___________________________________________________________ GUIDE TO (mostly) HARMLESS HACKING Beginners’ Series #3 Part 2 How to Get a *Good* Shell Account ____________________________________________________________ ____________________________________________________________ In this section you will learn: · how to explore your shell account · Ten Meinel Hall of Fame Shell Account Exploration Tools · how to decide whether your shell account is any good for hacking · Ten Meinel Hall of Fame LAN and Internet Exploration Tools · Meinel Hall of Infamy Top Five Ways to Get Kicked out of Your Shell Account ____________________________________________________________ How to Explore Your Shell Account So you’re in your shell account. You’ve tried the “ls -alF” command and are pretty sure this really, truly is a shell account. What do you do next? A good place to start is to find out what kind of shell you have. There are many shells, each of which has slightly different ways of working. To do this, at your prompt give the command “echo $SHELL.” Be sure to type in the same lower case and upper case letters. If you were to give the command “ECHO $shell,” for example, this command won’t work. If you get the response: /bin/sh That means you have the Bourne shell. If you get: /bin/bash Then you are in the Bourne Again (bash) shell. If you get: /bin/ksh You have the Korn shell. If the “echo $SHELL” command doesn’t work, try the command “echo $shell,” remembering to use lower case for “shell.” This will likely get you the answer: /bin/csh This means you have the C shell. Why is it important to know which shell you have? For right now, you’ll want a shell that is easy to use. For example, when you make a mistake in typing, it’s nice to hit the backspace key and not see ^H^H^H on your screen. Later, though, for running those super hacker exploits, the C shell may be better for you. Fortunately, you may not be stuck with whatever shell you have when you log in. If your shell account is any good, you will have a choice of shells. Trust me, if you are a beginner, you will find bash to be the easiest shell to use. You may be able to get the bash shell by simply typing the word “bash” at the prompt. If this doesn’t work, ask tech support at your ISP for a shell account set up to use bash. A great book on using the bash shell is _Learning the Bash Shell_, by Cameron Newham and Bill Rosenblatt, published by O’Reilly. If you want to find out what other shells you have the right to use, try “csh” to get the C shell; “ksh” to get the Korn shell, “sh” for Bourne shell, “tcsh” for the Tcsh shell, and “zsh” for the Zsh shell. If you don’t have one of them, when you give the command to get into that shell you will get back the answer “command not found.” Now that you have chosen your shell, the next thing is to explore. See what riches your ISP has allowed you to use. For that you will want to learn, and I mean *really learn* your most important Unix commands and auxiliary programs. Because I am supreme arbiter of what goes into these Guides, I get to decide what the most important commands are. Hmm, “ten” sounds like a famous number. So you’re going to get the: Ten Meinel Hall of Fame Shell Account Exploration Tools 1) man This magic command brings up the online Unix manual. Use it on each of the commands below, today! Wonder what all the man command options are? Try the "man -k" option. 2) ls Lists files. Jericho suggests “Get people in the habit of using "ls -alF". This will come into play down the road for security-conscious users.” You’ll see a huge list of files that you can’t see with the “ls” command alone, and lots of details. If you see such a long list of files that they scroll off the terminal screen, one way to solve the problem is to use “ls -alF|more.” 3) pwd Shows what directory you are in. 4) cd Changes directories. Kewl directories to check out include /usr, /bin and /etc. For laughs, jericho suggests exploring in /tmp. 5) more This shows the contents of text files. Also you might be able to find “less” and “cat” which are similar commands. 6) whereis Think there might be a nifty program hidden somewhere? Maybe a game you love? This will find it for you. Similar commands are “find” and “locate.” Try them all for extra fun. 7) vi An editing program. You’ll need it to make your own files and when you start programming while in your shell account. You can use it to write a really lurid file for people to read when they finger you. Or try “emacs.” It’s another editing program and IMHO more fun than vi. Other editing programs you may find include “ed” (an ancient editing program which I have used to write thousands of lines of Fortran 77 code), “ex,” “fmt,” “gmacs,” “gnuemacs,” and “pico.” 8) grep Extracts information from files, especially useful for seeing what’s in syslog and shell log files. Similar commands are “egrep,” “fgrep,” and “look.” 9) chmod Change file permissions. 