What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Shell Programming: an Exploit Explained, continued...


        Next let's use this ability to explore to do some more preparatory work for your big day when you begin running C exploit programs. That exploit by Leshka is unusually easy because it is a simple shell script.  Most exploit programs must be run as compiled C programs, and most of these, to save disk space, rely on calling lots of library functions.  So you need to find what kinds of library programs are on your computer.  If any of the functions called by your latest exploit program are missing, you need to find them and get them compiled where you can access them from your account.  (If the tech support staff at your ISP is convinced you are a good guy, they might even let you store your library functions in a public part of the system.  This keeps you from having to pay for extra file space in your account.)


Newbie note: A "library function" is not a party held in a library.  It is a program that performs a commonly used task. Most C programs that exploit security flaws to gain access to a computer include many library functions. You need to get all the library functions of an exploit available to you on your computer in order for it to work.  Math obsessives and Fortran users please note that many C functions are not a "function" as you are used to it being defined.


        To see what library functions are on the computer you are using, first give the command:

ls /usr/local/lib
If you are lucky you will see something like this:
aliaas.csh*    libcom_err.a   libmmalloc.a    path.csh*
alias.csh*     libcrypto.a    libopcodes.a    perl/
bison.hairy    libdb.a        libpty.a        perl5/
bison.simple   libdes425.a    libreadline.a   pgp/


        Anything with an asterisk after it is executable (you are using tcsh shell, aren't you?)  If it ends with the extension ".a", that means it is a C library function.

        Where else might we find programs that can be included in programs you wish to run?  Let's try:


        There are other places where you might find good programs that are more than just C library functions.  Of course you will try "whereis games"! Here are some other examples of directories with programs and library functions  you may be able to run:

->ls /usr/bin

c++rt0.o                libftpio_p.a            libopie.a
compat                  libg++.a                libopie.so.2.0
crt0.o                  libg++.so.4.0           libopie_p.a
gcrt0.o                 libg++_p.a              libpcap.a
kzhead.o                libgcc.a              libpcap.so.2.2    

        Anything with the extension "o" is an object module compiled from a C program.   Also, try /usr/local/bin:

Pnews*                         pager*
Rnmail*                        patch*
WebReport*                     patch-metamail*
a2p*                           perl*

        You can go on and on like this hunting for interesting stuff.  If you know the name of the program you are looking for, you can use the "whereis" (and in some shells, "find").  Otherwise, try searching directories for stuff you are allowed to run. The commands "cd .." and "cd /" are great for moving upward into unknown directory space, and "ls" for moving down.  Whenever you wonder where you are, give the command "pwd".


        Today's exercises will help you:

* get familiar with the computer where you have a shell account

* show you how easy programming can be

* reveal that breaking into computers is something even a little kid could do

        To become a truly elite hacker, you need to be able to do far more than merely break into computers.  In fact, the hacker gods (people like Eric Raymond, who is profiled in one of our Guides to (mostly) Harmless Hacking) laugh at people who say they are hackers just because they can break into computers.  Remember, no one needs to understand Leshka's exploit to use it. After doing today's lessons, you are already more advanced than many of the "hackers" who break into computers. This is because you understand some basics of how Leshka's shell script works, and have even written your own login shell script.

        So now you are already ahead of the average guy who calls himself a "hacker."  You don't believe me?  At last year's Def Con V convention, a real hacker ran a poll of people who claimed to be hackers.  Over half had never even heard of the "cat" command.  You not only have heard of it -- you use it all the time now.  Right?

        Happy hacking!


Where are those back issues of GTMHHs and Happy Hacker Digests? Check out the official Happy Hacker Web page at http://www.happyhacker.org. We are against computer crime. We support good, old-fashioned hacking of the kind that led to the creation of the Internet and a new era of freedom of information. So don't email us about any crimes you have committed!

© 1998 Carolyn P. Meinel <">> and BOFH. You may forward, print out or post this GUIDE TO (mostly) HARMLESS HACKING on yourWeb site as long as you leave this notice at the end.

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group


Return to the index of Guides to (mostly) Harmless Hacking!

 © 2013 Happy Hacker All rights reserved.