The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / hacking / unix / discrete.doc < prev next >

Wrap

Text File | 2003-06-11 | 93.6 KB | 2,089 lines

/////////////////////////////////////////// // Baldrick's guide to discrete UNIX use // // Complete with Internet babble // /////////////////////////////////////////// First edition: Never before released in any bloody form. Volume 1: The story so far.... ============================================================================== DISCLAIMER: I didn't write this file. Someone else did and framed me using my pseudo so I'm obivously not liable for any of it. He went that way. TEASER: If you really liked this file then just wait a bit and if I figure out any new and funky interesting tips I'll put them out too in a text phile series that would make Maury Pauvich turn green. ============================================================================== ////////////// ///Contents/// ////////////// (if you wanna find it quick, search for the contents number x.x) 1.0 Introduction (aka mindless self-indulged ego statements and pseudo- visionary babble about the realisation of Cyberspace) 2.0 UNIX from DOS in thirty minutes or your money back 2.1 Logging in and logging out 2.2 Basic file manipulation 2.3 The manic man command 2.4 Reaching Nirvanna through ed(1) (text manipulation) 2.5 Intra-system communication - who, finger, write, talk, etc. 2.6 Multitasking without L.S.D. 2.7 Security - file permissions and chmod 3.0 Playtime on your local system 3.1 aliasing commands 3.2 Shell scripts (incl. ~/.*) 3.3 Changing your default shell and the tcsh shell. 3.4 Causing mindless havoc through write and other childish tricks 3.5 The Importance of Being Earnest (hiding what you are doing) 3.6 cat /etc/passwd > ~/lab7.h 3.7 Security - A couple of cunning plans 4.0 Reach out and touch someone (playing with the Internet) 4.1 finger, talk, and mail to remote clients 4.2 USENet newsgroups 4.3 telnet and rlogin 4.4 FTP and FSP 4.5 Gopher 4.6 MUD, MUSH, MUCK, MUSE, IRC 5.0 Piracy and Internet 5.1 The Internet Pirate: Scourge of the Network 5.2 Getting Contacts 5.3 Information Trading 5.4 Paranoia (how to not get caught) 5.5 Aside: Faking Mail 5.6 Aside: Naughty Pictures 6.0 Onwards to Victory ////////////////////// // 1.0 Introduction // ////////////////////// So I wanna be a guru... A couple years ago, the foolish computer science faculty at my post-secondary institution were nice enough to give me my very own spanking new UNIX account. After spending the first afternoon buggering around typing the only command I thought I knew ("sh us", actually a VMS command that had somehow sprung into my head), I gave up the cause of getting any information for lost. My lethargy soon lifted, however, and I set out on a quest to get some information on UNIX. The computing services people graciously provided me with two duplexed photocopy sheets of information, and I supplemented that with Brian Kernaghan's "A Beginner's Guide to UNIX" and then I was on my way. Now it seems that lots of people I know are just getting into the UNIX / Internet thing and want to know how to USE it. Not how to read their mail and play MUD, but all sorts of things that go on slightly under the table... "I don't know much, but here's something to get you started" I invariably reply to these people and promptly wear myself out typing page after page of "Oh, P.S. - you might also want to ..." statements. And so, I've set out to create what you have before you - Baldrick's guide to discrete UNIX use. This is an attempt at answering all the questions I had when I was learning and couldn't find the answers. I was very lucky to know some people who dropped me hints and put up with my whining - the best way to learn UNIX is apprenticeship it seems (the guild system alive and well?). To close off this lofty and drab introduction, I'd like to offer ceremonial gold stars for cooperation and UNIX knowhow to Gollum, without whom I would probably be hanging out in #esperanto. Thanks also to Puzzling Evidence, who although by his own admission "UNIX dumb" managed to find out a hell of a lot and write a damn good article about it before I was even a sparkle in the great big Computing Services martini. Stingray also gets some honorable mention for his general smarts in UNIX nastiness. ///////////////////////////////////////////////////////// // 2.0 UNIX from DOS in ten minutes or your money back // ///////////////////////////////////////////////////////// 2.1 Logging in and Logging out ------------------------------ You begin here. There are two obvious ways of getting onto a system to log in - one is by using an ever-so-stylish terminal, and the other is by actually phoning in from home using communications software. There are usually machine-specific ways of doing each (wake-up commands for the terminals, and wierd tripped out modem settings like 9600 7O1) which you will have to find out from whoever gave (stole?) you an account. When you do finally get connected to the UNIX system, you will see a header resembling this: SunOS UNIX (systemid) login: The login: prompt is the infamous hallmark of a UNIX system. You will have a user id which can be up to 8 characters and which is typed entirely in lower case. This is often your first initial followed by your last name (or the first seven letters of it). Once you have entered a login id, regarldess of whether it is right or wrong, you will see the prompt Password: and you must enter a password. This is case sensitive (as is everything in UNIX) and not echoed as you type. Assuming you get everything right, you should be rewarded with the login message; if you screw something up then you'll end up seeing the rather unpleasent Login incorrect login: and you'll get to try again. Most systems get tired of you after four or five attempts and will drop the connection with a curt "too many attempts / bye". Once you've gotten past the login part, the UNIX system will automatically display any prominent bulletins from the administration (these are stored in the file /etc/motd if you ever need to see them again), and then proceeds to log you in according to the settings you have recorded in your .cshrc and .login scripts (these are usually preset for you, but you may want to play with them and customize things. More on this later - see section 3.2). You may be asked to enter your terminal type (vt100 or vt220 are often the standards) while this process takes place, and you may be notified of any new news in the newsgroups you are subscribed to, along with any mail you have waiting. If all goes well you will either end up in the shell - your command prompt. UNIX comes with two default shells: the bourne shell (prompt is a dollar sign, '$') and the C Shell (prompt is a percent sign, '%'). On all the systems I've used, the C shell has been the default. Often the prompt also includes the name of the machine (but not the current directory, like a $p$g in DOS). Most systems also have the "tcsh" shell, which is an advanced version of the C-Shell with some nifty features. More on using that later. From here, you are free to explore with any of the topics mentioned elsewhere. Keep in mind that when you want to quit, just type 'logout' to logoff the system. To change your password at any time, simply enter the command, "passwd" at the prompt. UNIX will ask you to type your old password, and if you get it right you will be able to enter a new one (you will also be asked to type it again for verification). 2.2 Basic File Manipulation --------------------------- Here I'll basically tell you the equivalents of your favourite DOS commands. To get full (but alas totally incomprehensible) help on ANY UNIX command, type man [command] man stands for the UNIX online manual. *Command: ls In DOS: dir In UNIX, ls (a prophetic abbreviation for LiSt files) will list the files in the current directory. Simply typing ls will give you a terse listing of filenames only (a lot like a dir /w). By default, UNIX does not display any file beginning with a period "." character (this is used so you don't have to see administrative files every time you do an ls command.) Typing ls -a will show ALL files, including these hidden files. Typing ls -l will display a listing in a long format, more similar to a normal DOS dir command. You can combine these options: ls -al will list all files, in long format. A useful additive is ls -F; this will mark all direcotires with a trailing slash (eg: dirname/ ) in an ls listing. this is a faster way of identifying directories than using ls -l. *Command: pwd In DOS: cd with no arguments pwd stands for "print working directory". This is the best way to find out where in the hell you are. It's quite easy to get lost on a mainframe system when changing directories raplidly; pwd will tell you what directory you are in by displaying the path from the root) You start in your Home Directory - this is your personal space to put Stuff. You can get info about your privelages by using the du and quota commands: *Command: du In DOS: No equivalent du will simply tell you how much disk space the files in the current directory are taking up. It's handy to let you know where all your home directory space has gone. *Command: quota In DOS: No equivalent Use the command: quota -v to get information on your space restrictions. you will usually be shown how much space you were given, and your maximum limit (usually you are allowed to go over by 100K or so, but you get nasty messages if you keep this much Stuff in your directory. If you go over the limit, you will not be allowed to save any more Stuff. *Command: cd In DOS: cd / chdir cd is the basic method of changing directories. Like in DOS, a single period '.' stands for the current directory (and can be used as a command argument) and a double period '..' stands for the parent directory (one level up). Unlike DOS, diretories in a path are seperated with FORWARD not backward slashes. This will drive you absolutely nuts every time you shell to DOS from your communication program and try to change directories. Furthermore, in UNIX, you have one extra symbol you can stick in a path. The tilde character (~) stands for your home directory - this is very useful in a huge file structure such as you often find on mainframe systems. Examples: cd ~/mystuff/textdir cd ../../incoming *Command: cp In DOS: copy cp is equivalent to the DOS copy command. The only difference is that you MUST use two arguments: cp f1 f2 ; you cannot just leave off the second one and expect UNIX to default to the current directory. (to achieve this you just use '.'). Thus, you cannot type 'cp News/rec.arts' and expect that file to pop into your current directory - you'd have to type one of the following: cp News/rec.arts . cp News/rec.arts rec.arts cp News/rec.arts newname This command also brings us to the topic of the * wildcard character. UNIX is quite a bit more versatile than DOS here - you can use a * parameter by itself to indicate you want all files, or even take a *.txt for example, which will even allow you to get files like this_has_a-longName.txt. *Command: mv In DOS: ren (well, sort of) The mv command moves the first file argument to the second file argument. You can use this to rename files, or to move them around. Just like the cp command, you MUST use two arguments. *Command: rm In DOS: del or