Copy Link
Add to Bookmark
Report
Phruwt Issue 02 004
_____________________________________________________________________
HOW TO GAIN ACCESS
_____________________________________________________________________
Hello everybody, this file is gonna be all about how to BRUTE FORCE hack your
way into a system, be it UNIX, DOS, or MAC. The concept of a BF hack is
simple, you just guess passwords till something works. This sounds very
complicated but its really not. Its said that 9 out of 10 users use an
insecure password, like something that isnt totaly obscure like: j63egFd63 or
something along those lines. What this means is that they probably have
used something like there name, or dogs name or cats name or moms name or
something like that. If thats the case them its not gonna be that hard
especialy if you know the person. Well lets get started...
____
UNIX
____
Alot of UNIX sysadmins have not bothered to remove the default password from
the system. This is an obvoious loophole for the hacker to exploit. I suggest
you go and try this before you continue on reading, it could save you alot of
time and trouble later. Assuming that the default passwords dont work, you can
try and gather info about ceratin users by use of the FINGER command. I use
finger almost daily to gather info about potential sites and potential victims.
You should first finger the site (finger @this.site) and see who's logged on.
If the sysadm is there then dont bother cause you could get cought and that
wouldn't be very good. Well assuming that he's not there you now have a list
of users online. Pick one and finger him or her (finger user@this.site) and
see what kind of info you can find out.
Write down the users real first and last names and anything else you find
handy like when they last logged in and from where (this could possibly be of
some use to you). Now all you gotta do is telnet to that site and try and
login as that person. try there first name as the password, try there user
name and try there last name. If none of these work, its time to get ugly
(this is optional, it might or might not work).
e-mail the person. ask them a question or something, say you say there name
somewhere and you were wondering if they could help you. Ask them all kinds
of questions that reveal little things about them, but never quite give away
what your after. What you wanna do is see if you can get them to spill what
there password is or give you some info so you can make a more educated guess
at it. DO NOT just come right out and say "hey whats your password?" thats
only gonna get you busted. If they ignore you, just forget about it..try
somebody else...If you find a stupid user this might just work.
another thing you can do is hunt down one of those "specialty crackers" like
Crack or CrackerJack or something and use those if you actully physicly have
the password file. Just copy the user you wanna crack into a seperate file and
just throw dictonary after dictonary at it to see if you can breal it.
Though IMHO this kinda takes the phun out of the whole thing.
_________
AOL
_________
This is a good thing to try to get AOLers to give you there passwords. This
used to work but i dont think it will anymore. If you have an AOL account
(yick) then your half done already, if you dont, i suggest you get one unless
you know how to forge mail and get it sent back to you insted of the finger.
Well if you have an AOL account just goto the make new screen name option and
make a name like "Security" or "System023" or "AFG MIKE" (note if they see
something with AF infront of it there probably gonna think your a forum admin
or something so they might trust you more) or anything along these lines will
work. all you gotta go is make it look like YOUR the system or a sysadmin
there at least.
Now go to teen chat or something and look around, be sure there are NO real
guides in the room or in any of the near by rooms, as this could mean bad
luck for you. I suggest that you use the "look" option or what ever its
called that lets you view who's in the room before you do anything.
Pick a user from the list of people there, send them a instant message. Ask
them if they have had any trouble with there login's lately or if there account
has been acting funny lately. If they say no, just go "OK thanks." and leave.
If they say yes, say something that people have been trying to hack certain
users accounts and that you noticed in the logs (or something like that) that
there were 22 unsucessful logins on there account. Ask them if there password
is something obvious and simple like there name. If they say yes, tell them
that they should probably change it to something more secure. you may be
asking "Why would i wanna tell them to do that?" well its simple, you wnat
them to TRUST you, thats the key. Tell them that they should wait a few days
before changing it because the system is being updated and that all changes
could possibly be lost. Well if you've been successful you know that
KRADD00DZ password is probably his name. So look him up, find out his name
and then logoff. Call back with his name and see if it worked. If it did,
logoff quickly. Erase your copy of the AOL software.
Now for the phun part, re-insatll the AOL software and login as a new user.
You will be asked if your updating your software or something, way yeah and
then it will ask for your user name and password. Enter HIS and BOOM you've
got free AOL. Now all you gotta do is make a new screen name called what
ever you want and just use that till hell freezes over if you want and
KRAD00DZ is gonna pay for it...
____________
BBS's
____________
This is basically the same as how to hack unix by BF, but with a twist.
Pretend to be the user. If the sysop trust that user he probably wont ask
you when you tell him you forgot your password to your account. This happened
to me. I was hella good friends with the sysop of a board and someguy called
up and pretended to be me. well the sysop chatted him when he couldnt
login right and asked him (me) what was wrong. He said he forgot the
password an the sysop told him. Well he went right on in and changed my
password and fucked with my account. He had total access to the board and
all he did was ask for the password.
This is really rare if it happens at all. you could always try guest/guest
and see if you get in cause alot of k-rad 3l33t3 (thats so kewl looking)
boards have NUP and stuff. Well if guest/guest works, see if you can list
the users. write down a few names and just try and guess your way in or try
and BS the sysop.
Another idea is to login as guest and say you forgot your password. This
works to. If it happens to be one of your friends that your trying to hack
or you know something about the person you should be able to BS the sysop
into telling it to you.
__________________
Macintosh w/AtEase
__________________
Don't you hate that annoying thing they call "AtEase?" If you ask me its
alot harder to use your computer with that crap installed than when its
not present. Well hacking AtEase is a problem nolonger. If you missed issue
#1 you can find a file called DisEase in BinHqx.Sit form in it. Use this with
a systems disk and your gonna be just fine. It forces AtEase to quit via
AppleScript events.
__________________
Macintosh Password
__________________
Almost any password protecter can be gotten around with the simple use of
a systems disk. All you need is a finder, a system and a few empty folders:
System Disk:
system folder (system,finder)
extentions folder (empty)
prefenreces folder (empty)
control pannels folder (empty)
applemenu items (empty)
thats all. You can just use the DiskTools disk from your system software,
just ditch apple diak aid and the other crap on it.
If you just boot up off of this, the system can't usealy access the password
files because there in the startup folder on the HD, but sence your not
using the HD, they wont be used either.
If this works, now just go and delete all the password stuff and restart
the computer. BOOM full access with out the use of a systems disk for one
and all.
_______________________
Keystroke Loging
_______________________
This is another way to get peoples passwds. Use a keystoke logger like
OASIS. Just put it on your victims computer when there not looking and come
back later and read the log file and get there passwords.
It works like this:
If your like me and you just turn on your computer and open the term program
and start modeming then your gonna get cought by this very easily. What it
does is it records keystrokes. not only will you get passwds but you'll also
get phone numbers, credit card numbers (if there siging up for AOL or
something lame like that) even bank account numbers if your lucky. This is
a invaluable tool, and it works so nonchaltly too. it logs everything to an
innocent looking file in the system called log file. it will look even less
suspicous if the person has virus protection stuff because you can just tell
them that its from that or something lame like that.
This may sound too simple but believe me it works. i put it on my moms office
computer and got her i-net accounts password from it.
______________________
Shareware Cracking
______________________
This worked for me once:
Take a utility like CanOpener and look at the file. you will see a thing
called text. open that resource up and brose through it. if your lucky you
might come across a string of numbers or a funky word or something that could
possibly be the passwd of the file. copy this word and paste it into the
register blank for the file, you may get lucky and have found the passwd and
not have to pay the lame shareware fee.
---------------------------------------------------------------------
hope this helps anybody out there....lemme know.
---------------------------------------------------------------------
filbert:
PHRuWT editor PHi/pHHG/ filbert@netcom.com co-sysop Phruwt Tree BBS
---------------------------------------------------------------------