10) rm Delete file. If you have this command you should also find “cp” for copy file, and “mv” for move file. How to Tell Whether Your Shell Account Is any Good for Hacking Alas, not all shell accounts are created equal. Your ISP may have decided to cripple your budding hacker career by forbidding your access to important tools. But you absolutely must have access to the top ten tools listed above. In addition, you will need tools to explore both your ISP’s local area network (LAN) and the Internet. So in the spirit of being Supreme Arbiter of Haxor Kewl, here are my: Ten Meinel Hall of Fame LAN and Internet Exploration Tools 1) telnet If your shell account won’t let you telnet into any port you want either on its LAN or the Internet, you are totally crippled as a hacker. Dump your ISP now! 2) who Shows you who else is currently logged in on your ISP’s LAN. Other good commands to explore the other users on your LAN are “w,” “rwho, ” “users.” 3) netstat All sorts of statistics on your LAN, including all Internet connections. For real fun, try “netstat -r” to see the kernel routing table. However, jericho warns “Be careful. I was teaching a friend the basics of summing up a Unix system and I told her to do that and ‘ifconfig’. She was booted off the system the next day for ‘hacker suspicion’ even though both are legitimate commands for users.” 4) whois Get lots of information on Internet hosts outside you LAN. 5) nslookup Get a whole bunch more information on other Internet hosts. 6) dig Even more info on other Internet hosts. Nslookup and dig are not redundant. Try to get a shell account that lets you use both. 7) finger Not only can you use finger inside your LAN. It will sometimes get you valuable information about users on other Internet hosts. 8) ping Find out if a distant computer is alive and run diagnostic tests -- or just plain be a meanie and clobber people with pings. (I strongly advise *against* using ping to annoy or harm others.) 9) traceroute Kind of like ping with attitude. Maps Internet connections, reveals routers and boxes running firewalls. 10) ftp Use it to upload and download files to and from other computers. If you have all these tools, you’re in great shape to begin your hacking career. Stay with your ISP. Treat it well. Once you get your shell account, you will probably want to supplement the “man” command with a good Unix book . Jericho recommends _Unix in a Nutshell_ published by O'Reilly. "It is the ultimate Unix command reference, and only costs 10 bucks. O'Reilly r00lz." How to Keep from Losing Your Shell Account So now you have a hacker’s dream, an account on a powerful computer running Unix. How do you keep this dream account? If you are a hacker, that is not so easy. The problem is that you have no right to keep that account. You can be kicked off for suspicion of being a bad guy, or even if you become inconvenient, at the whim of the owners. Meinel Hall ‘O Infamy Top Five Ways to Get Kicked out of Your Shell Account 1) Abusing Your ISP Let’s say you are reading Bugtraq and you see some code for a new way to break into a computer. Panting with excitement, you run emacs and paste in the code. You fix up the purposely crippled stuff someone put in to keep total idiots from running it. You tweak it until it runs under your flavor of Unix. You compile and run the program against your own ISP. It works! You are looking at that “#” prompt and jumping up and down yelling “I got root! I got root!” You have lost your hacker virginity, you brilliant dude, you! Only, next time you go to log in, your password doesn’t work. You have been booted off your ISP. NEVER, NEVER ABUSE YOUR OWN ISP! ********************************************************* You can go to jail warning: Of course, if you want to break into another computer, you must have the permission of the owner. Otherwise you are breaking the law. ********************************************************* 2) Ping Abuse. Another temptation is to use the powerful Internet connection of your shell account (usually a T1 or T3) to ping the crap out of the people you don’t like. This is especially common on Internet Relay Chat. Thinking of ICBMing or nuking that dork? Resist the temptation to abuse ping or any other Internet Control Message Protocol attacks. Use ping only as a diagnostic tool, OK? Please? Or else! 3) Excessive Port Surfing Port surfing is telnetting to a specific port on another computer. Usually you are OK if you just briefly visit another computer via telnet, and don’t go any further than what that port offers to the casual visitor. But if you keep on probing and playing with another computer, the sysadmin at the target computer will probably email your sysadmin records of your little visits. (These records of port visits are stored in “messages,” and sometimes in “syslog” depending on the configuration of your target computer -- and assuming it is a Unix system.) Even if no one complains about you, some sysadmins habitually check the shell log files that keep a record of everything you or any other user on the system has been doing in their shells. If your sysadmin sees a pattern of excessive attention to one or a few computers, he or she may assume you are plotting a break-in. Boom, your