will only work if you hack
such a thing as an ISP which has online signups. Another thing to
do is to get in good with all these dumb asses who just want shell accounts
at school or somewhere, just make them some accounts using commands such
as adduser or mkuser that's pretty fun. But the best of all
is packet sniffing you would be surprised how fun it is just watching what
other people do on the system, basically what a sniffer does is intercept
TCP/IP packets, this sometimes works if you are not root, and it's a fairly
good way to collect accounts on the system. Or offcourse there's
the old classic that seems to be the most popular, just change their WebPages
to something you like, offcourse the next time their system gets back online,
their security will be even harder to get past.
I know that there's probably a shit load of incorrect grammar
in this guide, and I don't really give a damn. The reason for writing
this guide was to just do something with my time and besides I am tired
of receiving like 58 e-mails a day and giving people the same answers over
and over and over again. I hope that at least this guide can help
some people. My next text file will probably be around 100 pages
and will cover everything on hacking I have ever used, I just don't have
the time but I figure it will be out about through the middle of summer
vacation. Visit my homepage and sign the guest book if you
haven't already at http://www.vol.com/~ameister and also consider
purchasing one of my CD's. Also if there are any newbies that desperately
need a shell account on a Unix system then let e know I am currently giving
away accounts for $8.00 U.S currency a month. This includes access
to my hacking toolz and exploits and stuff like that. Basically anything
you want that is within reason I will be willing to do for you, I just
want a bit of experience of running a Unix system with users and shit like
that. Also if any newbie is interested in buying linux cd's for $25
a piece that's with all boot disks, this cd is the official one from redhat,
and also I will help you out with installation, if any help is requested.
Please mail any questions, comments, death threats (hope not) to ameister@vol.com
. Laterz
And also thanx to all the kewl hackerz out there just to mention
a few. Blindfire, Outkast, Planitman, Demize, HIGHTECHNO, and Havoc
There are a shitload more but I'm just like not in the mood to list 150
different ppls
Disclaimer:
Sad but true I have to include this dumbass disclamimer because of the
little mother fucking pigs out there. So here goes. The information
provided in this /article is in any way not to be used for illegal purposes.
It's not for little kid's to break into systems but more for system administrators
to like test their own system (fat chance), alright and anything else that
would make this ellegal consider it included, so don't get busted and blame
it on this text