The Big Beef Hax0r Guide Supreme by Guido Supremo ########################################################################### 01. How do I access the password file under Unix? 02. How do I crack Unix passwords? 03. What is password shadowing? 04. Where can I find the password file if it's shadowed? 05. What is "Orin"? 06. What are those weird things hanging off my body? 07. How do I access the password file under VMS? 08. How do I crack VMS passwords? 09. What can be logged on a VMS system? 10. What privileges are available on a VMS system? 11. How do I break out of a restricted shell? 12. How do I gain root from a suid script or program? 13. How do I erase my presence from the system logs? 14. How do I send fakemail? 15. How do I fake posts and control messages to UseNet? 16. How do I hack ChanOp on IRC? 17. How do I play with myself? 18. How to I change to directories with strange characters in them? 19. What is ethernet sniffing? 20. What is 127.0.0.1? ########################################################################### 01. How do I access the password file under Unix? In standard Unix the password file is /etc/passwd. On a Unix system with either NIS/yp or password shadowing, much of the password data may be elsewhere. To get the password, type at the prompt: GIVE ME THE PASSWORD FILE NOW If that does not work (many admins have patched this software bug), type: GIVE IT TO ME OR I WILL HAX0R YOU This should bypass the current security measures. There has been talk of a patch to this bug, but it is still several years off from being widely used. 02. How do I crack Unix passwords? Contrary to popular belief, Unix passwords cannot be decrypted. Unix passwords are encrypted with a one way function. The login program encrypts the text you enter at the "password:" prompt and compares that encrypted string against the encrypted form of your password. Password cracking software uses hammers. To crack password files yourself, display the current password file on your computer monitor, and take a large hammer. Apply force to the back of the hammer directed at the computer screen. Be careful not to completly destroy your screen, use only enough force to crack the file displayed. If you can't find a hammer, or your screen is already broken, you may print out the password file, wrap the printouts around a rock, and drop it from a tall structure. This should sufficiently "crack" the encrypted passwords contained inside. 03. What is password shadowing? Password shadowing is a security system where the password is actually the word "shadow". This security measure was created by extremely stupid individuals. The password file has been set up so that the word "shadow" is replaced with a !, #, *, x, or other token. The password file showing all the people whose passwords are "shadow" will be found elsewhere on the system. 04. Where can I find the password file if it's shadowed? Unix Location Token ------------------------------------------------------------------ AIX Toilet ! ACO Under Bathroom Mat :) BSD Inside Anal Cavity :o ConvexOS Under Rock next to tree **see below** DG/UX Heaven newyorktransittoken HP-UX Hell whosfryingbaloney JizzOS Where the sky loves the sea x Linux Candyland **see below** OSF/1 Between Boardwalk and Park Place * SunOS In my pants %] System V The Land of Milk and Honey thisisatoken Ultrix The Dog Ate It ~ UNICOS Wedged between Orins breasts **see below** **Note, these systems no longer use tokens, as they have upgraded to the metrocard. 05. What is "Orin"? Orin is currently to be elected Hardcore Porn Queen of the Year. Please see Http://america.net/~cochise for more information 06. What are those weird things hanging off my body? Those are your genetalia. Be careful not to damage them. 07. How do I access the password file under VMS? Under VMS, the password file is SYS$SYSTEM:SYSUAF.DAT. However, unlike Unix, most systems are not suceptible to the "GIVE ME THE PASSWORD FILE NOW" attacks. For these systems, other attacks are nessesary, such as the "Pretty please with sugar on top" methods, outlined later. 08. How do I crack VMS passwords? Exactly the same way you crack UNIX passwords. Get your hammer or use the printouts-and-rock method. 09. What can be logged on a VMS system? Virtually every aspect of the VMS system can be logged for investigation. With this known, be sure you keep plenty of matches handy, so that you can print out these logs and burn them, therefore eliminating any evidence of your breakin. 10. What privileges are available on a VMS system? BEDTIME Allows you to go to bed whenever you want CANDY Allows you to eat all the candy you want STORY Makes Mommy or Daddy read you a story JIMMORRISON Allows you to listen to the Doors CLOCKWORKORANGE Allows you to gang rape people and listen to Beethoven 11. How do I break out of a restricted shell? On poorly implemented restricted shells you can break out of the restricted environment by eating the chocolate shell to get at the creamy center, or, if the shell is not made of chocolate but instead of something inedible like Bash, type "GIVE ME ROOT PLEAZE" and you should have it. Keep in mind that a Korn shell is edible, but yeilds no creamy center. 12. How do I gain root from a suid script or program? Very carefully. 13. How do I erase my presence from the system logs? Edit /etc/iamloggingyoustupid, /usr/adm/bunnysex and /usr/adm/jimmorrison. These are not text files that can be edited by hand with vi, you must use a program specifically written for this purpose. Example: #include void main() { printf("Error, user is too stupid to have gotten root in the first place."); } 14. How do I send fakemail? Telnet to port 25 of the machine you want the mail to appear to originate from. Enter your message as in this example: HELO OTHUR KOMPUTER THIS MALE IS FRUM billgates@microsoft.com NO, REALLY, IT IS DATA Frum: Joe Momma To: you Subjekt: This mail is fake Replie-To: Joe Momma 3y3 /\m 31337 b3cau§e 3y3 fakex0red this mailx0r . QUIT (this pathetic life of mine) 15. How do I fake posts and control messages to UseNet? If you are a real 31337 hax0r, then you shouldn't use Usenet. Stick to more conventional message boards, such as the bulletin board at your local laundromat. You can stick messages there that say "This message is from Joe Blatz, I am a stoopid luser". With an 31337 skill like that, you will surely be ph33r3d. 16. How do I hack ChanOp on IRC? Find a server that is split from the rest of IRC and create your own channel there using the name of the channel you want ChanOp on. Then when the split ends, say to the ops "I JUST HAX0RED J00R CHANNEL! JOO SUX0R", in which case you will quickly end up in a situation where you are no longer hacking the channel, and are probably wondering where the channel went. That means that you have successfully hax0red the channel. Those people will now ph33r you. 17. How do I play with myself? That is just slightly out of scope for this file. 18. How to I change to directories with strange characters in them? These directories are often used by people trying to hide information, most often warez (commercial software). The first thing you do is type Ctrl-D, I, space, S, U, X, 0, R, enter. This will let you see exactly what is in those directories, or at least let you have some insight about yourself. 19. What is ethernet sniffing? Ethernet sniffing is listening (with software) to the raw ethernet device for packets that interest you. When your software sees a packet that fits certain criteria, it logs it to a file. The most common criteria for an interesting packet is one that contains words like "pornography" or "pedophilia". To get a sniffer, enter an IRC channel or aol chat room, and say "GIVE ME A ETHERNET SNIFFER" approximately five hundred times. After the five hundredth, it will be DCCed to you or you will find it in an email. This is an automatic function of most IRC servers, provided you do it in a channel with no ops in it. 20. What is 127.0.0.1? 127.0.0.1 is Bill Gates IP. Is is suggested that you do all you can to make this guys life a living hell. Winnuke this address often. He will really ph33r j00.