What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

     


More How to Explore the Insides of Internet Computers -- from your Browser!


Figure 17:  We guessed that the file /etc/group exists and voila!  It turns up on our browser. 

As you can see, guessing worked! From the above very short group file we can guess it uses NIS authentication.  Under this system, many computers share the same password authentication system on a central computer.  Then only user names required to run programs on that computer will be in the password file.  We confirm this when we look at the passwd file and only find five entries.

Oh, yes, the same thing will work for guessing /etc/passwd and many other file names.

How to Break into Computers Using Only your Web Browser

You may have have already read about the PHF exploit. Just in case you are the one hacker in a million who hasn't already read about this, here's how most people try the PHF attack.  In the location window of your browser, simply insert the command

http://victim.computer.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

You can get punched in the nose warning:  While it isn't illegal to run this command, many webservers automatically email a complaint about you to your online service.  Oh, yes, they can tell who you are really easily.  Many online services will automatically terminate your account if they catch you running the PHF exploit.

Usually you will only get a response that looks like Figure 18:

Figure 18: The usual result of trying the PHF exploit. Sometimes insults and threats will appear instead. Webmasters hate people who try the PHF exploit.

Use of this command is proof of idiocy. One day, looking over the logs of attacks on the Happy Hacker web server, I was appalled to see that almost every PHF attack used the above line of code. 

If this attack had worked, these pitiful excuses for hackers would have gotten nothing of much value.  Our password file is shadowed, and in any case the passwords were all way too brutal to be extracted by any cracking program.  

The real power of the PHF attack is that if it works, you already have root control over the victim computer -- through your web browser. So why bother cracking the password file?  For example, if we were lame enough to run a webserver vulnerable to PHF attack, you could give the command: 

http://<happyhacker.org>/cgi-bin/phf?Qalias=x%0a/bin/rm%20<document root>index.html

If it works, this would erase the main web page of whatever web site was hosted at that particular document root. Or the command could have been echo%20”You got hacked, luser!”><document root>index.html.  (Note that %20 represents a space in the command string.)  This would add the phrase "You got hacked, luser!" to the victim web site.

There are many other ways to break into computers using your web browser.  However, the basic rule I (Carolyn Meinel) use at this web site is to not publish anything that could lead a little kid into doing millions of dollars worth of damage.  So I've saved all the details of how to write and run programs on other people's webservers through a web browser for the book Uberhacker: How to Break into Computers.  It is under production at Loompanics Unlimited and will be available in July 2000. My theory is that it is much easier to exercise parental supervision over the books kids read. The books cost more money than most little kids have. Besides, if a parent sees a kid reading a book subtitled "How to Break into Computers," they have got to get a clue that their kid is in severe need of supervision.

In the meantime, have fun amazing your friends and bumfuzzling your enemies doing the legal, harmless things of this Guide!


Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

     
  © 2001 Happy Hacker All rights reserved.