Hacking Kit Documentation
PreferenceIf you have any other exploits, bugs, sniffers or utils that are not in here
please mail them to m-codec@akmalida.com. And I will be sure to keep you
updated with the latest version of this toolkit. ContentsDisclaimerPreface?Chapter I - Unix commands you need to know?1A. Basic commands Getting back to your home directory getting into a user home directory easy how to see what directory you are in now How to get a complete manual for each command 1B. Telnet Unix file permissions Unix groups How to change permissions and groups 1C. Rlogin .rhosts How to setup a .rhost file to login without a password 1D. FTP Logging in to the site, but never out of the site. Using prompt, hash, and, bin Using get, put, mget, and, mput 1E. GCC (unix compiler) How to get the file to the hack box without uploading it How to copy files to your home directory easy How to compile .c programs How to name them what you want How to load programs in the background while you log off Looking at your process with ps Chapter II - Getting started (your first account)?2A. Cracking password files How to get hundreds of accounts with your first hacked account Why you only really need one password cracked on a system How to get the root password from the admin, on an non-exploit system Using A fake su program Doc's for the fake su program How to find the admin's How to read .bash_history Cracker Jack - A good password cracker How to use crackerjack Word Files What you will need to get started Hashing the word files * Hash file for use with cracker jack and your word list * Hash file for use with cracker jack and your passwd file 2B. Talking to newbe's How to find the newbe's How to get the newbe's passwords 2C. The hard way Using finger @ What could the password be? Getting more info from finger a small .c file to use if you get on Writing a small perl script to do the work for you. How to get a domain list of all domains from rs.internic.net A perl script to rip the domains & put them in a sorted readable list How to execute the perl script * 2D. Using mount to gain access to unix systems * What is nfs mount * What you need to get started * How to check a system to see if you can mount their drives * A script to scan for systems that are nfs mountable * How to mount the system * How to unmount the system * A Live Demo * Mounting the drive * Viewing the user directories * Editing the local machine's passwd file * How to put a .rhosts file in one on thier users directories * How to rlogin to the users account Chapter III - Getting password files?3A. PHF What is phf Using lynx or netscape to access phf Finding the user id the victims httpd (www) is running under How to see if you are root using phf How to cat the password file using phf Backing up the victims password file Changing a users password using phf Restoring the old passwords A .c file that will let you pipe commands to phf from your shell How to use the phf shell file Another way to use phf - text by quantum Quantum's bindwarez file A perl script that will try EVERY domain on the internet and log root access and snatch passwd files for you all day in the background. Doc's for the pearl script above Getting accounts from /var/?/messages A script to get the passwords for you if you can access /var/?/messages 3B. Newbe's Lammer's 3C. Getting shadow passwd files What is a shadow passwd Getting the shadow file without root access A .c file to cat any file without root access 3D. Getting /etc/hosts Why get /etc/hosts Chapter IV - Getting the root account?What to do if you can't get root on the system 4A. Bugs Intro 4B. Exploits The umount/mount exploit What are SUID perm's The umount .c file How to compile umount.c The lpr Linux exploit The lpr Linux .c exploit file The lpr BSD .c exploit file How to use lpr Watch the group owners with lpr Just use lpr for first root, then make a SUID shell How to make the SUID root shell for future root access (root root) The splitvt exploit The splitvt exploit .c program How to use the splitvt exploit program The sendmail 8.73 - 8.83 root exploit shell script How to use the sendmail exploit to get root access Chapter V - Making yourself invisible?Keeping access 5A. Zap2 (for wtmp/lastlog/utmp) Fingering the host before login How