Copy Link
Add to Bookmark
Report

Ubiquitous Issue 1 File 5: Simple Shit on Unix - By Joe Lunchbucket

eZine's profile picture
Published in 
Ubiquitous
 · 2 years ago

Simple Shit on Unix - By Joe Lunchbucket:

Unix is a pretty standard operating system. You can find a unix implementation for just about any platform, ranging from your basic IBM PC, to a state of the art SUN Workstation. These different systems have little in common, except for the operating system they use: Unix.

In general, unix systems are all the same. The same set of basic commands, the same software, and the same routine for hacking them. The following is a short list of some of the most basic and obvious flaws/openings in unix. Not all of them will work on your system - maybe most of them won't. The main thing is that some of them _will_.

ECHO

The echo command is usefull for sending messages. When a user is logged in, he is assigned a device for screen output - usually referred to as a tty. These devices are located in the /dev directory, and are often left writable to the general public. Pick out an unsuspecting user (preferably someone you can keep an eye on), find out what tty they are on (through finger or ps), and type the following:

~.> echo "Big Brother is Watching You." > /dev/ttyxx


Where ttyxx is the tty they are on. If it works, you wont see anything at all. What they will see is the message "Big Brother is Watching You." on their screen regardless of what they are doing.

If this works, the next one may be more interesting...

CAT

Cat is the basic command to send a phile to the screen. Cat can be used just like echo, only instead of sending one line, it send a whole phile! Create a test phile by typing something like this:

~.> cat - > temp.txt


Message from root@mysystem (Root Operator) at 12:34pm:

Your account is about to be suspended - please log out immediately or
face criminal prosecution
^D

The control-D finishes of the phile. Then just send the phile to some dumn fuck victim like so:

~.> cat temp.txt > /dev/ttyxx


They will see the message, shit 'emselves and if they are nice little people, log out. :-) See my point? You could just as easily start a war between two lusers by doing something like:

~.> cat - > /dev/ttya1


Message from joe@mysystem (Joe Lunchbucket) at 12:34pm:

Hey! Fuck you! I just fucked you mother! I hear you are a fucking wimp, so
why don't you come over here and prove it, you chickenshit bastard!
^D

With a bit of luck, the guy on ttya1 will go over and beat the living shit out of Joe. (Note: Works best if you pick a little nerd for Joe, and a big dude for the recipient...)

UTMP

The phile /etc/utmp is a wonderful phile. This is the place that the system keeps track of who is logged in, where they are on from, etc... If you were to perhaps change the contents, you could do lots of interesting things.

Usually, this phile is set so that only root can write to it, but if it isn't a simple C program will assist you in altering your login. You can even do such things as change what finger sees you as to, for example root. Then, send a write message to somebody, and they will think you are root! Simple as that, really. The best message to send is when you pick out someone you don't like, set yourself up as them, then do this:

~.> write root 
Fuck you - I am a hacker!
^D


Root isn't well known for his sense of humor in such matters... The program itself is pretty easy, but won't be included in this article for the sake of space. Suffice to say, if you have read/write privs to the /etc/utmp phile, you can do this sort of thing.

Eg: If the protection bits (the left hand column from ls -al) look like:

-rw-rw-rw- root root 1 1179 utmp


Then you have read/write privs.

Anyway, there are heaps more but I am tired, so bad luck. Maybe more next time. Till then, enjoy, and remember: Information wants to be free, so long as AARNET can charge us for it!

-- Joe Lunchbucket
email: private@not.fucking.likely


(You didn't really expect an email address did you?)

- End of File -

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT