Results 1 to 10 of 10

Thread: wargames tutorial..

  1. #1
    Junior Member
    Join Date
    Mar 2003

    wargames tutorial..

    doese anyone know a good site about wargames tutorial?
    pls, me.
    i need to know what are the commands to be used to.

  2. #2
    Junior Member
    Join Date
    Jan 2003
    I have no friends nor enemies,ONLY COMPETITORS

  3. #3
    It's a gas!
    Join Date
    Jul 2002
    A wargame is basically a box set up as a server for people to break into.
    Most of these boxes run some flavour of *nix.
    This OS is setup with various vulnerabilities that can be exposed so that the 'player' can escalate his/her privileges until they complete the 'game'.
    You basically start of at the lowest level with a guest account, from there you search for vulnerabilities using the appropriate commands, and once this vulnerability has been found then you must make use of it to gain access to the next level, and so on.

    I would really recommend learning how to use *nix, as these are the commands that you will need in order to progress through the 'game'.

    There are afew tutorials here on AO that focus on *nix commands, so either have a look at them or buy yourself a good book on *nix.

    It would also help if you had a flavour of *nix installed so you could mess with it yourself.

    BTW, wrong forum for the question.

    Hope this helped a little


  4. #4
    Like r3b00+ said most wargames are based on *nix servers so learning nix is inevitable.
    If you have familiarized yourself with *nix you could start by scanning the box for open ports using nmap or something like that.
    Try using proxy servers also.

    With the open ports you can start your quest in comprimizing the server. Look for appropriate exploits.

  5. #5
    Join Date
    Jul 2002
    Checkout: telnet://drill.hackerslab.org and go to the hackerslab.org site for little tips and stuff...

    If your tottaly clueless and is running a box like winXP then go into command promt, type telnet, type the letter o, C&P this IP and port# into DOS --> 25 (understand now?)

    I don't have time to spoon feed you info but fortunetly that lady from happy hacker does... so checkout happyhacker.org for instructions on how to press buttons, point, and click. There is also some more games and things on the site...

  6. #6
    Junior Member
    Join Date
    Mar 2003
    i have an account thier, but still in on level0. how could i go to the next level.
    what should i do?

  7. #7
    It's a gas!
    Join Date
    Jul 2002
    You need to escalate your privileges from level0 to level1.
    So in order to do this you need to look for a file that was created with level1 privileges and exploit that!

    Im not going to give you the command(s), that you need to find out for yourself!

    As i mentioned in my other post, read up on the *nix console commands.

    Hint: You need to find these files

  8. #8
    Join Date
    Apr 2003

    Question Hints

    Learn what to do, and don't do anything too nasty!

  9. #9
    Junior Member
    Join Date
    Apr 2003


    1) Disclaimer
    2) Finding your wargame
    3) Connecting to your wargame
    4) Basic Linux/Unix commands
    5) *nix files

    Section 1: Disclaimer.
    Wargames are legal no need for a disclaimer. :-)

    Section 2: Finding your wargame.
    Almost all hacker cons have a r00t-war that you can try. If you can't go to a hacker
    con, or want to hack more then 1 time a year then try one of these: : guest/guest (from pulltheplug.com) : guest/guest (from pulltheplug.com) : guest/guest (from pulltheplug.com)
    drill.hackerslab.org : level0/guest (go to hackerslab.org to get tips)

    Section 3: Connecting to your wargame.
    click 'start'>'run'>type 'telnet'
    Win 95-me - click the connect button at the top of the screen.
    Win 2K(maybe xp/nt) - type 'open' then enter the IP and port like '', you can
    just enter the IP number to connect to the telnet port(for most wargames).

    Section 4: Basic Linux/Unix commands.
    Here are a few basic commands for *nix.

    ls -This command lists the files and subdirectories in a directory. If you
    simply type "ls", it will display the files in your current directory.
    You can also specify the pathname of another directory, and it will
    display the files in it. It will not display hidden files (files whose
    name begins with a period).

    a -This option will display all files, including hidden files.
    l -This will show who can run what files...