erase The rm command will ReMove a file. There is no warning before it does it and it's pretty much irreversable (Central Point Undelete can't help you now that you've left Kansas). Even more annoying, you can type rm * and kill EVERYTHING very quickly without an 'Are you sure' prompt. It is sometimes a good idea to call rm with the -i switch so that it confirms each deletion seperately. It is actually an even better idea to alias it to always use the -i switch - see section 3.1. You can remove a DIRECTORY and all its contents (no verification) by using rm -r [dirname]. *Command: mkdir In DOS: md or mkdir mkdir functions the same as in DOS - it creates a subdirectory in the current directory. *Command: rmdir In DOS: rd or rmdir rmdir will remove an EMPTY directory, the same as the equivalent DOS command. Similarly, if there are still files in the directory rmdir will display an error message. Use rm with the -r switch to remove a directory and contents. *Command: cat In DOS: type the cat command will display the contents of a file to the screen with no formatting and no pauses - it functions exactly the same as the DOS type command. Similarly in DOS and UNIX, if you try to display the contents of a binary file you may get unpredicatble results and you probably won't get to see the whole file contents. Cat is often used in conjunction with the UNIX pipe and redirection commnands. These commands exist in DOS where they are seldom used; in UNIX they're extremely useful and you will want to use them a lot. *Command: >, <, | In DOS: <,>,| - file redirection and pipes You can send the output of a command to a file by using the redirect output (greater-than sign, '>') command. For example, you can crudely copy a file by using this command: cat [file1] > [file2]. (This is useful when you have read permissions to a file but not exec permissions and you can't copy it with the cp command but can display it with cat). Similarly, you can redirect the input to make it a file rather than the 'standard input'. This is done with the input redirection (less than sign,'<') command. For example, you could issue the command: ed /etc/passwd <rootscript >newpsswd Which would run ed on the /etc/passwd file, issuing the commands as you have typed them into the file rootscript, and then output any messages to newpsswd. Using the symbol '>>' will append to the destination file rather than overwriting it as you would with '>'. So you can: crack <passwd >>valids You get the idea... The pipe command "|" allows you connect the output from one program to the input of another. For example: ls -al | stripblanks >>outfile would run the executable 'stripblanks' with its input as the output of the 'ls -al' command, and the output from stripblanks is appended to the file 'outfile'. *Command: grep In DOS: No equivalent grep is a useful command that lets you pick needles out of haystacks. The syntax is: grep [<">pattern<">] [filename] You type a pattern to search for (use quotation marks around it if it contains any spaces) and a filename and grep will dispaly all the LINES in filename that contain the pattern. For example, grep root /etc/utmp Will find and display all lines with the pattern "root" in the file /etc/utmp. Using grep on a binary file can have unpredictable results. grep is especially useful for files where one record takes up one line - it allows you to quickly get the information you need. *Command: history In DOS: No equivalent History allows you to see what the past 10 commands (10 by default) that you typed are. Each command is numbered although the system usually saves only the last 10. You can turn off this saving of commands by using set history=0 (this is not available on BSD UNIX, but you can delete any incriminating history files by deleting the .history file in your home directory). You can also opt to keep more or less than 10 commands using the set history= command. *Command: ! In DOS: F3 and F1 do a little of this Typing !! will repeat the last command verbatim, like using F3 in DOS. You can also type !23 and get command 23 (as it is shown in history) repeated. Or you can even type !gre and the last command with the pattern 'gre' in it (most likely a grep command) will be repeated. With just those simple commands, you are able to perform most of the file manipulation you will need. 2.3 The manic man command ------------------------- Invaraibly, you will reach the point where you will want to know more than is found in this file. Or, you will ask someone for help on something, and they will say something to the order of: Just see vi(5) and blah blah blah blah. In UNIX, the entire manual is online for you to use. It's so absolutely huge that you would never want the whole thing (indeed, when you see printed copies they usually take up more kitchen counter space than June Cleaver had in her house). When people refer to programs as progname(#) they are actually dropping you an estoeric UNIX hint about getting more information. The number in brackets is the section of the UNIX manual (there are less than ten of these volumous beasts, I believe) which has the information they are referring to. To get that information you can usually just type man progname In some cases, you will want to search in another section than what pops up - in this case just add the section number: man vi 5 or something to that effect. When you are reading the man pages, you will probably be in either the "more" or "less" viewer programs. You can move around in these with the following keys: Key: Action: ---- ------- (space) Next page (enter) Next line g Beginning of file G End of file n Next Page b Previous Page /sometxt Search for the next occurrence of "sometxt" (hit Enter to start the search). With a little luck and some intuition, you can wade through the man pages and find what you are after. Keep in mind that they are complete technical specifications for the commands, and are not necessarily written to be easily understood. Rather, they just list all the options and blurb about the item in question in as much technical jargon as possible. Should you really need to pore over it, you might want to pipe the manual into a file: man more > more.man This will create a file called "more.man" in the current directory, which contains the manual pages for the command more(1). 2.3 Reaching Nirvanna through ed(1) - Text Manipulation ----------------------------------- One of the chief commoddities that you'll be getting your grubbly little hands on using UNIX is information. You need a method to keep all this Stuff, hence text manipulation. I'll go over creating a file first, so you can have your very own to look at. The easiest way to create a text file is through ed(1). If you liked EDLIN, you'll love ed at your prompt, type: ed [filename] If [filename] is a new file you'll be told so, and then be left waiting. typing 'a' allows you to start adding to the file (though no indication is given that you have done so.) Type away and then when you're finished enter a single period on a line by itself to end the input. Now you can type one of the following commands: w - write to disk q - exit - if you haven't saved a ? is printed and you are given salvation p - list current line 1,$p - list first to last line ($ = the last line) More archaic commands are available; see man ed for more help. If this form of torture isn't entirely your scene then there is a much friendlier text editor available named vi (for Visual Editor), which you will immediately hate. But given time you will really get to like it. Call vi by typing vi [filename] and a nice screen will pop up with tilde marks down the left side and 'filename [New File] mm/dd/yy' at the top. Now, I realise that there must be SOME vi help SOMEWHERE, but I can't find it. So here's a rough guideline to using it. vi has three modes that you might be in. For lack of some wierd-ass UNIX abbreviations for them, I've made my own names for them. You start out in VISUAL editor mode, and can go to INSERT mode or COMMAND mode. If you "vi newfile" or some unexisting file, you will see a bunch of tildes down the left hand side of the screen and that is it. to actually start typing (ie to move from VISUAL mode to INSERT mode), you must choose the insert command, or "i". You can also choose "a" which does the same thing, but moves you ONE CHARACTER right before adding text. You can't move further left than where you started either (to, for example, correct a mistake you just noticed earlier in the line). However, once in INSERT mode you can just type normally. When you want to move around, or do some editing, or something, you'll want to move back to VISUAL mode. Do this by hitting [ESC]. Now, you can move around with the movement keys: j = one char left, k = one char right, k = one char up, l = one char down. Or, you can delete a character in front of the current cursor position: x = delete one character dd = delete entire line (analagous to Ctrl-Y in wordstar) You can also move up a page: b = go back one page n = go to next page g = go to start of docuemnt G = go to end of document You can also repeat commands by typing a number first. So for example, typing 10dd will delete the next 10 lines. typing 50j will move left fifty characters. Once you have everything edited and looking good, you'll want to save. Go to COMMAND mode by hitting Q (must be upper case) from VISUAL mode (and you will have to do [ESC]Q from INSERT mode). You will see a prompt (a colon) pop up at the bottom of the screen and the cursor will go there. At this point you are basically in ed(1) again. You can use the "w" command to write the file, then the "q" to quit... or you can quit without changing by doing a "quit!" (it forces you to do this if you haven't saved). If you messed up and want to go back to VISUAL mode from command mode, just enter the command "vi". Many other commands are available but those are enough to get you by on a day to day basis. With vi, practice definitely makes perfect. There is also a quicker way to get to command mode, but it returns you right back into visual mode when you have entered each command. From visual mode, just type a colon ":" and the colon will appear, then type the command and ENTER. Once it has executed you are back in visual mode. This is faster in a lot of cases. There is one more ESSENTIAL command for happy vi'ing. It's the undo command, "u". You can use the "u" command from VISUAL mode any time you like to undo the last editing action. Using it a second time will re-do the last edit action. 