to login and stay safe How to configure Zap2 Finding the log file locations The zap.c file 5B. Other scripts The wted wtmp editor Command line usage for wted How to chmod the wtmp.tmp file How to copy the wtmp.tmp to the wtmp file Setting the path for the wtmp file in wted The wted.c file Cleaning the lastlog file using lled Command line options for lled How to use lled How to chmod the lastlog.tmp file How to copy the lastlog.tmp file to lastlog Setting the path for the lastlog file in lled The lled.c file * A good perl script for editing wtmp, utmp, and, checking processes Chapter VI - Cleaning the log files?6A. A walk around in a hacked system - let's login Logging on the system Watching for admin's Nested directories Having your root file ready Becoming invisible Greping the log directory Cleaning the logs Lets sniff the network Editing your linsniffer.c Looking at the processes running Compiling and naming your sniffer program Starting a sniff session Changing group file access Making a suid root shell trojan for uid=0 gid=0 every time Naming your trojan Touching the files date Checking the sniffer log file Setting the history files to null * Using unset for the history files 6B. messages and the syslog How to find the logs are by reading /etc/syslog.conf How to see if there are logs in hidden directories How to see if logs are being mailed to user accounts How to see if logs are going to another machine * How to edit syslog.conf to hide logins * Restarting syslogd How to see if there is a secret su log by reading /etc/login.defs 6C. The xferlog How to edit the xferlog How to grep and edit the www logs How to look for ftp logs * Other ways to edit text logs * Using grep -v * A script to rip text lines from these logs * Restarting syslogd 6D. The crontabs How to find and read the root or admin's cron How to see if MD5 is setup on the machine What is MD5 Chapter VII - Keeping access to the machine?7A. Tricks of the trade When the system admin has found you out What to expect from the admin History files Nested directories Placing trojans Hidden directories Making new commands (trojans) Adding or changing passwd file entry's Setting some admin accounts with null passwords The best way to add an account Editing a null account so you can login Installing more games or exploitable programs How to know your admin's Reading system mail (with out updating pointers) What to look for in the mail directories A program to read mail without updating pointers 7B. Root kits and trojans What are root kits What are Demon kits What do trojans do Appendix I - Things to do after access?The a-z checklist Appendix II - Hacking / Security WWW / ftp sites?All available sites Appendix III - More exploits for root or other access?A3-01. Vixie crontab buffer overflow for RedHat Linux A3-02. Root dip exploit A3-03. ldt - text by quantumg A3-04. suid perl - text by quantumg A3-05. Abuse Sendmail 8.6.9 A3-06. ttysurf - grab someone's tty A3-07. shadow.c - Get shadow passwd files A3-08. Abuse Root Exploit (linux game program) A3-09. Doom (game) root exploit - makes suid root shell A3-10. dosmenu suid root exploit A3-11. Doom root killmouse exploit A3-12. Root exploit for resize icons A3-13. Root console exploit for restorefont A3-14. Root rxvt X server exploit A3-15. Root wuftpd exploit A3-16. A shell script called gimme, used to read any system file Appendix IV - Other UNIX system utilities?A4-01. Cloak v1.0 Wipes your presence on SCO, BSD, Ultrix, and HP/UX UNIX A4-02. invisible.c Makes you invisible, and works on some SunOS without root A4-03. SySV Program that makes you invisible A4-04. UNIX Port scanner A4-05. Remove wtmp entries by tty number or username A4-06. SunOS wtmp editor A4-07. SunOS 4+ Zap your self from wtmp, utmp and lastlog Appendix V - Other Unix Exploits?A5-01. HP-UX Root vhe_u_mnt exploit A5-02. IRIX Root mail exploit A5-03. Root cron grabber - Crontab exploit for OSF/1, AIX 3.2.5, Digital UNIX A5-04. IRIX mail exploit to make you any user on the machine - BUT NOT root A5-05. BSD - crontab root exploit Appendix VI - UUENCODED FILES?1. Quantum's Bindwarez binary file for PHF 2. Demon Root Kit - Includes: Banish, DemonPing, DemonSu, DemonTelnet 3. Linux Root Kit - Includes: Login, Netstat, and, PS 4. The Fake SU Program |