    $ ls -a
    . .. junk source

    man -This is one of the most important commands I can think of, it is the
    manual command. It is used to that you can find info on other commands
    and even some of files.

    $ man man
    man - format and display the on-line manual pages
    man path - determine user's search path for man pages

    man formats adn displays the on-line manual pages. If you
    specify section, man only looks in that section of the
    manual. name is normally the name of the manual page,
    which is typically the name of a command, function, or
    file. HOwever, if name contains a slash (/) then man
    interprets it as a file specification, so that you can do
    man ./foo.5 or even man /cd/foo/bar.1.gz.

    cd -This is the command used to move from one directory to another. To go
    to a directory directly below your current directory, type "cd
    <dirname>". To move up to the directory directly above your current
    directory, type "cd .." You can also jump to any directory in the
    system from any other directory in the system by specifying the path-
    name of the directory you wish to go to, such as "cd /usr/source".

    $cd /usr/source

    pwd -This prints out the pathname of the directory you are currently in.
    Useful if you forget where you're at in the system tree.


    cat -Displays the contents of a text file on the screen. The correct syntax
    is "cat <filename>". You can use base-names or pathnames.

    $cat memo
    Remember to feed the cat!

    rm -This deletes a file. Syntax: "rm <filename>".

    $rm junk

    cp -Copies a file. Syntax: "cp file1 file2", where file1 is the file you
    wish to copy, and file2 is the name of the copy you wish to create. If
    file2 already exists, it will be overwritten. You may specify pathnames
    for one or both arguments.

    $cp /usr/junk /usr/junk.backup

    stty -Displays/sets your terminal characteristics. To display the current
    settings, type "stty". To change a setting, specify one of the options
    listed below.

    echo -System echoes back your input.
    noecho -System doesn't echo your input.
    intr 'arg' -Sets the break character. The format is '^c' for control-c,
    etc. '' means no break character.
    erase 'arg' -Sets the backspace character. Format is '^h' for control-h,
    etc. '' means no backspace character.
    kill 'arg' -Sets the kill character (which means to ignore the last line
    you typed). Format is the same as for intr and erase,
    '^[character]', with '' meaning no kill character.

    $stty intr '^c' erase '^h'
    stty -echo intr '^c' erase '^h' kill '^x'

    lpr -This command prints out a file on the Unix system's printer, for you
    to drop by and pick up (if you dare!) The format is "lpr <filename>".

    $lp junk

    ed -This is a text file line editor. The format is "edit <filename>". The
    file you wish to modify is not modified directly by the editor; it is
    loaded into a buffer instead, and the changes are only made when you
    issue a write command. If the file you are editing does not already
    exist, it will be created as soon as issue the first write command.
    When you first issue the edit command, you will be placed at the
    command prompt, ":" Here is where you issue the various commands. Here
    is list of some of the basic editor commands.
    # -This is any number, such as 1, 2, etc. This will move you down
    to that line of the file and display it.
    d -This deletes the line you are currently at. You will then be
    moved to the previous line, which will be displayed.
    a -Begin adding lines to the file, just after the line that you
    are currently on. This command will put you in the text input
    mode. Simply type in the text you wish to add. To return to the
    command mode, type return to get to an empty line, and press
    the break key (which is whatever character you have set as your
    break key). It is important to set the break character with
    stty before you use the editor!
    / -Searches for a pattern in the file. For example, "/junk" would
    search the file from your current line down for the first line
    which contains the string "junk", and will move you to that
    line if it finds one.
    i -Insert. Works similar to a, except that the text is inserted
    before the line you are currently on.
    p -Prints out a line or lines in the buffer. "p" by itself will
    display your current line. "#p" will display the line "#".
    You may also specify a range of lines, such as "1,3p" which
    will display lines 1-3. "1,$p" will print out the entire file.
    w -Write the changes in the buffer to the file.
    q -Quit the editor.