2.4 Intra-system communication ---------------------------------- UNIX is designed as a multi-user operating system. Thus the chances of only one person being logged on the system at the same time are quite slim; in large mainframes there are often well over 20 people logged in at once, even during off hours. UNIX allows you, using a number of built-in functions, to communicate with and annoy these people freely. This is extremely useful for getting information in a hurry. Coffee Talk thrives under UNIX. *Command: who The who command will tell you who is logged into the system. You are given two fields of information about each user. Their login id is shown, and the port that they are logged in from (called a tty - usually of the form ttyxx where xx can be any combination of letters and numbers). Try this command now. Usually there will be an operator logged in always, regardless of who is on the system - this is just an account that stays open all the time and should cause you no sudden paranoia. The next thing we will want to do is commuinicate with these people. If there's someone you know (or you can even do this to yourself, it will work fine) then write them a note: *Command: write At your shell prompt, use 'write [userid]' to write another user. They will hear a beep, and on their screen they will see: MESSAGE FROM yourid ON TTYxx Followed by each line of text you type, as soon as you finish typing it. When you've finished your message, you can hit CTRL-D to finish - the person you were writing to will see 'EOF' on their screen. You can also pipe and redirect things into the input of a write function - thus you can type a notice and: write auser <notice.txt I have a program called banner which just makes a large banner of the argument (in big friendly letters). I often greet people with this command: banner Good Morning! | write auser If a user is logged on more than once, you will see a message: User auser logged on more than once - writing to ttyxx If for some reason they aren't responding you can try another tty - simply add which tty you want to write to after the command (don't include the 'tty'). For example, to write to user jblow on ttyie: write jblow ttyie Sometimes write will tell you: Cannot write to ttyxx - Permission denied. This means that the person has turned off their messages and obviously doesn't want to be disturbed by people writing them. *Commmand: mesg mesg controls whether your messages are on or off. The default is to have them on so that people can write you; you can turn them off however by issuing the command: mesg n Or turn them on using mesg y Typing 'mesg' with no aruments will tell you what the current setting is. You can find out whether a person's messages are on or off, and a lot more useful information by using the finger command. *Command: finger finger is one of the most useful UNIX commands you will encounter. Sometimes versions of finger vary depending on your system; but on most new System V and BSD UNIX systems the format is exactly the same. Finger is like an extended who, which also allows you to get specific information on a user. for example, you could type finger jblow and get the following: [blah blah blah] You are given the user's login id, message status (if messages are off you are told so), time of login, idle time (time since user last entered a command), when the mail was last read, the contents of the user's ~/.plan and ~/.project files, and the user's full name. The .project and .plan information is specified by creating files in your home directory named .project and .plan respectively. Note that only the first line of the .project file is shown. Some serious anal-retentive people use this for its intended purpose, but most people put a friendly or silly greeting in there (really dumb people provide you with their home address and telephone number... heh heh heh). Whoever set up your account most likely entered your full name in the "In real life:" field - you can in fact change this to whatever you like using chfn. *Command: chfn chfn (for CHange Full Name), allows you to change the contents of the "In real life" field when someone fingers you. Just enter 'chfn' at the prompt and you will be asked for a new full name - as your last name is given by your id in most cases, lots of people stick their first name in here (It's not kosher to call yourself Adolf Hitler on UNIX systems, by the way). *Command: talk When you tire of the akwardness of the write command, you might want to try the talk command. This bascially allows you to chat to another user in a nice split-screen chat mode; your typing goes on one half of the screen and the person's that you're talking to goes on the other. Talk is much more sophisticated too in that it gently pages the user without just barging in on their screen. Attempt to talk to someone else by typing: talk userid And they will hear a beep and see this message: You are being paged by jblow@machine.address.address To respond type talk jblow@machine.address.address Don't worry about the @ sign or the address information for now - I'll explain that in the next section. You can actually reply to someone on your own system just by typing the userid - (you don't need the @ sign or the address). While this is going on, the person who initiated the page is waiting in a blank talk screen and getting a status report on how the paging is going. When the person finally responds the top status line will say [Connection Established] and you can begin typing. To stop talking use Ctrl-C to exit. If you are talking to someone on your machine and they are logged in more than once you can pick the tty to talk to (just like with write). but this time, you use just the two letters at the end: talk jblow i5 will talk to jblow on ttyi5. *Command: mail Using the mail command, you can send electronic mail to any user of the system, and you can read any mail that you have waiting in your own mailbox. Most sytems will notify you if you have mail when you log in. To check your mail box type: mail If there is no mail for you you will be told so, otherwise the list of subject lines, or headers, will appear on the screen. Each message header has a number and tells you who it's from, as well as the subject. You can then hit <enter> to start reading at the first message. Like ed, mail has the concept of a current message - you can use any of the mail editing commands and they will effect the current message, or you can specify which message you want them to work on. The commands are: h - Redisplay the list of headers d<#> - Delete message r<#> - reply to message s<#> <filename> - save message (it will save it to a file called mbox unless you type a filename using 's filename') q - quit and append all undeleted messages to the ~/mbox file x - exit, leaving the messages pending in your incoming mailbox. the mbox file is a file in your home directory where any mail that you don't delete is kept. You can go through and edit or delete this as you please; it's a convenient place for storing mailings you want to keep for a while. To mail another user, type: mail userid You will be prompted for a subject (which the other user will see in their headers when they type mail). Then you are free to type whatever you want in the mailing and end it with a CTRL-D character. If you mess up their userid the mail will eventually get returned to you and you can save it in mbox or somewhere else, edit it and then try again. In chapter 4, I'll explain how to mail someone anywhere in the world, assuming you know their address. If you are lucky, there is a program called "elm" on your system. elm is a much more advanced mailing system then the default mail(1), and allows you to quote in your replies and use vi to write them etc. Find out by just typing "elm" (it will be in the path if it's there) or if you suspect it's around but not in the path then talk to the administration on your system and bug them about it. 2.5 Multitasking without L.S.D. ------------------------------- Multitasking on UNIX is extremely useful and very easy to do. Each 'thing' you have running on the system is called a process or job. The shell which you use to enter commands is a job which is always running; when it ends you are logged out of the system. *Command: jobs To find out what jobs you have running, type the command: jobs from the shell. A list of all jobs currently running (each one with its own number) is shown. Initially all you will see is your shell. You get out of a job and back to the shell (where you can start new jobs) by using the CTRL-Z hotkey. When you CTRL-Z a process its exectution is suspended, and UNIX issues the message Stopped % and you are returned to the command prompt. Try this - look up something in the manual by typing: man talk and wait until the screen appears, then hit CTRL-Z. You will be returned to the shell. Typing 'jobs' shows you that, sure enough, process number two is man talk, and that the job is currently stopped. There will also be a '+' symbox next to it, meaning simply that this is the CURRENT job. The csh job will most likely have a '-' symbol next to it, indicating that it is the PREVIOUS job. You control which job you're seeing on the screen using the fg command. *Command: fg fg will put a specified job in the foreground. To put the job listed as CURRENT (+) in jobs into the foreground, type fg %. The job resumes execution from where you stopped it. To put a specific job in the foreground by number, use fg %n where n is the number of the job. You can also keep processes running in the background while you do ohter things - this is achieved using the bg command. *Command: bg bg will place a specified job (use %n or %) into the background and continue its execution. Note that if this job decides it's going to output to the screen it will display right over whatever you are doing in the foreground. You can avoid this by redirecting the output using > when you start the process. This can be very chicken-and-egg if you don't know that you're going to stick it in the background when you start though; most times it's not really worth the hassle. When a process finishes execution and exits while still in the background you will be notified by UNIX that it has finished. *Command: & Using an ampersand '&' after a command line will automatically put that job in the background. So, for example, you could type: crack /etc/passwd >validfile & and that process would begin running in the background, piping its output to validfile and allowing you to go on and play with other things. *Command: ps ps, another wizard abbreviation for ProceSs will give you the processes (née jobs) that you have running on the system (even ones you started from a different terminal when you're logged on more than once). You are given four columns of information, left to right. These are the pid, the tty it was started from, the CPU time it has used to far, and what the process is. You can be nosy and see ALL the processes running on the system if you like. This lets you know what other people are doing, and you can even find out some interesting information from doing this sometimes. Use the -a switch. If you see something that interests you and you want to see who is running it you can easily find out using 'who' - just match up the tty. Alternatively, you can get sophisticated and use grep. For example: who | grep ttyie will tell you who is on ttyie. Or you could ps -a | grep talk to find out which tty's are using the talk command right now. ps displays information for active (doing something) processes only. To see a list of inactive (stopped) processes that you have, use the -x switch. This is useful for when your terminal freezes and you get stuck on the system. Sometimes even dropping carrier on a modem won't terimate the session. To do this properly, or to kill a process you don't want quickly, use the kill command (you have to log in from a different tty to do this.) *Command: w w is a much eaiser way than using the "ps -a | grep" combination of finding out what people are doing. typing "w" by itself tells you all the userids on the system and what they are up to. You can also w jblow to see what he is up to. The only setback with w is that it only shows the top command that a user is doing. So for instance, you can hide what you are doing from a "w" by doing something like this: write root <fuckyoufile& ; rn and w would only show you as using "rn". This doesn't make the above method safe at all, by the way, for hiding what you are doing - try it sometime by putting lots of commands going and then doing a "ps -a". It's a hurrendously bad idea. *Command: kill The easiest way to use "kill" is to list your jobs with the "jobs" command, and then kill the one you want by typing, for example, % kill %3 to kill job 3. Sometimes you need to kill a defunct login shell or something else you have started that isn't listed in the "jobs" listing. In this case, type "ps" to see the process listing for your login, and if that STILL doesn't have what you want to kill, the process you're looking for is idle or defunct. Type "ps -x" to show ALL processes, even those inactive ones you've started. Write down the pid you want. Then: kill [pid] will kill the process with the specified pid. If you are trying to kill an incative process, use the -9 switch as well: kill -9 12746 will kill the inactive process with pid 12746. If you're killing an inactive shell (ie. a stuck shell) make sure you don't mess up and kill the current one - that will just log you out. You can usually tell the difference by looking at the pid's - pids are simply handed out in order and so the shell with the closest pid to the ps -a command is the one that you're currently using; kill the other one. (One of these kids is not like the other one/ one of these kids is doing his own thing...) 