GUIDE TO (mostly) HARMLESS HACKING

Beginners� Series #3 Part 2

How to Get a Good Shell Account



In this section you will learn:

� how to explore your shell account

� Ten Meinel Hall of Fame Shell Account Exploration Tools

� how to decide whether your shell account is any good for hacking

� Ten Meinel Hall of Fame LAN and Internet Exploration Tools

� Meinel Hall of Infamy Top Five Ways to Get Kicked out of Your Shell Account


How to Explore Your Shell Account

So you�re in your shell account. You�ve tried the �ls -alF� command and are

pretty sure this really, truly is a shell account. What do you do next?

A good place to start is to find out what kind of shell you have. There are

many shells, each of which has slightly different ways of working. To do

this, at your prompt give the command �echo $SHELL.� Be sure to type in the

same lower case and upper case letters. If you were to give the command

�ECHO $shell,� for example, this command won�t work.

If you get the response:

/bin/sh

That means you have the Bourne shell.

If you get:

/bin/bash

Then you are in the Bourne Again (bash) shell.

If you get:

/bin/ksh 

You have the Korn shell.

If the �echo $SHELL� command doesn�t work, try the command �echo $shell,�

remembering to use lower case for �shell.� This will likely get you the answer:

/bin/csh

This means you have the C shell.

Why is it important to know which shell you have? For right now, you�ll want

a shell that is easy to use. For example, when you make a mistake in typing,

it�s nice to hit the backspace key and not see ^H^H^H on your screen. Later,

though, for running those super hacker exploits, the C shell may be better

for you.

Fortunately, you may not be stuck with whatever shell you have when you log

in. If your shell account is any good, you will have a choice of shells.

Trust me, if you are a beginner, you will find bash to be the easiest shell

to use. You may be able to get the bash shell by simply typing the word

�bash� at the prompt. If this doesn�t work, ask tech support at your ISP for

a shell account set up to use bash. A great book on using the bash shell is

Learning the Bash Shell, by Cameron Newham and Bill Rosenblatt, published

by O�Reilly.

If you want to find out what other shells you have the right to use, try

�csh� to get the C shell; �ksh� to get the Korn shell, �sh� for Bourne

shell, �tcsh� for the Tcsh shell, and �zsh� for the Zsh shell. If you don�t

have one of them, when you give the command to get into that shell you will

get back the answer �command not found.�

Now that you have chosen your shell, the next thing is to explore. See what

riches your ISP has allowed you to use. For that you will want to learn, and

I mean really learn your most important Unix commands and auxiliary

programs. Because I am supreme arbiter of what goes into these Guides, I get

to decide what the most important commands are. Hmm, �ten� sounds like a

famous number. So you�re going to get the:

Ten Meinel Hall of Fame Shell Account Exploration Tools

  1. man

This magic command brings up the online Unix manual. Use it on each of the

commands below, today! Wonder what all the man command options are? Try the

"man -k" option.

  1. ls

Lists files. Jericho suggests �Get people in the habit of using "ls -alF".

This will come into play down

the road for security-conscious users.� You�ll see a huge list of files that

you can�t see with the �ls� command alone, and lots of details. If you see

such a long list of files that they scroll off the terminal screen, one way

to solve the problem is to use �ls -alF|more.�

  1. pwd

Shows what directory you are in.

  1. cd

Changes directories. Kewl directories to check out include /usr, /bin and

/etc. For laughs, jericho suggests exploring in /tmp.

  1. more

This shows the contents of text files. Also you might be able to find �less�

and �cat� which are similar commands.

  1. whereis

Think there might be a nifty program hidden somewhere? Maybe a game you

love? This will find it for you. Similar commands are �find� and �locate.�

Try them all for extra fun.

  1. vi

An editing program. You�ll need it to make your own files and when you start

programming while in your shell account. You can use it to write a really

lurid file for people to read when they finger you. Or try �emacs.� It�s

another editing program and IMHO more fun than vi. Other editing programs

you may find include �ed� (an ancient editing program which I have used to

write thousands of lines of Fortran 77 code), �ex,� �fmt,� �gmacs,�

�gnuemacs,� and �pico.�

  1. grep

Extracts information from files, especially useful for seeing what�s in

syslog and shell log files. Similar commands are �egrep,� �fgrep,� and �look.�

  1. chmod

Change file permissions.

  1. rm

Delete file. If you have this command you should also find �cp� for copy

file, and �mv� for move file.