    $edit myfile
    Editing "myfile" [new file]
    0 lines, 0 characters
    I am adding stupid text to myfile.
    This is a test.
    ^c [this is assumed as a default break character in this example]
    I am adding stupid text to myfile.
    This is a test.
    This is a test.
    I am adding stupid text to myfile.

    grep -this command searches for strings of text in text files. The format is
    grep [string] [file]. It will print out every line in the file that
    contains the string you specified.

    v -Invert. This will print out every line that DOESN'T contain
    the string you specified.

    $ grep you letter
    your momma!
    I think you're going to get caught.

    who -This will show the users currently logged onto the system.

    $ who
    root console Mar 10 01:00
    uucp contty Mar 30 13:00
    bill tty03 Mar 30 12:15

    Now, to explain the above output: the first field is the username of
    the account. The second field shows which terminal the account is on.
    Console is, always, the system console itself. On many systems where
    there is only one dialup line, the terminal for that line is usually
    called contty. the tty## terminals can usually be either dialups or
    local terminals. The last fields show the date and time that the user
    logged on. In the example above, let's assume that the current time and
    date is March 30, and the time is 1:00. Notice that the time is in 24
    hour format. Now, notice that the root (super-user) account logged in on
    March 10! Some systems leave the root account logged in all the time on
    the console. So, if this is done on a system you are using, how can you
    tell if the system operator is really online or not? Use the ps
    command, explained next.

    ps -This command displays information about system processes.

    u -this displays information on a specific user's processes. For
    instance, to display the root account's processes:
    $ ps -uroot
    1234 console 01:00 sh
    1675 ? 00:00 cron
    1687 console 13:00 who
    1780 tty09 12:03 sh
    Now, to explain that: The first field is the process number.
    Each and every time you start a process, running a program,
    issuing a command, etc., that process is assigned a unique
    number. The second is which terminal the process is being run
    on. The third field is when the process was started. The last
    field is the base name of the program or command being run.
    A user's lowest process number is his login (shell) process.
    Note that the lowest process in the above example is 1234.
    This process is being run on the console tty, which means the
    super-user is logged on at the system console. Note the ? as the
    tty in the next entry, for the cron process. You can ignore any
    processes with a question mark as the terminal. These processes
    are not being carried out by a user; they are being carried
    out by the system under that user's id. Next, note the entry
    for process # 1687, on the console terminal, "who". this means
    that the super-user is executing the who command...which means
    he is currently actively on-line. The next entry is interesting...
    it shows that the root user has a shell process on the
    terminal tty09! This means that someone else is logged in
    under the root account, on tty09. If more than one person is
    using an account, this option will display information for all
    of them, unless you specify the next option...
    t -This allows you to select processes run on a specific terminal.
    For example:

    $ps -t console

    will show all the processes currently being run on the console.

    Remember, options can usually be combined. This will show all
    the root user's processes being run on the system console:

    $ ps -uroot -tconsole
    1234 console 01:00 sh
    1687 console 13:00 who

    kill -Kills processes. Syntax: kill [-#] process#. You must know the process
    number to kill it. You can, optionally, specify an option of 1-9, to
    determine the power of the kill command. Certain kinds of processes,
    like shell processes, require more power to kill. Kill -9 will stop any
    process. You must have super-user capabilities to kill another user's
    processes (unless he's using your account).

    $kill -9 1234
    1234 killed.

    write -This command is for on-line real-time user to user communications. To
    communicate with a user, type "write <username>". If more than one
    person is logged in under that user name, you must specify a specific
    terminal you wish to speak to. When you do this, the person you wish
    to communicate with will see:
    Message from [your account name] tty## [<--your terminal]
    Now you can type messages, and they will be displayed on that person's
    terminal when you press return. When you are finished, press control-D
    to quit.

    $ write root
    **** you I'm a hacker! [This is not advised.]

    mail -The Unix mail facilities, used to send/receive mail. To send mail,
    type "mail <username>". Enter your message and press control-d to send.
    To read your mail, type "mail". Your first letter will be displayed,
    and then you will be given a "?" prompt.
    Here are the legal commands you give at this point:

    ## -Read message number ##.
    d -Delete last message read.
    + -Go to next message.
    - -Move back one message.
    m -Send mail to user.
    s -Save last message read. You can specify the name of the file
    to which it is saved, or it will be saved to the default file,
    w -Same as s, but will save the message without the mail file
    x -Exit without deleting messages that have been read.
    q -Exit, deleting messages that have been read.
    p -Print last message read again.
    ? -Lists these commands.

