What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group


Mar. 15, 1999
_______________________________________________________________________
See the Happy Hacker web site at http://www.happyhacker.org
URL of the day: http://www.internet2.edu/ - Internet2
_______________________________________________________________________

Editor's Comments
URLs
Nuggets of Info
Reader Questions
Reader Submissions
Password files and Shadowing
Shells
More UNIX Commands
Next Issue

***********************************************************************
      *** Editor's Comments
***********************************************************************

Wow, already at the fifth digest for me. Looking back at the first two, I
realize that I started out printing nearly everything I got, which wasn't
a great idea, since now many people think of me as their own personal
Linux troubleshooter and search engine. Many questions I get aren't really
related to security at all, so those I normally skip over, unless there's
a particularly interesting problem people have that's even remotely
related to security in UNIX. If you have a question that you need answers,
the major search engines, in no order of preference: lycos.com, yahoo.com,
altavista.com are major information sources. Interested in finding out
where man pages are on the web? Typing that into a major search engine
turned up 2 full categories of sites to look at. So, if you've done your
homework, I'll know it, and your question will be more precise. There's no
need to tell me that you've read all the HOWTOs and whatnot. I'm going to
assume that from now on :)

Now, on a happier note, I'd like to thank all of you for the wonderful
submissions I've been getting. I really love to open up my mailbox in the
morning and see your questions and solutions. I wish I had more time to
crank out more digests, as I have probably 60 unreviewed messages in my
box at any one time. Keep them coming! Feel free to contribute stories and
experiences related to happy hacking topics...I'll almost definitely post
those if they're good. Thanks again...it's your submissions that keep this
all going!

***********************************************************************
      *** URLs
***********************************************************************

Lucent's Inferno OS (Ok, not exactly UNIX)
http://www.lucent-inferno.com/

Unix System Administration Independent Learning
http://www.uwsg.indiana.edu/usail/

Locating Your Computer's Hardware Address
http://cne.gsfc.nasa.gov/support/desktop/hwaddr/

Dynamic IP address woes?
http://www.ez-ip.net/
http://www.dhs.org/

***********************************************************************
      *** Nuggets of Info
***********************************************************************

1) For a particular type of ethernet card to work under Linux, you must
   recompile your kernel to support it.

2) Want to mount a floppy drive or CDROM? Try "man mount"

3) Oi. It's FreeBSD, not FreeBSB.

4) There are plenty of newsgroup providers out there. Many even offer a
   free trial period.

5) Sanity is overrated.

6) I will not break into systems for you (unless they're yours and you're
   paying me)

7) Linux is free for downloading on the net. You don't _have_ to go buy a
   Red Hat Linux package at Best Buy. You could spend 10 dollars, for
   example, buying Debian on 3/4 CDs from www.lsl.com if you HAVE to have
   a CD. If you've got patience and a decent connection, Linux can be had
   totally for free.

***********************************************************************
      *** Reader Questions
***********************************************************************

Dave Garn <dgarn@osf1.gmu.edu> wrote:

Greetings.  I just read the comments about WinModems and how they do not
work under Linux.  Last summer I spent waaaay too much time trying to get
one to work.  Needless to say, I couldn't figure it out.  Since you have
alerted us to the fact that these modems do not work under Linux, could
you suggest some good 56K modems that will work with Linux?  Thanks for
the Digest, and the help!

dg

[Ed- Everybody: Feel free to email me with your modem brands/models that
work and don't work under Linux. I'll put together a compilation and send
it out in a future Digest. Good question, dg!]

-----------------------------------------------------------------------

anonymous wrote:

Greetings, I've been reading alot about MAC addresses lately and things
applying to them.  In the next newsletter, could you go over the pourpose
and uses of such and methods of obtaining them? Thanks

-0rthanc

[Ed- A MAC address is a unique ID number assigned to every network card
manufactured. There are a number of reasons for their existence, probably
the most important being the ability to identify a computer on a network
according to this number. Anyone care to elaborate?]

-----------------------------------------------------------------------

Miles Glorious <paroelles@yahoo.com> wrote:

OK, I've read all the digests and followed all the links, so now I
have a question.  According to what I have read, a port scanner ranges
from being impolite to downright illegal.  So, I want to see if port
25 is open, I manually telnet there and see what happens (everyone
seems to agree that this is no problem).  If I write a perl script to
try "x" number of ports and log the results, just how big does "x"
have to be before my scripted port scanner becomes impolite enough to
attract attention? impolite enough to attract active intervention?

