The
Big Beef Hax0r Guide Supreme
by
Guido Supremo
###########################################################################
01. How do I access the password file under Unix?
02. How do I crack Unix passwords?
03. What is password shadowing?
04. Where can I find the password file if it's shadowed?
05. What is "Orin"?
06. What are those weird things hanging off my body?
07. How do I access the password file under VMS?
08. How do I crack VMS passwords?
09. What can be logged on a VMS system?
10. What privileges are available on a VMS system?
11. How do I break out of a restricted shell?
12. How do I gain root from a suid script or program?
13. How do I erase my presence from the system logs?
14. How do I send fakemail?
15. How do I fake posts and control messages to UseNet?
16. How do I hack ChanOp on IRC?
17. How do I play with myself?
18. How to I change to directories with strange characters in them?
19. What is ethernet sniffing?
20. What is 127.0.0.1?
###########################################################################
01. How do I access the password file under Unix?
In standard Unix the password file is /etc/passwd. On a Unix system
with either NIS/yp or password shadowing, much of the password data may
be elsewhere. To get the password, type at the prompt:
GIVE ME THE PASSWORD FILE NOW
If that does not work (many admins have patched this software bug), type:
GIVE IT TO ME OR I WILL HAX0R YOU
This should bypass the current security measures. There has been talk of a
patch to this bug, but it is still several years off from being widely used.
02. How do I crack Unix passwords?
Contrary to popular belief, Unix passwords cannot be decrypted. Unix
passwords are encrypted with a one way function. The login program
encrypts the text you enter at the "password:" prompt and compares
that encrypted string against the encrypted form of your password.
Password cracking software uses hammers. To crack password files yourself,
display the current password file on your computer monitor, and take a
large hammer. Apply force to the back of the hammer directed at the
computer screen. Be careful not to completly destroy your screen, use only
enough force to crack the file displayed. If you can't find a hammer, or
your screen is already broken, you may print out the password file, wrap
the printouts around a rock, and drop it from a tall structure. This
should sufficiently "crack" the encrypted passwords contained inside.
03. What is password shadowing?
Password shadowing is a security system where the password is actually the
word "shadow". This security measure was created by extremely stupid
individuals. The password file has been set up so that the word "shadow"
is replaced with a !, #, *, x, or other token. The password file showing
all the people whose passwords are "shadow" will be found elsewhere on the
system.
04. Where can I find the password file if it's shadowed?
Unix Location Token
------------------------------------------------------------------
AIX Toilet !
ACO Under Bathroom Mat :)
BSD Inside Anal Cavity :o
ConvexOS Under Rock next to tree **see below**
DG/UX Heaven newyorktransittoken
HP-UX Hell whosfryingbaloney
JizzOS Where the sky loves the sea x
Linux Candyland **see below**
OSF/1 Between Boardwalk and Park Place *
SunOS In my pants %]
System V The Land of Milk and Honey thisisatoken
Ultrix The Dog Ate It ~
UNICOS Wedged between Orins breasts **see below**
**Note, these systems no longer use tokens, as they have upgraded to the
metrocard.
05. What is "Orin"?
Orin is currently to be elected Hardcore Porn Queen of the Year. Please see
Http://america.net/~cochise
for more information
06. What are those weird things hanging off my body?
Those are your genetalia. Be careful not to damage them.
07. How do I access the password file under VMS?
Under VMS, the password file is SYS$SYSTEM:SYSUAF.DAT. However,
unlike Unix, most systems are not suceptible to the "GIVE ME THE PASSWORD
FILE NOW" attacks. For these systems, other attacks are nessesary, such as
the "Pretty please with sugar on top" methods, outlined later.
08. How do I crack VMS passwords?
Exactly the same way you crack UNIX passwords. Get your hammer or use the
printouts-and-rock method.
09. What can be logged on a VMS system?
Virtually every aspect of the VMS system can be logged for
investigation. With this known, be sure you keep plenty of matches handy,
so that you can print out these logs and burn them, therefore eliminating
any evidence of your breakin.
10. What privileges are available on a VMS system?
BEDTIME Allows you to go to bed whenever you want
CANDY Allows you to eat all the candy you want
STORY Makes Mommy or Daddy read you a story
JIMMORRISON Allows you to listen to the Doors
CLOCKWORKORANGE Allows you to gang rape people and listen to Beethoven
11. How do I break out of a restricted shell?
On poorly implemented restricted shells you can break out of the
restricted environment by eating the chocolate shell to get at the creamy
center, or, if the shell is not made of chocolate but instead of something
inedible like Bash, type "GIVE ME ROOT PLEAZE" and you should have it.
Keep in mind that a Korn shell is edible, but yeilds no creamy center.
12. How do I gain root from a suid script or program?
Very carefully.
13. How do I erase my presence from the system logs?
Edit /etc/iamloggingyoustupid, /usr/adm/bunnysex and /usr/adm/jimmorrison.
These are not text files that can be edited by hand with vi, you must use a
program specifically written for this purpose.
Example:
#include
void main()
{
printf("Error, user is too stupid to have gotten root in the first place.");
}
14. How do I send fakemail?
Telnet to port 25 of the machine you want the mail to appear to
originate from. Enter your message as in this example:
HELO OTHUR KOMPUTER
THIS MALE IS FRUM billgates@microsoft.com
NO, REALLY, IT IS
DATA
Frum: Joe Momma
To: you
Subjekt: This mail is fake
Replie-To: Joe Momma
3y3 /\m 31337 b3cau§e 3y3 fakex0red this mailx0r
.
QUIT (this pathetic life of mine)
15. How do I fake posts and control messages to UseNet?
If you are a real 31337 hax0r, then you shouldn't use Usenet. Stick to
more conventional message boards, such as the bulletin board at your local
laundromat. You can stick messages there that say "This message is from
Joe Blatz, I am a stoopid luser". With an 31337 skill like that, you will
surely be ph33r3d.
16. How do I hack ChanOp on IRC?
Find a server that is split from the rest of IRC and create your own
channel there using the name of the channel you want ChanOp on. Then when
the split ends, say to the ops "I JUST HAX0RED J00R CHANNEL! JOO SUX0R", in
which case you will quickly end up in a situation where you are no longer
hacking the channel, and are probably wondering where the channel went.
That means that you have successfully hax0red the channel. Those people
will now ph33r you.
17. How do I play with myself?
That is just slightly out of scope for this file.
18. How to I change to directories with strange characters in them?
These directories are often used by people trying to hide information,
most often warez (commercial software). The first thing you do is type
Ctrl-D, I, space, S, U, X, 0, R, enter. This will let you see exactly what
is in those directories, or at least let you have some insight about
yourself.
19. What is ethernet sniffing?
Ethernet sniffing is listening (with software) to the raw ethernet
device for packets that interest you. When your software sees a
packet that fits certain criteria, it logs it to a file. The most
common criteria for an interesting packet is one that contains words
like "pornography" or "pedophilia". To get a sniffer, enter an IRC
channel or aol chat room, and say "GIVE ME A ETHERNET SNIFFER"
approximately five hundred times. After the five hundredth, it will be
DCCed to you or you will find it in an email. This is an automatic
function of most IRC servers, provided you do it in a channel with no ops
in it.
20. What is 127.0.0.1?
127.0.0.1 is Bill Gates IP. Is is suggested that you do all you can to make
this guys life a living hell. Winnuke this address often. He will really
ph33r j00.
(
geocities.com/siliconvalley)