2.6 Security - file permissions and chmod ----------------------------------------- Every file in the UNIX operating system has privelages associated with it. These are grouped into three categories: owner, group, and all. You can set the access on a file to different levels for each of these. When you do an 'ls -l' command, you are given the access privelages of each file. Here's what the fields mean: drwxrwxrwx filename ... ^^^^^^^^^^ ||||||||||------ Execute by all (if a directory, execute controls "cd" access) |||||||||------- Write (alter) by all (or write into a directory) ||||||||-------- Read by all |||||||--------- Execute by group ||||||---------- Write by group |||||----------- Read by group ||||------------ Execute by owner |||------------- Write by owner ||-------------- Read by owner |--------------- File is a directory When you see these letters it means that the attribute is set (ie. the access is available). When these attirbutes are cleared, a dash (-) appears in their place. For example, You might set a private text file to read and write by owner only, and no other permissions. Its ls -l attributes would look like: -rw------- filename Or you might give read and execute access to everyone, and read, write, and execute access to yourself: -rwxr-xr-x filename And so on. You actually set these parameters using the chmod command. *Command: chmod The syntax of the chmod command is as follows: chmod xxx filename Where xxx is a three digit number describing the files permissions. The first column of the number represents owner permisssions, the second group permissions, and the third 'all' permissions. You get the digit to place in each by adding the attributes you want: 1 - execute 2 - read 4 - write Examples are the easiest way to illustrate this concept: chmod 600 myfile will make the file read and write only, for the owner only. -rw------- myfile chmod 777 afile will make the file read, write, and execute for all users: -rwxrwxrwx afile chmod 733 thefile will give the situation above, where all users can read and execute, but only you can write: -rwxr-xr-x thefile Understanding chmod is quite important if you want to be able to keep your Stuff secure. You can do away with the worry by just chmod 700'ing your home directory and then ignoring it forever more; this way no one can get in there to look around (although you will want to chmod 700 any subdirectories you make as well). And so there you have it; the compelte ten minute guide to UNIX. With the information in this chapter you're quite able to start playing around and exploring your system. The next chapter goes into some more advanced things you can do locally, including attempting to find youself another account to work from if you are going to be doing anything you shouldn't. //////////////////////////////////////// // 3.0 Playtime on your local system. // //////////////////////////////////////// 3.1 Aliasing Commands --------------------- By now you are probably already pissed off with some stupid UNIX commands, thinking "that could be a lot shorter if I could just type THIS..." or "I can't type and hate typing THAT...". UNIX has an extra-funky command called "alias". You may have seen this concept before as a lot of people loved it and snagged it right away. Anyways, here's some examples right off the bat: alias fall finger rnixon llong root admin@csoffice would make a command called "fall" that would do all that; a quick way to finger all the people you're interested in. alias copy cp will make every occurence of "copy" mean "cp". You can effectively alias UNIX to be the same as DOS. (Why you'd want to is utterly beyond me.) alias fp setenv FSP_PORT in FSP (covered later) you sometimes have to issue a command like this: setenv FSP_PORT 6667 After the 20th time this gets annoying. So this is an example of how to use alias to abbreviate commonly used commands. After that other alias you just type fp 6667 to accomplish the same thing. Typing alias with no arguments gives a list of your current aliases. You can remove one of them by typing "unalias fp" or whatever it is you want to unalias. One more note - when you logout your aliases are lost. To keep them permanently, use vi to add them to your .cshrc file.... (the .cshrc is preferred to teh .login as the .login should not contain any c-shell commands (alias is one)). An EXCELLENT few aliases to add to your .cshrc are the following: alias rm rm -i alias mv mv -i alias cp cp -i alias ls ls -F These make UNIX ask you before it deletes or overwrites a file (there's no undelete whatsoever, so this is a good idea), and shows directories in "ls" listings with a trailing slash. 3.2 Shell Scripts (inc. ~/.*) ----------------------------- Shell scripts in UNIX accomplish the same thing as batch files in DOS. They can be a lot more advanced with that; the UNIX shell is actually a very powerful programming language with just about every feature you would want in most cases... however, for most users you very rarely even look at shell scripts. The much-mentioned .login and .cshrc and .logout files are all shell scripts that reside in your home directory. When you log on, the system just runs them. They are the same thing as AUTOEXEC.BAT in DOS, really. To run a script you have prepared yourself, or to just run one of your login scripts or whatever, you type source script where script is the name of the script you want to run. You CAN make scripts that are run by just typing their name; to do so you must make them executable using chmod. What about arguments to scripts? You may well want to write a quick script that will make it quick to do a task. In DOS, to refer to the first argument in a batch file you use %1. Or to refer to the second it's %2. UNIX is the same, with a dollar sign: $1 is the first argument, $2 the second, etc. Also, $0 returns the number of arguments that were passed. Lots of good books on shell programming are available (usually cheap-- who the hell wants to learn about SHELL PROGRAMMING anyways?) if you want to go gung ho in this area. It can really pay off if you use UNIX a lot. 3.3 Changing your default shell, and the tcsh shell --------------------------------------------------- Sometimes you will want to change your default shell... usually if you are moving up to a newer one or some wierd client program or something. The command for this is "chsh", but you need to know the full path of the shell you are changing to. The best way to do this is to finger someone else who is using it; the full pathname is shown in that information. If you have the tcsh available on your system, I'd definitely recommend using it, for two main reasons: Command line editing and filename completion. What and what? In tcsh you can go back to your last command just by hitting the up arrow. You can move around in them using left and right arrows and edit them. This is referred to as Command Line Editing. Too lazy to type the name of "this.is.a.long.bloody.file^Lwith.wierd. control.^G^Gcharacters.in.it" every time you want to cat the damn thing? In tcsh just type the first few letters and hit TAB - it will complete the filename. If that's not the right one (ie you did not enter a unique pattern) then hit TAB again until it's right. A trailing slash character ("/") will let you know it is filename completing - this will not effect the command so don't try to get rid of it and get yourself a nice headache... 3.4 Causing mindless havoc through write and other childish tricks ------------------------------------------------------------------ Really want to annoy someone? Just write them the (usually several megabytes) /var/adm/lastlog file. There are ENDLESS childish tricks that work great on a UNIX system to annoy people. I don't really have time to delve into any of them, rather I included this section to let you know that they exist. So if someone flames you or annoys you, worry not; revenge is just a few keystrokes away. Some thing to experiment with are the "batch" and "at" commands - they let you do things when you aren't logged in (and wreak all sorts of havoc). But beware -- all of this activity is logged. You may, in your exploring, come across how to use the "su" command to switch between accounts with the same password. EVERY su USE IS LOGGED! I just included this as I know someone who nearly got himself in a lot of trouble by su'ing between two accounts and not realising that it was logged every time. This is a good lesson - when you ARE breaking the rules, especially if you are causing havoc, make damn sure you're not getting entries with your id in the user logs (look in the /var/adm directory for these and grep them frequently). I will include my favourite trick here, as it's just so damn funny. Find someone logged onto an account which you have access to. Then log quietly in as that account, and "w" them, finding out which tty they are on. Suppose for the sake of argument they are on ttyi5. Because you are logged in as that person, you have write access to their /dev/ttyi5 file. This file controls all the output that appears on their terminal - programs just append directly to it and that appears on their screen. Imagine the possibilities! The next thing to do is make up a fake message using cat: %cat >fakemsg ^G^GMessage from root on ttya0 at 08:23 You have been found in violation of system security! Your telephone number has been logged and the police will arrive shortly. Do not attempt to escape. EOF ^D %cat fakemsg >>/dev/ttyi5 %rm fakemsg See what this does? As far as they know, they are receiving a genuine write (as it couldn't be from anyone else, could it? 8). There are lots of fun things to do along these lines. 