[Ed- I really like this question. Please note, however, that a single
telnet into a governmental computer, and you're not authorized to be
there, can be construed as an intrusion attempt. (Don't remember where I
read this, but a govermental official was quoted as saying such) My
opinion on this would be that X would be up to the discretion of the
sysadmin. I'd probably react to more than 5 non-standard port tries from
the same IP. Another person may not think anything of less than 100. Some
people are more cranky than others, depending on what they have (think
they have) on their computers. Further feedback is welcome.]

-----------------------------------------------------------------------

Weng Hong <kuanwh@hpmdm198.mal.hp.com> wrote:

Hi Gurus,

Is there any website that provides tutorials on AWK and SHELL scripting?

Thanks !

[Ed- A perfect example of something that could be found with a minimum of
effort at a search engine. Yahoo.com has a whole section devoted to AWK
alone. Granted most of the information we provide here can be found
elsewhere after some searching, but I don't see any point in reinventing
the wheel.]

-----------------------------------------------------------------------

The Shadow of Emptiness <darkv0id@mailcity.com> wrote:

To whom it may concern,

Do you have any information on how a unix password is encrypted? And is it
possible to decrypt it without using a dictionary maker? Please send me
info on these questions. Thanks.

[Ed- A Unix password is encrypted with NBS DES using a "salt" value. The
algorithm is one-way, so it is impossible to decrypt it directly. Maybe
I'll elaborate more on this later. Until then, "man crypt".]

-----------------------------------------------------------------------

carl shikic <shiki11@yahoo.com> wrote:

Hi there,
In the last editon of the digest you mentioned that you might add C++
corner. I think that is an awesome idea (even for a windows digest as
well) A few issues ago 'netstat' command was mentioned, and my
question is sort of related to that. after (one of the times that) I
issued the command this is what i got:

Active Connections

Proto  Local Address       Foreign Address   State
TCP    default:1035   216.32.73.118:17027   ESTABLISHED
UDP    default:1025           *:*

Since I don't know the process id#, how can I 'kill' just that TCP
connection ( on port 1035 )?Is there a way for me to see what kind of
info is going on through that port? Also what is the meaning of the
UDP protocol being open on port 1025?

Thanks,
Shiki11

[Ed- I can't think of any built-in command to kill a particular TCP
connection. You'd have to be root to do it, too. You can see what's going
on on any connection by installing some sort of packet filtering/logging
utility. TCP Wrappers comes to mind. Without knowing what you're running
on your computer, it's hard for me to say why UDP port 1025 is open. Some
program is listening for incoming UDP packets on that port. Seeing as how
you are probably running some version of Windows, it's probably some
built-in program that Windows started by itself. And no, TCP Wrappers
doesn't work on Windows. (To my knowledge ;)]

***********************************************************************
      *** Reader Submissions
***********************************************************************

nash e. foster <nash@metalab.unc.edu> wrote:

> Jason Penny <j-penny@usa.net> wrote:

> In the last edition of the Happy Hacker, you put in the command
> 'ps -A' in the basic Unix commands section

> The use of the - is deprecated
> I prefer to use the command:
> 'ps afx'

The '-' preceding ps options _is_ deprecated, but only under linux, afaik:

[root@penguin /root]# uname
Linux
[root@penguin /root]# ps -aux
warning: `-' deprecated; use `ps aux', not `ps -aux'
USER       PID %CPU %MEM  SIZE   RSS TTY STAT START   TIME COMMAND
bin        199  0.0  0.5   752   320  ?  S   Feb  3   0:00 portmap 
daemon     233  0.0  0.6   784   404  ?  S   Feb  3   0:00 /usr/sbin/atd 
root         1  0.0  0.6   764   388  ?  S   Feb  3   0:03 init 
[...]

However, under Solaris you are still required to use the '-':

root@monica# uname
SunOS
root@monica# ps aef
usage: ps [ -aAdeflcjLPy ] [ -o format ] [ -t termlist ]
        [ -u userlist ] [ -U userlist ] [ -G grouplist ]
        [ -p proclist ] [ -g pgrplist ] [ -s sidlist ]
  'format' is one or more of:
        user ruser group rgroup uid ruid gid rgid pid ppid pgid sid
        pri opri pcpu pmem vsz rss osz nice class time etime stime
        f s c lwp nlwp psr tty addr wchan fname comm args
[...]

You might want to make note of the fact that the options for Solaris'
(and SysVr4 in general) differ markedly from those implmented with Linux. 
Solaris also provides (for back compat w/SunOS 4.x) a BSD-ish version of
ps that takes a third set of command line options: /usr/ucb/ps.