    To send mail:

    $ mail root
    Hi bill! This is a nice system.

    To read mail:

    $ mail
    From john Thu Mar 13 02:00:00 2001
    Hi bill! This is a nice system.
    ? d
    Message deleted.

    crypt -This is the Unix file encryption utility. Type "crypt". You will then
    be prompted to enter the password. You then enter the text. Each line
    is encrypted when you press return, and the encrypted form is displayed
    on the screen. So, to encrypt a file, you must use I/O redirection.
    Type "crypt [password] < [file1] > [file2]". This will encrypt the con-
    tents of file1 and place the encrypted output in file2. If file 2 does
    not exist, it will be created.

    passwd -This is the command used to change the password of an account. The
    format is "passwd <account>". You must have super-user capabilities to
    change the password for any account other than the one you are logged
    in under. To change the password of the account you are currently
    using, simply type "passwd". You will then be prompted to enter the
    current password. Next, you will be asked to enter the new password.
    Then you will be asked to verify the new password. If you verify the
    old password correctly, the password change will be complete. (Note:
    some systems use a security feature which forces you to use at least
    2 non-alphanumeric characters in the password. If this is the case with
    the system you are on, you will be informed so if you try to enter a
    new password that does not contain at least 2 non-alphanumeric characters.)

    su -This command is used to temporarily assume the id of another account.
    the format is "su <account>". If you don't specify an account, the
    default root is assumed. If the account has no password, you will then
    assume that account's identity. If it does have a password, you will
    be prompted to enter it. Beware of hacking passwords like this, as the
    system keeps a log of all attempted uses, both successful and un-
    successful, and which account you attempted to access.

    mkdir -This command creates a directory. the format is "mkdir <dirname>".

    rmdir -This command deletes a directory. The directory must be empty first.
    The format is "rmdir <dirname>".

    mv -Renames a file. The syntax is "mv [oldname] [newname]". You can use
    full pathnames, but the new name must have the same pathname as the
    old name, except for the filename itself.

    5: *nix files.

    Here is a list and purposes of some files that are found on
    all systems.

    /etc/passwd -This is the password file, and is THE single most important file on the system. This file is where information on the system's accounts are stored. Each entry has 7 fields:

    usernameassword:user#:group#:description:home dir:shell
    The first field, naturally, is the account's username. The second field is the account's password (in an encrypted form).
    If this field is blank, the account doesn't have a password.
    The next field is the account's user number. The fourth field is the account's group number. The fifth field is for a description of the account. This field is used only in the password file, and is often just left blank, as it has no significance. The sixth field is the pathname of the account's home directory, and the last field is the pathname of the account's shell program. Sometimes you may see an account witha program besides the standard shell programs (sh, csh, etc.) as its shell program. These are "command logins". These accounts execute these programs when logging in. For example, the "who" command login would have the /bin/who program as its shell.

    Here is a typical-looking entry:

    This entry is for the root account. Notice that the encrypted form of the password is 13 characters, yet the Unix passwords are only 11 characters maximum. The last 2 characters are what is called a "salt string", and are used in the encryption process, which will be explained in more detail later. Now, notice the user number, which is zero. Any account with a user number of 0 has super-user capabilities. The group number is 1. The account description is "super-user". The account's home directory is the root directory, or "/". The account's shell isthe bourne shell (sh), which is kept in the directory /bin.

    Sometimes you may see an entry in the password field like this:

    Notice the period after the 13th character, followed by 2 digits and 2 letters. If an account has an entry like this, the account has a fixed expiration date on its password. The first digit, in this case 2, shows the maximum number of weeks that the account can keep the same password. The second digit shows how many weeks must pass before the account can change its password. (This is to prevent users from using the same old password constantly by changing the password when forced to and then changing it back immediately.) The last 2 characters are an encrypted form of when the password was last changed.