3.5 The importance of being Earnest (hiding what you are doing) --------------------------------------------------------------- One of the double-edged blades of UNIX is that everyone can see what everyone else is doing. This is great if you're snooping someone else but awful if you are trying to hide what you are doing. Fear not, however, with a couple very simple tricks, you can hide virtually ANYTHING you are doing. The logical idea is to make it look like you are running something benign. For example, I use an Internet-Relay-Chat client that I have compiled on my system. As the administration there is super-anal-retentive, I doubt they'd approve. So instead of having "irc" on my process list, I have "rn". How? Easy - I just rename the irc command to "rn" with a "mv". But that by itself doesn't work - you try it, type rn and will find yourself in the news reader. (this is intentional I think). The reason for this lies in how UNIX finds commnands and puts them onto the process list. Every time you run a command, whatever you typed is added with various other information to the process list to be run by the system. While it is executing others can peek and see what you are doing with a "w" or "ps -a" command. You can hide from "w"'s by putting a benign command on the end and using a semicolon (as I described earlier) but I would discourage this as soon someone will come along who is not brain dead and will catch you. UNIX finds commands (like DOS) by following the PATH variable, which is defined at startup time in your .login or .cshrc (usually this one) script. The reason I am mentioning this at all is this: UNIX will NOT look in the current directory first then hunt the path; it follows the path directly. If you look in your .cshrc, you will most likely find the path statement, looking something like this: set PATH=( /usr/yourid/bin /bin /usr/ucb/bin [etc etc etc] . ) Note the period at the end. This means your current directory is searched LAST. In order to fake commands, you need to move this period to the front of the path statement (use vi) so that commands in the current directory are executed FIRST. Your new path would be set PATH=( . /usr/yourid/bin /bin /usr/ucb/bin [etc etc etc] ) Now, you can execute commands you have renamed and have them run. It was of course possible before by typing "./rn", but then that shows up on the process list and anyone with any UNIX-know-how will realise you are doing a lousy job of faking the command; your downfall will be swift. Once you have fixed your path then you can safely make all sorts of renamed commands. I even rename my telnet command so no one knows I'm even logged onto another system (again, the admin at my location is very anal about telnet use, so I just hide it). This procedure is basically foolproof, unless someone finds this "rn" program of yours. The best strategy at this point is to give up sheepishly. Thus it's a good idea to delete it every time and remake it when you need it. This is hard for a client or something but easy if you are just stealing a system command like telnet. A note on symbolic links - you may have someone reveal to you another method, called "symbolic linking". In UNIX you can make a file "point" to another file. For instance, you could do the following from your home directory: %ln -s /usr/ucb/telnet rn This would make a file as such: lrwxrwxrwx 0 Blah blah rn -> /usr/ucb/telnet Which (note the first "l" there) is a SYMBOLIC LINK to the /usr/ucb/telnet file. Then when you type "rn", telnet would be run and "rn" would appear on your process-id line. HOWEVER, if one is to do a "ps -x" it shows that you are really just using a symbolic link. The administrators at your site no doubt know this so it's not an advisable method to use, even if it does save you the space of creating another copy of the program you are trying to hide (as symbolic links are 0 bytes big). If you are really pushed for space, use a directory off "/tmp" or something. Be sure to chmod 700 it though or anyone could look in! 3.6 cat /etc/passwd > ~/lab7.h ------------------------------ What does that mean? It's the quintisential idea around which password snagging and UNIX account hacking is built. The first time you try to copy the /etc/passwd file to hack it, you will get a "permission denied" message. NO problem... on UNIX you must have read permission to this (though I have seen systems where this ain't so, so you may well be screwed either way) file. You get a look at it by "cat"ing it and piping the output to whatever file you like. This is the first step in stealing passwords. There is an art to doing this. I'll include a brief explanation of how and why this is done, the rest is up to you. UNIX is designed so that once your password is saved and encrypted, it is IMPOSSIBLE to unencrypt it. I mean this. Not a fucking chance-a-roo. So what happens when you log in? In the /etc/passwd file, UNIX stores a des-encrypted version of your password that is not decryptable. When you type your password UNIX encrypts this version and compares the two encrypted versions; if they match you got it right, otherwise you get a "login incorrect". The loophole is that this encryption method is readily available and there is nothing to stop people like YOU snagging a copy of this file, as described above, and monkey/teletyping every possible word into every possible account until they are all matched up and cracked. You use common sense of course; running a dictionary file of 115000 words or so into a normal passwd file will net you some accounts in under a minute usually. I (and I'm sure others too) have developed special methods for cracking unused accounts on systems (nice as you can mail etc and relax a bit). Anyways, there are numerous and deservedly hard to get your hands on programs to do this. I stand religiously by Dr. Dissector's Killer Crakcer (I use v9.11), but there are lots others. KC is good as I have an MS-DOS compiled one. The big one used by system administrators to catch stupid people and bitch them out for easy-to-crack passwords is called (suprisingly enough) Crack. The verison I have seen run is Crack 4.1 but newer versions may be around. I don't know of anyone who ever got Crack to compile on a PC, but I do have a friend who made it work on a couple of NeXT machines. It flew. If you are trying to crack a new system and are totally stuck for passwords and a word file, just feed it the userids. On any system I guarantee at least two users are dumb enough to actually use their userid for their password, thinking no one will ever guess that THEY did. They don't realise, obviously, that anyone can do what we're discussing here and catch them real quick. They're also so dumb I think they deserve to have their accounts stolen. So how to you avoid having someone hack your account? Easy. Because people approaching this massive task are going to use dictionary files and things like that, you can immediately make yourself safe by using a nonsense word. Spell it backwards. Make it upper/lower case. Even include control characters (^G's and ^L's etc) if you want. With a tiny bit of imagination you can make the task of cracking your account jump from mildly difficult to absolutely fucking impossible. 3.7 Security - a couple of cunning plans ---------------------------------------- We've talked about hiding your password and what you are doing, but how about hiding data? UNIX has a built in DES standard encryption program called "des". However, on some systems you may find the facist fuckers have removed it so they can snoop better, and also if you are outside of the U.S.A. you will not have des(1) available for legal reasons. (I found it on my Canadian system as "d" - they just hid it and moved it outta the path). Anyways, des is so remarkably crackable it's not really worth the effort. It's much better, considering disk quotas etc) to use a compression program to do the work for you, or, if you have it, PGP to conventionally RSA encrypt it. You can even write your OWN scheme which will do it very well. I wrote a program that just scrambled the first 1K of a .ZOO file (I did it in FORTRAN!) and that worked awesome. NO one would EVER know what kind of a file it was, and the ZOO's structure was all in the first 1K, and there is no zipfix utility for a .ZOO archive. You see? Nearly all systems have a version of arc (creates .ARC files compatible with PKARC and PKXARC) available. This works great - just use the g switch. create a password protected archive with arc agpassword filespec or unpack it with arc egpassword name.arc Easy stuff. You can also get super-technical if you are very very very worried. The most elaborate scheme I ever came up with was to take .zoo files, which keep all their file allocation information in the first 1k, and then just use a random access FORTRAN thingy to encrypt teh first 1k. Then rename it to be a .tar file or .lzh or something to really throw a wrench into the proverbial works. Usually you don't need anything near this elaborate. But renaming the extension is super-handy for adding confusion. What about mailbox security? Currently, there is only one really good method of mailbox security, and for messages coming into you that aren't encrypted with it, you are SOL. This is a genius piece of software named "PGP" for "Pretty Good Privacy". It was written madly against new legislation in the U.S.A. which would have made ALL new encryption software have a government-accessable backdoor. That means no more security for the common people. However, PGP 1.0 was released just in time to beat this law, and then the authors had lots of time to improve it in the 2.x versions. (As of this writing, the current version is 2.3A). PGP uses an RSA encryption scheme, which is damn near impossible to crack, unlike the "goverment standard" DES algorithm, which is piss easy to crack by the government and other people with the computing power to waste. At any rate, here's a brief yet confusing description of how PGP works, and an insight into its genius. PGP uses what's called a keyring system. This allows someone I've never met from across the world to send me private mail which only I can decrypt, although I've never even met her. Similarly, I can be SURE that the mail has actually come from her and not from anyone else, having never met or talked to her either. Each user has what is called a "public keyring" and a "private keyring". Your public key contains instructions on one-way RSA encrypting messages so that only YOU can decode them. It's totally useless for decrypting messages. Thus you make it readily available and lots of people take it and addit to their public keyring. On your public keyring are the public keys of everyone you exchange mail with. All of these are public knowledge and PGP is even clever enough to add keys automatically depending on how much you trust others on your keyring. Your private keyring contains the key needed to decrypt the private mail to you. This you take all pains to keep where no one can get their grubby hands on it. Even if they do, however, they have to know your secret key phrase to unlock it, so you are really pretty safe keeping it on a big UNIX system. The authors recommend keeping it only on your secure PC, however). PGP is a truly excellent piece of software, and everyone should use it. You can find the latest version by ftping (see section 4.4 later) to soda.berkeley.edu and looking in directory /pub/cypherpunks/pgp . ///////////////////////////////////////////////////////////////// // 4.0 Reach out and touch someone - playing with the Internet // ///////////////////////////////////////////////////////////////// 4.1 finger, talk, and mail to remote clients -------------------------------------------- The collection of computers (most are UNIX based) known as "the Internet" is the largest network in the world. It was originally developed by the US Military as a network that would function after a nuclear strike; it's very decentralized so if part goes down the rest will survive. However, this has led to its explosive growth to become the "cyberspace" of today. The Internet is actually a collection of smaller networks - all sorts of things with names like BITNET, USENET, and many other animals. From your internet account, you can receive mail from anyone else on the internet, anywhere in the world, for free, in a matter of minutes. Those who use email frequently refer to the old fashioned letter/envelope combination as "snail mail". And indeed it is; if I mail someone in another country I'd be very irate to find out it took more than 1/2 hour for the mail to reach them through the Internet. Just like in the real world, you have an "address" which people can use to send you mail, and to do other things (such as talk and finger you). Your internet email address is totally unique - there is only one of you in the world. Just like in the real world, sites are organized into countries, areas, etc. The organization is logical rather than physical though, and may differ a bit. Here is a typical email address of your typical San-Franciscan hipster cyberpunk white male: bsmith@well.sf.us.com Let's break this down into sections: bsmith @ well . sf . us . com userid at machine name sf=San Francisco USA "company" When you are logged onto your machine, you will usually see its name before your prompt. Were you on the Denver nyx sytsem you would see nyx% before every command. Unsurprisingly, nyx would be the "machine name" in the address. There may be less or more fields in between the machine name and final "region" at the end of your address. However, after a while you can quickly place an address in the world by its last region. Here are some to watch out for: .ca - Canada .edu - Educational institution (USA) .com - Company (USA) .uk - United kingdom .se - Sweden .fi - Finland (etc) You get the idea. So, if you were to see the address: cf123@cleveland.freenet.edu and the Cleveland didn't give it away for you, you would definitely realise that you were talking to an educational institution in the USA from the .edu suffix. Now we get to the actual meat of the discussion. Let's say you want to mail your friend bsmith on the WELL system. It's very easy to do: % mail bsmith@well.sf.us.com And then type your message. In fact, you can finger him and even TALK him, right across the world, in the same manner. It's just like on your local system: % finger bsmith@well.sf.us.com % talk rnixon@nyx.cs.du.edu See? Now one problem remains... short of mailing someone else to have them tell you, how do you figure out your own email address? It's easy - just mail yourself on your system: mail userid and type a test message. Then wait five seconds, check your mail, and write down the complete email address it gives you in the From: field. One more aside on this subject. Sometimes people who don't have ftp on their system (the UNIX file transfer protocol program), mail files back and forth through Email. Because internet email is only 7 bits, there is no way that you can send a regular binary 8-bit file through and get a good copy out the other end. There's a remedy for this, however: the UNIX uuencode and uudecode programs. These basically take a binary file and convert it to 7 bit. It makes a huger file, but it will go through email (and can be viewed with the unix "cat" or the dos "type") just fine. If someone sends you a uuencoded file, you need to save all the messages (often it's broken into parts to overcome a message length restriction) and then edit it. Remove all the blank lines and concatenate the pieces (this is where the ">>" pipe comes in really handy... always keep copies of everything so you don't bugger up your only copy!) and then type % uudecode file1.uu where file1.uu is your final encoded file. If all goes well your binary will just appear a second later. 4.2 USEnet newsgroups --------------------- USEnet newsgroups are huge. They are essentially just like FidoNet newsgroups or any other newsgroups, but they are really really really really really BIG. Lots of people read them. They are broken down into two types; unmoderated and moderated. In moderated newsgroups a moderator must approve every post before it appears; unmoderated ones operate on the anarchy principle. Newgroups are named in a hierarchial way. There are a number of prefixes, such as alt - "alternative" newsgroups, usually unmoderated. Has wizzo groups like alt.sex.bondage.hamster.duct-tape comp - Computer Science related newsgroups rec - "recreational" newsgroups. These are more tame than the alt. groups. Exmaples are rec.car.audo, rec.games.mud, rec.erotica. You probably read newsgroups using the newsreader "rn". Using rn is pretty intuitive, so I'll let you struggle through it. A hint is to run it, and use "u" to get rid of newsgroups you hate, and "g newsgroup" to change to and subscribe to a newsgroup. hgwoeve,r you will probably find right away that you can't access a lot of the groups. Most places censor alt.* or at least alt.sex.* etc. However, all is not lost, you can telnet to services like nyx.cs.du.edu, or launchpad.unc.edu, or freenet-in-a.cwru.edu to get full network news. More on telnet in a second. 4.3 telnet and rlogin --------------------- telnet and rlogin will become some of your most used commands. they allow you to log into another system, ANYWHERE IN THE WORLD, that is connected to the internet. It's free, it's easy, it's often very very fast. To telnet to another system, type "telnet system.address.domain.etc". To rlogin to a system, you type "rlogin system.address.domain.etc."' The difference between the two is that rlogin will try to log you in as the user, and has less options you can set than telnet. In most cases you will want to use telnet over rlogin; there are occasinal times that you will use rlogin (see "man rhosts" if you are really curious), but there is one very good advantage to telnet. You can IMPLICITLY (ie. not on the command line) specify the host to connect to with telnet. Consider, if you had typed this: rlogin hacked.system.somewhere or even telnet hacked.system.somewhere. Someone doing a "w" or "ps -a" would see you doing just that. Then they might get nosey and finger that system, and see that you're not logged on as yourself any more (hence a stolen account. Sound the alarm!). You can, however, type: % telnet telnet> open hacked.system.somewhere Connected to some.system.somewhere Escape character is ^] Berkeley BSD 3.5 (hacked) login: --- you get the idea. This way, all that shows up as a pid is "telnet". You can further try to hide things by making a copy of the telnet command (it's /usr/ucb/telnet) and calling it something else, like "rn". (This can be better done with a symbolic link, try "man ln"). However, don't think that this makes you safe. TELNET IS STILL NOT TOTALLY SAFE. Anyone who types "netstat" can see all the network connections (including your telnet) to everywhere that are established. With a little deduction and work, a UNIX guru can find out who you are and where you're telnetting to quite quickly. There are other methods of hiding yourself, but I'll leave those up to you to find out; we're getting beyond the scope of this file already. Anyways, one you connect a telnet session, hitting Ctrl-Z will send the ^Z to the other computer. So how do you put it in the background? You put it in the background by typing the ESCAPE CHARACTER. By default this is ^] (control+right sq. bracket "]"). This can be changed to anything you want by typing "set escape <char>" at the "telnet>" prompt before you type "open". When you type the escape character, it will put you back to the telnet> prompt, and you can then ^Z. Putting a telnet session in the background doesn't do anything, as it just leaves it there waiting for you to type something at the telnet> prompt. However, while it's suspended, things may be happening on the other system. They will be kept in a buffer and fly past when you reconnect. To get back into a suspended session, type "fg %x" to get back into your telnet. YOu'll be back at the "telnet>" prompt. Just hit Enter to go back to the session you're in. There is one other feature of telnet that is useful. It lets you connect to a specific PORT of a UNIX machine. Usually, when you telnet to a machine it has a default PORT setting that you get connected to. You can imagine ports as different Big Grey Desks in the Deparment of Motor Vehicles (...those of you who've been there know exactly what I mean...). When you just telnet, you get connected to the default, which might be the "misinform you and just generally delay you" port. But you might want to specify the "new license and delay you" port, or the "change your address and delay you" port. You select a port by number and it will be given to you. Some ports have special values; for instance port 25 is how Internet mail works. It's a very interesting one to play with (more on this later). Port 112 is the news server. These are never meant to be connected to by people, but by programs called "Daemons" which do all the work at a low level. Anwyays, you will often find that online games, as well as special sevices (like IRC, FSP, etc) require you to know the port number. You just add it after the address in your OPEN command, eg: telnet> open louie.cc.utexas.edu 9999 will hopefully connect you to the Renegade Outpost MUD. --- If you _do_ use rlogin, and want to suspend your session, you'll notice that ^] doesn't work. YOu need to start on a new line, and type ~^Z to suspend it. If you see the "~" appear, then you weren't at a new line; hit enter and try again. (it shouldn't appear, and after you hit the ^Z it will suspend the session.) Just using "fg %x" will put you right back in the thick of things. One more tip before I leave these two; sometimes you will really want to log a telnet session. You do this with the "tee" command. % telnet hacked.system.somewhere | tee hacked.log The "tee" command will take the output from telnet, echo it to your screen, and then write it to the file specified (hacked.log in this case). I'm not sure if you can implicitly telnet like this; try it out. 4.4 FTP and FSP --------------- FTP and FSP are the way you transfer files from other systems. Traditionally, you'd type "ftp system-name", and then log into the system with a valid account, and then grab files from a directory. However, there is another method of ftp available that everyone uses. This is called "anonymous FTP". This basically means you can ftp somewhere, type in "anonymous" as the user name, send (theoretically) your e-mail address for their files as your password, and it will let you in. there are many many many many files available through anonymous FTP, and huge servers called "archie servers" (try telnet archie.unl.edu) which