The standards(5) man page under Solaris is excellent reading for those
wishing to be confused with all the fuss over the c.l.i. 

nash

P.S. I use -A (on Solaris), too.

***********************************************************************
      *** Password files and Shadowing
***********************************************************************

Thanks to Nils van den Heuvel <n.heuvel@wxs.nl> for this good explanation
of password files and shadowing:

A line in the passwd file represents one user.... Such a line is 
formatted in this way in a normal passwd file:

Username:Encrypted Password:UID:GID:GECOS:Home Directory:Shell

The username and the encrypted password speak for itselves... 
The UID is the User ID... It is a number that the user known as 
Username is represented by in the unix system...  The GID is the 
Group ID.... It is the ID specifies the group that Username belongs 
to (like Root or Users)... GECOS sometimes contains additional 
information about Username, like his real name... This field can 
be left blank.... The home directory is the directory that "belongs" to 
Username and it contains things like the logs of what he did (like 
.bash_history in bash) and his documents that he made in PICO 
(yup... flamebait (c)).... The shell is the program that is executed 
after login succesfully authenticated Username.... This can be a 
shell (like bash or csh) or another program (like pppd)....

The passwd file is world-readable, so everybody can get the 
encrypted passwords from a normal passwd file using 'cat' or 
something similar... The passwd file MUST be world readable, 
because some of the programs that are executed by Username 
need to read some information out of this file... 

Like 'ls'.... When it gets the attributes of a file (like size, date it
was  created, the owner, etc.) the owner is not represented by his 
username, but by his UID.... But UID's are not easy to use for 
simple mortals, so it needs to "translate" this UID into the 
Username.... It does this with the help of the passwd file... When 
'ls' gets executed by Username, it gets exactly the same 
permissions as Username himself would have, so if Username 
can't read the passwd file, so can't 'ls'.... So the passwd file must 
be world-readable....

But if you leave the passwd file world-readable, all users would be 
able to read the passwd file and thus also the encrypted 
passwords (remember... the second field)....

Only 'login', 'passwd', 'su' and similar programs need to access 
the password field for authenticating users.... But.... These 
programs are automatically give "special" (superuser-level) 
permissions.... So some very smart people descided to rewrite 
these programs (su, login, etc...) so that they would read the 
password from another file than the passwd file.... This file would 
only contain the encrypted passwords (and some additional 
information).... Then the encrypted password could be deleted 
from the world-readable passwd file (usually accomplished by 
replacing it with a *) and they could be moved to the special file 
that could only be read by root and the special programs (login, 
etc...)

This way programs (and users ) with "normal" privileges could still 
read the passwd file and get the information they needed, but they 
would not be able to read the encrypted passwords that they don't 
need to have anyway... And the special file (called the shadowed 
password file) with the encrypted passwords could only be 
accesible by root and the "special" programs...

If you don't understand a word of what I say then please start 
reading about unix (and get a shell-account or something) and get 
some experience before trying to understand things like the 
password file and shadowing.....

Nils

***********************************************************************
      *** Shells
***********************************************************************

redpoint <redpoint@gte.net> wrote:

Dear unixeditor,
What are the advantages, or disadvantages, of the different shells
available in Unix, specifically on koan?  I am assuming that they 
offer different commands or different options, but I could be wrong.
I don't know much about Unix as it is so please give me a simple  
explaination of what shells are first.  
      Thank you,
      redpoint@gte.net

[Ed- Excellent question! I'll try to answer it simply, then expand upon it
a little more. A fair chunk of my information came from SAMS' "Unix
Unleashed, System Administrator's Edition" put into my own words. You can
read a copy of this book for free at www.mcp.com (click on personal
bookshelf)]

What is a Shell?

A shell is really a user's interface to the operating system. That is, a
user (you) types commands to the computer through your keyboard, which the
shell interprets and handles accordingly by running a program, displaying
something to your screen, or making a sound. Shells can be as spartan or
as grandiose as the programmer wants. One masochistic person may want
their UNIX box have a MS-DOS look, in which case, there is a shell for
them, too. At their roots, all shells are the same, parsing input from the
user and doing something with it. Which one you choose is largely
dependent on which one you have experience with and which one provides the
features you like. Personally, I'm a fan of tcsh. No flames please, I'm
just trying to give a quick impartial overview of the shells, not to pick
favorites.

Some shells specialize in convenience features, while others aim for a
rich scripting language. Scripts allow you to execute many shell commands
in a row, similar to a DOS batch file. (ack!) Convenience features include
such things as filename completion and wildcards. Still other shells
strive for simplicity and small size. Here's a listing of some of the more
common shells and their notable features, in alphabetical order: 

Bourne Shell
The Bourne shell is probably the simplest of the shells listed here, since
it's the simplest. However, there's not much in the convenience features
department. One plus to this shell is that it's available on nearly every
UNIX flavor. Since the other shells provide what Bourne does, and then
some, this isn't the most popular. It may be located in /usr/bin/old/sh 
[NOTE- It isn't on my Debian Linux box, but it is on my Solaris box]

Bourne Again Shell
This is the GNU project's shell, which is mostly a descendant of the Korn
shell. It has a large number of features, and may be somewhat difficult to
work with at first (the man page is ~5000 lines long) if you try to learn
all the features, which not only derives from Korn, but also from the C
Shell. In Linux, it's generally located in /bin/bash and is the default.

C Shell
This is the precursor to the TC shell and not much more complex than the
Boure Shell. It also has quite a different feel than Bourne. Some of its
features are awkward and poorly documented, so it may be somewhat
difficult to get started with this one. It does provide command and
filename completion, however, and some like its wildcards better than
Korn's. It's also not very portable, but it is a step up from Bourne.

Korn Shell
A fairly average shell, the Korn shell provides most of the C shell's
features in an evironment similar to the Bourne shell. Korn does provide
filename completion (in two keystrokes), but not command completion. It's
fairly portable and is located in /usr/bin/ksh in Linux. It is a decent
choice for beginners, but doesn't have some of the Bourne Again Shell's
extra features.

POSIX Shell
This shell is very similar to the Korn shell, however this shell is
standardized unlike the Korn shell. It is a superset of the Bourne shell,
but has fewer extras than the Bourne Again or Z shells. The POSIX shell is
normally located in /bin/sh.

TC Shell
TC is an extension of the C shell, sporting hostname and variable
completion, as well as a host of other features. It also offers
customizable completion, which may be difficult to learn. If you've used
the C shell, it's fairly simple to migrate to TC, picking up new features
along the way. It does many things rather well, and has many extras,
however the fact that there's so much to it may make it more difficult to
learn for some. Oh yeah, it's in /usr/bin/tcsh.

Z Shell
This shell is for people who want everything. It makes for a rather large
binary, but it is still a well-designed shell. It's probably impossible to
learn all of the features that Z provides. Plenty of support for
completion, spelling correction, shortcuts, and recursive directory
searches is provided. It's fairly easy to move from any other shell to Z
due to its ability to emulate most shells. It's not included on as many
systems as the others listed. Check http://sunsite.auc.dk/zsh/ for more
zsh info and downloads.

If there's something I neglected to cover, please let me know, and I'll
consider making a Part II to this intro.

***********************************************************************
      *** You mean there's MORE UNIX commands?
***********************************************************************

Yes, I really do. And I really have no intention of listing them all here.
I'm going to make this the last digest with a list of commands, unless you
guys (and gals) really want them. Occasionally I'll add a feature on a
certain useful command and go in-depth with it, but other than that, this
is it.

which - Locate a command

shutdown - Bring the system down

cmp - Compare two files

touch - Change file timestamps/create empty file

find - Search for files in a directory hierarchy

file - Determine file type

vi - A text editor

at - Queue jobs for later execution

uptime - Tell how long the system has been running

bc - An arbitrary precision calculator language

echo "2 + 4" | bc
This calculates the string "2 + 4" and prints the result to your screen

***********************************************************************
      *** Next Issue
***********************************************************************

More Buffer Overflows (postponed)

***********************************************************************
_______________________________________________________________________

   
 

This is a list devoted to *legal* hacking! If you plan to use any
information in this Digest or at our Web site to commit crime, go away!
Foo on you! Don't email us bragging about any crimes you may have committed.
We mean it. 

For Windows questions, email keydet89@yahoo.com or editor@cmeinel.com
For Unix questions, contact unixeditor@cmeinel.com.
For Macs, email Strider <s.corinth@iname.com> 

Happy Hacker staff: Unix editor, <unixeditor@cmeinel.com>;
Windows editor, Keydet89 <editor@cmeinel.com>; postmasters Jonathan D.
Zerulik and William Lewis <>; Hacker Wargame Director,
Vincent Larsen <vincent@sage-inc.com>; Wargame Sysadmin, Satori
<Satori@rt66.com>; Clown Princess: Carolyn Meinel <>

Happy Hacker is a 501 (c) (3) tax deductible organization 
in the United States operating under Shepherd's Fold Ministries. Yes! 
This is all a plot to save your immortal souls!

 © 2013 Happy Hacker All rights reserved.