[ Pobierz całość w formacie PDF ]
.Besides, I make lots and LOTS of mistakes and I [Carolyn] am a famous, er,infamous hacker.If an old lady like me isn't afraid to make publicboo-boos, you can be brave and figure out that C compiler by yourself.To learn about every single command that you have the power to run fromyour shell account, type in the letter "a" followed by control d.Then witheach and every command that brings up, give the command "man acommand" whereyou substitute the command you wish to explore for "acommand".Then tryusing that command until you have figured out how to use it with all itsvariations.Do this in turn with each of the rest of the letters of thealphabet.When you are done, you will be a true Unix wizard.No one willever again say to you, "RTFM!" (Read the forking manual).AN EXPLOIT EXPLAINEDHere's a fun, simple, powerful shell script.This is a goodie that youmight be able to use from your shell account to create a root shell foryourself on the computer where you have your shell.==========================================================Newbie note: A "root shell" allows you to do anything you wish to thecomputer you are on.====================================================================================================================You can go to jail warning: In the US and many other countries, it isillegal even to just get a root shell on someone else's computer -- unlessthat person agrees to let you get root.===========================================================If you are determined to test this shell script, there are ways to dothis legally.Number one, install some form of Unix on your home computer.The easiest to install is Red Hat Linux, available at http://www.redhat.com.The easiest to get exploits to run on is Debian Linux, athttp://www.debian.org.For other Linux sources, see the GTMHH "Linux!" athttp://www.happyhacker.org.Make sure your Linux is running an outdated sendmail program, versions 8.7through 8.8.2.Next set up user accounts on your home Linux box.The command is "adduser."Then run this exploit from your user account on your home computer.If youhave the right version of sendmail, you will be amazed at how easy it is tobreak in.The other way to legally run this exploit is to get permission to breakinto someone else's computer.Soon our Hacker Wargame will offer accountson a newbie computer that will allow this exploit.Don't assume you can get away with running this script against a stranger'scomputer.There is no way to be absolutely certain you won't get caught.Besides, if you have to read this to learn how to break into a computer, youdon't know enough to have even a hope of getting away with the crime.Once you try this exploit you will know how ridiculously easy it is tobreak into computers.If someone gets busted for breaking into a computerusing this shell script, yeah, sure, the media will make out like the personwho ran it is a genius.But you are about to learn that a little kid couldbreak into a computer that runs a vulnerable version of sendmail.It's thateasy.So anyone who is in the know realizes that it doesn't take brains tobreak into a computer.They will simply agree with Fatal Error that "To erris human; to get caught is just plain stupid."Here is how to break into a computer that runs sendmail 8.7 through 8.8.2on the Linux and FreeBSD operating systems.1) Look for an Internet service provider running a vulnerable version ofsendmail.To do this, get the domain names of some ISPs fromhttp://www.celestin.com/pocia.Another way to get ISP names is from people'semail addresses.Then try telnetting into their smtp (mail server) ports.Use the command:telnet fubar.com smtpTrying 208.999.37.180.Connected to fubar.com (208.999.37.180).Escape character is '^]'.220 lobo.net ESMTPNow there is a smart ISP.They don't tell strangers what mail serverprogram they run.But pretty soon you will hit an ISP that is vulnerable.You will get a message like this:telnet foominds.com smtpTrying 209.999.14.99.Connected to foominds.com (209.999.14.99).Escape character is '^]'.220 zuni Sendmail SMI-8.7/SMI-SVR4 ready at Sun, 3 May 1998 14:43:07 -0700OK, we have a vulnerable version of sendmail.But does it also have avulnerable operating system? You can find that out by telneting into the login:telnet foominds.comTrying 209.999.14.99.Connected to foominds.com (209.999.14.99).Escape character is '^]'.UNIX(r) System V Release 4.0 (zuni)login:We struck out here -- maybe.This exploit is guaranteed to work for Linuxand FreeBSD running vulnerable versions of sendmail.It may or may not workon this ISP.Let's say you find an ISP where this exploit is certain to work.Your nextstep is to buy an account on this ISP.===========================================================You can go to jail warning: The way I am showing you to break into acomputer is GUARANTEED to get you caught.Don't do this unless you havefirst gotten permission to try it out from the owner of your ISP.If youdiscover your ISP is vulnerable, your best bet is not to break in.Instead,politely tell tech support they are vulnerable, and offer to show them howto break in.They might say "Yes, please show us how it's done"! Then itwill be OK to run this script.===========================================================Now comes the fun part.Give the command "pico s.sh" (or substitute yourfavorite editor for "pico".That brings up an editor program
[ Pobierz całość w formacie PDF ]