just maintain anonymous FTP file lists throughout the internet. Anyways, you start by connecting to a machine. Always FTP implicitly so you're not giving away where you're FTP'ing to: % ftp ftp> open ftp.netsys.com 200 Connected to ftp.netsys.com 200 Please login with your user-id and password ... it will then ask you your username. type "anonymous" (DON'T HIT ENTER or they might log your username and it will be YOUR FAULT. They DO Log your machine, though they can't get your username if you anonymous FTP). IT will say: 220 Guest login OK. Send complete e-mail address as password Here, I always type something like "bsmith@my.machine.etc.etc". This way they won't necessarily suspect. Don't be an idiot and type things like "fuck you" here, as it shows up on the anonymous-ftp logs. Most pirate FTP sites don't even realise that they are being victimized. It's shit like cowboys typing "fuck you" at the password prompt that hint to them what's going on. So keep it nice and incognito; lie, but lie nicely. Anwyays, as long as all goes well, you will be left at the ftp> prompt. Here, hitting ? brings up a list of commands. The important ones are: binary - switch from ASCII to binary mode (ASCII is the default. You MUST do this before downloading a zip file or any 8-bit (non text only) file.) ascii - switch back to ASCII mode. It's slightly faster for text files. quit - close connection and quit. ls - get a UNIX ls listing. swtiches (like ls -la) work fine. dir - the same as "ls -la" cd <dirname> - change to directory "dirname" get <remote-file> [local-file] - get the remote-file (on that system) and call it local-file on your system. eg: ftp> get wing2-3.zip /tmp/mydir/hubble-3.gif to download wing2-3.zip (you need to do a binary first, of course) and put it in the directory /tmp/mydir, and name is as "hubble-3.gif". or just ftp> get filelist.txt to get "filelist.txt" and put it in the current directory. Similarly, put <local-file> [remote-file] works the same way. Again, Binary must be set to upload binary files. There are also batch commands (mget and mput) you might experiment with. They're all pretty intuitive. You may have noticed this section is called "FTP and FSP". Although FTP is the primary method of acquiring files, FSP is starting to become popular. FSP is an internet file transfer protocol developed by Chuck Forsberg and Omen Technology. This is the guy who made Zmodem, so he certainly knows his stuff. Omen claims that FSP is much more efficient than FTP; I haven't really noticed any astounding increase in performance, but a lot of pirate/underground sites are FSP only so I've included a quick section on it. At the time of this writing, FSP is still relatively new. Clients (UNIX executables that you must download and compile; that's way beyond the scope of this document... good luck) are now just starting to appear that look the same as FTP and are as easy to use. Just a short time ago, the only way to FSP was to use "setenv" commands to set the port etc. as part of your UNIX shell environment. It was a real pain, and you had to hack the code so that you could implicitly download. (sigh). Anwyays, by the time you read this, you can probably get a "Friendly" FSP client anywhere. (one may even be installed). FSP addresses are in the form of a site name/address and a port number: site.somewhere.etc 6667 You can open it just with fsp> open site.somewhere.etc 6667 If you get stuck with one of the ugly "old" clients, you might have to set these manually. Here are the ocmmands you'd type before running any of your FSP programs (they'd be called things like fdir, fcd, fget, fput, etc.) % setenv FSP_PORT 6667 % setenv FSP_HOST site.somewhere.etc % setenv FSP_DIR / Hopefully you don't get nailed with one of these clients. It's almost worth downloading and going through the fun of compiling a newer one. (you can always archie search for it). Both the ftp and new fsp clients can be put in the backgound by suspending them with ^Z and typing "bg". They display a message when the transfer is done. If you keep doing ls -l's in the target directory, you will see the size of the file grow. Don't touch it until the transfer is over or you will kill it! You might encounter lots of files on public domain FTP and FSP sites that end in .tar or .tar.Z or .tar.gz. The .tar is a UNIX "tape-archive" file, like a zip with recursed directories and no compression. the .Z is the UNIX zcat compression program, and the .gz stands for the UNIX gzip/gunzip compression program. (the .gz is to avoid confusion; if you get a gz file you MUST rename it from filename.gz to filename.z before you gunzip it. Originally it was just .z, but that got confused with .Z, so the files are often saved as .gz. Gunzip won't work with a .gz file though, it looks specifically for the .z) Anwyays, to uncompress a .Z file: % uncompress <filename>[.Z] To uncompress a .gz file: % mv <filename>.gz *.z % gunzip <filename>[.z] To expand a UNIX tape archive: % tar xvf <tarfile.tar> (you need to tell it the .tar, it doesn't just assume it like the other two. Also a tar can be named something else totally, it needn't end in .tar, but that's convention.) 4.5 Gopher ---------- Your system probably has a gopher client. This you can run by typing "gopher". If you're too stupid to figure this out then you have no hope with UNIX. gopher is basically a moron-style menu driven interface that flies around the internet and finds stuff for you. YOu can use a utility called "Veronica" to search the Internet for information. In a few seconds, through gopher, you could have the complete works of Shakespeare at your fingertips, stocks, weather reports, whatever the hell you feel like searching for. It's a great way to waste time. Beware though; gopher makes readable temporary files in your userid in the /tmp directory that people can see, so be careful of what you're doing. If you're definitely doing something you shouldn't, type % umask 022 first. This will mean that no one can read any temporary files that are created. This may have already been done for you on your system. 4.6 MUD, MUSH, MUCK, MUSE, IRC ------------------------------ These are basically online games and chat services that you can find over the Internet. Some of you may (cringe here) have used STS (the Synergy Teleconferencing System), or D-Dial systems, where someone buys a bunch of phone lines, and lots of people with no lives all phone them up and just chat to each other as a feeble substitue for social interaction. Some of you may have played those D&D type BBS's where you can kill other people's characters. These feeble modem type implementations take on a much grander scale on the internet. First, there is IRC: Internet Relay Chat. Rather than twelve pimple-faced teenage males trying to seduce an 11-year old, you can talk with any of thousands of online users from all over the world at any time, on any of hundreds of channels. You can even use DCC (Direct Client Connect) to trade software over IRC etc. To use IRC requires setting up a client, which is pretty easy to compile. Traditionally, you are supposed to be able to "telnet bradenville.andrew.cmu.edu" and get onto IRC, but it hasn't worked for me in about 2 years. People still insist that it works though. Go figure. MUD stands for Multi User Dungeon or Multi User Domain. If you're going to get addicted to any sort of stupid online game, this is the one for you. Picture one of those D&D BBS deals where it's like an infocom adventure and you rush around killing things. Now add a couple hundred social commands so that with a little practice your character can express any emotion, do anything you would do in a conversation through commands (or even make up custom actions). Now add 100 people all logged in at once and interacting with each other, talking, relating, making friends, and of course, grouping into paties and kicking the shit out of countless monsters to raise through the hierarchy. You have a little bit of what MUD is like. Be forewarned: it is LETHALLY addictive. This is more or less cyberspace in a text implementation. MUD is a _place_ that you explore and learn in. The MUD I use is Renegade Outpost. It can usually be found at louie.cc.utexas.edu 9999, daisy.cc.utexas.edu 9999, and will possibly move to gpx.lis.uiuc.edu 4000. MUD's are illegal in almost all situations where you have an Internet account, so beware, and try to hide what you're doing and do it at off hours or you will get caught. MUSHes, MUCK's, MUSE's, etc are derivations on the same theme, more geared towards social interaction. There are some pretty sad people on the internet; there are MUSH's where all you have in the universe is a hotel lobby and rooms you can go to for net-sex with whoever you can attempt to pick up (probably some large gay biker named Bubba from the backwater district of Chicago, who calls himself "Alice"). These are tiring and more or less a waste of time, unless you're really REALLY desperate or something. You will find you get sick in 10 seconds flat of everyone wandering around looking like fucking venus incarnate. It's just too idealistic and pathetic for me. MUSE's are a bit different from MUCK's and MUSH's, as they are really a simulation environment. A lot of them are just more social drivel, but there are some really good Battletech and Star Wars MUSE's etc. MUD/etc lists can be found pretty easily. Try using "gopher" to search for them. ///////////////////////////////// // 5.0 Piracy and the Internet // ///////////////////////////////// 5.1 The Internet Pirate: Scourge of the Network ------------------------------------------------ I can't overstress how nice it is to pirate software through the internet. It can be safe, anonymous, and free if you do it properly. It can also be VERY DANGEROUS if you fuck up. You're meddling in a worldwide network and all the straight people on it take piracy very very VERY seriously. It pisses them off. Here's a few of the reasons why: - They're advanced to an ethically higher ground, and much holier than thou. - They never learned to do it when they were young and they're bitter. - They just realised that pirates have been happily using their mainframe as a pirate anonymous-FTP site for three months, and they're really pissed. - They are Bill Gates. - They're one of the MANY MANY people who are BETTER THAN YOU and paid good money by large corporations to nail your ass. The first and only rule for safe Internet Piracy is "suspect everyone". You NEVER know who you're talking to. Don't ever, EVER give out any information unless you trust the person you're giving it to with your future. If it's a stolen account you're using then you're a little safer, but if you can steal it, professionals can catch you stealing it. There's always someone much better at UNIX than you (always) and they're often against you. Remember that and you should be fine. More on do's and don't's in section 5.4 5.2 Getting Contacts -------------------- The problem with Internet Piracy is that the sites are up and down constantly. In almost all cases, they are just simply stolen from a system and announced. For example, here's a typical scenario. K-RadPir8 goes onto a University of Manitoba machine. He finds that he can make a directory on that machine (of course he can; it's for anonymous ftp). He goes and makes a very esoterically hidden directory (with