• Indeks
• User Guide
• Shobin Dav

[ Pobierz całość w formacie PDF ]
.ISP.net.You will also learn some perfectly legal things you can try to get finger todo.For example, some finger programs will respond to the command:finger @boring.ISP.netIf you should happen to find a finger program old enough or trusting enough to accept this command, youmight get something back like:[boring.ISP.net]Login Name TTY Idle When Wherehappy Prof.Foobar co 1d Wed 08:00 boring.ISP.netThis tells you that only one guy is logged on, and he s doing nothing.This means that if someone shouldmanage to break in, no one is likely to notice -- at least not right away.Another command to which a finger port might respond is simply: fingerIf this command works, it will give you a complete list of the users of this host.These user names then canbe used to crack a password or two.Sometimes a system will have no restrictions on how lame a password can be.Common lame passwordhabits are to use no password at all, the same password as user name, the user s first or last name, and guest. If these don t work for the cracker, there are widely circulated programs which try out every wordof the dictionary and every name in the typical phone book.********************************Newbie Note #2: Is your password easy to crack? If you have a shell account, you may change it with thecommand:passwdChoose a password that isn t in the dictionary or phone book, is at least 6 characters long, and includessome characters that are not letters of the alphabet.A password that is found in the dictionary but has one extra character is *not* a good password.********************************Other commands which may sometimes get a response out of finger include:finger @finger 0finger rootfinger binfinger ftpfinger systemfinger guestfinger demofinger managerOr, even just hitting once you are into port 79 may give you something interesting.There are plenty of other commands that may or may not work.But most commands on most fin gerprograms will give you nothing, because most system administrators don t want to ladle out lots ofinformation to the casual visitor.In fact, a really cautious sysadmin will disable finger entirely.So you llnever even manage to get into port 79 of some computersHowever, none of these commands I have shown you will give you root access.They provide informationonly.************************Newbie note #3: Root! It is the Valhalla of the hard-core cracker. Root is the account on a multi-usercomputer which allows you to play god.It is the account from which you can enter and use any otheraccount, read and modify any file, run any program.With root access, you can completely destroy all dataon boring.ISP.net.(I am *not* suggesting that you do so!)*************************It is legal to ask the finger program of boring.ISP.net just about anything you want.The worst that canhappen is that the program will crash.Crash.what happens if finger crashes?Let s think about what finger actually does.It s the first program you meet when you telnet toboring.ISP.net s port 79.And once there, you can give it a command that directs it to read files from anyuser s account you may choose.That means finger can look in any account.That means if it crashes, you may end up in root.Please, if you should happen to gain root access to someone else s host, leave that computer immediately!You d better also have a good excuse for your systems administrator and the cops if you should get caught!If you were to make finger crash by giving it some command like ///*^S, you might have a hard time claimingthat you were innocently seeking publicly available information.*****************YOU CAN GO TO JAIL TIP #1: Getting into a part of a comp uter that is not open to the public is illegal.Inaddition, if you use the phone lines or Internet across a US state line to break into a non-public part of acomputer, you have committed a Federal felony.You don t have to cause any harm at all -- it s still illegal.Even if you just gain root access and immediately break off your connection -- it s still illegal.***************Truly elite types will crack into a root account from finger and just leave immediately.They say the real rushof cracking comes from being *able* to do anything to boring.ISP.net -- but refusing the temptation.The elite of the elite do more than just refrain from taking advantage of the systems they penetrate.Theyinform the systems administrator that they have cracked his or her computer, and leave an explanation ofhow to fix the security hole.************************************YOU CAN GO TO JAIL TIP #2: When you break into a computer, the headers on the packets that carry yourcommands tell the sysadmin of your target who you are.If you are reading this column you don t knowenough to cover your tracks.Tell temptation to take a hike!************************************Ah, but what are your chances of gaining root through finger? Haven t zillions of hackers found all thecrashable stuph? Doesn t that suggest that finger programs running on the Internet today are all fixed soyou can t get root access through them any more?No.The bottom line is that any systems adminstrator that leaves the finger service running on his/her system istaking a major risk.If you are the user of an ISP that allows finger, ask yourself this question: is using it toadvertise your existence across the Internet worth the risk?GUIDE TO (mostly) HARMLESS HACKINGVol.1 Number 4It s vigilante phun day! How get Usenet spammers kicked off their ISPs._______________________________________________________How do you like it when your sober news groups get hit with 900 number sex ads and Make Money Fastpyramid schemes? If no one ever made those guys pay for their effrontery, soon Usenet would be inundatedwith crud.It s really tempting, isn t it, to use our hacking knowledge to blow these guys to kingdom come.But manytimes that s like using an atomic bomb to kill an ant [ Pobierz całość w formacie PDF ]