Newbie Questions Answered 7, 8, 9

[Zato]

The popular newbie hack faq that was being posted by Uralooney(originally written by Wang) has 3 more additions. Faq's 1-9 can be found here: http://www.mod-x.co.uk/wangproducts/faqs.html

[scriptkiddie18]

hmmm well lemme think how can i put this....o its easy
This is A....S-E-C-U-R-I-T-Y S-I-T-E = Antionline.com got it lol

[MemorY]

Script Kiddie how about you read some of those first and then reply. This is what they are.

These texts are an ever expanding collection of security knowledge. Most security texts you read today will explain how to remain secure - but most do not explain why or what you are actually doing. The faqs written here explain in great detail the most common questions asked about computers and security today.

I think they are about secuirt and answering basic secuirt knowledge.

[instronics]

LMAO, i was just reading through that first volume....... this is a joke right????

How can I crack Unix account passwords?

Well, the best bet is to try to get an account on the system (like your free shell account!) or try to log in as a visitor or a guest. You can then get the password file, which is stored in standard Unix systems as:
/etc/passwd.

Each line in a passwd file is a different account, here is what a line will mean:

useridassword:userid#:groupid#:GECOS field:home dir:shell

Each section of the line is seperated by a ":", here are the sections:

userid = the userid name, entered at login and can be a name or a number.

password = the password is written here in encrypted form. The encryption is one way only. When a login occurs the password entered is run thru the encryption algorithm (along with a salt) and then contrasted to the version in the passwd file that exists for the login name entered. If they match, then the login is allowed. If not, the password is declared invalid.

userid# = a unique number assigned to each user, used for permissions

So, seems quite straight foward, get the passwd file, get the encrypted text in the password field, and then run it through a cracker (by the way, get a program called "CrackerJack" for this - or "John the Ripper")

Note: these 2 quotes were taken from the first volume.

Wow, so i guess i can just login into my shell provider, and type in

cat /etc/password > passwords

and then i can just crack the file

Hehe, looks like the author mixed up the password file with the shadow file about the cracking.

I wonder if this was written unpurposely like that, or if the guy who wrote it is for real......... oh well, in that case heres a lil goodie for you peeps:

andromeda:x:502:100:Guest User,Guest on System:/home/andromeda:/bin/sh

Have fun cracking the 'x'

[scriptkiddie18]

Breaking into password protected web sites,

How to hack web sites (a couple of CGI exploits)

taken from Volume 4

Well MemorY I really don't know what you think about when you hear the word security...but for me this is not what i think of

Script Kiddie how about you read some of those first and then reply. This is what they are.

BTW: How about you take a closer look first and then reply

[gore]

How about you shut up.

[instronics]

Well MemorY I really don't know what you think about when you hear the word security...but for me this is not what i think of

scriptkiddie18, how are you supposed to protect a system if you dont understand how an intrusion works or looks like? In order to secure a system you need to know its weakness....and in order to penetrate a system, you need to understand its security.

Any information regarding penetration is vital and important to fully understand, otherwise you cannot secure a system.......

I think the intensions of Zato was ok, he was trying to link us to a site that would explain how to penetrate a service. You mean if i post an exploit on here for an internet service, you will come up and tell me 'hey, this is a S-E-C-U-R-I-T-Y S-I-T-E = Antionline.com got it ???'

I suggest you lay low a bit and think about that. If you cant contribute to the subject, dont contribute at all!!

Zato... maybe check out what you link people too in future a bit, that information on that site is a joke, and is misleading for both sides, the attacker, aswell as the defender. I can imagine people now going around and changing the read permissions of /etc/passwd locking themselves out of their own systems..... It as a good laugh though for xmas day.... maybe those volumes can be posted into the humour section for more laughs.

Cheers everyone and merrrrryyyy xmaaaaaaaassss

[MemorY]

MerryChristmas inctronics, and thanks I was about to say that you need to understand how to attack to be able to defend.

[Zato]

Before any of you yell at me for posting this stuff, talk to the MOD's of this forumn cause they let the first 6 of the hack faq's be posted in the tutorials section here. I just thought since the other 3 werent posted then i would link it up. Uralooney actually didnt just link this site either, he posted the whole faqs here and not one person was upset about it. Understanding how to hack goes hand in hand in understanding security. How can you understand how to defend yourself without knowing what the enemy knows? Dont shy away from learning these things.

[Hexem2000]

I know the author of wang products and his hack faq's are very good espesially for the newbies to security, and as for you dissing him in a simple mistake, i think it's bullshit just shut up retards, anyway he accepts articles from other people contribution's and he probably doesn't have time to go over all them entirely and notice every mistake, if you really want to be useful with your stupid self chuck him an e-mail with the error doof instead of pin pointing simple mistakes.