lots of non-printing and backspace characters in the name if he's clever, but more often than not just something like ".. " (two dots and a space) or ". unreadable " (. unreadable is the message FTP displays when it can't show you the contents of a dir... a good way of hiding a site. Sort of). Anwyays, after making this directory, K-RadPir8 makes another three underneath it, called ".bin", ".req", and ".tlk" or something to that measure. They stand for binary files (wares), requests, and a dir to just blab in. How do you blab on an FTP site? Well, the trick is to just upload a very small (or 0 byte; see "man touch") file. Then using "put" you can give it a descriptive name: ftp> put ~/nullfile "I want Wing Commander 2! - K-RadPir8" The easiest way to delete these buggers when you're done is to use an "mdel" command... I'd delete that above message with ftp> mdel "I want*" 200 mdel: Delete I want Wing Commander 2! - K-RadPir8 ...? YES 200 mdel: Delete I want some new games - Some1ElSEkRad ...? NO ftp> You get the idea. anyway, as you can see, it's quite hard to find the damn things if you dont' know where to look. There are a couple of methods, both which take a little work. The first one is to use archie. You can set it searching for ".bin", ".req", etc. Or you can search for group names (likely to be in the ZIP's of only pirate files), such as *INC*.ZIP, *TDT*.ZIP, etc. (the TDT in this case would be much better than the INC, as if you think of it, lots of legitimate things might have the string "INC" in them, but not very many of them will have the string "TDT" in them!) If you suspect that a site has a pirate dir, or you know it does but can't get into the dir beucase you can't figure out the name, don't fret. Just go the directory above the dir and type ftp> dir . mydir This does a dir of ".", the current directory, and puts it in the file "mydir". Now go back to UNIX and if you have a UNIX hex editor edit mydir, or just send it to your PC and then edit it. You can get the ASCII codes of the characters in the directory name easily (spaces are hex 20, a likely candidate) that way. There is one other good method of getting sites and contacts. On IRC there is a special pirate channel. It's called "#warez". Once you find a suitable IRC channel you can log to #warez by typing "/ch #warez". Be SURE you are using a hacked account, or a hacked IRC client here. I will only say this once. It might cost you years in jail. ******************************************* ***** #warez IS NOT SAFE!!!!!!!!!!!!! ***** ******************************************* Last year, Microsoft alone budgeted over $5 million for busting internet pirates through monitoring and talking to them on #warez. It's a great place to meet contacts, but never, NEVER give someone software or a site info unless you trust them, or they trade you enough stuff back for it that you trust them. SUSPECT EVERYONE. See sections 5.3 and 5.4. 5.3 Information Trading ----------------------- Eventually you will build up some contacts. Be patient; it takes ages to reach trusted status on #warez, or with other pirates. Be helpful; upload a shitload until people like you and know your pseudo. Then they will trust you with new sites, etc. Keep finding active sites with archie and giving them to the people YOU trust, etc. Build up a rep; it's the only way to go unless you know someone who'll find all your sites for you (not very likely). Anwyays, the key to doing this successfully is information trading. Information is the only commodity you've got to work with, so don't throw it around freely. For instance, there are certain self-righteous assholes (they're probably Reform-party voting Baptist freaks) who take on the anti-piracy crusade. They call themselves "deleters". They pose as pirates, sucker sites out of the unwary, then go onto those sites and write down any other sites that are advertised there. Then, whenever they have free time, they log onto the site, delete any wares there (it's anonymous-ftp so anyone can delete anything), and leave taunting feelgood ethically correct jeers in return. Once a site gets a deleter it's fucked and no one will post where it's moving too or anything, beucase of course the shithead will pick up on that and move onwards. This is just one example of why you have to use a lot more discresion than you're used to in regular piracy. Anways, if you pretend everyone you meet is out to get you, then you should be just fine. Don't give out anything for nothing. Especially in Internet Piracy, there ain't no such thing as a free lunch. 5.4 Paranoia (how not to get caught) ------------------------------------ This section covers the general philosophy of not getting caught, Paranoia, and the best way to hide your tracks when you're pirating files. First off, whatever you do, be paranoid. The problem with the people trying to catch you, is that they are usually better than you are. This gives them an unfair advantage right of the boot. You have to surprise and outwit them. Never never leave any incriminating evidence lying around an account in non-encrypted form. never leave your real name anywehre on a hacked account. Never get people to mail you there using your real name or referring to you by any information that might get you in trouble. You can get around the mail problem (of giving unwary people your email address) by getting an "anonymous mail-id". There is this crazy guy in Finland who keeps a NeXt locked in his basement to handle anonymous mail for the whole world. You do a "mail nick@anon.penet.fi" and it will send you a nickname and instructions. From ehre you can now give people your anonymous nickname, and they send mail to you with this nickname at @anon.penet.fi, and it gets forwarded to you without anyone knowing who it was from. This lets you hide behind anonyminity. It's invaluable to a pirate, so I suggest you get one. Also, follow the rules I laid down in the last section about information trading. Trust no one, suspect everyone, don't tell no one nuthin' without thinking carefully about it first. The majority of this section concerns how to hide your FTP'ing. (or FSP'ing). This is ESSENTIAL READING if you plan to pirate. First, never FTP to your home directory. Stupid! Dumb! On your UNIX system there is a directory called /tmp. This is where users can make temporarily large files and keep them until it fills up (at that point the /tmp directory is wiped clean automatically). Anwyays, you can make your own directory off here and run ftp from that directory (or explicitly put the files there in your "get" command). Also, why make this directory visible? Start it with a dot. Also, why make the characters printable? If you're using "tcsh" you can easily do control characters in filenames. I make my temp directory something like this: (type exactly as you see it. Typing a Ctrl-V will put "^V" on the screen in tcsh, and then when you type the next control character, even if it's like a backspace (^H), it will replace the ^V. This is how you embed control codes into filenames. I'm not sure if it works properly under the C-shell (csh) or not. % mkdir /tmp/". tmp ^V^H ^V^H" That's a bugger to get into if you don't know what it is. It won't stop a snooping system administrator for a second, but it will stop most nosey users. Now, when you are downloading a file, DON'T DOWNLOAD IT WITH THE PIRATE FILENAME. Stupid! Dumb! Give it a nice believable name so it looks legitimate. Change the file-type. For instance, if it's WING2-1.ZIP, make it MOR3DDT1.ARJ or something that sounds right, might be that size, and isn't the right file extension. Or you could give it a tricky filename, like above, but this means you have to either rename it before you download, or take your chances on what DOS does with that filename (not good if it begins with a period). You can make it harder still. Use PGP to encrypt the file if you have PGP. Instead of leaving 5 disks there, use zip to archive them all together. If you use zip you can rename them all, zip them all into one big archive (who cares that it's no compression) and put a password on it in the process. this is my preferred method. A lot of UNIX systems don't have a new enough zip utility to put passwords onto a zip. Use the "arc" program - this is compatible with the old PKXARC and PKUNPAK commands. You make an archive with a password using the "g" option for example: % arc agpassword myarc *.arj to add them all. Remember to get rid of all the .arj files when done. Then send it to yourself and just C:\DOWNLOADS> pkxarc -g password myarc c:\destination\path\ That -g might be another letter depending on which de-arcer you use, but they are compatible. Now rename the .ARJ files back to the proper ZIP names and you've done it. This is a bit of a long process, but it IS THE ONLY WAY TO BE SAFE. A good friend of mine was thrown out of his College and prosecuted for having MS-DOS 6.0 in his home directory, unencrypted. Microsoft nearly took his ass to pieces (and still might). It's worth the extra hassle to keep yourself safe, as everyone who might catch you will take your offenses very, VERY seriously. Be sure to always clean up as soon as you are done. rm -r the entire directory out of the /tmp dir so no one suspects you were ever doing anything. Check your home directory and make sure you didn't leave any aborted xfers in THERE by mistake! (it happens to everybody, so check it). All in all, just BE CAREFUL. 5.5 Aside: Faking Mail ---------------------- A fun UNIX trick is faking mail. I'm not going to go into detail, but some of you may really quite badly want to learn this trick. Be careful with it, but it's quite easy to use and pretty safe, as long as you don't cross the wrong people. [begin large hint] % man mconnect (mconnect does exactly the same thing as telnetting to port 25.) [end large hint] 5.6 Aside: Naughty Pictures --------------------------- There is a huge X-Rated .GIF industry going on the Internet, which operates in a lot of the same manner as the pirate thing. Usually the people doing it aren't as skilled, but they are just as paranoid; it's illegal and enforced not to spread pornography over the internet (at least not by anonymous ftp; uuencoded pictures fill alt.sex.binaries). I don't dabble in this so I have no idea how to get started. If I were to try though, I'd go about it in much the same manner as I suggested you do the piracy thing. There are sex channels on IRC, lots of sex MUSH's, etc., and lots of alt.sex newsgroups. Be careful, and don't get caught (though the penalty for getting pornography would be much much less compared to getting busted for pirating software). //////////////////////////// // 6.0 Onwards to Victory // //////////////////////////// Well, there you have it: Baldrick's discrete guide to UNIX use. This guide took me a bloody long time to write as I kept completing sections and then stopping for 6 months. However, it's finally finished after 4 revisions and ends as you have it in your hands. Since I started it I've learned a lot more about UNIX (there's an endelss pyramid of knowledge to climb) and I hope you'll find yourself snagged by the same curiosity. It's a great way to hack and pirate etc. "Yo ho, ho, ho, it's a pirate's life for me" - Unknown Amiga "Backup" Program, sung, by a chorus of burly pirates, when you load the beast up. -=Baldrick=- -=02/11/94=-