Kevin Mitnick (Phoenix) the best hacker.
| How to Hack |
|
This article has been created for give to know the
possibilities that it is any hacker can change any web never for that an
person use it for violate the intimacy the other person(Hacking).
Sorgo doesn't become responsible for the undue use of this document, if
you not these according, closes this article and erases any copy that you
have in the HD(Hard Disk).
Is probable that don't work anything of what we say here, but it will guide you and you will understand better as work the hackeds. The level of this document is basic and helped you to begin to make something "useful". |
| Two different webs. |
|
Is very important see the differences of two webs
types, the first is the personal web that can be modified by the user by
means of the key that has given their server that gives service web(terra,yahoo,xoom.....),
the second is the web the of server that to modify is needed to be and
aministrator or root (users with big privileges).
Is different get the password the an normal user
or the aministrator the an server.Yes we need the password and login for
modify the web, is the main objective of our mission.
We will begin with the password of normal users,
these passwords is characterized to the simple and easy that are of remembering
, if your know the users of the web you can prove some common words for
example (birth date, the name of their dog, woman,children......) be not
too much time proving only what your patience admits and if you have access
to machine see any word that seem to a password, in a lager part of companies
the great security the password this under the keyboard.
Is possible get the password using “social engineering”
talk with the user, attempts that tells you the password (put imagination
to the conversation). Also you have attempts infiltrate him a troyano type
BO or NETBUS for take out him the file password, you will have that invent
a history for that allow use those troyanos.
If we get the password file of the server is the
moment the get an user and to use the “John the Ripper” (the john the ripper
is one of the programs the cracking the password file for unix,linux,....
good known.
The problem will be to get the password file, thatwe will explain next. Get the password file of the administratoris not easy using an exploit (program that use an BUG or hole in the Operate Sistem). The first that you can prove is get the password file using FTP and when it has not result it is the moment to use the PHF, Write this line in the navegator: http://www.host.com/cgi-bin/phf?Qalias=%0a/bin/cat%20/etc/passwd Change host.com for the name of the server. If this result we will have the password file in our monitor but in the majority of the serves it is repaired. If you see and (*) or (x) behind of the (root:)then it means that the file is shadow means that you need another filethe SHADOW that you can get changing in the end of the line ofPHF the word (passwd) for (shadow), the PHF is valid for any file, only limited for you imagination. Another option the get password file is have a user count in the server and use telnet, would be a miracle can use (cat) or (more) and edit the password file and the shadow. See the version of the server, ftp, apache........ and find esploits in internet, some esploits will be necessary compile in the server another only have that write any command. For compile exploits use (gcc or the SO of the server) and when they are compiled run the exploit, in all the server is not possible compile. Only use this document in your servers. mmmmmm......i don´t remember if that server
of the Africa or Chine is my. Is important?
Select to connect other users count and jump the
any server to other server before entering in the final destination also
can use a zapper for eraser the rake of the servers, the zapper they are
used the same as the exploits.
|
| Webs on search news, exploits, programs, etc........
http://www.rootshell.com/
Good luck. by Dalamar
|