💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › UNIX › hackunix captured on 2022-06-12 at 08:50:38.

View Raw

More Information

-=-=-=-=-=-=-

[:%:%:%:%:%:%:% THIEF %:%:%:%:%:%:%:%:]
 
   How to Hack UNIX and VAX Systems
 
[:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:]
 
HUV (C) 1989 THIEF
 
Written by, The Wizard
 
THIEF Volume 1, Issue 7
 
Call the I.C.E. Palace 817 465-3271
 
=======================================
 
Unix is a trademark of bell labs ** **  (and you know what *that* means) ** ** 
Hacking vax's
and unix.  In this article, we discuss the unix system that runs on the various
vax systems.  If you are on another unix-type system, some commands may differ,
but since it is licenced to bell, they can't make many changes.   Hacking onto
a unix system is very difficult, and in this case, we advise having an inside
source, if possible. The reason it is difficult to hack a vax is this:  many
vax, after you get a carrier from them, respond=> login: they give you no
chance to see what the login name format is.  Most commonly used are single
words, under 8 digits, usually the person's name.  There is a way around this: 
most vax have an acct. Called 'suggest' for people to use to make a suggestion
to the system root terminal.  This is usually watched by the system operator,
but at late  he is probably at home sleeping or screwing someone's brains out. 
So we can write a program to send at the vax this type of a message: a screen
freeze (cntrl-s), screen clear (system dependant), about 255 garbage
characters, and then a command to create a login acct., After which you clear
the screen again, then un- freeze the terminal.  What this does: when the
terminal is frozen, it keeps a buffer of what is sent.  Well, the buffer is
about 127 characters long. So you overflow it with trash, and then you send a
command line to create an acct. (System dependant).  After this you clear the
buffer and screen again, then unfreeze the terminal.  This is a bad way to do
it, and it is much nicer if you just send a command to the terminal to shut the
system down, or whatever you are after... There is always, *always* an acct. 
Called root, the most powerful acct. To be on, since it has all of the system
files on it.  If you hack your way onto this one, then everything is easy from
here on... On the unix system, the abort key is the cntrl-d key.  Watch how
many times you hit this, since it is also a way to log off the system! A little
about unix architechture: the root directory, called root, is where the system
resides.  After this come a few 'sub' root directories, usually to group things
(stats here, priv stuff here, the user log here...). Under this comes the
superuser (the operator of the system), and then finally the normal users.  In
the unix 'shell' everything is treated the same. By this we mean:  you can
access a  program the same way you access a user directory, and so on.  The way
the unix system was written, everything, users included, are just programs
belonging to the root directory.  Those of you who hacked onto the root, smile,
since you can screw everything... The main level (exec level) prompt on the
unix system is the $, and if you are on the root, you have a # (super- user
prompt). Ok, a few basics for the system... To see where you are, and what
paths are active in reguards to your user account, then type => pwd this shows
your acct. Seperated by a slash with another pathname (acct.), Possibly many
times. To connect through to another path, or many paths, you would type: you=>
ph1/path2/path3 and then you are connected all the way from path1 to path3. 
You can run the programs on all the paths you are connected to.  If it does not
allow you to connect to a path,  then you have insufficient privs, or the path
is closed and archived onto tape.  You can run programs this way also: you=>
p1/path2/path3/program-name unix treats everything as a program, and thus
there a few commands to learn... To see what you have access to in the end
path, type=>  ls for list.  This show the programs you can run.  You can
connect to the root directory and run it's  programs with=> /root by the way,
most unix systems have their log file on the root, so you can set up a watch on
the file, waiting for people to log in and snatch their password as it passes
thru the file. To connect to a directory, use the command:  => cd pathname this
allows you to do what you want with that directory.  You may be asked for a
password, but this is a good way of finding other user names to hack onto.  
The wildcard character in unix, if you want to search down a path for a game or
such, is the *. => Ls /* should show you what you can access. The file types
are the same as they are on a dec, so refer to that section when examining
file.  To see what is in a file, use the => pr filename command, for print
file.   We advise playing with pathnames to get the hang of the concept.  There
is on-line help available on most systems with a 'help' or a '?'. We advise you
look thru the help files and pay attention to anything they give you on
pathnames, or the commands for the system.   You can, as a user, create or
destroy directories on the tree beneath you. This means that root can kill
every- thing but root, and you can kill any that are below you.  These are the
=> mkdir pathname => rmdir pathname  commands.   Once again, you are not alone
on the system...  Type=>  who to see what other users are logged in to the
system at the time.  If you want to talk to them=>  write username will allow
you to chat at the same time, without having to worry about the parser.  To
send mail to a user, say => mail and enter the mail sub-system. To send a
message to all the users on the system, say => wall which stands for 'write
all' by the way, on a few systems, all you have to do is hit the <return> key
to end the message, but on others you must hit the cntrl-d key. To send a
single message to a user, say => write username this is very handy again!  If
you send the sequence of characters discussed at the very beginning of this
article, you can have the super-user terminal do tricks for you again. Privs:
if you want super-user privs, you can either log in as root, or edit your acct.
So it can say => su this now gives you the # prompt, and allows you to
completely by-pass the protection.  The wonderful security conscious developers
at bell made it very difficult to do much without  privs, but once you have
them, there is absolutely nothing stopping you from doing anything you want to.
To bring down a unix system: => chdir /bin => rm * this wipes out the pathname
bin, where all the system maintenance files are. Or try: => r -r this
recursively removes everything  from the system except the remove command
itself. Or try: => kill -1,1 => sync this wipes out the system devices from
operation.   When you are finally sick and tired from hacking on the vax
systems, just hit your cntrl-d and repeat key, and you will eventually be
logged out. The reason this file seems to be very sketchy is the fact that bell
has 7 licenced versions of unix out in the public domain, and these commands
are those common to all of them.  We recommend you hack onto the root or bin
directory, since they have the highest levels of privs, and there is really not
much you can do (except develope software) without them.
 
=======================================
 
The Wizard.
 
THIEF.
 
Sept. 1989