password is dead. 4) Running Suspicious Programs If you run a program whose primary use is as a tool to commit computer crime, you are likely to get kicked off your ISP. For example, many ISPs have a monitoring system that detects the use of the program SATAN. Run SATAN from your shell account and you are history. ********************************************************** Newbie note: SATAN stands for Security Administration Tool for Analyzing Networks. It basically works by telnetting to one port after another of the victim computer. It determines what program (daemon) is running on each port, and figures out whether that daemon has a vulnerability that can be used to break into that computer. SATAN can be used by a sysadmin to figure out how to make his or her computer safe. Or it may be just as easily used by a computer criminal to break into someone else’s computer. *********************************************************** 5) Storing Suspicious Programs It’s nice to think that the owners of your ISP mind their own business. But they don’t. They snoop in the directories of their users. They laugh at your email. OK, maybe they are really high-minded and resist the temptation to snoop in your email. But chances are high that they will snoop in your shell log files that record every keystroke you make while in your shell account. If they don’t like what they see, next they will be prowling your program files. One solution to this problem is to give your evil hacker tools innocuous names. For example, you could rename SATAN to ANGEL. But your sysdamin may try running your programs to see what they do. If any of your programs turn out to be commonly used to commit computer crimes, you are history. Wait, wait, you are saying. Why get a shell account if I can get kicked out even for legal, innocuous hacking? After all, SATAN is legal to use. In fact, you can learn lots of neat stuff with SATAN. Most hacker tools, even if they are primarily used to commit crimes, are also educational. Certainly if you want to become a sysadmin someday you will need to learn how these programs work. Sigh, you may as well learn the truth. Shell accounts are kind of like hacker training wheels. They are OK for beginner stuff. But to become a serious hacker, you either need to find an ISP run by hackers who will accept you and let you do all sorts of suspicious things right under their nose. Yeah, sure. Or you can install some form of Unix on your home computer. But that’s another Guide to (mostly) Harmless Hacking (Vol. 2 Number 2: Linux!). If you have Unix on your home computer and use a PPP connection to get into the Internet, your ISP is much less likely to snoop on you. Or try making friends with your sysadmin and explaining what you are doing. Who knows, you may end up working for your ISP! In the meantime, you can use your shell account to practice just about anything Unixy that won’t make your sysadmin go ballistic. ************************************************************* Would you like a shell account that runs industrial strength Linux -- with no commands censored? Want to be able to look at the router tables, port surf all.net, and keep SATAN in your home directory without getting kicked out for suspicion of hacking? Do you want to be able to telnet in on ssh (secure shell)so no one can sniff your password? Are you willing to pay $30 per month for unlimited access to this hacker playground? How about a seven day free trial account? Email haxorshell@techbroker.com for details. ************************************************************* In case you were wondering about all the input from jericho in this Guide, yes, he was quite helpful in reviewing this and making suggestions. Jericho is a security consultant and also runs his own Internet host, obscure.sekurity.org. Thank you, jericho@dimensional.com, and happy hacking! _________________________________________________________ Want to see back issues of Guide to (mostly) Harmless Hacking? See either http://www.cs.utexas.edu/users/matt/hh.html (the official Happy Hacker archive site) http://www.geocities.com/TimesSquare/Arcade/4594 http://www.silitoad.org http://base.kinetik.org http://www.anet-chi.com/~dsweir http://www.tacd.com/zines/gtmhh/ http://ra.nilenet.com/~mjl/hacks/codez.htm http://www.ilf.net/brotherhood/index2.html Subscribe to our discussion list by emailing to hacker@techbroker.com with message "subscribe" Want to share some kewl stuph with the Happy Hacker list? Correct mistakes? Send your messages to hacker@techbroker.com. To send me confidential email (please, no discussions of illegal activities) use cmeinel@techbroker.com and be sure to state in your message that you want me to keep this confidential. If you wish your message posted anonymously, please say so! Direct flames to dev/null@techbroker.com. Happy hacking! Copyright 1997 Carolyn P. Meinel. You may forward or post this GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave this notice at the end. ________________________________________________________ Carolyn Meinel M/B Research -- The Technology Brokers