How to Tell Whether Your Shell Account Is any Good for Hacking

Alas, not all shell accounts are created equal. Your ISP may have decided

to cripple your budding hacker career by forbidding your access to

important tools. But you absolutely must have access to the top ten tools

listed above. In addition, you will need tools to explore both your ISP�s

local area network (LAN) and the Internet. So in the spirit of being Supreme

Arbiter of Haxor Kewl, here are my:

Ten Meinel Hall of Fame LAN and Internet Exploration Tools

  1. telnet

If your shell account won�t let you telnet into any port you want either on

its LAN or the Internet, you are totally crippled as a hacker. Dump your ISP

now!

  1. who

Shows you who else is currently logged in on your ISP�s LAN. Other good

commands to explore the other users on your LAN are �w,� �rwho, � �users.�

  1. netstat

All sorts of statistics on your LAN, including all Internet connections. For

real fun, try �netstat -r� to see the kernel routing table. However, jericho

warns �Be careful. I was teaching a friend the basics of summing up a Unix

system and I told her to do that and �ifconfig�. She was booted off the system

the next day for �hacker suspicion� even though both are legitimate commands

for users.�

  1. whois

Get lots of information on Internet hosts outside you LAN.

  1. nslookup

Get a whole bunch more information on other Internet hosts.

  1. dig

Even more info on other Internet hosts. Nslookup and dig are not redundant.

Try to get a shell account that lets you use both.

  1. finger

Not only can you use finger inside your LAN. It will sometimes get you

valuable information about users on other Internet hosts.

  1. ping

Find out if a distant computer is alive and run diagnostic tests -- or just

plain be a meanie and clobber people with pings. (I strongly advise

  1. traceroute

Kind of like ping with attitude. Maps Internet connections, reveals routers

and boxes running firewalls.

  1. ftp

Use it to upload and download files to and from other computers.

If you have all these tools, you�re in great shape to begin your hacking

career. Stay with your ISP. Treat it well.

Once you get your shell account, you will probably want to supplement the

�man� command with a good Unix book . Jericho recommends _Unix in a

Nutshell_ published by O'Reilly. "It is the ultimate Unix command reference,

and only costs 10 bucks. O'Reilly r00lz."

How to Keep from Losing Your Shell Account

So now you have a hacker�s dream, an account on a powerful computer running

Unix. How do you keep this dream account? If you are a hacker, that is not

so easy. The problem is that you have no right to keep that account. You can

be kicked off for suspicion of being a bad guy, or even if you become

inconvenient, at the whim of the owners.

Meinel Hall �O Infamy

Top Five Ways to Get Kicked out of Your Shell Account

  1. Abusing Your ISP

Let�s say you are reading Bugtraq and you see some code for a new way to

break into a computer. Panting with excitement, you run emacs and paste in

the code. You fix up the purposely crippled stuff someone put in to keep

total idiots from running it. You tweak it until it runs under your flavor

of Unix. You compile and run the program against your own ISP. It works! You

are looking at that �#� prompt and jumping up and down yelling �I got root!

I got root!� You have lost your hacker virginity, you brilliant dude, you!

Only, next time you go to log in, your password doesn�t work. You have been

booted off your ISP. NEVER, NEVER ABUSE YOUR OWN ISP!

You can go to jail warning: Of course, if you want to break into another

computer, you must have the permission of the owner. Otherwise you are

breaking the law.

  1. Ping Abuse.

Another temptation is to use the powerful Internet connection of your shell

account (usually a T1 or T3) to ping the crap out of the people you don�t

like. This is especially common on Internet Relay Chat. Thinking of ICBMing

or nuking that dork? Resist the temptation to abuse ping or any other

Internet Control Message Protocol attacks. Use ping only as a diagnostic

tool, OK? Please? Or else!

  1. Excessive Port Surfing

Port surfing is telnetting to a specific port on another computer. Usually

you are OK if you just briefly visit another computer via telnet, and don�t

go any further than what that port offers to the casual visitor. But if you

keep on probing and playing with another computer, the sysadmin at the

target computer will probably email your sysadmin records of your little

visits. (These records of port visits are stored in �messages,� and

sometimes in �syslog� depending on the configuration of your target computer

-- and assuming it is a Unix system.)

Even if no one complains about you, some sysadmins habitually check the

shell log files that keep a record of everything you or any other user on

the system has been doing in their shells. If your sysadmin sees a pattern

of excessive attention to one or a few computers, he or she may assume you

are plotting a break-in. Boom, your password is dead.