    Other unusual password field entries you might encounter are:

    The first entry means that the account has no password. The second entry means that the account has no password yet, but has a fixed expiration date that will begin as soon as a pass-word is given to it.

    Now, for an explanation of how the Unix system encrypts the passwords. The first thing any hacker thinks of is trying decrypt the password file. This is as close to impossible as anything gets in this world. I've often heard other "hackers" brag about doing this...this is the biggest lie since Moses said "I did it". The encryption scheme is a variation on the DES (Data Encryption Standard). When you enter the command passwd (to change the password), the system will form a 2 character "salt string" based on the process number of the password command you just issued. This 2-character string produces a slight change in the way the password is encrypted.

    There are a total of 4096 different variations on the encryption scheme caused by different salt string characters. This is NOT the same encryption scheme used by the crypt utility. The password is NEVER decrypted on the system. When you log on, the password you enter at the password prompt is encrypted (the salt string is taken from the password file) and compared to the encrypted entry in the password file. The system generates its own key, and as of yet, I have not discovered any way to get the key. The login program does not encrypt the password you enter itself, it does so, I believe, by a system call.

    /etc/group -This is the group file. This allows the super-user to give certain accounts group access to groups other than their own.

    Entries are in the format:
    group nameassword:group number:users in this group

    The first field is the name of the group. The second is thefield for the group password. In all my experience with Unix, I have never seen the password feature used. The third is the group's number. The fourth field is a list of the users who group access to this group. (Note: this can include users whose group number is different from the number of the group whose entry you are reading in the group file.) The usernames are separated by commas. Here's an example:

    To change to a new group identity, type "newgrp [group]". Ifthe group has a password, you must enter the proper password. You cannot change to another group if you are not listed as amember of that group in the group file.

    /dev/console -This is the device file for the system console, or the system's main terminal.
    /dev/tty## -The device files for the system's terminals are usually in the form tty##, such as tty09, and sometimes ttyaa,ttyab, etc.

    Some ways to make use of the Unix system's treatment of devices as files will be explored in the section on Hacking Unix. When these files are not in use by a user (in other words, no one's logged onto this terminal), the file is owned by root. While a user is logged onto a terminal, however, ownership of its device file is temporarily transferred to that account.

    /dev/dk## -These are the device files for the system's disks.

    login files -There are special files that are in a user's home directory that contain commands that are executed when the user logs in. The name of the file depends on what shell the user is using.

    Here are the names of the files for the various shells:
    Shell File

    ----- ----

    sh .profile

    csh .cshrc

    ksh .login

    rsh .profile

    Some systems also use a file called ".logout" that contains commands which are executed upon logoff. These types of files are called shell scripts, and will will be explained in the section on Unix Software Development's explanation of shell programming.

    /usr/adm/sulog -This is a log of all attempted uses of the su utility. It shows when the attempt was made, what account made it, and which account the user attempted to assume, and whether or not the attempt was successful.



    /usr/adm/acct/sum/loginlog- This is a log of all logins to the system. Thisonly includes the time and the account's username.

    mbox -These are files in the home directories of the system's users, that contain all the mail messages that they have saved.

    /usr/mail/<user> -These files in the directory /usr/mail are named aftersystem accounts. They contain all the unread mail forthe account they are named after.

    /dev/null -This is the null device file. Anything written to this file isjust lost forever. Any attempt to read this file will result in an immediate control-D (end of file) character.

    /tmp -The directory /tmp provides storage space for temporary files createdby programs and other processes. This directory will always have rwxrwxrwx permissions. Examining these files occasionally reveals some interesting information, and if you know what program generates them and the format of the information in the file, you could easily change the info in the files, thereby changing the outcome of the program.

    By the way i take no credit for the tutorial because i didn't write it!

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    For those interested that tutorial came from http://codestorm.free2host.net/Libra...ty/wargame.txt . There may be more fun stuff found at the site.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts