boz2: lazy admins and free accounts
okay.. ever wonder how many users that isp has? and what are their names? if the isp is running netscape enterprise server you may be in luck.. heres the deal.. in trying to keep a server secure the isp or server admin will limit access to certain directories.. one of which contains the passwd file. now if the admin is in a hurry and he just takes the default settings then this will work. and just so you know usually these are shadowed so dont think you hit the big one if you get the passwd but it will usually have a list of all the users real names.. home directories .. and user names.. pick your target.. scan that bastard.. ( yaps, haktek, 7th sphere port scan ) look for anything with the server name.. hopefully youll see an enterprise somewhere.. if not hey try it anyway you never know.. obtain an account use your brain.. one account how hard can it be? open up your favorite browser.. ( i did it with i e 3.02 ) and type this..
ftp://user:pass@ftp.victim.com/
with any luck youll be at the root directory on the server.. now dont get cocky.. all you can do is read.. but take a good look around youll find the log files.. which will be around 20 or 30 megs but hey if your pretty nosy download them.. maybe youll find some new friends.. the passwd file will be in the etc directory.. and since this will be logged i strongly reccomend using an account that cannot be traced back to you in any way.. and as long as the isp is damn busy then just dial-in anonymously.. too many users and calls for them to track that shit down they dont have the time or the resources.. besides its not like your transferring 3million into a swiss bank account. and if you have a laptop i reccomend visiting the phonelines of your favorite local restaurant after hours.. lets see those bastards track that down..
the passwd file is gonna look somthing like this..
dhegstad:x:2930:20:don hegstad:/usr/home/dhegstad:/dev/null
first word is the user name.. x is the shadowed password.. ignore the next few numbers .. then the users real name.. and thier home directory. use your imagination from there.. good luck and just coincidentally if you have a little extra time on your hands edit the passwd file changing the users names to email address user@victim.com and you now have a list to mail every user on the system with faked mail saying your the admin.. really good for wreaking havoc.. like mail everyone saying that the isp is going to be down for a week.. instant chaos.. or hey send everybody your favorite trojan.. or if you really want to get those bitches riled up send a java bomb (open up shitloads of browsers) so many ideas so little time.. alright im outta here.. good luck and remember .. a good isp is an isp worth fucking with.. have a suckass day and thank you for flying trans continental blizzard.