  1. Running Suspicious Programs

If you run a program whose primary use is as a tool to commit computer

crime, you are likely to get kicked off your ISP. For example, many ISPs

have a monitoring system that detects the use of the program SATAN. Run

SATAN from your shell account and you are history.

Newbie note: SATAN stands for Security Administration Tool for Analyzing

Networks. It basically works by telnetting to one port after another of the

victim computer. It determines what program (daemon) is running on each

port, and figures out whether that daemon has a vulnerability that can be

used to break into that computer. SATAN can be used by a sysadmin to figure

out how to make his or her computer safe. Or it may be just as easily used

by a computer criminal to break into someone else�s computer.

  1. Storing Suspicious Programs

It�s nice to think that the owners of your ISP mind their own business. But

they don�t. They snoop in the directories of their users. They laugh at your

email. OK, maybe they are really high-minded and resist the temptation to

snoop in your email. But chances are high that they will snoop in your shell

log files that record every keystroke you make while in your shell account.

If they don�t like what they see, next they will be prowling your program files.

One solution to this problem is to give your evil hacker tools innocuous

names. For example, you could rename SATAN to ANGEL. But your sysdamin may

try running your programs to see what they do. If any of your programs turn

out to be commonly used to commit computer crimes, you are history.

Wait, wait, you are saying. Why get a shell account if I can get kicked out

even for legal, innocuous hacking? After all, SATAN is legal to use. In

fact, you can learn lots of neat stuff with SATAN. Most hacker tools, even

if they are primarily used to commit crimes, are also educational. Certainly

if you want to become a sysadmin someday you will need to learn how these

programs work.

Sigh, you may as well learn the truth. Shell accounts are kind of like

hacker training wheels. They are OK for beginner stuff. But to become a

serious hacker, you either need to find an ISP run by hackers who will

accept you and let you do all sorts of suspicious things right under their

nose. Yeah, sure. Or you can install some form of Unix on your home

computer. But that�s another Guide to (mostly) Harmless Hacking (Vol. 2

Number 2: Linux!).

If you have Unix on your home computer and use a PPP connection to get into

the Internet, your ISP is much less likely to snoop on you. Or try making

friends with your sysadmin and explaining what you are doing. Who knows, you

may end up working for your ISP!

In the meantime, you can use your shell account to practice just about

anything Unixy that won�t make your sysadmin go ballistic.

Would you like a shell account that runs industrial strength Linux -- with

no commands censored? Want to be able to look at the router tables, port

surf all.net, and keep SATAN in your home directory without getting kicked

out for suspicion of hacking? Do you want to be able to telnet in on ssh

(secure shell)so no one can sniff your password? Are you willing to pay $30

per month for unlimited access to this hacker playground? How about a seven

day free trial account? Email haxorshell@techbroker.com for details.

In case you were wondering about all the input from jericho in this Guide,

yes, he was quite helpful in reviewing this and making suggestions. Jericho

is a security consultant and also runs his own Internet host,

obscure.sekurity.org. Thank you, jericho@dimensional.com, and happy hacking!


Want to see back issues of Guide to (mostly) Harmless Hacking? See either

http://www.cs.utexas.edu/users/matt/hh.html (the official Happy Hacker

archive site)

http://www.geocities.com/TimesSquare/Arcade/4594

http://www.silitoad.org

http://base.kinetik.org

http://www.anet-chi.com/~dsweir

http://www.tacd.com/zines/gtmhh/

http://ra.nilenet.com/~mjl/hacks/codez.htm

http://www.ilf.net/brotherhood/index2.html

Subscribe to our discussion list by emailing to hacker@techbroker.com with

message "subscribe"

Want to share some kewl stuph with the Happy Hacker list? Correct mistakes?

Send your messages to hacker@techbroker.com. To send me confidential email

(please, no discussions of illegal activities) use cmeinel@techbroker.com

and be sure to state in your message that you want me to keep this

confidential. If you wish your message posted anonymously, please say so!

Direct flames to dev/null@techbroker.com. Happy hacking!

Copyright 1997 Carolyn P. Meinel. You may forward or post this GUIDE TO

(mostly) HARMLESS HACKING on your Web site as long as you leave this notice

at the end.


Carolyn Meinel

M/B Research -- The Technology Brokers

Proxy Information
Original URL
gemini://theparanoidtimes.org/serve/gtmhh/gtmhh-bs32.txt
Status Code
Success (20)
Meta
text/plain; charset=utf-8
Capsule Response Time
184.321682 milliseconds
Gemini-to-HTML Time
3.853364 milliseconds

This content has been proxied by September (ba2dc).